| XZ Backdoor symbol deobfuscation. Updated as i make progress |
| 0810 b' from ' | |
| 0678 b' ssh2' | |
| 00d8 b'%.48s:%.48s():%d (pid=%ld)\x00' | |
| 0708 b'%s' | |
| 0108 b'/usr/sbin/sshd\x00' | |
| 0870 b'Accepted password for ' | |
| 01a0 b'Accepted publickey for ' | |
| 0c40 b'BN_bin2bn\x00' | |
| 06d0 b'BN_bn2bin\x00' | |
| 0958 b'BN_dup\x00' |
This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.
On March 29th, 2024, a backdoor was discovered in xz-utils, a suite of software that
| // Use like this: node --import logger.js yourapp.js | |
| import path from 'path'; | |
| const { log } = console; | |
| [`debug`, `log`, `warn`, `error`, `table`, `dir`].forEach((methodName) => { | |
| const originalLoggingMethod = console[methodName]; | |
| console[methodName] = (...args) => { | |
| const originalPrepareStackTrace = Error.prepareStackTrace; | |
| Error.prepareStackTrace = (_, stack) => stack; |
V8 is Google’s open source high-performance JavaScript and WebAssembly engine, written in C++. It is used in Chrome and in Node.js, among others. It implements ECMAScript and WebAssembly, and runs on Windows 7 or later, macOS 10.12+, and Linux systems that use x64, IA-32, ARM, or MIPS processors. V8 can run standalone, or can be embedded into any C++ application.
SpiderMonkey is Mozilla’s JavaScript and WebAssembly Engine, used in Firefox, Servo and various other projects. It is written in C++, Rust and JavaScript. You can embed it into C++ and Rust projects, and it can be run as a stand-alone shell. It can also be [compiled](https://bytecodealliance.org/articles/making-javascript-run-fast-on
This is a standalone Preact 10+ implementation of the deprecated replaceNode parameter from Preact 10.
It provides a way to render or hydrate a Preact tree using a subset of the children within the parent element passed to render():
<body>
<div id="root"> ⬅ we pass this to render() as the parent DOM element...
| import { h, hydrate } from 'preact'; | |
| let C = 0; | |
| export function Root({ href, data, children }) { | |
| let json = data && JSON.stringify(data); | |
| let id = 'root:'+++C; | |
| return [ | |
| h(`!--${id}--`), | |
| children, | |
| h('component-root', { href, id }, |
This extractor runs on debian linux and allows you to read the image content without owning an Onyx Boox device
Please use a Debian based linux device to run the script. Please follow the steps below:
MODEL column of your desired devicedownload.sh, and replace DEVICE_NAME with your name of your desired devicedownload.sh
It's possible to render HTML in Preact using the dangerouslySetInnerHTML prop,
however doing so bypasses the Virtual DOM entirely. This may be reasonable for
static HTML, but interactivity can be a little painful to graft on without VDOM.
There is another technique available that melds HTML to Virtual DOM without such limitations.
| import { options } from 'preact'; | |
| // Fix Preact rendering when Google Translate breaks the DOM | |
| const FONT_AS_TEXT = { | |
| localName: { | |
| value: null | |
| }, | |
| nodeType: { | |
| value: 3 | |
| }, |