Skip to content

Instantly share code, notes, and snippets.

View Cr4sh's full-sized avatar
๐ŸŒด

Dmytro Oleksiuk Cr4sh

๐ŸŒด
1.9k followers · 30 following
View GitHub Profile
@tai2
tai2 / gist:1104429
Created July 25, 2011 15:46
UPnP Port Mapper
# UPnP Port Mapper
import os
import sys
import re
import urllib2
from xml import sax
from xml.sax import handler
from xml.sax.handler import feature_namespaces
import socket
@juntalis
juntalis / winfork.c
Created December 24, 2012 00:40
/*
* fork.c
* Experimental fork() on Windows. Requires NT 6 subsystem or
* newer.
*
* Copyright (c) 2012 William Pitcock <[email protected]>
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
@nettles-jarrod
nettles-jarrod / blog - Switching to Homebrew.md
Created April 2, 2013 04:57
Switching from Macports to Homebrew and getting my development environment back.

I've been a MacPorts user for quite awhile now. There was nothing religious about the decision - on my first day of work I was handed a new Macbook Pro and proceeded to set up a development environment. Tried to, anyway. While I'd been an avid Mac user for most of my life I'd never actually used it for serious web development - I did some small work back in the 90's but that was the days of OS9 and it was all un-Unixy. Long story short: I was a newb at developing on OSX.

Being an Ubuntu user, I was pretty spoiled by apt-get. After about three mintues of trying to compile stuff myself I marched back into my boss's office and asked if there was a package manager for OSX. He directed me to the Mac Ports website and I left extremely relieved. I think I ran across Homebrew at some point but I never explored it further.

For about three months this was satisfactory. MacPorts works well enough but it has a habit of annoying you at certain intersections. The biggest problem, though, was that the rest of the wo

@Cr4sh
Cr4sh / gist:fe910f0d1b0559efd43d
Created September 3, 2014 19:55
Dynamically finding sys_call_table on Linux x86_64 systems
void **find_sys_call_table(void *kernel_addr, int kernel_size)
{
/*
Check for the system_call_fastpath() signature, hand-written piece of
assembly code from arch/x86/kernel/entry_64.S:
ja badsys
mov rcx, r10
call sys_call_table[rax * 8]
mov [rsp + 20h], rax
@cyphunk
cyphunk / ios_security_notes.md
Last active May 28, 2018 00:58
notes from iOS security documentation that I used to write https://deadhacker.com/2016/03/25/the-terrorists-phone/

Notation iOS 9

This homebrewed notation I typically use when evaluating secure boot designs of embedded devices. It doesn't apply accurately for the iOS review, hides the key-wrapping schema for example. But it's enough to keep track of storage location of secrets and some interdependency.

pfk                  = 256bit per_file_key
@Cr4sh
Cr4sh / ami_smi_dump.py
Last active August 9, 2024 13:41
Extract SW SMI handlers information from SMRAM dump of Skylake based AMI Aptio V firmware
'''
###########################################################################
Extract SW SMI handlers information from SMRAM dump of Skylake based
AMI Aptio V firmware.
To use full capabilities of this tool you need to install UEFIDump
(https://github.com/LongSoft/UEFITool/releases/tag/A32), ida-efiutils
(https://github.com/snare/ida-efiutils) and edit corresponding variables
below.
@aweibell
aweibell / mounting.sh
Last active September 14, 2024 13:39
Mount zfs from luks-encrypted drive when booting from Ubuntu Live CD
#!/usr/bin/env bash
echo "Select disk:"
select CHOICE_DISK in $(ls /dev/disk/by-id/ | grep -v "\-part");
do
echo "Selected ${CHOICE_DISK}"
break
done
@eiselekd
eiselekd / enableDCI.txt
Last active December 13, 2024 10:01
Enable DCI debugging on Gigabyte-BKi5HA-7200
Enable DCI debugging on Gigabyte-BKi5HA-7200
--------------------------------------------
The Gigabyte-BKi5HA-7200 (Kabylake i5-7200 processor) can be debugged with only a USB debug cable, a
special cable that crosses only the data signals and has the power signals
removed. You can buy these cables at i.e. https://www.datapro.net/products/usb-3-0-super-speed-a-a-debugging-cable.html
The hurdle you have to overcome before you can access DCI however is that you
need to set some bits in hardware that first enable DCI and also enable the debug port so that DCI can control the cores.
There are lots of guides in howto patch the BIOS but only these two really describes all the steps using only freely accessible tools:
@JamesHagerman
JamesHagerman / stslte-notes.md
Last active March 17, 2024 20:37
My notes about running srsLTE

srsLTE notes

These are notes I've taken while rying to get srslte up and running. This is messy, sorry...

Working solution - LimeSDR + SoapySDR + srsLTE

Dependencies:

sudo apt install tree vim git g++ make cmake pkg-config libpython-dev python-numpy swig libi2c-dev libusb-1.0-0-dev libfftw3-dev libmbedtls-dev libboost-program-options-dev libconfig++-dev libsctp-dev gnuradio
@VVX7
VVX7 / blasty-vs-pkexec.c
Created January 25, 2022 22:51
CVE-2021-4034
/*
* blasty-vs-pkexec.c -- by blasty <[email protected]>
* ------------------------------------------------
* PoC for CVE-2021-4034, shout out to Qualys
*
* ctf quality exploit
*
* bla bla irresponsible disclosure
*
* -- blasty // 2022-01-25