@Rairii@haqueers.com
@Rairii@haqueers.com avatar

Rairii

@Rairii@haqueers.com

Reversing (malware and otherwise); appsec and websec; embedded security; exploit dev; software preservationist; knows how not to use cryptography.

Currently finding bugs in Windows bootloaders.

You may also know me from capcom.sys.

#nobot

This profile is from a federated server and may be incomplete. Browse more on the original instance.

whitequark, to random
@whitequark@mastodon.social avatar

<stdio.h>
struct x{};
int main() { printf("%d\n", sizeof(struct x)); }

clang test.c && ./a.out # prints 0
clang++ test.cc && ./a.out # prints 1

someone kill me

Rairii,
@Rairii@haqueers.com avatar

@whitequark i've come across this before

i think for c++ i used a zero-sized array (which may or may not be a gnu-ism i can't remember)...

nano, to random
@nano@fedi.nano.lgbt avatar

i made linux in infinite craft

Rairii,
@Rairii@haqueers.com avatar

@nano win32 plus linux

Rairii, to random
@Rairii@haqueers.com avatar

current status: so the open firmware framebuffer is set to use a colour lookup table

I'M GOING TO NEED TO KNOW WHERE THAT TABLE IS IN MEMORY

Rairii,
@Rairii@haqueers.com avatar

<some looking at linux drivers and reversing of os9 drivers later, followed by memory pokes in OF>

where the base address is the second value in assigned-addresses, where OS9 detects this by lower bit of the first u32 (flags?) as 0x18:

U16LE base+0xb0 is index, then U32LE base+0xb4 is data (00rrggbb) - this is what linux uses, probably for wider device support

there's also 30-bit RGB (10:10:10) at U32LE base+0xb8, which is what OS9 uses

Rairii,
@Rairii@haqueers.com avatar

interesting. in OF the first 16 colours are definitely the VGA colours

not sure what the other 240 colours are

Rairii, to random
@Rairii@haqueers.com avatar

if the flipper zero is so good where's the flipper one

Rairii,
@Rairii@haqueers.com avatar

@jordan my question still stands

Rairii,
@Rairii@haqueers.com avatar

flipper one? what am i saying, the next iteration would surely have to be the vegas zero or hollywood zero!

Rairii, to random
@Rairii@haqueers.com avatar

it begins

Rairii, to random
@Rairii@haqueers.com avatar

OF really takes forever to scroll the console (on framebuffer) up

so i just found the clear screen equivalent:

-1 to line#

Rairii, to random
@Rairii@haqueers.com avatar

additional blank CD-Rs GET

burned osx 10.2.4 install cd specifically for that system

and it DOES have the correct driver for the radeon 7500

...why was it so awkward to find OS9/OSX install media with the correct driver lol

malwaretech, to random

I've been working on a user mode EDR bypass that unloads the EDR DLL and spent the day confused debugging because for some reason my bypass works, but attaching the debugger to see if it worked causes the EDR DLL to get re-loaded, so it looked like it wasn't working the whole time

Rairii,
@Rairii@haqueers.com avatar

@gsuberland @malwaretech really common trick? i've implemented this on powerpc nt lol

SwiftOnSecurity, to random

Do you know what installing Windows as many times as I have does to the human mind.

Rairii,
@Rairii@haqueers.com avatar

@SwiftOnSecurity it burns product keys into your brain

Rairii, to random
@Rairii@haqueers.com avatar

current status: used all my remaining blank CDs on powerpc mac related things, everything classic mac or osx i've burned so far (and that includes the one already installed on the 20GB hd, which is ja-jp 9.2.2) reconfigures the framebuffer to 640x480

...i know the radeon 7500s in these ibook G3s are notorious for dying, but OF's setting up the initial 1024x768 framebuffer fine...

i would burn disc 1 of 10.2.4 for ibook g3, but as just said i'm out of blank CDs

oh well, if I port NT to this thing I'll only care about the OF framebuffer anyway

Rairii,
@Rairii@haqueers.com avatar

@wamwoowam display config in OS9 claims it's 1024x768 lol

Rairii, to random
@Rairii@haqueers.com avatar

so i messed around with the uninorth registers a bit, the ones at 0xF8000000 and noticed some things, but those things are mainly about how the address space mirroring works there

kiwa, to random
@kiwa@bitbang.social avatar

C
Wel ome

Rairii,
@Rairii@haqueers.com avatar

@kiwa ooh, is that a thing using that ucos-based firmware on mips?

Rairii, to random
@Rairii@haqueers.com avatar

woo

i ordered an ibook G3 (with charger) from yahoo auctions

it just arrived

Rairii, to random
@Rairii@haqueers.com avatar

bootmgr in 26052 updated the revocation version to 2.0 (from 1.0) and also changed the checks for said revocation version (early in main() and when boot application loads bootmgr) to parse dbx (using a new GUID for that) instead of just checking a NV|BS variable

Rairii,
@Rairii@haqueers.com avatar

the way the new dbx parameter was implemented is "interesting" (blame OEM's implementations for this i guess):

dbx is walked through looking for EFI_CERT_SHA256_GUID entries with signature owner EFI_IMAGE_DBX_SVN_GUID (9D132B6C-59D5-4388-AB1C-185CFCB2EB92)

when such an entry is found, the 0x20 bytes of "revoked hash" is instead the following structure:

BYTE Unused; // (version? accidentially using the wrong offset? whatever)
GUID BinaryIdentifier; // Identifies the binary being revoked by GUID. bootmgr's is 9D132B61-59D5-4388-AB1C-185CFCB2EB92
DWORD VersionNumber; // Identifies the minimum version of this binary that is allowed to run.
BYTE Padding[11];

where multiple entries exist for the same BinaryIdentifier, the largest VersionNumber is used.

this is basically the same as a proposal I gave MS some time ago (use an authenticated variable with updates, use the largest version for multiple entries), but using dbx for it and extended to support an arbitrary number of binaries.

tiraniddo, to random

Okay, so I did a quick dive into sudo in Windows and here are my initial findings. https://www.tiraniddo.dev/2024/02/sudo-on-windows-quick-rundown.html

The main take away is, writing Rust won't save you from logical bugs :)

Rairii,
@Rairii@haqueers.com avatar

@tiraniddo nice. i meant to look at it myself, especially since it was teased in 26047, but forgot to after bindiffing bootmgr lol

ipg, to random
@ipg@wetdry.world avatar

Xbox Game Pass? nah i'm paying for the Sky Game Pass

Rairii,
@Rairii@haqueers.com avatar

@ipg @chirpbirb all those shrek/spongebob/... 2d platformers that were all made with the same engine

ioletsgo, to random
@ioletsgo@wetdry.world avatar

Wait what do you mean one of the most important proteins is called "Sonic Hedgehog"

Rairii,
@Rairii@haqueers.com avatar

@ioletsgo i've actually read something about this! apparently there are lots of other proteins called hedgehog and one of the scientists involved in discovering this specific one just happened to see an issue of sonic the comic

lynnesbian, to random
@lynnesbian@fedi.lynnesbian.space avatar
Rairii,
@Rairii@haqueers.com avatar

@lynnesbian actually, i would say "i love NT", pointing to the custom userland i never finished

chris, to SuperMario
@chris@mstdn.chrisalemany.ca avatar

I wonder if I know people on Mastodon who have a Nintendo Wii with the downloaded blocks for Super Mario Bros 2, Super Mario Bros 3, and World and would be willing to share? 😊

I only downloaded the original many years back and now I wish I had the others. Can you even load them from someone else's SD card?

super mario nintendo GIF

Rairii,
@Rairii@haqueers.com avatar

@chris what you're looking for is the wad files :)

  • All
  • Subscribed
  • Moderated
  • Favorites
  • normalnudes
  • rosin
  • ngwrru68w68
  • tacticalgear
  • DreamBathrooms
  • mdbf
  • magazineikmin
  • thenastyranch
  • Youngstown
  • Durango
  • slotface
  • everett
  • vwfavf
  • kavyap
  • megavids
  • khanakhh
  • Leos
  • cisconetworking
  • cubers
  • InstantRegret
  • ethstaker
  • osvaldo12
  • modclub
  • anitta
  • provamag3
  • GTA5RPClips
  • tester
  • JUstTest
  • All magazines
    •