all repos — site @ 6db9f29b0c37eaa49b0005dda633d23b802b2e75

source for my site, found at icyphox.sh

Enable a whole bunch of extensions in markdown2

Signed-off-by: Anirudh <icyph0x@pm.me>
Anirudh icyph0x@pm.me
Sun, 23 Jun 2019 09:28:00 +0530
commit

6db9f29b0c37eaa49b0005dda633d23b802b2e75

parent

b29ab6388b0b78f485bff5360b2f6d8a2c4e236f

M build/about/index.htmlbuild/about/index.html

@@ -29,9 +29,9 @@ </header>

<body> <div class="content"> <div class="left"> - <h1>Hi, I’m Anirudh.</h1> + <h1 id="hi-im-anirudh">Hi, I’m Anirudh.</h1> -<p>But you'll see me as <a href="https://www.startpage.com/do/search?query=icyphox">icyphox</a> on the Internet. +<p>But you&#8217;ll see me as <a href="https://www.startpage.com/do/search?query=icyphox">icyphox</a> on the Internet. I’m doing my undergrad right now, majoring in CS. My primary interest is computer security, and more specifically — <strong>offensive security</strong> and <strong>digital forensics</strong>. On the less technical side of things, I love discussing <strong>operational security</strong> and <strong>tradecraft</strong>. I’m also a CTF player/security researcher at <a href="https://sector443.xyz">Sector443</a>, an infosec community at my University.

@@ -54,19 +54,19 @@ <li><a href="https://news.ycombinator.com/user?id=Icyphox">Hacker News</a></li>

<li><a href="https://steamcommunity.com/id/icyphox">Steam</a></li> </ul> -<h2>Contact</h2> +<h2 id="contact">Contact</h2> <p>My DMs on <a href="https://twitter.com/icyphox">Twitter</a> are open, so feel free to slide into them. Don’t use Twitter? Shoot me an <a href="mailto:icyph0x@pm.me">email</a>. If it’s something secret, here’s my <a href="https://keybase.io/icyphox">Keybase</a>.</p> <p>Want to <strong>hire me</strong>? I’m down for freelance security work. Here’s my <a href="https://x.icyphox.sh/resume.pdf">résumé</a>.</p> -<h2>This website</h2> +<h2 id="this-website">This website</h2> <p>The site itself is built using my own static site generator — <a href="https://github.com/icyphox/vite">vite</a>. </p> -<p>This site uses no cookies, and I'm generally not interested in any form of tracking/analytics. However, my DNS and SSL provider, CloudFlare, -does collect basic data like site hits and demographics. I've been meaning to get rid of it, but laziness has gotten the best of me. </p> +<p>This site uses no cookies, and I&#8217;m generally not interested in any form of tracking/analytics. However, my DNS and SSL provider, CloudFlare, +does collect basic data like site hits and demographics. I&#8217;ve been meaning to get rid of it, but laziness has gotten the best of me. </p> <p>The entirety of the content on my site is licensed under <a href="https://creativecommons.org/publicdomain/zero/1.0/">CC0 1.0 Universal</a>. The source code for the site is licensed under the <a href="https://opensource.org/licenses/MIT">MIT</a> license.</p>

@@ -77,6 +77,4 @@ </footer>

</div> </body> </div> - </html> -<script src="/static/smartquotes.js"></script> -<script>smartquotes()</script>+ </html>
M build/blog/index.htmlbuild/blog/index.html

@@ -29,7 +29,7 @@ </header>

<body class="noselect"> <div class="content"> <div align="left"> - <h1>Posts</h1> + <h1 id="posts">Posts</h1> <p>6 June, 2019 — <a href="/blog/rop-on-arm">Return Oriented Programming on ARM (32-bit)</a></p>

@@ -54,5 +54,3 @@ </div>

</body> </div> </html> -<script src="/static/smartquotes.js"></script> -<script>smartquotes()</script>
M build/blog/my-setup/index.htmlbuild/blog/my-setup/index.html

@@ -31,11 +31,11 @@ <body>

<div class="content"> <div align="left"> <p> 13 May, 2019 </p> - <h1>My Setup</h1> + <h1 id="my-setup">My Setup</h1> -<h2>My daily drivers — hardware and software</h2> +<h2 id="my-daily-drivers-hardware-and-software">My daily drivers — hardware and software</h2> -<h3>Hardware</h3> +<h3 id="hardware">Hardware</h3> <p>The only computer I have with me is my <a href="https://store.hp.com/us/en/mdp/laptops/envy-13">HP Envy 13 (2018)</a> (my model looks a little different). It’s a 13” ultrabook, with an i5 8250u, 8 gigs of RAM and a 256 GB NVMe SSD. It’s a very comfy machine that does everything I need it to.</p>

@@ -51,12 +51,12 @@

<p>For my music, I use the <a href="https://www.boseindia.com/en_in/products/headphones/over_ear_headphones/soundlink-around-ear-wireless-headphones-ii.html">Bose SoundLink II</a>. Great pair of headphones, although the ear cups need replacing.</p> -<h3>And the software</h3> +<h3 id="and-the-software">And the software</h3> <p><del>My distro of choice for the past ~1 year has been <a href="https://elementary.io">elementary OS</a>. I used to be an Arch Linux elitist, complete with an esoteric window manager, all riced. I now use whatever JustWorks™.</del></p> -<p><strong>Update</strong>: As of June 2019, I've switched over to a vanilla Debian 9 Stretch install, +<p><strong>Update</strong>: As of June 2019, I&#8217;ve switched over to a vanilla Debian 9 Stretch install, running <a href="https://i3wm.org">i3</a> as my window manager. If you want, you can dig through my configs at my <a href="https://github.com/icyphox/dotfiles">dotfiles</a> repo. </p> <p>Here’s a (riced) screenshot of my desktop. </p>

@@ -80,6 +80,4 @@

</div> </body> </div> -</html> -<script src="/static/smartquotes.js"></script> -<script>smartquotes()</script>+</html>
M build/blog/python-for-re-1/index.htmlbuild/blog/python-for-re-1/index.html

@@ -31,15 +31,15 @@ <body>

<div class="content"> <div align="left"> <p> 8 Feb, 2019 </p> - <h1>Python for Reverse Engineering 1: ELF Binaries</h1> + <h1 id="python-for-reverse-engineering-1-elf-binaries">Python for Reverse Engineering 1: ELF Binaries</h1> -<h2>Building your own disassembly tooling for — that’s right — fun and profit</h2> +<h2 id="building-your-own-disassembly-tooling-for-thats-right-fun-and-profit">Building your own disassembly tooling for — that’s right — fun and profit</h2> <p>While solving complex reversing challenges, we often use established tools like radare2 or IDA for disassembling and debugging. But there are times when you need to dig in a little deeper and understand how things work under the hood.</p> <p>Rolling your own disassembly scripts can be immensely helpful when it comes to automating certain processes, and eventually build your own homebrew reversing toolchain of sorts. At least, that’s what I’m attempting anyway.</p> -<h3>Setup</h3> +<h3 id="setup">Setup</h3> <p>As the title suggests, you’re going to need a Python 3 interpreter before anything else. Once you’ve confirmed beyond reasonable doubt that you do,

@@ -83,7 +83,7 @@

<div class="codehilite"><pre><span></span><code><span class="gp">$</span> gcc chall.c -o chall.elf </code></pre></div> -<h3>Scripting</h3> +<h3 id="scripting">Scripting</h3> <p>For starters, let’s look at the different sections present in the binary.</p>

@@ -216,7 +216,7 @@ <span class="go">strcmp 0x200fc8</span>

<span class="go">malloc 0x200fd0</span> </code></pre></div> -<p>Remember the function call at <code>0x200fe0</code> from earlier? Yep, so that was a call to the well known <code>__libc_start_main</code>. Again, according to <a href="http://refspecs.linuxbase.org/LSB_3.1.0/LSB-generic/LSB-generic/baselib---libc-start-main-.html">linuxbase.org</a></p> +<p>Remember the function call at <code>0x200fe0</code> from earlier? Yep, so that was a call to the well known <code>__libc_start_main</code>. Again, according to <a href="http://refspecs.linuxbase.org/LSB_3.1.0/LSB-generic/LSB-generic/baselib&#8212;libc-start-main-.html">linuxbase.org</a></p> <blockquote> <p>The <code>__libc_start_main()</code> function shall perform any necessary initialization of the execution environment, call the <em>main</em> function with appropriate arguments, and handle the return from <code>main()</code>. If the <code>main()</code> function returns, the return value shall be passed to the <code>exit()</code> function.</p>

@@ -307,9 +307,9 @@ </code></pre>

<p>I’m not sure why it uses <code>puts</code> here? I might be missing something; perhaps <code>printf</code> calls <code>puts</code>. I could be wrong. I also confirmed with radare2 that those locations are actually the strings “haha yes!” and “nah dude”.</p> -<p><strong>Update</strong>: It's because of compiler optimization. A <code>printf()</code> (in this case) is seen as a bit overkill, and hence gets simplified to a <code>puts()</code>.</p> +<p><strong>Update</strong>: It&#8217;s because of compiler optimization. A <code>printf()</code> (in this case) is seen as a bit overkill, and hence gets simplified to a <code>puts()</code>.</p> -<h3>Conclusion</h3> +<h3 id="conclusion">Conclusion</h3> <p>Wew, that took quite some time. But we’re done. If you’re a beginner, you might find this extremely confusing, or probably didn’t even understand what was going on. And that’s okay. Building an intuition for reading and grokking disassembly comes with practice. I’m no good at it either.</p>

@@ -320,6 +320,4 @@

</div> </body> </div> -</html> -<script src="/static/smartquotes.js"></script> -<script>smartquotes()</script>+</html>
M build/blog/rop-on-arm/index.htmlbuild/blog/rop-on-arm/index.html

@@ -31,9 +31,9 @@ <body>

<div class="content"> <div align="left"> <p> 05 June, 2019 </p> - <h1>Return Oriented Programming on ARM (32-bit)</h1> + <h1 id="return-oriented-programming-on-arm-32-bit">Return Oriented Programming on ARM (32-bit)</h1> -<h2>Making stack-based exploitation great again!</h2> +<h2 id="making-stack-based-exploitation-great-again">Making stack-based exploitation great again!</h2> <p>Before we start <em>anything</em>, you’re expected to know the basics of ARM assembly to follow along. I highly recommend

@@ -41,7 +41,7 @@ <a href="https://twitter.com/fox0x01">Azeria’s</a> series on <a href="https://azeria-labs.com/writing-arm-assembly-part-1/">ARM Assembly

Basics</a>. Once you’re comfortable with it, proceed with the next bit — environment setup.</p> -<h3>Setup</h3> +<h3 id="setup">Setup</h3> <p>Since we’re working with the ARM architecture, there are two options to go forth with: </p>

@@ -72,7 +72,7 @@ </code></pre></div>

<p>With that out of the way, here’s a quick run down of what ROP actually is.</p> -<h3>A primer on ROP</h3> +<h3 id="a-primer-on-rop">A primer on ROP</h3> <p>ROP or Return Oriented Programming is a modern exploitation technique that’s used to bypass protections like the <strong>NX bit</strong> (no-execute bit) and <strong>code sigining</strong>.

@@ -102,7 +102,7 @@

<p>Still don’t get it? Don’t fret, we’ll look at <em>actual</em> exploit code in a bit and hopefully that should put things into perspective.</p> -<h3>Exploring our binary</h3> +<h3 id="exploring-our-binary">Exploring our binary</h3> <p>Start by running it, and entering any arbitrary string. On entering a fairly large string, say, “A” × 20, we

@@ -148,7 +148,7 @@

<p>Now that we have an overview of what’s in the binary, let’s formulate a method of exploitation by messing around with inputs.</p> -<h3>Messing around with inputs :^)</h3> +<h3 id="messing-around-with-inputs">Messing around with inputs :^)</h3> <p>Back to <code>gdb</code>, hit <code>r</code> to run and pass in a patterned input, like in the screenshot.</p>

@@ -177,7 +177,7 @@ ourselves. If we allow <code>push {rll, lr}</code> (first instruction) to occur, the program will <code>pop</code>

those out after <code>winner</code> is done executing and we will no longer control where it jumps to.</p> -<p>So that didn’t do much, just prints out a string “Nothing much here...”. +<p>So that didn’t do much, just prints out a string “Nothing much here&#8230;”. But it <em>does</em> however, contain <code>system()</code>. Which somehow needs to be populated with an argument to do what we want (run a command, execute a shell, etc.).</p>

@@ -202,7 +202,7 @@ </code></pre>

<p>Clean and mean.</p> -<h3>The exploit</h3> +<h3 id="the-exploit">The exploit</h3> <p>To write the exploit, we’ll use Python and the absolute godsend of a library — <code>struct</code>. It allows us to pack the bytes of addresses to the endianness of our choice.

@@ -240,7 +240,7 @@ when the pipe closes, since there’s no input coming in from STDIN.

To get around this, we use <code>cat(1)</code> which allows us to relay input through it to the shell. Nifty trick.</p> -<h3>Conclusion</h3> +<h3 id="conclusion">Conclusion</h3> <p>This was a fairly basic challenge, with everything laid out conveniently. Actual ropchaining is a little more involved, with a lot more gadgets to be chained

@@ -251,6 +251,4 @@

</div> </body> </div> -</html> -<script src="/static/smartquotes.js"></script> -<script>smartquotes()</script>+</html>
M build/index.htmlbuild/index.html

@@ -29,7 +29,7 @@ </header>

<body class="noselect"> <div class="introduction"> <h1 align="center"> - <p><img src="/static/icynobg.svg" class="logo"></p> + <p><img src="/static/icynobg.svg&#8221; class="logo"></p> </h1> </div>

@@ -47,6 +47,4 @@ <a href="/about">About</a>

</div> </body> </div> -</html> -<script src="/static/smartquotes.js"></script> -<script>smartquotes()</script>+</html>
D build/static/smartquotes.js

@@ -1,1 +0,0 @@

-(function(a,b){'object'==typeof exports&&'object'==typeof module?module.exports=b():'function'==typeof define&&define.amd?define([],b):'object'==typeof exports?exports.smartquotes=b():a.smartquotes=b()})(this,function(){return function(a){function b(d){if(c[d])return c[d].exports;var e=c[d]={i:d,l:!1,exports:{}};return a[d].call(e.exports,e,e.exports,b),e.l=!0,e.exports}var c={};return b.m=a,b.c=c,b.d=function(a,c,d){b.o(a,c)||Object.defineProperty(a,c,{configurable:!1,enumerable:!0,get:d})},b.n=function(a){var c=a&&a.__esModule?function(){return a['default']}:function(){return a};return b.d(c,'a',c),c},b.o=function(a,b){return Object.prototype.hasOwnProperty.call(a,b)},b.p='',b(b.s=3)}([function(a,b,c){'use strict';var d=c(1);a.exports=function(a,b){return b=b||{},d.forEach(function(c){var d='function'==typeof c[1]?c[1](b.retainLength):c[1];a=a.replace(c[0],d)}),a}},function(a){'use strict';a.exports=[[/'''/g,function(a){return'\u2034'+(a?'\u2063\u2063':'')}],[/(\W|^)"(\w)/g,'$1\u201C$2'],[/(\u201c[^"]*)"([^"]*$|[^\u201c"]*\u201c)/g,'$1\u201D$2'],[/([^0-9])"/g,'$1\u201D'],[/''/g,function(a){return'\u2033'+(a?'\u2063':'')}],[/(\W|^)'(\S)/g,'$1\u2018$2'],[/([a-z])'([a-z])/ig,'$1\u2019$2'],[/(\u2018)([0-9]{2}[^\u2019]*)(\u2018([^0-9]|$)|$|\u2019[a-z])/ig,'\u2019$2$3'],[/((\u2018[^']*)|[a-z])'([^0-9]|$)/ig,'$1\u2019$3'],[/(\B|^)\u2018(?=([^\u2018\u2019]*\u2019\b)*([^\u2018\u2019]*\B\W[\u2018\u2019]\b|[^\u2018\u2019]*$))/ig,'$1\u2019'],[/"/g,'\u2033'],[/'/g,'\u2032']]},function(a,b,c){'use strict';function d(a){if(-1===['CODE','PRE','SCRIPT','STYLE'].indexOf(a.nodeName.toUpperCase())){var b,c,h,i='',j=a.childNodes,k=[];for(b=0;b<j.length;b++)c=j[b],c.nodeType===g||'#text'===c.nodeName?(k.push([c,i.length]),i+=c.nodeValue||c.value):c.childNodes&&c.childNodes.length&&(i+=d(c));for(b in i=f(i,{retainLength:!0}),k)h=k[b],h[0].nodeValue?h[0].nodeValue=e(i,h[0].nodeValue,h[1]):h[0].value&&(h[0].value=e(i,h[0].value,h[1]));return i}}function e(a,b,c){return a.substr(c,b.length).replace('\u2063','')}var f=c(0),g='undefined'!=typeof Element&&Element.TEXT_NODE||3;a.exports=function(a){return d(a),a}},function(a,b,c){'use strict';function d(a){return'undefined'!=typeof document&&'undefined'==typeof a?(g.runOnReady(function(){return f(document.body)}),d):'string'==typeof a?h(a):f(a)}var e=c(1),f=c(2),g=c(4),h=c(0);a.exports=d,a.exports.string=h,a.exports.element=f,a.exports.replacements=e,a.exports.listen=g},function(a,b,c){'use strict';function d(a){var b=new MutationObserver(function(a){a.forEach(function(a){var b,c=!0,d=!1;try{for(var f,g,h=a.addedNodes[Symbol.iterator]();!(c=(f=h.next()).done);c=!0)g=f.value,e(g)}catch(a){d=!0,b=a}finally{try{!c&&h.return&&h.return()}finally{if(d)throw b}}})});return d.runOnReady(function(){b.observe(a||document.body,{childList:!0,subtree:!0})}),b}var e=c(2),f=c(0);d.runOnReady=function(a){if('loading'!==document.readyState)a();else if(document.addEventListener)document.addEventListener('DOMContentLoaded',a,!1);else var b=setInterval(function(){'loading'!==document.readyState&&(clearInterval(b),a())},10)},a.exports=d}])});
D static/smartquotes.js

@@ -1,1 +0,0 @@

-(function(a,b){'object'==typeof exports&&'object'==typeof module?module.exports=b():'function'==typeof define&&define.amd?define([],b):'object'==typeof exports?exports.smartquotes=b():a.smartquotes=b()})(this,function(){return function(a){function b(d){if(c[d])return c[d].exports;var e=c[d]={i:d,l:!1,exports:{}};return a[d].call(e.exports,e,e.exports,b),e.l=!0,e.exports}var c={};return b.m=a,b.c=c,b.d=function(a,c,d){b.o(a,c)||Object.defineProperty(a,c,{configurable:!1,enumerable:!0,get:d})},b.n=function(a){var c=a&&a.__esModule?function(){return a['default']}:function(){return a};return b.d(c,'a',c),c},b.o=function(a,b){return Object.prototype.hasOwnProperty.call(a,b)},b.p='',b(b.s=3)}([function(a,b,c){'use strict';var d=c(1);a.exports=function(a,b){return b=b||{},d.forEach(function(c){var d='function'==typeof c[1]?c[1](b.retainLength):c[1];a=a.replace(c[0],d)}),a}},function(a){'use strict';a.exports=[[/'''/g,function(a){return'\u2034'+(a?'\u2063\u2063':'')}],[/(\W|^)"(\w)/g,'$1\u201C$2'],[/(\u201c[^"]*)"([^"]*$|[^\u201c"]*\u201c)/g,'$1\u201D$2'],[/([^0-9])"/g,'$1\u201D'],[/''/g,function(a){return'\u2033'+(a?'\u2063':'')}],[/(\W|^)'(\S)/g,'$1\u2018$2'],[/([a-z])'([a-z])/ig,'$1\u2019$2'],[/(\u2018)([0-9]{2}[^\u2019]*)(\u2018([^0-9]|$)|$|\u2019[a-z])/ig,'\u2019$2$3'],[/((\u2018[^']*)|[a-z])'([^0-9]|$)/ig,'$1\u2019$3'],[/(\B|^)\u2018(?=([^\u2018\u2019]*\u2019\b)*([^\u2018\u2019]*\B\W[\u2018\u2019]\b|[^\u2018\u2019]*$))/ig,'$1\u2019'],[/"/g,'\u2033'],[/'/g,'\u2032']]},function(a,b,c){'use strict';function d(a){if(-1===['CODE','PRE','SCRIPT','STYLE'].indexOf(a.nodeName.toUpperCase())){var b,c,h,i='',j=a.childNodes,k=[];for(b=0;b<j.length;b++)c=j[b],c.nodeType===g||'#text'===c.nodeName?(k.push([c,i.length]),i+=c.nodeValue||c.value):c.childNodes&&c.childNodes.length&&(i+=d(c));for(b in i=f(i,{retainLength:!0}),k)h=k[b],h[0].nodeValue?h[0].nodeValue=e(i,h[0].nodeValue,h[1]):h[0].value&&(h[0].value=e(i,h[0].value,h[1]));return i}}function e(a,b,c){return a.substr(c,b.length).replace('\u2063','')}var f=c(0),g='undefined'!=typeof Element&&Element.TEXT_NODE||3;a.exports=function(a){return d(a),a}},function(a,b,c){'use strict';function d(a){return'undefined'!=typeof document&&'undefined'==typeof a?(g.runOnReady(function(){return f(document.body)}),d):'string'==typeof a?h(a):f(a)}var e=c(1),f=c(2),g=c(4),h=c(0);a.exports=d,a.exports.string=h,a.exports.element=f,a.exports.replacements=e,a.exports.listen=g},function(a,b,c){'use strict';function d(a){var b=new MutationObserver(function(a){a.forEach(function(a){var b,c=!0,d=!1;try{for(var f,g,h=a.addedNodes[Symbol.iterator]();!(c=(f=h.next()).done);c=!0)g=f.value,e(g)}catch(a){d=!0,b=a}finally{try{!c&&h.return&&h.return()}finally{if(d)throw b}}})});return d.runOnReady(function(){b.observe(a||document.body,{childList:!0,subtree:!0})}),b}var e=c(2),f=c(0);d.runOnReady=function(a){if('loading'!==document.readyState)a();else if(document.addEventListener)document.addEventListener('DOMContentLoaded',a,!1);else var b=setInterval(function(){'loading'!==document.readyState&&(clearInterval(b),a())},10)},a.exports=d}])});
M templates/about.htmltemplates/about.html

@@ -37,5 +37,3 @@ </div>

</body> </div> </html> -<script src="/static/smartquotes.js"></script> -<script>smartquotes()</script>
M templates/blogindex.htmltemplates/blogindex.html

@@ -47,5 +47,4 @@ </div>

</body> </div> </html> -<script src="/static/smartquotes.js"></script> -<script>smartquotes()</script> +
M templates/index.htmltemplates/index.html

@@ -47,5 +47,3 @@ </div>

</body> </div> </html> -<script src="/static/smartquotes.js"></script> -<script>smartquotes()</script>
M templates/text.htmltemplates/text.html

@@ -36,5 +36,3 @@ </div>

</body> </div> </html> -<script src="/static/smartquotes.js"></script> -<script>smartquotes()</script>