Skip to content

Instantly share code, notes, and snippets.

Avatar
©️
 ​[object Object] :trollface:

Aaron Patterson tenderlove

©️
 ​[object Object] :trollface:
View GitHub Profile
View 5-2-js-helper-xss.patch
From b5aeef5703dab7da9ebb47cc20e4c8b64f7f5866 Mon Sep 17 00:00:00 2001
From: Aaron Patterson <aaron.patterson@gmail.com>
Date: Thu, 12 Mar 2020 10:25:48 -0700
Subject: [PATCH] Fix possible XSS vector in JS escape helper
This commit escapes dollar signs and backticks to prevent JS XSS issues
when using the `j` or `javascript_escape` helper
CVE-2020-5267
---
@tenderlove
tenderlove / z-wave-uart.md
Created Feb 4, 2018
Aeotec Z-Wave Z-Stick Gen 5 UART protocol
View z-wave-uart.md

Z-Stick Serial API

The Z-Stick does bi-directional communication over a UART. The connection speed is 115200, '8N1'. There are "requests" and "responses". The client software can make requests to the Z-Stick, and it will send responses. But it seems the Z-Stick can make requests of the client software too. I have yet to figure out the requests the Z-Stick sends to the client software.

Packets

View cross_platform.rb
require "fisk"
require "aarch64"
require "jit_buffer"
require "fiddle"
x86 = Fisk.new
x86.put_label(:foo)
x86.mov(x86.rax, x86.imm(42))
x86.ret
x86.jmp(x86.label(:foo))
@tenderlove
tenderlove / h2_puma.rb
Last active Apr 27, 2022
Demo HTTP/2 server with Puma
View h2_puma.rb
require 'socket'
require 'openssl'
require 'puma/server'
require 'ds9'
class Server < DS9::Server
def initialize socket, app
@app = app
@read_streams = {}
@write_streams = {}
View shc-decode.rb
# Smart Health Card decoder
# This decodes the SHC url thing that is stored in smart health card QR codes
str = DATA.readline
require "base64"
require "zlib"
require "json"
require "pp"
@tenderlove
tenderlove / ruby_jit.rb
Last active Jan 12, 2022
Use fisk and fiddle to patch a Ruby method at runtime
View ruby_jit.rb
require "fisk"
require "fisk/helpers"
require "fiddle/import"
module Ruby
extend Fiddle::Importer
dlload
typealias "VALUE", "uintptr_t"
View fiddle_hacks.rb
# Fiddle, passing a pointer to an int. This gets the current process command
module Hacks
include Fiddle
func = "_NSGetExecutablePath"
path_ptr = Fiddle::Handle::DEFAULT[func]
path = Function.new path_ptr, [TYPE_VOIDP, TYPE_INTPTR_T], TYPE_INT, name: func
define_singleton_method(func, &path.to_proc)
View heapviz.rb
require 'fiddle'
color_iter = DATA.readlines.map(&:chomp).map { |i|
i = i.to_i(16)
[(i >> 16) & 0xFF, (i >> 8) & 0xFF, i & 0xFF, 255]
}.each
SIZEOF_HEAP_PAGE_HEADER_STRUCT = Fiddle::SIZEOF_VOIDP
SIZEOF_RVALUE = 40
View heapviz.rb
require 'fiddle'
color_iter = DATA.readlines.map(&:chomp).map { |i|
i = i.to_i(16)
[(i >> 16) & 0xFF, (i >> 8) & 0xFF, i & 0xFF, 255]
}.each
SIZEOF_HEAP_PAGE_HEADER_STRUCT = Fiddle::SIZEOF_VOIDP
SIZEOF_RVALUE = 40
@tenderlove
tenderlove / a_query.rb
Created Apr 12, 2011
An example using lolquery
View a_query.rb
###
# lolquery is an fresh new take on SQL DSLs. NEVER WRITE SQL AGAIN! Using
# amazing lolquery technology, you too will never have to write another SQL
# statement again!
#
# Check out this simple example of using lolquery. Bask in it's simplicity,
# it's expressiveness, but most importantly, it's lack of writing SQL!
#
# <3 <3 <3 <3 <3