Skip to content

Instantly share code, notes, and snippets.

View scarlion1's full-sized avatar

π–˜π–ˆΝˆΜΊπ–†π–— scarlion1

1 follower · 0 following
  • 01:44 (UTC -07:00)
View GitHub Profile
@scarlion1
scarlion1 / copy-fail-exploit-breakdown.md
Last active May 12, 2026 17:22
The "Copy.Fail" Page Cache Exploit: Why drop_caches doesn't always work and how to fully? clean it up

If you're testing the copy.fail/exp Python exploit (or similar modern Linux page cache poisoning exploits) and find that echo 3 > /proc/sys/vm/drop_caches does not remove the backdoor, here is the technical breakdown of what actually happened to your system and how to fix it.

TL;DR: The exploit bypasses the dirty flag, but the page can be flushed to disk if a kernel sync or background process touches that memory segment.Β Β If you wait too long to drop the caches like I did, the Linux kernel's background threads will permanently write the backdoor to your physical disk.Β Β I had to force-reinstall the package and clear my bash hash cache to fully cleanup this exploit.

Here is a deep dive into my findings (with Gemini's help):

1. The Exploit Mechanics (AF_ALG + splice)

The Python payload doesn't just drop a new binary; it performs a surgical strike on the existing utility (like /usr/bin/su).Β Β It uses the splice() system call to link the file's memory pages to a pipe, and then abuses a kernel flaw i

@scarlion1
scarlion1 / Add TOTP entry to KeepassXC using Linux CLI.md
Last active April 6, 2026 21:13
Add TOTP entry to KeepassXC using Linux CLI

Save the QR Code to /tmp or whatever, then use:

sorairolake/qrtool - GitHub

to decode the QR Code: qrtool decode /tmp/qrcode.gif This should return an otpauth:// URI

Add decoded otpauth URI to KPXC entry manually in the Advanced page as an "Additional attribute" with the title otp and Protect enabled, like so: image

@scarlion1
scarlion1 / spacefm_comparison_report.md
Created November 16, 2025 18:40
Abacus.AI DeepAgent SpaceFM Analysis

SpaceFM Comparison Report: gameblabla/spacefm vs Debian spacefm-gtk3 1.0.6-10

Report Date: November 16, 2025
Analysis Purpose: Identify key differences to resolve Wayland segfaults and navigation issues

Executive Summary

The Debian spacefm-gtk3 1.0.6-10 package and the gameblabla/spacefm fork are both based on SpaceFM version 1.0.6 (released March 4, 2018). However, they have diverged significantly in their patch sets:

@scarlion1
scarlion1 / README.md
Created November 2, 2025 22:54
OpenWrt Dnsmasq Cache Viewer for Custom Commands (luci-app-commands)

OpenWrt Dnsmasq Cache Viewer

A lightweight shell script for OpenWrt routers to dump and display the dnsmasq DNS cache in a clean, formatted table.Β  Works with basic busybox/ash environment.

Features

  • Triggers dnsmasq cache dump via SIGUSR1
  • Extracts and formats the most recent cache dump from logs
  • Displays cache statistics (queries, memory usage, server stats)
  • Works with OpenWrt's ujail-wrapped dnsmasq processes

Requirements