Finally put together a full writeup about wInd3x, the iPod Nano 5G bootrom vulnerability I discovered and exploited last year:

https://q3k.org/wInd3x.html

Hey, #Exxon is holding an office tour for my uni, it would be a huge shame if the signup form got spammed by some #ScientistRebellion or #ExxonKnew stuff.
It would be especially bad if the spammers mentioned Dark Basin and made some uni or Exxon employees look up the, khm, *alleged* connection between the hack for hire group that targeted ExxonKnew protesters, and Exxon Mobil.

Here is the form, please don't let the link fall into the wrong hands:

https://docs.google.com/forms/d/e/1FAIpQLSd4XJh9V-czmwH2pve9fqHEUuCcLi1BKvsYk3P6Jc4vCnLWgg/viewform

(edit: Oxford comma)

… https://twitter.com/SummerC0n/status/1637988841926672384?s=20 🫥 it can’t be…

Russia bans officials from using iPhones: ‘Either throw it away or give it to the children’ https://9to5mac.com/2023/03/20/russia-bans-officials-from-using-iphones/?utm_source=dlvr.it&utm_medium=mastodon

Mitigating #SSRF in 2023

// by Include Security

https://blog.includesecurity.com/2023/03/mitigating-ssrf-in-2023/

Plugin Highlight: Fuzzable
Author: @ex0dus
Want to integrate a fuzzing workflow with the best of static analysis? Fuzzable will not only help you target your fuzzer by suggesting potential functions of interest based on heuristics but will even create templates for some fuzzers to target those functions. It's been heavily updated since it's original release but the announcement blog has much more info: https://codemuch.tech/2021/06/07/fuzzabble/

SETI@home is in hibernation https://setiathome.berkeley.edu

"ipsec is the printers of the network world"
ok ok point taken ​

So, let's say that we have 2 functions in binary A matching 2 functions in binary B *but* both A functions and B functions have the exact same score for the 4 matches (and the same callers and callees). This looks like a complex match to resolve, right?

So, what do you think is (apparently) the best and simplest method in #BinaryDiffing to determine which match is the appropriate one?

#Diaphora #BinDiffing #BinaryDiffing

Note for 2024: properly celebrate Sluzzle Tag

"Traditional Sluzzle Tag music consists of grindcore."

"the residents of Elmore decorate their bathrooms accordingly with skeletons and barbed wire"

"Junk food is traditionally eaten on Sluzzle Tag. A specialty is the Sluzzlewurst (invented by Richard), made up of cheese, bacon, processed meats, and other junk food jammed into a sausage."

https://theamazingworldofgumball.fandom.com/wiki/Sluzzle_Tag

While the #CryptoWars continue, we would like to remind everyone of two very convincing facts for the pro #encryption side:

✅ 1. Encryption can't be outlawed

✅ 2. Backdoors for the good guys only are impossible

Read our position on the ongoing crypto wars: https://tutanota.com/crypto-wars/

#CSAM #OnlineSafetyBill #BackDoor

I’m still looking for files using:
- OS/360 OFF
- GOFF

No love for mainframe? ASCII is so boring… ;)

PSA: Did you know that function argument evaluation order in C is undefined, and gcc / clang are actually doing the opposite of each other?

I did, but that knowledge didn't make today's debugging session much shorter and less puzzling.

The starting point was that the same code worked fine on Linux but doesn't work on macOS. Nothing system-specific anywhere near the error.

As it turns out, somewhere deep down there was some code relying on a specific argument evaluation order. Something in the shape of

copy(reader_read_data(r, reader_get_remaining(r)), reader_get_remaining(r));

With gcc this copied the remaining amount of data, with clang this silently copied nothing. gcc is evaluating arguments right-to-left, clang left-to-right. So clang was first advancing the cursor to the end, and then the remaining amount of data was actually 0.

Should you write such code? No. Does it make sense for the code to behave differently with different, well-behaving compilers? Also no.

The code in question did not cause any compiler warnings, and no static code analyser I tried (including coverity) detected it either.

Fortunately another thing Rust got right: argument evaluation is explicitly defined as left-to-right.

And this is just one of the parts of C with undefined, unspecified or implementation-defined behaviour. Far too many footguns to keep in mind to realistically avoid having one or another showing up somewhere sooner or later.

#C #Programming #Bug #FootGun #RustLang

My son keeps asking questions so now I have to quickly learn how radios work...

Recommended content?

Brace owlself, VBA is coming!

New post from @XC3LL => "VBA: resolving exports in runtime without NtQueryInformationProcess or GetProcAddress"

https://adepts.of0x.cc/vba-exports-runtime/

"Exploiting aCropalypse: Recovering Truncated PNGs"

My writeup on exploiting CVE-2023-21036 (un-cropping Android screenshots!)

https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html

Is Pwnie Awards on Fedi yet? I think this acropalypse thing (and the potential fallout of that "w" behavior elsewhere) will worth a nomination!

This is insaaanely good https://www.youtube.com/watch?v=gnEIeVWLtbU

interesting talk about the '60-'80s KEYHOLE spy-satellite imagery, that is apparently available for use: https://berlin-ak.ftp.media.ccc.de/events/fossgis/2023/h264-hd/fossgis2023-23868-deu-Das_Beste_der_60er_70er_und_80er_hochaufloesende_Spionagesatellitenaufnahmen_hd.mp4

LB: So let me get this straight. Cropped screenshots on Google Pixel phones have been leaking uncropped data for years because:

- Android changed opening files with the "w" mode to NOT truncate, breaking decades of existing convention retroactively, it was noticed and reported 2 years ago, and it took this long to fix.
- The authors of the Markup tool didn't follow the standard POSIX safe overwrite process where you *always* write out a new file first and then rename it over the old one, instead of overwriting in place.

WTAF. The first issue alone quite likely is a major security issue for many apps beyond Markup. The second one is just bad code. Combined we get this ridiculous situation.

Now I'm just glad I use LineageOS with only some GApps, not the entire Pixel Google bloat package.