Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @lunixbochs
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @lunixbochs
-
Prikvačeni tweet
I made a subleq (esoteric one instruction computer) interpreter in ROP for the ropship challenge at
@oooverflow's DEFCON CTF Finals, and an assembler that made it reasonable to write programs againsthttps://github.com/lunixbochs/subasm …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Street Fighter II using noise input to do the only two moves you need:https://youtu.be/pf-jkbIPovs
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Still work to be done but Talon is getting close to having a triple-platform beta
pic.twitter.com/HWARfLP20d
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
$ python3 >>> from ctypes import * >>> cast(id(2)+0x18, POINTER(c_long))[0] = 1 >>> 2 1 >>> 1 + 1 1 >>> 2 + 2 1
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Collecting a new crowd-sourced dataset at https://speech.talonvoice.com to fill in some gaps in the wav2letter acoustic model. These prompts are all randomized. Please contribute, feel free to talk as fast or slow as you like.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
At the very end, to infinitely loop, the end of the chain is POP rsp, followed by the address of the start of the chain to reset the stack pointer.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
It’s worth reading the ROP chain. We didn’t have much flexibility to branch, so half of the chain was about finding a way to do “if b <= 0: pc = c” NEG r1; CMC sets CF if 0 SAL r1 sets CF if <0 Then ADC; OR; SUB; AND masks the relative jump target to 0 if condition fails
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I didn't get to use any of this because the organizers retired the challenge, so I hope you find it interesting :)
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I implemented add, sub, multiply, divide, and modulo, and basic labels w/ conditional jumps. An instruction like multiply works by repeatedly subtracting one of the numbers, then inverting the result (subtracting it from 0).
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
A simple subasm program to pick a move based on the current ropship game tick would look like this: moves = [lrla] tick = HEAP[2] % 4 HEAP[0] = moves[tick]
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
...so I decided to write a new assembler for it (subasm) that would turn some reasonable-looking source code into a SUBLEQ program:https://github.com/lunixbochs/subasm …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
SUBLEQ programs are basically just lists of numbers, where each triplet of numbers is [a, b, c]. This is almost as awful to program in as two-byte ROP.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I took SUBLEQ, aka "subtract and branch if less than or equal", which is this psuedocode "*b = *b - *a; if (*b <= 0) goto *c;". I implemented an interpreter for it in about 28 1-byte or 2-byte ROP-able instructions:https://github.com/lunixbochs/subasm/blob/master/subleq.rop …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
My next stop was one-instruction-set-computers: https://esolangs.org/wiki/OISC
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I wanted to build a language capable of reading the game state and reacting on the fly without such a masochistic programming environment. I looked at languages FORTH first, but decided implementing one of those would be far too hard using only a few two-byte instructions.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I heard afterwards one team's winning strategy was to automatically watch the replay for each round and submit the previous winning team's moves as their own. My team calculated the moves to travel in a perfect circle around the game, and I think even implemented auto shielding.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
x86_64 Intel instructions are variable length, and can be many bytes. So we were stuck cobbling together a program with only very short instructions, and couldn't use most of the instruction set.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I think finding a chosen 3-byte instruction was a 1 in 16 million chance (2 ** 24 = 16MB). 4 bytes (3 byte instruction + RET) would be 1 in 4 billion (2 ** 32 = 4GB). The random code page was 500MB, so 4-byte sequences would be too rare to reliably use.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.