Romain Thomas romainthomas
🏃♂️
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import frida | |
| DEVICE = frida.get_usb_device() | |
| def inject_spawn(package, library): | |
| pid = DEVICE.spawn([package]) | |
| print(f"{package}:{pid:d}") | |
| with open(library, "rb") as library_file: | |
| library_blob = library_file.read() | |
| DEVICE.inject_library_blob(pid, library_blob, "__my_init_func", "") |
romainthomas
/ bin2lib.py
Last active
November 22, 2017 12:10
POC to transform a binary into a library
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3.6 | |
| import lief | |
| import pathlib | |
| from lief.ELF import Symbol | |
| from lief import Logger | |
| Logger.set_level(lief.LOGGING_LEVEL.INFO) | |
| CURRENT_DIR = pathlib.PosixPath(".").resolve().as_posix() |
romainthomas
/ libshellx_recover.py
Created
October 29, 2017 17:34
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import lief | |
| shellx = lief.parse("libshellx-2.10.3.1.so") | |
| # .dynsym | |
| dt_symtab = shellx[lief.ELF.DYNAMIC_TAGS.SYMTAB] | |
| dynsym_section = shellx.get_section(".dynsym") |
romainthomas
/ window.py
Created
June 14, 2017 15:29
— forked from anonymous/window.py
Close annoying windows.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import time | |
| import ctypes | |
| annoying_list = [ | |
| 'Alerte de Symantec', | |
| ] | |
| while True: | |
| buffer_window = ctypes.c_char_p(bytes(200*4)) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Show a hint when the user's mouse is on a register | |
| # | |
| from idaapi import * | |
| import idautils | |
| def extract_reg(line, cx): | |
| linelen = len(line) | |
| if cx >= linelen: | |
| return |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Callback when the user click on a register | |
| # | |
| from idaapi import * | |
| def extract_reg(line, cx): | |
| linelen = len(line) | |
| if cx >= linelen: | |
| return |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Show a hint when the user has his mouse on an instruction | |
| # | |
| import idaapi | |
| import idautils | |
| class Hooks(idaapi.UI_Hooks): | |
| def get_custom_viewer_hint(self, view, place): | |
| insn = idautils.DecodeInstruction(place.toea()) | |
| if insn: |
NewerOlder