Skip to content

Instantly share code, notes, and snippets.

View Terminus-IMRC's full-sized avatar
💭
Doing nothing helpful

Yukimasa Sugizaki Terminus-IMRC

💭
Doing nothing helpful
View GitHub Profile
@ThinGuy
ThinGuy / add-arch-2-new-sources.sh
Last active October 3, 2024 12:40
Fix apt architecture error messages: "...doesn't support architecture 'i386'"
# To prevent unsuppoorted architecture error messages from apt on Ubuntu 24.04 (Noble Numbat)
# with the new apt sources format
# Example error messages on `apt update` after a fresh install:
# N: Skipping acquire of configured file 'main/binary-i386/Packages' as repository 'https://packages.microsoft.com/repos/edge stable InRelease' doesn't support architecture 'i386'
# N: Skipping acquire of configured file 'main/binary-i386/Packages' as repository 'https://dl.google.com/linux/chrome/deb stable InRelease' doesn't support architecture 'i386'
#################################################
### SINGLE-ARCH (i.e. fix arch-related error) ###
#################################################
@q3k
q3k / hashes.txt
Last active November 11, 2024 17:38
liblzma backdoor strings extracted from 5.6.1 (from a built-in trie)
0810 b' from '
0678 b' ssh2'
00d8 b'%.48s:%.48s():%d (pid=%ld)\x00'
0708 b'%s'
0108 b'/usr/sbin/sshd\x00'
0870 b'Accepted password for '
01a0 b'Accepted publickey for '
0c40 b'BN_bin2bn\x00'
06d0 b'BN_bn2bin\x00'
0958 b'BN_dup\x00'
@thesamesam
thesamesam / xz-backdoor.md
Last active November 17, 2024 13:13
xz-utils backdoor situation (CVE-2024-3094)

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Background

On March 29th, 2024, a backdoor was discovered in xz-utils, a suite of software that

@TrungNguyen1909
TrungNguyen1909 / mul53.c
Last active January 10, 2024 08:46
Apple H10 Mul53 extension
#if 0
Apple A11 (H10) introduces 2 propietary instructions called mul53lo.2d and mul53hi.2d. All of which belongs to Mul53 extensions.
Defintions:
- mul53lo.2d Vd, Vm: Multiplies 2 53-bit doublewords in the Vn vector with 2 53-bit doublewords in Vm vector and store 53 lowest bits in the Vn vector.
- mul53hi.2d Vd, Vm: Multiplies 2 53-bit doublewords in the Vn vector with 2 53-bit doublewords in Vm vector and store the result shifted 53 bits in the Vn vector.
Encodings:
- mul53lo.2d Vd, Vm: 0x00200000 | (m << 5) | (d << 0)
- mul53hi.2d Vd, Vm: 0x00200400 | (m << 5) | (d << 0)
@marcan
marcan / m1cat.c
Last active October 26, 2023 15:42
m1cat: a PoC for the M1RACLES covert channel vulnerability in the Apple M1
/*
* m1cat: a proof of concept for the M1RACLES vulnerability in the Apple M1.
*
* This program implements a covert channel that can be used to transmit data
* between two processes when run on the Apple Silicon "M1" CPUs.
*
* The channel is slightly lossy due to (presumably) the scheduler sometimes
* scheduling us on the wrong CPU cluster, so this PoC sends every byte twice
* together with some metadata/framing bits, which is usually good enough.
* A better approach would be to use proper FEC or something like that.
/*
* m1racle-poc: a basic proof of concept for the M1RACLES vulnerability in the Apple M1.
*
* This program allows you to read and write the state of the s3_5_c15_c10_1 CPU register.
*
* Please visit m1racles.com for more information.
*
* Licensed under the MIT license.
*/
# IDA (disassembler) and Hex-Rays (decompiler) plugin for Apple AMX
#
# WIP research. (This was edited to add more info after someone posted it to
# Hacker News. Click "Revisions" to see full changes.)
#
# Copyright (c) 2020 dougallj
# Based on Python port of VMX intrinsics plugin:
# Copyright (c) 2019 w4kfu - Synacktiv
#include <stdio.h>
#include <math.h>
#include <inttypes.h>
#if defined(__GNUC__)
#define NOINLINE __attribute__((noinline))
#else
#define NOINLINE
#endif
@Siguza
Siguza / pallas.sh
Last active August 13, 2024 08:20
newstyle OTA
#!/usr/bin/env zsh
set -e;
set +m; # Job control would've been nice, but manual round robin it is, sigh.
if [ -z "${ZSH_VERSION+x}" ]; then
echo 'Try again with zsh.';
exit 1;
fi;
@satmandu
satmandu / make_current_arm64_rpi_kernel_debs.sh
Last active September 25, 2024 03:44
Make arm64 deb packages for the offical Raspberry Pi Foundation arm64 kernels, tested with ubuntu 23.04
#!/bin/bash -x
# make_arm64_rpi_kernel_debs.sh
# Builds arm64 debian packages from the CURRENT rpi firmware repository kernel which is installed by:
# sudo rpi-update
# This runs on an arm64 host with arm64 compilation tools...
# or with some sort of cross-compilation setup.
# Debs are put in $workdir/build
#
# This will NOT work in Raspbian unless you have an arm64 compilation
# environment setup. Appears to work on