Skip to content

Instantly share code, notes, and snippets.

View minkione's full-sized avatar

Anthony Bordel minkione

28 followers · 12 following
View GitHub Profile
@minkione
minkione / UBI attach
Created January 7, 2021 12:13 — forked from robot9706/UBI attach
How to mount an UBI image
#http://www.linux-mtd.infradead.org/faq/ubi.html
#sudo apt-get install mtd-tools
#sudo -i
#UBI mount
mknod /dev/mtd0 c 90 0
modprobe nandsim first_id_byte=0x2c second_id_byte=0xac third_id_byte=0x00 fourth_id_byte=0x15
dd if=ubi.img of=/dev/mtd0 bs=2048
@minkione
minkione / password.txt
Created December 16, 2020 08:07 — forked from gabonator/password.txt
HiSilicon IP camera root passwords
Summary of passwords by sperglord8008s, updated November 1. 2020. For login try "root", "default", "defaul" or "root"
00000000
059AnkJ
4uvdzKqBkj.jg
7ujMko0admin
7ujMko0vizxv
123
1111
1234
@minkione
minkione / README.md
Created December 16, 2020 07:20 — forked from JanLoebel/README.md
Hikam S6 Reverse Engineering (HI3518 E)

Reverse Engineering of Hikam S6 (HI3518 E)

Why?

I wanted to integrate the camera into my home security system. The only problem is that I want to toggle the alarm of the camera based on the security system status. Currently, this is only available via the app or a time trigger which is booth not sufficient for me. So the main target was to change the alarm status without the app.

What I've done so far:

My first try was to capture the TCP packages between the Android app and the camera. Soon I realized that they are only TCP+SSL (not pinned) requests to a cloud service of Hikam. So I installed an emulator with the Hikam app and Wireshark. I've seen some packages but the payload is very strange and even if I send the UDP commands again the status won't change. So this was a dead end for me.

@minkione
minkione / msec.exploitable.bat
Created November 9, 2020 12:53 — forked from nmcv/msec.exploitable.bat
Batch script for standalone usage of MSEC extension of WinDBG (!exploitable). Good if you have a bunch of crash reports and you need to analyze them thru in bulk. Original @ http://msecdbg.codeplex.com/discussions/56156
@echo off
setlocal ENABLEEXTENSIONS
@REM get local Path of script
for /F %%I in ("%0") do set localDir=%%~dpI
@REM Check for MSEC.dll in current directory, and in script directory
if not exist .\msec.dll (
if not exist %localDir%\msec.dll (
echo.
echo MSEC.dll not in current directory, please copy MSEC.dll locally and
@minkione
minkione / stickynoteparser.py
Created October 19, 2020 06:50 — forked from daddycocoaman/stickynoteparser.py
Parses sticky note files in .snt/.sqlite formats. Sqlite files may require the WAL and SHM files of the same name as well. Once run, WAL/SHM files will be merged into .sqlite file.
import json
import sqlite3
import olefile
import argparse
def parse_snt_file(file):
# https://www.tutorialspoint.com/python_digital_forensics/python_digital_forensics_important_artifacts_in_windows
if not olefile.isOleFile(file):
return "Invalid OLE file"
@minkione
minkione / DumpLinuxMemory.md
Created October 15, 2020 09:21 — forked from lieanu/DumpLinuxMemory.md

How to acquire memory from a running Linux system

Dumping memory on Linux system can be cumbersome especially that the behavior might be different among different GNU/Linux distribution or Linux kernel version. In the early days, the easiest was to dump the memory from the memory device (/dev/mem) but over time the access was more and more restricted in order to avoid malicious process to directly access the kernel memory directly. The kernel option CONFIG_STRICT_DEVMEM was introduced in kernel version 2.6 and upper (2.6.36–2.6.39, 3.0–3.8, 3.8+HEAD). So you'll need to use a Linux kernel module in order to acquire memory.

fmem

@minkione
minkione / dst80.py
Created July 17, 2020 10:55 — forked from rqu1/dst80.py
dst80 python implementation
def bit(x,n): return (x>>n)&1
def bit_slice(x,msb,lsb): return (x&((2<<msb)-1))>>lsb
def bv2i(*args):
o=0
for i in args: o=(o<<1)|i
return o
def fa(x): return bit(0x3a35acc5,x)
@minkione
minkione / DNS tunneling with iodine.md
Created June 28, 2020 18:35 — forked from nukeador/DNS tunneling with iodine.md
How to install and use iodine for DNS tunneling.

##Domain

We need some records on our domain (mydomain.com) DNS for connections. Add these records:

t1              IN      NS      t1ns.mydomain.com. ; note final the dot!
t1ns            IN      A       OUR_SERVER_IP

##Server

@minkione
minkione / ELECHOUSE_CC1101_SRC_DRV.cpp
Last active June 28, 2020 09:23
/*
ELECHOUSE_CC1101.cpp - CC1101 module library
Copyright (c) 2010 Michael.
Author: Michael, <www.elechouse.com>
Version: November 12, 2010
This library is designed to use CC1101/CC1100 module on Arduino platform.
CC1101/CC1100 module is an useful wireless module.Using the functions of the
library, you can easily send and receive data by the CC1101/CC1100 module.
Just have fun!
@minkione
minkione / proc_net_tcp_decode
Created June 4, 2020 18:55 — forked from jkstill/proc_net_tcp_decode
decode entries in /proc/net/tcp
Decoding the data in /proc/net/tcp:
Linux 5.x /proc/net/tcp
Linux 6.x /proc/PID/net/tcp
Given a socket:
$ ls -l /proc/24784/fd/11
lrwx------ 1 jkstill dba 64 Dec 4 16:22 /proc/24784/fd/11 -> socket:[15907701]