-atlas wandering-
Bloggorama for breaking things

\

• /(75)

Subscribe
Subscribe to a (RSS) feed of this weblog.

Archives


This Blog

atlasutils-2.2.19.tgz

stuff

lots going on lately. to many things to talk about.

winning ctf
ok, so to be totally honest, i did not "win" ctf. i was on a great team that worked really hard, thought outside the box, and overcame lots of obstacles to win ctf. in fact, you may have even seen me walk across stage right at the end of the team, but i really played little role in that. perhaps the role of encouraging, prodding, thinking. turns out, wrffr and i spent a lot of time reversing compiled perl code in a silly but annoyingly insane service called parrot (which, to my knowledge, nobody else landed either). there were times wrffr and i talked about working on something else, and indeed he ended up working on another service for a while called "gallows", but we never landed either. in fact, speaking with cas after the game, wrffr still working in a corner while the rest of us drank ddtek's liquor, i found out that wrffr's service was a red herring... without a vuln. it was apparently to alert ddtek in th event someone popped an 0day and started simply overwriting keys (as if that'd be a bad thing).

parrot was kinda sick (although i give great cred to cas for making it interesting). the service was compiled perl (using B::C), which means that there's a massive initialization phase (placing the program into memory as perly things). connect to the service, it forked itself and provided you with an ever-changing menu with altered characters to make the words in the menu. there were two options, one was a version of Mastermind, the other a version of Madlib. we were able to modify variables using Madlib templates we were able to name, and using that capability, we had to modify the number of Mastermind options there were (the game uses 200, something we could not brute force before timeout-disconnect). once there, you had to play connect-four against some very lame ai (ie. easy win at this point) before actually causing an overwrite memory corruption and gain code execution. this, where parrot's perly-cousin 'dog' forced you to simply play the game and get a key :)


binary ninja junk
wow, fun stuff. vivisect was made public! envi and viv work continuing, good stuff. nothing like grokking systems at a binary level. love seeing others discovering the beauty of the bit (yeah, the manifesto got it wrong). computers are nothing more than a binary pointalism.


RfCat
so, we're continuing to improve and use RfCat for amazing goodness! i wish i could tell you some of the conversations going on, but some pretty awesome folks are using and abusing the RfCat. again, back to my love of grokking things at a really low level. yes, i realize an sdr is lower level yet, but RfCat is right where it needs to be in order to bring the power of RF to the widest audience. major thanks to Major Malfunction, Michael Ossmann, and others who have provided patches for new functionality and bugs/bugfixes! Andrew recently reported a bug in the Frequency handline which Mossmann then submitted a patch for (awesome)!


political crap
ok, so i read an annoying headline the other day. "61 bills: congress is on pace to make history with the least productive legislative year in the post-WWII era".
great. so we are measuring our legislature's productivity in how many bills they've passed. i'm reading that to state "let's make more laws" and that i'm not ok with. how about someone calling out how few laws have come *off* the books? that is a better measure of success in my book, at least at the moment. let's lessen the burden on the american people, reduce the number of laws we have to be unaware of.


family
had some medical issues but handling it. thanks for your kind words and care. not outta the woods yet. found some bad infection, but looks treatable, not sure if there are other issues at play still. waiting on cardiologist


grrcon and derbycon
so, Derbycon and GrrCON decided to overlap, sorta. however, i'll be presenting at both, as will kevin johnson. come to both! more info following soon about preorders for RfCat to be picked up at either GrrCON or Derbycon!

hack fun!
@

[] permanent link / /