Skip to content

Instantly share code, notes, and snippets.

View shinh's full-sized avatar

Shinichiro Hamaji shinh

469 followers · 4 following
  • Preferred Networks
  • Tokyo, Japan
View GitHub Profile
@shinh
shinh / lambda_source_game.py
Created July 25, 2019 17:24
import ast
import inspect
import os
import sys
def my_lambda_source(l):
s = inspect.getsource(l)
if s.count('lambda') == 2:
return None
@shinh
shinh / description.md
Last active July 21, 2019 08:49 
$ python3 ./scripts/elichikacheck.py mutable.py

すると out/elichika_tmp/tmp_mutable/model.onnx と out/elichika_tmp/tmp_immutable/model.onnx が出ます

$ pip3 install --user netron
$ netron out/elichika_tmp/tmp_mutable/model.onnx
@shinh
shinh / main.py
Created November 6, 2018 06:43
mypy with cyclic dep
import u
print(u.U().foo())
@shinh
shinh / test.java
Created September 15, 2018 08:06
TMCTF 2018 misc-3
import java.io.*;
import java.util.*;
import javax.servlet.ServletInputStream;
import com.trendmicro.CustomOIS;
import com.trendmicro.Person;
import com.trendmicro.jail.Flag;
import org.apache.commons.collections.Factory;
import org.apache.commons.collections.Transformer;
@shinh
shinh / gen_payload.rb
Created August 19, 2018 13:58
DEF CON CTF 2018 doublethink - A polyglot of 9 architectures
#!/usr/bin/env ruby
#
# DEF CON CTF 2018 doublethink
#
# A polyglot of 9 architectures amd64, mix, pdp-8, pdp-1, pdp-10,
# nova, lgp-30, clemency, and mmix. MMIX was added after the CTF.
#
# This will generate a file named "payload" and you can try it by
#
# $ ./scripts/service.py < payload
@shinh
shinh / loopbench.rb
Created June 4, 2018 01:25
loopbench
#!/usr/bin/ruby
# 65 of https://speakerdeck.com/k0kubun/the-method-jit-compiler
[1, 5, 10, 15, 20, 30, 50, 100].each do |n|
rb = "/tmp/loop_#{n}"
File.open(rb, "w") do |of|
n.times{|i|of.puts "def call#{i}() nil end"}
n.times{|i|of.puts ["call#{i}"] * 5 * '; '}
@shinh
shinh / eregon.rb
Last active May 28, 2018 15:36
eregon.rb, decoded by s/eval/print/
# https://github.com/tric/trick2018/blob/master/honorable-mentions/eregon/entry.rb
#
# Just replacing eval by print should yield:
i,s,S=ARGF.read,[],/"(?:\\["\\\/bfnrtu]|[^"\\])*"/
while i[S]
s << $` << $&
i=$'
end
s << i
@shinh
shinh / crumble.rb
Created May 14, 2018 13:56
DEFCON 2018 Qual ELF Crumble
Encoding.default_external = 'binary'
Encoding.default_internal = 'binary'
c = File.open('pieces/broken', 'r:binary').read
p c[0x5b0-3...0x8d4].size
frags = (1..8).map{|i|File.read("pieces/fragment_#{i}.dat")}
p frags.map{|f|f.size}.inject(:+)
[*0..7].permutation.each do |a|
ff = ''
@shinh
shinh / gist:e014849b6fc5460e78f4ac2df0c1351c
Created May 7, 2018 15:21
at_random[0] is stack protector
(gdb) start
Temporary breakpoint 1 at 0x9ef: file mangled_syms.c, line 22.
Starting program: /home/i/test/a.out
Temporary breakpoint 1, main () at mangled_syms.c:22
22 int main() {
(gdb) n
23 unsigned long* at_random = (unsigned long*)getauxval(AT_RANDOM);
(gdb)
24 unsigned long rnd = at_random[1];
@shinh
shinh / codec-calc.cc
Last active January 15, 2020 01:59
for https://github.com/herumi/misc/blob/master/codec-calc.cpp
// https://twitter.com/herumi/status/983496460753821696
int calc_mine(int a, int b, int s) {
return a >> (32 - __builtin_clz(a ^ b));
// return (a & b) >> (32 - __builtin_clz(a ^ b));
}
#include <assert.h>
#include <stdio.h>
#include <stdlib.h>