maleadt     posts     about

Bugs in Julia with AFL and C-Reduce

Recently, I’ve been looking at some existing tools to efficiently find bugs in the Julia language implementation: American Fuzzy Lop (AFL) for fuzzing the compiler, and C-Reduce for reducing test cases. In this post, I’ll detail the set-up and use of these tools. Skip to the bottom of this post for a demonstration.

Click here to read more

JuliaCon'17

Last week in Berkeley, there was the annual JuliaCon where I gave a couple of talks on the GPU infrastructure I have been working on.

Click here to read more

Debugging Julia with Address Sanitizer

Address sanitizer is a useful tool for debugging various memory problems, from invalid accesses to mismanagement or leaks. It is similar to Valgrind’s memcheck, but uses compile-time instrumentation to lower the cost.

In this post I’ll explain how to use Clang’s address sanitizer (or ASAN) with Julia. This is somewhat tricky, as the Julia compiler uses LLVM for code generation purposes. Long story short, this implies that all instances of LLVM (ie. the one Julia is compiled with, and the one used for code generation) have to match up exactly for the instrumentation to work as expected.

Click here to read more

Generating bmap information from images

When dealing with disk images, the bmap-tool project is a godsend for writing said images to a physical device. Relying on an accompanying bmap file, bmaptool skips unused data when copying an image. Sadly, only few image providers bundle their images with the necessary bmap information. Even though using bmaptool with plain images still pays off (writing to devices is notably faster than a regular dd), most of its value is lost.

Click here to read more

Raspberry Pi music server

I’ve recently been spending some time on building an enclosure for my Raspberry Pi-based sound system, replacing the ModMyPi case and micro-USB charger while upgrading the audio quality by using a dedicated DAC.

I started from a nice-looking example I found online, which features an inexpensive aluminum enclosure from eBay and a compact switching power supply to get rid of the external charger.

Click here to read more

sudo — local privilege escalation

sudo is a popular program for executing commands as a substitute user, most of the times root. For the purpose of user-friendliness, sudo caches the right to elevate for several minutes. By hooking user-level library calls using LD_PRELOAD and waiting until the user unlocks sudo, we can abuse this caching mechanism and gain elevated access.

Click here to read more

Bypassing connection tracking for BitTorrent traffic

iptables doesn’t like torrent traffic. More specifically, its connection tracker (dubbed conntrack) easily gets confused by connections to and from the swarm. In order to get all traffic through, I decided to bypass connection tracking for BitTorrent traffic, which has significantly improved my up- and downloading speeds!

Click here to read more

Reversing the RCRF-03 clicker

Nowadays, classroom performance systems seem to be all the rage. Likewise at my uni, where I came across the Turning Technologies RCRF-03 clicker. Having read Travis Goodspeed’s hack of the RCRF-01, I decided to have a go at the newer model. The goal of this hack is to extract and reverse-engineer the executed code, and subsequently sniff or forge votes (spoiler: I failed).

Click here to read more

Compiling Julia for NVIDIA GPUs

For the few last months, I have been working on CUDA support for the Julia language. It is now possible to write kernels in Julia and without much hassle execute them on a NVIDIA GPU, but there are still many limitations. As I unexpectedly won’t have much time to work on this anymore, I’m publishing and documenting my work already.

Click here to read more

Knocking ports from your browser

After switching my SSH server over from some random high port to tcp/22, I have been seeing loads of brute-force activity trying to gain access. Even though those attempts are futile, I don’t like the attention. Besides, who knows what vulnerabilities may crop up yet.

In search for a good protection measure, I decided to avoid exposure of critical services through a layer of port knocking. Traditionally, one relies on special network traffic (sequence of connection attempts, specific packet with encrypted payload, …) to temporarily open up additional ports. However, generating such traffic is not user friendly (ie. requires some tool or script) and it can be hard getting it through strict firewalls.

Click here to read more