{"id":13797075,"url":"https://github.com/alanvivona/pwnshop","last_synced_at":"2026-03-01T23:31:57.598Z","repository":{"id":55067775,"uuid":"162021008","full_name":"alanvivona/pwnshop","owner":"alanvivona","description":"Exploit Development, Reverse Engineering \u0026 Cryptography","archived":false,"fork":false,"pushed_at":"2020-08-27T12:00:02.000Z","size":4754,"stargazers_count":250,"open_issues_count":2,"forks_count":47,"subscribers_count":8,"default_branch":"master","last_synced_at":"2025-04-03T12:12:06.738Z","etag":null,"topics":["arm","buffer-overflow","c","crackme","crypto","cryptography","exploit-development","format-string-attack","go","golang","infosec","python","reverse-engineering","rop","security","shellcode","writeup","x64","x86"],"latest_commit_sha":null,"homepage":"https://twitter.com/syscall59","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/alanvivona.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-12-16T16:42:22.000Z","updated_at":"2025-01-22T06:24:00.000Z","dependencies_parsed_at":"2022-08-14T11:00:28.593Z","dependency_job_id":null,"html_url":"https://github.com/alanvivona/pwnshop","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/alanvivona/pwnshop","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alanvivona%2Fpwnshop","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alanvivona%2Fpwnshop/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alanvivona%2Fpwnshop/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alanvivona%2Fpwnshop/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/alanvivona","download_url":"https://codeload.github.com/alanvivona/pwnshop/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alanvivona%2Fpwnshop/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29987698,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-01T22:42:38.399Z","status":"ssl_error","status_checked_at":"2026-03-01T22:41:51.863Z","response_time":124,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["arm","buffer-overflow","c","crackme","crypto","cryptography","exploit-development","format-string-attack","go","golang","infosec","python","reverse-engineering","rop","security","shellcode","writeup","x64","x86"],"created_at":"2024-08-03T23:01:21.662Z","updated_at":"2026-03-01T23:31:57.579Z","avatar_url":"https://github.com/alanvivona.png","language":"Python","funding_links":["https://www.buymeacoffee.com/syscall59"],"categories":["\u003ca id=\"8c5a692b5d26527ef346687e047c5c21\"\u003e\u003c/a\u003e收集"],"sub_categories":[],"readme":"# Pwnshop\n\u003e Reverse Engineering, Exploitation \u0026 Crypto.\n\nCheck out my [blog](http://medium.syscall59.com), follow me on [Twitter](https://twitter.com/syscall59) and [Youtube](https://www.youtube.com/channel/UC2lZwxYDEAgQod3D4JqxLfg)!  \n### Support the project :  \n\u003ca href=\"https://www.buymeacoffee.com/syscall59\" target=\"_blank\"\u003e\u003cimg src=\"https://bmc-cdn.nyc3.digitaloceanspaces.com/BMC-button-images/custom_images/orange_img.png\" alt=\"Buy Me A Coffee\" style=\"height: auto !important;width: auto !important;\" \u003e\u003c/a\u003e\n\n## Contents:\n- Reverse engineering a simple crackme called “Just see”: [writeup](https://medium.com/@0x0FFB347/crackme-just-see-c6dda1edb9fb)\n- Reverse engineering a level 1 crackme \"Easy_firstCrackme-by-D4RK_FL0W\": [writeup](https://medium.com/syscall59/reverse-engineering-easy-firstcrackme-by-d4rk-fl0w-73dd4412bca5?source=your_stories_page---------------------------)  \n- Utility - Object/Executable file to shellcode converter script: [code](https://github.com/alanvivona/pwnshop/blob/master/utils/obj2shellcode)    \n- Utility - Assembly and link script : [code](https://github.com/alanvivona/pwnshop/blob/master/utils/asm-and-link)    \n- Utility - Shellcode testing skeleton generator : [code](https://github.com/alanvivona/pwnshop/blob/master/utils/gen-shellcode-test)    \n- Utility - GDB python script template : [code](https://github.com/alanvivona/pwnshop/blob/master/utils/gdb-script-template.py)  \n- Exit syscall asm: [code](https://github.com/alanvivona/pwnshop/blob/master/src/0x00-calling-exit-syscall/0x00-exitSyscall.asm)\n- Write syscall \"Hello world!\": [code](https://github.com/alanvivona/pwnshop/blob/master/src/0x01-calling-write-syscall/0x01-calling-write-syscall.asm)\n- Execve shellcode (dynamic addressing) [code](https://github.com/alanvivona/pwnshop/blob/master/src/0x02-execve-dynamic-addressing/0x02-dynamic-addressing.asm)\n- Ret2libc exploit for protostar stack6 challenge : [code](https://github.com/alanvivona/pwnshop/blob/master/src/0x03-system-for-ret2libc/pwn.py)\n- Exploit for protostar stack7 challenge (Smallest ROP chain): [code](https://github.com/alanvivona/pwnshop/blob/master/src/0x04-simplest-rop-ever/roppwn.py)\n- Exploit for VUPlayer 2.49 (no DEP) local buffer overflow: [code](https://github.com/alanvivona/pwnshop/blob/master/src/0x07-windows-EDBID-40018-localbof/exploit.js), [writeup](https://medium.com/@0x0FFB347/windows-expliot-dev-101-e5311ac284a)\n- Execve shellcode (stack method) : [code](https://github.com/alanvivona/pwnshop/blob/master/src/0x0A-execve-stack/execvestack.nasm)  \n- Execve shellcode using RIP relative addressing [code](https://github.com/alanvivona/pwnshop/blob/master/src/0x0B-execve-rip-relative-addressing/execve-rip-relative.nasm)  \n- Password Protected Bind Shell (Linux/x64) [code](https://github.com/alanvivona/pwnshop/blob/master/src/0x0D-SLAE64-1-tcp-bind-shell-auth/tcp-bind-shell-auth-smaller.nasm), [writeup](https://medium.com/bugbountywriteup/writing-a-password-protected-bind-shell-linux-x64-e052d2f65ff2)  \n- Password Protected Reverse Shell (Linux/x64) [code](https://github.com/alanvivona/pwnshop/blob/master/src/0x0E-SLAE64-2-reverse-tcp-auth/reverse-tcp-with-auth.nasm), [writeup](https://medium.com/@0x0FFB347/writing-a-password-protected-reverse-shell-linux-x64-5f4d3a28d91a), [Featured in the 1st number of Paged-Out](https://pagedout.institute/download/PagedOut_001_beta1.pdf)  \n- XANAX - A custom shellcode encoder written in assembly :  \n    - [encoder code](https://github.com/alanvivona/pwnshop/blob/master/src/0x10-SLAE64-4-custom-encoder/xanax-encoder.nasm)  \n    - [encoder on exploit-db](https://www.exploit-db.com/shellcodes/46679)  \n    - [encoder on packetstormsecurity](https://packetstormsecurity.com/files/152456/Linux-x64-XANAX-Encoder-Shellcode.html)\n    - [decoder code](https://github.com/alanvivona/pwnshop/blob/master/src/0x10-SLAE64-4-custom-encoder/xanax-decoder.nasm)  \n    - [decoder on exploit-db](https://www.exploit-db.com/shellcodes/46680)  \n    - [decoder on packetstormsecurity](https://packetstormsecurity.com/files/152455/Linux-x64-XANAX-Decoder-Shellcode.html)\n    - [writeup](https://medium.com/@0x0FFB347/writing-a-custom-shellcode-encoder-31816e767611)  \n- A more generic (and somewhat extensible) encoder skeleton written in Go [code](https://github.com/alanvivona/pwnshop/blob/master/src/0x10-SLAE64-4-custom-encoder/encoder.go)   \n- Gocryper : A custom AES shellcode crypter written in Go [code](https://github.com/alanvivona/pwnshop/tree/master/src/0x14-SLAE64-crypter), [writeup](https://medium.com/syscall59/a-trinity-of-shellcode-aes-go-f6cec854f992)  \n- A basic Polimorphic Engine written in Go [code](https://github.com/alanvivona/pwnshop/tree/master/src/0x12-SLAE-shellstorm-polymorph), [writeup](https://medium.com/me/stats/post/73ec56a2353e)    \n- Egg-hunter shellcode (Linux/x64) [code](https://github.com/alanvivona/pwnshop/blob/master/src/0x0F-SLAE64-3-egghunter/egghunter-V1.nasm), [writeup](https://medium.com/syscall59/on-eggs-and-egg-hunters-linux-x64-305b947f792e)  \n- Password Protected Reverse Shell (Linux/ARMv6)  \n    - [code](https://github.com/alanvivona/pwnshop/blob/master/src/0x15-ARM-shellcode/ARM-reverse-shell-with-auth.s)\n    - [writeup](https://medium.com/syscall59/shellcode-for-iot-a-password-protected-reverse-shell-linux-arm-a18fcda4853b)\n    - [payload on packetstormsecurity](https://packetstormsecurity.com/files/152602/Linux-ARM-Password-Protected-Reverse-TCP-Shell-Shellcode.html)\n    - [payload on exploit-db](https://www.exploit-db.com/shellcodes/46736)  \n- MalwareTech's String Challenges crackmes: [writeup](https://medium.com/syscall59/solving-malwaretech-string-challenges-with-some-radare2-magic-98ebd8ff0b88)\n- MalwareTech's Shellcode Challenges crackmes: [writeup](http://medium.syscall59.com/solving-malwaretech-shellcode-challenges-with-some-radare2-magic-b91c85babe4b)  \n- DEFCON Qualys 2019 : Speedrun-001 exploit (Stack-based bof + ROP): [code](https://github.com/alanvivona/pwnshop/blob/master/src/0x17-defcon-qualys-2019/speedrun-001-exploit.py)\n- Solution for the crackme \"Crackme2-be-D4RK_FL0W\" [writeup](https://medium.com/syscall59/reverse-engineering-crackme2-be-d4rk-fl0w-walkthrough-ea50b851b5f0)  \n- Solution for the crackme \"Crack3-by-D4RK_FL0W\" :\n    - Option 1 - Using r2 macros to extract the PIN: [code](https://github.com/alanvivona/pwnshop/blob/master/src/0x19-crackme-darkflow-3/r2.commands)  \n    - Option 2 - Using GEF and unicorn-engine emulation to bruteforce the PIN: [code](https://github.com/alanvivona/pwnshop/blob/master/src/0x19-crackme-darkflow-3/emu.py)\n    - Blog post exploring both options: [writeup](https://medium.com/syscall59/re-using-macros-emulation-voodo-to-solve-a-crackme-a90566e9c7c9)  \n- Utility - r2frida Cheatsheet: [writeup](https://github.com/alanvivona/pwnshop/blob/master/utils/r2frida-cheatsheet.md)  \n- Solution for the crackme \"alien_bin\" [writeup](https://medium.com/syscall59/reverse-engineering-cracking-alien-technology-7acddcb561b)  \n- Automated solutions for the crackme \"mexican\": [writeup](https://medium.com/syscall59/solved-solving-mexican-crackme-82d71a28e189), [script solution 1: carving](https://github.com/alanvivona/pwnshop/blob/master/src/0x1A/s1-static-extract-from-code.py), [script solution 2: patching](https://github.com/alanvivona/pwnshop/blob/master/src/0x1A/s2-binary-patching.py)   \n- Writeup for the crackme \"crackme_by_coulomb\" (.net): [writeup](https://medium.com/syscall59/reverse-engineering-solving-my-first-net-crackme-dacf2e59ad3b)   \n- Writeup for the crackme \"shadows_registerme\" (.net): [writeup](https://medium.com/syscall59/reverse-engineering-and-cracking-a-net-binary-using-dnspy-4b88c692a6ff)   \n- Writeup for the crackme \"removemytrial_by_coulomb\" (.net): [writeup](https://medium.com/bugbountywriteup/reverse-engineering-beating-a-trial-on-a-net-crackme-d4ab6604f10b)   \n- Writeup for the crackme \"Get The Password\": [writeup](https://medium.com/bugbountywriteup/writing-a-keygen-using-python-itertools-1944cbb4d07c), [code (keygen)](https://github.com/alanvivona/pwnshop/blob/master/src/0x1C-HN1-Crackme1-GetThePassword/solve.py)  \n\n- Cyptopals Solutions: Set 1, Challenge 1. \"Convert hex to base64\":\n[code](https://github.com/alanvivona/pwnshop/blob/master/src/0x1D-cryptopals-se1-ch1/)  \n- Cyptopals Solutions: Set 1, Challenge 2. \"Fixed XOR\":\n[code](https://github.com/alanvivona/pwnshop/blob/master/src/0x1E-cryptopals-se1-ch2/)  \n- Cyptopals Solutions: Set 1, Challenge 3. \"Single-byte XOR cipher\":\n[code](https://github.com/alanvivona/pwnshop/blob/master/src/0x1F-cryptopals-se1-ch3/)  \n- Cyptopals Solutions: Set 1, Challenge 4. \"Detect single-character XOR\":\n[code](https://github.com/alanvivona/pwnshop/blob/master/src/0x20-cryptopals-se1-ch4/)  \n- Cyptopals Solutions: Set 1, Challenge 5. \"Implement repeating-key XOR\":\n[code](https://github.com/alanvivona/pwnshop/blob/master/src/0x21-cryptopals-se1-ch5/)  \n- Cyptopals Solutions: Set 1, Challenge 6. \"Break repeating-key XOR\":\n[code](https://github.com/alanvivona/pwnshop/blob/master/src/0x22-cryptopals-se1-ch6/)  \n- Cyptopals Solutions: Set 1, Challenge 7. \"AES in ECB mode\":\n[code](https://github.com/alanvivona/pwnshop/blob/master/src/0x23-cryptopals-se1-ch7/)  \n- Cyptopals Solutions: Set 1, Challenge 8. \"Detect AES in ECB mode\":\n[code](https://github.com/alanvivona/pwnshop/blob/master/src/0x24-cryptopals-se1-ch8/)  \n- Cyptopals Solutions: Set 2, Challenge 9. \"Implement PKCS#7 padding\":\n[code](https://github.com/alanvivona/pwnshop/blob/master/src/0x25-cryptopals-se2-ch9/)  \n- Cyptopals Solutions: Set 2, Challenge 15. \"PKCS#7 padding validation\":\n[code](https://github.com/alanvivona/pwnshop/blob/master/src/0x26-cryptopals-se2-ch15/)  \n\n## Useful links:\n\n### Tools:\nA non-exhaustive list of tools  \n- [radare2](https://rada.re) (+[Cutter](https://github.com/radareorg/cutter) +[r2frida](https://github.com/nowsecure/r2frida) +[r2pipe](https://github.com/radare/radare2-r2pipe) +[r2ghidra-dec](https://github.com/radareorg/r2ghidra-dec))\n- [Ghidra](https://ghidra-sre.org/)\n- [x64dbg](https://x64dbg.com)\n- [Frida](https://www.frida.re/)\n- [gdb](https://www.gnu.org/software/gdb/) (+[gdb-dashboard](https://github.com/cyrus-and/gdb-dashboard) +[GEF](https://github.com/hugsy/gef))\n- [Valgrind](http://www.valgrind.org/)\n- [Pwntools](http://pwntools.com)\n- [Wireshark](https://www.wireshark.org/)\n- [Binwalk](https://github.com/ReFirmLabs/binwalk)\n- strace\n- ltrace\n- hexdump\n- xxd\n- [rappel](https://github.com/yrp604/rappel)\n- nasm\n- gas\n- [Unicorn Engine](https://www.unicorn-engine.org/)\n- [IDA](https://www.hex-rays.com/products/ida/index.shtml)  \n- hexedit  \n- bless  \n- Metasploit (https://www.metasploit.com/)  \n\n\n\n### Resources:\nThere's a **LOT** of stuff out there. These are just the most useful things I've found so far.    \n- :computer: [Live overflow](https://liveoverflow.com/)\n- :book: [The shellcoder's handbook](https://amzn.to/2LXi0KH)\n- :computer: [Exploit education](https://exploit.education/)\n- :computer: [Gynvael coldwind](https://gynvael.coldwind.pl/)\n- :computer: [Azeria labs](https://azeria-labs.com/)\n- :computer: [Phrack](http://phrack.org/)\n- :computer: [Corelan](https://www.corelan.be/index.php/articles/)\n- :computer: [Fuzzysecurity](https://www.fuzzysecurity.com/index.html)\n- :computer: [Packetstormsecurity](https://packetstormsecurity.com/)\n- :computer: [Exploitdb](https://www.exploit-db.com/)\n- :book: [Beginners RE](https://beginners.re/)\n- :book: [Practical reverse engineering](https://amzn.to/35lKNQy)\n- :book: [Programming linux anti-reversing techniques](https://leanpub.com/anti-reverse-engineering-linux)\n- :book: [Attacking network protocols](https://amzn.to/35jFO2S)\n- :book: [Penetration testing: A Hands-On introduction to hacking](https://amzn.to/2IzzlHy)\n- :computer: [Malware Unicorn](https://malwareunicorn.org/#/workshops)  \n- :book: [Radare2 Book](https://radare.gitbooks.io/radare2book/)  \n- :computer: [Paged-Out!](https://pagedout.institute)  \n- :book: [PoC||GTFO I](https://amzn.to/2MDgz3l)  \n- :book: [PoC||GTFO II](https://amzn.to/2AS4uBP)  \n- :book: [The IDA Pro Book](https://amzn.to/2LXnKUE)  \n- :book: [Hacker Disassembling Uncovered](https://amzn.to/2nLew4I)  \n- :computer: [Reverse Engineering Stackexchange](https://reverseengineering.stackexchange.com/)  \n- :computer: [Cryptopals Challenges](https://cryptopals.com/)  \n- :book: [Cryptool Book](https://www.cryptool.org/images/ctp/documents/CT-Book-en.pdf)  \n- :book: [Crypto 101](https://github.com/crypto101/crypto101.github.io/raw/master/Crypto101.pdf)  \n- :book: [Cracking Codes With Python](http://inventwithpython.com/cracking/)  \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falanvivona%2Fpwnshop","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falanvivona%2Fpwnshop","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falanvivona%2Fpwnshop/lists"}