Skip to content

Instantly share code, notes, and snippets.

View HarryR's full-sized avatar
🏴‍☠️
My time travel machine is stuck at 60 seconds per minute

HaRold HarryR

🏴‍☠️
My time travel machine is stuck at 60 seconds per minute
View GitHub Profile
@HarryR
HarryR / MiMCp.sol
Last active August 15, 2024 06:37
MiMC-p/p for Solidity
// Copyright (c) 2018 HarryR
// License: LGPL-3.0+
pragma solidity ^0.5.0;
/**
* Implements MiMC-p/p over the altBN scalar field used by zkSNARKs
*
* See: https://eprint.iacr.org/2016/492.pdf
*
#include <stdio.h>
#include <Windows.h>
#include <winternl.h>
#include <wchar.h>
#include <tlhelp32.h>
PPEB get_peb(void);
DWORD __stdcall unicode_ror13_hash(const WCHAR *unicode_string);
DWORD __stdcall ror13_hash(const char *string);
HMODULE __stdcall find_module_by_hash(DWORD hash);
@HarryR
HarryR / proof-of-insecurity.txt
Last active December 24, 2017 16:35
Zero Knowledge Proof of a preimage, without revealing the preimage
# Random element of S
ℝ ∈ S = λS -> {ω ∈ Ω | ℝ_ω ∈ S}
# A homomorphic function which transforms `x` from its additive
# group into its equivalent in the multiplicative group
G^x = {λx | x ∈ Z_(q-1)} -> X
# Maps `x` to `X` within `Z_q` while adhering to the random oracle model
H = λx -> X ∈ Z_q
@lionello
lionello / ModExp.sol
Last active March 17, 2022 13:07
Solidity wrapper for Ethereum Byzantium's BigInt `modexp` built-in contract 0x5
pragma solidity ^0.4.17;
contract ModExp {
// Wrapper for built-in bigint_modexp (contract 0x5) as described here https://github.com/ethereum/EIPs/pull/198
function modexp(bytes memory _base, bytes memory _exp, bytes memory _mod) public view returns(bytes memory ret) {
uint256 bl = _base.length;
uint256 el = _exp.length;
uint256 ml = _mod.length;
@chriseth
chriseth / snarktest.solidity
Last active December 3, 2023 07:03
zkSNARKs test code
// This file is MIT Licensed.
//
// Copyright 2017 Christian Reitwiessner
// Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
// The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF O
@HarryR
HarryR / lisp.py
Last active August 17, 2017 21:43
Single-file 100 line version of https://github.com/kvalle/root-lisp
import re
import sys
def parse_any(symbols):
while len(symbols):
if symbols[0] == '(':
return parse_list(symbols[1:])
if symbols[0] == "'":
symbols, inner = parse_any(symbols[1:])
return symbols, ['quote', inner]
@aunyks
aunyks / snakecoin-server-full-code.py
Last active August 21, 2024 00:19
The code in this gist isn't as succinct as I'd like it to be. Please bare with me and ask plenty of questions that you may have about it.
from flask import Flask
from flask import request
import json
import requests
import hashlib as hasher
import datetime as date
node = Flask(__name__)
# Define what a Snakecoin block is
class Block:
@HarryR
HarryR / cryptochannel.py
Last active March 8, 2018 15:30
Negotiate an encrypted channel between two long-term NaCl key pairs, ensuring forward secrecy by creating an ephemeral session key. See: https://www.logicista.com/2017/humans-vs-crypto
"""
Cryptochannel provides a way of securely communicating with another
party where each party as a verifiable identity.
It provides both Client and Server components, where the Server has a known
long-term key but the Server doesn't need to know the client's long-term key
prior to it connecting.
The protocol enforces forward secrecy, where if either of the parties long-term
keys are leaked no intercepting party will be able to recover the contents of
@budanthara
budanthara / wordpress_content_injection.py
Last active July 8, 2024 14:42
Wordpress content injection exploit by snoww0lf
#! /usr/bin/env python
"""
Technical Explanation: https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html
REST API Wordpress reference: https://developer.wordpress.org/rest-api/reference/posts/#update-a-post
Wordpress Version Affected: 4.7.0/4.7.1
2017 - Coded by snoww0lf.
"""
import re
#!/usr/bin/env python
"""
Embed files into C arrays
Hacky solution because xxd didn't have enough features
"""
from __future__ import with_statement
from __future__ import print_function