├── .github └── FUNDING.yml ├── .gitignore ├── LICENSE ├── README.md ├── bindiff ├── core ├── __init__.py ├── arch.py ├── binary.py ├── compiler.py ├── context.py ├── func.py ├── linker.py └── patcher.py ├── deps.sh ├── explore ├── hpwnwaf.py ├── hpwnwaf2.py ├── ida ├── allfuncs.py └── funcs.idc ├── patch ├── run ├── samples ├── arm │ └── movt_combine.py ├── cgc │ ├── backdoor │ │ └── 01_nacl.py │ ├── create │ │ ├── heap.py │ │ ├── hello.py │ │ └── knock.py │ └── obfuscate │ │ ├── 01_jit_xor.py │ │ ├── 02_rc4.py │ │ ├── 03_xor_patches.py │ │ ├── 04_xor_prog.py │ │ ├── 05_xor_entry.py │ │ └── 06_xor_magic.py ├── common │ └── reflow │ │ ├── 01_replace_syscalls.py │ │ ├── 02_static_aslr.py │ │ └── 03_dynamic_aslr.py └── x86 │ ├── fuzzing │ └── 01_cmp_split.py │ ├── harden │ ├── 02_ropshift.py │ ├── 03_spadjust.py │ ├── 05_io_filter.py │ └── 06_stack_cookies.py │ ├── hello │ ├── hello32.py │ └── hello64.py │ └── optimize │ ├── 01_coalesce.py │ ├── 02_useless_stash.py │ └── 03_remove_ebp.py └── util ├── __init__.py ├── autolink.py ├── backdoor ├── Makefile ├── backdoor_poc.py ├── ecc.c ├── keygen ├── keygen.c ├── posixrand.c ├── privkey.h ├── pubkey.h ├── sign ├── sign.c ├── tweetnacl.c └── tweetnacl.h ├── cfg.py ├── crypto ├── __init__.py ├── rc4.c ├── rc4.py └── xor.py ├── elffile.py ├── emu.py ├── heap ├── __init__.py ├── malloc.c ├── malloc.h └── test_binary │ ├── Makefile │ └── src │ ├── libc.c │ ├── libc.h │ ├── malloc.c │ ├── malloc.h │ └── test.c ├── patch ├── __init__.py ├── aslr.py ├── dis.py └── syscall.py └── stdlib ├── __init__.py ├── chk.c ├── ctype.c ├── defines.h ├── io.c ├── libc.c ├── num.c ├── string.c ├── syscall.h ├── syscalls.c └── types.h /.github/FUNDING.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/.github/FUNDING.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.pyc 2 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/README.md -------------------------------------------------------------------------------- /bindiff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/bindiff -------------------------------------------------------------------------------- /core/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/core/__init__.py -------------------------------------------------------------------------------- /core/arch.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/core/arch.py -------------------------------------------------------------------------------- /core/binary.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/core/binary.py -------------------------------------------------------------------------------- /core/compiler.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/core/compiler.py -------------------------------------------------------------------------------- /core/context.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/core/context.py -------------------------------------------------------------------------------- /core/func.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/core/func.py -------------------------------------------------------------------------------- /core/linker.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/core/linker.py -------------------------------------------------------------------------------- /core/patcher.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/core/patcher.py -------------------------------------------------------------------------------- /deps.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/deps.sh -------------------------------------------------------------------------------- /explore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/explore -------------------------------------------------------------------------------- /hpwnwaf.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/hpwnwaf.py -------------------------------------------------------------------------------- /hpwnwaf2.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/hpwnwaf2.py -------------------------------------------------------------------------------- /ida/allfuncs.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/ida/allfuncs.py -------------------------------------------------------------------------------- /ida/funcs.idc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/ida/funcs.idc -------------------------------------------------------------------------------- /patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/patch -------------------------------------------------------------------------------- /run: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/run -------------------------------------------------------------------------------- /samples/arm/movt_combine.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/samples/arm/movt_combine.py -------------------------------------------------------------------------------- /samples/cgc/backdoor/01_nacl.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/samples/cgc/backdoor/01_nacl.py -------------------------------------------------------------------------------- /samples/cgc/create/heap.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/samples/cgc/create/heap.py -------------------------------------------------------------------------------- /samples/cgc/create/hello.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/samples/cgc/create/hello.py -------------------------------------------------------------------------------- /samples/cgc/create/knock.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/samples/cgc/create/knock.py -------------------------------------------------------------------------------- /samples/cgc/obfuscate/01_jit_xor.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/samples/cgc/obfuscate/01_jit_xor.py -------------------------------------------------------------------------------- /samples/cgc/obfuscate/02_rc4.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/samples/cgc/obfuscate/02_rc4.py -------------------------------------------------------------------------------- /samples/cgc/obfuscate/03_xor_patches.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/samples/cgc/obfuscate/03_xor_patches.py -------------------------------------------------------------------------------- /samples/cgc/obfuscate/04_xor_prog.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/samples/cgc/obfuscate/04_xor_prog.py -------------------------------------------------------------------------------- /samples/cgc/obfuscate/05_xor_entry.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/samples/cgc/obfuscate/05_xor_entry.py -------------------------------------------------------------------------------- /samples/cgc/obfuscate/06_xor_magic.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/samples/cgc/obfuscate/06_xor_magic.py -------------------------------------------------------------------------------- /samples/common/reflow/01_replace_syscalls.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/samples/common/reflow/01_replace_syscalls.py -------------------------------------------------------------------------------- /samples/common/reflow/02_static_aslr.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/samples/common/reflow/02_static_aslr.py -------------------------------------------------------------------------------- /samples/common/reflow/03_dynamic_aslr.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/samples/common/reflow/03_dynamic_aslr.py -------------------------------------------------------------------------------- /samples/x86/fuzzing/01_cmp_split.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/samples/x86/fuzzing/01_cmp_split.py -------------------------------------------------------------------------------- /samples/x86/harden/02_ropshift.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/samples/x86/harden/02_ropshift.py -------------------------------------------------------------------------------- /samples/x86/harden/03_spadjust.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/samples/x86/harden/03_spadjust.py -------------------------------------------------------------------------------- /samples/x86/harden/05_io_filter.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/samples/x86/harden/05_io_filter.py -------------------------------------------------------------------------------- /samples/x86/harden/06_stack_cookies.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/samples/x86/harden/06_stack_cookies.py -------------------------------------------------------------------------------- /samples/x86/hello/hello32.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/samples/x86/hello/hello32.py -------------------------------------------------------------------------------- /samples/x86/hello/hello64.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/samples/x86/hello/hello64.py -------------------------------------------------------------------------------- /samples/x86/optimize/01_coalesce.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/samples/x86/optimize/01_coalesce.py -------------------------------------------------------------------------------- /samples/x86/optimize/02_useless_stash.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/samples/x86/optimize/02_useless_stash.py -------------------------------------------------------------------------------- /samples/x86/optimize/03_remove_ebp.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/samples/x86/optimize/03_remove_ebp.py -------------------------------------------------------------------------------- /util/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/__init__.py -------------------------------------------------------------------------------- /util/autolink.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/autolink.py -------------------------------------------------------------------------------- /util/backdoor/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/backdoor/Makefile -------------------------------------------------------------------------------- /util/backdoor/backdoor_poc.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/backdoor/backdoor_poc.py -------------------------------------------------------------------------------- /util/backdoor/ecc.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/backdoor/ecc.c -------------------------------------------------------------------------------- /util/backdoor/keygen: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/backdoor/keygen -------------------------------------------------------------------------------- /util/backdoor/keygen.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/backdoor/keygen.c -------------------------------------------------------------------------------- /util/backdoor/posixrand.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/backdoor/posixrand.c -------------------------------------------------------------------------------- /util/backdoor/privkey.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/backdoor/privkey.h -------------------------------------------------------------------------------- /util/backdoor/pubkey.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/backdoor/pubkey.h -------------------------------------------------------------------------------- /util/backdoor/sign: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/backdoor/sign -------------------------------------------------------------------------------- /util/backdoor/sign.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/backdoor/sign.c -------------------------------------------------------------------------------- /util/backdoor/tweetnacl.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/backdoor/tweetnacl.c -------------------------------------------------------------------------------- /util/backdoor/tweetnacl.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/backdoor/tweetnacl.h -------------------------------------------------------------------------------- /util/cfg.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/cfg.py -------------------------------------------------------------------------------- /util/crypto/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/crypto/__init__.py -------------------------------------------------------------------------------- /util/crypto/rc4.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/crypto/rc4.c -------------------------------------------------------------------------------- /util/crypto/rc4.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/crypto/rc4.py -------------------------------------------------------------------------------- /util/crypto/xor.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/crypto/xor.py -------------------------------------------------------------------------------- /util/elffile.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/elffile.py -------------------------------------------------------------------------------- /util/emu.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/emu.py -------------------------------------------------------------------------------- /util/heap/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/heap/__init__.py -------------------------------------------------------------------------------- /util/heap/malloc.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/heap/malloc.c -------------------------------------------------------------------------------- /util/heap/malloc.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/heap/malloc.h -------------------------------------------------------------------------------- /util/heap/test_binary/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/heap/test_binary/Makefile -------------------------------------------------------------------------------- /util/heap/test_binary/src/libc.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/heap/test_binary/src/libc.c -------------------------------------------------------------------------------- /util/heap/test_binary/src/libc.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/heap/test_binary/src/libc.h -------------------------------------------------------------------------------- /util/heap/test_binary/src/malloc.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/heap/test_binary/src/malloc.c -------------------------------------------------------------------------------- /util/heap/test_binary/src/malloc.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/heap/test_binary/src/malloc.h -------------------------------------------------------------------------------- /util/heap/test_binary/src/test.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/heap/test_binary/src/test.c -------------------------------------------------------------------------------- /util/patch/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /util/patch/aslr.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/patch/aslr.py -------------------------------------------------------------------------------- /util/patch/dis.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/patch/dis.py -------------------------------------------------------------------------------- /util/patch/syscall.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/patch/syscall.py -------------------------------------------------------------------------------- /util/stdlib/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/stdlib/__init__.py -------------------------------------------------------------------------------- /util/stdlib/chk.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/stdlib/chk.c -------------------------------------------------------------------------------- /util/stdlib/ctype.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/stdlib/ctype.c -------------------------------------------------------------------------------- /util/stdlib/defines.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/stdlib/defines.h -------------------------------------------------------------------------------- /util/stdlib/io.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/stdlib/io.c -------------------------------------------------------------------------------- /util/stdlib/libc.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/stdlib/libc.c -------------------------------------------------------------------------------- /util/stdlib/num.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/stdlib/num.c -------------------------------------------------------------------------------- /util/stdlib/string.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/stdlib/string.c -------------------------------------------------------------------------------- /util/stdlib/syscall.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/stdlib/syscall.h -------------------------------------------------------------------------------- /util/stdlib/syscalls.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/stdlib/syscalls.c -------------------------------------------------------------------------------- /util/stdlib/types.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wjbsyc/homura_pwn_waf/HEAD/util/stdlib/types.h --------------------------------------------------------------------------------