Skip to content

Instantly share code, notes, and snippets.

View Raltyro's full-sized avatar

Ralty Raltyro

55 followers · 36 following
View GitHub Profile
@aglab2
aglab2 / a.md
Last active May 29, 2024 00:43
Project 64 1.6 container escape vulnerability writeup

Vulnerable emulator is Project 64 1.6.x/1.7. 2 vulnerabilities can be used to gain arbitrary code execution from emulation container from N64 ROM.

  1. Container escape and arbitrary writes from N64 ROM outside of designated N64 RAM

Vulnerable function Compile_R4300i_SB and its friends Compile_R4300i_S* https://github.com/zeromus/pj64/blob/master/RecompilerOps.cpp#L1955C6-L2024

If non const Opcode.base is used to avoid condition at 1961-1971 which does checks properly, we can load from volatile address addr (compiled to MIPS asm inside ROM):

@angeld23
angeld23 / remove_twitter_blue_promo.user.js
Last active March 9, 2024 03:23
Remove Twitter Blue Promotions: Removes the "Get Verified" box on the Home page and the "Verified" button on the sidebar
// ==UserScript==
// @name Remove Twitter Blue Promotions
// @namespace https://d23.dev/
// @version 1.1
// @description Removes the "Get Verified" box on the Home page and the "Verified" button on the sidebar
// @author angeld23
// @match *://*.twitter.com/*
// @icon https://www.google.com/s2/favicons?sz=64&domain=twitter.com
// @grant none
// ==/UserScript==
@Ralsin
Ralsin / RalLib-Module-Require.lua
Last active April 16, 2023 20:46
Lua snippet to use RalLib. This way library can be placed into the scripts folder as well as providing support to Android system.
local scriptFileName = stringSplit(scriptName, '/')
scriptFileName = scriptFileName[#scriptFileName]
local src = scriptName:sub(1, - #scriptFileName - 1)
local function warn()
debugPrint('Please download and put RalLib into the same folder as script.')
debugPrint('RalLib.lua file is not present in the scripts directory.')
debugPrint('')
debugPrint('')
end
if buildTarget == 'windows' then -- windows
@Julli4n
Julli4n / ok.js
Last active June 25, 2024 15:54
ROBLOX
/*
!! The feature that uses this endpoint has recently started rolling out to users.
!! See `App > Avatar > Profile Picture Editor`
!!
!! You may continue using this script, the only advantage is being able to
!! customize FullBody and Closeup independently.
*/
@EliteMasterEric
EliteMasterEric / DetectScreenRecorders.hx
Last active April 23, 2023 20:07
Haxe code to detect screen recording software.
/**
* A list of process names for several popular screen recording programs.
* Add more if you think of any.
*/
static final SCREEN_RECORDERS:Array<String> = [
"obs32.exe", "obs64.exe", "obs.exe",
"xsplit.core.exe", "livehime.exe", "pandatool.exe",
"yymixer.exe", "douyutool.exe", "huomaotool.exe"
];
@EliteMasterEric
EliteMasterEric / FNFEngines.md
Last active May 22, 2024 23:10
Friday Night Funkin' Game Engine Comparison

List of Friday Night Funkin' Engines:

Vanilla

The base game. Like vanilla ice cream, some people find it bland while, for others, it's their personal favorite. Only version available on Newgrounds (re-uploads of FNF or even mods aren't allowed). The Newgrounds web-only edition (no source code available) includes spritemap animations for cutscenes (the Tricky Mod uses pre-rendered videos), custom keybinds, and note splashes.

Kade Engine

One of the original modded engines, developed for the Full Ass Tricky Mod, and later separately maintained. Focused on high-level play, featuring a reworked input system, improved player stats like a results screen hitgraph, and custom keybinds. The most common engine to use in mods (even if it isn't the simplest to mod).

@HTV04
HTV04 / funkin-xmlresize.py
Last active July 1, 2022 04:23
Friday Night Funkin' XML Resizer
#!/usr/bin/env python3
# MIT License
#
# Copyright (c) 2021 HTV04
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
@ttalexander2
ttalexander2 / BinaryTreePacker.cs
Last active February 29, 2024 14:59
Texture Packer for C# ( .NET Framework)
using System;
using System.Drawing;
namespace TexturePacker
{
public class PackedNode
{
public PackedNode Left { get; private set; }
public PackedNode Right { get; private set; }
public System.Drawing.Rectangle Rect { get; private set; }
@Reselim
Reselim / distort.lua
Last active April 24, 2024 23:12
-- black frames not included
local RunService = game:GetService("RunService")
local Workspace = game:GetService("Workspace")
local Camera = Workspace.CurrentCamera
local Module = {}
Module.Position = UDim2.new(0, 0, 0, 0)
@ulidtko
ulidtko / Exploiting Lua 5.1 bytecode.md
Last active May 11, 2024 16:40 — forked from corsix/Exploiting Lua 5.1 on 32-bit Windows.md

Exploiting Lua 5.1 on x86_64

The following Lua program generates a Lua bytecode program called lua-sandbox-rce.luac, which in turn spawns a shell from within Lua 5.1 sandbox. The remainder of this document attempts to explain how this program works by a whirlwind tour of relevent bits of the Lua 5.1 virtual machine.

function outer()
  local magic -- In bytecode, the stack slot corresponding to this local is changed
  local function middle()
    local co, upval
    local ub1 = {[0] = -- Convert uint8_t to char[1]