Skip to content

Instantly share code, notes, and snippets.

View 0xabad1dea's full-sized avatar
🚫
no cooperation with ICE

0xabad1dea (Melissa Elliott) 0xabad1dea

🚫
no cooperation with ICE
459 followers · 7 following
View GitHub Profile
@0xabad1dea
0xabad1dea / ABI
Created April 5, 2012 19:50
0x10c Programming Notes
On April 5 2012, #0x10c-dev agreed to the following standard ABI:
- Registers A, B, C are clobberable across calls
- Registers I, J, X, Y, Z are preserved across calls
- Return in A
- J is used for base stack pointer (preserving the value of SP before allocating
data for locals)
@0xabad1dea
0xabad1dea / crisscross.txt
Created April 26, 2012 20:47
Studio Mintaka's CrissCross Cable
_ _
(_) _ | |
____ _ ____ _| |_ _____| | _ _____
| \| | _ (_ _|____ | |_/ |____ | *
| | | | | | | || |_/ ___ | _ (/ ___ | *
|_|_|_|_|_| |_| \__)_____|_| \_)_____| *
STUDIO MINTAKA : MANUFACTURER ID 0xABAD1DEA
___ ____ ____ ___ ___ ___ ____ _____ ___ ___
/ __)( _ \(_ _)/ __)/ __)\ / / __)( _ \( _ )/ __)/ __)
@0xabad1dea
0xabad1dea / vibespy.rb
Created July 4, 2012 00:41
Trivial skeleton script for seeing Vibe messages outside of your range
#!/usr/bin/ruby
# trivial skeleton script for seeing Vibe messages that have a location and range that excludes you
# tested july 3rd, 2012
require 'rubygems'
require 'rest_client'
url = "https://v.zami.com/vibe_getsayings16-W4czD.php"
# new york city
lat = 40.664167
long = -73.938611
@0xabad1dea
0xabad1dea / phppasswordfunctions.txt
Last active December 14, 2015 17:09
List of PHP functions that take password or key arguments
Here is a huge list of functions listed in the PHP manual which take an argument
which contains sensitive data, either directly or as an array element. Use it to
"audit" for statically embedded passwords in "your" codebase. Some of these are
very obscure/deprecated/whatever. The ones with "construct" in the name are
classes called in source like new foo("password");...
http://php.net/manual/en/function.hash-hmac.php
http://www.php.net/manual/en/function.curl-setopt.php
@0xabad1dea
0xabad1dea / tricksy.c
Last active December 17, 2015 14:59
A deceitful C program
// hello clever programmers, would you like to play a game?
// where's the bug?
// by 0xabad1dea :)
#include <stdio.h>
#include <string.h>
int main() {
char input[16] = "stringstring!!!";
char output[8];
@0xabad1dea
0xabad1dea / rtlsdr-osx.txt
Created June 13, 2013 21:55
Build RTL-SDR on OSX with no tears
rtl-sdr build notes for OSX
using macports http://www.macports.org/
see http://sdr.osmocom.org/trac/wiki/rtl-sdr
sudo port install cmake
sudo port install libusb
sudo port install pkgconfig
sudo port install sox # for easy audio
git clone git://git.osmocom.org/rtl-sdr.git
cd rtl-sdr/
@0xabad1dea
0xabad1dea / dnparsefail.c
Created August 30, 2013 01:16
dropping mad 0day in super-relevant XINU
#include <stdio.h>
#include <string.h>
/*~ demonstration of unbounded conditions and integer wrap
bugs in a real networking stack by 0xabad1dea
dnparse() is taken from the XINU operating system
http://www.cs.purdue.edu/homes/dec/xlicense.html
slightly tweaked to compile as a unix userland thing ~*/
@0xabad1dea
0xabad1dea / weird-machines-video-games.md
Last active December 28, 2021 17:38
Weird Machines in Video Games

Abadidea's Index of Weird Machines in Video Games

A "weird machine" is when user-supplied input is able to create an arbitrary new program running within an existing program due to Turing-completeness being exposed. Sometimes such functionality was deliberately included but it is often the result of exploitation of memory corruption. You can learn more at the langsec site. There is a good argument for weird machines being inherently dangerous, but this index is just for fun.

It is broken into two categories: intentional gameplay features which may be used as weird machines, and exploit-based machines which can be triggered by ordinary player input (tool-assisted for speed and precision is acceptable). Games with the sole purpose of programming (such as Core Wars) are not eligible and plugin APIs don't count. If you know of more, feel free to add a comment to this gist.

Intentional Gameplay Mechanics

@0xabad1dea
0xabad1dea / phiharmonics.md
Created December 12, 2013 22:31
dear phiharmonics

Dear Phiharmonics,

There are a lot of wireless devices in my home and at my workplace and I believe they sometimes interfere with my research. I have some questions about whether your wi-fi energy dots could help me out in harmonizing my living spaces.

1.) What is the effective range of the harmonizing? Do they ever need to be replaced? If so, does more wifi wear them out faster?

2.) Is the harmonizing compatible with all of the IEEE 802.11 wireless standards or only b/g? And Bluetooth?

3.) They look like they're made of copper but you don't specify what, exactly, they are or what's in them. Do they still work if adhered to a conductive surface? Is it okay if they get wet?

@0xabad1dea
0xabad1dea / rsa-not-buying-it.md
Last active May 4, 2022 21:59
Sorry, RSA, I'm just not buying it

Sorry, RSA, I'm just not buying it

I want to be extremely clear about three things. First, this is my personal opinion – insert full standard disclaimer. Second, this is not a condemnation of everyone at RSA, present and past. I assume most of them are pretty okay, and that the problem is confined to a few specific points in the company. However, “unknown problem people making major decisions at RSA” is a bit unwieldy, so I will just say RSA. Third, I'm not calling for a total boycott on RSA. I work almost literally across the street from them and I don’t want to get beat up by roving gangs of cryptographers at the local Chipotle.

RSA's denial published last night is utter codswallop that denies pretty much everything in the world except the actual allegations put forth by Reuters and hinted at for months by [other sources](http://li