pancake 

@pancake@infosec.exchange
1.6K Followers
530 Following
8.6K Posts
Also known as trufae, author of @radareorg 🌱
in catalan@pancake
Author ofhttps://radare.org
Tooting for r2@radareorg
pancake 3h ago
pancake 🌱🥞5h ago
One Step Beyond! #madness
pancake 5h ago
Roger Ferrer IbáñezJun 26

https://community.arm.com/arm-community-blogs/b/tools-software-ides-blog/posts/gcc-15-continuously-improving

#gcc #aarch64

GCC 15 Continuously Improving AArch64

GCC 15 brings major Arm optimizations: enhanced vectorization, FP8 support, Neoverse tuning, and 3–5% performance gains on SPEC CPU 2017.

pancake 5h ago
Eniko FoxJun 26
Kitsune Tails is 25% off right now in the Steam Summer Sale! https://store.steampowered.com/app/1325260/Kitsune_Tails/
Save 25% on Kitsune Tails on Steam

Run, jump, and dash across a land inspired by Japanese mythology and untangle the love triangle between three young women on a journey of self discovery. Explore the complicated relationships between kitsune and humans through classic platforming action.

pancake 5h ago
 radare Jun 26

🚨Friendly reminder: The #CFP for #r2con2025 is still OPEN! There's plenty of time before October 24th, but if you want to talk about anything related to #radare2, please submit your talk ASAP! ✨ Let’s make this edition even better! 🚀 #infosec

👉 https://radare.org/con/2025/

pancake 23h ago
cryptax1d ago

W32/SkyAI uses AI? So do I.

Read it here https://cryptax.medium.com/w32-skyai-uses-ai-so-do-i-d33f04d63534

What's in there?

- Where the malware loads the AI prompt, and what for. And why it fails.
- How to de-obfuscate strings
- Which URLs the malware contacts (beware)
- How to find the encryption key with AI
- How to extract (and decrypt) the embedded PE
- R2ai tips when curl argument is too long
- How the malware checks if it's on a VM
- How much this analysis cost.

Enjoy!

#malware #analysis #r2ai #skynet #topozuy #skyai #AI

W32/SkyAI uses AI? So do I. - @cryptax - Medium

A new sample, named W32/SkyAI (or Topozuy, or Skynet), has recently emerged, showing use of a AI prompt bypass attempt. Perfect occasion to look into with … r2ai! It’s the Radare2 plugin for…

Medium
pancake 1d ago
Funny FPU trick I discovered yesterday to detect arm64 or x86_64 architecture at runtime
pancake 1d ago
Delta Chat1d ago

Two of our teams just gave talks at the @passthesaltcon 2025 conference in Lille:

@Xeniax tells the story of "federated messaging" waves and her usable security research, emphasizing "availability" as a key issue
https://passthesalt.ubicast.tv/videos/always-more-secure-analyzing-user-migrations-to-federated-e2ee-messaging-apps-trimmed/ --

@hpk starts off with prioritizing usable security and walks through #chatmail transport layer security goals and #deltachat end-point security status, upcoming releases and prospective work on improving metadata and other goals
https://passthesalt.ubicast.tv/videos/usable-end-to-end-security-with-delta-chat-and-chatmail/

pancake 1d ago
Fpu emulation is too perfect nowadays that i cant find a way to trick them to detect it in assembly. Not even with exceptions or rosetta binary translations.
pancake 1d ago
Deno1d ago

Importing bytes and texts:
✅ adds to your module graph
✅ type checking
✅ works with deno bundle and deno compile

https://deno.com/blog/v2.4#importing-text-and-bytes

pancake 2d ago
Apple just verified their account in Threads. Still waiting for them to join the fediverse. But i have some good hopes when Mastodon integrates support for PDS to get more companies, govs and newsites to join, because I have the feeling these kind of accounts wont like to be associated to one specific instance now owned by them, but they dont really want to spend the resources to maintain their own instance
×
Ken ShirriffJun 20
Last week, the vintage IBM 1401 computer at the Computer History Museum started behaving strangely: it wouldn't halt. More specifically, if you had two HALT instructions in a row, it would halt for the first, but when you continued, it crashed mysteriously. Here's how we fixed it.... 1/N
Show threadKen ShirriffJun 20
The IBM 1401 computer lets you run code a single cycle at a time, so you can see what happens at each step. (The arrow on the control panel.) But when I tried to single-step through the bad HALT instruction, the computer immediately died in a distant memory location. Now we had two problems. 2/N
Show threadKen ShirriffJun 20
I hooked up an oscilloscope and discovered that the computer wasn't running a single instruction cycle. Instead, it ran a few cycles (the pulses below), stopped briefly, ran a few more, irregularly stopping and starting, "building up steam" until it ran thousands of cycles. But why this pattern?
Show threadKen ShirriffJun 20
You push the green START button on the console to start the computer after a HALT, and also to single-step it. Hmmm. For convenience, there's also a START button on the card reader and one on the printer. We found that everything worked fine with those buttons. Hmmm.
Show threadKen ShirriffJun 20
It turned out that the computer's START button had a strand of wire that shorted one of its contacts. As a result, it would keep re-starting as long as you held the button, blowing through the HALT or single-step until it crashed. The contacts bounced a bit, causing the random gaps we saw.
Show threadKen ShirriffJun 20

With the switch fixed, everything worked. At least until next time...

I worked on this with @CuriousMarc, @tubetime, Wren, Shmuel, and others.

I'll leave you with this documentation of the relevant circuitry with inscrutable IBM symbols.
end/N

Show threadjohn spurlingJun 20
@kenshirriff s/START/TURBO/g
Show threadStuart Longland (VK4MSL)Jun 20

@kenshirriff That wasn't a START button, that was a START MISBEHAVING button. In those days, dedicated hardware was needed to make the computer misbehave as software developers were too highly trained to do it purely in software.

These days we have that in software, especially if it's shipped from Redmond, Washington with the help of a large language model. ;-)

Show threadTim Ward ⭐🇪🇺🔶 #FBPEJun 20
@kenshirriff Ah, I was guessing a failed capacitor in the debouncing circuit.
Show threadKen ShirriffJun 20
@TimWardCam It turns out that the debouncing is more complicated than that. The switch is double-pole double-throw, with one contact turning it on and the other turning it off. So you're guaranteed not to bounce. Except if one contact is shorted.
Show threadpenguin42Jun 20
@kenshirriff Nice lo-tech fault!
Show threadConfusion as a ServiceJun 21
@kenshirriff This sounds similar to a bouncing switch, did those systems back then not have an RC circuit to prevent physical switches from sending multiple signal whent actuated ?
Show threadKen ShirriffJun 21
@CaaS
https://oldbytes.space/@kenshirriff/114715119149787896
Ken Shirriff (@kenshirriff@oldbytes.space)

@TimWardCam@c.im It turns out that the debouncing is more complicated than that. The switch is double-pole double-throw, with one contact turning it on and the other turning it off. So you're guaranteed not to bounce. Except if one contact is shorted.

OldBytes Space - Mastodon
Show threadprintf of persia 🇺🇦🇨🇿👃💨Jun 20
@kenshirriff as a bicycle repairman i can tell you it needs a little spit of wd-40 and will be like new in no time
Show threadMagnus AhltorpJun 20
@kenshirriff My favourite CPU is the PDP-10 KI CPU, that not only let you run single cycles and let you input instructions directly on the front panel, but let you load memory words onto the push buttons and *edit* memory content. I’ve never seen that on any other CPU.
Show threadKen ShirriffJun 20
@ahltorp The IBM 1401 lets you load memory from the toggle switches, which is convenient but tedious. Is this the same as what you're describing on the PDP-10?
Show threadMagnus AhltorpJun 20

@kenshirriff If you by toggle switches mean switches with two physical positions, then that was the switches on most DECs.

But this was push buttons with lamps, so you could actually load a word onto the buttons, only flip the individual bits you wanted changed, and then store it back to either the same or another location.

Show threadMagnus AhltorpJun 20
@kenshirriff The PDP-10 KI is also one of the few mainframes I’ve worked with. I was responsible for getting 2 KI CPUs working around 1998, although I didn’t do hardly any of the actual debugging and repairing myself.
Show threadAinsley LowbeerJun 21

@ahltorp @kenshirriff

My PiDP-10 replica, powered by a Raspberry Pi 5. All the switches work. It comes with ITS, TOPS-10 and TOPS-20 operating systems running on top of Linux. Very cool.

https://obsolescence.wixsite.com/obsolescence/pidp10

Show threadHoward Chu @ SymasJun 21
@ahltorp @kenshirriff I had a front panel for one of those as a kid. My brother fished it out of a dumpster at University of Detroit. We had it on a table in the basement with a large DC power supply. I'd poke around with alligator clips trying to find which wires lit up which buttons. Great fun pretending I had a computer to run.
Show threadbytebroJun 20

@ahltorp @kenshirriff

Gould SEL, late 70s, had similar.

Show threadJeff n1kdoJun 20
@kenshirriff My Dad programmed these things in the early 1960s at Liberty Mutual in Boston. Autocoder, I think. Possibly RPG.
Show threadSpaceLifeFormJun 20

@kenshirriff

Classic case of "You're holding it wrong"

Show threadHervé NicolJun 20
@kenshirriff I love the investigation story!
But what blows my mind is these machines are still running regularly, and fixed so quickly after an issue was found with them!
Show threadJun 20
@kenshirriff this is too obvious but i cannot resist: so you basically solved the halting problem?
Show threadMagnusJun 20
@kenshirriff
I wish there was such an easy way to find and fix the troubles I'm having with my smartphone.
Show threadJojokingJun 20

@kenshirriff

As a kid I rolled around on the floor and napped by these. I definately wanted a stack of hole punch cards but was thwarted at all turns.

I was not ready to be smacked with nostalgia in this manner.

Show threadextraforaJun 20

@kenshirriff “it wouldn't halt.”

Hustle culture is everywhere!

Show threadKen McLeodJun 20
@kenshirriff At least it didn't catch fire after the HALT.
Show threadRatanasecJun 20
@kenshirriff That's a fascinating look into old tech, thanks!