sudo apt install gcc-multilib g++-multilib libssl-dev:i386 zlib1g-dev:i386 clang
wget https://www.python.org/ftp/python/2.7.15/Python-2.7.15.tar.xz
tar xf Python-2.7.15.tar.xz
cd Python-2.7.15/
CC="clang -m32" CXX="clang++ -m32" CFLAGS=-m32 CXXFLAGS=-m32 ./configure --prefix=/opt/Python2.7.15-32bits --enable-shared --enable-unicode=ucs4 --enable-optimizations
CC="clang -m32" CXX="clang++ -m32" CFLAGS=-m32 CXXFLAGS=-m32 make -j
yannayl
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def db(word_size, alphabet_size): | |
| L1 = alphabet_size**(word_size-1) | |
| lookup_table = {} | |
| i = 0 | |
| for _ in range(L1*alphabet_size): | |
| if i not in lookup_table: | |
| lookup_table[i] = alphabet_size - 1 | |
| s = lookup_table[i] | |
| yield alphabet_size - s - 1 |
yannayl
/ populate_ram.py
Last active
January 20, 2019 07:23
Populates the RAM and adds references according to a memory dump
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sark | |
| import construct as ct | |
| import ida_xref | |
| ## I have dumped the memory content to ram.bin | |
| dump = open("ram.bin", "rb").read() | |
| ram = sark.Segment(name='RAM') | |
| ## memoizing can make it more efficient but IDC | |
| def in_segs(ea, segs): |
yannayl
/ sark_spoil.py
Created
August 21, 2018 09:07
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def spoils(f): | |
| """return the list of spoiled registers | |
| default is r0-r3 | |
| not too smart, but safe - i.e. if list of spoiled registers is smaller than 4 - it's quite safe to assume only these registers are spoiled | |
| the opposite is false | |
| """ | |
| spoiled = ['R0', 'R1', 'R2', 'R3'] | |
| if any(f.xrefs_from): | |
| return spoiled |
yannayl
/ ida_sarlk_function_strings_ref.py
Last active
August 17, 2020 22:45
A function which returns all the strings referenced from function
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def strs(f=None, visited=None, level=0, maxlevel=-1): | |
| if maxlevel >= 0 and level > maxlevel: | |
| return [], set() | |
| if not f: | |
| f = sark.Function() | |
| if not visited: | |
| visited = set() | |
| root = True | |
| else: | |
| root = False |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| context.bits = 64 | |
| #libc = ELF('./libc-2.23.so') | |
| libc = ELF('./libc-2.24.so') | |
| main = ELF('./babyheap.dbg') | |
| #main = ELF('./babyheap') | |
| #dbg_file = './libc-2.23.debug' | |
| def gdb_load_symbols_cmd(sym_file, elf, base): |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| context.bits = 64 | |
| libc = ELF('./libc-2.23.so') | |
| main = ELF('./yanc.dbg') | |
| dbg_file = './libc-2.23.debug' | |
| notes_used = set() | |
| local = True | |
| if local: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| context.bits = 64 | |
| libc = ELF('./libc-223-05b841eae6f475817ebb3b99562cd6535cc61b099350a25019cd5d3b3136881d.so') | |
| main = ELF('./bytefinex-8fe15d1eb750fe2cb0b2dae88a048c1876c799fb37f9d73ba3646f7d158774a9.bin.dbg') | |
| dbg_file = './libc-2.23.debug' | |
| local = False | |
| if local: | |
| r = main.process(env={'LD_PRELOAD' : libc.path}) |
yannayl
/ prefix_globals.py
Last active
August 17, 2020 22:46
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sark | |
| for segname in ['.bss', '.data']: | |
| for line in sark.Segment(name=segname).lines: | |
| if not line.name: | |
| continue | |
| if line.name.startswith('g_'): | |
| continue |
yannayl
/ prefix_globals.py
Created
January 18, 2018 16:23
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sark | |
| for line in sark.Segment(name='.bss').lines: | |
| if not line.name: | |
| continue | |
| if line.name.startswith('g_'): | |
| continue | |
| line.name = 'g_' + line.name |
yannayl
/ ida_sark_install.md
Last active
June 12, 2018 08:12
Installation of custom python + pip + sark on Ubuntu 16.04 for IDA
NewerOlder