qzworld.net
Die, with blue
http://www.qzworld.net/links
Oct 24, 2014. Die, with Blue. Theme Designed By Losses Don.
exiahan.com
Category: UnShell | ExiaHan's Blog
https://exiahan.com/categories/UnShell
Record everything, day by day. 记录岁月,记录一切。 Record everything, day by day. 记录岁月,记录一切。 Dump Dex From IJiaMi. Npm i hexo-generator-json-content - save. JsonContent: meta: false pages: false posts: title: true date: true path: true text: true raw: false content: false slug: false updated: false comments: false link: false permalink: false excerpt: false categories: false tags: true. 初出茅庐的安全狗, br 10级小菜鸟 br 满级200.
exiahan.com
Category: Linux | ExiaHan's Blog
https://exiahan.com/categories/Linux
Record everything, day by day. 记录岁月,记录一切。 Record everything, day by day. 记录岁月,记录一切。 Expand A Logical Volume In LVM. Study ELF File Format. Npm i hexo-generator-json-content - save. JsonContent: meta: false pages: false posts: title: true date: true path: true text: true raw: false content: false slug: false updated: false comments: false link: false permalink: false excerpt: false categories: false tags: true. 初出茅庐的安全狗, br 10级小菜鸟 br 满级200.
exiahan.com
MSC2015 WriteUp | ExiaHan's Blog
https://exiahan.com/2015/10/22/MSC2015-WriteUp
Record everything, day by day. 记录岁月,记录一切。 Record everything, day by day. 记录岁月,记录一切。 查找循环的比较条件,可以看到15983行有个v0和v5的比较,其中v5是定值1001,直接修改v0为1001,则最终v4的值不再是520676,同时v10的值也不再是之前输入123456789的值,所以36111行处应该和计算过程相关,是核心过程,继续向上找36111行v20的相关行,找到10832行。 Apktool d -d 反编译,同时修改Ch的smali代码. 116 a=0;/ #v2=(Reference,Ljava/lang/String;);. 117 a=0;/ const-string. 121 a=0;/ move-result. 123 a=0;/ #v1=(Boolean);. 124 a=0;/ if-eqz. V1, :cond 0. 使用bless打patch,把1284里的kill调用改为返回0,3400里的返回值改成0,使用的opcode是 00 00 A0 E3 mov R0, #0. JsonCon...
exiahan.com
IDF.CN Practice 01 | ExiaHan's Blog
https://exiahan.com/2015/12/30/IDF-CN-Practice-01
Record everything, day by day. 记录岁月,记录一切。 Record everything, day by day. 记录岁月,记录一切。 从前有一个熊孩子入侵了一个网站的数据库,找到了管理员密码,手一抖在数据库中修改了一下,现在的密码变成了 cca9cc444e64c8116a30la00559c042b4,那个熊孩子其实就是我 肿么办求解 在线等,挺急的。 Tn c0afsiwal kes,hwit1r g,npt ttessfu}ua u hmqik e {m, n huiouosarwCniibecesnren. 看到有个rar,dd提取出来,解压,得到一长flag,恩,没错,就是那张赵本山的图片,may the force be with you,然后首字母大写,wctf{Mtfbwy}. 不过里面有png,而且很多60x60的,但有一个280x280的,dd解出来,打开是一张二维码,扫一下,flag为:flag{m1Sc oxO2 Fly},不过说没改格式,额,所以应该是wctf{m1Sc oxO2 Fly}. StrTarget = respon.text.
exiahan.com
Archives | ExiaHan's Blog
https://exiahan.com/archives
Record everything, day by day. 记录岁月,记录一切。 Record everything, day by day. 记录岁月,记录一切。 Expand A Logical Volume In LVM. Happy Chinese New Year In 2017. Android AntiDebug and Signature Verify Example. Dump Dex From IJiaMi. Npm i hexo-generator-json-content - save. JsonContent: meta: false pages: false posts: title: true date: true path: true text: true raw: false content: false slug: false updated: false comments: false link: false permalink: false excerpt: false categories: false tags: true.
exiahan.com
Xposed with Android Studio | ExiaHan's Blog
https://exiahan.com/2015/09/02/Xposed-with-Android-Studio
Record everything, day by day. 记录岁月,记录一切。 Record everything, day by day. 记录岁月,记录一切。 Xposed with Android Studio. 把下载好的xposed-bridgeAPI.jar包拖进去,右键,选择add as library. Provided fileTree(dir: 'lib', include: ['*.jar']). My First Xposed Module for Hook". 添加文件夹/app/src/main/assets/xposed init,在里面写上你的xposed module类全称 包含包名. 如 comxxx.helloxposedhook.MyXposedModule. XC LoadPackage.LoadPackageParam lpparam). TODO Auto-generated method stub. Lpparam.packageName.equals( "com.xxx.remotecontrol". XXXJni = null;.
exiahan.com
NSCTF2015 WriteUp | ExiaHan's Blog
https://exiahan.com/2015/09/25/NSCTF2015-WriteUp
Record everything, day by day. 记录岁月,记录一切。 Record everything, day by day. 记录岁月,记录一切。 回到od,查找字符串,找到提示的那句 please input ns-ctf password. 修改jle跳转为改为 jmp short Reverse0.00401150. 看到有个key.rar,服务器为192.168.52.1. 使用chrome dev tools跟踪页面,发现有个301重定向,猜测可能有个默认的动态页面,尝试index.php,发现确实存在,使用wireshark抓包,看到flag在注释里。 O = strrev($str);. 0 strlen($ o);$ 0 ){. C = substr($ o,$ 0, 1. C = chr($ );. Str rot13(strrev(base64 encode($ ) );. Npm i hexo-generator-json-content - save. 初出茅庐的安全狗, br 10级小菜鸟 br 满级200.
exiahan.com
ELF_Simple_Shell | ExiaHan's Blog
https://exiahan.com/2015/08/18/ELF-Simple-Shell
Record everything, day by day. 记录岁月,记录一切。 Record everything, day by day. 记录岁月,记录一切。 U1 e ident[EI NIDENT];. U2 e type;. U2 e machine;. U4 e version;. U4 e entry;. U4 e phoff;. U4 e shoff;. U4 e flags;. U2 e ehsize;. U2 e phentsize;. U2 e phnum;. U2 e shentsize;. U2 e shnum;. U2 e shstrndx;. 125;elf32 Header, *pElf32 Header;. 因此,我们可以利用ELF Header中与section有关的字段,如e shoff和e shentsize,用来存放我们加解密需要的数据来供decryptFunc函数使用,如此不仅方便,还能有效避免可执行文件被IDA等静态工具分析。 The function to decrypt the segment. Buf[MAXLEN] = { 0. 遍历Sectio...
SOCIAL ENGAGEMENT