Recently, I’ve been looking at some existing tools to efficiently find bugs in the Julia language implementation: American Fuzzy Lop (AFL) for fuzzing the compiler, and C-Reduce for reducing test cases. In this post, I’ll detail the set-up and use of these tools. Skip to the bottom of this post for a demonstration.
Last week in Berkeley, there was the annual JuliaCon where I gave a couple of talks on the GPU infrastructure I have been working on.
Address sanitizer is a useful tool for debugging various memory problems, from invalid accesses to mismanagement or leaks. It is similar to Valgrind’s memcheck, but uses compile-time instrumentation to lower the cost.
In this post I’ll explain how to use Clang’s address sanitizer (or ASAN) with Julia. This is somewhat tricky, as the Julia compiler uses LLVM for code generation purposes. Long story short, this implies that all instances of LLVM (ie. the one Julia is compiled with, and the one used for code generation) have to match up exactly for the instrumentation to work as expected.
When dealing with disk images, the bmap-tool
project
is a godsend for writing said images to a physical device. Relying on an
accompanying bmap file, bmaptool skips unused data when copying an image.
Sadly, only few image providers bundle their images with the necessary bmap
information. Even though using bmaptool with plain images still pays off
(writing to devices is notably faster than a regular dd), most of its value is
lost.
I’ve recently been spending some time on building an enclosure for my Raspberry Pi-based sound system, replacing the ModMyPi case and micro-USB charger while upgrading the audio quality by using a dedicated DAC.
I started from a nice-looking example I found online, which features an inexpensive aluminum enclosure from eBay and a compact switching power supply to get rid of the external charger.
sudo is a popular program for executing commands as a substitute user, most of
the times root. For the purpose of user-friendliness, sudo caches the right
to elevate for several minutes. By hooking user-level library calls using
LD_PRELOAD and waiting until the user unlocks sudo, we can abuse this
caching mechanism and gain elevated access.
iptables doesn’t like torrent traffic. More specifically, its connection
tracker (dubbed conntrack) easily gets confused by connections to and from the
swarm. In order to get all traffic through, I decided to bypass connection
tracking for BitTorrent traffic, which has significantly improved my up- and
downloading speeds!
Nowadays, classroom performance systems seem to be all the rage. Likewise at my uni, where I came across the Turning Technologies RCRF-03 clicker. Having read Travis Goodspeed’s hack of the RCRF-01, I decided to have a go at the newer model. The goal of this hack is to extract and reverse-engineer the executed code, and subsequently sniff or forge votes (spoiler: I failed).
For the few last months, I have been working on CUDA support for the Julia language. It is now possible to write kernels in Julia and without much hassle execute them on a NVIDIA GPU, but there are still many limitations.
After switching my SSH server over from some random high port to tcp/22, I
have been seeing loads of brute-force activity trying to gain access. Even
though those attempts are futile, I don’t like the attention. Besides, who knows
what vulnerabilities may crop up yet.
In search for a good protection measure, I decided to avoid exposure of critical services through a layer of port knocking. Traditionally, one relies on special network traffic (sequence of connection attempts, specific packet with encrypted payload, …) to temporarily open up additional ports. However, generating such traffic is not user friendly (ie. requires some tool or script) and it can be hard getting it through strict firewalls.
© 2019. All rights reserved.