samy kamkar samyk
| 484e4f4a403f52430039200c50affaac00000137738aea3e0000017f0700001400023e000a140003070001140002413d000d0211020811000143011400024111000242021102000700024301340009110201070003133232421102023a07000426423e0004140001413d004111021007000507000644024a12000711020312000843013400250205000000933b0111020312000b323400111102043a0700042633000611020412000c4301424108421100014a120009430007000a254211020544004a12000d4300421100013a070004253400051100010225470004070000421100013a07000e2547001011000147000607000f45000307001042110001421100023247000607001114000207000014000311000114000411000403002947002e1100031100021102064a1200121102064a12001343001100021200141a430113181700033549170004204945ffc91100034205000000003b0114010f05000000273b00140109050000003d3b0014010b05000000463b0014010a05000000a13b0014010c05000000ad3b0114010d05000000e33b0214010e0842001500204a4a4a4a4a4a4a4a4a4a4a4a4a4a4a4a4a4a4a4a4a4a4a4a4a4a4a4a4a4a4a4a1103066c4f4f7343420d6c06034a4d405f490c48434f59414942586143484909594248494a454249480b4f43425f585e594f58435e01450458495f580b64786160 |
Twitter allows users to download parts of their data, see How to download your Twitter archive.
But what's not included in that data dump is the usernames/handles of the people that you follow or are following you. All you get is account IDs which is just an internal number and so a bit useless when it comes to archival.
Here's a way to get that data (you need to know how to run stuff in the terminal):
- Go to your Twitter profile in a desktop browser (Firefox or Chrome)
- Right click on page → Inspect → Network tab
- Click on the Following link (e.g. https://twitter.com/{yourusername}/following)
| /* | |
| BPG-400 gauge reader | |
| Copyright 2022 Andrey T. | |
| Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: | |
| The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. | |
| THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWAR |
The rumor tells that adm1n stores their secret split into multiple documents. Can you catch 'em all? https://postviewer-web.2022.ctfcompetition.com
The challenge consisted of an all client-side simple page, i.e. no backend code was involved. A user can upload any file which will be then locally stored in indexedDB. They can preview their files by either clicking on the title or by visiting file's URL, for example https://postviewer-web.2022.ctfcompetition.com/#file-01d6039e3e157ebcbbf6b2f7cb2dc678f3b9214d. The preview of the file is rendered inside a blob created from data: URL. The rendering occurs by sending file's contents to the iframe via postMessage({ body, mimeType }, '*')
Additionally, there is a /bot endpoint which lets players send URLs to an xss-bot imitating another user. The goal is to steal their documents.
| /** | |
| * Color conversion algorithms (RGB, HSL, XYZ, LAB, LCH) | |
| * Derived from jQuery Color Picker Sliders by István Ujj-Mészáros | |
| * Licensed under the Apache License 2.0 | |
| * https://github.com/istvan-ujjmeszaros/jquery-colorpickersliders | |
| */ | |
| export function rgbToHsl(rgb) { | |
| const r = rgb.r / 255 | |
| const g = rgb.g / 255 |
Beginning with devices using an A12 SoC or higher, Apple introduced nonce entangling.
- This meant that, when saving SHSH blobs, a nonce generator would generate a different ApNonce for each device.
- When saving SHSH blobs for an A12+ device, you now must find a generator-ApNonce pair for your device, then use that generator-ApNonce pair when saving SHSH blobs.
- After you have found a generator-ApNonce pair for your device, you can save it and re-use it whenever you save SHSH blobs again.
- (iOS 14+ only) Install an iOS kernel r/w library.
- On Taurine, install
libkernrw.
- On Taurine, install
- On unc0ver, install
libkrw.
| import Foundation | |
| import NearbyInteraction | |
| import MultipeerConnectivity | |
| import Combine | |
| var numberFormatter: NumberFormatter { | |
| let numberFormatter = NumberFormatter() | |
| numberFormatter.roundingMode = .halfEven | |
| numberFormatter.maximumFractionDigits = 3 | |
| numberFormatter.minimumFractionDigits = 3 |
These two scripts scrapes Android's permissions and iOS usage description lists. It extracts key information and stores it in JSON to use within other documentation.
- Android uses the Manifest Permissions documentation.
- iOS uses the Information Property List, together with each individual pages.
- Set up the files locally
