Skip to content

Instantly share code, notes, and snippets.

Avatar

Birch-san

View GitHub Profile
@Birch-san
Birch-san / pwnedpass.sh
Last active Aug 7, 2020
Detect whether any password in your KeePassXC database was exposed in a data breach (using Troy Hunt's Pwned Passwords API)
View pwnedpass.sh
#!/usr/bin/env bash
# Licensed by author Alex Birch under CC BY-SA 4.0
# https://creativecommons.org/licenses/by-sa/4.0/
# detects whether any of your passwords have been exposed in a data breach, by
# submitting (prefixes of hashes of) all your passwords to Troy Hunt's
# Pwned Passwords API.
# https://haveibeenpwned.com/Passwords
@Birch-san
Birch-san / -v.ll
Created Jul 25, 2020
5-byte memcpy, 8-byte-aligned goes bang (LLVM IR)
View -v.ll
; ModuleID = 'bpftrace'
source_filename = "bpftrace"
target datalayout = "e-m:e-p:64:64-i64:64-n32:64-S128"
target triple = "bpf-pc-linux"
%helper_error_t = type <{ i64, i64, i32, i8 }>
; Function Attrs: nounwind
declare i64 @llvm.bpf.pseudo(i64, i64) #0
@Birch-san
Birch-san / -dd
Created Jul 25, 2020
5-byte memcpy, 8-byte-aligned goes bang
View -dd
sudo ./src/bpftrace -v -e 'struct F {char s[5];} u:./tests/testprogs/string_args:print { $a = ((struct F*)arg0)->s; }' -c ./tests/testprogs/string_args
0: (bf) r6 = r1
1: (79) r3 = *(u64 *)(r6 +112)
2: (bf) r1 = r10
3: (07) r1 += -29
4: (b7) r2 = 5
5: (85) call bpf_probe_read#4
last_idx 5 first_idx 0
regs=4 stack=0 before 4: (b7) r2 = 5
@Birch-san
Birch-san / make_portable.sh
Last active Mar 10, 2020
Make a macOS executable binary or .dylib portable
View make_portable.sh
#!/usr/bin/env bash
# Licensed by author Alex Birch under CC BY-SA 4.0
# https://creativecommons.org/licenses/by-sa/4.0/
# Example input:
# ./make_portable.sh mycoolbinary
# where mycoolbinary is a mach-o object file
# (for example an executable binary or a .dylib)
#
@Birch-san
Birch-san / pluck.js
Created May 6, 2019 — forked from kevincennis/pluck.js
Karplus-Strong with Web Audio API
View pluck.js
function Pluck( ctx ) {
this.sr = ctx.sampleRate;
this.pro = ctx.createScriptProcessor( 512, 0, 1 );
this.pro.connect( ctx.destination );
}
Pluck.prototype.play = function( freq ) {
var N = Math.round( this.sr / freq ),
impulse = this.sr / 1000,
y = new Float32Array( N ),
@Birch-san
Birch-san / hex_printf.cpp
Created Nov 20, 2018
Printing 64-bit unsigned integer as hexadecimal
View hex_printf.cpp
#include <stdio.h>
#include <inttypes.h>
int main(int argc, char** argv) {
uint64_t val = (1ULL<<29) -1ULL;
printf("0x%" PRIx64 "\n", val);
return 0;
}
@Birch-san
Birch-san / sshfs_mount.sh
Last active Oct 27, 2018
How to use OSXFUSE + SSHFS to mount/unmount a remote filesystem
View sshfs_mount.sh
#!/bin/sh
# mounts a host named 'mycoolhost' (as described in SSH config):
# ./sshfs_mount.sh
# unmount:
# ./sshfs_mount.sh 0
REMOTE_HOST='mycoolhost'
REMOTE_DIR='/home/mycooluser'
VOLNAME="$REMOTE_HOST"
@Birch-san
Birch-san / http-minimal.py
Created Oct 8, 2018
Just print sequence numbers of all TCP packets
View http-minimal.py
#!/usr/bin/python
# invoke with:
# sudo ./http-minimal.py -i docker0
from bcc import BPF
from sys import argv
import socket
import os
@Birch-san
Birch-san / http-parse-seq.py
Created Aug 12, 2018
BCC TCP packet sequence number logger
View http-parse-seq.py
#!/usr/bin/python
#
# Forked from https://github.com/iovisor/bcc/blob/master/examples/networking/http_filter/http-parse-complete.py
# I've removed almost all functionality. It now simply prints the sequence number of every packet submitted, and does not perform any cleanup.
# =====
#Bertrone Matteo - Polytechnic of Turin
#November 2015
#
#eBPF application that parses HTTP packets
#and extracts (and prints on screen) the URL contained in the GET/POST request.
@Birch-san
Birch-san / http-parse-bespoke.py
Last active Jul 19, 2018
Count HTTP bytes inbound, outbound, grouped by an aspect of URL in HTTP request URI
View http-parse-bespoke.py
#!/usr/bin/python
#
#Bertrone Matteo - Polytechnic of Turin
#November 2015
#
#Additions made by Alex Birch, July 2018
#to correlate HTTP reply back to HTTP request, and accumulate & print statistics
#
#eBPF application that parses HTTP packets
#and extracts (and prints on screen) the URL contained in the GET/POST request.
You can’t perform that action at this time.