2021-09-29

Written by witch hat hacker πŸŽƒ spooky ver September 29, 2021

πŸ‰

since the post before the last one was literally in july (july??? what????) i figure this blog deserves some more Contentβ„’ than just one of my masto posts converted into a blog post

dog flopped on the ground going wait it's fucking weaday

defcon meowwolf conference

ok so basically there has also been august and september and tbh i don't think a whole lot of anything actually useful has happened

in august i went to DEF CON (registered trademark symbol Hacking Conference) which was massively scaled down because of covid but at least they attempted to do an in person thing which was still good tbh. more importantly i visited meow wolf's Omega Mart which was actually really good (honestly i'm willing to say the defcon trip was actually for omega mart, and defcon just happened to be going on at the same time πŸ˜›). omega mart is this sort of immersive art installation / mini ARG which you can see from the website is kinda .. well... there's something going on. i'm not going to spoil anything. it was a very very fun way to spend a couple hours of a saturday night (and then i stayed up the rest of that night trying to be the literally billionth person to hack the badge). going to stuff like defcon is always inspiring in terms of thinking about what kinds of tools and techniques i should be focusing on in order to improve the state of hacking. like, i want to do it faster, smarter, more efficiently, supporting workflows that are more ad-hoc and it always seems like that's potentially within reach. though since then i haven't really done anything or acted on any of the inspiration

building stuff (fake)

recently i started a new modded factorio game. i wanna try to slowly get through it, though with the angelbobs modset it is going to take a long time to get anywhere. there was also the fun time of dealing with setting up the headless factorio server on my server, which took a lot of fiddling but it does seem to work now

actually using the pinephone challenge (any%)

there's some other server maid tasks that need to get done. i want to move my ghidra server to the R710 and set up some sort of SSO-enabled authentication which would make it more convenient to use. jellyfin also still needs SSO, and i guess it would be nice to have etherpad moved as well but tbh that is kind of working fine on the apu2 where it is currently located. finally there's some data i need to sort through from the latest backup of important phone files that happened before my previous phone died, which i haven't done yet because the data is in a super annoying format. basically what happened with the phone is it kind of stopped working all of a sudden, like, one morning it would just not power on. i have inspected everything inside and run a lot of troubleshooting but nothing seems to be working. it won't even boot the qualcomm recovery mode, it just seems totally dead. i suspect this is a result of water damage over time since a few years ago i broke and subsequently replaced the glass over the phone's cameras, which may have been a botched job and allowed water to get it. though ultimately i have no idea what's going on with it. meanwhile i have been using the pinephone full time which i continue to do while i "look for a new android phone" despite the pinephone kind of sucking. basically i don't recommend it but it's what i'm doing right now. recently i broke the pinephone screen (i have this feeling that maybe the pinephone might just be more fragile than other phones. idk if that's well founded though. it's kind of hard to stop screens from breaking at the end of the day) and discovered the process of buying replacement parts for the thing and doing the replacement, which is surprisingly easy and most importantly pine64 will not sue you for repairing your own device. so that's one thing the pinephone has going for it, and it's really nice actually in a world of totally intentionally unrepairable phones everywhere which is definitely making things harder for people and generating lots of unnecessary ewaste. i may talk more in depth about the pinephone repair experience later. no promises though

computers theorem proving

i'm trying to get through software foundations (particularly logical foundations, and understanding coq) in part because my undergrad curriculum had this awful computers theorems class where i didn't really learn anything useful, and i feel like i actually need to know this stuff. coq is based on ocaml and made by the same people who made ocaml (the french national lab INRIA) and it's a theorem proving system that allows you to formalize basically any proof, checking that it's actually valid, while also making it easy to develop complex proofs using defined proof automation techniques (called tactics). coq was used to build CompCert, a formally verified C compiler, as well as develop one of the modern proofs of the 4 color theorem. and despite being a certified thembo i'm getting to be able to solve a lot of the challenging exercises in this book pretty quickly so that is good imo. it's also kind of weird because the whole book is written in coq, like the chapters are based on coq source code which has been rendered to web pages with coqdoc, such that the comments show up as markup and the code show up as code blocks. so with this you work directly in that file basically, you download their source package and write up the solutions in the source as you read the actual content of the book in the comments. i just thought that was kind of interesting

ctf????

there was actually a CTF somewhere in the past few weeks .... sometime .... and i made some writeups i think this one is probably the most interesting (also it's pwn and like, pwn is My category) it explains as an aside how to be able to write C that gets injected into a target process even though it wasn't strictly necessary here because you could have just shellcoded everything tbh. but it's still a useful thing to do when the stuff you need is too complicated to write in assembly and there's no pwntools wrapper for it either

doing more ctfs would probably be good but... motivation...

next month...

with october comes spooky season, which is always a welcome part of any year, as well as a special spooky season treat which is the second part of the new leverage season. i'm pretty ameowbongo about that and i'll definitely be posting abt it when it releases (maybe [no promises])

This article is under the CC-BY-SA license.

Log in, or use your Fediverse account to interact with this article

Comments

No comments yet. Be the first to react!