Skip to content

Instantly share code, notes, and snippets.

Ryan Castellucci ryancdotorg

Block or report user

Report or block ryancdotorg

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@ryancdotorg
ryancdotorg / siphash24.s
Last active Jan 10, 2020
SipHash-2-4 in x86_64 assembly, hand optimized for size
View siphash24.s
// SipHash-2-4 in x86_64 assembly, hand optimized for size (183 bytes)
// Written by Ryan Castellucci
// Disclaimer: Don't use this.
.global siphash
.global end_siphash
.text
// uint64_t siphash(const void *src, uint32_t src_sz, const uint8_t key[16])
@ryancdotorg
ryancdotorg / exim-restrict-perl.patch
Created Jun 6, 2019
patch to restrict exim's `{$perl {...}}` expansion function for hardening purposes
View exim-restrict-perl.patch
--- old/src/perl.c 2017-03-04 21:21:35.000000000 +0000
+++ new/src/perl.c 2019-03-09 23:42:10.546624662 +0000
@@ -160,6 +160,23 @@
uschar *str;
int items;
+ if (name[0] == '_')
+ {
+ *errstrp = US"forbidden function name";
+ return 0;
@ryancdotorg
ryancdotorg / exim-forbid-run.patch
Created Jun 6, 2019
patch to allow exim's `${run {...}}` expansion to be globally disabled. Add `forbid_run = true` to exim's main config.
View exim-forbid-run.patch
--- old/src/readconf.c 2019-03-09 20:41:17.000000000 +0000
+++ new/src/readconf.c 2019-03-13 07:44:59.855569375 +0000
@@ -152,6 +152,7 @@
{ "extra_local_interfaces", opt_stringptr, &extra_local_interfaces },
{ "extract_addresses_remove_arguments", opt_bool, &extract_addresses_remove_arguments },
{ "finduser_retries", opt_int, &finduser_retries },
+ { "forbid_run", opt_bit | (RDON_RUN << 16), &expand_forbid },
{ "freeze_tell", opt_stringptr, &freeze_tell },
{ "gecos_name", opt_stringptr, &gecos_name },
{ "gecos_pattern", opt_stringptr, &gecos_pattern },
View lz77c.js
// a toy lz77 compressor that outputs printable ascii, by @ryancdotorg
var compress = function(I) {
var p = 0, // position in input
o = "", // compressed output string
D, D_MAX = 479, // distance
L, L_MAX = 19, // length
match; // best match for current position
// encode a (distance,length) tuple
@ryancdotorg
ryancdotorg / exim.py
Created Dec 23, 2018
Twisted protocol for Exim's `readsocket` function
View exim.py
#!/usr/bin/env python
from zope.interface import implementer
from twisted.internet.interfaces import IHalfCloseableProtocol
from twisted.internet.protocol import Protocol
@implementer(IHalfCloseableProtocol)
class EximSocketProtocol(Protocol):
# buffer received data
def dataReceived(self, data):
@ryancdotorg
ryancdotorg / bitfi_to_brainflayer.py
Last active Feb 5, 2020
Python script to output Bitfi key material compatible with `brainflayer -x -t priv`.
View bitfi_to_brainflayer.py
#!/usr/bin/env python
# This script accepts salt,passphrases pairs on STDIN seperated by a tab.
# Specify the coin symbol and indexes to generate via command line args.
#
# Appears to work fine with Bitcoin, Litecoin and Ethereum, probably works
# with many other coins as well.
#
# Don't participate in Bitfi's pay-to-play Bounty - it's a sham.
View brotlipng.sh
#!/bin/sh
# brotlipng.sh by @ryancdotorg
pngcrush -q -force -m 1 -l 0 "$1" ".$1.tmp" && \
brotli -fj ".$1.tmp" -o "$1.br"
@ryancdotorg
ryancdotorg / bitfi.py
Created Jul 25, 2018
incomplete attempt to implement bitfi's key derivation algorithm
View bitfi.py
#!/usr/bin/env python
import sys
import hmac
import hashlib
import binascii
import scrypt
import pycoin
from pybitcointools import *
@ryancdotorg
ryancdotorg / export-earn.com-earnings.js
Last active Mar 19, 2018
earnings report for earn.com task completion
View export-earn.com-earnings.js
// paste to console on https://earn.com/history/ after scrolling down until no more entries appear
hist=[];
document.querySelectorAll(".tasks-results-card-content").forEach(function(e){
var yearStr = " "+(new Date()).getFullYear();
var dateStr = e.getElementsByClassName("task-results-response-status")[0]
.getElementsByTagName("div")[6].innerText.split(',')[0];
dateStr += dateStr.indexOf(yearStr) > -1 ? "" : yearStr;
hist.push(
e.getElementsByClassName("head-stat")[0]
View bloom_chk_hash160.nasm
CPU X64
%macro check_bit 0 ; check whether bit rax
; of the bloom filter is set
mov rdx, rax ; copy hash
shr rax, byte 3 ; byte to check in rax
movzx rax, byte [rdi+rax] ; load byte to check from memory
and rdx, byte 7 ; mask off bit to check
bt rax, rdx ; bit test against bloom filter
jnc bloom_miss ; jump to return a 'miss' if bit isn't set
You can’t perform that action at this time.