Skip to content

Instantly share code, notes, and snippets.

@vient
vient / a.txt
Created October 22, 2021 15:01
ссылки из презентации
https://godbolt.org/z/9633WhEYY
https://godbolt.org/z/bY66b7qqG
https://gist.github.com/vient/0264b17c517edc86c7ba211f4e3a8d58
@vient
vient / Makefile
Created October 22, 2021 10:19
Cyberschool 2021 C
.PHONY: nopie pie static hook clean
nopie:
gcc -no-pie main.c -o main
pie:
gcc main.c -o main
static:
gcc -static main.c -o main
@vient
vient / solve.py
Created June 27, 2021 01:25
CTFZONE 2021 OTP30
#!/usr/bin/env python3
import functools
import operator
import sys
import z3
def rev(state):
s = z3.Solver()
old = z3.Bools(' '.join(f'a{i}' for i in range(len(state))))
@vient
vient / 0ctf_plugin.py
Created June 29, 2020 21:30
IDA processor extension plugin for "patching" purposes
import idaapi
import idc
# idautils.DecodeInstruction(here()).itype
JMP = 0x56
JL = 0x40
JLE = 0x41
JG = 0x3E
JE = 0x55
JZ = JE
@vient
vient / ida_launcher.bat
Last active December 24, 2022 06:09
Add IDA to context menu. Download as ZIP, unpack to safe place (don't delete after!) and run setup.bat. You will get "Open with IDA" in context menu. Requires WSL installed with `file` installed inside.
@echo off
setlocal
reg query HKCR\IDApro.Database32\shell\open\command > NUL
if errorlevel 1 goto idb_handler_not_found
for /f tokens^=2^ delims^=^" %%a in ('reg query "HKCR\IDApro.Database32\shell\open\command" ^| findstr /ri "REG_SZ"') do set IDA_DIR=%%~dpa
echo IDA folder %IDA_DIR%
@vient
vient / kek.py
Created June 9, 2020 09:52
Python abomination
#!/usr/bin/env python3
import 𝗌𝔶𝘴
import 𝚛𝖺𝔫ⅆom
import 𝒔𝘵𝓻𝒾𝚗𝒈
import u𝘯𝕚c𝕠𝒹e𝖽𝙖𝕥𝖆
from p𝔶𝘨m𝑒𝙣t𝑠 import ₗⅇₓₑrſ as L𝘦𝗑𝚎ᵣ𝐬
𝖀𝗡𝕴𝑪O𝑫ℰ_𝘾𝐴𝙲ℋ𝐄𝕾 = {}
def 𝘧𝕚𝓵𝘭_u𝙣ⁱ𝙘𝗈de_𝓷𝙖𝐦𝙚𝕤():
@vient
vient / flair.py
Created May 22, 2020 21:20
IDA FLAIR helper, pass a path to directory with (Boost) libs
import os
import sys
FLAIR_DIR = r'D:\work\ida\7.5\flair75\bin\win'
PCF = os.path.join(FLAIR_DIR, "pcf.exe")
SIGMAKE = os.path.join(FLAIR_DIR, "sigmake.exe")
def boost_lib_to_desc(lib):
assert 'mt-x' in lib, 'Only /MT libs'
tokens = lib.split('.')[0].split('-')
@vient
vient / shellcode.s
Created May 18, 2020 15:34
Cursed/Blursed defcon 2020
.intel_syntax noprefix
.code64
begin:
lea r8, [rip+begin]
lea r9, [rip+spinlock]
mov r10, 0xF0
# save shellcode to the stack
@vient
vient / goodname.cfg
Last active October 11, 2021 15:42
IDA stuff
////////////////////////
// USER DEFINED RULES //
////////////////////////
// MFC/ATL strings
R9000 : { ptn : "CStringT<char,\\s*StrTraitMFC(_DLL)?<char,\\s*(ATL::)?ChTraits(CRT|OS)<char>>>", rpl : "CStringA" },
R9001 : { ptn : "CStringT<wchar_t,\\s*StrTraitMFC(_DLL)?<wchar_t,\\s*(ATL::)?ChTraits(CRT|OS)<wchar_t>>>", rpl : "CStringW" },
R9002 : { ptn : "CStringT<char,\\s*StrTraitATL(_DLL)?<char,\\s*(ATL::)?ChTraits(CRT|OS)<char>>>", rpl : "CAtlStringA" },
R9003 : { ptn : "CStringT<wchar_t,\\s*StrTraitATL(_DLL)?<wchar_t,\\s*(ATL::)?ChTraits(CRT|OS)<wchar_t>>>", rpl : "CAtlStringW" },
#include <iostream>
int main() {
for (size_t i = 1; i < 0x100000000ull; ++i) {
bool ok = true;
bool was[32] = { false };
for (int j = 1; j <= 32 && ok; ++j) {
auto x = (1ull << j) - 1;
auto res = static_cast<uint32_t>(x * i) >> 27;
ok &= !was[res];