Skip to content

Instantly share code, notes, and snippets.

View kylemanna's full-sized avatar

Kyle Manna kylemanna

View GitHub Profile
smx-smx / XZ Backdoor Analysis
Last active June 2, 2024 07:22
[WIP] XZ Backdoor Analysis and symbol mapping
XZ Backdoor symbol deobfuscation. Updated as i make progress
q3k / hashes.txt
Last active May 16, 2024 16:49
liblzma backdoor strings extracted from 5.6.1 (from a built-in trie)
0810 b' from '
0678 b' ssh2'
00d8 b'%.48s:%.48s():%d (pid=%ld)\x00'
0708 b'%s'
0108 b'/usr/sbin/sshd\x00'
0870 b'Accepted password for '
01a0 b'Accepted publickey for '
0c40 b'BN_bin2bn\x00'
06d0 b'BN_bn2bin\x00'
0958 b'BN_dup\x00'
osy /
Last active June 3, 2024 01:13
TPM provides zero practical security

TPM provides zero practical security

TPM (Trusted Platform Module) is as useful for preventing real attackers as the TSA is at preventing real terrorists. The architecture is fundamentally flawed and most existing implementations are completely broken. I thought this argument was settled decades ago[1] when "trusted computing" was introduced mostly as a way to provide DRM and ownership capabilities to organizations. It has largely failed to impact the consumer market when it was introduced back in the early 2000s. However, recently there seems to be a movement by certain parties to reintroduce this failed product back to the market. Microsoft argues that in order to use Windows 11, you need TPM 2.0 compatible hardware because[2]:

The Trusted Platform Module(TPM) requirement ena

7enderhead /
Created April 1, 2023 18:45
Create BIOS Master Password for Fujitsu Laptops (6x4 Digit Version) - Python 3 Compatible
# Copyright 2009: dogbert <>
# Copyright 2023: 7enderhead (
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
zengxinhui /
Last active May 13, 2024 08:18
Replace Oracle Cloud Linux with Arch Linux remotely
See also:
1. Convert to Debian

Python Flatbuffer Object -> JSON

Crude proof of concept, criticism welcome.


$ flatc --python monster.fbs
$ python3 ./
FIXME: Equipped is a table

{"color": 0, "equipped": null, "hp": 300, "inventory": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9], "mana": 150, "name": "Orc", "path": [], "pos": {"x": 1.0, "y": 2.0, "z": 3.0}, "weapons": [{"damage": 3, "name": "Sword"}, {"damage": 5, "name": "Axe"}]}

#!/usr/bin/env bash
#export GIT_TRACE=1
set -ex
lfs_explode() {
cd "$i"
while true; do
def jobName = "job/staging"
def maxNumber = 400
// delete all builds before maxNumber
Jenkins.instance.getItemByFullName(jobName).builds.findAll { it.number <= maxNumber }.each {
Francesco149 /
Last active October 27, 2023 08:51
docker error creating new backup file '/var/lib/dpkg/status-old': Invalid cross-device link
# $Id$
# Maintainer: Tom Gundersen <>
# Contributor: Travis Willard <>
pkgdesc="glibc plugin providing host name resolution via mDNS"