AboutGraduated uni few years ago, worked in security management, then as a survey technician. Want to get into dev field since I have enjoyed playing around with linux/web dev since I was a kid.
Joined devRant on 11/27/2018
Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
New Phrack article. Given they release like one a year, figured it warranted posting a link.
Title : Hypervisor Necromancy; Reanimating Kernel Protectors
Author: Aris Thallas
Date: 2020 Feb 14
"In this (rather long) article we will be investigating methods to emulate proprietary hypervisors under QEMU, which will allow researchers to interact with them in a controlled manner and debug them. Specifically, we will be presenting a minimal framework developed to bootstrap Samsung S8+
proprietary hypervisor as a demonstration, providing details and insights on key concepts on ARM low level development and virtualization extensions for interested readers to create their own frameworks and Actually Compile And Boot them ;). Finally, we will be investigating fuzzing implementations under this setup."
Today, I made someones day in 5 minutes by using my phone camera, a picture to pdf converter, and a wireless capable printer to take a sheet of music in a small book, supersize it, and print it so they could read it without squinting.
Sometimes I forget how awesome it is to have this technology on demand, and it takes someone who doesn't have it to realize just how cool it is.3
Cracked my first weak RSA implementation challenge today. Feels pretty awesome.
Involved primes that were very close, which means you can factorize the modulus quickly to get the private key. Normally, you would never use close primes as prime factorization's difficulty relies a certain amount on some distance between the two values.
The reason you can brute force close primes has to do with them being close in value to the square root of the function, meaning that you can search far quicker than if you were to try every combination of primes.2
I had the opportunity to ask some basic security questions of a government system that is rolling out (got invited to a meeting).
So now I am absolutely terrified about any technology that is being rolled out by this particular government agency. Their security model literally ends at "we use HTTPS".
Seriously, how the fuck are these systems not audited before they reach public use? Is this normal??4
Today the struggle was real.
But damn if it isn't days like this where you learn real shit.
Fighting with a debian VM for half the day to make a local development environment. I'm tired, but everything works, the project looks good, and I'm just sorta angry/tired/proud now.
I learned so much, and now want pie. I am going to go eat some pie.3
I bought a computer awhile back off Kijiji (Canada's craigslist) for a really good price. Today, decided I was going to upgrade the ram since I got a sick deal on some corsair vengence 8gb sticks online...
And just before installing it, I realize the fucker decided to use low profile RAM in his build for a reason: he (for some fucking reason) decided to route the airflow for the system by placing the cooling fan directly over the first 2 memory slots.
Guess who's 5 minute memory upgrade just turned into an hour of re-routing all the airflow in the PC and having to redo all the fan wiring.
I shouldn't complain, I mean I got this computer a couple years back for like $400, but still, wtf man...4
Today: FUCK RADARE
5 minutes later: FUCK GHIDRA
2 minutes later: God bless both of these wonderful programs, and I finally think I understand what is going on.
2 minutes later: Fuck this, I hate everything, I'm going back to studying hardware shit.1
Just got an amazing lecture by text from a university mentor of mine on some of the coolest shit to do with cat in linux, and why you can do things like open a shell with cat /bin/sh (or in my case, use it to stall a program and keep open a shell in a simple buffer overflow task).
God bless all you mentors out there who take the time to explain exactly how all this stuff works. It feels so good to have an idea on the mechanisms on "WHY" something works, not just that it does and that you should use it. As someone new, it makes all the difference.5
Today, I found out that the webmaster for the organization I volunteer at is using a security-by-obscurity PHP implemented design for the private data of our members. I've talked with him about it, but for a variety of reasons to do with organization and workload, it won't be changing.
I may have inadvertently gotten my old university's Comp Sci System Services addicted to CTF wargames. oops.
I also just found out that you can prevent a more command from automatically exiting on completion only by limiting the size of the window of your terminal. I lost a good 4 hours of trying literally every ssh command combination I could, when all I had to do was use a small terminal screen. Whoever designed this last challenge should be given an award and then shot.3
Remember kids, passwd is a readable file! You can have a very bad day trying to figure out a user's shell from side-channel attacks and getting nowhere, or you could remember that it LITERALLY SAYS WHAT IT IS PUBLICLY IF YOU DON'T FORGET THAT IT'S THERE.
On the plus side, I learned a ton about what you can do with ssh arguments and debugging logs. Shit's pretty cool.5
Spent over an hour on a shell script that wasn't working properly. I use it, works perfectly. Every time cron executes, does nothing, not even log an error.
It took me that long to realize that the user I was getting the cron to run on didn't have permission to write to my log file... You would think I'd realize this when my error scripts didn't log...
(on that note, the Bandit games at OverTheWire have been awesome refresher on getting back into the swing of linux - highly recommend)1
This year has been rough. No programming. 3 great job applications snuffed. Currently unemployed, and all my recent job experience in a field I don't want to continue working in due to not making my 3 career options. (Military and policing sort of thing)
So since I'm off for the holidays, and looking to really get back into computer work, I've come back to devRant. Missed you guys. <3
Now I've got to actually get good at something, and preferably employed in doing it. Any advice or stories are appreciated :D (but my mom said not to listen to strangers on the internet, so...)3
One of the ways I met a girl was helping her program her clubs website. Surprisingly a great way to talk about interests, likes, and dating (making an about page OP)
Today, a few thousand dollars of potential equipment being replaced was prevented by deciding to follow the network cords and finding out that the switchboard had the power cord knocked loose.
Payment was in candy.3
0: Monitors and Graphic's Cards become affordable for us poor graduates
1: Node bloat becomes a thing of the past with WA or has auto-minimize functionality to keep only essential code
2: North American internet companies all go out of business due to free super high speed infrastructure maintained by a trust of communities and elected delegates
not all "dev" related per se, but my current day to day gripes answered7
And fuck whomever decided not to follow programming convention and put that exclamation mark there, may they burn in hell.6
So, I got an iFixIt toolkit with a gift card from xmas. Was excited to tear into my iPhone6 given that it had lasted me a long time, and not that long ago, I had the screen repaired given I didn't know how to at the time and was working stupid long hours. I haven't used the phone in about 6 months now.
I open the device, and immediately 2 screws and a bracket fall out of the device. The inside is filthy, and appears to have corrosion (despite the fact I've never gotten water on it, I was kinda anal with that phone).
Whoever the guy was who "fixed" my screen apparently did so in a way that involved spilling something on my phone, over torquing a screw, breaking a bracket, and the entire thing looks sketch.
All while charging over $100. I can see why he insisted on having an otterbox on the phone now, he fucked up and was worried the one screw pin wouldn't hold the screen on. Motherfucking asshole.1
It is still blowing my mind how a button on my raspberry pi is programmatically functional in the same way as if I was programming a database and web app.
Fucking eh, why haven't I been doing this hardware stuff sooner? You can literally make physical shit happen. That is so cool!4
I swear not to become one of those meme posters. But couldn't resist this one.
Courtesy of https://imgur.com/gallery/oH4oI1I5
Well, I got 2 mega arduino kits and a raspberry pi over xmas (and no experience with either), plus unemployment, so my goals are learning the hardware side of things this year.
Also, hi devRant.3