β β β Uππ»βΊπ«6π¬πβ β β β
π¦TERMUX-LINUX 2020
#prohack
Capstone is a disassembly framework with the target of becoming the ultimate disasm engine for binary analysis and reversing in the security community.
π¦FEATURES :
Support multiple hardware architectures: ARM, ARM64 (ARMv8), Ethereum VM, M68K, Mips, MOS65XX, PPC, Sparc, SystemZ, TMS320C64X, M680X, XCore and X86 (including X86_64).
Having clean/simple/lightweight/intuitive architecture-neutral API.
Provide details on disassembled instruction (called βdecomposerβ by others).
Provide semantics of the disassembled instruction, such as list of implicit registers read & written.
Implemented in pure C language, with lightweight bindings for D, Clojure, F#, Common Lisp, Visual Basic, PHP, PowerShell, Emacs, Haskell, Perl, Python, Ruby, C#, NodeJS, Java, GO, C++, OCaml, Lua, Rust, Delphi, Free Pascal & Vala (ready either in main code, or provided externally by the community).
Native support for all popular platforms: Windows, Mac OSX, iOS, Android, Linux, *BSD, Solaris, etc.
Thread-safe by design.
Special support for embedding into firmware or OS kernel.
High performance & suitable for malware analysis (capable of handling various X86 malware tricks).
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
(1) Compile from source
On *nix (such as MacOSX, Linux, *BSD, Solaris):
- To compile for current platform, run:
$ ./make.sh
- On 64-bit OS, run the command below to cross-compile Capstone for 32-bit binary:
$ ./make.sh nix32
(2) Install Capstone on *nix
To install Capstone, run:
$ sudo ./make.sh install
For FreeBSD/OpenBSD, where sudo is unavailable, run:
$ su; ./make.sh install
Users are then required to enter root password to copy Capstone into machine
system directories.
Afterwards, run ./tests/test* to see the tests disassembling sample code.
NOTE: The core framework installed by "./make.sh install" consist of
following files:
/usr/include/capstone/arm.h
/usr/include/capstone/arm64.h
/usr/include/capstone/capstone.h
/usr/include/capstone/evm.h
/usr/include/capstone/m680x.h
/usr/include/capstone/m68k.h
/usr/include/capstone/mips.h
/usr/include/capstone/mos65xx.h
/usr/include/capstone/platform.h
/usr/include/capstone/ppc.h
/usr/include/capstone/sparc.h
/usr/include/capstone/systemz.h
/usr/include/capstone/tms320c64x.h
/usr/include/capstone/x86.h
/usr/include/capstone/xcore.h
/usr/lib/libcapstone.a
/usr/lib/libcapstone.so (for Linux/*nix), or /usr/lib/libcapstone.dylib (OSX)
(3) Cross-compile for Windows from *nix
To cross-compile for Windows, Linux & gcc-mingw-w64-i686 (and also gcc-mingw-w64-x86-64
for 64-bit binaries) are required.
- To cross-compile Windows 32-bit binary, simply run:
$ ./make.sh cross-win32
- To cross-compile Windows 64-bit binary, run:
$ ./make.sh cross-win64
Resulted files libcapstone.dll, libcapstone.dll.a & tests/test*.exe can then
be used on Windows machine.
(4) Cross-compile for iOS from Mac OSX.
To cross-compile for iOS (iPhone/iPad/iPod), Mac OSX with XCode installed is required.
- To cross-compile for ArmV7 (iPod 4, iPad 1/2/3, iPhone4, iPhone4S), run:
$ ./make.sh ios_armv7
- To cross-compile for ArmV7s (iPad 4, iPhone 5C, iPad mini), run:
$ ./make.sh ios_armv7s
- To cross-compile for Arm64 (iPhone 5S, iPad mini Retina, iPad Air), run:
$ ./make.sh ios_arm64
- To cross-compile for all iDevices (armv7 + armv7s + arm64), run:
$ ./make.sh ios
Resulted files libcapstone.dylib, libcapstone.a & tests/test* can then
be used on iOS devices.
(5) Cross-compile for Android
To cross-compile for Android (smartphone/tablet), Android NDK is required.
NOTE: Only ARM and ARM64 are currently supported.
$ NDK=/android/android-ndk-r10e ./make.sh cross-android arm
or
$ NDK=/android/android-ndk-r10e ./make.sh cross-android arm64
Resulted files libcapstone.so, libcapstone.a & tests/test* can then
be used on Android devices.
(6) Compile on Windows with Cygwin
π¦TERMUX-LINUX 2020
#prohack
Capstone is a disassembly framework with the target of becoming the ultimate disasm engine for binary analysis and reversing in the security community.
π¦FEATURES :
Support multiple hardware architectures: ARM, ARM64 (ARMv8), Ethereum VM, M68K, Mips, MOS65XX, PPC, Sparc, SystemZ, TMS320C64X, M680X, XCore and X86 (including X86_64).
Having clean/simple/lightweight/intuitive architecture-neutral API.
Provide details on disassembled instruction (called βdecomposerβ by others).
Provide semantics of the disassembled instruction, such as list of implicit registers read & written.
Implemented in pure C language, with lightweight bindings for D, Clojure, F#, Common Lisp, Visual Basic, PHP, PowerShell, Emacs, Haskell, Perl, Python, Ruby, C#, NodeJS, Java, GO, C++, OCaml, Lua, Rust, Delphi, Free Pascal & Vala (ready either in main code, or provided externally by the community).
Native support for all popular platforms: Windows, Mac OSX, iOS, Android, Linux, *BSD, Solaris, etc.
Thread-safe by design.
Special support for embedding into firmware or OS kernel.
High performance & suitable for malware analysis (capable of handling various X86 malware tricks).
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
(1) Compile from source
On *nix (such as MacOSX, Linux, *BSD, Solaris):
- To compile for current platform, run:
$ ./make.sh
- On 64-bit OS, run the command below to cross-compile Capstone for 32-bit binary:
$ ./make.sh nix32
(2) Install Capstone on *nix
To install Capstone, run:
$ sudo ./make.sh install
For FreeBSD/OpenBSD, where sudo is unavailable, run:
$ su; ./make.sh install
Users are then required to enter root password to copy Capstone into machine
system directories.
Afterwards, run ./tests/test* to see the tests disassembling sample code.
NOTE: The core framework installed by "./make.sh install" consist of
following files:
/usr/include/capstone/arm.h
/usr/include/capstone/arm64.h
/usr/include/capstone/capstone.h
/usr/include/capstone/evm.h
/usr/include/capstone/m680x.h
/usr/include/capstone/m68k.h
/usr/include/capstone/mips.h
/usr/include/capstone/mos65xx.h
/usr/include/capstone/platform.h
/usr/include/capstone/ppc.h
/usr/include/capstone/sparc.h
/usr/include/capstone/systemz.h
/usr/include/capstone/tms320c64x.h
/usr/include/capstone/x86.h
/usr/include/capstone/xcore.h
/usr/lib/libcapstone.a
/usr/lib/libcapstone.so (for Linux/*nix), or /usr/lib/libcapstone.dylib (OSX)
(3) Cross-compile for Windows from *nix
To cross-compile for Windows, Linux & gcc-mingw-w64-i686 (and also gcc-mingw-w64-x86-64
for 64-bit binaries) are required.
- To cross-compile Windows 32-bit binary, simply run:
$ ./make.sh cross-win32
- To cross-compile Windows 64-bit binary, run:
$ ./make.sh cross-win64
Resulted files libcapstone.dll, libcapstone.dll.a & tests/test*.exe can then
be used on Windows machine.
(4) Cross-compile for iOS from Mac OSX.
To cross-compile for iOS (iPhone/iPad/iPod), Mac OSX with XCode installed is required.
- To cross-compile for ArmV7 (iPod 4, iPad 1/2/3, iPhone4, iPhone4S), run:
$ ./make.sh ios_armv7
- To cross-compile for ArmV7s (iPad 4, iPhone 5C, iPad mini), run:
$ ./make.sh ios_armv7s
- To cross-compile for Arm64 (iPhone 5S, iPad mini Retina, iPad Air), run:
$ ./make.sh ios_arm64
- To cross-compile for all iDevices (armv7 + armv7s + arm64), run:
$ ./make.sh ios
Resulted files libcapstone.dylib, libcapstone.a & tests/test* can then
be used on iOS devices.
(5) Cross-compile for Android
To cross-compile for Android (smartphone/tablet), Android NDK is required.
NOTE: Only ARM and ARM64 are currently supported.
$ NDK=/android/android-ndk-r10e ./make.sh cross-android arm
or
$ NDK=/android/android-ndk-r10e ./make.sh cross-android arm64
Resulted files libcapstone.so, libcapstone.a & tests/test* can then
be used on Android devices.
(6) Compile on Windows with Cygwin
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ What is Socket :
#prohack
1οΈβ£ Socket socket:
Socket originated from Unix, and one of the basic philosophy of Unix/Linux is "everything is a file", which can be operated with the "open open -
> read/write -> close" mode. Socket is an implementation of this mode, socket is a special file, and some socket functions are operations on it (read/write IO, open, close).
> To put it plainly, Socket is the application layer to communicate with the TCP/IP protocol family The middleware abstraction layer is a set of interfaces. In the design mode, Socket is actually a facade mode. It hides the complex TCP/IP protocol family behind the Socket interface. For users, a simple set of interfaces is all. Let Socket organize the data to meet the specified protocol.
π³Note: In fact, the socket has no concept of layers, it is just a facade design pattern application, making programming easier. It is a software abstraction layer. In network programming, we use a lot of sockets.
2οΈβ£The socket descriptor is
actually an integer. The handles we are most familiar with are 0, 1, and 2, 0 is standard input, 1 is standard output, and 2 is standard error output. 0, 1, 2 are represented by integers, the corresponding FILE * structure is stdin, stdout, stderr
> The socket API was originally developed as part of the UNIX operating system, so the socket API is integrated with other I/O devices in the system. In particular, when an application wants to create a socket for Internet communication, the operating system returns a small integer as a descriptor to identify the socket. Then, the application program uses the descriptor as a transfer parameter to complete a certain operation by calling a function (such as transmitting data through the network or receiving input data).
3οΈβ£In many operating systems, socket descriptors and other I/O descriptors are integrated, so applications can perform socket I/O or I/O read/write operations on files.
4οΈβ£When an application wants to create a socket, the operating system returns a small integer as a descriptor. The application uses this descriptor to refer to the socket. An application that requires an I/O request requests the operating system to open a file. The operating system creates a file descriptor for the application to access the file. From the perspective of the application, the file descriptor is an integer that the application can use to read and write files.
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦ What is Socket :
#prohack
1οΈβ£ Socket socket:
Socket originated from Unix, and one of the basic philosophy of Unix/Linux is "everything is a file", which can be operated with the "open open -
> read/write -> close" mode. Socket is an implementation of this mode, socket is a special file, and some socket functions are operations on it (read/write IO, open, close).
> To put it plainly, Socket is the application layer to communicate with the TCP/IP protocol family The middleware abstraction layer is a set of interfaces. In the design mode, Socket is actually a facade mode. It hides the complex TCP/IP protocol family behind the Socket interface. For users, a simple set of interfaces is all. Let Socket organize the data to meet the specified protocol.
π³Note: In fact, the socket has no concept of layers, it is just a facade design pattern application, making programming easier. It is a software abstraction layer. In network programming, we use a lot of sockets.
2οΈβ£The socket descriptor is
actually an integer. The handles we are most familiar with are 0, 1, and 2, 0 is standard input, 1 is standard output, and 2 is standard error output. 0, 1, 2 are represented by integers, the corresponding FILE * structure is stdin, stdout, stderr
> The socket API was originally developed as part of the UNIX operating system, so the socket API is integrated with other I/O devices in the system. In particular, when an application wants to create a socket for Internet communication, the operating system returns a small integer as a descriptor to identify the socket. Then, the application program uses the descriptor as a transfer parameter to complete a certain operation by calling a function (such as transmitting data through the network or receiving input data).
3οΈβ£In many operating systems, socket descriptors and other I/O descriptors are integrated, so applications can perform socket I/O or I/O read/write operations on files.
4οΈβ£When an application wants to create a socket, the operating system returns a small integer as a descriptor. The application uses this descriptor to refer to the socket. An application that requires an I/O request requests the operating system to open a file. The operating system creates a file descriptor for the application to access the file. From the perspective of the application, the file descriptor is an integer that the application can use to read and write files.
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦some Static Analyzers
#prohack
[Brakeman](https://github.com/presidentbeef/brakeman) - Static analysis security vulnerability scanner for Ruby on Rails applications.
cppcheck - Extensible C/C++ static analyzer focused on finding bugs.
[FindBugs](http://findbugs.sourceforge.net/) - Free software static analyzer to look for bugs in Java code.
sobelow - Security-focused static analysis for the Phoenix Framework.
[bandit](https://pypi.python.org/pypi/bandit/) - Security oriented static analyser for python code.
Progpilot - Static security analysis tool for PHP code.
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦some Static Analyzers
#prohack
[Brakeman](https://github.com/presidentbeef/brakeman) - Static analysis security vulnerability scanner for Ruby on Rails applications.
cppcheck - Extensible C/C++ static analyzer focused on finding bugs.
[FindBugs](http://findbugs.sourceforge.net/) - Free software static analyzer to look for bugs in Java code.
sobelow - Security-focused static analysis for the Phoenix Framework.
[bandit](https://pypi.python.org/pypi/bandit/) - Security oriented static analyser for python code.
Progpilot - Static security analysis tool for PHP code.
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
GitHub
GitHub - presidentbeef/brakeman: A static analysis security vulnerability scanner for Ruby on Rails applications
A static analysis security vulnerability scanner for Ruby on Rails applications - presidentbeef/brakeman