Skip to content

Instantly share code, notes, and snippets.

View geekman's full-sized avatar

geekman

37 followers · 2 following
View GitHub Profile
@marcnewlin
marcnewlin / apple-hid-read-flash.py
Created March 23, 2024 15:47
#!/usr/bin/env python3
import usb.core
import struct
from collections import namedtuple
APPLE_VID = 0x05ac
Target = namedtuple("Target", ["vid", "pid", "name", "model", "total_size"])
@antonioCoco
antonioCoco / TaskManagerSecret.c
Created August 29, 2023 01:52
/*
TaskManagerSecret
Author: @splinter_code
This is a very ugly POC for a very unreliable UAC bypass through some UI hacks.
The core of this hack is stealing and using a token containing the UIAccess flag set.
A trick described by James Forshaw, so all credits to him --> https://www.tiraniddo.dev/2019/02/accessing-access-tokens-for-uiaccess.html
From there it uses a task manager "feature" to run a new High IL cmd.exe.
This has been developed only for fun and shouldn't be used due to its high unreliability.
@raplin
raplin / RPiI2sFrequencyCounter.c
Created May 28, 2023 22:48
Frequency counter for RPi that samples at 24.576Mhz and is accurate up to several Mhz, uses very little CPU (500Khz input uses 9% of one CPU core on a RPI4)
/*
RPi frequency counter
We use the RPi's I2S input (on pin 38)
Setting up I2S input:
https://learn.adafruit.com/adafruit-i2s-mems-microphone-breakout/raspberry-pi-wiring-test
Compile kernel module, modprobe it as described
(for RPI4 use 'modprobe snd-i2smic-rpi rpi_platform_generation=2')
@DavidBuchanan314
DavidBuchanan314 / widevine_fixup.py
Last active April 24, 2024 06:24
Patch aarch64 widevine blobs from ChromeOS to work on non-ChromeOS linux, including platforms with 16K page size like Apple Silicon / Asahi Linux
"""
MIT License
Copyright (c) 2023 David Buchanan
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
@stong
stong / CleanBoot.java
Last active January 27, 2024 11:35
Real World CTF 2023: Dark Portal Writeup
package org.mapleir;
import org.mapleir.app.client.SimpleApplicationContext;
import org.mapleir.app.service.ApplicationClassSource;
import org.mapleir.app.service.InstalledRuntimeClassSource;
import org.mapleir.asm.ClassHelper;
import org.mapleir.asm.ClassNode;
import org.mapleir.asm.MethodNode;
import org.mapleir.context.AnalysisContext;
import org.mapleir.context.BasicAnalysisContext;
@borzacchiello
borzacchiello / DecompilerExporter.java
Last active February 7, 2024 09:03
Ghidra script to export C pseudo-code on multiple files, including defined types
/* ###
* IP: GHIDRA
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
@Chick3nman
Chick3nman / RTX_4090_v6.2.6.Benchmark
Created October 14, 2022 00:07
Hashcat v6.2.6 benchmark on the Nvidia RTX 4090
NVIDIA Driver Version: 522.25 CUDA Version: 11.8
Credit: blazer
For benchmarking the card and allowing me to release the benchmarks here
The hashcat installation used includes a change to the tuning ALIAS.hctune file to include the RTX 4090 as "ALIAS_nv_sm50_or_higher".
The "Kernel exec timeout" warning is cosmetic and does not affect the speed of any of the benchmarked modes.
Benchmark was run at stock clocks on an Asus Strix 4090.
@jwbee
jwbee / readme.md
Last active October 15, 2022 03:44
Help me identify possible tracking device found in my car

Help me identify possible tracking device found in my car

TL;DR

I found a non-OEM electronic gadget in my car. It is wired into the ignition, and contains a 435.10 MHz radio reciever, a microcontroller, and two relays. I suspect it might be a device that allows third parties to unlock the doors and start the car with a radio.

Details

I was driving my 2020 Honda Insight EX when it started to make the annoying sound of an electromechanical relay rapidly switching on and off. When I got home I looked under the dash and straight away I could see someone other than Honda had been in here. The first thing I saw was this surface-mounted switch that doesn't belong there.

@slimsag
slimsag / ramblings.md
Last active December 13, 2023 08:02
Because cross-compiling binaries for Windows is easier than building natively

Because cross-compiling binaries for Windows is easier than building natively

I want Microsoft to do better, want Windows to be a decent development platform-and yet, I constantly see Microsoft playing the open source game: advertising how open-source and developer friendly they are - only to crush developers under the heel of the corporate behemoth's boot.

The people who work at Microsoft are amazing, kind, talented individuals. This is aimed at the company's leadership, who I feel has on many occassions crushed myself and other developers under. It's a plea for help.

The source of truth for the 'open source' C#, C++, Rust, and other Windows SDKs is proprietary

You probably haven't heard of it before, but if you've ever used win32 API bindings in C#, C++, Rust, or other languages, odds are they were generated from a repository called microsoft/win32metadata.

@LinusHenze
LinusHenze / iOS_16_Launch_Constraints.txt
Created June 15, 2022 16:30
Description of the Launch Constraints introduced in iOS 16
iOS 16 introduced launch constraints, which can be used to constraint the launch of an application.
There are three types of constraints:
Self Constraints, which the launched application itself must meet
Parent Constraints, which the parent process must meet
Responsible Constraints, which the "responsible process" must meet (I assume that the responsible process is the process that asked launchd to launch a service)
Additionally, the TrustCache format was updated (see below) to support assigning each binary a "Constraint Category", which forces Self and Parent Constraints.
Note that Self, Parent and Responsible Constraints can also be set by the process performing the launch and they can be included in the code signature, in the new blob type 0xFADE8181. In both cases, the constraints are DER encoded (just like the DER entitlements).
Constraint Categories (from TrustCache, new in version 2):