Skip to content

Instantly share code, notes, and snippets.

View M1suzu's full-sized avatar

Zhang M1suzu

55 followers · 176 following
View GitHub Profile
@benmmurphy
benmmurphy / erlang tls decryption
Created February 6, 2017 12:19
Dump secret key in wireshark format so tls connections can be decrypted. This uses the erlang:trace functionality which may destroy the performance of your node.
DumpMS = fun() ->
FindMs = fun(Socket) ->
Pid = element(3, Socket),
Connection = sys:get_state(Pid),
State = element(2, Connection),
Session = element(18, State),
SessionId = element(2, Session),
MasterSecret = element(7, Session),
{SessionId, MasterSecret}
end,
@amtal
amtal / Hybrids.md
Created January 17, 2017 08:28
Walkthrough of two dupes and an item corruption exploit for Diablo 2 in layman's terms

This is a common-jargon walkthrough of an interesting Diablo 2 exploit. It provides the necessary background information (network protocol and game mechanics) to gain some understanding of the primitives from which it's constructed. Since the exploit is against a black-box network service with no available code, exact details and subtleties remain a mystery. :)

Exploit effects

Diablo 2 items can have a list of properties with various effects. The most common items (normal or "white" ones) have very few possible effects; however, all items can have sockets. Rune and gem-type items can be inserted into sockets. Some sequences of runes are special - inserting them into a white item makes a runeword item with predictable special properties.

Here's an example runeword "Peace" created by inserting Shael, Thul, and Amn runes into a 3-socket Light Plate:

Peace + Enigma hybrid

anonymous
anonymous / xiaomi-locked-bootloader.md
Created January 6, 2017 00:06
Xiaomi's locked bootloader is insecure and useless

Xiaomi's locked bootloader is insecure and useless

Your phone should have a locked bootloader, as it ensures the integrity of the software running on the device. This is especially relevant for Xiaomi phones, which are often loaded with all sorts of crapware by shady merchants. These vendor ROM's are a serious security risk. You really don't want to run that shit, so do your research very carefully when importing a Xiaomi device to ensure it hasn't been tampered with.

So, Xiaomi makes these nice phones and those vendors just ruin it all. They do the logical thing and start locking devices. But even today, vendor ROM's are still a thing! Even the brand new edgeless Mi Mix isn't safe.

How is this possible?

Through a wide open back door called EDL mode. To flash anything you want, all you need is a "deep flash cable" from [Aliexpress](https://www.aliexpress.com/wholesale?catId=0&SearchText=xiaomi+deep+fl

@alexhude
alexhude / ios_dcsd_output_set.c
Created December 24, 2016 04:01
Setting up /dev/uart.debug-console output for DCSD
struct termios tty;
memset (&tty, 0, sizeof tty);
if (tcgetattr (serial_fd, &tty) != 0)
return -1;
// set speed
cfsetospeed (&tty, B115200);
// set control options
@mubix
mubix / infosec_newbie.md
Last active March 10, 2025 09:42
How to start in Infosec
@williballenthin
williballenthin / hint_calls.py
Last active September 29, 2024 15:35
'''
IDA plugin to display the calls and strings referenced by a function as hints.
Installation: put this file in your %IDADIR%/plugins/ directory.
Author: Willi Ballenthin <[email protected]>
Licence: Apache 2.0
'''
import idc
import idaapi
import idautils
@williballenthin
williballenthin / realign_pe_sections.py
Last active November 17, 2023 13:07
Realign the sections of a PE file with invalid FileAlignment.
#!/usr/bin/env python2
'''
some documentation
author: Willi Ballenthin
email: [email protected]
website: https://gist.github.com/williballenthin/d43cbc98fa127211c9099f46d2e73d2c
'''
import sys
import logging
from collections import namedtuple
@Wack0
Wack0 / upwned247.php
Last active December 13, 2023 08:16
UCam247/Phylink/Titathink/YCam/Anbash/Trivision/Netvision/others IoT webcams : remote code exec: reverse shell PoC. (works only in qemu usermode)
<?php
/*
Updated version, 2016-12-02: fixed shellcode so it *actually* works on QEMU
usermode emulation (seems I pushed an old version), and removed debug output.
-------------------------
NB: THIS PoC ONLY WORKS IN QEMU USERMODE EMULATION!
If anyone wants to fix this, go ahead (no pun intended).
However, I don't have a vulnerable product and am unwilling to acquire one.
@williballenthin
williballenthin / idapython_lex_curline.py
Last active April 16, 2025 21:44
'''
split the line returned by `get_custom_viewer_curline` into symbols.
it pulls out the strings, color directives, and escaped characters.
this hex-rays blog post describes how ida uses the special color tags
to describe syntax highlighting:
http://www.hexblog.com/?p=119
for example, here's a line that we see in IDA Pro:
@williballenthin
williballenthin / idapython_hints.py
Last active December 27, 2019 01:59
'''
example of:
- using ctypes with the IDA SDK
- providing custom UI hints with dynamic data from Python
in this silly example, we display UI hints with the current timestamp.
a more useful plugin might inspect the hovered line, and display some documentation.
Author: Willi Ballenthin <[email protected]>
Licence: Apache 2.0