French notareverser
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rule Windows_7z_SFX | |
| { | |
| strings: | |
| $makeCommandFile_prefix_1 = {53 56 8b 75 08 66 83 7e 02 3a 0f 85 ?? ?? ?? ?? 0f b7 46 04 66 3d 5c 00 74 0a 66 3d 2f 00 0f 85 ?? ?? ?? ?? 66 8b 06 66 89 45 f0 8d 45 f0 33 db 50 66 c7 45 f2 3a 00 66 c7 45 f4 5c 00 66 89 5d f6 ff 15} | |
| $makeCommandFile_prefix_2 = {53 8b 45 08 33 db 89 5d fc 66 83 78 02 3a 0f 85 ?? ?? ?? ?? 66 8b 48 04 66 83 f9 5c 74 0a 66 83 f9 2f 0f 85 ?? ?? ?? ?? 66 8b 00 66 c7 45 e6 3a 00 66 89 45 e4 8d 45 e4 50 66 c7 45 e8 5c 00 66 89 5d ea ff 15} | |
| $makeCommandFile_prefix_3 = {53 56 8b 75 08 33 db 66 83 7e 02 3a 89 5d fc 0f 85 ?? ?? ?? ?? 66 8b 46 04 66 3d 5c 00 74 0a 66 3d 2f 00 0f 85 ?? ?? ?? ?? 66 8b 06 66 89 45 e4 8d 45 e4 50 66 c7 45 e6 3a 00 66 c7 45 e8 5c 00 66 89 5d ea ff 15} | |
| $makeCommandFile_prefix_4 = {8b 45 08 66 83 78 02 3a 0f 85 ?? ?? ?? ?? 0f b7 48 04 66 83 f9 5c 74 0a 66 83 f9 2f 0f 85 ?? ?? ?? ?? 66 8b 00 6a 3a 66 89 45 e8 58 66 89 45 ea 6a 5c 58 66 89 45 ec 33 c0 66 89 45 ee 8d 45 e8 50 ff 15} |
notareverser
/ rename.py
Created
April 29, 2022 11:46
Simple script to rename files based on their MD5
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import sys | |
| import argparse | |
| import os | |
| import hashlib | |
| def parseArguments(): | |
| parser = argparse.ArgumentParser(description="Rename files based on their MD5") | |
| parser.add_argument('file', |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import argparse | |
| import sys | |
| import json | |
| import logging | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import argparse | |
| import sys | |
| import mmap | |
| import logging | |
| from collections import defaultdict |
notareverser
/ snippets.py
Last active
November 11, 2022 14:44
Snippets of Python to help out with reversing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import operator | |
| def compileTime(data): | |
| from struct import unpack_from as suf | |
| if data[0:2] == b'\x4d\x5a': | |
| peOffset = suf("<H",data,0x3c)[0] | |
| if data[peOffset:peOffset+4] == b'\x50\x45\0\0': | |
| return suf("<L",data,peOffset+8)[0] | |
| return None |
notareverser
/ nozomi_upx.yara
Created
October 4, 2022 12:14
YARA signatures derived from Nozomi UPX recovery tool https://github.com/NozomiNetworks/upx-recovery-tool
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // https://github.com/NozomiNetworks/upx-recovery-tool | |
| rule UPX_nozomi_x86 | |
| { | |
| strings: $sig = { 50 e8 ?? ?? 00 00 eb 5a 58 59 97 60 8a 54 24 20 e9 ?? ?? 00 00 60 8b 74 24 24 8b 7c 24 2c 83 cd} | |
| condition: any of them | |
| } | |
| rule UPX_nozomi_x64 | |
| { | |
| strings: |
notareverser
/ ida-null-bytes.py
Last active
March 11, 2025 00:16
IDA Python script to NOP (x86/x64) selected bytes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import idaapi as ia, idc | |
| def PLUGIN_ENTRY(): return nop() | |
| class nop(ia.plugin_t): | |
| flags = ia.PLUGIN_UNL | |
| comment = "NOP" | |
| help = "select bytes, run" | |
| wanted_name = "NOP bytes..." | |
| wanted_hotkey = "Ctrl+Shift+N" |
notareverser
/ generate-simple-yara.idc
Last active
March 11, 2025 00:16
Extremely simple IDC script to generate a YARA rule from the selected bytes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <idc.idc> | |
| static lmd5(fmd5) | |
| { | |
| auto result,size, nb, x; | |
| size=strlen(fmd5); | |
| result=""; | |
| for (x = 0; x < size; x++) | |
| { |
OlderNewer