Skip to content

Instantly share code, notes, and snippets.

View korniltsev's full-sized avatar
🍭
s/jz/jnz/

Tolya Korniltsev korniltsev

🍭
s/jz/jnz/
65 followers · 228 following
View GitHub Profile
@korniltsev
korniltsev / qemu-networking.md
Created August 6, 2019 22:37 — forked from extremecoders-re/qemu-networking.md
Setting up Qemu with a tap interface

Setting up Qemu with a tap interface

There are two parts to networking within QEMU:

  • The virtual network device that is provided to the guest (e.g. a PCI network card).
  • The network backend that interacts with the emulated NIC (e.g. puts packets onto the host's network).

Example: User mode network

@korniltsev
korniltsev / scapy_bridge.py
Created September 3, 2019 19:23 — forked from eXenon/scapy_bridge.py
Use scapy as a modifying proxy
#!/usr/bin/python2
"""
Use scapy to modify packets going through your machine.
Based on nfqueue to block packets in the kernel and pass them to scapy for validation
"""
import nfqueue
from scapy.all import *
import os
@korniltsev
korniltsev / unflower_cms.py
Created November 12, 2019 21:59 — forked from LeadroyaL/unflower_cms.py
Unicorn实战(一):去掉libcms.so的花指令
from elftools.elf.constants import P_FLAGS
from elftools.elf.elffile import ELFFile
from unicorn import Uc, UC_ARCH_ARM, UC_MODE_LITTLE_ENDIAN, UC_HOOK_CODE, UC_PROT_READ, UC_PROT_WRITE, UC_PROT_EXEC
from unicorn.arm_const import *
from capstone import Cs, CS_ARCH_ARM, CS_MODE_THUMB, CsInsn
from keystone import Ks, KS_MODE_THUMB, KS_ARCH_ARM
# 找到.text节
filename = "./libcms.so"
@korniltsev
korniltsev / listdevices
Created November 23, 2019 21:23 — forked from PsychoTea/PanicParser.py
A collection of useful iOS-related scripts
#!/bin/bash
for id in $(idevice_id -l); do
ideviceinfo_data=$(ideviceinfo -u $id)
product_type=$(echo "$ideviceinfo_data" | grep ProductType | sed 's/ProductType: //g')
# strip 'iPhone' or 'iPad' and the comma from the product type
short_product_type=$(echo "$product_type" | sed 's/iPhone//g; s/iPad//g; s/,//g' )
@korniltsev
korniltsev / _.md
Created January 13, 2020 07:24 — forked from Jinmo/_.md
C/C++ header to IDA

Usage

In IDAPython,

execfile('<path>/cxxparser.py')
parse_file('<path>/a.cpp',[r'-I<path>\LuaJIT-2.0.5\src', '-D__NT__', '-D__X64__', '-D__EA64__'])
parse_file('<path>/malloc.c',['-target=x86_64-linux-gnu'])
@korniltsev
korniltsev / qemu-2.7.0-aslr_heap_pie_nx_wxorx_mmap.patch
Created October 28, 2020 19:07 — forked from Dliv3/qemu-2.7.0-aslr_heap_pie_nx_wxorx_mmap.patch
Qemu aslr, heapaslr, pie, NX and W^X implementation (NX only for arm and mips atm)
diff -Naur qemu-2.7.0.orig/cpu-exec.c qemu-2.7.0/cpu-exec.c
--- qemu-2.7.0.orig/cpu-exec.c 2016-09-02 17:34:17.000000000 +0200
+++ qemu-2.7.0/cpu-exec.c 2017-01-19 09:34:00.817088525 +0100
@@ -33,6 +33,9 @@
#include "hw/i386/apic.h"
#endif
#include "sysemu/replay.h"
+#include "syscall_defs.h"
+
+extern int do_nx;
@korniltsev
korniltsev / stacktrace.cxx
Last active November 5, 2020 10:07 — forked from fmela/stacktrace.cxx
A C++ function that produces a stack backtrace with demangled function & method names.
/*
* Copyright (c) 2009-2017, Farooq Mela
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
@korniltsev
korniltsev / nemty_str_decoder.py
Created October 2, 2022 05:46 — forked from alexander-hanel/nemty_str_decoder.py
IDAPython script for decoding strings in nemty
import base64
from Crypto.Cipher import ARC4
def str_decrypt(enc_data):
key = 'fuckav\x00'
cipher = ARC4.new(key)
try:
enc_data = base64.b64decode(enc_data)
except:
return enc_data
@korniltsev
korniltsev / idapython_cheatsheet.md
Created October 2, 2022 05:52 — forked from icecr4ck/idapython_cheatsheet.md
Cheatsheet for IDAPython