This article is now published on my website: Prefer Subshells for Context.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import itertools | |
import re | |
import z3 | |
base = 'plaidctf' | |
r = open('regex_57f2cf49f6a354b4e8896c57a4e3c973.txt').read().strip() | |
s = re.search(r'\((.*)\)', r).group(1) | |
s = s.split('|')[3:] | |
s = [re.findall(r'(.*?)\[(.*?)\]', it) for it in s] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/x.c b/x.c | |
index 5828a3b..ace044f 100644 | |
--- a/x.c | |
+++ b/x.c | |
@@ -116,8 +116,6 @@ typedef struct { | |
int width; | |
int ascent; | |
int descent; | |
- int badslant; | |
- int badweight; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <elf.h> | |
#include <fcntl.h> | |
#include <stdio.h> | |
#include <stdlib.h> | |
#include <sys/mman.h> | |
// killgdb.c - prevent an elf from being loaded by gdb. | |
// Jeffrey Crowell <crowell [at] bu [dot] edu> | |
// | |
// $ objcopy --only-keep-debug program program.debug |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ cat hashcat-markov-ends.sh | |
#!/bin/bash | |
# Ref: https://github.com/hashcat/hashcat/issues/1058 | |
echo "# A survey of the last string tried by hashcat's Markov for standard masks" | |
echo -n '# hashcat version: ' | |
hashcat --version | |
[ -f hashcat-markov-ends.list ] && rm hashcat-markov-ends.list |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
I wasn't first to get the key. Nor was I second, third, or even fourth. I'm probably not even the | |
10th to get it (ok, looks like I was the 8th.) But I'm happy that I was able to prove to myself | |
that I too could do it. | |
First, I have to admit I was a skeptic. Like the handful of other dissenters, I had initially | |
believed that it would be highly improbable under normal conditions to obtain the private key | |
through exploiting Heartbleed. So this was my motivation for participating in Cloudflare's | |
challenge. I had extracted a lot of other things with Heartbleed, but I hadn't actually set out to | |
extract private keys. So I wanted to see first-hand if it was possible or not. |
Short version: I strongly do not recommend using any of these providers. You are, of course, free to use whatever you like. My TL;DR advice: Roll your own and use Algo or Streisand. For messaging & voice, use Signal. For increased anonymity, use Tor for desktop (though recognize that doing so may actually put you at greater risk), and Onion Browser for mobile.
This mini-rant came on the heels of an interesting twitter discussion: https://twitter.com/kennwhite/status/591074055018582016
This is a collection of snippets, not a comprehensive guide. I suggest you start with Operational PGP.
Here is an incomplete list of things that are different from other approaches:
- I don't use keyservers. Ever.
- Yes, I use Gmail instead of some bespoke hipster freedom service