duck

@[email protected]
92 Followers
271 Following
39 Posts
unwinding your stack
GitHubhttps://github.com/qua3k
hoteltrivago
duckMar 30, 2024
q3k Mar 30, 2024
I would like to thank Jia Tan for authoring the best CTF challenge of the past decade.
duckJan 7, 2024

Been working on the Rust allocator recently; ended up delving into the aliasing model with stacked/tree borrows. It’s difficult to write sound multithreaded code with references in the presence of raw pointers, and the lack of view types make for unergonomic code under the strict stacked borrows

The per-location tracking of tree borrows is necessary to be able to use references in a sane way at all without prolific, infectious use of raw pointers that eliminate the utility of the borrow checker. I’d really like to see tree borrows model see wider adoption, especially for allocator authors.

xposted from https://bsky.app/profile/quack.bsky.social/post/3kiein3pftf2h

duck (@quack.bsky.social)

Been working on the Rust allocator recently; ended up delving into the aliasing model with stacked/tree borrows. It’s difficult to write sound multithreaded code with references in the presence of raw pointers, and the lack of view types make for unergonomic code under the strict stacked borrows…

Bluesky Social
duckNov 27, 2023
Alex BradburyNov 26, 2023
I wrote a little blog post on storing data in pointers - initially motivated by documenting the impact of >48-bit virtual addresses on such tricks and the various available hardware pointer masking schemes https://muxup.com/2023q4/storing-data-in-pointers Any corrections or additional notes, do let me know!
Storing data in pointers

Some notes on storing data in pointers and the impact of >48-bit virtual addresses

Muxup
duckAug 8, 2023
yomnaAug 8, 2023
If you're interested in learning how to secure your phone against IMSI-catcher type attacks, here's a blog post covering my team and I's work on Android cellular security features over the last ~3 years https://security.googleblog.com/2023/08/android-14-introduces-first-of-its-kind.html
Android 14 introduces first-of-its-kind cellular connectivity security features

Posted by Roger Piqueras Jover, Yomna Nasser, and Sudhi Herle Android is the first mobile operating system to introduce advanced cellular...

Google Online Security Blog
duckMar 31, 2023
FélixMar 25, 2023
It’s been years in the making and we’re finally ready to show the world: don’t miss Yeoul’s EuroLLVM keynote, “-fbounds-safety: enforcing bounds safety for production C code”! https://discourse.llvm.org/t/the-2023-eurollvm-program/69514
The 2023 EuroLLVM Program

The LLVM Foundation is pleased to announce the 2023 EuroLLVM Program! As a reminder, Early Bird Registration ends on April 10th. Keynote Speaker Order out of Chaos, The LLVM Release Process. Tobias Hieta “-fbounds-safety”: Enforcing bounds safety for production C code Yeoul Na Technical Talk Speaker An example of data flow analysis in MLIR Tom Eccles MLIR-based offline memory planning and other graph-level optimizations for xcore.ai Deepak Panickal A Rusty CHERI: Th...

LLVM Discussion Forums
duckMar 23, 2023
All this talk about code generation with LLMs but I’ve yet to see LLVM but with ChatGPT smh
duckJan 13, 2023
Ivan FratricJan 12, 2023
New Project Zero blog post in which I dissect Apple DER-encoded entitlements and tell a story about how I found a fun (albeit short-lived) bug in the way they were decoded. https://googleprojectzero.blogspot.com/2023/01/der-entitlements-brief-return-of.html
DER Entitlements: The (Brief) Return of the Psychic Paper

Posted by Ivan Fratric, Project Zero Note: The vulnerability discussed here, CVE-2022-42855, was fixed in iOS 15.7.2 and macOS Monte...

duckJan 10, 2023
Thomas H. PtacekJan 9, 2023

This is, without loss of generality, the funniest fucking thing.

https://breakingthe3ma.app/files/Threema-PST22.pdf

So as is standard with these kinds of papers we start by laying out roughly how Threema works. There’s 2 protocols we care about: the E2E “inner” protocol that runs between Threema users, and the C2S “outer” protocol that runs between users and the Threema server.

One reason I’ve never paid much attention to Threema is that it sorta notoriously uses the NaCl primitives (crypto_box in particular) for it’s crypto, so I assumed it’d be boring (= BAD ASSUMPTION).

So I’m like a couple grafs in to how the E2E protocol works and… they’re PKCS7 padding? PKCS7 is what you do in CBC mode; like, if I’m 3 bytes short of a full AES block, I pad with 03h 03h 03h. And I’m thinking to myself: you don’t need anything like this with a NaCl-style AEAD.

This is clearly Chekhov’s PKCS7 padding…

duckJan 6, 2023
Saar AmarDec 31, 2022

New blogpost! I put together a thorough survey of security mitigations and architectures from the past few years.

Hardware solutions, software mitigations, and safe languages. CHERI, MTE, Rust, Swift, kalloc_type, Firebloom, GuardedMemcpy, CastGuard, and more! https://saaramar.github.io/memory_safety_blogpost_2022/

Survey of security mitigations and architectures, December 2022

memory_safety_blogpost_2022
duckJan 1, 2023
Happy new year!