Ryan Hileman

@lunixbochs

My opinions are the views of your employer.

Vrijeme pridruživanja: kolovoz 2008.

Tweetovi

Blokirali ste korisnika/cu @lunixbochs

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @lunixbochs

  1. Prikvačeni tweet
    12. kol 2019.

    I made a subleq (esoteric one instruction computer) interpreter in ROP for the ropship challenge at 's DEFCON CTF Finals, and an assembler that made it reasonable to write programs against

    Prikaži ovu nit
    Poništi
  2. 9. pro 2019.

    Street Fighter II using noise input to do the only two moves you need:

    Poništi
  3. 9. stu 2019.

    Still work to be done but Talon is getting close to having a triple-platform beta🤘

    Poništi
  4. 17. lis 2019.

    $ python3 >>> from ctypes import * >>> cast(id(2)+0x18, POINTER(c_long))[0] = 1 >>> 2 1 >>> 1 + 1 1 >>> 2 + 2 1

    Poništi
  5. 3. lis 2019.

    Collecting a new crowd-sourced dataset at to fill in some gaps in the wav2letter acoustic model. These prompts are all randomized. Please contribute, feel free to talk as fast or slow as you like.

    Poništi
  6. 3. lis 2019.

    This is surely an important milestone.

    Poništi
  7. 18. ruj 2019.
    Poništi
  8. 1. ruj 2019.
    Prikaži ovu nit
    Poništi
  9. 13. kol 2019.

    At the very end, to infinitely loop, the end of the chain is POP rsp, followed by the address of the start of the chain to reset the stack pointer.

    Prikaži ovu nit
    Poništi
  10. 13. kol 2019.

    It’s worth reading the ROP chain. We didn’t have much flexibility to branch, so half of the chain was about finding a way to do “if b <= 0: pc = c” NEG r1; CMC sets CF if 0 SAL r1 sets CF if <0 Then ADC; OR; SUB; AND masks the relative jump target to 0 if condition fails

    Prikaži ovu nit
    Poništi
  11. 12. kol 2019.

    I didn't get to use any of this because the organizers retired the challenge, so I hope you find it interesting :)

    Prikaži ovu nit
    Poništi
  12. 12. kol 2019.

    I implemented add, sub, multiply, divide, and modulo, and basic labels w/ conditional jumps. An instruction like multiply works by repeatedly subtracting one of the numbers, then inverting the result (subtracting it from 0).

    Prikaži ovu nit
    Poništi
  13. 12. kol 2019.

    A simple subasm program to pick a move based on the current ropship game tick would look like this: moves = [lrla] tick = HEAP[2] % 4 HEAP[0] = moves[tick]

    Prikaži ovu nit
    Poništi
  14. 12. kol 2019.

    ...so I decided to write a new assembler for it (subasm) that would turn some reasonable-looking source code into a SUBLEQ program:

    Prikaži ovu nit
    Poništi
  15. 12. kol 2019.

    SUBLEQ programs are basically just lists of numbers, where each triplet of numbers is [a, b, c]. This is almost as awful to program in as two-byte ROP.

    Prikaži ovu nit
    Poništi
  16. 12. kol 2019.

    I took SUBLEQ, aka "subtract and branch if less than or equal", which is this psuedocode "*b = *b - *a; if (*b <= 0) goto *c;". I implemented an interpreter for it in about 28 1-byte or 2-byte ROP-able instructions:

    Prikaži ovu nit
    Poništi
  17. 12. kol 2019.

    My next stop was one-instruction-set-computers:

    Prikaži ovu nit
    Poništi
  18. 12. kol 2019.

    I wanted to build a language capable of reading the game state and reacting on the fly without such a masochistic programming environment. I looked at languages FORTH first, but decided implementing one of those would be far too hard using only a few two-byte instructions.

    Prikaži ovu nit
    Poništi
  19. 12. kol 2019.

    I heard afterwards one team's winning strategy was to automatically watch the replay for each round and submit the previous winning team's moves as their own. My team calculated the moves to travel in a perfect circle around the game, and I think even implemented auto shielding.

    Prikaži ovu nit
    Poništi
  20. 12. kol 2019.

    x86_64 Intel instructions are variable length, and can be many bytes. So we were stuck cobbling together a program with only very short instructions, and couldn't use most of the instruction set.

    Prikaži ovu nit
    Poništi
  21. 12. kol 2019.

    I think finding a chosen 3-byte instruction was a 1 in 16 million chance (2 ** 24 = 16MB). 4 bytes (3 byte instruction + RET) would be 1 in 4 billion (2 ** 32 = 4GB). The random code page was 500MB, so 4-byte sequences would be too rare to reliably use.

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·