Skip to content

Instantly share code, notes, and snippets.

View Cr4sh's full-sized avatar
🌴

Dmytro Oleksiuk Cr4sh

🌴
1.7k followers · 30 following
View GitHub Profile
@tai2
tai2 / gist:1104429
Created July 25, 2011 15:46
UPnP Port Mapper
# UPnP Port Mapper
import os
import sys
import re
import urllib2
from xml import sax
from xml.sax import handler
from xml.sax.handler import feature_namespaces
import socket
@juntalis
juntalis / winfork.c
Created December 24, 2012 00:40
/*
* fork.c
* Experimental fork() on Windows. Requires NT 6 subsystem or
* newer.
*
* Copyright (c) 2012 William Pitcock <nenolod@dereferenced.org>
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
@Blackshawk
Blackshawk / blog - Switching to Homebrew.md
Created April 2, 2013 04:57
Switching from Macports to Homebrew and getting my development environment back.

I've been a MacPorts user for quite awhile now. There was nothing religious about the decision - on my first day of work I was handed a new Macbook Pro and proceeded to set up a development environment. Tried to, anyway. While I'd been an avid Mac user for most of my life I'd never actually used it for serious web development - I did some small work back in the 90's but that was the days of OS9 and it was all un-Unixy. Long story short: I was a newb at developing on OSX.

Being an Ubuntu user, I was pretty spoiled by apt-get. After about three mintues of trying to compile stuff myself I marched back into my boss's office and asked if there was a package manager for OSX. He directed me to the Mac Ports website and I left extremely relieved. I think I ran across Homebrew at some point but I never explored it further.

For about three months this was satisfactory. MacPorts works well enough but it has a habit of annoying you at certain intersections. The biggest problem, though, was that the rest of the wo

@Cr4sh
Cr4sh / gist:fe910f0d1b0559efd43d
Created September 3, 2014 19:55
Dynamically finding sys_call_table on Linux x86_64 systems
void **find_sys_call_table(void *kernel_addr, int kernel_size)
{
/*
Check for the system_call_fastpath() signature, hand-written piece of
assembly code from arch/x86/kernel/entry_64.S:
ja badsys
mov rcx, r10
call sys_call_table[rax * 8]
mov [rsp + 20h], rax
@cyphunk
cyphunk / ios_security_notes.md
Last active May 28, 2018 00:58
notes from iOS security documentation that I used to write https://deadhacker.com/2016/03/25/the-terrorists-phone/

Notation iOS 9

This homebrewed notation I typically use when evaluating secure boot designs of embedded devices. It doesn't apply accurately for the iOS review, hides the key-wrapping schema for example. But it's enough to keep track of storage location of secrets and some interdependency.

pfk                  = 256bit per_file_key
@Cr4sh
Cr4sh / ami_smi_dump.py
Last active April 25, 2024 14:40
Extract SW SMI handlers information from SMRAM dump of Skylake based AMI Aptio V firmware
'''
###########################################################################
Extract SW SMI handlers information from SMRAM dump of Skylake based
AMI Aptio V firmware.
To use full capabilities of this tool you need to install UEFIDump
(https://github.com/LongSoft/UEFITool/releases/tag/A32), ida-efiutils
(https://github.com/snare/ida-efiutils) and edit corresponding variables
below.
@eiselekd
eiselekd / enableDCI.txt
Last active June 24, 2024 04:09
Enable DCI debugging on Gigabyte-BKi5HA-7200
Enable DCI debugging on Gigabyte-BKi5HA-7200
--------------------------------------------
The Gigabyte-BKi5HA-7200 (Kabylake i5-7200 processor) can be debugged with only a USB debug cable, a
special cable that crosses only the data signals and has the power signals
removed. You can buy these cables at i.e. https://www.datapro.net/products/usb-3-0-super-speed-a-a-debugging-cable.html
The hurdle you have to overcome before you can access DCI however is that you
need to set some bits in hardware that first enable DCI and also enable the debug port so that DCI can control the cores.
There are lots of guides in howto patch the BIOS but only these two really describes all the steps using only freely accessible tools:
@JamesHagerman
JamesHagerman / stslte-notes.md
Last active March 17, 2024 20:37
My notes about running srsLTE

srsLTE notes

These are notes I've taken while rying to get srslte up and running. This is messy, sorry...

Working solution - LimeSDR + SoapySDR + srsLTE

Dependencies:

sudo apt install tree vim git g++ make cmake pkg-config libpython-dev python-numpy swig libi2c-dev libusb-1.0-0-dev libfftw3-dev libmbedtls-dev libboost-program-options-dev libconfig++-dev libsctp-dev gnuradio
@VVX7
VVX7 / blasty-vs-pkexec.c
Created January 25, 2022 22:51
CVE-2021-4034
/*
* blasty-vs-pkexec.c -- by blasty <peter@haxx.in>
* ------------------------------------------------
* PoC for CVE-2021-4034, shout out to Qualys
*
* ctf quality exploit
*
* bla bla irresponsible disclosure
*
* -- blasty // 2022-01-25
@steven-michaud
steven-michaud / ThirdPartyKexts.md
Last active July 17, 2024 21:06
Running Third Party Kernel Extensions on Virtualization Framework macOS Guest VMs

Running Third Party Kernel Extensions on Virtualization Framework macOS Guest VMs

As of macOS 12 (Monterey), Apple's Virtualization framework has nice support for macOS guest virtual machines, but with severe limitations: For example you can't install a macOS guest on Intel Macs, install guests with newer versions of macOS than the host, copy and paste between the host and the guest, or install third party kernel extensions in the guest. As usual for Apple, the functionality they do support is nicely implemented, but they've left out so much that the result is only marginally useful -- at least compared to