Skip to content

Instantly share code, notes, and snippets.

View brammittendorff's full-sized avatar
😸
Check the facts, expose those cats

Bram Mittendorff brammittendorff

😸
Check the facts, expose those cats
View GitHub Profile
@brammittendorff
brammittendorff / gist:ee6c28889537ca0b199523e02c06779b
Created July 12, 2019 08:07 — forked from alphazo/gist:3303282
Clone MiFare cards using chinesse UUID writable cards

libnfc supports UUID writable cards and even has some dedicated tools for them.

However it doesn't work with some of the cards found on eBay that are even simpler to use. Sector 0 is unlocked and can be written without any additional commands. libnfc requires a small patch to get it working.

Following has been tested under ArchLinux with modified libnfc 1.5.1, mfoc 0.10.2 and a SCL3711 dongle.

Patch & recompile libnfc

The patch is fairly simple, open libnfc-1.5.1/utils/nfc-mfclassic.c and comment 2 lines (it was lines 384 and 385 for me):

// Try to write the trailer

@brammittendorff
brammittendorff / chaturbate.sh
Created November 9, 2017 08:51
Chaturbate recorder
#!/bin/sh
URL="${2}"
NAME="$(echo "${URL}" | sed 's#.*/\([^/]*\)/$#\1#')"
pgrep -f "/${NAME}-.*/playlist.m3u8" && exit
STREAM="$(curl -s "${URL}" | grep hlsSourceFast | sed -n 's#.*\(https://.*/playlist.m3u8\).*#\1#p')"
ROOT_DIR=$HOME/x
case "${1}" in
vlc|v)
# Usage: ./dns_check.py <list_of_domain_names.txt>
import dns.resolver
import requests
import re
import json
import sys
resolver = dns.resolver.Resolver()
resolver.timeout = 5
resolver.lifetime = 5
@brammittendorff
brammittendorff / af_packet_rx_ring.c
Created October 24, 2016 07:24 — forked from pavel-odintsov/af_packet_rx_ring.c
af_packet_rx_ring_habrahabr.c
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <iostream>
#include <unistd.h>
#include <boost/thread.hpp>
#include <sys/mman.h>
#include <poll.h>
#include <arpa/inet.h>
#!/bin/bash
# from http://habrahabr.ru/post/108240/
ncpus=`grep -ciw ^processor /proc/cpuinfo`
test "$ncpus" -gt 1 || exit 1
n=0
for irq in `cat /proc/interrupts | grep eth | awk '{print $1}' | sed s/\://g`
do
f="/proc/irq/$irq/smp_affinity"
@brammittendorff
brammittendorff / pps.sh
Created October 24, 2016 07:22 — forked from pavel-odintsov/pps.sh
pps.sh for habrahabr
#!/bin/bash
INTERVAL="1" # update interval in seconds
if [ -z "$1" ]; then
echo
echo usage: $0 [network-interface]
echo
echo e.g. $0 eth0
echo

Exploiting Lua 5.1 on 32-bit Windows

The following Lua program generates a Lua bytecode program called ignore-unsigned-sga.fnt, which in turn loads a DLL from within an extremely locked down Lua 5.1 sandbox in a program called RelicCOH2.exe. The remainder of this document attempts to explain how this program works by a whirlwind tour of relevent bits of the Lua 5.1 virtual machine.

if string.dump(function()end):sub(1, 12) ~= "\27Lua\81\0\1\4\4\4\8\0" then
  error("This generator requires a 32-bit version of Lua 5.1")
end

local function outer()
  local magic -- In bytecode, the stack slot corresponding to this local is changed
@brammittendorff
brammittendorff / cloudflare-challenge.js
Created June 22, 2016 09:55 — forked from alexwilson/cloudflare-challenge.js
This is a project designed to get around sites using Cloudflare's "I'm under attack" mode. Using the PhantomJS headless browser, it queries a site given to it as the second parameter, waits six seconds and returns the cookies required to continue using this site. With this, it is possible to automate scrapers or spiders that would otherwise be t…
/**
* This is a project designed to get around sites using Cloudflare's "I'm under attack" mode.
* Using the PhantomJS headless browser, it queries a site given to it as the second parameter,
* waits six seconds and returns the cookies required to continue using this site. With this,
* it is possible to automate scrapers or spiders that would otherwise be thwarted by Cloudflare's
* anti-bot protection.
*
* To run this: phantomjs cloudflare-challenge.js http://www.example.org/
*
* Copyright © 2015 by Alex Wilson <[email protected]>

Keybase proof

I hereby claim:

  • I am brammittendorff on github.
  • I am brammittendorff (https://keybase.io/brammittendorff) on keybase.
  • I have a public key whose fingerprint is 12FE D5A1 224C 3676 2856 3EEA 0BB7 F1AC 500F E07C

To claim this, I am signing this object:

@brammittendorff
brammittendorff / opera-vpn.md
Created April 25, 2016 09:24 — forked from spaze/opera-vpn.md
Opera VPN behind the curtains is just a proxy, here's how it works

When setting up (that's immediately when user enables it in settings) Opera VPN sends few API requests to https://api.surfeasy.com to obtain credentials and proxy IPs, see below, also see The Oprah Proxy.

The browser then talks to a proxy de0.opera-proxy.net (when VPN location is set to Germany), it's IP address can only be resolved from within Opera when VPN is on, it's 185.108.219.42 (or similar, see below). It's an HTTP/S proxy which requires auth.

When loading a page with Opera VPN enabled, the browser sends a lot of requests to de0.opera-proxy.net with Proxy-Authorization request header.

The Proxy-Authorization header decoded: CC68FE24C34B5B2414FB1DC116342EADA7D5C46B:9B9BE3FAE674A33D1820315F4CC94372926C8210B6AEC0B662EC7CAD611D86A3 (that's sha1(device_id):device_password, where device_id and device_password come from the POST /v2/register_device API call, please note that this decoded header is from another Opera installation and thus contains