Skip to content

Instantly share code, notes, and snippets.

Avatar

Hector Martin marcan

View GitHub Profile
@marcan
marcan / gamma_trick.sh
Last active Aug 3, 2022
Two images in one using the PNG gamma header trick.
View gamma_trick.sh
#!/bin/sh
# PNG Gamma trick (by @marcan42 / marcan@marcan.st)
#
# This script implements an improved version of the gamma trick used to make
# thumbnail images on reddit/4chan look different from the full-size image.
#
# Sample output (SFW; images by @Miluda):
# https://mrcn.st/t/homura_gamma_trick.png
# https://www.reddit.com/r/test/comments/6edthw/ (click for fullsize)
# https://twitter.com/marcan42/status/869855956842143744
@marcan
marcan / linux.sh
Last active Aug 1, 2022
Linux kernel initialization, translated to bash
View linux.sh
#!/boot/bzImage
# Linux kernel userspace initialization code, translated to bash
# (Minus floppy disk handling, because seriously, it's 2017.)
# Not 100% accurate, but gives you a good idea of how kernel init works
# GPLv2, Copyright 2017 Hector Martin <marcan@marcan.st>
# Based on Linux 4.10-rc2.
# Note: pretend chroot is a builtin and affects the current process
# Note: kernel actually uses major/minor device numbers instead of device name
@marcan
marcan / CRCH35U31CIS_FP notes.md
Last active Jul 31, 2022
CRCH35U31CIS_FP HDD cage logs
View CRCH35U31CIS_FP notes.md

Topology: VL822 hub + 4x ASM235CM (?) USB Gen2 - SATA bridges.

Tested with 4x WDC WD80EAZZ-00BKLB0 on an AMD X399 chipset.

~200MB/s from a single drive (this is about what the drive can do).

On a Gen1 port, I get ~400MB/s across all 4 drives. On a Gen2 port, ~800MB/s, give or take.

Power buttons power cycle the individual ASMedia controllers.

View m1racles-poc.c
/*
* m1racle-poc: a basic proof of concept for the M1RACLES vulnerability in the Apple M1.
*
* This program allows you to read and write the state of the s3_5_c15_c10_1 CPU register.
*
* Please visit m1racles.com for more information.
*
* Licensed under the MIT license.
*/
@marcan
marcan / canon-ef-protocol-notes.md
Last active Jul 1, 2022
Canon EF protocol notes
View canon-ef-protocol-notes.md

Testing done using a Canon EOS 600D and a Canon EF-S18-55mm f/3.5-5.6 IS II.

Pinout

  1. VBAT
  2. DET (common with P-GND on lens side)
  3. P-GND
  4. VDD
  5. DCL
  6. DLC
@marcan
marcan / roca_test.py
Last active Jun 20, 2022
Non-obfuscated version of the ROCA Infineon RSA key test
View roca_test.py
#!/usr/bin/python
import sys
# Credit: https://crypto.stackexchange.com/questions/52292/what-is-fast-prime
generators = [
(2, 11), (6, 13), (8, 17), (9, 19), (3, 37), (26, 53), (20, 61), (35, 71),
(24, 73), (13, 79), (6, 97), (51, 103), (53, 107), (54, 109), (42, 127),
(50, 151), (78, 157),
]
@marcan
marcan / m1cat.c
Last active Jun 1, 2022
m1cat: a PoC for the M1RACLES covert channel vulnerability in the Apple M1
View m1cat.c
/*
* m1cat: a proof of concept for the M1RACLES vulnerability in the Apple M1.
*
* This program implements a covert channel that can be used to transmit data
* between two processes when run on the Apple Silicon "M1" CPUs.
*
* The channel is slightly lossy due to (presumably) the scheduler sometimes
* scheduling us on the wrong CPU cluster, so this PoC sends every byte twice
* together with some metadata/framing bits, which is usually good enough.
* A better approach would be to use proper FEC or something like that.
View furitool.js
var katescript = {
"author": "Hector Martin <marcan@marcan.st>",
"license": "BSD",
"revision": 1,
"kate-version": "5.1",
"functions": ["furiTool"],
"actions": [
{ "function": "furiTool",
"name": "Insert Furigana",
"category": "Quick Coding",
@marcan
marcan / asm.py
Created Dec 22, 2018
Python module to assemble snippets of code
View asm.py
#!/usr/bin/env python
import os, tempfile, shutil, subprocess
class AsmException(Exception):
pass
class BaseAsm(object):
def __init__(self, source, addr = 0):
self.source = source
self._tmp = tempfile.mkdtemp() + os.sep
@marcan
marcan / xt256img.py
Last active Mar 11, 2022
Image to xterm-256 Unicode block art converter
View xt256img.py
#!/usr/bin/env python3
from __future__ import print_function
import sys, argparse, codecs
from PIL import Image, ImagePalette
xterm256colors = [ # http://pln.jonas.me/xterm-colors
0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x80, 0x80, 0x00,
0x00, 0x00, 0x80, 0x80, 0x00, 0x80, 0x00, 0x80, 0x80, 0xc0, 0xc0, 0xc0,
0x80, 0x80, 0x80, 0xff, 0x00, 0x00, 0x00, 0xff, 0x00, 0xff, 0xff, 0x00,
0x00, 0x00, 0xff, 0xff, 0x00, 0xff, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff,