Time for my first proper blog post in 3 years:
V8 Heap pwn and /dev/memes - WebOS Root LPE
da.vidbuchanan.co.uk/blog/webos-wam
Pinned Tweet
Show this thread
Follow
Click to Follow David3141593
David Buchanan
@David3141593
Reverse Engineering, cryptography, exploits, hardware, file formats, and generally giving computers a hard time. Occasional CTF player. Fedi: @retr0id@retr0.id
David Buchanan’s Tweets
pov: you are publicly disclosing a security vulnerability, at the end of a by-the-books coordinated disclosure process.
read image description
ALT
1
1
41
Quote Tweet
New blog post alert: "Exploiting aCropalypse: Recovering Truncated PNGs"
da.vidbuchanan.co.uk/blog/exploitin
13
Show this thread
New blog post alert: "Exploiting aCropalypse: Recovering Truncated PNGs"
da.vidbuchanan.co.uk/blog/exploitin
Quote Tweet
Introducing acropalypse: a serious privacy vulnerability in the Google Pixel's inbuilt screenshot editing tool, Markup, enabling partial recovery of the original, unedited image data of a cropped and/or redacted screenshot. Huge thanks to @David3141593 for his help throughout!
Show this thread
7
110
225
Unauthorized Breakfast Disclosure
Quote Tweet
Tested it with a cropped screenshot I sent to a friend, and it leaked my breakfast haha 
Show this thread
7
For a hint at how the bug works, see this issuetracker.google.com/issues/1805265 (more details coming soon™)
3
7
56
Show this thread
This bug is a bad one.
You can patch it, but you can't easily un-share all the vulnerable images you may have sent.
The bug existed for about 5 years before being patched, which is mind-blowing given how easy it is to spot when you look closely at an output file.
Quote Tweet
Introducing acropalypse: a serious privacy vulnerability in the Google Pixel's inbuilt screenshot editing tool, Markup, enabling partial recovery of the original, unedited image data of a cropped and/or redacted screenshot. Huge thanks to @David3141593 for his help throughout!
Show this thread
7
132
601
Show this thread
Does anyone maintain a userscript for discord that hides all the gratuitous nitro upsells?
13
Can you spot the vuln that this API is likely to introduce into client code, due to poor design?
read image description
ALT
3
5
28
Show this thread
Introducing acropalypse: a serious privacy vulnerability in the Google Pixel's inbuilt screenshot editing tool, Markup, enabling partial recovery of the original, unedited image data of a cropped and/or redacted screenshot. Huge thanks to for his help throughout!
86
1,269
3,335
Show this thread
The writeup:
Quote Tweet
The Quest for Netflix on Asahi Linux
("do not violate the DMCA challenge 2023")
da.vidbuchanan.co.uk/blog/netflix-o
read image description
ALT
1
3
14
Show this thread
The Quest for Netflix on Asahi Linux
("do not violate the DMCA challenge 2023")
da.vidbuchanan.co.uk/blog/netflix-o
read image description
ALT
18
331
1,796
so called free thinkers when
*** Error in `main': double free or corruption (top): 0x0000000000755020 ***
Aborted (core dumped)
1
8
69
👀
Quote Tweet
Google's March Pixel update with Android 13 QPR2 and Feature Drop is late 9to5google.com/2023/03/06/mar
5
I just made it more cursed!
Previously it required an LD_PRELOAD hack to provide some functions that libgcc doesn't currently export.
Now, I inject those missing functions directly into the binary - so it Just Works!
2
1
13
Show this thread
Here's the patcher script, *hopefully* it's self-explanatory enough. See the widevine-aarch64 AUR package page for more info on how to get it installed.
1
1
12
Show this thread
I think I can avoid the custom glibc with some even more advanced ELF patching (converting the relocation format to something more standard)
1
9
Show this thread
For some reason it doesn't work with netflix, perhaps it doesn't like the fact that I'm not running chromeos (I'll try spoofing the useragent...)
Spotify does work though.
2
15
Show this thread
I just got Widevine working on Asahi Linux 😎
I had to hand-patch the binary to be compatible with asahi's 16KB page size, as well as installing a custom glibc with support for the RELR relocations used.
I'll try to document this and make a guide soon™
read image description
ALT
10
28
206
Show this thread
fun fact
Quote Tweet
Fun Fact:
The "You Wouldn't Steal a Car" ad (2004) uses the same font (XBAND Rough) as in Hackers (1995)
1
4
45
Show this thread
