Skip to content

Instantly share code, notes, and snippets.

View vient's full-sized avatar

vient vient

27 followers · 4 following
View GitHub Profile
@vient
vient / shellcode.s
Created May 18, 2020 15:34
Cursed/Blursed defcon 2020
.intel_syntax noprefix
.code64
begin:
lea r8, [rip+begin]
lea r9, [rip+spinlock]
mov r10, 0xF0
# save shellcode to the stack
@vient
vient / goodname.cfg
Last active September 19, 2024 18:52
IDA stuff
////////////////////////
// USER DEFINED RULES //
////////////////////////
// MFC/ATL strings
R9000 : { ptn : "CStringT<char,\\s*StrTraitMFC(_DLL)?<char,\\s*(ATL::)?ChTraits(CRT|OS)<char>>>", rpl : "CStringA" },
R9001 : { ptn : "CStringT<wchar_t,\\s*StrTraitMFC(_DLL)?<wchar_t,\\s*(ATL::)?ChTraits(CRT|OS)<wchar_t>>>", rpl : "CStringW" },
R9002 : { ptn : "CStringT<char,\\s*StrTraitATL(_DLL)?<char,\\s*(ATL::)?ChTraits(CRT|OS)<char>>>", rpl : "CAtlStringA" },
R9003 : { ptn : "CStringT<wchar_t,\\s*StrTraitATL(_DLL)?<wchar_t,\\s*(ATL::)?ChTraits(CRT|OS)<wchar_t>>>", rpl : "CAtlStringW" },
@vient
vient / kek.cpp
Created February 19, 2020 00:08
#include <iostream>
int main() {
for (size_t i = 1; i < 0x100000000ull; ++i) {
bool ok = true;
bool was[32] = { false };
for (int j = 1; j <= 32 && ok; ++j) {
auto x = (1ull << j) - 1;
auto res = static_cast<uint32_t>(x * i) >> 27;
ok &= !was[res];
@vient
vient / bot.py
Last active July 22, 2019 12:53
cybrics game solution
#!/usr/bin/env python2
from pwn import *
import os
class Room:
def __init__(self, data=None):
self.dimX = None
self.dimY = None
self.player = None
self.flag = None
@vient
vient / _solve.cpp
Created March 25, 2019 22:57
0CTF/TCTF 2019 Quals: Sixology solution
#include <cstdio>
#include <cstring>
#include <cstdlib>
#include <vector>
#include <string>
#include <iostream>
#include <iomanip>
uint64_t arr0[] = {
0xFA730603, 0xF8084C29, 0xF4290A55, 0xF17A02CD,
@vient
vient / exploit.py
Created June 8, 2018 14:22
FAUST CTF 2018 "Diagon Alley" exploit
#!/usr/bin/env python
import sys
import struct
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_OAEP
from pwn import *
@vient
vient / client.py
Created June 1, 2018 23:47
diagon_alley
#!/usr/bin/env python
import sys
import struct
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_OAEP
from pwn import *
@vient
vient / babyre.md
Last active May 21, 2018 21:02
RCTF 2018 writeups

Binary file is encrypting string by using a function on each char that produces int (as seen in sub_80488E0, sub_804868B). This encryption is not chained so we can pass every character to binary, get them encrypted and use them as reference to decode out file.

@vient
vient / solve.py
Created April 2, 2018 15:48
0ctf 2018 quals "udp" solution
import sys
import pprint
import struct
TABLE_SIZE = 4000
table = [[]]
iterators = []
locks = set()
def request(cur=0, path_diff=2**64):
@vient
vient / solve.py
Created January 1, 2018 23:30
34C3 CTF primepwn solution
#!/usr/bin/env python2
from pwn import *
from heapq import *
PRIMES = (2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, 211, 223, 227, 229, 233, 239, 241, 251)
def gen_byte_generators():
res = {}