Skip to content

Instantly share code, notes, and snippets.

Avatar
🍌
I am here to bring bananas to the people

Tom-Oliver Heidel blackjack4494

🍌
I am here to bring bananas to the people
  • Bremen/Hamburg, Germany
View GitHub Profile
View endpoints
.rdata:00007FF72615EF30 00000036 C mp.php?hardware=%s&uid=%s&wait=%.0f&prot=%i&reauth=%i
.rdata:00007FF72616B378 0000003F C prime.php?hardware=%s&uid=%s&prot=%i&lastCheck=%f&numChecks=%i
.rdata:00007FF726175E80 00000070 C messages.php?qt=messages-delete&hardware=%s&uid=%s&language=%s&type=%s&del=%i&start=%i&max=%i&timezoneOffset=%i
.rdata:00007FF726175F10 0000005F C messages.php?qt=messages-read&start=%i&max=%i&hardware=%s&uid=%s&language=%s&timezoneOffset=%i
.rdata:00007FF726176180 00000079 C communities.php?qt=communities-getsettings&hardware=%s&uid=%s&language=%s&getsettings=1&id=%i&cprot=%i&timezoneOffset=%i
.rda
@leptos-null
leptos-null / YouTube_Music_Client.md
Last active Sep 14, 2021
Writing an iOS YouTube Music client
View YouTube_Music_Client.md

Writing an iOS YouTube Music client

I’ve been using YouTube Music as my main music streaming service for almost a year and a half. The iOS client is great- I’ve never had a single complaint. It’s potentially one of the most bug free apps I’ve ever used, it has an extremely friendly, and simple, graphical interface, and the service itself is great.

I was curious how the client worked in terms of networking, and while curiosity may treat cats poorly, it lands researchers in black sites can provide a lot of insight.

Step 0

The first thing I do when reverse engineering a client is monitor HTTP requests while the application starts up, and when doing the tasks interested in. On a jailbroken iOS device, I use FLEX by FlipBoard.

@leptos-null
leptos-null / LMApiaryDeviceCrypto.h
Last active Jul 20, 2021
Fully implemented mirror of YouTube's YTApiaryDeviceCrypto class
View LMApiaryDeviceCrypto.h
//
// LMApiaryDeviceCrypto.h
//
// Created by Leptos on 11/18/18.
// Copyright © 2018 Leptos. All rights reserved.
//
#import <Foundation/Foundation.h>
#define kYouTubeBase64EncodedProjectKey @"vOU14u6GkupSL2pLKI/B7L3pBZJpI8W92RoKHJOu3PY="
@tanaikech
tanaikech / submit.md
Last active Oct 16, 2021
Downloading Files From Google Drive Under No Authorization Using Browser
View submit.md

Downloading Files From Google Drive Under No Authorization Using Browser

This is a sample script for downloading files from Google Drive under no authorization using browser. By using this sample, you can make other users download files from your Google Drive. Even if the other users are not Google users, they can download the files.

Demo

@Prajjwal
Prajjwal / ephemeral-file-sharing-services.md
Last active Aug 3, 2021
A List of Ephemeral File Sharing Services
View ephemeral-file-sharing-services.md

A List of Ephemeral File Sharing Services

Contributions welcome.

~ Prajjwal Singh

Service CLI? Max Size Direct Access Files Expire? Can Limit Download Count? Password Protection HTTPS
c-v.sh curl -F 4 GB Yes Yes, by Mister Alg. No No Enforced
FileIO Yes 5 GB Yes Optionally Fixed @ 1 No Yes
@JBou
JBou / SoundCloud API Endpoints.cs
Last active Apr 24, 2021
SoundCloud API Endpoints
View SoundCloud API Endpoints.cs
//Authorization
{ ApiCommand.AuthorizationCodeFlow, new Uri("https://soundcloud.com/connect?scope=non-expiring&client_id={0}&response_type={1}&redirect_uri={2}") },
{ ApiCommand.UserAgentFlow, new Uri("https://soundcloud.com/connect?client_id={0}&response_type=token&redirect_uri={1}") },
{ ApiCommand.UserCredentialsFlow, new Uri("https://api.soundcloud.com/oauth2/token?client_id={0}&client_secret={1}&grant_type=password&username={2}&password={3}") },
{ ApiCommand.RefreshToken, new Uri("https://api.soundcloud.com/oauth2/token?client_id={0}&client_secret={1}&grant_type=refresh_token&refresh_token={2}") },
//Me
{ ApiCommand.Me, new Uri("https://api.soundcloud.com/me.json") },
{ ApiCommand.MeTracks, new Uri("https://api.soundcloud.com/me/tracks.json") },
{ ApiCommand.MeComments, new Uri("https://api.soundcloud.com/me/comments.json") },
@awesomebytes
awesomebytes / threaded_function_python.md
Last active May 18, 2021
Make a function or method threaded in python with a decorator
View threaded_function_python.md

How to make a python function or class method threaded

From this stack overflow question I got this great snippet.

# Threaded function snippet
def threaded(fn):
    """To use as decorator to make a function call threaded.
    Needs import
    from threading import Thread"""
@Zearin
Zearin / python_decorator_guide.md
Last active Oct 21, 2021
The best explanation of Python decorators I’ve ever seen. (An archived answer from StackOverflow.)
View python_decorator_guide.md

NOTE: This is a question I found on StackOverflow which I’ve archived here, because the answer is so effing phenomenal.


Q: How can I make a chain of function decorators in Python?


If you are not into long explanations, see [Paolo Bergantino’s answer][2].

@gavinhungry
gavinhungry / nginx-tls.conf
Last active Oct 21, 2021
Nginx SSL/TLS configuration for "A+" Qualys SSL Labs rating
View nginx-tls.conf
#
# Name: nginx-tls.conf
# Auth: Gavin Lloyd <gavinhungry@gmail.com>
# Desc: Nginx SSL/TLS configuration for "A+" Qualys SSL Labs rating
#
# Enables HTTP/2, PFS, HSTS and OCSP stapling. Configuration options not related
# to SSL/TLS are not included here.
#
# Additional tips:
#
@johndrinkwater
johndrinkwater / dualshock-research
Last active Oct 10, 2021
I’m interested in writing (or helping to spec out the protocol so someone else can write) the linux kernel driver for Sony’s DualShock 4 (PS4’s lovely controller) Currently using the output of HID RAW from a USB connected dualshock 4… For the gyro/touchpad discovery, I’ve just been using some terrible c code to throw numbers on the screen and it…
View dualshock-research
TADA, it’s `hexdump -v -e '64/1 "%02x" "\n"' < /dev/hidraw3`
No idea what the first byte is… but I’m going to assume its for device ID for the many users that are connected, but it probably has to be set by the connected machine?
01ff777f7f0800aa0000435dfdf1ff14000200c5ff0721150300000000001b000001fc9133a32990880428008000000080000000008000000080000000008000
↑↑↑↑
left stick, value, first field is horz (00 left), second field is vertical (00 top)
017f80ff61080064000059f2fdfffffbff0e00d107081e9bf600000000001b0000018e94b1b00690880428008000000080000000008000000080000000008000
↑↑↑↑