Skip to content

Instantly share code, notes, and snippets.

View ckuethe's full-sized avatar

Chris Kuethe ckuethe

View GitHub Profile
@osy
osy / tpm-rant.md
Last active October 5, 2024 16:39
TPM provides zero practical security

TPM provides zero practical security

TPM (Trusted Platform Module) is as useful for preventing real attackers as the TSA is at preventing real terrorists. The architecture is fundamentally flawed and most existing implementations are completely broken. I thought this argument was settled decades ago[1] when "trusted computing" was introduced mostly as a way to provide DRM and ownership capabilities to organizations. It has largely failed to impact the consumer market when it was introduced back in the early 2000s. However, recently there seems to be a movement by certain parties to reintroduce this failed product back to the market. Microsoft argues that in order to use Windows 11, you need TPM 2.0 compatible hardware because[2]:

The Trusted Platform Module(TPM) requirement ena

@JVital2013
JVital2013 / How-To-Hand-Track-Polar-Orbiting-Satellites.md
Last active October 11, 2024 22:13
How to Hand-Track Polar-orbiting satellites

How to Hand-Track Polar-Orbiting Weather Satellites

This is how I hand-track polar-orbiting weather satellites using an old equatorial mount telescope tripod and a 1.7 GHz grid dish. This may not be the best way to do it, and other ideas are welcome!

If you're unfamiliar with HRPT reception, this is not the right place to learn about it. Head over to https://sgcderek.github.io/blog/beginner-hrpt-guide.html for that. This write-up only focuses on hand-tracking to record a baseband.

Hardware Required

The crux of the "tracking" design is the equatorial mount. These are not cheap to buy new, it's destructive to mount a dish to it, and the mount is not used the way it's designed - but for my needs, it works! I had an old one from the early 1990s lying around, so it was convenient and essentially free. Of course, you can use another mount - but you'll need to ask for someone else's opinion on how that works since equatorial is all I know 😄.

@jwbee
jwbee / readme.md
Last active September 13, 2024 14:27
Help me identify possible tracking device found in my car

Help me identify possible tracking device found in my car

TL;DR

I found a non-OEM electronic gadget in my car. It is wired into the ignition, and contains a 435.10 MHz radio reciever, a microcontroller, and two relays. I suspect it might be a device that allows third parties to unlock the doors and start the car with a radio.

Details

I was driving my 2020 Honda Insight EX when it started to make the annoying sound of an electromechanical relay rapidly switching on and off. When I got home I looked under the dash and straight away I could see someone other than Honda had been in here. The first thing I saw was this surface-mounted switch that doesn't belong there.

#!/usr/bin/env python3
"""
# NOTE, you must change the filename below for the rp++ output you want to process.
# This script does not take arguments in its current form. Sorry!
"""
import re
from pwn import p32, u32
@nstarke
nstarke / netgear-private-key-disclosure.md
Last active April 30, 2024 06:02
Netgear TLS Private Key Disclosure through Device Firmware Images

Netgear Signed TLS Cert Private Key Disclosure

Overview

There are at least two valid, signed TLS certificates that are bundled with publicly available Netgear device firmware.

These certificates are trusted by browsers on all platforms, but will surely be added to revocation lists shortly.

The firmware images that contained these certificates along with their private keys were publicly available for download through Netgear's support website, without authentication; thus anyone in the world could have retrieved these keys.

@Alabate
Alabate / usb-android-emulator-ubuntu.md
Last active June 20, 2023 10:48
Use custom USB device with Android emulator by using custom built kernel on Ubuntu 18.04

Use custom USB device with Android emulator by using custom built kernel on Ubuntu 18.04

The android emulator doesn't support all usb devices because they are disabled in the kernel. So we need to build it with another configuration. My goal was to build the same version as it was before, but with just configuration modifications.

Find current android version

Start the emulator without modifications, go into

Configuration > System > About emulated device > Android version

@AnatomicJC
AnatomicJC / android-backup-apk-and-datas.md
Last active November 15, 2024 22:29
Backup android app, data included, no root needed, with adb

Backup android app, data included, no root needed, with adb

Note: This gist may be outdated, thanks to all contributors in comments.

adb is the Android CLI tool with which you can interact with your android device, from your PC

You must enable developer mode (tap 7 times on the build version in parameters) and install adb on your PC.

Don't hesitate to read comments, there is useful tips, thanks guys for this !

@justinvanwinkle
justinvanwinkle / broken.py
Last active August 8, 2024 02:39
Every python rate-limiting library (that I can find) is broken, at least a little.
# I was looking for a rate limiting library to call rate limited apis as closely
# as possible to their enforced limits. I looked at the first few python libraries
# that I found, and when I glanced at the source, they were all clearly broken.
# Curious how this could be, I took all the top google and pip search results for: python rate limiting
# and tried to get them to do the wrong thing and fail to rate limit in situations that could come up
# in normal use (though in some cases very specific use)
# https://github.com/tomasbasham/ratelimit
# Where broken:
@lizthegrey
lizthegrey / attributes.rb
Last active September 24, 2024 14:33
Hardening SSH with 2fa
default['sshd']['sshd_config']['AuthenticationMethods'] = 'publickey,keyboard-interactive:pam'
default['sshd']['sshd_config']['ChallengeResponseAuthentication'] = 'yes'
default['sshd']['sshd_config']['PasswordAuthentication'] = 'no'
@adulau
adulau / ghidra-community.md
Last active November 11, 2023 13:16
Ghidra community - collection