Skip to content

Instantly share code, notes, and snippets.

Discover gists

@niw
niw / a.m
Created July 7, 2023 09:23
A parser for the visual format string
@import AppKit;
@import Foundation;
#include <stdio.h>
int main(int argc, char *argv[]) {
@try {
if (argc < 2) {
printf("Usage: %s [visual format for a 'view']\n", argv[0]);
return 0;
@niw
niw / 20240929.md
Last active January 23, 2025 20:25
The Hunt for the iOS 18 Neural Engine Bug: A Long Weekend Investigation

The Hunt for the iOS 18 Neural Engine Bug: A Long Weekend Investigation

This is the tale of a long weekend spent uncovering a mysterious iOS 18 Neural Engine bug—a journey of problem-solving in a system where full visibility is elusive, especially in the locked-down world of Apple’s platforms. But the process I followed is a general approach you can use for any opaque system. It all began last week when I stumbled upon a strange behavior in my iOS app. The output generated from a CoreML model was completely broken—something I had never seen before. And after some digging, I realized this only happened when the model was running on the Neural Engine of iOS 18. The first step was triage. I implemented a quick workaround in the app: if the device is running iOS 18, switch from the Neural Engine to the GPU. This temporarily solved the issue, but I had no idea why it worked or whether other CoreML models in the app’s pipeline might also be affected. Without a deeper understanding of the root cause, I knew I cou

@niw
niw / update_install_names.rb
Created October 11, 2024 13:57
Make frameworks portable.
#!/usr/bin/env ruby
require 'optparse'
require 'pathname'
def update_name(name, options)
pattern = /#{options[:rpath]}/
if name =~ pattern
suffix = $'
if options[:path].join(suffix).exist?
@niw
niw / colors.sh
Created December 31, 2024 14:18
Prints each color in the palette on terminal emulator.
#!/usr/bin/env bash
for i in {0..255}; do
printf "\x1b[48;5;%sm%3d\e[0m " "$i" "$i"
if (( i == 15 )) || (( i > 15 )) && (( (i-15) % 6 == 0 )); then
printf "\n"
fi
done
@mmozeiko
mmozeiko / incbin.c
Last active January 23, 2025 20:24
Include binary file with gcc/clang
#include <stdio.h>
#define STR2(x) #x
#define STR(x) STR2(x)
#ifdef _WIN32
#define INCBIN_SECTION ".rdata, \"dr\""
#else
#define INCBIN_SECTION ".rodata"
#endif
@yunga
yunga / Powershell Rosetta Stone.md
Last active January 23, 2025 20:23
Dos/Unix/Powershell Commands

Powershell Rosetta Stone

[CMD] [Unix] [Powershell] Synopsis
HELP [man] [Get-Help] Displays information about commands and concepts.
[apropos] [Get-Command] Gets all commands.
[Show-Command] Displays PowerShell commands in a graphical window.
@zchee
zchee / nvram.c
Last active January 23, 2025 20:23
nvram list from xnu-8020.101.4 (`rg PE_parse_boot_ --sort=path --line-number --no-multiline --no-heading`)
bsd/crypto/entropy/entropy_sysctl.c:134: if (__improbable(PE_parse_boot_argn(ENTROPY_ANALYSIS_BOOTARG, &sample_count, sizeof(sample_count)))) {
bsd/dev/dtrace/dtrace.c:19237: if (!PE_parse_boot_argn("dtrace_kernel_symbol_mode", &dtrace_kernel_symbol_mode, sizeof (dtrace_kernel_symbol_mode))) {
bsd/dev/dtrace/dtrace.c:19348: if (!PE_parse_boot_argn("dtrace_dof_mode", &dtrace_dof_mode, sizeof (dtrace_dof_mode))) {
bsd/dev/dtrace/dtrace.c:19412: PE_parse_boot_argn("keepsyms", &keepsyms, sizeof(keepsyms));
bsd/dev/dtrace/fbt_blacklist.c:395: PE_parse_boot_argn("IgnoreFBTBlacklist", &ignore_fbt_blacklist, sizeof(ignore_fbt_blacklist));
bsd/dev/mem.c:89:#include <pexpert/pexpert.h> /* for PE_parse_boot_argn */
bsd/dev/mem.c:272: PE_parse_boot_argn("kmem", &kmem, sizeof(kmem))) {
bsd/dev/unix_startup.c:286: (void) PE_parse_boot_argn("ncl", &ncl, sizeof(ncl));
bsd/dev/unix_startup.c:287: (void) PE_parse_boot_argn("mbuf_pool", &mbuf_pool, sizeof(mbuf_pool));
bsd/kern/bsd_init.c:442: if (PE_parse_boot_argn("rd"
@chriselgee
chriselgee / E-PS_Outside.ps1
Last active January 23, 2025 20:23
Enter-PSSession from outside a domain
# Tell the attack machine to trust these hosts on a foreign domain
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "ws01.example.com,sql02.example.com"
# Enter the credentials to use when connecting
$username = "example.com\compromisedAdmin"
$pass = "Luggage=12345"
$fancypass = ConvertTo-SecureString $pass -AsPlainText -Force
$dacred = New-Object System.Management.Automation.PSCredential ($userName, $fancypass)
# Connect!
@qycyfjy
qycyfjy / chipexample.py
Created September 1, 2023 11:46
PySide6 ChipExample Custom
import sys
from typing import Optional, List
from PySide6.QtCore import (
Qt,
Signal,
QPropertyAnimation,
QEasingCurve,
QRectF,
QPointF,
@hackermondev
hackermondev / research.md
Last active January 23, 2025 20:16
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k