Andrew Lamoureux lwerdna
lwerdna
/ compilable_arm_il.cpp
Created
August 21, 2019 04:32
compilable low level il (LLIL) from Binary Ninja
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // tests.o: ELF 32-bit LSB relocatable, ARM, EABI5 version 1 (SYSV), with debug_info, not stripped | |
| #include <stdint.h> | |
| #include <string> | |
| #include <vector> | |
| #include <map> | |
| using namespace std; | |
| #include "runtime.h" |
lwerdna
/ byte_historam_from_elf.py
Last active
August 16, 2019 17:23
get byte frequency histograms from ELF files
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import re | |
| import os | |
| import sys | |
| from struct import pack, unpack | |
| #------------------------------------------------------------------------------ | |
| # ELF STUFF | |
| #------------------------------------------------------------------------------ |
lwerdna
/ pe_stat.py
Created
August 10, 2019 05:36
python version of Z0MBIE's PE_STAT for opcode frequency statistics
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # | |
| # python version of Z0MBIE's PE_STAT for opcode frequency statistics | |
| # http://z0mbie.dreamhosters.com/opcodes.html | |
| import sys | |
| import binaryninja | |
| from collections import defaultdict | |
| opc2count = defaultdict(lambda:0) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # | |
| # convert images to Binary Ninja "feature map" images | |
| # | |
| # please share enhancements and cool images you make with andrewl on binja slack | |
| # | |
| # instructions (requires ImageMagick and Netwide Assembler (nasm)): | |
| # | |
| # resize to 128 pixel width: | |
| # $ convert -resize 128 input.png output.png |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # | |
| # command-line binary ninja disassembler | |
| import sys | |
| import binaryninja | |
| from binaryninja import core | |
| from binaryninja import binaryview | |
| from binaryninja import lowlevelil |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # | |
| # command-line binary ninja disassembler | |
| import sys | |
| import binaryninja | |
| GREEN = '\x1B[32m' | |
| NORMAL = '\x1B[0m' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| def chi_square(a, b): | |
| # https://github.com/opencv/opencv/blob/master/modules/imgproc/src/histogram.cpp | |
| # sum(i=1,n, (x_i - y_i)^2 / (x_i+y_i) ) | |
| assert len(a)==len(b) | |
| result = 0; | |
| for i in range(len(a)): | |
| numerator = a[i]-b[i] |
lwerdna
/ Rot13_BinaryView.py
Created
August 9, 2019 15:15
use a BinaryView as an encrypter/decrypter
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # python stuff | |
| import codecs | |
| # binja stuff | |
| from binaryninja import binaryview, BinaryDataNotification | |
| from binaryninjaui import View, ViewType, ViewFrame, HexEditor | |
| # binja UI stuff | |
| from PySide2.QtCore import Qt | |
| from PySide2.QtWidgets import QScrollArea |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // opening classifier from: /tmp/tmp.pickle | |
| // n_nodes: 359 | |
| // n_leaves: 180 | |
| // max_depth: 25 | |
| if(byte1 <= 127) | |
| if(byte1 <= 63) | |
| if(b8 <= 0) | |
| if(b9 <= 0) | |
| if(b10 <= 0) | |
| if(nybble1 <= 7) |
lwerdna
/ wrap_elf.py
Created
February 26, 2019 20:23
treat a file as the .text section of an ELF file
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # wrap a flat file as the .text section of an ELF file | |
| # resulting file is simple: | |
| # ------------------------ | |
| # ELF header | |
| # ------------------------ | |
| # program header | |
| # ------------------------ | |
| # .text section |