aSiagaming vngkv123
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| from pwn import * | |
| import time | |
| import subprocess | |
| import sys | |
| SPRAYLENGTH = 0x1000 | |
| def OFFSET(value): | |
| assert(value != 0) |
vngkv123
/ idascript-headless.py
Created
December 12, 2022 12:06
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| import time | |
| import os | |
| import traceback | |
| import json | |
| import idc | |
| import idaapi | |
| logfilename = idaapi.get_input_file_path() + '.timeida-'+str(int(time.time()*1000))+'.txt' |
vngkv123
/ CVE-2021-1048.c
Last active
August 13, 2023 07:12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2021/CVE-2021-1048.html | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <string.h> | |
| #include <netdb.h> | |
| #include <unistd.h> | |
| #include <fcntl.h> | |
| #include <errno.h> | |
| #include <mqueue.h> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <asm/types.h> | |
| #include <stdint.h> | |
| #include <sys/ioctl.h> | |
| /** | |
| * enum ion_heap_types - list of all possible types of heaps | |
| * @ION_HEAP_TYPE_SYSTEM: memory allocated via vmalloc | |
| * @ION_HEAP_TYPE_SYSTEM_CONTIG: memory allocated via kmalloc | |
| * @ION_HEAP_TYPE_CARVEOUT: memory allocated from a prereserved | |
| * carveout heap, allocations are physically | |
| * contiguous |
vngkv123
/ TFC2021-Chrome-V8.mjs
Last active
November 5, 2021 06:35
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import * as module from "1.mjs"; | |
| /* | |
| => 1.mjs | |
| export let x = {}; | |
| export let y = {}; | |
| export let z = {}; | |
| */ | |
| var f64 = new Float64Array(1); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| IOUserClient_vtbl = '''struct /*VFT*/ IOUserClient_vtbl | |
| { | |
| void (__cdecl *~IOUserClient)(IOUserClient *__hidden this); | |
| void (__cdecl *~IOUserClient_0)(IOUserClient *__hidden this); | |
| void (__cdecl *release)(OSObject *__hidden this, int freeWhen); | |
| int (__cdecl *getRetainCount)(OSObject *__hidden this); | |
| void (__cdecl *retain)(OSObject *__hidden this); | |
| void (__cdecl *release_0)(OSObject *__hidden this); | |
| bool (__cdecl *serialize)(OSObject *__hidden this, OSSerialize *serializer); | |
| const OSMetaClass *(__cdecl *getMetaClass)(IOUserClient *__hidden this); |
vngkv123
/ kernelcache_vtab_resolver.py
Last active
November 15, 2020 11:04
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Made by aSiagaming | |
| # Only work with iOS research kernelcache | |
| import ida_bytes | |
| import ida_name | |
| import ida_funcs | |
| import idc | |
| import idautils | |
| import idaapi | |
| import ida_struct |
vngkv123
/ userclient_dump.c
Created
November 10, 2020 00:00
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <IOKit/IOKitLib.h> | |
| #include <stdint.h> | |
| #include <stdlib.h> | |
| #include <string.h> | |
| #include <mach/mach.h> | |
| #include <errno.h> | |
| #include <dlfcn.h> | |
| #include <fcntl.h> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| let u32 = new Uint32Array(2); | |
| let f64 = new Float64Array(u32.buffer); | |
| function u2d(l, h) { | |
| u32[0] = l; | |
| u32[1] = h; | |
| return f64[0]; | |
| } | |
| function d2u(v) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| import sys, time | |
| context.binary = "./houseoforange" | |
| binary = ELF("./houseoforange") | |
| p = process(["./houseoforange"]) | |
| def buildf(length, name, price, color): | |
| p.recvuntil("choice : ") |
NewerOlder