Skip to content

Instantly share code, notes, and snippets.

Avatar

Ryan Castellucci ryancdotorg

View GitHub Profile
@ryancdotorg
ryancdotorg / nd-json-tar.py
Created Jun 27, 2020
Python script that constructs tar archives from newline delimited JSON input.
View nd-json-tar.py
#!/usr/bin/env python3
import os, sys
import json
import tarfile
# apply attributes
def modify(attrib, stat, info):
if 'mtime' in attrib:
info.mtime = attrib['mtime']
View tasker-randomize-ad-id.xml
<TaskerData sr="" dvi="1" tv="5.9.2">
<Profile sr="prof22" ve="2">
<cdate>1568555561584</cdate>
<edate>1569679198184</edate>
<id>22</id>
<mid0>21</mid0>
<nme>Rotate Ad ID</nme>
<Time sr="con0">
<fh>0</fh>
<fm>0</fm>
@ryancdotorg
ryancdotorg / web-crypto-scrypt.js
Last active Apr 6, 2020
An async JavaScript Scrypt implementation using Web Cryptography APIs for PBKDF2.
View web-crypto-scrypt.js
// Based on https://github.com/ricmoo/scrypt-js
"use strict";
(function(root) {
const MAX_VALUE = 0x7fffffff;
// Returns a Promise that resolves to an ArrayBuffer.
async function PBKDF2_HMAC_SHA256(password, salt, iterations, dkLen) {
return crypto.subtle.importKey('raw', password, {name: 'PBKDF2'}, false, ["deriveBits"]).then(
@ryancdotorg
ryancdotorg / setgw.sh
Created Mar 14, 2020
Sets up routing when you don't have an on-subnet IP configured.
View setgw.sh
#!/bin/sh
IFACE="$1"
SRCIP="$2"
DSTIP="$3"
MAC=`/usr/sbin/arping -r -C1 -w10 -i "$IFACE" -S "$SRCIP" "$DSTIP"`
if [ $? -eq 0 ]
then
/sbin/ip neigh replace "$DSTIP" lladdr "$MAC" dev "$IFACE" nud permanent || exit $?
/sbin/ip route replace default via "$DSTIP" dev "$IFACE" || exit $?
else
@ryancdotorg
ryancdotorg / siphash24.s
Last active Jan 10, 2020
SipHash-2-4 in x86_64 assembly, hand optimized for size
View siphash24.s
// SipHash-2-4 in x86_64 assembly, hand optimized for size (183 bytes)
// Written by Ryan Castellucci
// Disclaimer: Don't use this.
.global siphash
.global end_siphash
.text
// uint64_t siphash(const void *src, uint32_t src_sz, const uint8_t key[16])
@ryancdotorg
ryancdotorg / exim-restrict-perl.patch
Created Jun 6, 2019
patch to restrict exim's `{$perl {...}}` expansion function for hardening purposes
View exim-restrict-perl.patch
--- old/src/perl.c 2017-03-04 21:21:35.000000000 +0000
+++ new/src/perl.c 2019-03-09 23:42:10.546624662 +0000
@@ -160,6 +160,23 @@
uschar *str;
int items;
+ if (name[0] == '_')
+ {
+ *errstrp = US"forbidden function name";
+ return 0;
@ryancdotorg
ryancdotorg / exim-forbid-run.patch
Created Jun 6, 2019
patch to allow exim's `${run {...}}` expansion to be globally disabled. Add `forbid_run = true` to exim's main config.
View exim-forbid-run.patch
--- old/src/readconf.c 2019-03-09 20:41:17.000000000 +0000
+++ new/src/readconf.c 2019-03-13 07:44:59.855569375 +0000
@@ -152,6 +152,7 @@
{ "extra_local_interfaces", opt_stringptr, &extra_local_interfaces },
{ "extract_addresses_remove_arguments", opt_bool, &extract_addresses_remove_arguments },
{ "finduser_retries", opt_int, &finduser_retries },
+ { "forbid_run", opt_bit | (RDON_RUN << 16), &expand_forbid },
{ "freeze_tell", opt_stringptr, &freeze_tell },
{ "gecos_name", opt_stringptr, &gecos_name },
{ "gecos_pattern", opt_stringptr, &gecos_pattern },
View lz77c.js
// a toy lz77 compressor that outputs printable ascii, by @ryancdotorg
var compress = function(I) {
var p = 0, // position in input
o = "", // compressed output string
D, D_MAX = 479, // distance
L, L_MAX = 19, // length
match; // best match for current position
// encode a (distance,length) tuple
@ryancdotorg
ryancdotorg / exim.py
Created Dec 23, 2018
Twisted protocol for Exim's `readsocket` function
View exim.py
#!/usr/bin/env python
from zope.interface import implementer
from twisted.internet.interfaces import IHalfCloseableProtocol
from twisted.internet.protocol import Protocol
@implementer(IHalfCloseableProtocol)
class EximSocketProtocol(Protocol):
# buffer received data
def dataReceived(self, data):
You can’t perform that action at this time.