Skip to content

Instantly share code, notes, and snippets.

@thesamesam
thesamesam / xz-backdoor.md
Last active November 17, 2024 13:13
xz-utils backdoor situation (CVE-2024-3094)

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Background

On March 29th, 2024, a backdoor was discovered in xz-utils, a suite of software that

#include <stdio.h>
#include <stdint.h>
// Philips Sonicare NFC Head Password calculation by @atc1441 Video manual: https://www.youtube.com/watch?v=EPytrn8i8sc
uint16_t CRC16(uint16_t crc, uint8_t *buffer, int len) // Default CRC16 Algo
{
while(len--)
{
crc ^= *buffer++ << 8;
int bits = 0;
do
@Informatic
Informatic / README.md
Last active November 18, 2024 11:35
openlgtv webOS hacking notes

This is just a dump of some interesting undocumented features of webOS (3.8 specifically, on early 2018 4k LG TV) and other development-related tips.

Homebrew app ideas

@James-E-A
James-E-A / gamertag_to_xuid.sh
Last active March 21, 2024 20:14
Mostly self-contained bash+curl+sed+nc script to convert Xbox Live Gamertags into XUIDs (includes pseudo-UUID support for Floodgate-enabled Minecraft servers)
#!/bin/bash
set -e
set -o pipefail
# USAGE:
# bash gamertag_to_xuid.sh GAMERTAG [...] > out.csv
# DEPENDENCIES:
# - GNU Bash version 4 or newer (or any shell supporting pipefail, heredocs, read, readarray, and POSIX printf)
# - GNU sed version ?? or newer (or any sed implementation supporting, -n, -e, the "p" flag to "s", and capturing-group references in substitution)
@Treeki
Treeki / TurnipPrices.cpp
Last active November 1, 2024 14:15
AC:NH turnip price calculator
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
// munged from https://github.com/simontime/Resead
namespace sead
{
class Random
{
@gsurrel
gsurrel / Galaxy_S8_Debloat.sh
Last active August 8, 2024 13:25
Samsung Galaxy S8 debloat list
###########################
# Phone apps and services #
###########################
adb shell "cmd package install-existing com.android.stk" # SIM toolkit
adb shell "cmd package install-existing com.android.stk2" # SIM toolkit (maybe for dual-sim devices)
adb shell "cmd package install-existing com.sec.android.app.simsettingmgr" # SIM card manager, maybe required, contains configuration and settings for handling dual SIM (give a SIM an icon, a name, and so on)
adb shell "pm uninstall -k --user 0 com.samsung.android.smartcallprovider" # The 4th tab in the Phone app for 'local places'
adb shell "pm uninstall -k --user 0 com.sec.vsim.ericssonnsds.webapp" # NSDSWebApp. The Non Sim Device Solution (NSDS) is linked to VoLTE and VoWifi (Wifi Calling). NSDS allows connecting non sim devices to IMS core: https://uk.linkedin.com/in/hemant-kumar-dewnarain-2b779679
adb shell "pm uninstall -k --user 0 com.android.cts.ctsshim" # Part of the Android Compatibility Test Suite: https://source.android.com/compatibility/cts/setu
@castis
castis / bluetoothctl.py
Last active July 2, 2024 01:00 — forked from egorf/bluetoothctl.py
Bluetoothctl wrapper in Python
# Based on ReachView code from Egor Fedorov ([email protected])
# Updated for Python 3.6.8 on a Raspberry Pi
import time
import pexpect
import subprocess
import sys
import logging
@masthoon
masthoon / rpc_dump_rs5.txt
Created January 15, 2019 06:49
RPC interfaces RS5
--------------------------------------------------------------------------------
<WinProcess "smss.exe" pid 368 at 0x5306908L>
64
[!!] Invalid rpcrt4 base: 0x0 vs 0x7ffec24f0000
--------------------------------------------------------------------------------
<WinProcess "csrss.exe" pid 472 at 0x5306e48L>
64
Interfaces :
Endpoints :
@bahorn
bahorn / sign.py
Last active October 27, 2023 15:07
Implementation of the Tuya API signing.
import requests
import hashlib
import time
import uuid
import os
import copy
import json
# This is based on my personal implementation but stripped down to only what is
# needed to verify it.