Seth Michael Larson sethmlarson
🛡️
sethmlarson
/ animal-crossing-nes-roms.py
Last active
August 6, 2025 03:56
Extract NES, Famicom, and Multiboot ROMs from Animal Crossing: https://sethmlarson.dev/extracting-nes-and-famicom-roms-from-animal-crossing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # License: MIT | |
| import sys | |
| import mmap | |
| import hashlib | |
| import struct | |
| # MD5 hashes from https://datomatic.no-intro.org | |
| # Headerless, as header is changed from non-AC releases. | |
| known_roms = { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import tarfile | |
| def _block_patched(self, count): | |
| if count < 0: | |
| raise tarfile.InvalidHeaderError("invalid offset") | |
| return _block_patched._orig_block(self, count) | |
| _block_patched._orig_block = tarfile.TarInfo._block | |
| tarfile.TarInfo._block = _block_patched |
sethmlarson
/ mitigation.py
Last active
June 3, 2025 13:38
Mitigation for CVE-2025-4517, CVE-2025-4330, CVE-2025-4138, and CVE-2024-12718
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import pathlib | |
| # Avoid insecure segments in link names. | |
| # 'tar' is a tarfile open for reading. | |
| for member in tar.getmembers(): | |
| if member.linkname and '..' in pathlib.Path(member.linkname).parts: | |
| raise OSError("Tarfile with insecure segment ('..') in linkname") | |
| # Now safe to extract members with the data filter. | |
| tar.extractall(filter="data") |
sethmlarson
/ source-and-docs-dependencies.csv
Created
May 1, 2024 20:54
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Package | Version | Ecosystem | |
|---|---|---|---|
| python | 3.10.12 | binary | |
| adduser | 3.118ubuntu5 | deb | |
| apt | 2.4.11 | deb | |
| asymptote | 2.78+ds-2 | deb | |
| base-files | 12ubuntu4.4 | deb | |
| base-passwd | 3.5.52build1 | deb | |
| bash | 5.1-6ubuntu1 | deb | |
| biber | 2.17-2 | deb | |
| bsdutils | 1:2.37.2-4ubuntu3 | deb |
sethmlarson
/ xar-generator.py
Created
January 29, 2024 17:09
Simple script for constructing small XAR files (License: CC0-1.0)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| Simple script for constructing small XAR files. | |
| License: CC0-1.0 | |
| """ | |
| import datetime | |
| import gzip | |
| import hashlib | |
| import io | |
| import struct |
sethmlarson
/ pycodeorg.py
Created
November 13, 2023 18:08
Simple module for querying data from py-code.org
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # MIT License | |
| # | |
| # Copyright (c) 2023 Seth Michael Larson | |
| # | |
| # Permission is hereby granted, free of charge, to any person obtaining a copy | |
| # of this software and associated documentation files (the "Software"), to deal | |
| # in the Software without restriction, including without limitation the rights | |
| # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
| # copies of the Software, and to permit persons to whom the Software is | |
| # furnished to do so, subject to the following conditions: |
Watch all the informational videos from the CNA onboarding documentation. Approximately an hour of content about the program, becoming a CNA, assigning CVE IDs, and creating CVE records. Slides are available on the website.
- CVE Program Overview (5 minutes)
- Becoming a CNA (15 minutes)
- Assigning CVE IDs (26 minutes)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "$id": "https://spec.openapis.org/oas/3.1/schema/2022-10-07", | |
| "$schema": "https://json-schema.org/draft/2020-12/schema", | |
| "description": "The description of OpenAPI v3.1.x documents without schema validation, as defined by https://spec.openapis.org/oas/v3.1.0", | |
| "type": "object", | |
| "properties": { | |
| "$schema": { | |
| "type": "string" | |
| }, | |
| "openapi": { |
sethmlarson
/ slsa-notes.md
Last active
January 28, 2023 23:20
Created example project: https://github.com/sethmlarson/python-slsa-release-test
Python doesn't have a specific builder yet. Only have source attestation using the generic builder. Used: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml
Attestation "subject.name" is taken as input from sha256sum, so check the output of that to ensure it's what you want (ie package.tar.gz vs dist/package.tar.gz) For this I had to include a cd dist/ && before the sha256sum * call. Not sure where this matters though?
Success:
NewerOlder