Hector Martin marcan

## rpi_cam_auth.py
import hmac, hashlib

# Data from I²C trace at https://hackaday.io/project/19480-raspberry-pi-camera-v21-reversed/log/52547-i2c-logic-analyzer-trace
# Secret key from VideoCore blob

# serial[8], serial[7:4], serial[3:0]
serial = bytes.fromhex("EE8C196D8301230B59")

# rPi -> camera random number
numIn = bytes.fromhex("5805F3C898C3133154498E082F2E703516F2DBD1")

## glibc-2.29-reiwa.patch
--- glibc-2.29/localedata/locales/ja_JP.old	2019-04-01 17:26:52.808154026 +0900
+++ glibc-2.29/localedata/locales/ja_JP	2019-04-01 17:38:48.872822551 +0900
@@ -14946,7 +14946,9 @@

 t_fmt_ampm "%p%I<U6642>%M<U5206>%S<U79D2>"

-era	"+:2:1990//01//01:+*:<U5E73><U6210>:%EC%Ey<U5E74>";/
+era	"+:2:2020//01//01:+*:<U4EE4><U548C>:%EC%Ey<U5E74>";/
+	"+:1:2019//05//01:2019//12//31:<U4EE4><U548C>:%EC<U5143><U5E74>";/
+	"+:2:1990//01//01:2019//04//30:<U5E73><U6210>:%EC%Ey<U5E74>";/

## starlet_memory_map.txt
Starlet memory map

00000000-04000000: MEM1 area (2 mirrors, 0x2000000 each)
	0000000-1800000: MEM1 (0x1800000)
	1800000-2000000: unimplemented / bus noise / junk? (looks like uninitialized memory but unwritable)

04000000-08000000: unimplemented, read as zeroes

08000000-10000000: register/SRAM area (8 mirrors, 0x800000 each)
	000000-400000: registers (4 mirrors, 0x100000 each) CANONICAL ADDRESSES: 0x0d000000 and 0x0d800000

## grandpianist_convert.py
#!/usr/bin/python3
import mido, sys

mid = mido.MidiFile(sys.argv[1])
new_track = mido.MidiTrack()

sustain = 0
last = 0
t = 0
for ev in mido.merge_tracks(mid.tracks):

## stress_monitor.py
#!/usr/bin/env python3
import time, math, threading, struct, sys, os.path, random
import obswebsocket, obswebsocket.requests

client = obswebsocket.obsws("localhost", 4444)
client.connect()

source_patterns = [
    "RTMP", "JACK", "AUX"
]

## machodump.py
#!/usr/bin/python
import sys
from construct import *

LoadCmdType = "LoadCmdType" / Enum(Int32ul,
    UNIXTHREAD = 0x05,
    SEGMENT_64 = 0x19,
    UUID = 0x1b,
    BUILD_VERSION = 0x32,
    DYLD_CHAINED_FIXUPS = 0x80000034,

## 2021-02-05-coverletter.txt
From 82f995d4e164795c69a3c67be44eacfa8f5c3c14 Mon Sep 17 00:00:00 2001
From: Hector Martin <marcan@marcan.st>
Date: Fri, 5 Feb 2021 05:34:10 +0900
Subject: [PATCH 00/18] Apple M1 SoC platform bring-up
To: Hector Martin <marcan@marcan.st>
To: soc@kernel.org
Cc: linux-arm-kernel@lists.infradead.org
Cc: Marc Zyngier <maz@kernel.org>
Cc: robh+dt@kernel.org
Cc: Arnd Bergmann <arnd@kernel.org>

## m1racles-poc.c
/*
 * m1racle-poc: a basic proof of concept for the M1RACLES vulnerability in the Apple M1.
 *
 * This program allows you to read and write the state of the s3_5_c15_c10_1 CPU register.
 *
 * Please visit m1racles.com for more information.
 *
 * Licensed under the MIT license.
 */

## m1cat.c
/*
 * m1cat: a proof of concept for the M1RACLES vulnerability in the Apple M1.
 *
 * This program implements a covert channel that can be used to transmit data
 * between two processes when run on the Apple Silicon "M1" CPUs.
 *
 * The channel is slightly lossy due to (presumably) the scheduler sometimes
 * scheduling us on the wrong CPU cluster, so this PoC sends every byte twice
 * together with some metadata/framing bits, which is usually good enough.
 * A better approach would be to use proper FEC or something like that.

## turnitdown.py
#!/usr/bin/python3
#
# turnitdown.py - normalize Spotify playback volume on Google Cast devices
#
# Dependencies: pychromecast, spotipy
#
# Usage: register a Spotify app and put the credentials in the
# SPOTIPY_CLIENT_ID and SPOTIPY_CLIENT_SECRET environment variables.
# Then just launch the script. It will autodetect all cast devices
# on the network.
	import hmac, hashlib

	# Data from I²C trace at https://hackaday.io/project/19480-raspberry-pi-camera-v21-reversed/log/52547-i2c-logic-analyzer-trace
	# Secret key from VideoCore blob

	# serial[8], serial[7:4], serial[3:0]
	serial = bytes.fromhex("EE8C196D8301230B59")

	# rPi -> camera random number
	numIn = bytes.fromhex("5805F3C898C3133154498E082F2E703516F2DBD1")
	--- glibc-2.29/localedata/locales/ja_JP.old 2019-04-01 17:26:52.808154026 +0900
	+++ glibc-2.29/localedata/locales/ja_JP 2019-04-01 17:38:48.872822551 +0900
	@@ -14946,7 +14946,9 @@

	t_fmt_ampm "%p%I<U6642>%M<U5206>%S<U79D2>"

	-era "+:2:1990//01//01:+*:<U5E73><U6210>:%EC%Ey<U5E74>";/
	+era "+:2:2020//01//01:+*:<U4EE4><U548C>:%EC%Ey<U5E74>";/
	+ "+:1:2019//05//01:2019//12//31:<U4EE4><U548C>:%EC<U5143><U5E74>";/
	+ "+:2:1990//01//01:2019//04//30:<U5E73><U6210>:%EC%Ey<U5E74>";/
	Starlet memory map

	00000000-04000000: MEM1 area (2 mirrors, 0x2000000 each)
	0000000-1800000: MEM1 (0x1800000)
	1800000-2000000: unimplemented / bus noise / junk? (looks like uninitialized memory but unwritable)

	04000000-08000000: unimplemented, read as zeroes

	08000000-10000000: register/SRAM area (8 mirrors, 0x800000 each)
	000000-400000: registers (4 mirrors, 0x100000 each) CANONICAL ADDRESSES: 0x0d000000 and 0x0d800000
	#!/usr/bin/python3
	import mido, sys

	mid = mido.MidiFile(sys.argv[1])
	new_track = mido.MidiTrack()

	sustain = 0
	last = 0
	t = 0
	for ev in mido.merge_tracks(mid.tracks):
	#!/usr/bin/env python3
	import time, math, threading, struct, sys, os.path, random
	import obswebsocket, obswebsocket.requests

	client = obswebsocket.obsws("localhost", 4444)
	client.connect()

	source_patterns = [
	"RTMP", "JACK", "AUX"
	]
	#!/usr/bin/python
	import sys
	from construct import *

	LoadCmdType = "LoadCmdType" / Enum(Int32ul,
	UNIXTHREAD = 0x05,
	SEGMENT_64 = 0x19,
	UUID = 0x1b,
	BUILD_VERSION = 0x32,
	DYLD_CHAINED_FIXUPS = 0x80000034,
	From 82f995d4e164795c69a3c67be44eacfa8f5c3c14 Mon Sep 17 00:00:00 2001
	From: Hector Martin <marcan@marcan.st>
	Date: Fri, 5 Feb 2021 05:34:10 +0900
	Subject: [PATCH 00/18] Apple M1 SoC platform bring-up
	To: Hector Martin <marcan@marcan.st>
	To: soc@kernel.org
	Cc: linux-arm-kernel@lists.infradead.org
	Cc: Marc Zyngier <maz@kernel.org>
	Cc: robh+dt@kernel.org
	Cc: Arnd Bergmann <arnd@kernel.org>
	/*
	* m1racle-poc: a basic proof of concept for the M1RACLES vulnerability in the Apple M1.
	*
	* This program allows you to read and write the state of the s3_5_c15_c10_1 CPU register.
	*
	* Please visit m1racles.com for more information.
	*
	* Licensed under the MIT license.
	*/
	/*
	* m1cat: a proof of concept for the M1RACLES vulnerability in the Apple M1.
	*
	* This program implements a covert channel that can be used to transmit data
	* between two processes when run on the Apple Silicon "M1" CPUs.
	*
	* The channel is slightly lossy due to (presumably) the scheduler sometimes
	* scheduling us on the wrong CPU cluster, so this PoC sends every byte twice
	* together with some metadata/framing bits, which is usually good enough.
	* A better approach would be to use proper FEC or something like that.
	#!/usr/bin/python3
	#
	# turnitdown.py - normalize Spotify playback volume on Google Cast devices
	#
	# Dependencies: pychromecast, spotipy
	#
	# Usage: register a Spotify app and put the credentials in the
	# SPOTIPY_CLIENT_ID and SPOTIPY_CLIENT_SECRET environment variables.
	# Then just launch the script. It will autodetect all cast devices
	# on the network.