Skip to content

Instantly share code, notes, and snippets.

Avatar
🚫
no cooperation with ICE

0xabad1dea 0xabad1dea

🚫
no cooperation with ICE
View GitHub Profile
@munificent
munificent / generate.c
Last active Jun 7, 2021
A random dungeon generator that fits on a business card
View generate.c
#include <time.h> // Robert Nystrom
#include <stdio.h> // @munificentbob
#include <stdlib.h> // for Ginny
#define r return // 2008-2019
#define l(a, b, c, d) for (i y=a;y\
<b; y++) for (int x = c; x < d; x++)
typedef int i;const i H=40;const i W
=80;i m[40][80];i g(i x){r rand()%x;
}void cave(i s){i w=g(10)+5;i h=g(6)
+3;i t=g(W-w-2)+1;i u=g(H-h-2)+1;l(u
@roycewilliams
roycewilliams / clientside-software-update-verification-failures.md
Last active Jun 22, 2021
Exploitable vulnerabilities in client-side software update mechanisms that could have been mitigated by secure transport (TLS).
View clientside-software-update-verification-failures.md

Client-side software update verification failures

Exploitable vulnerabilities in client-side software update mechanisms that could have been mitigated by secure transport (TLS). Contributions welcome. All text taken from the vulnerability descriptions themselves, with additional emphasis mine.

In scope:

  • I consider exploitation or privilege escalation of the package tool/system itself (that would have been mitigated by secure transport) to be in scope.
  • Issues only described as being triggered by malicious mirrors are assumed to also be vulnerable to MITM.
  • Failure to verify the software update at all is currently provisionally in scope if it could have been mitigated by secure transport, but I'm waffling about it. Most of these are actual signature verification failures, and my original purpose was to highlight cases where claims of "It's OK to be HTTP because verification!" seem to me to be specious.
  • Software components regularly used to verify integrity in other software pipelines are
@Neo23x0
Neo23x0 / fp-hashes.py
Last active Mar 10, 2020
Typical False Positive Hashes
View fp-hashes.py
# This GIST has been transformed into a Git repository and does not receive updates anymore
#
# Please visit the github repo to get a current list
# https://github.com/Neo23x0/ti-falsepositives/
# Hashes that are often included in IOC lists but are false positives
HASH_WHITELIST = [
# Empty file
'd41d8cd98f00b204e9800998ecf8427e',
'da39a3ee5e6b4b0d3255bfef95601890afd80709',
@MerryMage
MerryMage / post.md
Last active Jan 8, 2021
Dumping the GBA BIOS
View post.md

Dumping the GBA BIOS

endrift has recently written an article on a new method she discovered for dumping the GBA's BIOS, different from the MidiKey2Freq method currently used. This article is about a third method I've discovered that is different from those two.

I've been having a very recent fascination with the Game Boy Advance. The hardware is simple relative to more complex modern handhelds and the CPU is of an architecture I'm already familiar with (ARM7TDMI), making it a rather fun toy to play with. The GBA is a console where cycle counting is important. In order to learn more about the hardware, I have been reading documentation that others have produced (like Martin Korth's GBATEK) and writing small programs to test edge-cases of the hardware that I didn't quite understand. One example of this was the BIOS ROM.

BIOS Protection

The

@eevee
eevee / extract-music.py
Created May 31, 2016
Python script to reconstitute music from a PICO-8 cartridge
View extract-music.py
# script to extract music from a pico-8
# requires exporting sounds from the pico-8 first!
# run as: python extract-music.py mygame.p8 sound%d.wav music%d.wav
# by eevee, do what you like with this code
from __future__ import print_function
import argparse
import struct
import wave
@eevee
eevee / gist:55426e5856f5825317b1
Last active Jan 28, 2021
adblock rules to hide mentions from people who don't follow you
View gist:55426e5856f5825317b1

Pop open "filter preferences" in adblock plus, and add the following rules to hide mentions from people who don't follow you (and who you don't follow).

For the interactions/notifications page:

twitter.com##.interaction-page [data-follows-you="false"][data-you-follow="false"]:not(.my-tweet)

For the mentions page:

twitter.com##.mentions-page [data-follows-you="false"][data-you-follow="false"]:not(.my-tweet)
View video2gif.bat
@if [%6]==[] goto error
@goto ok
:error
@echo USAGE: video2gif START_TIME DURATION WIDTH FRAME_RATE (DITHER_OPTIONS) (CROP_RECTANGLE width:height:x:y) INPUT OUTPUT
@goto end
:ok
@set PALETTE="%TEMP%\palette.png"
@bishboria
bishboria / springer-free-maths-books.md
Last active Jun 13, 2021
Springer made a bunch of books available for free, these were the direct links
@colinmahns
colinmahns / otrdm.md
Last active Mar 31, 2021
HOWTO: Twitter DM with OTR
View otrdm.md

Twitter DM + OTR: A quick and dirty tutorial

With the recent removal of the 140-character limit in Direct Messages by Twitter, DM's have now become a much more useful platform for communicating between individuals and groups. Sadly, DM's are still sent in plaintext between users and Twitter has no plans currently on encrypting these messages, at least as of August 2015. Since these are stored in plaintext at rest, an adversary can see the content of the message you are sending, which the two parties might not wish to happen. Fortunately as a few applications with basic Twitter support which also have excellent support for OTR, all hope isn't lo

@bnagy
bnagy / gpgmutt.md
Last active Jun 19, 2021
Mutt, Gmail and GPG
View gpgmutt.md

GPG / Mutt / Gmail

About

This is a collection of snippets, not a comprehensive guide. I suggest you start with Operational PGP.

Here is an incomplete list of things that are different from other approaches:

  • I don't use keyservers. Ever.
  • Yes, I use Gmail instead of some bespoke hipster freedom service