Skip to content

Instantly share code, notes, and snippets.

vient vient

Block or report user

Report or block vient

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@vient
vient / flair.py
Created May 22, 2020
IDA FLAIR helper, pass a path to directory with (Boost) libs
View flair.py
import os
import sys
FLAIR_DIR = r'D:\work\ida\7.5\flair75\bin\win'
PCF = os.path.join(FLAIR_DIR, "pcf.exe")
SIGMAKE = os.path.join(FLAIR_DIR, "sigmake.exe")
def boost_lib_to_desc(lib):
assert 'mt-x' in lib, 'Only /MT libs'
tokens = lib.split('.')[0].split('-')
@vient
vient / shellcode.s
Created May 18, 2020
Cursed/Blursed defcon 2020
View shellcode.s
.intel_syntax noprefix
.code64
begin:
lea r8, [rip+begin]
lea r9, [rip+spinlock]
mov r10, 0xF0
# save shellcode to the stack
@vient
vient / goodname.cfg
Created Apr 16, 2020
IDA stuff
View goodname.cfg
////////////////////////
// USER DEFINED RULES //
////////////////////////
// MFC/ATL strings
R9000 : { ptn : "CStringT<char,\\s*StrTraitMFC(_DLL)?<char,\\s*(ATL::)?ChTraits(CRT|OS)<char>>>", rpl : "CStringA" },
R9001 : { ptn : "CStringT<wchar_t,\\s*StrTraitMFC(_DLL)?<wchar_t,\\s*(ATL::)?ChTraits(CRT|OS)<wchar_t>>>", rpl : "CStringW" },
R9002 : { ptn : "CStringT<char,\\s*StrTraitATL(_DLL)?<char,\\s*(ATL::)?ChTraits(CRT|OS)<char>>>", rpl : "CAtlStringA" },
R9003 : { ptn : "CStringT<wchar_t,\\s*StrTraitATL(_DLL)?<wchar_t,\\s*(ATL::)?ChTraits(CRT|OS)<wchar_t>>>", rpl : "CAtlStringW" }
@vient
vient / kek.cpp
Created Feb 19, 2020
View kek.cpp
#include <iostream>
int main() {
for (size_t i = 1; i < 0x100000000ull; ++i) {
bool ok = true;
bool was[32] = { false };
for (int j = 1; j <= 32 && ok; ++j) {
auto x = (1ull << j) - 1;
auto res = static_cast<uint32_t>(x * i) >> 27;
ok &= !was[res];
@vient
vient / bot.py
Last active Jul 22, 2019
cybrics game solution
View bot.py
#!/usr/bin/env python2
from pwn import *
import os
class Room:
def __init__(self, data=None):
self.dimX = None
self.dimY = None
self.player = None
self.flag = None
@vient
vient / _solve.cpp
Created Mar 25, 2019
0CTF/TCTF 2019 Quals: Sixology solution
View _solve.cpp
#include <cstdio>
#include <cstring>
#include <cstdlib>
#include <vector>
#include <string>
#include <iostream>
#include <iomanip>
uint64_t arr0[] = {
0xFA730603, 0xF8084C29, 0xF4290A55, 0xF17A02CD,
@vient
vient / exploit.py
Created Jun 8, 2018
FAUST CTF 2018 "Diagon Alley" exploit
View exploit.py
#!/usr/bin/env python
import sys
import struct
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_OAEP
from pwn import *
@vient
vient / client.py
Created Jun 1, 2018
diagon_alley
View client.py
#!/usr/bin/env python
import sys
import struct
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_OAEP
from pwn import *
@vient
vient / babyre.md
Last active May 21, 2018
RCTF 2018 writeups
View babyre.md

Binary file is encrypting string by using a function on each char that produces int (as seen in sub_80488E0, sub_804868B). This encryption is not chained so we can pass every character to binary, get them encrypted and use them as reference to decode out file.

@vient
vient / solve.py
Created Apr 2, 2018
0ctf 2018 quals "udp" solution
View solve.py
import sys
import pprint
import struct
TABLE_SIZE = 4000
table = [[]]
iterators = []
locks = set()
def request(cur=0, path_diff=2**64):
You can’t perform that action at this time.