Skip to content

Instantly share code, notes, and snippets.

View YSaxon's full-sized avatar

Yaakov Saxon YSaxon

13 followers · 2 following
View GitHub Profile
@YSaxon
YSaxon / xor_decoder.py
Last active January 9, 2024 17:52
Ghidra Xor Decoder script for a particular xor obfuscation type I encountered
import re
from ghidra.program.model.data import Undefined
from java.io import File
from ghidra.app.util.exporter import CppExporter
from ghidra.util.task import TaskMonitor
from ghidra.app.util import Option
from ghidra.program.model.listing import Function
from ghidra.program.database.symbol import FunctionSymbol
from ghidra.app.decompiler import DecompInterface
from ghidra.program.model.listing import CodeUnit
@YSaxon
YSaxon / findReduxStoreBFS.js
Created November 16, 2023 16:26
JS Console script to find the Redux store and state
function isReduxStore(obj) {
return obj && typeof obj === 'object' &&
typeof obj.getState === 'function' &&
typeof obj.dispatch === 'function' &&
typeof obj.subscribe === 'function';
}
function isValidIdentifier(key) {
return /^[a-zA-Z_$][a-zA-Z_$0-9]*$/.test(key);
}
@YSaxon
YSaxon / findObjectFromWindowBFS.js
Created November 16, 2023 19:16
JS Console script to recursively find an object starting from the window object
// a more generalized version of https://gist.github.com/YSaxon/bdd00ce836dee657518d1937047e4ec6
function createCriteriaFunction(propertyNames) {
if (!Array.isArray(propertyNames)) {
propertyNames = [propertyNames];
}
return function(obj) {
if (!obj || typeof obj !== 'object') return false;
@YSaxon
YSaxon / extract_dex_from_memdump.py
Created December 18, 2023 17:30
extract a dexfile from a memory dump
def find_and_extract_dex(file_path, output_path):
try:
with open(file_path, 'rb') as file:
data = file.read()
# DEX file header magic number and offset for file size
dex_magic = b'dex\n'
size_offset = 32
size_length = 4
@YSaxon
YSaxon / cortexFirmwareFileNotes.md
Last active May 17, 2024 16:55

Analyzing Cortex-M Firmware Binary Files with Ghidra

Opening the Firmware Binary

  1. Open the firmware binary in Ghidra

Establishing the Initial Memory Offset

  1. Go to the data view and copy all the string addresses, and paste them into a Jupyter notebook with the code below
  2. Sort and copy all the possible pointers (probably undefined4 type) similarly
@YSaxon
YSaxon / privesc Shell.md
Created July 23, 2024 20:51

Initial setup (paths are assuming an Android target but you can obviously modify it)

cat << EOF > /data/local/tmp/shell1.sh
echo echo START >> /data/local/tmp/shell/infile
tail -n 1 -f /data/local/tmp/shell/infile | sh -i >> /data/local/tmp/shell/outfile 2>>/data/local/tmp/shell/outfile
EOF

chmod +x /data/local/tmp/shell1.sh

mkdir /data/local/tmp/shell
@YSaxon
YSaxon / lazy_load_node.sh
Last active August 19, 2024 18:48
Lazy load homebrew node to speed up shell init time
# Add this to your zshrc etc
# modified from #http://broken-by.me/lazy-load-nvm/
setup_nvm(){
unset -f nvm node npm
export NVM_DIR="$HOME/.nvm"
[ -s "/opt/homebrew/opt/nvm/nvm.sh" ] && \. "/opt/homebrew/opt/nvm/nvm.sh" # This loads nvm
[ -s "/opt/homebrew/opt/nvm/etc/bash_completion.d/nvm" ] && \. "/opt/homebrew/opt/nvm/etc/bash_completion.d/nvm" # This loads nvm bash_completion
@YSaxon
YSaxon / set_GHIDRA_HOME.sh
Created March 7, 2025 18:01
set GHIDRA_HOME on macos with homebrew installed Ghidra
export GHIDRA_HOME=$(dirname $(readlink -f $(which ghidraRun)))