Skip to content

Instantly share code, notes, and snippets.

Avatar
💭
Mostly on gitlab.com/dweinstein these days...

David Weinstein dweinstein

💭
Mostly on gitlab.com/dweinstein these days...
View GitHub Profile
@yrp604
yrp604 / safe-stack-notes.md
Last active Mar 29, 2017
Safe Stack Notes
View safe-stack-notes.md

Note: I've only briefly read the related CPI paper (PDF), this is just initial impressions after playing around with it a bit.

All the code and binaries I used can be downloaded here. Note that I removed -DFORTIFY_SOURCE=2 to make the examples a bit simpler.

-fsanitize=safe-stack basically seems to move stack based buffers off the actual stack, onto another segment of memory (I'll call it the fake stack). The actual stack then stores references to this segment. For example:

char buf[20];
printf("%p\n", buf);
@dweinstein
dweinstein / LICENSE
Last active Mar 30, 2016
mega rename class based on source, etc.
View LICENSE
The MIT License (MIT)
Copyright (c) 2015 David Weinstein
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
@dweinstein
dweinstein / note.md
Last active Mar 24, 2016
EHCI Extension Pack, USB, VirtualBox
View note.md

so I learned two things with usb on virtualbox (OS X):

    1. it sucks, 2) it sucks less if you enable the extension pack for ehci:
  • w/ out ehci I could not install a 28 MB APK from within boot2docker. maybe if I was willing to wait long enough but AFAICT it would not complete.

± % docker run --privileged -v=/dev/bus/usb:/dev/bus/usb --rm -t -i -v pwd:/provision analysis /bin/bash

  • w/out EHCI
@ralphtheninja
ralphtheninja / JOBS.md
Last active Jul 2, 2019
Use JOBS=max to speed up native node modules
View JOBS.md

When npm installs native node modules it uses node-gyp to compile code. This is the seam node uses for targeting different operating systems, e.g. OS X, linux, Windows etc.

By default node-gyp compiles using one core and if you have more than one you probably want to utilize that power to speed up compile time. The way node-gyp handles this is by using the JOBS environment variable, which sets the jobs variable here. This piece of code then checks the value of jobs to determine how many cores to use.

Note that if the value of JOBS is max then all cores will be used. So lets try this on leveldown. First lets check that JOBS isn't set yet:

lms@ux301|01:34|~/src/leveldb-repos/leveldown (master) $ echo $JOBS

@rongarret
rongarret / gist:d8987c9cd57bd768e1de
Last active Aug 29, 2015
Safari FILE: scheme security hole
View gist:d8987c9cd57bd768e1de
It appears that Safari does not enforce any kind of access
restrictions for XMLHTTPRequests on FILE: scheme URLs. As a
result, any HTML file on the local file system that is opened in
Safari can read any file that the user has access to (and, of
course, it can upload those files too). Here's a little
proof-of-concept. Copy and paste this into a local HTML file and
open it in Safari. It will display the contents of /etc/passwd.
<script src=https://code.jquery.com/jquery-2.1.3.min.js></script>
<script>
View gist:849eb63d28f7e7bb8c97
var test = require('tape');
var bytewise = require('bytewise');
var encode = bytewise.encode;
var MIN = bytewise.MIN;
var MAX = bytewise.MAX;
test('tuple queries', function (t) {
var yearly = tuples('reports', 'yearly');
// component keys of the tuple space query are available by index
@Fuzion24
Fuzion24 / Patching-CVE-2015-1474.md
Last active Sep 25, 2015
Patching CVE-2015-1474 -- Remotely exploitable graphics buffer overflow on my Nexus device (N5 5.0.1)
View Patching-CVE-2015-1474.md

This is a brief guide on how I patched the CVE-2015-1474 for my Nexus 5 - 5.0.1. This involes downloading and building AOSP with the patch for the vuln applied. I have attached a pre-built patched version of libui.so for the Nexus5 5.0.1 in the case you are too lazy to build it yourself (and you trust me).

Building patched libui for your nexus device

repo init -u https://android.googlesource.com/platform/manifest -b android-5.0.1_r1
repo sync -j16

cd frameworks/native
# https://android.googlesource.com/platform/frameworks/native/+/38803268570f90e97452cd9a30ac831661829091%5E%21/#F0
git cherry-pick 2bc5e811a817a8c667bca4318ae98582b0ee6dc6
View agnoster-custom.zsh-theme
# vim:ft=zsh ts=2 sw=2 sts=2
#
# agnoster's Theme - https://gist.github.com/3712874
# A Powerline-inspired theme for ZSH
#
# # README
#
# In order for this theme to render correctly, you will need a
# [Powerline-patched font](https://github.com/Lokaltog/powerline-fonts).
#
View AddJavascript.md

Android 5.0

I/chromium( 6890): [INFO:CONSOLE(37)] "AddJavascriptInterface: top[Android]: com.WebAppInterface@3847a08c - 
error: Access to java.lang.Object.getClass is blocked", source: http://[REDACTED].com/ (37)

For applications targeting Android >= 5.0, you can enumerate the methods available from inside javascript. "Enumeration of methods will be enabled for applications targeting API levels newer than KitKat (to preserve compatibility with older apps)."

@kacole2
kacole2 / CSS
Created Nov 3, 2014
Phonegap Cordova Geolocation with Google Maps Javascript API v3
View CSS
* {
-webkit-tap-highlight-color: rgba(0,0,0,0); /* make transparent link selection, adjust last value opacity 0 to 1.0 */
}
html, body {
width: 100%;
height: 100%;
padding-top: 10%;
}
You can’t perform that action at this time.