@Rairii@haqueers.com
@Rairii@haqueers.com avatar

Rairii

@Rairii@haqueers.com

Reversing (malware and otherwise); appsec and websec; embedded security; exploit dev; software preservationist; knows how not to use cryptography.

Currently finding bugs in Windows bootloaders.

You may also know me from capcom.sys.

#nobot

This profile is from a federated server and may be incomplete. Browse more on the original instance.

GossiTheDog, to random
@GossiTheDog@cyberplace.social avatar

One from the archives. Still works.

mhoye, to random
@mhoye@mastodon.social avatar

The appetizer: lol the taliban deleted my account

The main course: short-URL services whose names end in .ly

yassie_j, to random
@yassie_j@labyrinth.zone avatar

Yubikey? Is that a new Missk–

thememesniper, to random
@thememesniper@wetdry.world avatar

but what if, i were to create my own GenuineTicket.xml and disguise it as a real activation? oh hoho, delightfully devilish seymour

fasterthanlime, to random
@fasterthanlime@hachyderm.io avatar

Why can’t all licenses be like the GPL and have a lesbian variant (LGPL), an ace variant (AGPL) etc.??

tiraniddo, to random

Okay, so I did a quick dive into sudo in Windows and here are my initial findings. https://www.tiraniddo.dev/2024/02/sudo-on-windows-quick-rundown.html

The main take away is, writing Rust won't save you from logical bugs :)

ipg, to random
@ipg@wetdry.world avatar

Xbox Game Pass? nah i'm paying for the Sky Game Pass

makryfa, to random

Me: ​:blobraccoon_cofe:​
Customer: Help my Server doesn’t boot up ​:neofox_angel_pleading:​
Me: ​:blobraccoon_business:​ Investigating for a bit… Hardware/Network OK… There seems to be no OS installed…
Customer: But I’ve setup my system and everything worked prior to reboot. ​:neofox_evil:​
Me: Investigates again to find that he used a Live Rescue System and ran it for about 1 1/2 years in production. Therefore everything was gone after reboot. ​:blobraccoon_trash:​

starfrost, to random
@starfrost@wetdry.world avatar
Myadeleines,
@Myadeleines@wetdry.world avatar

@starfrost

NanoRaptor, to random
@NanoRaptor@bitbang.social avatar

Some assembly required.

hannah, to random
@hannah@posts.rat.pictures avatar

Between CVE and SCP i always forget which one is about weird incomprehensible scary shit and which is a guy with a skull head

ryanc, (edited ) to random

It's been ten years, so a short story about the "gotofail" bug.

Someone came to me about a catastrophic vulnerability in Apple's TLS implementation.

I shit you not, they'd overheard someone at a bar drunkenly bragging about how they were going to sell it to a FVEY intelligence agency for six figures.

They didn't know exactly what it was, just some vague details and the key point that it allowed use of the real certificate.

This was enough for me to find the bug (yay open source), which would go on to be known as "gotofail", and produce a working exploit in less than a day.

The details were anonymously back channelled to Apple, who released a fix.

@matthew_d_green posted on Twitter about it, concerned by Apple's vague release notes.

I used a burner phone to share the details with him anonymously.

Then everyone forgot about the whole thing because heartbleed.

¯_(ツ)_/¯

erin, to random
@erin@quiescent.nexus avatar

picking up where we left off in the previous thread: https://fedi.quiescent.nexus/notice/AeRV7KpDmnSI2Ewg4G

the hardware part o this story seems to be mostly done. it powers up and works. I have yet to test the actual servo drive, robot is not even connected at this point, but I'd say we're most of the way there.

let's look at the boot sequence: https://www.youtube.com/watch?v=LWHW8WK4cDk

00:03 - powerup.
00:07 - low voltage supply status led check.
00:14 - computer starts post sequence.
00:26 - windows 95 starts booting.
00:34 - wait what? yes, wxwrt.vxd. wxworks.
00:40 - at about this point the external monitor starts getting output, as the kvga driver is loaded and enables the vga port, which is normally disabled.
00:50 - windows boots, autostart kicks off kuka software.
01:16 - the control software proper starts up and begins hardware initialization.
01:39 - "download" begins - the digital signal processors on the mfc card are "downloading" firmware.
02:00 - dsps boot, last stage of startup begins.
02:20 - startup complete.

now, this is actually not the correct software for the krc1 control encosure. it's the volkswagen software that was configured for the vkrc1 hardware (see the linked thread). this is why it immediately throws a ton of errors.

next step: reinstall proper software.

more posts in this thread incoming soon.

erin,
@erin@quiescent.nexus avatar

so what’s up with that vxworks?

this is what happens:

  • windows loads the vxworks “driver” which is actually a vxworks bootloader.
  • vxworks kernel starts booting, preempts win95 kernel and takes over.
  • vxworks kernel installs its own interrupt service routines.
  • vxworks finishes booting, then turns windows into its subprocess.
  • win95 is allowed to finish booting, unaware that it’s no longer really controlling the machine.

from that point on, win95 is handling gui and some pheripherals (disk, network, etc.) and runs the non-realtime parts of control software.

vxworks, meanwhile, runs some of the realtime part of the entire thing, on the same 400mhz celeron. those include motion planning and axis position feedback loops.

the final part of the puzzle is the texas instruments tms320c32 digital signal processor that runs the hard realtime tasks including servo phase waveform generation.

this is not entirely unlike other industrial realtime control systems, but it is admittedly a bit wacky and unique. to the best of my knowledge, this vxworks port was not used by anyone beyond kuka.

winload_exe, to random
@winload_exe@wetdry.world avatar

sudo rd C: /s /q is not real and cannot hurt you-
sudo mode in Microsoft Windows:

hacks4pancakes, to random

Oh no. https://ascii.theater/

hukaulaba, to retrocomputing

Finally got it to boot from disk. I'll update my wiki with the instructions shortly.

sour_dani, to random

Okay furries, it's time to drop what you're doing and migrate to the TRUE furry programming language.

ipg, to random
@ipg@wetdry.world avatar

leave it to Microsoft to give you a free trial of 0-days

gavi, to random
@gavi@wandering.shop avatar

State sponsored reply guys is such a funny concept to me idk why

ipg, to random
@ipg@wetdry.world avatar

the vision pro's capabilities seem underwhelming so far from what i've seen, so i'm glad i'm in the UK and couldn't have made a Very bad purchase. instead i will keep making purchases of crap hardware to reverse engineer for fun

ipg,
@ipg@wetdry.world avatar

lol allegedly vision pros are region locked?? if your apple ID is set to any region outside of the US you can't use one. that's so fucking stupid lol

lynn, to random
@lynn@woof.tech avatar

Hi, I’m officially here ^-^ help me find everyone by sharing? :3

gsuberland, to random
@gsuberland@chaos.social avatar

shakespeare is eliminated by the compiler optimisation pass because it correctly infers that (2b)|~(2b) is always constant (UINT_MAX)

niconiconi, to Electronics

Fun fact: Just like microcontrollers, the fuse bits in desktop CPUs can occasionally get loose, causing single-bit flips. This is likely responsible for many strange CPUIDs in the wild, some reported cases include "GenuineIotel" CPUs [1] and a "Intel Core i4" CPU. [2] #electronics

[1] https://twitter.com/InstLatX64/status/1101230794364862464
[2] https://www.bilibili.com/video/BV13t4y127TX

ezio, to random
@ezio@akko.wtf avatar

>dude reverse engineered a chineese clone of emerald

>"the ROM is stored on writable flash, which is also where the save file is written too. You cant access the rom while flashing so it copies code to ram and runs jt there to save"

Jesus mab that is one hella overengineered solution

ezio,
@ezio@akko.wtf avatar

Oh but the best part

Dude dumped the rom by CRASHING A GBA AND RECORDING THE CRASH SOUND FOR HOURS https://youtu.be/0-7PSmYYHF0

Yea so it turns out if you crash a gba game and wait long enough, the "crash sound" starts playing the entire address space, so if you take enough recordings and do a majority vote on differences, you can dump a ROM

How the fuck do people figure this shit pit

SwiftOnSecurity, to random

Imagine being in NATO Command controlling all your drones with AI and a random input makes it generate a catgirl on the big main screen and crash all the bombs on friendly territory and generals are angrily demanding you explain how AI works and why this happened but you can’t.

You look through the input and it’s like “CATEGORY: GROUND RAPID RESPONSE” which some coder last month had shortened to “CAT:GRR” and passed the user interface element to the AI instead of the full text.

And years later they recover a full corpus of the lost AI training material and there was a blog in 2003 that posted a new catgirl going rawr every day for like 11 years all tagged with “cat” and “grr!”

Welcome to the future of war.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • normalnudes
  • rosin
  • ngwrru68w68
  • tacticalgear
  • DreamBathrooms
  • mdbf
  • magazineikmin
  • thenastyranch
  • Youngstown
  • Durango
  • slotface
  • everett
  • vwfavf
  • kavyap
  • megavids
  • khanakhh
  • Leos
  • cisconetworking
  • cubers
  • InstantRegret
  • ethstaker
  • osvaldo12
  • modclub
  • anitta
  • provamag3
  • GTA5RPClips
  • tester
  • JUstTest
  • All magazines
    •