warsang
/ ed_deobf_ida.py
Created
January 5, 2026 21:06
String deobfuscation for equationDrug malops challenge
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import idaapi | |
| import idautils | |
| import ida_bytes | |
| import idc | |
| def read_wide_str(ea): | |
| enc = [] | |
| while True: | |
| w = ida_bytes.get_16bit(ea) | |
| if w == 0: |
warsang
/ shellcode_stealing_forgiodriver.py
Last active
November 26, 2025 23:06
My token stealing exploit for GIO driver - Super unstable; had to reboot a couple of times to get this to work
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from ctypes import (windll, LittleEndianStructure, POINTER, byref, cast, | |
| sizeof, c_uint64, c_uint16, c_ubyte, c_uint32, | |
| create_string_buffer, c_ulonglong, c_void_p, c_ulong, c_size_t, WinError, addressof, Structure, memmove) | |
| from ctypes.wintypes import LPVOID, DWORD, LPCSTR, BOOL, HANDLE, ULONG, ULARGE_INTEGER | |
| import sys | |
| import struct | |
| import os | |
| gle = windll.kernel32.GetLastError |
warsang
/ dell_instrumentation_read_exploit.py
Last active
November 26, 2025 20:27
Inspired by SEC760, I decided to look at my own drivers for exploits. I found DellInstrumentation.sys that seemed like a cool target. I reverse the driver and found a couple of vulnerable IOCTL handlers but only found out later that dor00tkit had published similar research on an older version of the driver. So I can't take credit for finding the…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ | |
| Educational Research for communicating with kernel driver through IOCTLs in python | |
| Author: warsang@ | |
| Educational Research for communicating with DELL kernel driver through IOCTLs in python | |
| Tested on DellInstrumentation.sys 2.9.1.0 | |
| Based on: https://dor00tkit.github.io/Dor00tkit/posts/from-admin-to-kernel-one-year-one-driver-zero-attention/ | |
| (I actually found the physical read primitive and msr primitive before finding thi article; Found it after I was halfway done with the exploit code) |
warsang
/ Boostnote_json2markdown.py
Created
May 25, 2021 15:03
2 min ugly python script to convert Boostnote json files to markdown
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import json | |
| inputdir = './notes' | |
| counter = 1 | |
| for json_file in os.listdir(inputdir): | |
| with open(f'{inputdir}/{json_file}','r') as f: | |
| my_json = json.load(f) | |
| try: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ###Lines 957 to 973### | |
| #x86_64 | |
| ifeq ($(ARCH), x86_64) | |
| # if gcc | |
| ifeq ($(CC_NAME), gcc) | |
| C_DEFS+=-DCC_GCC_LIKE_ASM | |
| #common stuff |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| for ordElt in data: | |
| try: | |
| res += chr(ordElt) | |
| except: | |
| res += "NON_ASCII_CHAR" | |
| return res |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Author: Theodore Riera: https://github.com/warsang | |
| * Date: 2017/03/03 | |
| * Description: | |
| * This Nucleo example sends a Sigfox message | |
| * using the nucleoF410RE and the BRKWS01 sigfox breakout board | |
| */ | |
| #include "mbed.h" | |
| //Set to 0 if you don't need to see the messages in the console |
warsang
/ relationvarspec.py
Created
April 4, 2017 09:40
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from netzob.all import * | |
| import sys | |
| initField = Field(domain = Raw("\x01")) | |
| f0 = Field(Value(initField, operation = lambda x: TypeConverter.convert(TypeConverter.convert(x, BitArray, Integer) + 1, Integer, BitArray), svas=SVAS.PERSISTENT)) | |
| f0.specialize() |
warsang
/ Netzob setup.py test error
Last active
March 29, 2017 14:32
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ➜ netzob git:(master) ✗ python3.5 setup.py test | |
| running test | |
| Warning: FastBinaryTree not available, using Python version BinaryTree. | |
| Warning: FastAVLTree not available, using Python version AVLTree. | |
| Warning: FastRBTree not available, using Python version RBTree. | |
| Traceback (most recent call last): | |
| File "setup.py", line 255, in <module> | |
| cmdclass=CMD_CLASS, | |
| File "/usr/lib/python3.5/distutils/core.py", line 148, in setup | |
| dist.run_commands() |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| messageCS = RawMessage(b'\x5b\x8b\x55\xcd\x0c\x00\x01\x00\x03\x00\x92\x0c\xb0\x9c\x08\x00\x00\x00\x01\x84\x80\x00\x92\x0c\xb0\x9c') | |
| messageCS2 = RawMessage(b'\xab\xe2\x58\xcf\x0c\x00\x01\x00\x03\x00\x91\xbe\x56\x98\x08\x00\x00\x00\x01\x84\x80\x00\x92\x0c\xb0\x9c') | |
| field1 = Field(name="afterCRC", domain=Alt([Raw(b'\x55\xcd'),Raw(b'\x58\xcf')])) | |
| field2 = Field(name="afterCRCstat", domain=Raw(b'\x0c\x00\x01\x00\x03\x00')) | |
| field3 = Field(name="secondaltfield",domain=Alt([Raw(b'\x92\x0c\xb0\x9c'),Raw(b'\x91\xbe\x56\x98')])) | |
| field4 = Field(name="secondafterCRCstat", domain=Raw(b'\x08\x00\x00\x00\x01\x84\x80\x00\x92\x0c\xb0\x9c')) | |
| fieldCS = Field(name="CS",domain=InternetChecksum([field1,field2,field3,field4])) | |
| sym = Symbol(messages=[messageCS,messageCS2],fields=[fieldCS,field1,field2,field3,field4]) |
NewerOlder