Skip to content

Instantly share code, notes, and snippets.

View graste's full-sized avatar

Steffen Gransow graste

93 followers · 570 following
View GitHub Profile
@graste
graste / HowToOTG.md
Created April 7, 2024 12:31 — forked from gbaman/HowToOTG.md
Simple guide for setting up OTG modes on the Raspberry Pi Zero

Raspberry Pi Zero OTG Mode

Simple guide for setting up OTG modes on the Raspberry Pi Zero - By Andrew Mulholland (gbaman).

The Raspberry Pi Zero (and model A and A+) support USB On The Go, given the processor is connected directly to the USB port, unlike on the B, B+ or Pi 2 B, which goes via a USB hub.
Because of this, if setup to, the Pi can act as a USB slave instead, providing virtual serial (a terminal), virtual ethernet, virtual mass storage device (pendrive) or even other virtual devices like HID, MIDI, or act as a virtual webcam!
It is important to note that, although the model A and A+ can support being a USB slave, they are missing the ID pin (is tied to ground internally) so are unable to dynamically switch between USB master/slave mode. As such, they default to USB master mode. There is no easy way to change this right now.
It is also important to note, that a USB to UART serial adapter is not needed for any of these guides, as may be documented elsewhere across the int

@graste
graste / strace.md
Last active November 14, 2023 12:09
strace process for network and memory and other syscalls

File activity

strace -e trace=file -fp PID (file) or strace -e trace=desc -fp PID (file descriptors)

Common calls:

  • access
  • close – close file handle
  • fchmod – change file permissions
  • fchown – change file ownership
@graste
graste / lack_escape_content-disposition_filename.md
Created September 15, 2023 21:27 — forked from motoyasu-saburi/lack_escape_content-disposition_filename.md
Land Mine named "Content-Disposition > filename"

TL;DR

  • I found 1 browser, 1 language, and 15 vulnerabilities in { Web Framework, HTTP Client library, Email library / Web Service, etc }
  • All the vulnerabilities I found were found from a single perspective (I investigated maybe 50-80 products).
  • The RFC description of the problem (rather confusingly) describes the requirements for this problem, while the WHATWG > HTML Spec is well documented.
  • The problem is clearly targeted at the Content-Disposition fields filename and filename*.
  • This problem affects HTTP Request/Response/Email in different ways.
    • HTTP Request : request tampering (especially with file contents, tainting of other fields, etc.)
    • HTTP Response : Reflect File Download vulnerability
  • Email : Attachment tampering (e.g., extension and filename tampering and potential file content tampering)
@graste
graste / gsap-eases.css
Last active August 25, 2023 19:12 — forked from jh3y/gsap-eases.css
GreenSock eases with CSS linear()
:root {
--linear-in: linear(0, 1);
--linear-out: linear(0, 1);
--linear-in-out: linear(0, 1);
--power0-in: linear(0, 1);
--power0-out: linear(0, 1);
--power0-in-out: linear(0, 1);
--quad-in: linear( 0, 0.0039, 0.0156, 0.0352, 0.0625, 0.0977, 0.1407, 0.1914, 0.2499, 0.3164, 0.3906 62.5%, 0.5625, 0.7656, 1 );
--quad-out: linear( 0, 0.2342, 0.4374, 0.6093 37.49%, 0.6835, 0.7499, 0.8086, 0.8593, 0.9023, 0.9375, 0.9648, 0.9844, 0.9961, 1 );
--quad-in-out: linear( 0, 0.0027, 0.0106 7.29%, 0.0425, 0.0957, 0.1701 29.16%, 0.2477, 0.3401 41.23%, 0.5982 55.18%, 0.7044 61.56%, 0.7987, 0.875 75%, 0.9297, 0.9687, 0.9922, 1 );
@graste
graste / emmc-status.md
Created December 30, 2020 09:58
eMMC degraded bash script https://electronics.stackexchange.com/questions/218914/how-long-until-my-emmc-is-dead

Aside from estimating it, you can also ask the eMMC itself to tell you how far it has degraded so far (assuming it supports EMMC 5.1 or above).

The JEDEC standard (JESD84-B51) specifies that in the ext_csd field (offset 268-269) bytes indicate the level of type A/B wear. (value 0x1-0xA reflects 10%-100%, 0x0B means lifetime exceeded)

For example, on a typical linux distro, you could run the following script in bash to tell you:

@graste
graste / datetime.php
Last active May 22, 2023 19:30
PHP DateTime class – parsing and formatting ISO8601 dates with or w/o fractions of a second
<?php
echo 'default locale: ' . \Locale::getDefault();
echo PHP_EOL;
echo 'default timezone: ' . \date_default_timezone_get();
echo PHP_EOL;
// see http://tools.ietf.org/html/rfc3339#section-5.8 for example datetimes
// bug report on missing fractions support: https://bugs.php.net/bug.php?id=51950
// feature request for fractions support in constructor: https://bugs.php.net/bug.php?id=49779
@graste
graste / what-forces-layout.md
Created March 10, 2023 15:59 — forked from paulirish/what-forces-layout.md
What forces layout/reflow. The comprehensive list.

What forces layout / reflow

All of the below properties or methods, when requested/called in JavaScript, will trigger the browser to synchronously calculate the style and layout*. This is also called reflow or layout thrashing, and is common performance bottleneck.

Generally, all APIs that synchronously provide layout metrics will trigger forced reflow / layout. Read on for additional cases and details.

Element APIs

Getting box metrics
  • elem.offsetLeft, elem.offsetTop, elem.offsetWidth, elem.offsetHeight, elem.offsetParent
@graste
graste / ulid_converter.sql
Created January 4, 2023 19:12 — forked from kenji4569/ulid_converter.sql
ULID (26 characters in Crockford's base32) conversion for MySQL function
# Define ULID_DECODE and ULID_ENCODE which convert a ulid string to a binary and vice versa.
delimiter //
DROP FUNCTION IF EXISTS ULID_DECODE//
CREATE FUNCTION ULID_DECODE (s CHAR(26)) RETURNS BINARY(16) DETERMINISTIC
BEGIN
DECLARE s_base32 CHAR(26);
SET s_base32 = REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(UPPER(s), 'J', 'I'), 'K', 'J'), 'M', 'K'), 'N', 'L'), 'P', 'M'), 'Q', 'N'), 'R', 'O'), 'S', 'P'), 'T', 'Q'), 'V', 'R'), 'W', 'S'), 'X', 'T'), 'Y', 'U'), 'Z', 'V');
RETURN UNHEX(CONCAT(LPAD(CONV(SUBSTRING(s_base32, 1, 2), 32, 16), 2, '0'), LPAD(CONV(SUBSTRING(s_base32, 3, 12), 32, 16), 15, '0'), LPAD(CONV(SUBSTRING(s_base32, 15, 12), 32, 16), 15, '0')));
END//
@graste
graste / RequestValidatorListener.php
Created December 25, 2022 20:05 — forked from ismail1432/RequestValidatorListener.php
<?php
namespace App\EventListener;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpKernel\Event\RequestEvent;
use Symfony\Component\HttpKernel\KernelEvents;
use Symfony\Component\Validator\Validator\ValidatorInterface;
use Symfony\Component\Validator\Constraints;
@graste
graste / reconnecting_pdo.php
Created December 1, 2022 13:24 — forked from extraordinaire/reconnecting_pdo.php
Reconnectable PDO
<?php
class ReconnectingPDO
{
protected $dsn, $username, $password, $pdo, $driver_options;
public function __construct($dsn, $username = "", $password = "", $driver_options = array())
{
$this->dsn = $dsn;
$this->username = $username;
$this->password = $password;