Skip to content

Instantly share code, notes, and snippets.

View mildsunrise's full-sized avatar
🦊
*rolls*

Alba Mendez mildsunrise

🦊
*rolls*
520 followers · 94 following
View GitHub Profile
@mildsunrise
mildsunrise / muint.py
Created May 9, 2025 10:13
bit matrices, with a "reader monad" user interface
class MUint:
'''
a bit vector (unsigned integer) which is the result of an affine map.
except for the 'algebra-specific operations', like apply, instances of this
class behave like `int` values when operated on. this includes a subset of
the operations possible on ints, namely bitwise operations:
- and (`&`) and or (`|`) are allowed as long as the other operand is an `int`
- xor (`^`) are allowed with both ints and other MUints
- shifts (`>>`, `<<`) are allowed (the shift amount must be an `int`)
- not (`~`) is only allowed on FixedMUint (the operation makes no sense on unsigned ints without width)
@mildsunrise
mildsunrise / README.md
Last active May 11, 2025 10:18
Documentation + readable implementation of BK7231 flash encryption

BK7231 flash structure

When BK7231 MCUs load the SPI flash contents into memory, they do not simply copy the bytes; every 32 bytes are followed by 2 bytes of CRC, which the bootloader supposedly checks and removes. In addition, the flash contents can optionally be encrypted with a key stored in eFuse, so the bootloader would also decrypt them before copying to memory.

In the other direction, both of these tasks are performed by the encrypt tool in the SDK: this takes the built code, inserts CRC bytes and (optionally) encrypts with the eFuse key. This image is almost but not quite ready to flash: some spots of the image must then be overwritten with bootloader (RBL) and partition table (FAL) markers; these are stored in plaintext so they can be interpreted before decryption has taken place. These markers respect the 2-byte CRCs, so they are discontinuous in the flash memory if they're bigger than 1 block, and cause the CRC numbers to be updated.

@mildsunrise
mildsunrise / decrypt-chromium-cookies.py
Last active April 30, 2025 09:05
Converts a Chromium cookie store to its decrypted form
#!/usr/bin/env python3
'''
Converts a Chromium cookie store to its decrypted form.
## Background
Chromium stores cookies in a file named 'Cookies' under the profile
directory. Each cookie can be in encrypted or unencrypted form.
When stored in encrypted form, the decryption key is stored in an
OS-dependent facility (for Linux, it is usually libsecret or
@mildsunrise
mildsunrise / asn1.py
Last active November 24, 2024 01:38
low-level DER formatting in python
def der_tag(tag_type: int, composed = False, tag_class = 0):
assert 0 <= tag_class < 4 and 0 <= tag_type < 31 # FIXME: long tag types not implemented
return bytes([ tag_class << 6 | int(composed) << 5 | tag_type ])
def der_length(x: int):
if x < 128: return bytes([x])
n = (x.bit_length() + 7) // 8
assert n < 127
return bytes([ 128 | n ]) + x.to_bytes(n)
def der_wrap(payload: bytes, raw: bool, tag_type: int, composed = False, tag_class = 0):
if raw: return payload
@mildsunrise
mildsunrise / asahi-acronyms.md
Created September 29, 2024 10:35

resources to find what Apple/Asahi acronyms mean:

  • check out this table
  • search with site:asahilinux.org (maybe they talked about it in the blog)
  • grep the linux and m1n1 repos

some other random acronyms, mostly peripherals of the SoC:

  • AIC → Apple Interrupt Controller
  • AP → Application Processor (where the OS runs)
  • DART → Device Address Resolution Table (IOMMU)
@mildsunrise
mildsunrise / decompress_pbzx.py
Last active December 14, 2024 14:24 — forked from Lekensteyn/parse_pbzx.py
Pure python reimplementation of .cpio.xz content extraction from pbzx file payload for OS X packages
#!/usr/bin/env python3
'''
Decompresses a pbzx stream.
Simplified/corrected version of <https://gist.github.com/Lekensteyn/6e0840e77bc9bd013f57>
Example usage (from Python):
decompress_pbzx(open('PayloadJava', 'rb'), open('PayloadJava.cpio', wb'))
@mildsunrise
mildsunrise / lz_string.md
Last active July 23, 2024 23:30
description + simplified implementation of the (cursed) compression scheme of the popular lz-string library

[lz-string][] is a very popular library that compresses UTF-16 strings using a variation of the [LZ78][] algorithm where literals are only encoded once (and referred as dictionary indexes afterwards).

Despite its impressive 10 million downloads per week at the time of this writing, there is no official documentation on the wire format implemented by this library, and the horrible code quality makes it hard to understand from it. Furthermore, the code contains many bugs / gotchas, some of which are enumerated below. This is probably why many of the [numerous ports][ports] of the library blindly copy its code, doing little more

@mildsunrise
mildsunrise / create-object.py
Last active December 14, 2024 14:23
recursively creates git objects (trees, blobs) mirroring a directory in disk
import os, stat
from contextlib import contextmanager
from subprocess import run
@contextmanager
def fd_context(fd: int):
try:
yield fd
finally:
os.close(fd)
@mildsunrise
mildsunrise / polynomials.agda
Last active April 13, 2024 20:54
polynomial algebra over a ring
open import Level using (suc; _⊔_)
open import Function using (id; _∘_)
open import Data.List as List using (
List; []; _∷_; [_]; map; reverse; align; alignWith; foldr; head; last; drop; length
)
import Data.List.Properties as List
import Data.List.Relation.Unary.All as All
import Data.List.Relation.Binary.Pointwise as PW
@mildsunrise
mildsunrise / jni.md
Last active March 30, 2024 16:32
JNI ABI magic numbers

JNIEnv

(keep in mind that JNI methods get a JNIEnv *, not a direct JNIEnv)

given JNIEnv x, you can write ((void**)x)[N] to access a function pointer, where N is:

     4	GetVersion
     5	DefineClass
 6	FindClass