This demos how memcpy can go badly wrong when used to remove an element of an array by shifting content left.
#include <assert.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
Steven Johnstone stevenjohnstone
stevenjohnstone
/ memcpy.md
Created
November 20, 2025 10:46
Memcpy optimisation fun with overlapping pointers
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Use this configuration file | |
| ``` | |
| { | |
| "name": "Royal Kludge R65", | |
| "vendorId": "0x342d", | |
| "productId": "0xe481", | |
| "keycodes": ["qmk_lighting"], | |
| "menus": [ | |
| { | |
| "label": "Lighting", |
stevenjohnstone
/ bruteforce.c
Created
May 5, 2021 18:31
brute force on https://roadrunnerwmc.github.io/blog/2020/05/08/nsmb-rng.html
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // https://roadrunnerwmc.github.io/blog/2020/05/08/nsmb-rng.html takes about 10 seconds to find | |
| // a fixed point for the random number generator | |
| #include <assert.h> | |
| #include <stdio.h> | |
| #include <stdint.h> | |
| uint32_t rand_nsmb(uint32_t *state) { | |
| uint64_t value = (uint64_t)(*state) * 1664525 + 1013904223; | |
| return *state = value + (value >> 32); |
stevenjohnstone
/ rng.smt
Last active
May 5, 2021 16:46
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (set-logic QF_BV) | |
| ; Quicker way to find fixpoints in the rng discussed in | |
| ; https://roadrunnerwmc.github.io/blog/2020/05/08/nsmb-rng.html . | |
| ; | |
| ; On my machine (AMD Ryzen 5 3550H with 8G RAM), running this with z3 | |
| ; finds a fixedpoint in about 80 seconds | |
| ; Here's the code we'll be modelling: | |
| ; |
stevenjohnstone
/ antifuzz.go
Created
January 27, 2021 22:11
Demonstration of issues with using gofuzz (no-hypen) with go-fuzz (has a hypen)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // +build gofuzz | |
| // Package antifuzz shows how gofuzz transformation of inputs breaks coverage guidance. | |
| // | |
| // When running "go-fuzz -func FuzzGood", a crasher is found almost immediately. In contrast, | |
| // when running "go-fuzz -func FuzzBad" no crasher is found and it likely won't for a long time. | |
| package antifuzz | |
| import fuzz "github.com/google/gofuzz" |
stevenjohnstone
/ resume.json
Last active
January 13, 2026 13:24
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "meta": { | |
| "theme": "modern-classic" | |
| }, | |
| "basics": { | |
| "name": "Steven Johnstone", | |
| "label": "Security Engineering Leader | Founder", | |
| "email": "[email protected]", | |
| "summary": "Seasoned Security Engineer and Founder with 15+ years of experience protecting critical national infrastructure, building security-first products, and driving compliance. A true builder who combines strategic experience with deep, hands-on engineering skills (Golang, C/C++, Assembly). Proven track record of founding startups, coding core systems, and securing successful exits to Cisco, Motorola, and Fortinet.", | |
| "location": { |
stevenjohnstone
/ afl-fuzz.c
Last active
July 31, 2020 15:20
A Lua AFL integration using the debug hook functionality which fires as Lua traverses lines
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Using the approach of afl-python to make a | |
| // Lua fuzzer. | |
| // Build with "gcc -I/usr/include/lua5.3/ -L/usr/local/lib -llua5.3 -rdynamic afl-fuzz.c" | |
| // (or whatever works on your platform). | |
| // | |
| // Write a script which has a global function "fuzz" which reads all of stdin and processes it | |
| // to exercise some code in which you'd like to find logic bugs. | |
| #include <assert.h> | |
| #include <fcntl.h> |
stevenjohnstone
/ chapter5.py
Last active
February 23, 2020 08:27
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # coding: utf-8 | |
| import angr | |
| import archinfo | |
| import claripy | |
| import time | |
| def main(): | |
| p = angr.Project('ctf') |
stevenjohnstone
/ tcache.c
Created
March 25, 2019 22:09
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <assert.h> | |
| #include <dlfcn.h> | |
| #include <stdlib.h> | |
| #include <stdio.h> | |
| #include <string.h> | |
| #include <stdint.h> | |
| // Background reading: http://tukan.farm/2017/07/08/tcache/ | |
| const size_t msize = 0x100; |
stevenjohnstone
/ env.c
Created
March 25, 2019 21:46
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdlib.h> | |
| #include <string.h> | |
| int main(int argc, const char **argv) { | |
| char *foo = getenv("foo"); | |
| if (strcmp(foo, "bar") == 0) { | |
| return 0; | |
| } | |
| return 1; | |
| } |
NewerOlder