I came across the
slides
of a presentation by J. Donenfeld on Linux/OpenBSD Kernel Random
Number Generators (RNG). In one of the slides, a weakness in the
generator has been mentioned. The original design is based on the
paper “Twisted GFSR Generators” by Matsumoto and Kurita. 92'
paper
describes an elegant way to make use of a generalized feedback shift
register to generate a key stream. However, the implementation did not
follow the paper’s assumptions that makes the generator
vulnerable. Here is a brief study of the PRNG included in the Linux
Kernel for the curious.
I use Morph to deploy my NixOS
network for a while and I am pretty happy about it. Lately, I’ve
decided to add a little machine to the network that is an
aarch64/RPI3. However, my custom kernel patches and configurations
require a kernel rebuild every once in a while a new version of Linux
is released. This made the wait times insurmountable so I decided to
give Hydra a try. However, I was
not able to find instructions specific to building Morph networks in
Hydra. This article is mostly a self-note with the inclusion of a
missing piece in the puzzle.
I must admit the title is a little bit
misleading. Wireguard is a very nice
tunneling implementation by J. Donenfeld. There is nothing
fundamentally wrong with it. However where I live, the protocol is
crippled and somewhat blocked by the provider firewalls. Join me while
I prescribe a solution to the problem and prevail as a Wireguard fan!
I was curious about a SAS drive that has a secondary port which is
basically comprised of a pair of differential signals, TX/RX. However my
HBA and backplane were not compliant with these redundant server
drives so I decided to devise a patch.
I was tasked to re-use an old ATX Molex. However, how hard I tried
with my stainless-steel tweezers I was unable to remove any pin. So I
dediced to look for a tool. Unfortunately, I couldn’t find one other
than the ones on AliExpress. No time to wait for shipping, decided to
look for a solution. In this article, I’m gonna describe a tool by
modifying a monopole whip antenna that can be found attached to old
radio.
In a previous article, AFL stages are explained in detail. This time,
I’ll try to go over the elements that make up the user
interface. There are plenty of stats generated by a fuzzing session.
For instance, you can track the overall progress by counters such as
cycles done, total paths, unique crashes and unique
hangs. Join to learn more.
In this article, I’ll go over the various fuzzing stages included in
AFL. These are bitflip, arithmetic, interesting, extras,
havoc and splice. Do you think all these stages are deterministic?
Or else, do you want to know the probabilistic ones? Read on.
In a previous article, I’ve covered American Fuzzy
Lop Internals. This time, I am going
to look into a library called libtokencap included in AFL. The name
suggests that it is related to capturing tokens and it is true. It
allows capturing constants at runtime. So why do we need such a
shared library? Read on.
American Fuzzy Lop is a fuzzer
developed by lcamtuf and many others joined him to make it better. For
example, a forkserver is designed by J. Horn for faster target
executions. Also, the pre-assembly pass has been replaced by a proper
LLVM pass written by L. Szekeres. In this article, I’m going to give a
shot to explain the internals since it is almost always pleasant to
follow brilliant people’s work.
This was a surprise I must admit. Did not
name
it either. Never thought I’ll see such a flaw in a signature
algorithm. If you have any OpenJDK version from 15 to 18 in production,
read on.
I was reading the OpenSSH
portable codebase trying
to dig out anything interesting and saw very strange lines of code
during the key generation of Ed25519 signature algorithm. Curious as
always started digging whether or not it is legitimate.