Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

View CreateRemoteThread's full-sized avatar
💭
fuck

Norm CreateRemoteThread

💭
fuck
51 followers · 99 following
View GitHub Profile
@lauhayden
lauhayden / mono-fm.py
Created February 10, 2021 02:43
Simple mono FM radio demodulator in Python
"""
Mono FM Demodulator
Dependencies:
numpy
scipy
This script is meant to take in raw IQ samples from stdin and output audio samples via stdout.
An SDR utility like rtl_sdr (from librtlsdr) can be used to capture IQ samples and a media
@four0four
four0four / 01-zynq-uart.md
Last active September 16, 2023 03:02
Zynq BootROM Secrets - UART loader

Zynq BootROM Secrets: UART loader

Recently I acquired (md5: ADF639AFE9855EE86C8FAAD216C970D9) the Zynq bootrom, and during the reversing process uncovered some interesting secrets, one of which is an as-of-yet undocumented UART loader. As documented the Zynq bootrom will load from NOR/NAND/SPI flashes, eMMC/SDIO-based storage (unfortunately) not USB, or anything else more complex.

Not sure why Xilinx didn't document this. In my brief testing it is super unreliable if you just spit everything at once - they reset the RX/TX paths during the process, so timing is critical, but that might be the janky meter-long ftdi cable. You can change the baudrate during the process, but I was too lazy to do the math.

Here's the disassembly that made me look twice (that, and checks for the MIO boot_mode[2:0] that weren't specified in the docs :)):

ROM:0000A220 BL              uart_init
@ErikAugust
ErikAugust / spectre.c
Last active April 15, 2024 13:55
Spectre example code
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#ifdef _MSC_VER
#include <intrin.h> /* for rdtscp and clflush */
#pragma optimize("gt",on)
#else
#include <x86intrin.h> /* for rdtscp and clflush */
#endif
@staaldraad
staaldraad / veripos_fuzz.py
Last active June 30, 2022 17:49
Fuzz Verifone PoS terminals through exposed port
#!/usr/env/python
'''
Script for fuzzing verifone terminal/pos devices. This is a bad reverse-engineer and implementation of the official protocol: http://web.archive.org/web/20120603221525/http://www.verifone.com/PDF/guides/tcl_ref.pdf
Should work fine. Official docs were only found after the initial implementation. Not fully tested with CRC-16 checksum correctly implemented.
Author: etienne@sensepost.com
Version: 1.0
License: GNU GENERAL PUBLIC LICENSE (GNU) Version 2
'''
@Tatsh
Tatsh / screenshot-win32.c
Created May 10, 2012 03:52
Make a screen shot (Win32)
#include <windows.h>
#include <stdio.h>
void errhandler(char *msg) {
printf("%s\n", msg);
}
PBITMAPINFO CreateBitmapInfoStruct(HWND hwnd, HBITMAP hBmp)
{
BITMAP bmp;
@ayosec
ayosec / README.md
Created January 29, 2012 11:55
GDB commands to trace calls to malloc/free

Attach to a running process with

  gdb -x trace-dyn-mem -p $PID

After every malloc the returned value (the allocated address) will be read from the RAX (64 bits) register.

After every free the last item in the backtrace (the free itself) will be shown. With the libc6-dbg package installed you can see the address passed as the first argument of free.