Skip to content

Instantly share code, notes, and snippets.

View zhangyoufu's full-sized avatar

Youfu Zhang zhangyoufu

275 followers · 370 following
  • Shanghai
View GitHub Profile
@zhangyoufu
zhangyoufu / certs.txt
Created March 7, 2024 10:47
A configuration profile needed by VirtualBox VBoxHeadless, signed by Apple, valid for 18 years, grants several entitlements
% openssl pkcs7 -print_certs -text -in embedded.provisionprofile -inform der
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 134752589830791184 (0x1debcc4396da010)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=Apple Inc., OU=Apple Certification Authority, CN=Apple Root CA
Validity
Not Before: Feb 7 21:48:47 2013 GMT
Not After : Feb 7 21:48:47 2023 GMT
@zhangyoufu
zhangyoufu / gdb.txt
Last active December 8, 2023 04:49
The architecture-specific signal handling code may adjust RIP/RAX to restart interrupted syscall. Address set be tracer via PTRACE_SETREGS may be decreased by 2 bytes unexpectedly on i386/x86-64. To workaround this behavior, tracer have to check whether tracee is in system call and whether the errno indicates restartable.
(gdb) set $rip=0xdeadbeef
(gdb) c
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0x00000000deadbeed in ?? ()
=> 0x00000000deadbeed:
Cannot access memory at address 0xdeadbeed
@zhangyoufu
zhangyoufu / ln.py
Created August 25, 2022 10:47
create symlink on exFAT filesystem (macOS way)
#!/usr/bin/env python3
import argparse
import hashlib
import os
SMB_SYMHDRLEN = (4+1)+(4+1)+(32+1)
MAXPATHLEN = 0x400
# see smbfs_create_windows_symlink_data
def symlink(target: str, link: str) -> None:
@zhangyoufu
zhangyoufu / cloudflare-warp-outbound-ipv4.txt
Created March 4, 2022 05:16
non-official, just for reference
8.6.112.0 US Texas Dallas
8.6.144.0 US Illinois Chicago
8.6.145.0 US Massachusetts Boston
8.6.146.0 US Tennessee Nashville
8.9.230.0 US Georgia Atlanta
8.9.231.0 US Virginia Ashburn
8.10.148.0 US New York Buffalo
8.14.199.0 SE Vastra Gotalands lan Goeteborg
8.14.201.0 BR Parana Curitiba
8.14.202.0 BR Ceara Fortaleza
@zhangyoufu
zhangyoufu / apple_pki_attribute.txt
Created January 10, 2022 06:06
Apple PKI attributes (incomplete)
1.2.840.113635.100.6.1 Leaf Certificate
1.2.840.113635.100.6.1.2 iOS Development
1.2.840.113635.100.6.1.3 iOS App Store Application
1.2.840.113635.100.6.1.4 iOS Distribution
1.2.840.113635.100.6.1.6 iOS App Store VPN Application
1.2.840.113635.100.6.1.7 3rd Party Mac Developer Application
1.2.840.113635.100.6.1.8 3rd Party Mac Developer Installer
1.2.840.113635.100.6.1.9 Mac App Store Application
1.2.840.113635.100.6.1.10 Mac App Store Installer
1.2.840.113635.100.6.1.11 Mac App Store Receipt
@zhangyoufu
zhangyoufu / reproducer.c
Created November 30, 2021 09:55
A reproducer for BUG_ON(is_vma_temporary_stack(vma)) during execve on el6 kernel, due to incomplete patch for CVE-2011-0999. See also https://access.redhat.com/solutions/1381363
/*
gcc -o reproducer reproducer.c
ulimit -s unlimited
ulimit -l unlimited
sysctl -w vm.overcommit_memory=1
./reproducer
*/
#define _GNU_SOURCE
#include <fcntl.h>
@zhangyoufu
zhangyoufu / nstool.sh
Created November 30, 2021 07:24
nstool.netease.com
#!/bin/sh
curl -fsS "$(curl -fsS nstool.netease.com | iconv -f gbk | sed -e "s|.*iframe src='\([^']*\)'.*|\1|")" | iconv -f gbk | sed -e 's|<br>|\n|g'; echo
@zhangyoufu
zhangyoufu / zk_cmd.h
Last active August 17, 2021 05:03
extracted from ZKTeco xFace500/M FW Ver 6.60 SDK Ver 6.3.1.40
enum ZK_CMD
{
CMD_DB_RRQ = 0x7,
CMD_USER_WRQ = 0x8,
CMD_USERTEMP_RRQ = 0x9,
CMD_USERTEMP_WRQ = 0xA,
CMD_OPTIONS_RRQ = 0xB,
CMD_OPTIONS_WRQ = 0xC,
CMD_ATTLOG_RRQ = 0xD,
CMD_CLEAR_DATA = 0xE,
@zhangyoufu
zhangyoufu / captive-portal-detect.md
Created July 19, 2021 05:03
@zhangyoufu
zhangyoufu / sign.go
Created June 30, 2021 05:11
sign X.509 certificate request via GnuPG (DO NOT try this for your sanity) (ref: https://security.stackexchange.com/a/31131/24620)
package main
import (
"bytes"
"crypto/dsa"
"crypto/ecdsa"
"crypto/ed25519"
"crypto/elliptic"
"crypto/rsa"
"crypto/x509"