icy does git — site: 6d0bf98b955b511e8b1f61c4e7b43274ae8678f1

Syntax highlighting!

Signed-off-by: Anirudh <icyph0x@pm.me>

Anirudh icyph0x@pm.me

Sat, 23 Mar 2019 11:30:00 +0530

commit

6d0bf98b955b511e8b1f61c4e7b43274ae8678f1

parent

071fa3ed58a22a4909f357724fdf8fec433d8a47

7 files changed, 272 insertions(+), 122 deletions(-)

jump to

build/blog/break-the-ice/index.html

build/blog/python-for-re-1/index.html

build/static/syntax.css

pages/blog/break-the-ice.md

pages/blog/python-for-re-1.md

static/syntax.css

templates/text.html

M build/blog/break-the-ice/index.html → build/blog/break-the-ice/index.html

@@ -1,34 +1,35 @@ 
 <!DOCTYPE html>
 <html lang=en>
 <link rel="stylesheet" href="/static/style.css" type="text/css">
+<link rel="stylesheet" href="/static/syntax.css" type="text/css">
 <link rel="shortcut icon" type="images/x-icon" href="/static/favicon.ico">
-<meta content="Memeing security since forever." name=description>
+<meta content="Anirudh’s blog." name=description>
 <meta name="viewport" content="initial-scale=1">
 <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
 <meta content="#021012" name="theme-color">
 <meta name="HandheldFriendly" content="true">
 <meta name="twitter:card" content="summary_large_image">
 <meta name="twitter:site" content="@icyphox">
-<meta name="twitter:title" content="Anirudh">
-<meta name="twitter:description" content="Memeing security since forever.">
+<meta name="twitter:title" content="Blog">
+<meta name="twitter:description" content="Anirudh’s blog.">
 <meta name="twitter:image" content="/static/icyphox.png">
-<meta property="og:title" content="Anirudh">
+<meta property="og:title" content="Blog">
 <meta property="og:type" content="website">
-<meta property="og:description" content="Memeing security since forever.">
+<meta property="og:description" content="Anirudh’s blog.">
 <meta property="og:url" content="https://icyphox.sh">
 <meta property="og:image" content="/static/icyphox.png">
 <html>
   <title>
-    Anirudh
+    Blog
   </title>
 <script src="//instant.page/1.1.0" type="module" integrity="sha384-EwBObn5QAxP8f09iemwAJljc+sU+eUXeL9vSBw1eNmVarwhKk2F9vBEpaN9rsrtp"></script>
-<div class="container">
+<div class="container-text">
   <header class="header">
-    <a href="/">icyphox.sh</a> (<a href="https://github.com/icyphox/site">src</a>)
+     <a href="../">‹ back</a>
   </header>
-<body class="noselect"> 
-  <div class="introduction">
-    <h1 align="center">
+<body> 
+   <div class="content">
+    <div align="left">
       <h1>Break the Ice — Hardware CTF</h1>
 
 <h2>SecureLayer7’s hardware CTF at Nullcon ’19, Goa</h2>
@@ -219,7 +220,7 @@ 
 <pre><code>› mosquitto_pub -h 'm16.cloudmqtt.com' -p 17551  -t 'inTopic/web/test' -u 'hchzbuhr' -P 'Sz4plHnlVnHc' -m '(^.^)'
 </code></pre>
 
-<p><img src="1*W_iVf3vDf4UaelycMbvPvw.png" alt="UwU" /><em>UwU</em></p>
+<p><img src="1*W_iVf3vDf4UaelycMbvPvw.png" alt="UwU" /></p>
 
 <p>After messing around with this for quite a bit (as is evident from the screen behind), we tried sending the string ‘flag’ as our message and… <em>dramatic pause</em> we got what you’d expect.</p>
 
@@ -227,24 +228,11 @@ <p><img src="1*sO9vDtGgGjejxklF46gTlg.jpeg" alt="We were 10 days late, mind you" /><em>We were 10 days late, mind you</em></p>
 
 <h3>Conclusion</h3>
 
-<p>This was our first time playing a hardware CTF, and to be honest, there wasn’t <em>much *of “hacking” involved — at least by the word’s textbook definition. A lot of guesswork too, which made some parts of it excruciatingly painful to figure out. But all things considered, it was probably the most fun CTF I’ve played yet. Here’s a shoutout to the folks at SL7 for making this CTF *and</em> letting us keep the ESP :)</p>
+<p>This was our first time playing a hardware CTF, and to be honest, there wasn’t <em>much</em> of “hacking” involved — at least by the word’s textbook definition. A lot of guesswork too, which made some parts of it excruciatingly painful to figure out. But all things considered, it was probably the most fun CTF I’ve played yet. Here’s a shoutout to the folks at SL7 for making this CTF <em>and</em> letting us keep the ESP :)</p>
 
 <p>That’s it. The end.</p>
-
-    </h1>
+ 
+    </div>
+   </body>
    </div>
-
-    <div class="footer">
-      <div class="left">
-      &copy; 2019 — <a href="mailto:icyph0x@pm.me">icyph0x@pm.me</a>
-      </div>
-
-      <div class="right">
-        <a href="https://github.com/icyphox" target="_blank">GitHub</a>
-        <a href="https://twitter.com/icyphox" target="_blank">Twitter</a>
-        <a href="/blog" target="_blank">Blog</a>
-        <a href="/about" target="_blank">About</a>
-      </div>
-      </body>
-    </div>
 </html>

M build/blog/python-for-re-1/index.html → build/blog/python-for-re-1/index.html

@@ -1,6 +1,7 @@ 
 <!DOCTYPE html>
 <html lang=en>
 <link rel="stylesheet" href="/static/style.css" type="text/css">
+<link rel="stylesheet" href="/static/syntax.css" type="text/css">
 <link rel="shortcut icon" type="images/x-icon" href="/static/favicon.ico">
 <meta content="Anirudh’s blog." name=description>
 <meta name="viewport" content="initial-scale=1">
@@ -61,7 +62,7 @@ <span class="kt">int</span> <span class="nf">main</span><span class="p">()</span> <span class="p">{</span>
    <span class="kt">char</span> <span class="o">*</span><span class="n">pw</span> <span class="o">=</span> <span class="n">malloc</span><span class="p">(</span><span class="mi">9</span><span class="p">);</span>
    <span class="n">pw</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="o">=</span> <span class="sc">&#39;a&#39;</span><span class="p">;</span>
    <span class="k">for</span><span class="p">(</span><span class="kt">int</span> <span class="n">i</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="n">i</span> <span class="o">&lt;=</span> <span class="mi">8</span><span class="p">;</span> <span class="n">i</span><span class="o">++</span><span class="p">){</span>
-       <span class="n">pw</span><span class="p">[</span><span class="n">i</span><span class="p">]</span> <span class="o">=</span> <span class="n">pw</span><span class="p">[</span><span class="n">i</span> <span class="err">—</span> <span class="mi">1</span><span class="p">]</span> <span class="o">+</span> <span class="mi">1</span><span class="p">;</span>
+       <span class="n">pw</span><span class="p">[</span><span class="n">i</span><span class="p">]</span> <span class="o">=</span> <span class="n">pw</span><span class="p">[</span><span class="n">i</span> <span class="o">-</span> <span class="mi">1</span><span class="p">]</span> <span class="o">+</span> <span class="mi">1</span><span class="p">;</span>
    <span class="p">}</span>
    <span class="n">pw</span><span class="p">[</span><span class="mi">9</span><span class="p">]</span> <span class="o">=</span> <span class="sc">&#39;\0&#39;</span><span class="p">;</span>
    <span class="kt">char</span> <span class="o">*</span><span class="n">in</span> <span class="o">=</span> <span class="n">malloc</span><span class="p">(</span><span class="mi">10</span><span class="p">);</span>
@@ -92,78 +93,78 @@ 
 <span class="k">with</span> <span class="nb">open</span><span class="p">(</span><span class="s1">&#39;./chall.elf&#39;</span><span class="p">,</span> <span class="s1">&#39;rb&#39;</span><span class="p">)</span> <span class="k">as</span> <span class="n">f</span><span class="p">:</span>
     <span class="n">e</span> <span class="o">=</span> <span class="n">ELFFile</span><span class="p">(</span><span class="n">f</span><span class="p">)</span>
     <span class="k">for</span> <span class="n">section</span> <span class="ow">in</span> <span class="n">e</span><span class="o">.</span><span class="n">iter_sections</span><span class="p">():</span>
-        <span class="k">print</span><span class="p">(</span><span class="nb">hex</span><span class="p">(</span><span class="n">section</span><span class="p">[</span><span class="err">’</span><span class="n">sh_addr</span><span class="err">’</span><span class="p">]),</span> <span class="n">section</span><span class="o">.</span><span class="n">name</span><span class="p">)</span>
+        <span class="k">print</span><span class="p">(</span><span class="nb">hex</span><span class="p">(</span><span class="n">section</span><span class="p">[</span><span class="s1">&#39;sh_addr&#39;</span><span class="p">]),</span> <span class="n">section</span><span class="o">.</span><span class="n">name</span><span class="p">)</span>
 </code></pre></div>
 
 <p>This script iterates through all the sections and also shows us where it’s loaded. This will be pretty useful later. Running it gives us</p>
 
-<pre><code>› python sections.py
-0x238 .interp
-0x254 .note.ABI-tag
-0x274 .note.gnu.build-id
-0x298 .gnu.hash
-0x2c0 .dynsym
-0x3e0 .dynstr
-0x484 .gnu.version
-0x4a0 .gnu.version_r
-0x4c0 .rela.dyn
-0x598 .rela.plt
-0x610 .init
-0x630 .plt
-0x690 .plt.got
-0x6a0 .text
-0x8f4 .fini
-0x900 .rodata
-0x924 .eh_frame_hdr
-0x960 .eh_frame
-0x200d98 .init_array
-0x200da0 .fini_array
-0x200da8 .dynamic
-0x200f98 .got
-0x201000 .data
-0x201010 .bss
-0x0 .comment
-0x0 .symtab
-0x0 .strtab
-0x0 .shstrtab
-</code></pre>
+<div class="codehilite"><pre><span></span><code><span class="go">› python sections.py</span>
+<span class="go">0x238 .interp</span>
+<span class="go">0x254 .note.ABI-tag</span>
+<span class="go">0x274 .note.gnu.build-id</span>
+<span class="go">0x298 .gnu.hash</span>
+<span class="go">0x2c0 .dynsym</span>
+<span class="go">0x3e0 .dynstr</span>
+<span class="go">0x484 .gnu.version</span>
+<span class="go">0x4a0 .gnu.version_r</span>
+<span class="go">0x4c0 .rela.dyn</span>
+<span class="go">0x598 .rela.plt</span>
+<span class="go">0x610 .init</span>
+<span class="go">0x630 .plt</span>
+<span class="go">0x690 .plt.got</span>
+<span class="go">0x6a0 .text</span>
+<span class="go">0x8f4 .fini</span>
+<span class="go">0x900 .rodata</span>
+<span class="go">0x924 .eh_frame_hdr</span>
+<span class="go">0x960 .eh_frame</span>
+<span class="go">0x200d98 .init_array</span>
+<span class="go">0x200da0 .fini_array</span>
+<span class="go">0x200da8 .dynamic</span>
+<span class="go">0x200f98 .got</span>
+<span class="go">0x201000 .data</span>
+<span class="go">0x201010 .bss</span>
+<span class="go">0x0 .comment</span>
+<span class="go">0x0 .symtab</span>
+<span class="go">0x0 .strtab</span>
+<span class="go">0x0 .shstrtab</span>
+</code></pre></div>
 
 <p>Most of these aren’t relevant to us, but a few sections here are to be noted. The <code>.text</code> section contains the instructions (opcodes) that we’re after. The <code>.data</code> section should have strings and constants initialized at compile time. Finally, the <code>.plt</code> which is the Procedure Linkage Table and the <code>.got</code>, the Global Offset Table. If you’re unsure about what these mean, read up on the ELF format and its internals.</p>
 
 <p>Since we know that the <code>.text</code> section has the opcodes, let’s disassemble the binary starting at that address.</p>
 
-<pre><code># disas1.py
+<div class="codehilite"><pre><span></span><code><span class="c1"># disas1.py</span>
 
-from elftools.elf.elffile import ELFFile
-from capstone import *
+<span class="kn">from</span> <span class="nn">elftools.elf.elffile</span> <span class="kn">import</span> <span class="n">ELFFile</span>
+<span class="kn">from</span> <span class="nn">capstone</span> <span class="kn">import</span> <span class="o">*</span>
 
-with open('./bin.elf', 'rb') as f:
-    elf = ELFFile(f)
-    code = elf.get_section_by_name('.text')
-    ops = code.data()
-    addr = code['sh_addr']
-    md = Cs(CS_ARCH_X86, CS_MODE_64)
-    for i in md.disasm(ops, addr):        
-        print(f'0x{i.address:x}:\t{i.mnemonic}\t{i.op_str}')
-</code></pre>
+<span class="k">with</span> <span class="nb">open</span><span class="p">(</span><span class="s1">&#39;./bin.elf&#39;</span><span class="p">,</span> <span class="s1">&#39;rb&#39;</span><span class="p">)</span> <span class="k">as</span> <span class="n">f</span><span class="p">:</span>
+    <span class="n">elf</span> <span class="o">=</span> <span class="n">ELFFile</span><span class="p">(</span><span class="n">f</span><span class="p">)</span>
+    <span class="n">code</span> <span class="o">=</span> <span class="n">elf</span><span class="o">.</span><span class="n">get_section_by_name</span><span class="p">(</span><span class="s1">&#39;.text&#39;</span><span class="p">)</span>
+    <span class="n">ops</span> <span class="o">=</span> <span class="n">code</span><span class="o">.</span><span class="n">data</span><span class="p">()</span>
+    <span class="n">addr</span> <span class="o">=</span> <span class="n">code</span><span class="p">[</span><span class="s1">&#39;sh_addr&#39;</span><span class="p">]</span>
+    <span class="n">md</span> <span class="o">=</span> <span class="n">Cs</span><span class="p">(</span><span class="n">CS_ARCH_X86</span><span class="p">,</span> <span class="n">CS_MODE_64</span><span class="p">)</span>
+    <span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="n">md</span><span class="o">.</span><span class="n">disasm</span><span class="p">(</span><span class="n">ops</span><span class="p">,</span> <span class="n">addr</span><span class="p">):</span>        
+        <span class="k">print</span><span class="p">(</span><span class="n">f</span><span class="s1">&#39;0x{i.address:x}:</span><span class="se">\t</span><span class="s1">{i.mnemonic}</span><span class="se">\t</span><span class="s1">{i.op_str}&#39;</span><span class="p">)</span>
+</code></pre></div>
 
 <p>The code is fairly straightforward (I think). We should be seeing this, on running</p>
 
-<pre><code>› python disas1.py | less      
-0x6a0: xor ebp, ebp
-0x6a2: mov r9, rdx
-0x6a5: pop rsi
-0x6a6: mov rdx, rsp
-0x6a9: and rsp, 0xfffffffffffffff0
-0x6ad: push rax
-0x6ae: push rsp
-0x6af: lea r8, [rip + 0x23a]
-0x6b6: lea rcx, [rip + 0x1c3]
-0x6bd: lea rdi, [rip + 0xe6]
-**0x6c4: call qword ptr [rip + 0x200916]**
-0x6ca: hlt
-... snip ...
-</code></pre>
+<div class="codehilite"><pre><span></span><code><span class="go">› python disas1.py | less      </span>
+<span class="go">0x6a0: xor ebp, ebp</span>
+<span class="go">0x6a2: mov r9, rdx</span>
+<span class="go">0x6a5: pop rsi</span>
+<span class="go">0x6a6: mov rdx, rsp</span>
+<span class="go">0x6a9: and rsp, 0xfffffffffffffff0</span>
+<span class="go">0x6ad: push rax</span>
+<span class="go">0x6ae: push rsp</span>
+<span class="go">0x6af: lea r8, [rip + 0x23a]</span>
+<span class="go">0x6b6: lea rcx, [rip + 0x1c3]</span>
+<span class="go">0x6bd: lea rdi, [rip + 0xe6]</span>
+<span class="go">**0x6c4: call qword ptr [rip + 0x200916]**</span>
+<span class="go">0x6ca: hlt</span>
+<span class="go">... snip ...</span>
+</code></pre></div>
 
 <p>The line in bold is fairly interesting to us. The address at <code>[rip + 0x200916]</code> is equivalent to <code>[0x6ca + 0x200916]</code>, which in turn evaluates to <code>0x200fe0</code>. The first <code>call</code> being made to a function at <code>0x200fe0</code>? What could this function be?</p>
 
@@ -195,24 +196,24 @@ </code></pre></div>
 
 <p>Let’s run through this code real quick. We first loop through the sections, and check if it’s of the type <code>RelocationSection</code>. We then iterate through the relocations from the symbol table for each section. Finally, running this gives us</p>
 
-<pre><code>› python relocations.py
-.rela.dyn:
- 0x200d98
- 0x200da0
- 0x201008
-_ITM_deregisterTMCloneTable 0x200fd8
-**__libc_start_main 0x200fe0**
-__gmon_start__ 0x200fe8
-_ITM_registerTMCloneTable 0x200ff0
-__cxa_finalize 0x200ff8
-stdin 0x201010
-.rela.plt:
-puts 0x200fb0
-printf 0x200fb8
-fgets 0x200fc0
-strcmp 0x200fc8
-malloc 0x200fd0
-</code></pre>
+<div class="codehilite"><pre><span></span><code><span class="go">› python relocations.py</span>
+<span class="go">.rela.dyn:</span>
+<span class="go"> 0x200d98</span>
+<span class="go"> 0x200da0</span>
+<span class="go"> 0x201008</span>
+<span class="go">_ITM_deregisterTMCloneTable 0x200fd8</span>
+<span class="go">**__libc_start_main 0x200fe0**</span>
+<span class="go">__gmon_start__ 0x200fe8</span>
+<span class="go">_ITM_registerTMCloneTable 0x200ff0</span>
+<span class="go">__cxa_finalize 0x200ff8</span>
+<span class="go">stdin 0x201010</span>
+<span class="go">.rela.plt:</span>
+<span class="go">puts 0x200fb0</span>
+<span class="go">printf 0x200fb8</span>
+<span class="go">fgets 0x200fc0</span>
+<span class="go">strcmp 0x200fc8</span>
+<span class="go">malloc 0x200fd0</span>
+</code></pre></div>
 
 <p>Remember the function call at <code>0x200fe0</code> from earlier? Yep, so that was a call to the well known <code>__libc_start_main</code>. Again, according to <a href="http://refspecs.linuxbase.org/LSB_3.1.0/LSB-generic/LSB-generic/baselib---libc-start-main-.html">linuxbase.org</a></p>
 
@@ -222,13 +223,13 @@ </blockquote>
 
 <p>And its definition is like so</p>
 
-<pre><code>int __libc_start_main(int *(main) (int, char * *, char * *), 
-int argc, char * * ubp_av, 
-void (*init) (void), 
-void (*fini) (void), 
-void (*rtld_fini) (void), 
-void (* stack_end));
-</code></pre>
+<div class="codehilite"><pre><span></span><code><span class="kt">int</span> <span class="nf">__libc_start_main</span><span class="p">(</span><span class="kt">int</span> <span class="o">*</span><span class="p">(</span><span class="n">main</span><span class="p">)</span> <span class="p">(</span><span class="kt">int</span><span class="p">,</span> <span class="kt">char</span> <span class="o">*</span> <span class="o">*</span><span class="p">,</span> <span class="kt">char</span> <span class="o">*</span> <span class="o">*</span><span class="p">),</span> 
+<span class="kt">int</span> <span class="n">argc</span><span class="p">,</span> <span class="kt">char</span> <span class="o">*</span> <span class="o">*</span> <span class="n">ubp_av</span><span class="p">,</span> 
+<span class="kt">void</span> <span class="p">(</span><span class="o">*</span><span class="n">init</span><span class="p">)</span> <span class="p">(</span><span class="kt">void</span><span class="p">),</span> 
+<span class="kt">void</span> <span class="p">(</span><span class="o">*</span><span class="n">fini</span><span class="p">)</span> <span class="p">(</span><span class="kt">void</span><span class="p">),</span> 
+<span class="kt">void</span> <span class="p">(</span><span class="o">*</span><span class="n">rtld_fini</span><span class="p">)</span> <span class="p">(</span><span class="kt">void</span><span class="p">),</span> 
+<span class="kt">void</span> <span class="p">(</span><span class="o">*</span> <span class="n">stack_end</span><span class="p">));</span>
+</code></pre></div>
 
 <p>Looking back at our disassembly</p>

A build/static/syntax.css

@@ -0,0 +1,78 @@ 
+.codehilite .hll { background-color: #404040 }
+.codehilite  { background: #202020; color: #d0d0d0 }
+.codehilite .c { color: #999999; font-style: italic } /* Comment */
+.codehilite .err { color: #a61717; background-color: #e3d2d2 } /* Error */
+.codehilite .esc { color: #d0d0d0 } /* Escape */
+.codehilite .g { color: #d0d0d0 } /* Generic */
+.codehilite .k { color: #6ab825; font-weight: bold } /* Keyword */
+.codehilite .l { color: #d0d0d0 } /* Literal */
+.codehilite .n { color: #d0d0d0 } /* Name */
+.codehilite .o { color: #d0d0d0 } /* Operator */
+.codehilite .x { color: #d0d0d0 } /* Other */
+.codehilite .p { color: #d0d0d0 } /* Punctuation */
+.codehilite .ch { color: #999999; font-style: italic } /* Comment.Hashbang */
+.codehilite .cm { color: #999999; font-style: italic } /* Comment.Multiline */
+.codehilite .cp { color: #cd2828; font-weight: bold } /* Comment.Preproc */
+.codehilite .cpf { color: #999999; font-style: italic } /* Comment.PreprocFile */
+.codehilite .c1 { color: #999999; font-style: italic } /* Comment.Single */
+.codehilite .cs { color: #e50808; font-weight: bold; background-color: #520000 } /* Comment.Special */
+.codehilite .gd { color: #d22323 } /* Generic.Deleted */
+.codehilite .ge { color: #d0d0d0; font-style: italic } /* Generic.Emph */
+.codehilite .gr { color: #d22323 } /* Generic.Error */
+.codehilite .gh { color: #ffffff; font-weight: bold } /* Generic.Heading */
+.codehilite .gi { color: #589819 } /* Generic.Inserted */
+.codehilite .go { color: #cccccc } /* Generic.Output */
+.codehilite .gp { color: #aaaaaa } /* Generic.Prompt */
+.codehilite .gs { color: #d0d0d0; font-weight: bold } /* Generic.Strong */
+.codehilite .gu { color: #ffffff; text-decoration: underline } /* Generic.Subheading */
+.codehilite .gt { color: #d22323 } /* Generic.Traceback */
+.codehilite .kc { color: #6ab825; font-weight: bold } /* Keyword.Constant */
+.codehilite .kd { color: #6ab825; font-weight: bold } /* Keyword.Declaration */
+.codehilite .kn { color: #6ab825; font-weight: bold } /* Keyword.Namespace */
+.codehilite .kp { color: #6ab825 } /* Keyword.Pseudo */
+.codehilite .kr { color: #6ab825; font-weight: bold } /* Keyword.Reserved */
+.codehilite .kt { color: #6ab825; font-weight: bold } /* Keyword.Type */
+.codehilite .ld { color: #d0d0d0 } /* Literal.Date */
+.codehilite .m { color: #3677a9 } /* Literal.Number */
+.codehilite .s { color: #ed9d13 } /* Literal.String */
+.codehilite .na { color: #bbbbbb } /* Name.Attribute */
+.codehilite .nb { color: #24909d } /* Name.Builtin */
+.codehilite .nc { color: #447fcf; text-decoration: underline } /* Name.Class */
+.codehilite .no { color: #40ffff } /* Name.Constant */
+.codehilite .nd { color: #ffa500 } /* Name.Decorator */
+.codehilite .ni { color: #d0d0d0 } /* Name.Entity */
+.codehilite .ne { color: #bbbbbb } /* Name.Exception */
+.codehilite .nf { color: #447fcf } /* Name.Function */
+.codehilite .nl { color: #d0d0d0 } /* Name.Label */
+.codehilite .nn { color: #447fcf; text-decoration: underline } /* Name.Namespace */
+.codehilite .nx { color: #d0d0d0 } /* Name.Other */
+.codehilite .py { color: #d0d0d0 } /* Name.Property */
+.codehilite .nt { color: #6ab825; font-weight: bold } /* Name.Tag */
+.codehilite .nv { color: #40ffff } /* Name.Variable */
+.codehilite .ow { color: #6ab825; font-weight: bold } /* Operator.Word */
+.codehilite .w { color: #666666 } /* Text.Whitespace */
+.codehilite .mb { color: #3677a9 } /* Literal.Number.Bin */
+.codehilite .mf { color: #3677a9 } /* Literal.Number.Float */
+.codehilite .mh { color: #3677a9 } /* Literal.Number.Hex */
+.codehilite .mi { color: #3677a9 } /* Literal.Number.Integer */
+.codehilite .mo { color: #3677a9 } /* Literal.Number.Oct */
+.codehilite .sa { color: #ed9d13 } /* Literal.String.Affix */
+.codehilite .sb { color: #ed9d13 } /* Literal.String.Backtick */
+.codehilite .sc { color: #ed9d13 } /* Literal.String.Char */
+.codehilite .dl { color: #ed9d13 } /* Literal.String.Delimiter */
+.codehilite .sd { color: #ed9d13 } /* Literal.String.Doc */
+.codehilite .s2 { color: #ed9d13 } /* Literal.String.Double */
+.codehilite .se { color: #ed9d13 } /* Literal.String.Escape */
+.codehilite .sh { color: #ed9d13 } /* Literal.String.Heredoc */
+.codehilite .si { color: #ed9d13 } /* Literal.String.Interpol */
+.codehilite .sx { color: #ffa500 } /* Literal.String.Other */
+.codehilite .sr { color: #ed9d13 } /* Literal.String.Regex */
+.codehilite .s1 { color: #ed9d13 } /* Literal.String.Single */
+.codehilite .ss { color: #ed9d13 } /* Literal.String.Symbol */
+.codehilite .bp { color: #24909d } /* Name.Builtin.Pseudo */
+.codehilite .fm { color: #447fcf } /* Name.Function.Magic */
+.codehilite .vc { color: #40ffff } /* Name.Variable.Class */
+.codehilite .vg { color: #40ffff } /* Name.Variable.Global */
+.codehilite .vi { color: #40ffff } /* Name.Variable.Instance */
+.codehilite .vm { color: #40ffff } /* Name.Variable.Magic */
+.codehilite .il { color: #3677a9 } /* Literal.Number.Integer.Long */

M pages/blog/break-the-ice.md → pages/blog/break-the-ice.md

@@ -1,3 +1,7 @@ 
+---
+template: text.html
+---
+
 # Break the Ice — Hardware CTF
 
 ## SecureLayer7’s hardware CTF at Nullcon ’19, Goa
@@ -202,7 +206,7 @@ › mosquitto_pub -h 'm16.cloudmqtt.com' -p 17551  -t 'inTopic/web/test' -u 'hchzbuhr' -P 'Sz4plHnlVnHc' -m '(^.^)'
 ```
 
 
-![UwU](1*W_iVf3vDf4UaelycMbvPvw.png)*UwU*
+![UwU](1*W_iVf3vDf4UaelycMbvPvw.png)
 
 After messing around with this for quite a bit (as is evident from the screen behind), we tried sending the string ‘flag’ as our message and… *dramatic pause* we got what you’d expect.
 
@@ -210,6 +214,6 @@ ![We were 10 days late, mind you](1*sO9vDtGgGjejxklF46gTlg.jpeg)*We were 10 days late, mind you*
 
 ### Conclusion
 
-This was our first time playing a hardware CTF, and to be honest, there wasn’t *much *of “hacking” involved — at least by the word’s textbook definition. A lot of guesswork too, which made some parts of it excruciatingly painful to figure out. But all things considered, it was probably the most fun CTF I’ve played yet. Here’s a shoutout to the folks at SL7 for making this CTF *and* letting us keep the ESP :)
+This was our first time playing a hardware CTF, and to be honest, there wasn’t *much* of “hacking” involved — at least by the word’s textbook definition. A lot of guesswork too, which made some parts of it excruciatingly painful to figure out. But all things considered, it was probably the most fun CTF I’ve played yet. Here’s a shoutout to the folks at SL7 for making this CTF *and* letting us keep the ESP :)
 
 That’s it. The end.

M pages/blog/python-for-re-1.md → pages/blog/python-for-re-1.md

@@ -36,7 +36,7 @@ int main() {
    char *pw = malloc(9);
    pw[0] = 'a';
    for(int i = 1; i <= 8; i++){
-       pw[i] = pw[i — 1] + 1;
+       pw[i] = pw[i - 1] + 1;
    }
    pw[9] = '\0';
    char *in = malloc(10);
@@ -71,13 +71,13 @@ 
 with open('./chall.elf', 'rb') as f:
     e = ELFFile(f)
     for section in e.iter_sections():
-        print(hex(section[’sh_addr’]), section.name)
+        print(hex(section['sh_addr']), section.name)
 ```
 
 
 This script iterates through all the sections and also shows us where it’s loaded. This will be pretty useful later. Running it gives us
 
-```
+```console
 › python sections.py
 0x238 .interp
 0x254 .note.ABI-tag
@@ -114,7 +114,7 @@ Most of these aren’t relevant to us, but a few sections here are to be noted. The `.text` section contains the instructions (opcodes) that we’re after. The `.data` section should have strings and constants initialized at compile time. Finally, the `.plt` which is the Procedure Linkage Table and the `.got`, the Global Offset Table. If you’re unsure about what these mean, read up on the ELF format and its internals.
 
 Since we know that the `.text` section has the opcodes, let’s disassemble the binary starting at that address.
 
-```
+```python
 # disas1.py
 
 from elftools.elf.elffile import ELFFile
@@ -133,7 +133,7 @@ 
 
 The code is fairly straightforward (I think). We should be seeing this, on running
 
-```
+```console
 › python disas1.py | less      
 0x6a0: xor ebp, ebp
 0x6a2: mov r9, rdx
@@ -180,7 +180,7 @@ 
 
 Let’s run through this code real quick. We first loop through the sections, and check if it’s of the type `RelocationSection`. We then iterate through the relocations from the symbol table for each section. Finally, running this gives us
 
-```
+```console
 › python relocations.py
 .rela.dyn:
  0x200d98
@@ -206,7 +206,7 @@ > The `__libc_start_main()` function shall perform any necessary initialization of the execution environment, call the *main* function with appropriate arguments, and handle the return from `main()`. If the `main()` function returns, the return value shall be passed to the `exit()` function.
 
 And its definition is like so
 
-```
+```c
 int __libc_start_main(int *(main) (int, char * *, char * *), 
 int argc, char * * ubp_av, 
 void (*init) (void),

A static/syntax.css

@@ -0,0 +1,78 @@ 
+.codehilite .hll { background-color: #404040 }
+.codehilite  { background: #202020; color: #d0d0d0 }
+.codehilite .c { color: #999999; font-style: italic } /* Comment */
+.codehilite .err { color: #a61717; background-color: #e3d2d2 } /* Error */
+.codehilite .esc { color: #d0d0d0 } /* Escape */
+.codehilite .g { color: #d0d0d0 } /* Generic */
+.codehilite .k { color: #6ab825; font-weight: bold } /* Keyword */
+.codehilite .l { color: #d0d0d0 } /* Literal */
+.codehilite .n { color: #d0d0d0 } /* Name */
+.codehilite .o { color: #d0d0d0 } /* Operator */
+.codehilite .x { color: #d0d0d0 } /* Other */
+.codehilite .p { color: #d0d0d0 } /* Punctuation */
+.codehilite .ch { color: #999999; font-style: italic } /* Comment.Hashbang */
+.codehilite .cm { color: #999999; font-style: italic } /* Comment.Multiline */
+.codehilite .cp { color: #cd2828; font-weight: bold } /* Comment.Preproc */
+.codehilite .cpf { color: #999999; font-style: italic } /* Comment.PreprocFile */
+.codehilite .c1 { color: #999999; font-style: italic } /* Comment.Single */
+.codehilite .cs { color: #e50808; font-weight: bold; background-color: #520000 } /* Comment.Special */
+.codehilite .gd { color: #d22323 } /* Generic.Deleted */
+.codehilite .ge { color: #d0d0d0; font-style: italic } /* Generic.Emph */
+.codehilite .gr { color: #d22323 } /* Generic.Error */
+.codehilite .gh { color: #ffffff; font-weight: bold } /* Generic.Heading */
+.codehilite .gi { color: #589819 } /* Generic.Inserted */
+.codehilite .go { color: #cccccc } /* Generic.Output */
+.codehilite .gp { color: #aaaaaa } /* Generic.Prompt */
+.codehilite .gs { color: #d0d0d0; font-weight: bold } /* Generic.Strong */
+.codehilite .gu { color: #ffffff; text-decoration: underline } /* Generic.Subheading */
+.codehilite .gt { color: #d22323 } /* Generic.Traceback */
+.codehilite .kc { color: #6ab825; font-weight: bold } /* Keyword.Constant */
+.codehilite .kd { color: #6ab825; font-weight: bold } /* Keyword.Declaration */
+.codehilite .kn { color: #6ab825; font-weight: bold } /* Keyword.Namespace */
+.codehilite .kp { color: #6ab825 } /* Keyword.Pseudo */
+.codehilite .kr { color: #6ab825; font-weight: bold } /* Keyword.Reserved */
+.codehilite .kt { color: #6ab825; font-weight: bold } /* Keyword.Type */
+.codehilite .ld { color: #d0d0d0 } /* Literal.Date */
+.codehilite .m { color: #3677a9 } /* Literal.Number */
+.codehilite .s { color: #ed9d13 } /* Literal.String */
+.codehilite .na { color: #bbbbbb } /* Name.Attribute */
+.codehilite .nb { color: #24909d } /* Name.Builtin */
+.codehilite .nc { color: #447fcf; text-decoration: underline } /* Name.Class */
+.codehilite .no { color: #40ffff } /* Name.Constant */
+.codehilite .nd { color: #ffa500 } /* Name.Decorator */
+.codehilite .ni { color: #d0d0d0 } /* Name.Entity */
+.codehilite .ne { color: #bbbbbb } /* Name.Exception */
+.codehilite .nf { color: #447fcf } /* Name.Function */
+.codehilite .nl { color: #d0d0d0 } /* Name.Label */
+.codehilite .nn { color: #447fcf; text-decoration: underline } /* Name.Namespace */
+.codehilite .nx { color: #d0d0d0 } /* Name.Other */
+.codehilite .py { color: #d0d0d0 } /* Name.Property */
+.codehilite .nt { color: #6ab825; font-weight: bold } /* Name.Tag */
+.codehilite .nv { color: #40ffff } /* Name.Variable */
+.codehilite .ow { color: #6ab825; font-weight: bold } /* Operator.Word */
+.codehilite .w { color: #666666 } /* Text.Whitespace */
+.codehilite .mb { color: #3677a9 } /* Literal.Number.Bin */
+.codehilite .mf { color: #3677a9 } /* Literal.Number.Float */
+.codehilite .mh { color: #3677a9 } /* Literal.Number.Hex */
+.codehilite .mi { color: #3677a9 } /* Literal.Number.Integer */
+.codehilite .mo { color: #3677a9 } /* Literal.Number.Oct */
+.codehilite .sa { color: #ed9d13 } /* Literal.String.Affix */
+.codehilite .sb { color: #ed9d13 } /* Literal.String.Backtick */
+.codehilite .sc { color: #ed9d13 } /* Literal.String.Char */
+.codehilite .dl { color: #ed9d13 } /* Literal.String.Delimiter */
+.codehilite .sd { color: #ed9d13 } /* Literal.String.Doc */
+.codehilite .s2 { color: #ed9d13 } /* Literal.String.Double */
+.codehilite .se { color: #ed9d13 } /* Literal.String.Escape */
+.codehilite .sh { color: #ed9d13 } /* Literal.String.Heredoc */
+.codehilite .si { color: #ed9d13 } /* Literal.String.Interpol */
+.codehilite .sx { color: #ffa500 } /* Literal.String.Other */
+.codehilite .sr { color: #ed9d13 } /* Literal.String.Regex */
+.codehilite .s1 { color: #ed9d13 } /* Literal.String.Single */
+.codehilite .ss { color: #ed9d13 } /* Literal.String.Symbol */
+.codehilite .bp { color: #24909d } /* Name.Builtin.Pseudo */
+.codehilite .fm { color: #447fcf } /* Name.Function.Magic */
+.codehilite .vc { color: #40ffff } /* Name.Variable.Class */
+.codehilite .vg { color: #40ffff } /* Name.Variable.Global */
+.codehilite .vi { color: #40ffff } /* Name.Variable.Instance */
+.codehilite .vm { color: #40ffff } /* Name.Variable.Magic */
+.codehilite .il { color: #3677a9 } /* Literal.Number.Integer.Long */

M templates/text.html → templates/text.html

@@ -1,6 +1,7 @@ 
 <!DOCTYPE html>
 <html lang=en>
 <link rel="stylesheet" href="/static/style.css" type="text/css">
+<link rel="stylesheet" href="/static/syntax.css" type="text/css">
 <link rel="shortcut icon" type="images/x-icon" href="/static/favicon.ico">
 <meta content="Anirudh’s blog." name=description>
 <meta name="viewport" content="initial-scale=1">

all repos — site @ 6d0bf98b955b511e8b1f61c4e7b43274ae8678f1

source for my site, found at icyphox.sh