DavidBuchanan314

"""
MIT License

Copyright (c) 2023 David Buchanan

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is

DavidBuchanan314

// ==UserScript==
// @name         Fake Widevine
// @namespace    http://tampermonkey.net/
// @version      0.1
// @description  Fake the presence of a functional Widevine CDM - enough to get the spotify UI to launch, so you can pick another playback device.
// @author       David Buchanan
// @match        https://open.spotify.com/*
// @icon         https://www.google.com/s2/favicons?sz=64&domain=spotify.com
// @grant        none
// ==/UserScript==

DavidBuchanan314

import pygame

WHITE = (0xff, 0xff, 0xff)

pygame.init()
screen = pygame.display.set_mode((128, 128))
clock = pygame.time.Clock()

arrow_surface =  pygame.surface.Surface((64, 64))
pygame.draw.aaline(arrow_surface, WHITE, (32, 0), (32, 64))

DavidBuchanan314

import cairocffi
import pangocffi
import pangocairocffi
import sys
import os

try:
	width, height = os.get_terminal_size().columns, 1024
except OSError:
	# There doesn't seem to be a neat way of figuring out the size of some text without

DavidBuchanan314

#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/syscalls.h>
#include <linux/kallsyms.h>

/* Function that replaces the original setuid syscall.
 * It behaves the same as the original syscall, except it also
 * checks if the provided uid is 0 (root), and if so,
 * it grants the calling process root privileges.
 */

DavidBuchanan314

#include <stdio.h>
#define IS_DIG(x) (((x)|1)=='1')
#define SLEN(s) ((sizeof s)-1)
#define RIDX(s,x) ((x)<SLEN(s)?s[SLEN(s)-1-(x)]:0)
#define CNT(s,x,n) ((x)<n?IS_DIG(RIDX(s,(x))):0)
#define CNT4(s,x,n) (CNT(s,x+0,n)+CNT(s,x+1,n)+CNT(s,x+2,n)+CNT(s,x+3,n))
#define CNT16(s,x,n) (CNT4(s,x+0,n)+CNT4(s,x+4,n)+CNT4(s,x+8,n)+CNT4(s,x+12,n))
#define CNT64(s,x,n) (CNT16(s,x+0,n)+CNT16(s,x+16,n)+CNT16(s,x+32,n)+CNT16(s,x+48,n))
#define VAL(s,x) ((RIDX(s,x)=='1')<<(CNT64(s,0,x)))
#define VAL4(s,x) (VAL(s,x+0)+VAL(s,x+1)+VAL(s,x+2)+VAL(s,x+3))

DavidBuchanan314

MD5 Collision with CRC32 Preimage

Here's the scenario: We want to craft two different messages with the same MD5 hash, and a specific CRC32 checksum, simultaneously.

In other words, we want an MD5 collision attack and a CRC32 preimage attack.

This might seem like a contrived scenario, but it's exactly the one I faced while producing my PNG hashquine (Yes OK maybe that's also a contrived scenario, cut me some slack).

On its own, a CRC32 preimage attack is trivial. You can craft a 4-byte suffix that gives any message a specific checksum, calculated using a closed-form expression (which I am too lazy to derive, not even with assistance from Z3). It's not an attack per-se, since CRC32 was never meant to be cryptograpically secure in the first place.

DavidBuchanan314

import os
import sys

"""
This (pure!) python script streams a gzip-compressed YUV4MPEG video to stdout.
It easily runs at 1080p60fps on my machine.

Pipe it into a media player like this:

python3 gzip_swar_life.py | mbuffer | gunzip - | mpv -

DavidBuchanan314

import os
import sys

"""
This (pure!) python script streams a YUV4MPEG format video to stdout. It easily
runs at 1080p60fps on my machine.

Pipe it into a media player like this:

python3 swar_life.py | mpv -

DavidBuchanan314

import inspect

# helper function to visualise the results
def print_table(width, height, function):
	grid = [["   "]*(width + 1) for _ in range(10)]
	for n in range(1, 118+1):
		y, x = function(n)
		grid[y][x] = str(n).ljust(3)

	for x in range(1, width+1):