Skip to content

Instantly share code, notes, and snippets.

@droogie
droogie / build-struct.py
Last active September 13, 2023 01:43
Enumerate EFI GUIDs from UEFI shell
import csv
import uuid
guid_dictionary = {}
#raw-guids.txt should be the tab separated columns copied from IDA
with open('raw-guids.txt', newline='') as csvfile:
reader = csv.DictReader(csvfile, delimiter='\t')
unkCnt = 0
@droogie
droogie / i51.cfg
Last active January 29, 2023 06:05
AT89S53 IDA configuration for i51.cfg
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
.AT89S53
; https://ww1.microchip.com/downloads/en/DeviceDoc/doc0787.pdf
;
; MEMORY MAP
area CODE code 0x0000:0x3000
area DATA RAM 0x0000:0x0100
area DATA FSR 0x0080:0x0100
void hexdump(unsigned char *data, size_t size) {
char ascii[17] = {0};
size_t i;
for (i = 0; i < size; ++i) {
unsigned char c = data[i];
size_t next = i+1;
printf("%02X ", c);
ascii[i % 16] = isprint(c) ? c : '.';
if (next % 8 == 0 || next == size) {
@droogie
droogie / .py
Created April 23, 2022 07:06
python displayhook wrapper for printing ints in hex
from collections.abc import Generator, Iterable, Mapping
import builtins
import itertools
import sys
# this is a fork of https://github.com/CouleeApps/hex_integers
# modified for use with the default python interpreter
# place in ~/.pyrc
# $ export PYTHONSTARTUP=~/.pyrc
@droogie
droogie / jwplayer_downloader.py
Last active April 24, 2023 01:59 — forked from iluxonchik/jwplayer_downloader.py
Download JWPlayer .ts files, merge them into a single file and then convert the file to .mp4
"""
Update URL/Filename, execute script and provide output filename as parameter
Requirements:
* Python 3.x
* "ffmpeg" command-line tool.
"""
import sys
import urllib.request
from os import system, remove
@droogie
droogie / Android.mk
Last active March 19, 2022 01:17 — forked from phhusson/omx-store.cpp
List OMX codecs through treble HAL
LOCAL_PATH:= $(call my-dir)
include $(CLEAR_VARS)
LOCAL_SRC_FILES := omx-store.cpp
LOCAL_SHARED_LIBRARIES := libutils liblog [email protected] [email protected] libcutils \
[email protected] \
[email protected] \
libhidlbase libbase
@droogie
droogie / avr.cfg
Created August 16, 2021 02:17
IDA ATmega328P config
.ATmega328P
; Append to your IDA avr.cfg
SUBARCH=5
RAM=2048
ROM=32768
EEPROM=1024
; MEMORY MAP
@droogie
droogie / e1000-infoleak.patch
Created December 29, 2020 01:24
QEMU 5.0.0 e1000 device patch to trigger clever infoleak (CCC rC3 Presentation: Things not to when using an IOMMU)
--- e1000.c 2020-12-28 17:20:18.498942411 -0800
+++ QEMU/hw/net/e1000.c 2020-12-28 17:19:02.474796008 -0800
@@ -965,7 +965,39 @@ e1000_receive_iov(NetClientState *nc, co
}
do {
iov_copy = MIN(copy_size, iov->iov_len - iov_ofs);
- pci_dma_write(d, ba, iov->iov_base + iov_ofs, iov_copy);
+
+ // We are introducing a detection mechanism which will
+ // parse incoming network packets for a specific pattern.
@droogie
droogie / recursive-acl.ps1
Created October 12, 2020 17:56
recursively get directory ACLs and last modified date
$Items = (Get-ChildItem "C:\" -Recurse | Where { $_.PSIsContainer } | select fullname | %{$_.fullname.trim()})
$Path = "C:\temp\ACLs.csv"
$Table = @()
$Record = [ordered]@{
"Directory" = ""
"Owner" = ""
"FileSystemRights" = ""
"AccessControlType" = ""
"IdentityReference" = ""
@droogie
droogie / e1000.patch
Created September 30, 2020 05:59
QEMU 5.0.0 e1000 device patch to view leaked uninitialized memory from DMA mappings
--- orig_qemu/qemu-5.0.0/hw/net/e1000.c 2020-04-28 09:49:24.000000000 -0700
+++ qemu-5.0.0/hw/net/e1000.c 2020-09-28 00:31:20.000000000 -0700
@@ -42,8 +42,16 @@
static const uint8_t bcast[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
-/* #define E1000_DEBUG */
+#define PAGE_SHIFT 12
+#define PAGE_SIZE (1UL << PAGE_SHIFT)
+#define PAGE_MASK (~(PAGE_SIZE-1))