Binder Repeater
试图把Binder的服务端接受到的请求数据在客户端侧重放。但Parcel结构中字段比较繁复,想要完整重建比较麻烦,通过查看源码找到了解决办法。
NISC-CTF-2019
Posted on
Edited on
Pwn-series-Format-String
Posted on
Edited on
mio-issue-907-tracker
Posted on
Edited on
Turn to solve issue #908
Has already sent PR:
https://github.com/carllerche/mio/pull/925
PR has been approved. Wait for merging. : )
Transformers-debugging-wp
Posted on
Edited on
wepoll-source-code-analysis
Posted on
Edited on
radare2-reverse-self-modified-binary
Posted on
Edited on
用Radare2逆向一个自修改的二进制文件
译自:
https://www.megabeets.net/reversing-a-self-modifying-binary-with-radare2/
序言
写这篇文章花了我三个月,我的TODO列表上有太多的任务以致于这篇文章被放到了最后才开始写。上周我下定决心,到周日我就写完这篇文章。然后我做到了,给你们带来了又一篇Radare2的指南。
今天我们要完成一个有趣的挑战,名叫”packedup”,是ad3l为r2con2017比赛写的。这不是我为r2con比赛写的第一篇writeup,你也可以看看用Radare2逆向一个GameboyROM,确保你不会错过我赢得那次比赛的过程中的收获与体会。
这篇文章是为已经熟悉Radare2的人所写的。如果你不是,我建议你从系列“Radare2之旅”的第一部分(安全客)开始。
闲话少叙,让我们开始分析这个二进制文件。
Decrypting-Dropshot-Malware-with-Radare2-and-Cutter–Part1
Posted on
Edited on
用Radare2和Cutter解密APT33的Dropshot恶意程序 - 第一部分
译自:
https://www.megabeets.net/decrypting-dropshot-with-radare2-and-cutter-part-1/
序言
作为一个逆向工程师和恶意程序研究员,工具对我来说非常重要。我花费了很多时间搭建最好的恶意程序分析环境并选择对我的需求来说最棒的工具。过去两年中,Radare2是我在自动化逆向、脚本编写、CTF等等情境下的趁手工具。但这也意味着,我几乎从不用Radare2分析Windows环境下的恶意程序。主要原因是Radare2的命令行操作太过笨拙、复杂。IDA Pro更适合这种工作,能够快速查看函数、数据结构、重命名、注释等等。IDA Pro用起来感觉更符合直觉,这正是我做恶意软件分析时所需要的。然后Cutter问世了。
xiaomi-router-analysis
Posted on
Edited on
baseball-game
Posted on
Edited on
Baseball Game – LeetCode 682
Problem
Description
You’re now a baseball game point recorder.
Given a list of strings, each string can be one of the 4 following types:
Integer (one round’s score): Directly represents the number of points you get in this round.
“+” (one round’s score): Represents that the points you get in this round are the sum of the last two valid round’s points.
“D” (one round’s score): Represents that the points you get in this round are the doubled data of the last valid round’s points.
“C” (an operation, which isn’t a round’s score): Represents the last valid round’s points you get were invalid and should be removed.
Each round’s operation is permanent and could have an impact on the round before and the round after.
You need to return the sum of the points you could get in all the rounds.