Gain adb root.
$ adb shell am start -n com.android.engineeringmode/.qualcomm.DiagEnabled --es "code" "angela"
Download Magisk-v14.0 and extract it somewhere. Download MagiskManager.
AKosterin
/ DexGuardStringDecoder.java
Created
August 16, 2015 23:05
JEB Plugin for decrypt DexGuard encrypted Strings.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import jeb.api.IScript; | |
| import jeb.api.JebInstance; | |
| import jeb.api.ast.*; | |
| import jeb.api.ast.Class; | |
| import jeb.api.dex.Dex; | |
| import jeb.api.dex.DexCodeItem; | |
| import jeb.api.dex.DexFieldData; | |
| import jeb.api.dex.DexMethod; | |
| import jeb.api.ui.JavaView; | |
| import jeb.api.ui.View; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <elf.h> | |
| #include <fcntl.h> | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <sys/mman.h> | |
| // killgdb.c - prevent an elf from being loaded by gdb. | |
| // Jeffrey Crowell <crowell [at] bu [dot] edu> | |
| // | |
| // $ objcopy --only-keep-debug program program.debug |
mattypiper
/ armemu.py
Created
June 2, 2016 03:37
ARM Assembly, Emulation, Disassembly using Keystone, Unicorn, and Capstone
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import sys | |
| from keystone import * | |
| from unicorn import * | |
| from unicorn.arm_const import * | |
| from capstone import * | |
| from capstone.arm import * | |
| from capstone.x86 import * |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Compile with: | |
| gcc elfsize.c -o elfsize | |
| Example: | |
| ls -l 126584 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/boot/bzImage | |
| # Linux kernel userspace initialization code, translated to bash | |
| # (Minus floppy disk handling, because seriously, it's 2017.) | |
| # Not 100% accurate, but gives you a good idea of how kernel init works | |
| # GPLv2, Copyright 2017 Hector Martin <[email protected]> | |
| # Based on Linux 4.10-rc2. | |
| # Note: pretend chroot is a builtin and affects the current process | |
| # Note: kernel actually uses major/minor device numbers instead of device name |
mimoo
/ erase_from_memory.h
Last active
April 8, 2024 21:17
Include this file to get the `erase_from_memory` function that zeros memory. See https://www.cryptologie.net/article/419/zeroing-memory-compiler-optimizations-and-memset_s/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #ifndef __ERASE_FROM_MEMORY_H__ | |
| #define __ERASE_FROM_MEMORY_H__ 1 | |
| #define __STDC_WANT_LIB_EXT1__ 1 | |
| #include <stdlib.h> | |
| #include <string.h> | |
| void *erase_from_memory(void *pointer, size_t size_data, size_t size_to_remove) { | |
| #ifdef __STDC_LIB_EXT1__ | |
| memset_s(pointer, size_data, 0, size_to_remove); |
jthuraisamy
/ README.md
Last active
April 16, 2023 06:06
PyExZ3 Example with HackSysExtremeVulnerableDriver
TL;DR: Using symbolic execution to recover driver IOCTL codes that are computed at runtime.
The goal here is to find valid IOCTL codes for the HackSysExtremeVulnerableDriver by analyzing the binary. The control flow varies between the binary and source due to compiler optimizations. This results in a situation where only a few IOCTL codes in the assembly are represented as a constant with the remaining being computed at runtime.
The code in hevd_ioctl.py is a approximation of the control flow of the compiled IrpDeviceIoCtlHandler function. The effects of the compiler optimization are more pronounced when comparing this code to the original C function. To comply with requirements of the PyExZ3 module, the target function is named after the script's filename, and the `ex
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| BACKDOOR := backdoor | |
| obj-m := $(BACKDOOR).o | |
| $(BACKDOOR)-y += poc.o | |
| default: all | |
| all: | |
| make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules |