Mahmoud Rusty Abdelkader mahmoudimus

💭

@_@

Cryptography, Reverse Engineering, Fintech and Privacy

335 followers · 1k following

View GitHub Profile

Recently created

Least recently created

Recently updated

Least recently updated

mahmoudimus / flattening_heuristic.py

Created June 3, 2025 20:15 — forked from mrphrazer/flattening_heuristic.py

Flattening Heuristic Implementation

	# (c) Tim Blazytko 2021
	# implementation based on the blog post "Automated Detection of Control-flow Flattening"
	# https://synthesis.to/2021/03/03/flattening_detection.html
	import sys

	from miasm.analysis.binary import Container
	from miasm.analysis.machine import Machine
	from miasm.core.locationdb import LocationDB

mahmoudimus / ida_mc_notes.md

Created May 24, 2025 00:05 — forked from icecr4ck/ida_mc_notes.md

Some notes about the IDA Microcode (intermediate language).

IDA Microcode notes

References

Ilfak's presentation at Recon 2018
Microcode in pictures
Hex-Rays Microcode API vs. Obfuscating Compiler
Scripts vds10, vds11, vds12 and vds13 from Hex-Rays SDK

Implementation

mahmoudimus / _.md

Last active April 9, 2025 16:18 — forked from Jinmo/_.md

C/C++ header to IDA

Usage

In IDAPython,

execfile('<path>/cxxparser.py')
parse_file('<path>/a.cpp',[r'-I<path>\LuaJIT-2.0.5\src', '-D__NT__', '-D__X64__', '-D__EA64__'])
parse_file('<path>/malloc.c',['-target=x86_64-linux-gnu'])

mahmoudimus / ida_repair_function.py

Created April 5, 2025 06:41

	import idc
	import idautils
	import idaapi
	import ida_bytes
	import ida_funcs

	def is_function(ea):
	f = idaapi.get_func(ea)
	if not f:
	return False

mahmoudimus / nsmb.conf

Created February 24, 2025 19:29 — forked from jbfriedrich/nsmb.conf

macOS 11.2 NSMB configuration

	# /etc/nsmb.conf - macOS 11.3 - 2021-04-29
	#------------------------------------------------------------------------------
	# SMB configuration for macOS 11.3 <-> Synology
	#------------------------------------------------------------------------------
	# Additional information:
	# -----------------------
	# https://support.apple.com/de-de/HT211927
	# https://support.apple.com/en-us/HT208209
	# https://apple.stackexchange.com/questions/309016/smb-share-deadlocks-since-high-sierra
	# https://photographylife.com/afp-vs-nfs-vs-smb-performance

mahmoudimus / fix-cursor-remote-ssh-connection-failure.py

Last active February 28, 2025 18:29

Missing cli-win32-x64.tar.gz File Causes Remote SSH Connection Failure in Cursor

	"""
	On remote machine:

	## windows (powershell)
	$ python.exe fix-cursor-remote-ssh-connection-failure.py `
	--commit b1e87884330fc271d5eb589e368c35f14e76dec0 `
	--username ${YOUR_USERNAME_HERE} `
	--file-hash-override 84b9c6d907219bb8c2874f299540eb6a079187a0

	## (linux/macos)

mahmoudimus / idapro_python_apply_dif_file_patch_to_idb.py

Created February 18, 2025 21:51

Program for using IDA's .dif files to patch binaries

	# from https://reverseengineering.stackexchange.com/a/11835/13408
	# ported to python3 and IDA 8.0+ by Mahmoud Abdelkader


	import idaapi
	import ida_bytes
	import ida_kernwin

	def apply_dif_file(dif_file_name):
	print("Applying " + dif_file_name + " to database.")

mahmoudimus / show_builtin_ida_pro_icons.py

Created February 15, 2025 23:35

show tabular data with icons from ida pro

	"""
	summary: show tabular data with icons
	"""

	import ida_kernwin
	from ida_kernwin import Choose


	# -----------------------------------------------------------------------
	class chooser_handler_t(ida_kernwin.action_handler_t):

mahmoudimus / base256.py

Created February 11, 2025 19:37

dumb base256 encoding

	import re

	class Base256:

	def __init__(self):
	self.list = [['aardvark','adroitness'],['absurd','adviser'],['accrue','aftermath'],['acme','aggregate'],['adrift','alkali'],['adult','almighty'],['afflict','amulet'],['ahead','amusement'],['aimless','antenna'],['Algol','applicant'],['allow','Apollo'],['alone','armistice'],['ammo','article'],['ancient','asteroid'],['apple','Atlantic'],['artist','atmosphere'],['assume','autopsy'],['Athens','Babylon'],['atlas','backwater'],['Aztec','barbecue'],['baboon','belowground'],['backfield','bifocals'],['backward','bodyguard'],['banjo','bookseller'],['beaming','borderline'],['bedlamp','bottomless'],['beehive','Bradbury'],['beeswax','bravado'],['befriend','Brazilian'],['Belfast','breakaway'],['berserk','Burlington'],['billiard','businessman'],['bison','butterfat'],['blackjack','Camelot'],['blockade','candidate'],['blowtorch','cannonball'],['bluebird','Capricorn'],['bombast','caravan'],['bookshelf','caretaker'],['brackish','celebrate'],['breadline','cellulose'],['br

mahmoudimus / change-default-open.md

Last active January 17, 2025 18:58

Allows one to change the default file handler for `public.data` content types on Mac OS

bundleid=$(mdls <APP_PATH_HERE> | grep kMDItemCFBundleIdentifier | cut -d'"' -f2)

defaults write com.apple.LaunchServices LSHandlers -array-add \
     "{ LSHandlerContentType = \"public.data\"; LSHandlerRoleAll = \"$bundleid\"; };"

NewerOlder