@Rairii@haqueers.com
@Rairii@haqueers.com avatar

Rairii

@Rairii@haqueers.com

Reversing (malware and otherwise); appsec and websec; embedded security; exploit dev; software preservationist; knows how not to use cryptography.

Currently finding bugs in Windows bootloaders.

You may also know me from capcom.sys.

#nobot

This profile is from a federated server and may be incomplete. Browse more on the original instance.

Rairii, to random
@Rairii@haqueers.com avatar

v5 = (void ******************)*v5;

no, hex-rays, this is a singly linked list

ernie, to random
@ernie@writing.exchange avatar

If I wanted to move my self-hosted Mastodon server to something more lightweight and manageable, what would y’all recommend? It is an instance that may have at most 3-4 accounts.

Rairii,
@Rairii@haqueers.com avatar

@ernie I'd suggest akkoma or gotosocial?

stacksmashing, to random

Breaking Bitlocker: Bypassing the Windows Disk Encryption - using less than $10 of equipment

https://www.youtube.com/watch?v=wTl4vEednkQ

Rairii,
@Rairii@haqueers.com avatar

@stacksmashing you might find this interesting : https://github.com/Wack0/bitlocker-attacks

I commented on your video but I didn't link the repo as the last time I tried to link it in a youtube comment, the comment never showed up.

Rairii,
@Rairii@haqueers.com avatar

@stacksmashing regarding what known adversaries have mentioned in public regarding bitlocker, I'm still awaiting a leak of Cellebrite Inspector, as I'm very interested to know what kind of bitlocker capabilities they have, given that they've alluded to such in blog posts in the past, and currently market it as having "custom bitlocker support". There's been so many leaks of UFED and none of Inspector...

...also, the Brazillian Federal Police doing research into bitlocker hardware attacks (as I mentioned in the list).

Rairii,
@Rairii@haqueers.com avatar

@stacksmashing Also, you might want to see the recording of my talk at @emf 2022, about windows bootloader issues (I demonstrate bitlocker key dumping in software): https://www.youtube.com/watch?v=U02ClZS8hqw

Rairii, to random
@Rairii@haqueers.com avatar

submitted talk to @emf cfp :)

nano, to random

clean.

Rairii,
@Rairii@haqueers.com avatar

@nano windows 98 se

malwaretech, to random

I asked ChatGPT to generate C code to covert a string to base64. Who can spot the vulnerability?

(Posted this on LinkedIn but still nobody has found it yet).

Rairii,
@Rairii@haqueers.com avatar

@malwaretech CryptBinaryToStringW returns length in chars, not bytes; correct alloc would be malloc(dwLength * sizeof(wchar_t))

Rairii,
@Rairii@haqueers.com avatar

@malwaretech the api docs said that when passing null pointer it returns length including null terminator

nano, to random

you WILL poke my nose

Rairii,
@Rairii@haqueers.com avatar

@nano boop

stacksmashing, to random

Lenovo X1 Carbon Bitlocker Key Sniffing any% Speedrun

(42.9 seconds)

video/mp4

Rairii,
@Rairii@haqueers.com avatar

@stacksmashing wondering if a software attack could beat that time

nano, to random

my baby brother doesnt cry
my baby brother doesnt scream
my baby brother doesnt whine
my baby brother SCREECHES

Rairii,
@Rairii@haqueers.com avatar

@nano ok but how does it compare to ridley on metroid fusion

nano, to random

hot take (fedi will hate this one)
windows isnt very good

Rairii,
@Rairii@haqueers.com avatar

@nano the components that are low level enough such that the ux redesigners and kpi optimisers can't touch them are perfectly cromulent

the rest keeps getting more and more terrible

ktemkin, to random
@ktemkin@chaos.social avatar

biblically accurate angel investor

Rairii,
@Rairii@haqueers.com avatar

@ktemkin why would they need to invest when they could just perform immaculate conception of profitable businesses

foone, to random
@foone@digipres.club avatar

GOD DAMN YOU EXPORT ADMINISTRATION REGULATIONS!

Rairii,
@Rairii@haqueers.com avatar

@foone the 90s crypto wars are over but at least one ebay seller refuses to ship MS software from the period with the non-nerfed crypto outside the US

Rairii, to random
@Rairii@haqueers.com avatar

current status: fixed the hal bug causing kd over usb gecko not to work, next issue:

>ppckd

Microsoft(R) Windows NT Kernel Debugger
Version 4.00
Copyright (C) Microsoft Corp. 1981-1996

Symbol search path is: D:\dolphin\SYMBOLS
KD: waiting to reconnect...
KD: Kernel Debugger connection established.
Kernel Version 1381 UP Free
Kernel base = 0x80439000 PsLoadedModuleList = 0x804b4490
[ppckd crashes]

Rairii,
@Rairii@haqueers.com avatar

seems it's sending one packet and getting a different response back???

Rairii,
@Rairii@haqueers.com avatar

i wasn't flushing the fifo correctly

KD: waiting to reconnect...
KD: Kernel Debugger connection established. (Initial Breakpoint requested)
Kernel Version 1381 UP Free
Kernel base = 0x80439000 PsLoadedModuleList = 0x804b4490
KD ModLoad: 80439000 805e2000 ntoskrnl.exe
KD ModLoad: 805e2000 805efe00 hal.dll
KD ModLoad: 806ea000 806f8e40 iossdmc.sys
KD ModLoad: 806f9000 8070a000 iosusb.sys
KD ModLoad: 8070a000 80712a80 Disk.sys
KD ModLoad: 805f0000 805f7ea0 CLASS2.SYS
KD ModLoad: 80713000 80769000 Fastfat.sys
804925f8 1600e00f
kd> db 80000000
80000000 50 6f 77 65 72 50 43 00-00 00 00 00 00 00 00 00 PowerPC.........
80000010 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
80000020 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
80000030 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
80000040 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
80000050 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
80000060 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
80000070 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
kd>

Rairii,
@Rairii@haqueers.com avatar

so kd is as expected pretty broken

even attempting to resume execution doesn't work

but register and memory dumping seems to work

hannah, to random
@hannah@posts.rat.pictures avatar

Between CVE and SCP i always forget which one is about weird incomprehensible scary shit and which is a guy with a skull head

Rairii,
@Rairii@haqueers.com avatar

@gsuberland @hannah my last cve number got an amazing roll, but it would be insanely more terrifying if it were SCP-2024-20666

Rairii, to random
@Rairii@haqueers.com avatar

political light gun arcade game: constitutional crisis

Rairii, to random
@Rairii@haqueers.com avatar

sci-fi series about going through portals to find a better video encoding format

Stargate AV1

ipg, to random
@ipg@wetdry.world avatar

the SD card logo pisses me off. you aren't discs why are you doing the disc thing.

Rairii,
@Rairii@haqueers.com avatar

@nano @ipg i think the "secure" meant the drm/memecrypto part of the spec that nobody ever used

nano, to random

OH MY FUCKING GOD, IF YOU PUT A SIM TOOL IN THE HOLE NEXT TO THE VISION PRO’S BATTERY CABLE, IT’S FUCKING WIDE LIGHTNING

ITS FUCKING WIDE LIGHTNING

Rairii,
@Rairii@haqueers.com avatar

@nano when two lightning cables love each other very much

Rairii, to random
@Rairii@haqueers.com avatar

ok, the weird crash/bugcheck on wii nt is DEFINITELY gpu-related

I forked fpvigx to get NT to write to the XFB directly

not only does this cause some neat glitch art, it also doesn't crash when minimising a window

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • kavyap
  • DreamBathrooms
  • thenastyranch
  • magazineikmin
  • tacticalgear
  • Durango
  • Youngstown
  • modclub
  • slotface
  • rosin
  • ethstaker
  • mdbf
  • ngwrru68w68
  • megavids
  • InstantRegret
  • everett
  • osvaldo12
  • GTA5RPClips
  • anitta
  • khanakhh
  • cubers
  • normalnudes
  • tester
  • cisconetworking
  • provamag3
  • Leos
  • lostlight
  • All magazines
    •