-
Dec 31, 2023
I have run some tests on my iSCSI backend, with the intent of planning several upgrades, including
whether I should route ethernet cables to the studio, as I am currently
on a wireless network. This exercise forced me to try to produce a model that describes the
throughput of iSCSI requests. What I eventually got seems to work and it enabled me to make data driven
performance projections with different configurations that I then verified experimentally.
-
Sep 9, 2023
As part of my disaster recovery plan, I want to have offline backup of 2FA codes
for online banking to generate OTPs without my phone in case of emergency.
This required reverse engineering my bank’s Android OTP application, that I expected would
reveal some kind of HMAC-based HOTP/TOTP calculation. I found instead
an implementation which is significantly more complex, involving thousand of calls to
aes.Encrypt. The work presented in this post is the result of reverse engineering
smali code from the...
-
Aug 26, 2023
I have recently reverse engineered some control paths of an old MS-DOS tool from Broadcom which came
as a UPX compressed linear executable prepended with Protected Mode extender and required
tools such as IDA 4.1, IDA 5.0, to be reverse engineered. This post is a collection of notes
explaining how to get from binary to disassembled and decompiled code for applications packaged
in a similar way.
-
Feb 4, 2023
I have been working on UEFI OptionROM malware research using a Broacdom BCM5751 1G Network Card
and initially used the old B57UDIAG.EXE utility for MS-DOS environment to overwrite PXE ROM and enable or
disable PXE boot. However, to iterate quickly during my experiments I needed to manipulate OptionROM directly
under Linux. This required reverse engineering some control paths of B57UDIAG.EXE, putting together a specification for NVRAM
layout, algorithms for integrity checks and other relevant informati...
-
Feb 18, 2017
LD_PRELOAD is a useful feature of dynamic linker that enables overriding the behavior of a binary. This post explains
how attribute constructor and LD_PRELOAD might affect the behavior of the process after execve syscall.
-
Feb 11, 2017
I was recently analyzing the performance of DIRACBenchmark
after having seen a peculiar speed-up in the transition from Sandy Bridge/Ivy Bridge
architecture to Haswell/Broadwell. This benchmark basically generates a long
sequence of random numbers via Python random module and performs some
multiply and accumulate operations. What stood out after some initial
tests was a 50% improvement in runtime when switching from Xeon v2 to Xeon v3
processors. All the other benchmarks I was familiar with were showing ...
-
Nov 26, 2016
A collection of notes where I have recently tried to consolidate C++11 concepts such as move semantics, rvalue reference and forwarding,
showing how these features affect compile time and runtime behavior of C++ programs.
-
Sep 19, 2016
There is often a lot of counfusion around how directories are represented on the filesystem. This
post tries to clarify how ext4 uses dirent structure to store directory information.
-
Aug 27, 2016
devshell is a great feature implemented in Openembedded that allows to spawn
a cross-compilation terminal session that replicates the build time environment used
by bitbake. It allows to save a lot of time and headaches when packages fail to
compile. Here I have collected some notes on how devshell helped debug
a failure I came across when integrating lighttpd in my Raspberry Pi layer.
-
Aug 19, 2016
This is the second part of an investigation
to solve a data corruption issue encountered on a Gigabyte ARM64 R120-MP31 board.
In the first part I had a look at application, transport and data link layer.
In this second part I perform some tests to validate possible data corruption happening
in system RAM
-
Jul 24, 2016
This post is a collection of notes on the mechanisms that regulate
the creation and termination of a Python multiprocessing Process, investigating in
particular what happens when the interpreter terminates.
-
Jun 19, 2016
This post covers a network data corruption issue encountered on a Gigabyte ARM64 R120-MP31.
This first part is a summary of some initial tests I did at the transport layer (i.e. TCP checksums)
and at the data link layer (i.e. Ethernet CRC32).
-
Mar 20, 2016
This a collection of notes I have taken while debugging a regression of CERN PXE booting
infrastructure, which followed the update to PXELINUX 6.03. This investigation brought me down
the stack to the device firmware, reminding me of Eric Raymond’s “The Cathedral and the Bazaar”
and the problem of closed hardware drivers. The devices I was working with were not at End of Life,
however not having access to firmware code brought my turnaround time for finding a long term fix
from 24 hours to days. In the ...
-
Aug 17, 2015
This post covers a possible procedure to “snapshot” a Linux
installation based on a boot partition and three LVM logical volumes for root,
var and swap, which proves
useful when an identical environment must be reproduced on a different machine
sharing the same hardware configuration. One
of the requirements is to obtain the smallest possible “image”, so that it can
be easily transferred and rewritten on the second machine. Such a procedure does entail
a number of issues: all the machine specific paramet...
-
Aug 23, 2014
This post presents a proof of concept of an exploit for the Heartbleed bug.
With the exploit I attempted to steal the private keys from a local instance
using a vulnerable version of OpenSSL. I was unsuccessful, but it has proven
a very interesting experiment anyway.
-
Oct 7, 2013
This post covers the manual installation procedure of Gentoo Linux with
encrypted root and swap partitions using LUKS and dm_crypt on a legacy BIOS system.