Skip to content

Instantly share code, notes, and snippets.

💭
:cheeeeeese:

Royce Williams roycewilliams

💭
:cheeeeeese:
Block or report user

Report or block roycewilliams

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View Android-10--add-user-from-lock-screen-issue.md

Android 10 "add users from lock screen" issue

Issue

On my Pixel 3 XL with new Android 10, even with "add users from lock screen" disabled, I discovered that I could reliably create a new user from the lock screen (swipe down the top menu, select blue user icon, and the "Add user" plus-sign icon is available).

I've posted this publicly - at first because I thought I must be mistaken, but then expanded later because the issue is not exploitable remotely, can only be carried out after authorized-equivalent access to the device has been achieved, is trivial to recreate with normal UI interaction, and would very likely have been disclosed by others in the very short term.

Seeking more confirmations, and more info on how to precisely reproduce!

Steps to recreate

@roycewilliams
roycewilliams / real-world-initialism-passwords.txt
Last active Sep 9, 2019
real-world-initialism-passwords.txt
View real-world-initialism-passwords.txt
# Simple sample of real-word passwords that are initialisms of known phrases.
# Inspired by discussion at https://twitter.com/TychoTithonus/status/1170724414431715329
# Base "words" (can you tell what quotes / songs they're from?)
1mp&1c11wt
1mp@1c11wt
1mpa1c11wt
Batmf,tsite
Batmftsite
Batp,ftsbccog
@roycewilliams
roycewilliams / same-quad-list.txt
Last active Sep 9, 2019
same-quad-list.txt: a list of same-quad IPs by owner, with DNS status
View same-quad-list.txt
#-----------------------------------------------------------------------
# same-quad-list.txt: a list of same-quad IPs by owner w/DNS status
#
# The CIDR network is the largest contiguous/bit-boundary-aligned block
# that is allocated to that entity (actual allocated range may be larger)
# NOTE: some ranges not yet converted to CIDR.
# Updates welcome - leave comment and/or ping royce@techsolvency.com
#-----------------------------------------------------------------------
# For human efficiency, some records are repeated here as comments.
#
View clientside-software-update-verification-failures.md

Client-side software update verification failures

Exploitable vulnerabilities in client-side software update mechanisms that could have been mitigated by secure transport (TLS). Contributions welcome. All text taken from the vulnerability descriptions themselves, with additional emphasis mine.

In scope:

  • I consider exploitation or privilege escalation of the package tool/system itself (that would have been mitigated by secure transport) to be in scope.
  • Issues only described as being triggered by malicious mirrors are assumed to also be vulnerable to MITM.
  • Failure to verify the software update at all is currently provisionally in scope if it could have been mitigated by secure transport, but I'm waffling about it. Most of these are actual signature verification failures, and my original purpose was to highlight cases where claims of "It's OK to be HTTP because verification!" seem to me to be specious.

Out of scope:

  • Transport downgrade attacks - that force a connection from being e
@roycewilliams
roycewilliams / pwnedpasswords-v2-top20k.txt
Last active Sep 4, 2019
pwnedpasswords-v2-top20k.txt
View pwnedpasswords-v2-top20k.txt
This file has been truncated, but you can view the full file.
# Top 20K hashes from the Troy Hunt / haveibeenpwned Pwned Passwords list v2 (2018-02-21)
# Original raw as published is at https://gist.github.com/roycewilliams/eef06c1148707ce8c8a1dea85768b207
20760336:7c4a8d09ca3762af61e59520943dc26494f8941b:123456
7016669:f7c3bc1d808e04732adf679965ccc34ca7ae3441:123456789
3599486:b1b3773a05c0ed0176787a4f1574ff0075f7521e:qwerty
3303003:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8:password
2900049:3d4f2bf07dc1be38b20cd6e46949a1071f9d0e3d:111111
2680521:7c222fb2927d828af22f592134e8932480637c0d:12345678
2670319:6367c48dd193d56ea7b0baad25b19455e529f5ee:abc123
@roycewilliams
roycewilliams / babe-ruth-passwords.txt
Last active Aug 31, 2019
babe-ruth-passwords.txt
View babe-ruth-passwords.txt
# All case-insensitive 'babe.*ruth' founds from hashes.org (through August 2019)
# As part of this tweet thread: https://twitter.com/TychoTithonus/status/1167820683541282819
# Sorted in length order (the longer passwords are the ones more supportive of my argument)
# Under almost no circumstances should a passwords "formula" like the one described be used.
BABERUTH
BaBeRuTh
BabeRuth
Baberuth
bAbErUtH
baberuth
@roycewilliams
roycewilliams / netmux-survivor-masks.txt
Last active Aug 29, 2019
netmux-survivor-masks.txt
View netmux-survivor-masks.txt
# As noted in https://www.netmux.com/blog/survivor-password-hashes
# and https://twitter.com/netmux/status/1166688841111150597
# as of 2019-08-28
#
# (UPDATE: should be unnecessary - use https://github.com/netmux/survivor-hashes instead)
#
llllldddddddddd
llllllllddddd
lllllllllll
ddddddddddllllll
@roycewilliams
roycewilliams / github-gists-roycewilliams-index.md
Last active Aug 18, 2019
github-gists-roycewilliams-index.md
View github-gists-roycewilliams-index.md
@roycewilliams
roycewilliams / benchmark_hashcat-v5.1.0-1387-gec987e68_irongiant_2019-08-18.txt
Last active Aug 18, 2019
benchmark_hashcat-v5.1.0-1387-gec987e68_irongiant_2019-08-18.txt
View benchmark_hashcat-v5.1.0-1387-gec987e68_irongiant_2019-08-18.txt
# benchmark_hashcat-v5.1.0-1387-gec987e68_irongiant_2019-08-18.txt
# https://gist.github.com/roycewilliams/702e5cdce0a506eb5c5a8e9cd7ebb6d8
$ hashcat -b -w 4 -O
hashcat (v5.1.0-1387-gec987e68) starting in benchmark mode...
CUDA API (CUDA 10.1)
====================
* Device #1: GeForce GTX 1080, 8119 MB, 20MCU
You can’t perform that action at this time.