| IDA Plugins | Preferred | Neutral | Unreviewed |
|---|
0xgalz
/ AutoFunc.py
Last active
November 20, 2024 07:23
IDAPython- Change Function Names in IDA According to their corresponding debug prints
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import idc | |
| import idautils | |
| import idaapi | |
| FUNCTIONS_REGISTERS = {"g_log": "rcx", "g_log_error": "rdx"} | |
| def get_string_for_function(call_func_addr, register): | |
| """ | |
| :param start_addr: The function call address |
zznop
/ mem-loader.asm
Last active
December 23, 2024 17:07
Fun little loader shellcode that executes an ELF in-memory using an anonymous file descriptor (inspired by https://x-c3ll.github.io/posts/fileless-memfd_create/)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; | |
| ;;; | |
| ;;; Copyright (C), zznop, [email protected] | |
| ;;; | |
| ;;; This software may be modified and distributed under the terms | |
| ;;; of the MIT license. See the LICENSE file for details. | |
| ;;; | |
| ;;; DESCRIPTION | |
| ;;; | |
| ;;; This PoC shellcode is meant to be compiled as a blob and prepended to a ELF |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| typedef struct tagCREATELINKDATA { | |
| ULONG dwFlags; | |
| WCHAR szLinkName[MAX_PATH]; // + 0x20C | |
| WCHAR szExeName[MAX_PATH]; // + 0x414 | |
| WCHAR szParams[MAX_PATH]; // + 0x61C | |
| WCHAR szWorkingDir[MAX_PATH]; // + 0x824 | |
| WCHAR szOriginalName[MAX_PATH]; // + 0xA2C | |
| WCHAR szExpExeName[MAX_PATH]; // + 0xC34 | |
| WCHAR szProgDesc[MAX_PATH]; // + 0xE3C | |
| WCHAR szFolder[MAX_PATH]; // + 0x1044 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| BACKDOOR := backdoor | |
| obj-m := $(BACKDOOR).o | |
| $(BACKDOOR)-y += poc.o | |
| default: all | |
| all: | |
| make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules |
jthuraisamy
/ README.md
Last active
April 16, 2023 06:06
PyExZ3 Example with HackSysExtremeVulnerableDriver
TL;DR: Using symbolic execution to recover driver IOCTL codes that are computed at runtime.
The goal here is to find valid IOCTL codes for the HackSysExtremeVulnerableDriver by analyzing the binary. The control flow varies between the binary and source due to compiler optimizations. This results in a situation where only a few IOCTL codes in the assembly are represented as a constant with the remaining being computed at runtime.
The code in hevd_ioctl.py is a approximation of the control flow of the compiled IrpDeviceIoCtlHandler function. The effects of the compiler optimization are more pronounced when comparing this code to the original C function. To comply with requirements of the PyExZ3 module, the target function is named after the script's filename, and the `ex
Gain adb root.
$ adb shell am start -n com.android.engineeringmode/.qualcomm.DiagEnabled --es "code" "angela"
Download Magisk-v14.0 and extract it somewhere. Download MagiskManager.
mimoo
/ erase_from_memory.h
Last active
April 8, 2024 21:17
Include this file to get the `erase_from_memory` function that zeros memory. See https://www.cryptologie.net/article/419/zeroing-memory-compiler-optimizations-and-memset_s/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #ifndef __ERASE_FROM_MEMORY_H__ | |
| #define __ERASE_FROM_MEMORY_H__ 1 | |
| #define __STDC_WANT_LIB_EXT1__ 1 | |
| #include <stdlib.h> | |
| #include <string.h> | |
| void *erase_from_memory(void *pointer, size_t size_data, size_t size_to_remove) { | |
| #ifdef __STDC_LIB_EXT1__ | |
| memset_s(pointer, size_data, 0, size_to_remove); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/boot/bzImage | |
| # Linux kernel userspace initialization code, translated to bash | |
| # (Minus floppy disk handling, because seriously, it's 2017.) | |
| # Not 100% accurate, but gives you a good idea of how kernel init works | |
| # GPLv2, Copyright 2017 Hector Martin <[email protected]> | |
| # Based on Linux 4.10-rc2. | |
| # Note: pretend chroot is a builtin and affects the current process | |
| # Note: kernel actually uses major/minor device numbers instead of device name |