lucasg.github.io blog about rss github

The sad state of PE parsing

The title of this blog’s post might be clickbaity, but here the executive summary : there is no gold standard open source library for PE parsing and features extraction in “native” (i.e. unmanaged) code. Moreso all widely-used PE parsing libraries contains subtle flaws.

Downloading dash docsets

Dash docsets and the compatible viewers (Dash on OSX, Velocity on Windows and Zeal on Linux/X-Plat) are a godsend for whoever work/develop offline (or on a limited bandwith). It also has the benefit of being a one-stop shop for documentation (no need to have multiple tabs opened for $ProgrammingLanguage; $BuildPipelineTechno; $VersionControlSoftware; etc.).

Velocity

However I recently wanted to set up Velocity on a truly disconnected computer and unfortunately the application desperately wants to download the official dash docset. I had to find another way to get them.

How Control Flow Integrity is implemented in Windows 10

This blog post resume a month of work analyzing how Windows has implemented Control Flow Integrity in Win10 build 14393 and 14986.

A lot have been said about CFG, the Windows’s version of control flow integrity. It has been released first in Windows 8.1 Update 3 (KB3000850) in 2014 and had been improved upon since. Coming recently with the Windows 10 Anniversary Update (i.e. build 14393) several new features like longjmp hardening.

Running Jekyll on WSL (Windows Subsystem for Linux)

Since Windows is my daily driver at home, I’m genuinely interested by the arrival of WSL (Windows Subsystem on Linux) with the build 14393 last year. For me, the main use of WSL will be to run webservers locally (dns, apache, nodejs, etc.) without having to set up a whole VM (and configuring network) to run them.

I start by converting my local version of Jekyll, that I run on my PC in order to “debug” my posts before pushing them to github.

Renaming a Win32 executable to main.exe launch the Xbox DVR popup

Recently I’ve stumble upon the following question on Stack Overflow : windows-10-naming-programs-main-exe-cause-them-to-show-pop-up. The user Ether Frog has noticed that renaming any executable to main.exe triggers the Xbox Game DVR recorder when launching the executable on Windows 10.

I’ve done some digging over the weekend and I have found over 2000 special exe names which will trigger the same behaviour, not just main.exe.

This post does contain most of my answer on the SO platform, but I also explain my reverse engineering process.

How to create and debug a process automatically on windows

Recently I had to write a custom loader which will dynamically retrieve a bunch of informations (loaded modules list, imports, etc.) for several hundreds of executables. The first way involves to launch every exe with cdb and cry when it comes to write windbg scripts in order to exports the needed infomations (I’m not frankly excited about their new shiny Javascript scripting engine built for windbg ). The other way is to write a lightweight debugger using specific Windows API.

Guess which way I went ?

Enable non-signed drivers to be loaded and ran under Windows

“Recents” Windows (from XP up to 10) force by default drivers to be signed (i.e. by Verisign) in order to be launched. This behavior, which has greatly reduced the attack surface for malware creators, can be a hindrance when you want to develop custom drivers. Here’s how to disable it.

Eudyptula Challenge

A few months ago I started the Eudyptula challenge, which is a series of coding tests designed to present how to hack and contribute to the Linux kernel for a newcommer like myself.

HACKVent 2014 - Day 21 writeup

I’ve sign up for the Hackvent event made by the guys from www.hacking-lab.com, which is a advent-like hacking competition. Every day there is a new challenge posted at midnight which has a to solved at best in the same day, the challenge becoming increasingly more difficult every week completed. The aim in every puzzle is to find either a qr-encoded x-mas ball with lead to the validation code, or a secret human-readable string which gives you the former ball when feeding into a validator (the “Ball-O-Matic”).

Here’s the write-up for the challenge at day 21, in which we will learn how to get banned from casino and bingo parties.

HACKVent 2014 - Day 20 writeup

I’ve sign up for the Hackvent event made by the guys from www.hacking-lab.com, which is a advent-like hacking competition. Every day there is a new challenge posted at midnight which has a to solved at best in the same day, the challenge becoming increasingly more difficult every week completed. The aim in every puzzle is to find either a qr-encoded x-mas ball with lead to the validation code, or a secret human-readable string which gives you the former ball when feeding into a validator (the “Ball-O-Matic”).

Here’s the write-up for the twentieth challenge, in which we will constantly be called a “hobo”.

HACKVent 2014 - Day 19 writeup

I’ve sign up for the Hackvent event made by the guys from www.hacking-lab.com, which is a advent-like hacking competition. Every day there is a new challenge posted at midnight which has a to solved at best in the same day, the challenge becoming increasingly more difficult every week completed. The aim in every puzzle is to find either a qr-encoded x-mas ball with lead to the validation code, or a secret human-readable string which gives you the former ball when feeding into a validator (the “Ball-O-Matic”).

HACKVent 2014 - Day 17 writeup

I’ve sign up for the Hackvent event made by the guys from www.hacking-lab.com, which is a advent-like hacking competition. Every day there is a new challenge posted at midnight which has a to solved at best in the same day, the challenge becoming increasingly more difficult every week completed. The aim in every puzzle is to find either a qr-encoded x-mas ball with lead to the validation code, or a secret human-readable string which gives you the former ball when feeding into a validator (the “Ball-O-Matic”).

Here’s the write-up for the challenge at day 17, in which we will crush handshake.

HACKVent 2014 - Day 16 writeup

I’ve sign up for the Hackvent event made by the guys from www.hacking-lab.com, which is a advent-like hacking competition. Every day there is a new challenge posted at midnight which has a to solved at best in the same day, the challenge becoming increasingly more difficult every week completed. The aim in every puzzle is to find either a qr-encoded x-mas ball with lead to the validation code, or a secret human-readable string which gives you the former ball when feeding into a validator (the “Ball-O-Matic”).

Here’s the write-up for the challenge at day 16, in which we will unroll snakes.

HACKVent 2014 - Day 15 writeup

I’ve sign up for the Hackvent event made by the guys from www.hacking-lab.com, which is a advent-like hacking competition. Every day there is a new challenge posted at midnight which has a to solved at best in the same day, the challenge becoming increasingly more difficult every week completed. The aim in every puzzle is to find either a qr-encoded x-mas ball with lead to the validation code, or a secret human-readable string which gives you the former ball when feeding into a validator (the “Ball-O-Matic”).

Here’s the write-up for the challenge at day 15, in which we will learn about a useful trick for black hats.

HACKVent 2014 - Day 14 writeup

I’ve sign up for the Hackvent event made by the guys from www.hacking-lab.com, which is a advent-like hacking competition. Every day there is a new challenge posted at midnight which has a to solved at best in the same day, the challenge becoming increasingly more difficult every week completed. The aim in every puzzle is to find either a qr-encoded x-mas ball with lead to the validation code, or a secret human-readable string which gives you the former ball when feeding into a validator (the “Ball-O-Matic”).

Here’s the write-up for the challenge at day 14, in which we will rediscover the social inequalities through cracking.

HACKVent 2014 - Day 13 writeup

I’ve sign up for the Hackvent event made by the guys from www.hacking-lab.com, which is a advent-like hacking competition. Every day there is a new challenge posted at midnight which has a to solved at best in the same day, the challenge becoming increasingly more difficult every week completed. The aim in every puzzle is to find either a qr-encoded x-mas ball with lead to the validation code, or a secret human-readable string which gives you the former ball when feeding into a validator (the “Ball-O-Matic”).

Here’s the write-up for the challenge at day 13, in which we will talk to extraterrestrial beings.

HACKVent 2014 - Day 12 writeup

I’ve sign up for the Hackvent event made by the guys from www.hacking-lab.com, which is a advent-like hacking competition. Every day there is a new challenge posted at midnight which has a to solved at best in the same day, the challenge becoming increasingly more difficult every week completed. The aim in every puzzle is to find either a qr-encoded x-mas ball with lead to the validation code, or a secret human-readable string which gives you the former ball when feeding into a validator (the “Ball-O-Matic”).

Here’s the write-up for the mid-point challenge at day 12, concerning reverse engineering SQL scripts.

HACKVent 2014 - Day 11 writeup

I’ve sign up for the Hackvent event made by the guys from www.hacking-lab.com, which is a advent-like hacking competition. Every day there is a new challenge posted at midnight which has a to solved at best in the same day, the challenge becoming increasingly more difficult every week completed. The aim in every puzzle is to find either a qr-encoded x-mas ball with lead to the validation code, or a secret human-readable string which gives you the former ball when feeding into a validator (the “Ball-O-Matic”).

HERE_S_THE_WRITE-UP_FOR_THE_ELEVENTH_CHALLENGE__IN_WHICH_WE_WILL~1.

HACKVent 2014 - Day 10 writeup

I’ve sign up for the Hackvent event made by the guys from www.hacking-lab.com, which is a advent-like hacking competition. Every day there is a new challenge posted at midnight which has a to solved at best in the same day, the challenge becoming increasingly more difficult every week completed. The aim in every puzzle is to find either a qr-encoded x-mas ball with lead to the validation code, or a secret human-readable string which gives you the former ball when feeding into a validator (the “Ball-O-Matic”).

Here’s the write-up for the tenth challenge, in which I debug SQL queries without knowing a thing about SQL.

HACKVent 2014 - Day 09 writeup

I’ve sign up for the Hackvent event made by the guys from www.hacking-lab.com, which is a advent-like hacking competition. Every day there is a new challenge posted at midnight which has a to solved at best in the same day, the challenge becoming increasingly more difficult every week completed. The aim in every puzzle is to find either a qr-encoded x-mas ball with lead to the validation code, or a secret human-readable string which gives you the former ball when feeding into a validator (the “Ball-O-Matic”).

Here’s the write-up for the ninth challenge, in which we will learn how to spy on our girlfriend by reading her text messages.

HACKVent 2014 - Day 08 writeup

I’ve sign up for the Hackvent event made by the guys from www.hacking-lab.com, which is a advent-like hacking competition. Every day there is a new challenge posted at midnight which has a to solved at best in the same day, the challenge becoming increasingly more difficult every week completed. The aim in every puzzle is to find either a qr-encoded x-mas ball with lead to the validation code, or a secret human-readable string which gives you the former ball when feeding into a validator (the “Ball-O-Matic”).

Here’s the write-up for the first “medium” challenge at day 8, which consist of running potentially malicious arbitrary code on your machine.

HACKVent 2014 - Day 07 writeup

I’ve sign up for the Hackvent event made by the guys from www.hacking-lab.com, which is a advent-like hacking competition. Every day there is a new challenge posted at midnight which has a to solved at best in the same day, the challenge becoming increasingly more difficult every week completed. The aim in every puzzle is to find either a qr-encoded x-mas ball with lead to the validation code, or a secret human-readable string which gives you the former ball when feeding into a validator (the “Ball-O-Matic”).

This challenge has revealed to be one of the hardest I cracked, mainly because I had a lot of difficulties to identify the encryption mechanism and was misled several times. Since I was away from home the day it went live, I also solved it only the day after.

Here’s the write-up for the seventh challenge, which will put a considerable strain on your eyesight.

HACKVent 2014 - Day 06 writeup

I’ve sign up for the Hackvent event made by the guys from www.hacking-lab.com, which is a advent-like hacking competition. Every day there is a new challenge posted at midnight which has a to solved at best in the same day, the challenge becoming increasingly more difficult every week completed. The aim in every puzzle is to find either a qr-encoded x-mas ball with lead to the validation code, or a secret human-readable string which gives you the former ball when feeding into a validator (the “Ball-O-Matic”).

Here’s the write-up for the sixth challenge, which has been solved during a hangover.

HACKVent 2014 - Day 05 writeup

I’ve sign up for the Hackvent event made by the guys from www.hacking-lab.com, which is a advent-like hacking competition. Every day there is a new challenge posted at midnight which has a to solved at best in the same day, the challenge becoming increasingly more difficult every week completed. The aim in every puzzle is to find either a qr-encoded x-mas ball with lead to the validation code, or a secret human-readable string which gives you the former ball when feeding into a validator (the “Ball-O-Matic”).

Here’s the write-up for the fifth challenge, in which we will compare apples and oranges.

HACKVent 2014 - Day 04 writeup

I’ve sign up for the Hackvent event made by the guys from www.hacking-lab.com, which is a advent-like hacking competition. Every day there is a new challenge posted at midnight which has a to solved at best in the same day, the challenge becoming increasingly more difficult every week completed. The aim in every puzzle is to find either a qr-encoded x-mas ball with lead to the validation code, or a secret human-readable string which gives you the former ball when feeding into a validator (the “Ball-O-Matic”).

Here’s the write-up for the fourth challenge, which has nothing to do with dominoes.

HACKVent 2014 - Day 03 writeup

I’ve sign up for the Hackvent event made by the guys from www.hacking-lab.com, which is a advent-like hacking competition. Every day there is a new challenge posted at midnight which has a to solved at best in the same day, the challenge becoming increasingly more difficult every week completed. The aim in every puzzle is to find either a qr-encoded x-mas ball with lead to the validation code, or a secret human-readable string which gives you the former ball when feeding into a validator (the “Ball-O-Matic”).

Here’s the write-up for the third challenge, which will refresh your historical knowledge of the Antiquity Era.

HACKVent 2014 - Day 02 writeup

I’ve sign up for the Hackvent event made by the guys from www.hacking-lab.com, which is a advent-like hacking competition. Every day there is a new challenge posted at midnight which has a to solved at best in the same day, the challenge becoming increasingly more difficult every week completed. The aim in every puzzle is to find either a qr-encoded x-mas ball with lead to the validation code, or a secret human-readable string which gives you the former ball when feeding into a validator (the “Ball-O-Matic”).

Here’s the write-up for the second challenge, which is focused on base64 encoding and internet time machines.

HACKVent 2014 - Day 01 writeup

I’ve sign up for the Hackvent event made by the guys from www.hacking-lab.com, which is a advent-like hacking competition. Every day there is a new challenge posted at midnight which has a to solved at best in the same day, the challenge becoming increasingly more difficult every week completed. The aim in every puzzle is to find either a qr-encoded x-mas ball with lead to the validation code, or a secret human-readable string which gives you the former ball when feeding into a validator (the “Ball-O-Matic”).

Here’s the write-up for the first challenge, which revolves around url shorteners.

Foxit PDF Creator can fuck your software up

I stumbled across a curious bug at work today. I’m currently updating some old bits of code managing the printing of a report ( the software’s current configuration and whats not), the files had not been modified for almost ten years. At one point my XPS output crashed (it couldn’t handle the "\r\n" chars) so I decided to take a look at the PDF version.

Misheard lyrics

I’m currently listening the Decade Mix made by Flight Facilities on SoundCloud - which is by the way a great 4-hour session of songs recounting 40 years of (western) music - when I stumbled upon a old song I didn’t know the name of. Having a pre-shaazam mentality, I tend to focus on the lyrics and typing them into google search bar to hopefully retrieve the name.

Cryptopals - Set [1] - Detect single-character XOR

Not a long time ago, I started to give myself into the Cryptopals Matasano challenge. Knowing little about cryptographics, I thought that was a good idea to learn a thing or two about encryption, as well as brushing off my C skills (I’m currently a C++ guy).

Building Libreoffice from source

Being clearly annoyed by the pivot table not being supported by LibreOffice Calc (well it’s actually the xlsx export which is broken), I decided to build the libreoffice core from source from my Mint VM. It wasn’t simple.