Skip to content

Instantly share code, notes, and snippets.

View stevenjohnstone's full-sized avatar

Steven Johnstone stevenjohnstone

13 followers · 6 following
  • Smarter Grid Solutions
  • Glasgow
View GitHub Profile
@stevenjohnstone
stevenjohnstone / gist:28b9d64fc5012a6a6ea6741a6214c6c1
Created February 28, 2025 19:24
setup r65
Use this configuration file
```
{
"name": "Royal Kludge R65",
"vendorId": "0x342d",
"productId": "0xe481",
"keycodes": ["qmk_lighting"],
"menus": [
{
"label": "Lighting",
@stevenjohnstone
stevenjohnstone / bruteforce.c
Created May 5, 2021 18:31
brute force on https://roadrunnerwmc.github.io/blog/2020/05/08/nsmb-rng.html
// https://roadrunnerwmc.github.io/blog/2020/05/08/nsmb-rng.html takes about 10 seconds to find
// a fixed point for the random number generator
#include <assert.h>
#include <stdio.h>
#include <stdint.h>
uint32_t rand_nsmb(uint32_t *state) {
uint64_t value = (uint64_t)(*state) * 1664525 + 1013904223;
return *state = value + (value >> 32);
@stevenjohnstone
stevenjohnstone / rng.smt
Last active May 5, 2021 16:46
(set-logic QF_BV)
; Quicker way to find fixpoints in the rng discussed in
; https://roadrunnerwmc.github.io/blog/2020/05/08/nsmb-rng.html .
;
; On my machine (AMD Ryzen 5 3550H with 8G RAM), running this with z3
; finds a fixedpoint in about 80 seconds
; Here's the code we'll be modelling:
;
@stevenjohnstone
stevenjohnstone / antifuzz.go
Created January 27, 2021 22:11
Demonstration of issues with using gofuzz (no-hypen) with go-fuzz (has a hypen)
// +build gofuzz
// Package antifuzz shows how gofuzz transformation of inputs breaks coverage guidance.
//
// When running "go-fuzz -func FuzzGood", a crasher is found almost immediately. In contrast,
// when running "go-fuzz -func FuzzBad" no crasher is found and it likely won't for a long time.
package antifuzz
import fuzz "github.com/google/gofuzz"
@stevenjohnstone
stevenjohnstone / resume.json
Last active August 12, 2025 12:51
{
"meta": {
"theme": "paper-plus-plus"
},
"basics": {
"name": "Steven Johnstone",
"label": "Software Engineer with Strong Security Focus",
"email": "[email protected]",
"summary": "Seasoned security engineer with 15+ years of experience protecting critical national infrastructure, building security‑first products, and driving compliance for US federal programs. Passionate about breaking things to make them stronger—expert in secure development lifecycles, vulnerability management, and cloud‑native security.",
"location": {
@stevenjohnstone
stevenjohnstone / afl-fuzz.c
Last active July 31, 2020 15:20
A Lua AFL integration using the debug hook functionality which fires as Lua traverses lines
// Using the approach of afl-python to make a
// Lua fuzzer.
// Build with "gcc -I/usr/include/lua5.3/ -L/usr/local/lib -llua5.3 -rdynamic afl-fuzz.c"
// (or whatever works on your platform).
//
// Write a script which has a global function "fuzz" which reads all of stdin and processes it
// to exercise some code in which you'd like to find logic bugs.
#include <assert.h>
#include <fcntl.h>
@stevenjohnstone
stevenjohnstone / chapter5.py
Last active February 23, 2020 08:27
#!/usr/bin/env python
# coding: utf-8
import angr
import archinfo
import claripy
import time
def main():
p = angr.Project('ctf')
@stevenjohnstone
stevenjohnstone / tcache.c
Created March 25, 2019 22:09
#include <assert.h>
#include <dlfcn.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <stdint.h>
// Background reading: http://tukan.farm/2017/07/08/tcache/
const size_t msize = 0x100;
@stevenjohnstone
stevenjohnstone / env.c
Created March 25, 2019 21:46
#include <stdlib.h>
#include <string.h>
int main(int argc, const char **argv) {
char *foo = getenv("foo");
if (strcmp(foo, "bar") == 0) {
return 0;
}
return 1;
}
@stevenjohnstone
stevenjohnstone / env.py
Last active March 25, 2019 22:07
#!/usr/bin/env python
# coding: utf-8
import angr
import archinfo
import claripy
import time
def main():
p = angr.Project('ctf')