Skip to content

Instantly share code, notes, and snippets.

View jaonoctus's full-sized avatar

João Dias jaonoctus

197 followers · 45 following
View GitHub Profile
@jaonoctus
jaonoctus / disclosure_brix.md
Last active March 22, 2026 00:33
[PATCHED] Vulnerability Report — BRIX

Vulnerability Report — BRIX (Lightning Address Router)

I identified seven security vulnerabilities in the BRIX server. I am committed to working with the BRIX maintainers to resolve these issues responsibly.

Summary

Three vulnerabilities are externally exploitable with no authentication required and have been confirmed against the live instance at https://brix.brostr.app. One of these (VULN-7) is a full account takeover chain rated Critical (CVSS 10.0). The remaining four require internal access (database or deployment environment) but represent significant weaknesses in the PII protection model.

No data was exfiltrated. A test account (brixtest001@brix.brostr.app) was created solely to demonstrate the unauthenticated API findings and will not be used further.

@jaonoctus
jaonoctus / casa21_canary.txt.asc
Last active March 9, 2026 00:34
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
The members of Casa21, a hackerspace based in Brazil, have
received and complied with 0 requests for information of any
kind by any third parties including but not limited to
government agencies. We will renew this notice in 90 days time.
If this notice fails to be renewed by then, you should assume
the worst.
@jaonoctus
jaonoctus / bitcoin-powershell-windows.txt
Last active August 22, 2025 03:06
cd "$env:UserProfile"
New-Item -Path btc -ItemType Directory
cd btc
Invoke-WebRequest -Uri "https://bitcoincore.org/bin/bitcoin-core-29.0/bitcoin-29.0-win64.zip" -OutFile bitcoin.zip
# espere terminar de baixar
@jaonoctus
jaonoctus / 0_commands_docker.txt
Created August 20, 2025 00:17
# Clone the repository
git clone https://github.com/vinteum-bdl/infra-signet-docker
# Change to the project directory
cd infra-signet-docker
# Build the Docker image
docker compose build --no-cache bitcoin-node
# Start the container in detached mode
@jaonoctus
jaonoctus / docker-compose.yml
Created July 23, 2025 21:51
mempool
services:
web:
image: mempool/frontend:v3.2.1
user: "1000:1000"
init: true
restart: on-failure
stop_grace_period: 1m
command: "./wait-for db:3306 --timeout=720 -- nginx -g 'daemon off;'"
depends_on: [api]
ports: [3006:3006]
@jaonoctus
jaonoctus / docker-compose.yml
Created July 22, 2025 19:28
btcpay + phoenixd
services:
phoenixd:
image: acinq/phoenixd
volumes:
- phoenixd:/phoenix/.phoenix
ports: [9740:9740]
btpay:
image: btcpayserver/btcpayserver:2.1.6
entrypoint: ["dotnet", "BTCPayServer.dll"]
restart: on-failure
@jaonoctus
jaonoctus / ed25519_key_recover.sage
Last active July 21, 2025 20:07
How can you extract secret keys from ed25519 by doing: a = (S1 - S2) * (e1 - e2) ^ -1 % q
from hashlib import sha512
import os
# Prime field and constants
p = 2^255 - 19
q = 2^252 + 27742317777372353535851937790883648493
F = GF(p)
Zq = Integers(q)
# Curve constant d
@jaonoctus
jaonoctus / secp256k1_key_recover.sage
Last active July 22, 2025 20:25
How can you extract secret keys from ECDSA by doing: d = (((s1 * k) - h1) * r^-1) % n and how RFC6979 fix it
# Import needed libraries
import hashlib
# secp256k1 parameters
p = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F
a = 0
b = 7
n = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
Gx = 55066263022277343669578718895168534326250603453777594175500187360389116729240
Gy = 32670510020758816978083085130507043184471273380659243275938904335757337482424
@jaonoctus
jaonoctus / save-utxo-set-in-bitcoind.sh
Created July 18, 2025 17:48
# This file is internal and meant to be run by save-utxo-set.sh
BITCOIND="bitcoind -datadir=/data"
BITCOIN_CLI="bitcoin-cli -datadir=/data"
$BITCOIND &
BITCOIND_PID=$!
CURRENT_HEIGHT="$($BITCOIN_CLI -rpcwait getblockcount)"
let "PRUNED_HEIGHT=$CURRENT_HEIGHT - 289"
echo "Pruning to $PRUNED_HEIGHT"
@jaonoctus
jaonoctus / cashu_dleq.sage
Last active July 14, 2025 21:43
# --- Setup secp256k1 ---
p = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F
a_curve, b_curve = 0, 7
E = EllipticCurve(GF(p), [a_curve, b_curve])
G = E(
55066263022277343669578718895168534326250603453777594175500187360389116729240,
32670510020758816978083085130507043184471273380659243275938904335757337482424,
)
n = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141