Skip to content

Instantly share code, notes, and snippets.

View LuaxY's full-sized avatar

Luax LuaxY

View GitHub Profile
@gm3197
gm3197 / vas.md
Last active May 12, 2024 01:47
Reverse Engineered Value Added Services Protocol Specification

Reverse Engineered VAS Protocol Specification

Research by Grayson Martin
Last Updated 7/8/23

Introduction

Value Added Services (VAS) is the protocol used by NFC capable passes in Apple Wallet. Access to this protocol is heavily restricted on both the device end (a special certificate issued by Apple is required to create these passes) and the reader end (NDA enforced confidentiality). As such, a desire arose to better understand the protocol in order to explore additional use cases and examine its cryptographic integrity. There are gaps in understanding in certain parts of this protocol, however this document contains the minimum necessary understanding to automatically select, read data from, and decrypt a pass.

Importantly, this specification does not enable a malicious actor to read the data from a pass for which they do not have both the reader's private key, and the pass type identifier. Imp

#!/usr/bin/env python3
from __future__ import print_function
import frida
import sys
import json
import time
def on_message(message, payload):
if(message['type'] == 'send'):
@tomekbielaszewski
tomekbielaszewski / main.go
Last active August 17, 2023 19:22
Example of RabbitMQ reconnect feature. Including recovering already registered consumers.
package main
import (
"fmt"
"log"
"time"
)
func main() {
queue := NewQueue("amqp://guest:guest@localhost:5672/", "hello")
// Copy paste this script on your console
var disabled = false;
var r = confirm('Start the Autolike on this page?');
var min_time_to_decide = 300;
var max_additional_time_to_decide = 1000;
var time_to_decide = function() {
additional_time_to_decide = Math.floor(Math.random() * max_additional_time_to_decide);
return min_time_to_decide + additional_time_to_decide;
@345161974
345161974 / GoMgoSample-1.go
Created June 12, 2017 06:27 — forked from ardan-bkennedy/GoMgoSample-1.go
Sample Go and MGO example
type (
// BuoyCondition contains information for an individual station.
BuoyCondition struct {
WindSpeed float64 `bson:"wind_speed_milehour"`
WindDirection int `bson:"wind_direction_degnorth"`
WindGust float64 `bson:"gust_wind_speed_milehour"`
}
// BuoyLocation contains the buoy's location.
BuoyLocation struct {
@worawit
worawit / eternalblue_merge_shellcode.py
Last active April 3, 2024 12:25
Windows x64 and x86 kernel shellcode for eternalblue exploit
# This file has no update anymore. Please see https://github.com/worawit/MS17-010
import sys
from struct import pack
if len(sys.argv) < 4:
print('Usage: {} sc_x86 sc_x64 sc_out'.format(sys.argv[0]))
sys.exit()
sc_x86 = open(sys.argv[1], 'rb').read()
sc_x64 = open(sys.argv[2], 'rb').read()
@kristovatlas
kristovatlas / cssbanner-beautified2.js
Last active March 9, 2018 21:49
cleaned up version of cssbanner.js
//beautified at http://jsbeautifier.org/ with default options
//and then manually modified
/*jslint bitwise: true */
self.onmessage = function (msg) {
var thecode = msg.data;
/**
* Ostensibly unused function
@atoponce
atoponce / gist:07d8d4c833873be2f68c34f9afc5a78a
Last active June 1, 2024 04:56 — forked from tqbf/gist:be58d2d39690c3b366ad
Cryptographic Best Practices

Cryptographic Best Practices

Putting cryptographic primitives together is a lot like putting a jigsaw puzzle together, where all the pieces are cut exactly the same way, but there is only one correct solution. Thankfully, there are some projects out there that are working hard to make sure developers are getting it right.

The following advice comes from years of research from leading security researchers, developers, and cryptographers. This Gist was [forked from Thomas Ptacek's Gist][1] to be more readable. Additions have been added from

@gbaman
gbaman / HowToOTGFast.md
Last active May 14, 2024 10:26
Simple guide for setting up OTG modes on the Raspberry Pi Zero, the fast way!

Setting up Pi Zero OTG - The quick way (No USB keyboard, mouse, HDMI monitor needed)

More details - http://blog.gbaman.info/?p=791

For this method, alongside your Pi Zero, MicroUSB cable and MicroSD card, only an additional computer is required, which can be running Windows (with Bonjour, iTunes or Quicktime installed), Mac OS or Linux (with Avahi Daemon installed, for example Ubuntu has it built in).
1. Flash Raspbian Jessie full or Raspbian Jessie Lite onto the SD card.
2. Once Raspbian is flashed, open up the boot partition (in Windows Explorer, Finder etc) and add to the bottom of the config.txt file dtoverlay=dwc2 on a new line, then save the file.
3. If using a recent release of Jessie (Dec 2016 onwards), then create a new file simply called ssh in the SD card as well. By default SSH i