strazzere

aws ec2 describe-images --region us-gov-west-1 \                                                            ⇣62.5 KiB/s ⇡4.33 KiB/s 192.168.1.140   98.97.58.200   96%   150 Mbps  
 --filters "Name=name,Values=ubuntu-*-amd64*" \
 --query 'Images[*].[ImageId,CreationDate]' --output text \
  | sort -k2 -r \
  | head

strazzere

#!/usr/bin/python
#
#
# Decompling something being loaded in through powershell
#
#
# diff <diff@sentinalone.com>
#

#

strazzere

package main

import (
	"fmt"
)

func test() []*int {
	ints := []int{1, 2, 3, 4, 5}
	var newInts []*int

strazzere

The original issue was that some applications (ex. packers) launch the JNI/native code too fast for a person
 to attach an IDA Pro instance to the process. The original solution was wrapping the jni code with your own
 "surrogate" application so you could load it slower.

New process is to launch the Android/Dalvik activity with the debugger flag;
# adb shell am start -D com.play.goo_w/com.android.netservice.MainActivity

Which will cause the "Waiting for debugger..." mode to start. This starts the process, allowing you to
attach IDA Pro to the process for the native code.

strazzere

package:/data/app/org.prowl.torquescan-1/base.apk=org.prowl.torquescan
package:/system/priv-app/FontServer/FontServer.apk=com.hy.system.fontserver
package:/system/priv-app/LGStartupwizard/LGStartupwizard.apk=com.android.LGSetupWizard
package:/system/priv-app/LGVidClip/LGVidClip.apk=com.lge.videotool
package:/system/app/RootPA/RootPA.apk=com.gd.mobicore.pa
package:/data/app/com.google.android.youtube-1/base.apk=com.google.android.youtube
package:/system/app/LGWeatherService/LGWeatherService.apk=com.lge.sizechangable.weather.platform
package:/system/priv-app/LGTelephonyProvider/LGTelephonyProvider.apk=com.android.providers.telephony
package:/data/app/com.onelouder.baconreader-1/base.apk=com.onelouder.baconreader
package:/data/app/com.google.android.googlequicksearchbox-1/base.apk=com.google.android.googlequicksearchbox

strazzere

#!/bin/bash
# quick and dirty bash script to extract .gnu_debugdata section
# from ELF binaries to generate an IDC script that adds these
# names as symbols
# --rpw, 2020-06-21

SYMBOLFILE=debugdata_symbols.elf

if [ $# -lt 1 ]; then
	echo "you need to supply a path to a binary"

strazzere

#!/usr/bin/env python
# fsck secneo

from __future__ import print_function
from unicorn import *
from unicorn.arm_const import *
from capstone import *
import binascii

DEBUG = False

strazzere

antistatic/spinnerwheel/AbstractWheel$1
antistatic/spinnerwheel/AbstractWheel$2
antistatic/spinnerwheel/AbstractWheel$3
antistatic/spinnerwheel/AbstractWheel$SavedState
antistatic/spinnerwheel/g$1
antistatic/spinnerwheel/g$2
bolts/AndroidExecutors$UIThreadExecutor
bolts/BoltsExecutors$ImmediateExecutor
bolts/CancellationTokenSource$1
bolts/Task$10

strazzere

package main

import (
	"fmt"
	"net"
	"os"
	"sync"
	"time"
)

strazzere

#!/usr/bin/env python
# diff

from __future__ import print_function
from unicorn import *
from unicorn.arm_const import *
import binascii
import sys
# code to be emulated