Skip to content

Instantly share code, notes, and snippets.

Avatar
🚫
no cooperation with ICE

0xabad1dea 0xabad1dea

🚫
no cooperation with ICE
View GitHub Profile
@moyix
moyix / list_dsc.py
Created Feb 5, 2022
Script that uses python-apt to get some info about source packages
View list_dsc.py
#!/usr/bin/env python
import re
import sys, os
sys.path.append('/usr/lib/python3/dist-packages')
import apt
import apt_pkg
import argparse
def urljoin(*args):
View Awesome List of Rust Footguns.markdown

Awesome List of Rust Footguns

This will be a living document where I will ocassionally add new "gotchas" I discover with Rust. Do note that I am still learning Rust. I mean, who isn't?

Drops are not guaranteed

8 May 2021.

Dear diary,

View writeup.md

Hacking the SX Core modchip

Background

On October 2nd 2020, CVE-2020-15808 was publicly announced, detailing an out-of-bounds memory read/write vulnerability in STM's microcontroller firmware. Any chip containing STM's USB CDC driver library contains the bugged code, which represents a large amount of products on the market. While bugged STM libraries may be bad enough, this problem is much more widespread. Several companies manufacture "clones" of STM chips which, due to mostly identical MMIO (Memory Mapped Input/Output) addresses, fully support the affected STM vendor code. Most clone manufacturers don't offer their own libraries, so developers must either write their own from scratch, or they can use the STM's existing libraries, and most clone manufacturers encourage this.

Armed with this information, I became interested in exploiting and dumping the flash on the "Team Xecuter" SX Core modchip for the Nintendo Switch. The MCU used on the ch

@munificent
munificent / generate.c
Last active Jan 18, 2022
A random dungeon generator that fits on a business card
View generate.c
#include <time.h> // Robert Nystrom
#include <stdio.h> // @munificentbob
#include <stdlib.h> // for Ginny
#define r return // 2008-2019
#define l(a, b, c, d) for (i y=a;y\
<b; y++) for (int x = c; x < d; x++)
typedef int i;const i H=40;const i W
=80;i m[40][80];i g(i x){r rand()%x;
}void cave(i s){i w=g(10)+5;i h=g(6)
+3;i t=g(W-w-2)+1;i u=g(H-h-2)+1;l(u
@roycewilliams
roycewilliams / clientside-software-update-verification-failures.md
Last active Dec 16, 2021
Exploitable vulnerabilities in client-side software update mechanisms that could have been mitigated by secure transport (TLS).
View clientside-software-update-verification-failures.md

Client-side software update verification failures

Exploitable vulnerabilities in client-side software update mechanisms that could have been mitigated by secure transport (TLS). Contributions welcome. All text taken from the vulnerability descriptions themselves, with additional emphasis mine.

In scope:

  • I consider exploitation or privilege escalation of the package tool/system itself (that would have been mitigated by secure transport) to be in scope.
  • Issues only described as being triggered by malicious mirrors are assumed to also be vulnerable to MITM.
  • Failure to verify the software update at all is currently provisionally in scope if it could have been mitigated by secure transport, but I'm waffling about it. Most of these are actual signature verification failures, and my original purpose was to highlight cases where claims of "It's OK to be HTTP because verification!" seem to me to be specious.
  • Software components regularly used to verify integrity in other software pipelines are
View Quirks of C.md

Here's a list of mildly interesting things about the C language that I learned mostly by consuming Clang's ASTs. Although surprises are getting sparser, I might continue to update this document over time.

There are many more mildly interesting features of C++, but the language is literally known for being weird, whereas C is usually considered smaller and simpler, so this is (almost) only about C.

1. Combined type and variable/field declaration, inside a struct scope [https://godbolt.org/g/Rh94Go]

struct foo {
   struct bar {
 int x;
@Neo23x0
Neo23x0 / fp-hashes.py
Last active Mar 10, 2020
Typical False Positive Hashes
View fp-hashes.py
# This GIST has been transformed into a Git repository and does not receive updates anymore
#
# Please visit the github repo to get a current list
# https://github.com/Neo23x0/ti-falsepositives/
# Hashes that are often included in IOC lists but are false positives
HASH_WHITELIST = [
# Empty file
'd41d8cd98f00b204e9800998ecf8427e',
'da39a3ee5e6b4b0d3255bfef95601890afd80709',
View octal_x86.txt
# source:http://reocities.com/SiliconValley/heights/7052/opcode.txt
From: mark@omnifest.uwm.edu (Mark Hopkins)
Newsgroups: alt.lang.asm
Subject: A Summary of the 80486 Opcodes and Instructions
(1) The 80x86 is an Octal Machine
This is a follow-up and revision of an article posted in alt.lang.asm on
7-5-92 concerning the 80x86 instruction encoding.
The only proper way to understand 80x86 coding is to realize that ALL 80x86
@merryhime
merryhime / post.md
Last active Jul 27, 2022
Dumping the GBA BIOS
View post.md

Dumping the GBA BIOS

endrift has recently written an article on a new method she discovered for dumping the GBA's BIOS, different from the MidiKey2Freq method currently used. This article is about a third method I've discovered that is different from those two.

I've been having a very recent fascination with the Game Boy Advance. The hardware is simple relative to more complex modern handhelds and the CPU is of an architecture I'm already familiar with (ARM7TDMI), making it a rather fun toy to play with. The GBA is a console where cycle counting is important. In order to learn more about the hardware, I have been reading documentation that others have produced (like Martin Korth's GBATEK) and writing small programs to test edge-cases of the hardware that I didn't quite understand. One example of this was the BIOS ROM.

BIOS Protection

The

@kostaz
kostaz / gist:6ce4034192ac3a0f08ec3e279c81d0b8
Created Apr 23, 2017 — forked from naodesu/gist:10620506
How to mount ubifs image in Linux.
View gist:6ce4034192ac3a0f08ec3e279c81d0b8
# $UBIFS is ubifs image file
# make sure $IMAGE is a ubifs image file
blkid $(IMAGE)
$(IMAGE): ... TYPE="ubifs"
# size of created mtd is 256.0 MiB
modprobe nandsim first_id_byte=0x2c second_id_byte=0xda third_id_byte=0x90 fourth_id_byte=0x95
flash_erase /dev/mtd0 0 0
ubiformat /dev/mtd0 -s 2048 -O 2048
modprobe ubi