Skip to content

Instantly share code, notes, and snippets.

View vient's full-sized avatar

vient vient

21 followers · 4 following
View GitHub Profile
@vient
vient / babyre.md
Last active May 21, 2018 21:02
RCTF 2018 writeups

Binary file is encrypting string by using a function on each char that produces int (as seen in sub_80488E0, sub_804868B). This encryption is not chained so we can pass every character to binary, get them encrypted and use them as reference to decode out file.

@vient
vient / client.py
Created June 1, 2018 23:47
diagon_alley
#!/usr/bin/env python
import sys
import struct
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_OAEP
from pwn import *
@vient
vient / exploit.py
Created June 8, 2018 14:22
FAUST CTF 2018 "Diagon Alley" exploit
#!/usr/bin/env python
import sys
import struct
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_OAEP
from pwn import *
@vient
vient / _solve.cpp
Created March 25, 2019 22:57
0CTF/TCTF 2019 Quals: Sixology solution
#include <cstdio>
#include <cstring>
#include <cstdlib>
#include <vector>
#include <string>
#include <iostream>
#include <iomanip>
uint64_t arr0[] = {
0xFA730603, 0xF8084C29, 0xF4290A55, 0xF17A02CD,
@vient
vient / bot.py
Last active July 22, 2019 12:53
cybrics game solution
#!/usr/bin/env python2
from pwn import *
import os
class Room:
def __init__(self, data=None):
self.dimX = None
self.dimY = None
self.player = None
self.flag = None
@vient
vient / kek.cpp
Created February 19, 2020 00:08
#include <iostream>
int main() {
for (size_t i = 1; i < 0x100000000ull; ++i) {
bool ok = true;
bool was[32] = { false };
for (int j = 1; j <= 32 && ok; ++j) {
auto x = (1ull << j) - 1;
auto res = static_cast<uint32_t>(x * i) >> 27;
ok &= !was[res];
@vient
vient / goodname.cfg
Last active October 11, 2021 15:42
IDA stuff
////////////////////////
// USER DEFINED RULES //
////////////////////////
// MFC/ATL strings
R9000 : { ptn : "CStringT<char,\\s*StrTraitMFC(_DLL)?<char,\\s*(ATL::)?ChTraits(CRT|OS)<char>>>", rpl : "CStringA" },
R9001 : { ptn : "CStringT<wchar_t,\\s*StrTraitMFC(_DLL)?<wchar_t,\\s*(ATL::)?ChTraits(CRT|OS)<wchar_t>>>", rpl : "CStringW" },
R9002 : { ptn : "CStringT<char,\\s*StrTraitATL(_DLL)?<char,\\s*(ATL::)?ChTraits(CRT|OS)<char>>>", rpl : "CAtlStringA" },
R9003 : { ptn : "CStringT<wchar_t,\\s*StrTraitATL(_DLL)?<wchar_t,\\s*(ATL::)?ChTraits(CRT|OS)<wchar_t>>>", rpl : "CAtlStringW" },
@vient
vient / shellcode.s
Created May 18, 2020 15:34
Cursed/Blursed defcon 2020
.intel_syntax noprefix
.code64
begin:
lea r8, [rip+begin]
lea r9, [rip+spinlock]
mov r10, 0xF0
# save shellcode to the stack
@vient
vient / flair.py
Created May 22, 2020 21:20
IDA FLAIR helper, pass a path to directory with (Boost) libs
import os
import sys
FLAIR_DIR = r'D:\work\ida\7.5\flair75\bin\win'
PCF = os.path.join(FLAIR_DIR, "pcf.exe")
SIGMAKE = os.path.join(FLAIR_DIR, "sigmake.exe")
def boost_lib_to_desc(lib):
assert 'mt-x' in lib, 'Only /MT libs'
tokens = lib.split('.')[0].split('-')
@vient
vient / kek.py
Created June 9, 2020 09:52
Python abomination
#!/usr/bin/env python3
import 𝗌𝔶𝘴
import 𝚛𝖺𝔫ⅆom
import 𝒔𝘵𝓻𝒾𝚗𝒈
import u𝘯𝕚c𝕠𝒹e𝖽𝙖𝕥𝖆
from p𝔶𝘨m𝑒𝙣t𝑠 import ₗⅇₓₑrſ as L𝘦𝗑𝚎ᵣ𝐬
𝖀𝗡𝕴𝑪O𝑫ℰ_𝘾𝐴𝙲ℋ𝐄𝕾 = {}
def 𝘧𝕚𝓵𝘭_u𝙣ⁱ𝙘𝗈de_𝓷𝙖𝐦𝙚𝕤():