Skip to content

Instantly share code, notes, and snippets.

View DanielGibson's full-sized avatar

Daniel Gibson DanielGibson

111 followers · 1 following
View GitHub Profile
@DanielGibson
DanielGibson / OMG.md
Last active January 31, 2024 17:52
ULTRA-SOPHISTICATED 0DAY APT SUPERMALWARE PROXY EXE

Inspired by our understanding of what CVE-2024-23940 does (see https://medium.com/@s1kr10s/av-when-a-friend-becomes-an-enemy-55f41aba42b1) HORST, the 1337est of hackers, infamous for having hacked THE DIALER back in 1998, has developed the next generation of that attack, and kindly gave me permission to demonstrate it here!

It turns out that you can't just write Proxy-DLLs that pass on function calls to original DLLs and also do evil things, but you can also create a Proxy Executable that calls the original exe and also does evil things!

Usage

@DanielGibson
DanielGibson / sdl2test.c
Last active January 16, 2024 13:38
test SDL2 input (mouse and keyboard events)
/*
* SDL2 mousebutton test
*
* build with:
* $ gcc $(sdl2-config --cflags) -o sdl2test sdl2test.c $(sdl2-config --libs)
*/
#include <stdio.h>
#include <SDL.h>
#include <errno.h>
@DanielGibson
DanielGibson / XPlatformSockets.h
Last active January 13, 2024 13:55
Mostly finished/usable crossplatform sockets (UNIX/BSD sockets vs Winsocks) abstraction
// Crossplatform-Sockets-API ("XSA"), abstracting the differences between
// UNIX Sockets (from Linux, *BSD, OSX, ...) and Winsock (WSA)
/*
* (C) 2017-2021 Daniel Gibson
*
* License:
* This software is dual-licensed to the public domain and under the following
* license: you are granted a perpetual, irrevocable license to copy, modify,
* publish, and distribute this file as you see fit.
@DanielGibson
DanielGibson / colormap.h
Last active December 17, 2023 06:06
Tool that converts Quake2 .wal to .png (needs stb_image_write.h), most probably won't work on Windows without some changes
// the Quake2 standard colormap/palette
static unsigned char colormap[256][3] = {
{0, 0, 0}, {15, 15, 15}, {31, 31, 31}, {47, 47, 47}, {63, 63, 63}, {75, 75, 75},
{91, 91, 91}, {107, 107, 107}, {123, 123, 123}, {139, 139, 139}, {155, 155, 155}, {171, 171, 171},
{187, 187, 187}, {203, 203, 203}, {219, 219, 219}, {235, 235, 235}, {99, 75, 35}, {91, 67, 31},
{83, 63, 31}, {79, 59, 27}, {71, 55, 27}, {63, 47, 23}, {59, 43, 23}, {51, 39, 19},
{47, 35, 19}, {43, 31, 19}, {39, 27, 15}, {35, 23, 15}, {27, 19, 11}, {23, 15, 11},
{19, 15, 7}, {15, 11, 7}, {95, 95, 111}, {91, 91, 103}, {91, 83, 95}, {87, 79, 91},
{83, 75, 83}, {79, 71, 75}, {71, 63, 67}, {63, 59, 59}, {59, 55, 55}, {51, 47, 47},
{47, 43, 43}, {39, 39, 39}, {35, 35, 35}, {27, 27, 27}, {23, 23, 23}, {19, 19, 19},
@DanielGibson
DanielGibson / pulsar_kb_ledcontrol.c
Last active November 27, 2023 17:36
Hacky Linux tool to explore Pulsar PCMK TKL Keyboard LED control (incl. documentation of that protocol)
/* Based on https://github.com/torvalds/linux/blob/master/samples/hidraw/hid-example.c
*
* This is for "0416:b23c Winbond Electronics Corp. PCMK TKL"
* USB VID 0x0416, PID 0xb23c, using a Winbond/Nuvoton Chip (NUC121SC2AE),
* sometimes also identified as Winbond "Gaming Keyboard",
* My actual device is a Pulsar PCMK TKL Barebone in ISO layout, but reportedly
* there are other devices with the same USB ID, like "KT108" or some from "WIANXP"
* that *might* use the same protocol, see also https://usb-ids.gowdy.us/read/UD/0416/b23c
*
* -------------------------
@DanielGibson
DanielGibson / energy.sh
Created March 10, 2023 18:36
print current energy consumption of (AMD?) CPU every second, on Linux
#!/bin/bash
export LC_ALL=C
VAL=`cat /sys/class/powercap/intel-rapl:0/energy_uj`
while true ; do
# yes, this is probably not super-precise due to just using sleep and not measuring the time..
sleep 1
NEWVAL=`cat /sys/class/powercap/intel-rapl:0/energy_uj`
DIFF=$(($NEWVAL-$VAL))
@DanielGibson
DanielGibson / guess_libstdcpp_ver.c
Last active April 3, 2022 19:44
Find out which version of libstdc++.so.6, libgcc_s.so.1 and libSDL2-2.0.so.0 is installed on a (x86 or x86_64) Linux system
/*
* Try to find out the libstdc++.so.6 version on the (x86 or x86_64) Linux
* system this is executed on.
* (you could then use that information to decide whether to use LD_PRELOAD
* or LD_LIBRARY_PATH to make a C++ program launched from here use a newer
* version of libstdc++.so.6 that you provide)
*
* (C) 2017 Daniel Gibson
*
* LICENSE
@DanielGibson
DanielGibson / vbox_osx_howto.txt
Last active February 18, 2022 17:53
How to install OSX in VirtualBox
* On a Mac/other OSX VM, get El Capitan in AppStore
* Similar for High Sierra, see https://gist.github.com/agentsim/00cc38c693e7d0e1b36a2080870d955b#gistcomment-2214881
for the changed script.
You might have to reboot your Mac after Downloading High Sierra in the AppStore,
in case the first hdiutil attach ... step fails.
* (Create install ISO with following script:)
#!/bin/bash
# Mount the Installer image
@DanielGibson
DanielGibson / CMakeLists.txt
Last active September 5, 2021 06:39
SDL2 + CMake test
cmake_minimum_required(VERSION 2.8.11)
# this can be used to test if both SDL2_LIBRARIES/SDL2_INCLUDE_DIRS
# and SDL2::SDL2/SDL2::SDL2main can be used to build an SDL2 application
# it also prints all properties of SDL2::SDL2 and SDL2::SDL2main and the
# values of SDL2_LIBRARIES/SDL2_LIBDIR/SDL2_INCLUDEDIRS
# you might have to disable printing the properties, see comment around line 66
project(SDL2Test)
@DanielGibson
DanielGibson / encPng.c
Created July 18, 2015 02:30
Hacky cmdline app that converts to png with several encoders for comparison
/*
* Encodes a given file to png using stb_image_write, miniz, lodepng and libpng
*
* Useful to compare the compression ratios achievable with the different encoders.
* Blog post with results: http://wp.me/pEPJ4-5U
*
* Needs:
* - stb_image.h and stb_image_write.h from https://github.com/nothings/stb
* - lodepng.c and lodepng.h from http://lodev.org/lodepng/
* - miniz.c from https://github.com/richgel999/miniz