Quinn Diggity quinndiggity

MD5 Collision with CRC32 Preimage

Here's the scenario: We want to craft two different messages with the same MD5 hash, and a specific CRC32 checksum, simultaneously.

In other words, we want an MD5 collision attack and a CRC32 preimage attack.

This might seem like a contrived scenario, but it's exactly the one I faced while producing my PNG hashquine (Yes OK maybe that's also a contrived scenario, cut me some slack).

On its own, a CRC32 preimage attack is trivial. You can craft a 4-byte suffix that gives any message a specific checksum, calculated using a closed-form expression (which I am too lazy to derive, not even with assistance from Z3). It's not an attack per-se, since CRC32 was never meant to be cryptograpically secure in the first place.

SockPuppet 3

This is a kernel exploit targeting iOS 12.0-12.2 and 12.4. It exploits a dangling kernel pointer to craft a fake task port corresponding to the kernel task and gets a send right to it.

This code is not readily compilable — some common sense is a prerequisite. If you do get it going though, it is extremely reliable on any device with more than a gigabyte of RAM. Interested readers may want to investigate how reallocations can be prevented -- this might improve reliability even more.

License

Works for macOS Sierra and High Sierra (Improved version)

Taken from StackExchange

Thanks to LangLangC

For temperature and other improvements see https://gist.github.com/cdleon/d16e7743e6f056fedbebc329333d79df

This method leaves brightness control enabled

Reset SMC

Works for macOS Sierra and High Sierra

Taken from 2011 Macbook Pro Graphics Card FIX 100% WORKING!!!

EDIT This method works! But there is an improved version for better thermal management and brightness keys functionality. See improved version -> https://gist.github.com/cdleon/d1eff7246a25193304284ecec40445b0

Enter Recovery Mode (text mode)

if you are on high sierra 10.13.6+ you might need to use Command + r instead

Boot up holding down Command + r + s

	// ==UserScript==
	// @name Prevent link mangling on Google
	// @namespace LordBusiness.LMG
	// @match https://www.google.com/search
	// @grant none
	// @version 1.1
	// @author radiantly
	// @description Prevent google from mangling the link when copying or clicking the link on Firefox
	// ==/UserScript==

	-- luarocks install JSON4Lua
	-- luarocks install luacrypto

	local json = require "json"
	local crypto = require "crypto"

	local secret = '<MY SUPER SECRET>'
	local event = 'push'
	local branch = 'refs/heads/master'

	init_by_lua_block { require "cjson" }

	server {
	listen 80 default_server;

	server_name _;

	log_by_lua_block {
	print("I need no extra escaping here, for example: \r\nblah")
	}

	// Jenkins Pipeline DSL to demonstrate git merge before build
	node {
	String path = '/tmp/jenkins/upstream-repo'
	sh "rm -rf ${path}"
	ws(path) {
	sh 'git --version'
	sh 'git init'
	sh 'touch README.md; git add README.md; git commit -m "init"'
	sh 'git checkout -b pull-requests/1/from'
	sh 'touch file.txt; git add file.txt; git commit -m "Add file"'

	#!/usr/bin/sudo ruby

	#
	# revealer.rb -- Deobfuscate GHE .rb files.
	#
	# This is simple:
	# Every obfuscated file in the GHE VM contains the following code:
	#
	# > require "ruby_concealer.so"
	# > __ruby_concealer__ "..."

	---
	- hosts: all
	gather_facts: no
	sudo: no
	tasks:
	- name: run ssh-keyscan to add keys to known_hosts
	local_action: shell ssh-keyscan {{ ansible_ssh_host }} >> ~/.ssh/known_hosts