Skip to content

Instantly share code, notes, and snippets.

no cooperation with ICE

0xabad1dea 0xabad1dea

no cooperation with ICE
View GitHub Profile
munificent / generate.c
Last active Sep 9, 2021
A random dungeon generator that fits on a business card
View generate.c
#include <time.h> // Robert Nystrom
#include <stdio.h> // @munificentbob
#include <stdlib.h> // for Ginny
#define r return // 2008-2019
#define l(a, b, c, d) for (i y=a;y\
<b; y++) for (int x = c; x < d; x++)
typedef int i;const i H=40;const i W
=80;i m[40][80];i g(i x){r rand()%x;
}void cave(i s){i w=g(10)+5;i h=g(6)
+3;i t=g(W-w-2)+1;i u=g(H-h-2)+1;l(u
roycewilliams /
Last active Jun 24, 2021
Exploitable vulnerabilities in client-side software update mechanisms that could have been mitigated by secure transport (TLS).

Client-side software update verification failures

Exploitable vulnerabilities in client-side software update mechanisms that could have been mitigated by secure transport (TLS). Contributions welcome. All text taken from the vulnerability descriptions themselves, with additional emphasis mine.

In scope:

  • I consider exploitation or privilege escalation of the package tool/system itself (that would have been mitigated by secure transport) to be in scope.
  • Issues only described as being triggered by malicious mirrors are assumed to also be vulnerable to MITM.
  • Failure to verify the software update at all is currently provisionally in scope if it could have been mitigated by secure transport, but I'm waffling about it. Most of these are actual signature verification failures, and my original purpose was to highlight cases where claims of "It's OK to be HTTP because verification!" seem to me to be specious.
  • Software components regularly used to verify integrity in other software pipelines are
Neo23x0 /
Last active Mar 10, 2020
Typical False Positive Hashes
# This GIST has been transformed into a Git repository and does not receive updates anymore
# Please visit the github repo to get a current list
# Hashes that are often included in IOC lists but are false positives
# Empty file
merryhime /
Last active Jan 8, 2021
Dumping the GBA BIOS

Dumping the GBA BIOS

endrift has recently written an article on a new method she discovered for dumping the GBA's BIOS, different from the MidiKey2Freq method currently used. This article is about a third method I've discovered that is different from those two.

I've been having a very recent fascination with the Game Boy Advance. The hardware is simple relative to more complex modern handhelds and the CPU is of an architecture I'm already familiar with (ARM7TDMI), making it a rather fun toy to play with. The GBA is a console where cycle counting is important. In order to learn more about the hardware, I have been reading documentation that others have produced (like Martin Korth's GBATEK) and writing small programs to test edge-cases of the hardware that I didn't quite understand. One example of this was the BIOS ROM.

BIOS Protection


View gist:6237f80df9a4bccf98be298057a82cf2
# QEmu
brew install qemu
# Home for out tests
mkdir ~/arm-emu
cd ~/arm-emu
# Download initrd and kernel
eevee /
Created May 31, 2016
Python script to reconstitute music from a PICO-8 cartridge
# script to extract music from a pico-8
# requires exporting sounds from the pico-8 first!
# run as: python mygame.p8 sound%d.wav music%d.wav
# by eevee, do what you like with this code
from __future__ import print_function
import argparse
import struct
import wave
eevee / gist:55426e5856f5825317b1
Last active Jan 28, 2021
adblock rules to hide mentions from people who don't follow you
View gist:55426e5856f5825317b1

Pop open "filter preferences" in adblock plus, and add the following rules to hide mentions from people who don't follow you (and who you don't follow).

For the interactions/notifications page: [data-follows-you="false"][data-you-follow="false"]:not(.my-tweet)

For the mentions page: [data-follows-you="false"][data-you-follow="false"]:not(.my-tweet)
View video2gif.bat
@if [%6]==[] goto error
@goto ok
@goto end
@set PALETTE="%TEMP%\palette.png"
bishboria /
Last active Aug 27, 2021
Springer made a bunch of books available for free, these were the direct links
colinmahns /
Last active Mar 31, 2021
HOWTO: Twitter DM with OTR

Twitter DM + OTR: A quick and dirty tutorial

With the recent removal of the 140-character limit in Direct Messages by Twitter, DM's have now become a much more useful platform for communicating between individuals and groups. Sadly, DM's are still sent in plaintext between users and Twitter has no plans currently on encrypting these messages, at least as of August 2015. Since these are stored in plaintext at rest, an adversary can see the content of the message you are sending, which the two parties might not wish to happen. Fortunately as a few applications with basic Twitter support which also have excellent support for OTR, all hope isn't lo