Skip to content

Instantly share code, notes, and snippets.

View ald3ns's full-sized avatar

alden ald3ns

34 followers · 23 following
View GitHub Profile
@ald3ns
ald3ns / keybase.md
Created June 7, 2021 00:28

Keybase proof

I hereby claim:

  • I am aldenschmidt on github.
  • I am birchboy (https://keybase.io/birchboy) on keybase.
  • I have a public key ASB_jSo7cHxaH21jmaZoyMLDX0M0U0OzZYl1NFYGRK-jJwo

To claim this, I am signing this object:

@ald3ns
ald3ns / build.sh
Created March 29, 2022 17:38
Download and compile VMWare Workstation drivers for cutting edge kernels
#!/usr/bin/bash
# Version of the installed VMWare Workstation
VERSION="$(vmware-installer -l | awk 'FNR==3 {print $2}' | cut -n -d '.' -f 1-3)"
# Grab the zip from the github repo
wget "https://github.com/mkubecek/vmware-host-modules/archive/refs/heads/player-${VERSION}.zip"
# Unzip the zip file
unzip -q player-$VERSION.zip
@ald3ns
ald3ns / lockbit_str_decrypt.py
Created April 16, 2023 17:48
Binary Ninja script to decrypt strings from ARM macOS Lockbit sample!
# SHA256: 3e4bbd21756ae30c24ff7d6942656be024139f8180b7bddd4e5c62a9dfbd8c79
# Get the strings from the data section
data_section = bv.get_section_by_name("__data")
symbols = bv.get_symbols(data_section.start, (data_section.end-data_section.start))
xor_val = 0
xor=Transform['XOR']
# Find the _xor_val
@ald3ns
ald3ns / cstring_clean.py
Created December 18, 2023 18:49
Binary Ninja __cstring section cleanup script
"""
When analyzing MachO binaries in binja, sometimes not all strings in the __cstring
section are defined. This script iterates through the section cleaning up anything
that was missed. There is probably a better/already existing way to do this but
¯\_(ツ)_/¯
"""
import binaryninja
cstring_section = bv.get_section_by_name('__cstring')