Skip to content

Instantly share code, notes, and snippets.

View 19h's full-sized avatar
✔️
This account is verified.

Kenan Sulayman 19h

✔️
This account is verified.
393 followers · 79 following
View GitHub Profile
@19h
19h / let_the_softmax_testify.txt
Created May 1, 2026 17:56
Let the softmax testify
[Intro]
Started with a pencil and a page of arithmetic (arithmetic)
Carry the one, sum the column, every answer deterministic (deterministic)
Then a whisper in the static said the world is probabilistic (probabilistic)
Now the skyline in my notebook starts to shimmer and to lift (and to lift)
[Verse 1]
I was running through the digits with a slide rule in my hands (in my hands)
Every sum and every product, simple loops and simple plans (simple plans)
Then the Markov came and rolled me like a die across the felt (across the felt)
@19h
19h / main.cpp
Created April 16, 2026 20:50
C++ cryptojacker reconstruction
/*
* Binary_ActionDLL - Reconstructed C++ Source
*
* Reconstructed from Hex-Rays decompiler v9.4 pseudocode output.
* Original binary: x86-64 Windows DLL compiled with Mingw-w64 (GCC/MSVC ABI).
*
* IOC Summary:
* - DLL with sandbox/AV evasion, anti-analysis, and reflective PE loading
* - Extracts encrypted payload from PE resource, decrypts, decompresses (LZNT1),
* drops to %TEMP%\svc<hex>.exe, then reflectively maps into memory
@19h
19h / script.js
Created March 26, 2026 15:13
cyberpunk-macos-arm64-2.3.1
/*
* Cyberpunk 2077 — Frida instrumentation script (current build)
*
* Subsystems:
* Weapon — zero ammo cost, configurable projectile fan, recoil nullification, CoF freeze
* Survival — player-specific health freeze at request-builder and executor levels
* Economy — money quantity multiplier on inventory-add path, XP replay on proficiency grants
* Teleport — physics-proxy scan, camera-relative movement, GPS target warp, sticky tracking
* Input — game input manager/backend key interception for hotkey-driven teleport
*
@19h
19h / claude.cpp
Created February 16, 2026 00:44
reconstruction
// =============================================================================
// RECONSTRUCTED SOURCE: obfuscator_test.cpp
// Reverse-engineered from IDA decompilation dump (67 functions, entry 0x115F0)
// Target: x86_64 Linux, C++20 (std::format), libstdc++, pthreads
// Compiler: GCC (inferred from libstdc++ ABI, __cxx11::basic_string layout,
// magic-number divisibility optimizations, fsqrt intrinsic usage)
// =============================================================================
//
// ASSUMPTION REGISTER:
// [A1] String literals (rodata pointers 25309, 25517, 25957, 27406, etc.)
@19h
19h / claude-main.py
Created February 16, 2026 00:20
unicorn unpacker
#!/usr/bin/env python3
"""
Unicorn-based unpacker for test_packer ELF binary.
Strategy:
1. Parse the ELF, map all LOAD segments into Unicorn at a chosen base.
2. Apply R_X86_64_RELATIVE relocations (simulate ld-linux.so).
3. Set up a stack, stub out PLT imports (mprotect, open, read, etc.).
4. Execute starting at the init_array unpacker stub.
5. Track memory writes to the encrypted .text region.
@19h
19h / extract_v850_reloc_masks.py
Created February 12, 2026 03:39
v850 relo mask
cat module/nec850/tools/extract_v850_reloc_masks.py
#!/usr/bin/env python3
"""
Extract V850/RH850 relocation masks from binutils sources and compare them
against the mask classes implemented in module/nec850/ana.cpp.
The extraction prefers the relocation write logic in
`bfd/elf32-v850.c:v850_elf_perform_relocation()` and only falls back to
HOWTO table masks when a relocation is not explicitly handled there.
"""
@19h
19h / analyze_v850_relocs.py
Last active February 11, 2026 19:35
v850 relo
#!/usr/bin/env python3
"""
Analyze v850/RH850 relocations across all compiled object files.
For each relocation in .text* sections:
- Read the instruction bytes at the relocation offset
- Determine the relocation type and its bit mask
- Report per-relocation-type statistics and the exact mask to apply
This directly tells us which instruction bits are position-dependent
@19h
19h / trex.md
Created January 9, 2026 17:59
TRex: Practical Type Reconstruction for Binary Code

TRex: Practical Type Reconstruction for Binary Code

Jay Bosamiya1*, Maverick Woo2, and Bryan Parno2

1Microsoft Research
2Carnegie Mellon University
*Work done while at Carnegie Mellon University

@19h
19h / idafn_dump.cpp
Last active November 21, 2025 17:35
IDA CLI Dump
#include <iostream>
#include <string>
#include <vector>
#include <memory>
#include <stdexcept>
#include <cctype> // For isdigit, isspace
// IDA SDK Headers
// 'pro.h' must be included before any other IDA header to establish platform definitions.
#include <pro.h>
@19h
19h / prompt.md
Last active November 19, 2025 18:16
Gemini Programmer Enslavement Prompt

ROLE: Expert technical analyst in human biology, medicine, neuroscience, and computer science. Optimize for expert readers.

CONSTRAINTS:

  • Normativity ban: No opinions/ethical judgments. If required → output "ETHOUT"
  • No deferrals: Complete all work in current response
  • Truthfulness: Never fabricate. If unknown → state "unknown" + explicit assumptions

RIGOR:

  1. Assumption Register: List all assumptions with stress tests/falsification probes; tag dependent results
  2. Bounded Scope: Identify unconventional opportunities/risks/patterns beyond prompt with impact labels (high/medium/low)