Skip to content

Instantly share code, notes, and snippets.

Hack the planet!

David Buchanan DavidBuchanan314

Hack the planet!
View GitHub Profile
DavidBuchanan314 /
Last active March 16, 2023 12:24
Patch aarch64 widevine blobs from ChromeOS to work on non-ChromeOS linux, including platforms with 16K page size like Apple Silicon / Asahi Linux
MIT License
Copyright (c) 2023 David Buchanan
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
View fake_widevine.js
// ==UserScript==
// @name Fake Widevine
// @namespace
// @version 0.1
// @description Fake the presence of a functional Widevine CDM - enough to get the spotify UI to launch, so you can pick another playback device.
// @author David Buchanan
// @match*
// @icon
// @grant none
// ==/UserScript==
import pygame
WHITE = (0xff, 0xff, 0xff)
screen = pygame.display.set_mode((128, 128))
clock = pygame.time.Clock()
arrow_surface = pygame.surface.Surface((64, 64))
pygame.draw.aaline(arrow_surface, WHITE, (32, 0), (32, 64))
DavidBuchanan314 /
Last active January 8, 2023 04:41
Demo of rendering TrueType fonts in the terminal, in a figlet-like way. (p.s. it segfaults occasionally, lol)
import cairocffi
import pangocffi
import pangocairocffi
import sys
import os
width, height = os.get_terminal_size().columns, 1024
except OSError:
# There doesn't seem to be a neat way of figuring out the size of some text without
View linux_syscall_hook_by_chatgpt.c
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/syscalls.h>
#include <linux/kallsyms.h>
/* Function that replaces the original setuid syscall.
* It behaves the same as the original syscall, except it also
* checks if the provided uid is 0 (root), and if so,
* it grants the calling process root privileges.
View parse_bin_string.c
#include <stdio.h>
#define IS_DIG(x) (((x)|1)=='1')
#define SLEN(s) ((sizeof s)-1)
#define RIDX(s,x) ((x)<SLEN(s)?s[SLEN(s)-1-(x)]:0)
#define CNT(s,x,n) ((x)<n?IS_DIG(RIDX(s,(x))):0)
#define CNT4(s,x,n) (CNT(s,x+0,n)+CNT(s,x+1,n)+CNT(s,x+2,n)+CNT(s,x+3,n))
#define CNT16(s,x,n) (CNT4(s,x+0,n)+CNT4(s,x+4,n)+CNT4(s,x+8,n)+CNT4(s,x+12,n))
#define CNT64(s,x,n) (CNT16(s,x+0,n)+CNT16(s,x+16,n)+CNT16(s,x+32,n)+CNT16(s,x+48,n))
#define VAL(s,x) ((RIDX(s,x)=='1')<<(CNT64(s,0,x)))
#define VAL4(s,x) (VAL(s,x+0)+VAL(s,x+1)+VAL(s,x+2)+VAL(s,x+3))

MD5 Collision with CRC32 Preimage

Here's the scenario: We want to craft two different messages with the same MD5 hash, and a specific CRC32 checksum, simultaneously.

In other words, we want an MD5 collision attack and a CRC32 preimage attack.

This might seem like a contrived scenario, but it's exactly the one I faced while producing my PNG hashquine (Yes OK maybe that's also a contrived scenario, cut me some slack).

On its own, a CRC32 preimage attack is trivial. You can craft a 4-byte suffix that gives any message a specific checksum, calculated using a closed-form expression (which I am too lazy to derive, not even with assistance from Z3). It's not an attack per-se, since CRC32 was never meant to be cryptograpically secure in the first place.

import os
import sys
This (pure!) python script streams a gzip-compressed YUV4MPEG video to stdout.
It easily runs at 1080p60fps on my machine.
Pipe it into a media player like this:
python3 | mbuffer | gunzip - | mpv -
import os
import sys
This (pure!) python script streams a YUV4MPEG format video to stdout. It easily
runs at 1080p60fps on my machine.
Pipe it into a media player like this:
python3 | mpv -
import inspect
# helper function to visualise the results
def print_table(width, height, function):
grid = [[" "]*(width + 1) for _ in range(10)]
for n in range(1, 118+1):
y, x = function(n)
grid[y][x] = str(n).ljust(3)
for x in range(1, width+1):