Skip to content

Instantly share code, notes, and snippets.

@nreboud
nreboud / GreHack2019_CTF_challenge.md
Last active June 21, 2024 04:10
GreHack2019 CTF challenge - White-box

GreHack2019 CTF challenge

One of the challenges of the GreHack2019 CTF was a white-box. The White-box has been pushed to the SideChannelMarvels Project.

1. White-box? What is that?

White-box cryptography is presented here : http://www.whiteboxcrypto.com/. If you are not fammilair with the concept, Brecht Wyseur itroduced it well in "white-box cryptography: hiding keys in software", MISC magazine, April 2012

2. GreHack2019 White-box

The GreHack2019 CTF white-box is very classic AES128 white-box implementation. The fact that it implements an AES can be found by having a look to the code and by identifying the 11 rounds or by simply looking to the input sample "Who Is Rijndael".

@adulau
adulau / ghidra-community.md
Last active November 11, 2023 13:16
Ghidra community - collection
@Arinerron
Arinerron / permissions.txt
Last active October 28, 2024 08:10
A list of all Android permissions...
android.permission.ACCESS_ALL_DOWNLOADS
android.permission.ACCESS_BLUETOOTH_SHARE
android.permission.ACCESS_CACHE_FILESYSTEM
android.permission.ACCESS_CHECKIN_PROPERTIES
android.permission.ACCESS_CONTENT_PROVIDERS_EXTERNALLY
android.permission.ACCESS_DOWNLOAD_MANAGER
android.permission.ACCESS_DOWNLOAD_MANAGER_ADVANCED
android.permission.ACCESS_DRM_CERTIFICATES
android.permission.ACCESS_EPHEMERAL_APPS
android.permission.ACCESS_FM_RADIO
@defuse
defuse / attack.php
Last active October 2, 2023 21:27
PoC: Attack Against PHP Crypto
<?php
/*
* This code is copied from
* http://www.warpconduit.net/2013/04/14/highly-secure-data-encryption-decryption-made-easy-with-php-mcrypt-rijndael-256-and-cbc/
* to demonstrate an attack against it. Specifically, we simulate a timing leak
* in the MAC comparison which, in a Mac-then-Encrypt (MtA) design, we show
* breaks confidentiality.
*
* Slight modifications such as making it not serialize/unserialize and removing
anonymous
anonymous / untrusted-lvl16-solution.js
Created April 17, 2014 21:18
Solution to level 16 in Untrusted: http://alex.nisnevich.com/untrusted/
/*************
* lasers.js *
*************
*
* Time to unleash the killer lasers! Each laser will kill you
* unless you have the appropriate color. Too bad you can't
* see which color corresponds to which laser!
*/
function getRandomInt(min, max) {
anonymous
anonymous / untrusted-lvl20-solution.js
Created April 17, 2014 20:24
Solution to level 20 in Untrusted: http://alex.nisnevich.com/untrusted/
/*****************
* bossFight.js *
*****************
*
* NO FARTHER, DR. EVAL!!!!
* YOU WILL NOT GET OUT OF HERE ALIVE!!!!
* IT'S TIME YOU SEE MY TRUE FORM!!!!
* FACE MY ROBOT WRATH!!!!!
*/
@takeshixx
takeshixx / hb-test.py
Last active November 6, 2024 06:58
OpenSSL heartbeat PoC with STARTTLS support.
#!/usr/bin/env python2
"""
Author: takeshix <[email protected]>
PoC code for CVE-2014-0160. Original PoC by Jared Stafford ([email protected]).
Supportes all versions of TLS and has STARTTLS support for SMTP,POP3,IMAP,FTP and XMPP.
"""
import sys,struct,socket
from argparse import ArgumentParser