Blog of James Brown

openai says i should edit /etc/wpa_supplicant/wpa_supplicant.conf like this to connect to 5G wifi:

1
2
3
4
5
6

network={
ssid="<SSID>"
psk="<password>"
frequency=5180
}

also set frequency of wifi card like this:

1
2
3

sudo ifdown wlan0 && sudo ifup wlan0
sudo iw dev wlan0 set freq 5180

unplug ethernet, then we are golden.

1
2

traceroute baidu.com

how to check avaliable wifi ssids without network-manager:

1
2

sudo iwlist wlan0 scan | grep ESSID

default login (maybe not):

1
2
3

username: pi
password: raspberry

in order to start sshd, touch ssh under boot partition

recover dhcpcd service:

1
2
3

sudo systemctl enable dhcpcd.service
sudo systemctl restart dhcpcd.service

config the password with proot -S <path_to_rootfs> -b <boot_partition>:/boot -q qemu-arm /usr/bin/bash and passwd

you’ve installed raspap on this device. you use the default credentials. this shit will not connect to our wifi automatically, thus block your way of running docker containers on it with only macbook.

seriously? do you really need docker on macos? or just on raspberry pi?

change apt sources:

1
2
3
4
5

sudo sed -i 's|raspbian.raspberrypi.org|mirrors.ustc.edu.cn/raspbian|g' /etc/apt/sources.list
sudo sed -i 's|mirrordirector.raspbian.org|mirrors.ustc.edu.cn/raspbian|g' /etc/apt/sources.list
sudo sed -i 's|archive.raspbian.org|mirrors.ustc.edu.cn/raspbian|g' /etc/apt/sources.list
sudo sed -i 's|archive.raspberrypi.org/debian|mirrors.ustc.edu.cn/archive.raspberrypi.org/debian|g' /etc/apt/sources.list.d/raspi.list

using nmcli to scan and connect wifi

1
2
3

sudo nmcli dev wifi rescan
sudo nmcli dev wifi connect <SSID> password <PASSWORD>

sharing network:

1
2

ssh -R 1080 pi@10.42.0.33

edit /etc/network/interfaces:

1
2
3
4
5
6
7
8
9
10
11
12
13
14

auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 10.42.0.33
netmask 255.255.255.0
gateway 10.42.0.1
allow-hotplug wlan0
auto wlan0
iface wlan0 inet dhcp
#wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
wpa-ssid "<SSID>"
wpa-psk "<PASSWORD>"

install packages:

1
2
3

sudo apt-get -o Acquire::http::proxy="socks5h://127.0.0.1:1080/"  -o Acquire::Check-Valid-Until=false -o Acquire::Check-Date=false update --allow-releaseinfo-change
sudo apt-get -o Acquire::http::proxy="socks5h://127.0.0.1:1080/"  -o Acquire::Check-Valid-Until=false -o Acquire::Check-Date=false upgrade -y

aimbots

game hacking is about reverse engineering at some level.

things may differ when you want to make cheats using yolov5, but at least, you have to read screen and control mouse/keyboard yes?

guidedhacking

phantomoverlay

i use rotnet for baidu rotnet captcha resolve. did it work?

ddddocr

tutorial

ctfhub

ctftime

ctf-tools by ctfwiki

https://ctf.bugku.com/game/index.html

common packers:

Themida, Code Virtualizer, VMProtect, ExeCryptor

general method for deobfustication

see github topic

protectors

Junk Code Generator and Polymorphic Code Engine Guide

ida pro junk code removal

still don’t forgive that damn cacani software (manual), and i still don’t find a clue for creating animation with cacani automatically.

search for “themida unpacker” or “unlicense” in bing or github. saying manually unpacking themida is always a pain in the ass.

challenges

the platform

official released source code

buuctf online judge

you may find many writeups in blog and github for buuctf.

hints and tools

binwalk

arr3esty0u github info

shg-sec

hack.lu 2022

ayacms rce in nctf 2022? how to identify the cms? and how the fuck did those guys identify the shit from that damn website (bing-upms)?

answer: they are both busting common web directories. can be induced by common repo structures.

baby-aes for crypto signin?

zsteg for solving that png problem?

normal sql injection, not for denodb

huli: interesting blog where denodb 0day came from

some z3 code, which does not but angr solved the problem

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

from z3 import *
data1=0x162AEB99F80DD8EF8C82AFADBA2E087A
data2=0x47C9F2ACA92F6476BE7F0A6DC89F4305
data3=0x33B57575
answer=[]
flag1=[]
key=[0x7e,0x1f,0x19,0x75]
solver=Solver()
flag=[Int('flag%d'%i) for i in range(36)]
for i in range(16):
answer.append((data1>>8*i)&0xff)
for i in range(16):
answer.append((data2>>8*i)&0xff)
for i in range(4):
answer.append((data3>>8*i)&0xff)
print(answer)
for i in range(0,9):
v3=key[3]
v4=flag[4*i+3]
v5=key[0]
v6=flag[4*i]
v7=flag[4*i+1]
v8=key[1]
v9=flag[4*i+2]
v10=(v6 + v4) * (key[0] + v3)
v11=key[2]
v12 = v3 * (v6 + v7)
v13 = (v3 + v11) * (v7 - v4)
v14 = v4 * (v11 - v5)
v15 = v5 * (v9 + v4)
solver.add(v14+v10+v13-v12==answer[4*i])
solver.add(v6 * (v8 - v3) + v12==answer[4*i+1])
solver.add(v15 + v14==answer[4*i+2])
solver.add(v6 * (v8 - v3) + (v8 + v5) * (v9 - v6) + v10 - v15==answer[4*i+3])
if solver.check()==sat:
m=solver.model()
rex = []
for i in range(34):
rex.append(m[flag[i]].as_long())
print(rex)
else:
print("n0")

writeups

saying this is complete for 2022 nctf?

arr3ty0u nctf 2022 writeup

nctf 2019 writeup

don’t know when it is, but i remember i have seen this shit: katastros’s nctf writeup

ctfiot chamd5 nctf 2022 writeup

nctf 2022 official crypto writeup

chatgpt is based on instructGPT

chatgpt interface

there are discord chats for openai and hackthebox

consider bugmenot to find openai accounts?

chatgpt sucks. it seems a tailored search engine. it might help filter out useless information. no zeroday exploits (rasp like openrasp) since it does not interact with program and hooks.

order paid openai accounts here

if you use openai to register new accounts, try to send sms successfully (may not receive sms even sent) multiple times, you will be blocked

tutorial on how to use this platform for openai registration

free sms receive platforms

7sim.org multiple phone numbers

receivesms.org i have seen soulapp usage with this damn number

not work for openai virtual phone numbers

traduzir

simple-translate

vxpwn vxworks exploit scripts

run vxworks in vmware maybe in qemu?

using serial port to reverse engineering a router

vxhunter toolsets for vxworks based embedded device analysis

schneider noe7701 backdoors and similar process

capstone related reverse engineering tools

full list of tools (showcase) using capstone as backend