Command | IDA Pro | radare2 | r2 (visual mode) | GDB | WinDbg |
---|---|---|---|---|---|
Analysis | |||||
Analysis of everything | Automatically launched when opening a binary | aaa or -A (aaaa or -AA for even experimental analysis) | N_A | N_A | N/A |
Navigation |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This is my solution to the QilingLabs by thezero | |
# from ShielderSec | |
# Link: https://www.shielder.it/blog/2021/07/qilinglab-release/ | |
from qiling import * | |
from qiling.os.mapper import QlFsMappedObject | |
from qiling.const import QL_VERBOSE | |
import struct | |
rootfs = "/mnt/d/rootfs-master/x8664_linux" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# helper is a custom helper script containing parse, opcode desc, etc | |
from helper import * | |
rsp = [] | |
ctr1 = 0 | |
v13 = 0 | |
dctr = 0 | |
ii=0 | |
data = [0]*100 | |
op_desc = OPCODE_DESC |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import os | |
import string | |
START_CHAR = "|" | |
POSSIBLE_CHARS = "|" + string.digits + "}{_-" + string.ascii_uppercase + string.ascii_lowercase | |
def get_count(cmd): | |
pipe = os.popen(cmd) | |
pipe.readline() | |
count = pipe.readline().split()[1] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const bytecode: [i16; 85] = [ 0x14, 0x00, 0x01, 0x0F, 0x04, 0x15, 0x0F, 0x0E, 0x53, 0x14, | |
0x01, 0x14, 0x02, 0x14, 0x03, 0x14, 0x04, 0x01, 0x08, 0x13, | |
0x01, 0x09, 0x37, 0x01, 0x0A, 0x01, 0x01, 0x0B, 0xF0, 0x01, | |
0x0C, 0x0F, 0x01, 0x0D, 0x90, 0x01, 0x07, 0xAD, 0x15, 0x27, | |
0x0E, 0x2C, 0x03, 0xEA, 0x07, 0x19, 0x01, 0x07, 0xE9, 0x15, | |
0x17, 0x0E, 0x37, 0x03, 0xEA, 0x07, 0x48, 0x07, 0x49, 0x01, | |
0x07, 0xCB, 0x15, 0x47, 0x0E, 0x44, 0x03, 0xEA, 0x07, 0x3D, | |
0x07, 0x3C, 0x07, 0x39, 0x01, 0x07, 0x16, 0x15, 0x37, 0x0E, | |
0x53, 0x03, 0xEA, 0x16, 0x0E ]; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include<stdio.h> | |
#include<stdint.h> | |
#include<stdlib.h> | |
#include<string.h> | |
uint8_t bytecode[] = | |
{ | |
0x0F, 0x0B, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x0D, 0x00, 0x00, 0x0F, 0x0B, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00, 0x08, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2A, 0x00, 0x00, 0x00, 0x0F, 0x0B, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2C, 0x09, 0x09, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x08, 0x09, 0x00, 0x0F, 0x0B, 0xE4, 0xA1, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x09, 0x10, 0x00, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x0A, 0x00, 0x0F, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x0A, 0x0F, 0x00, 0x0F, 0x0B, 0xF0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x2C, 0x0F, 0x0F, 0x00, 0x0F, 0x0B, 0xF0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x14, 0x00, 0x0A, 0x08, 0x0F, 0x0B, 0xDA, 0xA7, 0x15, 0xCF, 0x91, 0x55, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <iostream> | |
#include <fstream> | |
#include "pin.H" | |
using std::cerr; | |
using std::ofstream; | |
using std::ios; | |
using std::string; | |
using std::endl; | |
#define OFFSET 0xfff |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
data = opcode[2048:] | |
rbp = [0]*4 | |
opcode = [0x06, 0x00, 0x00, 0x06, 0x01, 0x01, 0x06, 0x02, 0x02, 0x06, 0x03, 0x03, 0x03, 0x00, 0x00, 0x03, 0x01, 0x00, 0x03, 0x02, 0x00, 0x03, 0x03, 0x00, 0x08, 0x00, 0x00, 0x05, 0x00, 0x01, 0x08, 0x00, 0x00, 0x05, 0x00, 0x02, 0x08, 0x00, 0x00, 0x05, 0x00, 0x03, 0x08, 0x00, 0x00, 0x06, 0x00, 0x04, 0x06, 0x01, 0x05, 0x06, 0x02, 0x06, 0x06, 0x03, 0x07, 0x03, 0x00, 0x00, 0x03, 0x01, 0x00, 0x03, 0x02, 0x00, 0x03, 0x03, 0x00, 0x08, 0x00, 0x00, 0x05, 0x00, 0x01, 0x08, 0x00, 0x00, 0x05, 0x00, 0x02, 0x08, 0x00, 0x00, 0x05, 0x00, 0x03, 0x08, 0x00, 0x00, 0x06, 0x00, 0x08, 0x06, 0x01, 0x09, 0x06, 0x02, 0x0A, 0x06, 0x03, 0x0B, 0x03, 0x00, 0x00, 0x03, 0x01, 0x00, 0x03, 0x02, 0x00, 0x03, 0x03, 0x00, 0x08, 0x00, 0x00, 0x05, 0x00, 0x01, 0x08, 0x00, 0x00, 0x05, 0x00, 0x02, 0x08, 0x00, 0x00, 0x05, 0x00, 0x03, 0x08, 0x00, 0x00, 0x06, 0x00, 0x0C, 0x06, 0x01, 0x0D, 0x06, 0x02, 0x0E, 0x06, 0x03, 0x0F, 0x03, 0x00, 0x00, 0x03, 0x01, 0x00, 0x03, 0x02, 0x00, 0x03, 0x03, 0x00, 0x08, 0x00, 0x00, 0x05, 0x0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import gdb | |
import os | |
ins_32 = ['x/i 0x65E', 'x/i 0x665', 'x/wx 0x2008'] | |
ins_64 = ['x/i 0x816', 'x/i 0x81D', 'x/gx 0x201010'] | |
SIZE_32 = 5468 | |
SIZE_64 = 6136 | |
def parse(info): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from itertools import cycle | |
from secret import flag | |
key = "XOR_OP" | |
# the cipher list: cipher = [27, 27, 20, 44, 16, 39, 105, 59, 58, 111, 58, 36, 7, 23, 29, 13, 16, 97, 43, 16, 62, 107, 34, 99] | |
for i, j in zip(cycle(key), flag): | |
cipher.append(ord(i)^ord(j)) |