lazymio wtdcode

IDA Debugging with Bochs on macOS

This file describes how to debug with Bochs IDB mode on IDA for macOS.

Environment

IDA 7.0 macOS version + Bochs 2.6.9

Install

Install IDA
Download Bochs source code "bochs-2.6.9.tar.gz" from https://sourceforge.net/projects/bochs/files/bochs/2.6.9/
Install Bochs 2.6.9 as below -- You can't use brew to install Bochs due to compile options

How to create a self-signed SSL Certificate with SubjectAltName(SAN)

After Chrome 58, self-signed certificate without SAN is not valid anymore.

Step 1: Generate a Private Key

openssl genrsa -des3 -out example.com.key 2048

Step 2: Generate a CSR (Certificate Signing Request)

Install oh-my-zsh on OpenWrt

Install Requirements Packages

opkg update && opkg install ca-certificates zsh curl git-http

Install oh-my-zsh

radare2

load without any analysis (file header at offset 0x0): r2 -n /path/to/file

analyze all: aa
show sections: iS
list functions: afl
list imports: ii
list entrypoints: ie
seek to function: s sym.main

Moved to git repository: https://github.com/denji/golang-tls

Generate private key (.key)

# Key considerations for algorithm "RSA" ≥ 2048-bit
openssl genrsa -out server.key 2048

# Key considerations for algorithm "ECDSA" ≥ secp384r1
# List ECDSA the supported curves (openssl ecparam -list_curves)

Bash Shortcuts

Moving

command	description
ctrl + a	Goto BEGINNING of command line

How to mount a qcow2 disk image

This is a quick guide to mounting a qcow2 disk images on your host server. This is useful to reset passwords, edit files, or recover something without the virtual machine running.

Step 1 - Enable NBD on the Host

modprobe nbd max_part=8

	# taken from http://www.piware.de/2011/01/creating-an-https-server-in-python/
	# generate server.pem with the following command:
	# openssl req -new -x509 -keyout key.pem -out server.pem -days 365 -nodes
	# run as follows:
	# python simple-https-server.py
	# then in your browser, visit:
	# https://localhost:4443


	import http.server

	# References:
	# https://cmake.org/cmake/help/latest/command/add_custom_target.html
	# https://samthursfield.wordpress.com/2015/11/21/cmake-dependencies-between-targets-and-files-and-custom-commands/
	# https://gist.github.com/socantre/7ee63133a0a3a08f3990
	# https://stackoverflow.com/questions/24163778/how-to-add-custom-target-that-depends-on-make-install
	# https://stackoverflow.com/questions/30719275/add-custom-command-is-not-generating-a-target
	# https://stackoverflow.com/questions/26024235/how-to-call-a-cmake-function-from-add-custom-target-command
	# https://blog.csdn.net/gubenpeiyuan/article/details/51096777

	cmake_minimum_required(VERSION 3.10)

	# Recover the key used by the Petya ransomware to encrypt the MFT (master file table)
	import z3
	import sys, struct

	# XOR key for salsa10-src.bin :
	KEY_SECTOR = 0x37

	# Counter position, as two words
	CNTLO = 0
	CNTHI = 0