Skip to content

Instantly share code, notes, and snippets.

View dfyz's full-sized avatar

Ivan Komarov dfyz

60 followers · 4 following
View GitHub Profile
@dfyz
dfyz / README.md
Created September 14, 2025 18:57
Разбор задания «Дикий огурец» с ALFA CTF 2025

Из документации к PyTorch:

torch.load() unless weights_only parameter is set to True, uses pickle module implicitly, which is known to be insecure. It is possible to construct malicious pickle data which will execute arbitrary code during unpickling.

Из этого неявно следует, что режим weights_only=True должен был secure. Тем не менее, задача на то, чтобы прочитать флаг, контролируя содержимое файла, которое подаётся в torch.load(..., weights_only=True).

sploent.py [URL] распечатает флаг на stdout, в предположении, что сервис запущен на URL (по умолчанию http://localhost:20022/). Цепочка примерно такая:

  1. Этот баг позволяет обойти проверку на валидность tuple чуть ниже и пропихнуть в persistent_load(), например, list.
  2. Сервис запущен с отключенными ассертами, поэтому можно заехать [сюда](https://github.com/pytorch/pytorch/blob/ba56102387ef21a3b04b357e5b183d48f0afefc7/to
@dfyz
dfyz / 12_1.py
Created September 12, 2025 16:43
import numpy as np
import numpy.linalg as la
import math
A = np.diag([100, math.sqrt(201)] + [0] * 200)
print(f'Shape of A: {A.shape}')
print(f'2-norm of A: {la.matrix_norm(A, ord=2)}')
print(f'Frobenius norm of A: {la.matrix_norm(A, ord="fro")}')
print(f'Condition number of A: {la.cond(A)}')
@dfyz
dfyz / config.log.bad
Created March 21, 2025 11:32
config.logs from asan experiments
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by gperftools configure 2.16, which was
generated by GNU Autoconf 2.72. Invocation command line was
$ configure --program-prefix= --target=x86_64-unknown-linux --build=x86_64-unknown-linux --host=x86_64-unknown-linux --enable-silent-rules --disable-dependency-tracking --enable-static --disable-shared --prefix=/ix/store/XSSujChPvg36kPmQ4ZFmd7-lib-gperftools-16 --sbindir=/ix/store/XSSujChPvg36kPmQ4ZFmd7-lib-gperftools-16/bin --libexecdir=/ix/store/XSSujChPvg36kPmQ4ZFmd7-lib-gperftools-16/lib/lib_gperftools_16 --disable-cpu-profiler --disable-heap-profiler --disable-heap-checker --disable-debugalloc --enable-minimal --disable-deprecated-pprof --enable-sized-delete
## --------- ##
## Platform. ##
@dfyz
dfyz / suboptimal_pwning.py
Created December 29, 2024 20:22
Suboptimal Pwning from hxp 2024
from pwn import *
context.arch = 'amd64'
context.terminal = ['tmux', 'splitw', '-h', '-F' '#{pane_pid}', '-P']
def get_tube():
# returns (tube, use_pow)
if args.LOCAL:
@dfyz
dfyz / main.cu
Last active June 27, 2024 20:09
// nvcc -O2 -std=c++17 -gencode=arch=compute_80,code=sm_80 -I .../cutlass/include -I .../cutlass/tools/util/include --expt-relaxed-constexpr -lcublas -o main main.cu
#include <cutlass/gemm/device/default_gemm_configuration.h>
#include <cutlass/layout/matrix.h>
#include <cutlass/numeric_types.h>
#include <cutlass/gemm/device/gemm.h>
#include <cutlass/gemm/device/gemm_grouped.h>
#include <cutlass/gemm/kernel/gemm_grouped.h>
#include <cutlass/gemm/kernel/default_gemm_grouped.h>
#include <cutlass/util/host_tensor.h>
@dfyz
dfyz / pytorch.patch
Created May 21, 2024 20:51
An hackish example of integrating NCCL kernel-level profiling into PyTorch
diff --git a/torch/csrc/autograd/profiler_kineto.cpp b/torch/csrc/autograd/profiler_kineto.cpp
index c68eb18099..f7038051d3 100644
--- a/torch/csrc/autograd/profiler_kineto.cpp
+++ b/torch/csrc/autograd/profiler_kineto.cpp
@@ -31,6 +31,9 @@
#ifdef USE_KINETO
#include <libkineto.h>
#include <time_since_epoch.h>
+#include <dlfcn.h>
+
@dfyz
dfyz / ftrace.txt
Last active April 9, 2024 23:11
https://github.com/jart/cosmopolitan/issues/1138
>src\forktest.com --ftrace
FUN 2556 12684 5'596'885 440 &__nocolor_init
FUN 2556 12684 5'810'695 456 &getenv
FUN 2556 12684 5'934'173 440 &winclock_init
FUN 2556 12684 6'158'823 456 &QueryPerformanceCounter
FUN 2556 12684 6'378'783 456 &QueryPerformanceFrequency
FUN 2556 12684 6'981'566 440 &outinit
FUN 2556 12684 7'126'687 456 &__fflush_register
FUN 2556 12684 7'245'432 504 &pthread_mutex_lock
FUN 2556 12684 7'351'612 552 &nsync_mu_lock
@dfyz
dfyz / linux_aarch64.png
Last active February 25, 2024 14:35
TeX goes cross-platform
linux_aarch64.png
@dfyz
dfyz / bad.txt
Created February 9, 2024 03:18
Busytex AR shenanigans
native/texlive/libs/potrace/Makefile:AR = ar
native/texlive/libs/gmp/Makefile:AR = ar
native/texlive/libs/libpng/Makefile:AR = ar
native/texlive/libs/pixman/Makefile:AR = ar
native/texlive/libs/harfbuzz/Makefile:AR = ar
native/texlive/libs/zziplib/Makefile:AR = ar
native/texlive/libs/teckit/Makefile:AR = ar
native/texlive/libs/gd/Makefile:AR = ar
native/texlive/libs/cairo/Makefile:AR = ar
native/texlive/libs/zlib/Makefile:AR = ar
@dfyz
dfyz / kutrace_large.jpg
Last active January 29, 2024 01:57
Some additions to https://thume.ca/2023/12/02/tracing-methods
kutrace_large.jpg