Skip to content

Instantly share code, notes, and snippets.

Avatar
🚫
no cooperation with ICE

0xabad1dea 0xabad1dea

🚫
no cooperation with ICE
View GitHub Profile
@0xabad1dea
0xabad1dea / ABI
Created Apr 5, 2012
0x10c Programming Notes
View ABI
On April 5 2012, #0x10c-dev agreed to the following standard ABI:
- Registers A, B, C are clobberable across calls
- Registers I, J, X, Y, Z are preserved across calls
- Return in A
- J is used for base stack pointer (preserving the value of SP before allocating
data for locals)
@0xabad1dea
0xabad1dea / crisscross.txt
Created Apr 26, 2012
Studio Mintaka's CrissCross Cable
View crisscross.txt
_ _
(_) _ | |
____ _ ____ _| |_ _____| | _ _____
| \| | _ (_ _|____ | |_/ |____ | *
| | | | | | | || |_/ ___ | _ (/ ___ | *
|_|_|_|_|_| |_| \__)_____|_| \_)_____| *
STUDIO MINTAKA : MANUFACTURER ID 0xABAD1DEA
___ ____ ____ ___ ___ ___ ____ _____ ___ ___
/ __)( _ \(_ _)/ __)/ __)\ / / __)( _ \( _ )/ __)/ __)
@0xabad1dea
0xabad1dea / vibespy.rb
Created Jul 4, 2012
Trivial skeleton script for seeing Vibe messages outside of your range
View vibespy.rb
#!/usr/bin/ruby
# trivial skeleton script for seeing Vibe messages that have a location and range that excludes you
# tested july 3rd, 2012
require 'rubygems'
require 'rest_client'
url = "https://v.zami.com/vibe_getsayings16-W4czD.php"
# new york city
lat = 40.664167
long = -73.938611
@0xabad1dea
0xabad1dea / phppasswordfunctions.txt
Last active Dec 14, 2015
List of PHP functions that take password or key arguments
View phppasswordfunctions.txt
Here is a huge list of functions listed in the PHP manual which take an argument
which contains sensitive data, either directly or as an array element. Use it to
"audit" for statically embedded passwords in "your" codebase. Some of these are
very obscure/deprecated/whatever. The ones with "construct" in the name are
classes called in source like new foo("password");...
http://php.net/manual/en/function.hash-hmac.php
http://www.php.net/manual/en/function.curl-setopt.php
@0xabad1dea
0xabad1dea / tricksy.c
Last active Dec 17, 2015
A deceitful C program
View tricksy.c
// hello clever programmers, would you like to play a game?
// where's the bug?
// by 0xabad1dea :)
#include <stdio.h>
#include <string.h>
int main() {
char input[16] = "stringstring!!!";
char output[8];
@0xabad1dea
0xabad1dea / rtlsdr-osx.txt
Created Jun 13, 2013
Build RTL-SDR on OSX with no tears
View rtlsdr-osx.txt
rtl-sdr build notes for OSX
using macports http://www.macports.org/
see http://sdr.osmocom.org/trac/wiki/rtl-sdr
sudo port install cmake
sudo port install libusb
sudo port install pkgconfig
sudo port install sox # for easy audio
git clone git://git.osmocom.org/rtl-sdr.git
cd rtl-sdr/
@0xabad1dea
0xabad1dea / dnparsefail.c
Created Aug 30, 2013
dropping mad 0day in super-relevant XINU
View dnparsefail.c
#include <stdio.h>
#include <string.h>
/*~ demonstration of unbounded conditions and integer wrap
bugs in a real networking stack by 0xabad1dea
dnparse() is taken from the XINU operating system
http://www.cs.purdue.edu/homes/dec/xlicense.html
slightly tweaked to compile as a unix userland thing ~*/
@0xabad1dea
0xabad1dea / weird-machines-video-games.md
Last active Aug 29, 2019
Weird Machines in Video Games
View weird-machines-video-games.md

Abadidea's Index of Weird Machines in Video Games

A "weird machine" is when user-supplied input is able to create an arbitrary new program running within an existing program due to Turing-completeness being exposed. Sometimes such functionality was deliberately included but it is often the result of exploitation of memory corruption. You can learn more at the langsec site. There is a good argument for weird machines being inherently dangerous, but this index is just for fun.

It is broken into two categories: intentional gameplay features which may be used as weird machines, and exploit-based machines which can be triggered by ordinary player input (tool-assisted for speed and precision is acceptable). Games with the sole purpose of programming (such as Core Wars) are not eligible and plugin APIs don't count. If you know of more, feel free to add a comment to this gist.

Intentional Gameplay Mechanics

View phiharmonics.md

Dear Phiharmonics,

There are a lot of wireless devices in my home and at my workplace and I believe they sometimes interfere with my research. I have some questions about whether your wi-fi energy dots could help me out in harmonizing my living spaces.

1.) What is the effective range of the harmonizing? Do they ever need to be replaced? If so, does more wifi wear them out faster?

2.) Is the harmonizing compatible with all of the IEEE 802.11 wireless standards or only b/g? And Bluetooth?

3.) They look like they're made of copper but you don't specify what, exactly, they are or what's in them. Do they still work if adhered to a conductive surface? Is it okay if they get wet?

@0xabad1dea
0xabad1dea / rsa-not-buying-it.md
Last active Sep 10, 2020
Sorry, RSA, I'm just not buying it
View rsa-not-buying-it.md

Sorry, RSA, I'm just not buying it

I want to be extremely clear about three things. First, this is my personal opinion – insert full standard disclaimer. Second, this is not a condemnation of everyone at RSA, present and past. I assume most of them are pretty okay, and that the problem is confined to a few specific points in the company. However, “unknown problem people making major decisions at RSA” is a bit unwieldy, so I will just say RSA. Third, I'm not calling for a total boycott on RSA. I work almost literally across the street from them and I don’t want to get beat up by roving gangs of cryptographers at the local Chipotle.

RSA's denial published last night is utter codswallop that denies pretty much everything in the world except the actual allegations put forth by Reuters and hinted at for months by [other sources](http://li