Skip to content

Instantly share code, notes, and snippets.

View xermicus's full-sized avatar

Cyrill Leutwiler xermicus

80 followers · 84 following
  • Switzerland
View GitHub Profile
@xermicus
xermicus / r2wars.md
Last active September 5, 2019 14:32
radare2 IDE

r2wars bot development

Because radare2 is also an Integrated Development Environment!

To ease your workflow you can use the following script:

#!/bin/sh
if [ ! $# -eq 3 ]; then
	echo "Usage: $(basename $0) <arch> <bits> <warrior.asm>"
@xermicus
xermicus / r2con2019ctf.md
Last active April 8, 2022 10:17
r2con 2019 CTF writeups

r2con{ctf_2019_wr1t3up5}

The r2con CTF is the CTF for the r2con 2019 held during the weekend before the conference which consisted mainly of reversing challenges. I managed to solve all but one challenge (technicaly, at least...) and it was so much fun! I'd like to thank the organizers a lot for making the event happen :-)

There may be errors and inclompete sections. I tried to make a write-up for every challenge, just contact me if anything is unclear or missing!

[100] r2boy1

Time to remember the best games ever!
@xermicus
xermicus / mount.sh
Created September 24, 2018 19:49
ILIAS webdav mounts
#!/bin/bash
# Example for DMATH.
# Adapt the "ref_XXXXXXX" for other subjects (it's the same as the web URI while browsing):
sudo mount -t davfs https://elearning.hslu.ch/ilias/webdav.php/hslu/ref_3779056/ /mnt/ilias/DMATH
@xermicus
xermicus / wlp3s0-hslu
Created September 24, 2018 19:43
HSLU netctl profile
Description='netctl profile for hslu'
Interface=wlp3s0
Connection=wireless
Security=wpa-configsection
ESSID=hslu
IP=dhcp
WPAConfigSection=(
'ssid="hslu"'
'proto=RSN'
'key_mgmt=WPA-EAP'
@xermicus
xermicus / spacemision.txt
Created September 13, 2017 18:10
solution to spacemision crackme
This was a very fun crackme! Instead of providing a simple "password: " prompt or something like that the author actually wrote a tiny game to play with.
# ./spacemision
Hello, ...?
Hello, chief reverse engineer root of the spaceship rbinsegfaulter?
Can you hear, me?
Oh, these speakers seem to be broken.
No matter, if you hear me, or not, this is probably our last chance to survive!
We got attacked from the evil aliens from the binja-system!
@xermicus
xermicus / rcCrackme.py
Created November 15, 2016 19:22
# http://crackmes.de/users/macabre/rccrackme/
# NOTE: This keygen finds correct serial, but fails to insert the hyphens '-' in the
# correct (correct in terms of the crackme) way. It gave me headaches trying
# to do this in python, but I think it should be easy to implement it in C.
user = input("Enter username: ")
user *= 9 // len(user) + 1 if len(user) < 10 else 1
print('User: ' + user)
@xermicus
xermicus / crackme.02.32.py
Created November 9, 2016 14:20
# http://crackmes.de/users/geyslan/crackme.02.32/
import random
random.seed()
password = ''
secret = '\xf7\xf8\xf1\xf4\xf1\xf8\xb3\xfc\xfc'
for i in range(len(secret)):
candidates = ''
@xermicus
xermicus / pcm0.py
Last active December 8, 2016 10:28
# http://crackmes.de/users/pancake/pcme0/
# This is not perfect, it fails to recover one specific char in the flag
# Idk what's going on there, but found it out anyway :)
# (In the final flag, the non-printable char '\0x18' should be '0'. Flag is 10 chars long.)
import sys,r2pipe
r2profile = '#!/usr/bin/rarun2\nprogram=./pcme0\nstdin=stdin.txt\nstdout='
with open('profile.rr2', 'w') as f:
@xermicus
xermicus / crkme1-linux32_keygen.py
Created October 18, 2016 18:25
# http://crackmes.de/users/damo2k/damos_crackme_1_for_linux/
import random, sys
random.seed()
serial = [None] * 10
#1_10
c = random.randint(0x64, 0x7a)
serial[9] = chr(c)
@xermicus
xermicus / fr0g_kgm1.py
Created October 17, 2016 19:00
fr0g_kgm1 | crackmes.de
# http://crackmes.de/users/fr0gsek/fr0g_kgm1/
key = 'SeRiAlAbCdEfGhIjKlMnOpQrStUvWxYz'[::-1]
user = ''
while len(user) < 5:
user = input('login [min 5 chars]: ')
serial = ''
for i in range(32):