Skip to content

Instantly share code, notes, and snippets.

View riverar's full-sized avatar
🟡
I may be slow to respond.

Rafael Rivera riverar

🟡
I may be slow to respond.
View GitHub Profile
@riverar
riverar / Cargo.toml
Last active December 29, 2023 00:48
ADCS Templates
[package]
name = "app"
version = "0.0.0"
edition = "2021"
publish = false
[dependencies.windows]
version = "0.52.0"
features = [
"Win32_Foundation",
## Unknown:
AADCloudAPPluginAlwaysEnabled: 21617600
AADCrossCloudB2BWAMSupport: 25510753
AADDeviceAuthCookieInCXH: 29842082
AADWAMDeviceOnlyTokenRequestsSendUnknownParamsToServer: 23624342
AADWebAuthSessionSwitchInPasswordCredprov: 24242972
AOAC: 4780066
AccessibleAmd64OnArm64: 30022433
AccountsGroup_AddAccountNameSetting: 14610699
@riverar
riverar / explorer.patch
Created September 11, 2020 18:21
explorer.exe 10.0.20211.1000 > 10.0.20211.1005
--- 10.0.20211.1000 Fri Sep 11 11:18:25 2020
+++ 10.0.20211.1005 Fri Sep 11 11:18:29 2020
@@ -3414,11 +3414,9 @@
CTrayItem::GetApplicationIdentity(ushort *,unsigned __int64,bool *)
CTrayItem::GetItemGuidAsString(ushort *,int)
CTrayItem::IsDuplicate(void)
-CTrayItem::IsHidden(void)
CTrayItem::IsIdentityCached(void)
CTrayItem::IsScaGuid(_GUID const &)
CTrayItem::IsSystemAppIdentity(IApplicationResolver2 *,ushort const *,bool *)
ms-1.7z
md5:5CBAC93C9AB187D0ABD1FF21E1F13392
sha256:2C6D1D0A1EE9C0FE888FF06F4D09E29FC6D6DFCAFC0AFB2BF637276D9F19D77A
@riverar
riverar / quiethours.idl
Last active September 21, 2019 23:57
Example demonstrating how to retrieve the current Focus Assist profile's Priority Apps list (https://withinrafael.com/2019/09/19/determine-if-your-app-is-in-a-focus-assist-profiles-priority-list/)
// © Rafael Rivera
// License: MIT
import "oaidl.idl";
[uuid(e0b5ef8b-a9b4-497a-8f71-08dd5c8ab2bf)]
library QuietHours
{
[uuid(f53321fa-34f8-4b7f-b9a3-361877cb94cf)]
coclass QuietHoursSettings
@riverar
riverar / custom-entry.reg
Last active September 19, 2019 22:00
Example showing how to add a pseudo GOG game entry for Rainway use
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\GOG.com\Games\MakeUpSomethingHere]
"EXE"="C:\\Windows\\Notepad.exe"
"EXEFILE"="Notepad.exe"
"LAUNCHCOMMAND"="C:\\Windows\\Notepad.exe"
"PATH"="C:\\Windows"
"GAMENAME"="The Emulator"
"DEPENDSON"=""
"WORKINGDIR"="C:\\Windows"
@riverar
riverar / services-agreement.patch
Last active June 23, 2022 12:30
Microsoft Services Agreement diff, [current] => [August 30, 2019]
--- old.txt Wed Jul 10 21:24:49 2019
+++ new.txt Wed Jul 10 21:24:52 2019
@@ -20 +20 @@
-vii. Don’t engage in activity that is harmful to you, the Services, or others (e.g., transmitting viruses, stalking, posting terrorist content, communicating hate speech, or advocating violence against others).
+vii. Don’t engage in activity that is harmful to you, the Services or others (e.g., transmitting viruses, stalking, posting terrorist or violent extremist content, communicating hate speech, or advocating violence against others).
@@ -25 +25 @@
-c. Application to Xbox Services. Click here for more information about how this Code of Conduct applies to Xbox Live, Games for Windows Live and Microsoft Studios games, applications, services and content provided by Microsoft. Violation of the Code of Conduct through Xbox Services (defined in section 14(a)(i)) may result in suspensions or bans from participation in Xbox Services, including forfeiture of content licenses, Xbox Gold Membership time, and Microsoft account ba
@riverar
riverar / agent-2.js
Created July 9, 2019 09:37
Frida agent, using Xamarin Mono APIs to intercept a full-AOT method and dump its single argument
import { MonoApiHelper, MonoApi } from 'frida-mono-api'
const domain = MonoApi.mono_get_root_domain()
// Get a handle to the SeeingAI.Core assembly
let coreAssembly = MonoApi.mono_assembly_load_with_partial_name(Memory.allocUtf8String("SeeingAI.Core"), NULL)
let coreImage = MonoApi.mono_assembly_get_image(coreAssembly)
// Retrieve class metadata
let helperClass = MonoApiHelper.ClassFromName(coreImage, "SeeingAI.Network.SignatureHelper")
@riverar
riverar / agent.js
Last active July 9, 2019 09:55
Frida agent, using Xamarin Mono APIs to access a static field and dump its value
import { MonoApiHelper, MonoApi } from 'frida-mono-api'
const domain = MonoApi.mono_get_root_domain()
// Get a handle to the SeeingAI.Core assembly
let coreAssembly = MonoApi.mono_assembly_load_with_partial_name(Memory.allocUtf8String("SeeingAI.Core"), NULL)
let coreImage = MonoApi.mono_assembly_get_image(coreAssembly)
// Retrieve class metadata
let helperClass = MonoApiHelper.ClassFromName(coreImage, "SeeingAI.Network.SignatureHelper")
@riverar
riverar / features.json
Last active November 8, 2023 20:46
Quick n' dirty hack to enable Your Phone remoting, notification and other experiments
{
"AATes123": true,
"AcrylicAndBackground": true,
"AudioInfoSync": true,
"BatteryIndicator": true,
"CallingDiscoveryTimeout": 30,
"CallingEnableOnARM": true,
"CallingFromMessages": true,
"CallingLabelInProd": true,
"CallingNode": true,