| XZ Backdoor symbol deobfuscation. Updated as i make progress |
| 0810 b' from ' | |
| 0678 b' ssh2' | |
| 00d8 b'%.48s:%.48s():%d (pid=%ld)\x00' | |
| 0708 b'%s' | |
| 0108 b'/usr/sbin/sshd\x00' | |
| 0870 b'Accepted password for ' | |
| 01a0 b'Accepted publickey for ' | |
| 0c40 b'BN_bin2bn\x00' | |
| 06d0 b'BN_bn2bin\x00' | |
| 0958 b'BN_dup\x00' |
This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.
On March 29th, 2024, a backdoor was discovered in xz-utils, a suite of software that
| #define _GNU_SOURCE | |
| #define _ALL_SOURCE | |
| #include <pthread.h> | |
| #include <stdarg.h> | |
| #include <stdint.h> | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <string.h> | |
| #include <time.h> | |
| #include <unistd.h> |
[This portion of call begins at 25:47]
Me: I could make it really easy on you, if you think Apollo is costing you $20 million per year, cut me a check for $10 million and we can both skip off into the sunset. Six months of use. We're good. That's mostly a joke.
Reddit: Six months of use? What do you mean? I know you said that was mostly a joke, but I want to take everything you're saying seriously just to make sure I'm not - what are you referring to?
Me: Okay, if Apollo's opportunity cost currently is $20 million dollars. At the 7 billion requests and API volume. If that's your yearly opportunity cost for Apollo, cut that in half, say for 6 months. Bob's your uncle.
Reddit: You cut out right at the end. I'm not asking you to repeat yourself for a third time, but you legit cut out right at the end. "If your opportunity cost is $10 million" and then I lost you.
| #include <stdio.h> | |
| #include <string.h> | |
| const char *buf = "hello from linux\n"; | |
| char * const argv[] = { | |
| "/bin/sh", | |
| "-c", | |
| "echo 'hello from execve'", | |
| NULL, | |
| }; |
Note: I have moved this list to a proper repository. I'll leave this gist up, but it won't be updated. To submit an idea, open a PR on the repo.
Note that I have not tried all of these personally, and cannot and do not vouch for all of the tools listed here. In most cases, the descriptions here are copied directly from their code repos. Some may have been abandoned. Investigate before installing/using.
The ones I use regularly include: bat, dust, fd, fend, hyperfine, miniserve, ripgrep, just, cargo-audit and cargo-wipe.
| BS-SPEKE (defined on multiplicative groups) | |
| BS-SPEKE is a modified B-SPEKE with blind salt (OPRF). Modified B-SPEKE is a | |
| similar change from SPEKE as from SPAKE2 to SPAKE2+ to make it augmented. Doing | |
| this saves a scalar point multiply vs original B-SPEKE with blind salt. BS-SPEKE | |
| is the best augmented PAKE that I know of. Only problem is there are no proofs, | |
| but it's not hard to take the SPEKE proof, add the OPAQUE proof for OPRF, and | |
| it's obvious that the augmented change makes it augmented. So if anyone knows | |
| how to formally state that in a proof, that would be awesome to have. BS-SPEKE | |
| defined on ECC can be found here: |
| CPace (defined on multiplicative groups) | |
| CPace is the best balanced PAKE that I know of. CPace defined on ECC can be | |
| found here: | |
| https://gist.github.com/Sc00bz/545eb39a369b67242634bd9c3302627c | |
| Costs per step | |
| A: - *^^ | |
| B: *^ ^ |
| 3c3 | |
| < #define PATH_LOADSEARCH "/usr/local/emacs/lisp" | |
| --- | |
| > #define PATH_LOADSEARCH "/usr/lib/emacs/lisp" | |
| 7,11c7,9 | |
| < to set the Lisp variable exec-path and the first file name in it | |
| < sets the Lisp variable exec-directory. | |
| < exec-directory is used for finding various documentation files | |
| < and certain executables. */ | |
| < #define PATH_EXEC "/usr/local/emacs/etc" |
