Skip to content

Instantly share code, notes, and snippets.

View kyprizel's full-sized avatar
💭
'

kyprizel kyprizel

💭
'
190 followers · 37 following
View GitHub Profile
@arianvp
arianvp / SSH_MACOS_SECURE_ENCLAVES.md
Last active March 15, 2026 07:11
Native Secure Enclaved backed ssh keys on MacOS

Native Secure Enclave backed ssh keys on MacOS

It turns out that MacOS Tahoe can generate and use secure-enclave backed SSH keys! This replaces projects like https://github.com/maxgoedjen/secretive

There is a shared library /usr/lib/ssh-keychain.dylib that traditionally has been used to add smartcard support to ssh by implementing PKCS11Provider interface. However since recently it also implements SecurityKeyProivder which supports loading keys directly from the secure enclave! SecurityKeyProvider is what is normally used to talk to FIDO2 devices (e.g. libfido2 can be used to talk to your Yubikey). However you can now use it to talk to your Secure Enclave instead!

@luk6xff
luk6xff / ARMonQEMUforDebianUbuntu.md
Last active March 5, 2026 18:40 — forked from bruce30262/ARMDebianUbuntu.md
Emulating ARM with QEMU on Debian/Ubuntu

You might want to read this to get an introduction to armel vs armhf.

If the below is too much, you can try Ubuntu-ARMv7-Qemu but note it contains non-free blobs.

Running ARM programs under linux (without starting QEMU VM!)

First, cross-compile user programs with GCC-ARM toolchain. Then install qemu-arm-static so that you can run ARM executables directly on linux

If there's no qemu-arm-static in the package list, install qemu-user-static instead

@egirault
egirault / Syscan2015Badge.md
Last active November 11, 2024 17:51
Dumping the flash memory of the Syscan 2015 badge

Dumping the flash of the Syscan 2015 badge

The badge of the Syscan 2015 conference included an ARM-based STM32F030R8 processor running some challenges. Although SWD pins are accessible on the badge, some have noted that the STM32 is readout-protected, meaning that it will refuse to dump its flash memory.

Fortunately, two researchers (Johannes Obermaier and Stefan Tatschner) recently published a paper at the WOOT '17 conference, in which they reveal a vulnerability allowing to bypass the readout protection. Their technique allows to dump the flash one DWORD at a time, rebooting the CPU between each access.

I implemented this attack using a BusPirate and the PySWD module. Here is a quick'n dirty PoC to

@cure53
cure53 / 1266386.md
Last active May 30, 2020 17:55
OTF+SVG allows to read info character by character with only a STYLE injection through XEE & timing

OTF+SVG allows to read info character by character with only a STYLE injection through XEE & timing

Intro

Mozilla Firefox supports a feature that allows to define SVG images inside an OTF font to represent characters. This is useful if we for example want to work with colorful characters, Emoji, animated characters and so on. Firefox is currently the only relevant browser supporting this technology.

The general technology and its advantages are described here:

@a-dma
a-dma / yubitouch.sh
Last active March 8, 2026 00:26
Bash script for setting or clearing touch requirements for cryptographic operations in the OpenPGP application on a YubiKey 4.
#!/bin/bash
# Bash script for setting or clearing touch requirements for
# cryptographic operations the OpenPGP application on a YubiKey 4.
#
# Author: Alessio Di Mauro <alessio@yubico.com>
GCA=$(which gpg-connect-agent)
DO=0
UIF=0
@yrp604
yrp604 / safe-stack-notes.md
Last active March 29, 2017 01:20
Safe Stack Notes

Note: I've only briefly read the related CPI paper (PDF), this is just initial impressions after playing around with it a bit.

All the code and binaries I used can be downloaded here. Note that I removed -DFORTIFY_SOURCE=2 to make the examples a bit simpler.

-fsanitize=safe-stack basically seems to move stack based buffers off the actual stack, onto another segment of memory (I'll call it the fake stack). The actual stack then stores references to this segment. For example:

char buf[20];
printf("%p\n", buf);
@jdziemidowicz
jdziemidowicz / ct-submit.py
Last active November 26, 2024 08:13
Simple Certificate Transparency certificate submission client
#!/usr/bin/python
import sys
import argparse, json, base64, struct
import urllib2
from datetime import datetime
LOGS = {
'icarus': 'https://ct.googleapis.com/icarus',
'pilot': 'https://ct.googleapis.com/pilot',
@Rurik
Rurik / asm_find_math.py
Last active September 16, 2023 17:17
Detect subroutines that may have encryption/encoding routines by finding XOR and shift routines.
# Automatically find XOR/SHL/SHR routines from an executable
# Uses IDAW (text IDA)
# @bbaskin - brian @ thebaskins.com
# While other, more powerful scripts like FindCrypt find known
# algorithms this is used to find custom encoding or modified
# encryption routines
"""
Script results:
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
@Kartones
Kartones / postgres-cheatsheet.md
Last active March 13, 2026 05:30
PostgreSQL command line cheatsheet

PSQL

Magic words:

psql -U postgres

Some interesting flags (to see all, use -h or --help depending on your psql version):

  • -E: will describe the underlaying queries of the \ commands (cool for learning!)
  • -l: psql will list all databases and then exit (useful if the user you connect with doesn't has a default database, like at AWS RDS)
@jpluscplusm
jpluscplusm / README.md
Last active February 22, 2020 22:36
A primitive Double A (AAA-minus-Accounting) RBAC system implemented in declarative Nginx config

Nginx Double A

A primitive Double A (AAA-minus-Accounting) RBAC system implemented in declarative Nginx config.

Background

So I noticed https://github.com/alexaandru/elastic_guardian, a simple AAA reverse-proxy to sit in front of Elasticsearch. Reading the source and comments tickled my "why is this in code not config?" funnybone.

I asked @alexaandru (https://twitter.com/jpluscplusm/status/438339557906735104) who told me it was mostly the resulting complexity of the nginx config he tried that prompted him to write it.