Skip to content

Instantly share code, notes, and snippets.

View jakiki6's full-sized avatar
🐱

Laura Kirsch jakiki6

🐱
  • Germany
  • 01:52 (UTC +01:00)
View GitHub Profile

Updates (September 1st, 2024)

Now that I finally have a good handle on things now I wanted to give a little update as I work my way back.

  • I'm essentially working three jobs right now.
  • I've left my former "main" job. Depending on how this works out I may have free time again as I'll be work from home, kinda... I'll be able to have a console/monitor with me at "work" at the least. As time goes on my free time will go up especially after next summer. The only issue is it's a HUGE, ~50%, pay decease which effects how bad the next two points hit...
  • I may have ~$300k in taxes to pay to try and keep my late family's property in the family. That's not "tax on $300k worth of assets" but "owing $300k"
  • My computer that's been on it's last leg for a long time. Now it is randomly crashing and it appears to be a hardware issue. It's an all in one device, a Surface Pro, that's all soldered together so I can't just start swapping parts. Because of the unknown bill coming up I can't spend any money on anything n
---
- hosts: all:!localhost
gather_facts: no
tasks:
- name: run vulnerabilty check script
ansible.builtin.script: CVE-2024-3094_check.sh
register: cmd_result
- name: get version of
ansible.builtin.shell: apt-cache policy liblzma5
register: version_of_liblzma5
There appears to be a string encoded in the binary payload:
https://gist.github.com/q3k/af3d93b6a1f399de28fe194add452d01#file-hashes-txt-L115
Which functions as a killswitch:
https://piaille.fr/@zeno/112185928685603910
Thus, one workaround for affected systems might be to add this to `/etc/environment`:
```
@thesamesam
thesamesam / xz-backdoor.md
Last active November 4, 2024 18:32
xz-utils backdoor situation (CVE-2024-3094)

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Background

On March 29th, 2024, a backdoor was discovered in xz-utils, a suite of software that

@TuxSH
TuxSH / k11_latest_n3ds.cpp
Last active November 4, 2024 23:44
Complete 3DS kernel decompilation (11.14-latest N3DS Kernel11, with labels for all symbols, and comments)
This file has been truncated, but you can view the full file.
/* This file was generated by the Hex-Rays decompiler.
Copyright (c) 2007-2020 Hex-Rays <[email protected]>
Detected compiler: GNU C++
*/
#include <defs.h>
//-------------------------------------------------------------------------
#define FOR(i, n) for (i = 0; i < n; ++i)
#define ROL(a, o) ((((u64)a) << o) ^ (((u64)a) >> (64 - o)))
#define rL(x, y) load64((u8*)s + 8 * (x + 5 * y))
#define wL(x, y, l) store64((u8*)s + 8 * (x + 5 * y), l)
#define XL(x, y, l) xor64((u8*)s + 8 * (x + 5 * y), l)
typedef unsigned char u8;
typedef unsigned long long int u64;
typedef unsigned int ui;
#include <stdio.h>
#include <gmp.h>
void binary_split(mpz_t a, mpz_t b, mpz_t Pab, mpz_t Qab, mpz_t Rab) {
mpz_t c;
mpz_init(c);
mpz_add_ui(c, a, 1);
if (mpz_cmp(b, c) == 0) {
mpz_mul_ui(Pab, a, 6);
import math
def _pair(x, y):
return (((x + y) * (x + y + 1)) >> 1) + y
def decode(s):
states = []
for state in s.split("_"):
e0 = [int(state[0]), state[1].lower(), ord(state[2].lower()) - 97]
if e0[2] == 25:
import struct, time
## This experiment demonstrates that the claimed "hash" (that is not a hash) used
## by the L2 cache ECC debug feature used by Operation Triangulation is not secure,
## and can be trivially reverse engineered by anyone who owns one of the machines
## with the hardware (such as any M1 Mac), in seconds to days. Therefore, this proves
## that no "insider" access or leak is necessary to obtain this table, and that the
## attackers most likely did exactly the same thing.
## This is the "black box", i.e. the hardware: The table is not exposed to the caller.
class BlackBox: