Hector Martin marcan

## ecc_crack.py
import struct, time
## This experiment demonstrates that the claimed "hash" (that is not a hash) used
## by the L2 cache ECC debug feature used by Operation Triangulation is not secure,
## and can be trivially reverse engineered by anyone who owns one of the machines
## with the hardware (such as any M1 Mac), in seconds to days. Therefore, this proves
## that no "insider" access or leak is necessary to obtain this table, and that the
## attackers most likely did exactly the same thing.

## This is the "black box", i.e. the hardware: The table is not exposed to the caller.
class BlackBox:

## turnitdown.py
#!/usr/bin/python3
#
# turnitdown.py - normalize Spotify playback volume on Google Cast devices
#
# Dependencies: pychromecast, spotipy
#
# Usage: register a Spotify app and put the credentials in the
# SPOTIPY_CLIENT_ID and SPOTIPY_CLIENT_SECRET environment variables.
# Then just launch the script. It will autodetect all cast devices
# on the network.

## canon-ef-protocol-notes.md

      
              1 file
            
          
              19 forks
            
          
                3 comments
              
            
              75 stars
            
          
                marcan
                / canon-ef-protocol-notes.md
            
            
              Last active
              February 26, 2025 01:03
            
              
                Canon EF protocol notes
              
          
    Testing done using a Canon EOS 600D and a Canon EF-S18-55mm f/3.5-5.6 IS II.
Pinout


VBAT
DET (common with P-GND on lens side)
P-GND
VDD
DCL
DLC


## gamma_trick.sh
#!/bin/sh
# PNG Gamma trick (by @marcan42 / marcan@marcan.st)
#
# This script implements an improved version of the gamma trick used to make
# thumbnail images on reddit/4chan look different from the full-size image.
#
# Sample output (SFW; images by @Miluda):
#  https://mrcn.st/t/homura_gamma_trick.png
#  https://www.reddit.com/r/test/comments/6edthw/ (click for fullsize)
#  https://twitter.com/marcan42/status/869855956842143744

## fedora-autorestic.md

      
              1 file
            
          
              2 forks
            
          
                0 comments
              
            
              15 stars
            
          
                marcan
                / fedora-autorestic.md
            
            
              Last active
              January 20, 2025 12:40
            
              
                Setting up autorestic on Fedora (Asahi) for automated backups with btrfs
              
          
Install restic and autorestic
sudo mkdir -p /var/cache/restic
Set up /etc/autorestic.yml roughly as follows:

backends:
    mybackend:
        # Your backend options here, see the documentation
global:
    all:
        cache-dir: /var/cache/restic

  
## wiipointer.c
/*
 * Algorithm to process Wiimote IR tracking data into a usable pointer position
 * by tracking the sensor bar.
 *
 * Copyright (c) 2008-2011 Hector Martin "marcan" <marcan@marcan.st>
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *

## m1racles-poc.c
/*
 * m1racle-poc: a basic proof of concept for the M1RACLES vulnerability in the Apple M1.
 *
 * This program allows you to read and write the state of the s3_5_c15_c10_1 CPU register.
 *
 * Please visit m1racles.com for more information.
 *
 * Licensed under the MIT license.
 */

## linux.sh
#!/boot/bzImage

# Linux kernel userspace initialization code, translated to bash
# (Minus floppy disk handling, because seriously, it's 2017.)
# Not 100% accurate, but gives you a good idea of how kernel init works
# GPLv2, Copyright 2017 Hector Martin <marcan@marcan.st>
# Based on Linux 4.10-rc2.

# Note: pretend chroot is a builtin and affects the current process
# Note: kernel actually uses major/minor device numbers instead of device name

## bloom.py
#!/usr/bin/python3
#
# Simple Bloom filter implementation in Python 3
# Copyright 2017 Hector Martin "marcan" <marcan@marcan.st>
# Licensed under the terms of the MIT license
#
# Written to be used with the Have I been pwned? password list:
#   https://haveibeenpwned.com/passwords
#
# Download the pre-computed filter here (968MB, k=11, false positive p=0.0005):

## config-20240112
#
# Automatically generated file; DO NOT EDIT.
# Linux/arm64 6.6.0 Kernel Configuration
#
CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.2.1 20231011 (Red Hat 13.2.1-4)"
CONFIG_CC_IS_GCC=y
CONFIG_GCC_VERSION=130201
CONFIG_CLANG_VERSION=0
CONFIG_AS_IS_GNU=y
CONFIG_AS_VERSION=23900
	import struct, time
	## This experiment demonstrates that the claimed "hash" (that is not a hash) used
	## by the L2 cache ECC debug feature used by Operation Triangulation is not secure,
	## and can be trivially reverse engineered by anyone who owns one of the machines
	## with the hardware (such as any M1 Mac), in seconds to days. Therefore, this proves
	## that no "insider" access or leak is necessary to obtain this table, and that the
	## attackers most likely did exactly the same thing.

	## This is the "black box", i.e. the hardware: The table is not exposed to the caller.
	class BlackBox:
	#!/usr/bin/python3
	#
	# turnitdown.py - normalize Spotify playback volume on Google Cast devices
	#
	# Dependencies: pychromecast, spotipy
	#
	# Usage: register a Spotify app and put the credentials in the
	# SPOTIPY_CLIENT_ID and SPOTIPY_CLIENT_SECRET environment variables.
	# Then just launch the script. It will autodetect all cast devices
	# on the network.
	#!/bin/sh
	# PNG Gamma trick (by @marcan42 / marcan@marcan.st)
	#
	# This script implements an improved version of the gamma trick used to make
	# thumbnail images on reddit/4chan look different from the full-size image.
	#
	# Sample output (SFW; images by @Miluda):
	# https://mrcn.st/t/homura_gamma_trick.png
	# https://www.reddit.com/r/test/comments/6edthw/ (click for fullsize)
	# https://twitter.com/marcan42/status/869855956842143744
	/*
	* Algorithm to process Wiimote IR tracking data into a usable pointer position
	* by tracking the sensor bar.
	*
	* Copyright (c) 2008-2011 Hector Martin "marcan" <marcan@marcan.st>
	* All rights reserved.
	*
	* Redistribution and use in source and binary forms, with or without
	* modification, are permitted provided that the following conditions are met:
	*
	/*
	* m1racle-poc: a basic proof of concept for the M1RACLES vulnerability in the Apple M1.
	*
	* This program allows you to read and write the state of the s3_5_c15_c10_1 CPU register.
	*
	* Please visit m1racles.com for more information.
	*
	* Licensed under the MIT license.
	*/
	#!/boot/bzImage

	# Linux kernel userspace initialization code, translated to bash
	# (Minus floppy disk handling, because seriously, it's 2017.)
	# Not 100% accurate, but gives you a good idea of how kernel init works
	# GPLv2, Copyright 2017 Hector Martin <marcan@marcan.st>
	# Based on Linux 4.10-rc2.

	# Note: pretend chroot is a builtin and affects the current process
	# Note: kernel actually uses major/minor device numbers instead of device name
	#!/usr/bin/python3
	#
	# Simple Bloom filter implementation in Python 3
	# Copyright 2017 Hector Martin "marcan" <marcan@marcan.st>
	# Licensed under the terms of the MIT license
	#
	# Written to be used with the Have I been pwned? password list:
	# https://haveibeenpwned.com/passwords
	#
	# Download the pre-computed filter here (968MB, k=11, false positive p=0.0005):
	#
	# Automatically generated file; DO NOT EDIT.
	# Linux/arm64 6.6.0 Kernel Configuration
	#
	CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.2.1 20231011 (Red Hat 13.2.1-4)"
	CONFIG_CC_IS_GCC=y
	CONFIG_GCC_VERSION=130201
	CONFIG_CLANG_VERSION=0
	CONFIG_AS_IS_GNU=y
	CONFIG_AS_VERSION=23900