从这道题目开始,我们正式进入堆的世界~
由于最新版系统的libc版本升级后加入了tcache机制,我们只能使用旧版系统来完成后面一系列的入门级堆题目。我采用的系统是Ubuntu 16.04。
Pwn学习总结(19):Heap-FastBin/fastbin
发表评论
作者归档:Jack
Jack’s 2022 New Year CTF WriteUp
榜单
本届Jack’s 2022 New Year CTF共有7人参加,瓜分了121.5元奖金。
| Place | User | Score | Bonus |
|---|---|---|---|
| 1 | undefined | 576 | 55.76 |
| 2 | bml | 576 | 25.76 |
| 3 | shadowmov | 431 | 24.31 |
| 4 | SY | 266 | 7.66 |
| 5 | 小红花 | 195 | 6.95 |
| 6 | jzqsss | 101 | 1.01 |
| 7 | TaQini | 5 | 0.05 |
本次比赛中,题目JackZIPPacker因无人解决,留到明年继续出题。
题目环境会始终开启,供大家玩耍。
Pwn学习总结(18):VSyscall-vul64
实验平台:
x86_64, Ubuntu 18.04.6 LTS, Kernel 4.15.0-167-generic
GLIBC 2.27-3ubuntu1.4实验Binary及答案:https://github.com/bjrjk/pwn-learning/tree/main/VSyscall/vul64
Pwn学习总结(17):UAF-hacknote
实验平台:
x86_64, Ubuntu 18.04.6 LTS, Kernel 4.15.0-167-generic
GLIBC 2.27-3ubuntu1.4实验Binary及答案:
https://github.com/bjrjk/pwn-learning/tree/main/UAF/hacknote
2022HWS硬件安全冬令营预选赛 WriteUp
Pwn学习总结(16):SROP-360chunqiu2017_smallest
实验平台:
x86_64, Ubuntu 16.04.7 LTS, Kernel 4.15.0-142-generic
GLIBC 2.23-0ubuntu11.3实验Binary及答案:
https://github.com/bjrjk/pwn-learning/tree/main/ROP/SROP/360chunqiu2017_smallestVivado多线程综合问题
今日群友闲聊时提到Vivado的多线程综合相关问题。猴哥引用了Xilinx的UG904文档[1]。
其中说明,Windows下综合时默认使用2线程,Linux下综合时默认使用8线程。
如果想要更改的话,需要在Vivado的TCL窗口中使用下列命令:
Vivado% set_param general.maxThreads <new limit>其中,new limit可以是1~8之间的任意一个值。
感谢猴哥[坏笑]!
为方便起见,将对应的文档粘贴过来,方便阅读。
Multithreading with the Vivado Tools
On multiprocessor systems, Vivado tools use multithreading to speed up certain processes,including DRC reporting,statictiming analysis, placement, and routing. The maximum number ofsimultaneous threads varies, depending on the number of processors and task. The maximumnumber of threads by task is:
- DRC reporting: 8
- Statictiming analysis: 8
- Placement: 8
- Routing: 8
- Physical optimization: 8
The default number of maximum simultaneous threads is based on the OS. For Windows systems, the limit is 2; for Linux systems the default is 8. The limit can be changed using a parameter called
general.maxThreads. To change the limit use the following Tcl command:Vivado% set_param general.maxThreads <new limit>where the new limit must be an integer from 1 to 8, inclusive.
Tcl example on a Windows system:Vivado% set_param general.maxThreads 2This means all tasks are limited to two threads regardless of number of processors or the taskbeing executed. If the system has at least eight processors, you can set the limit to 8 and alloweach task to use the maximum number of threads.
Vivado% set_param general.maxThreads 8To summarize, the number of simultaneous threads is the smallest of the following values:
- Maximum number of processors
- Limit of threads for the task
- General limit of threads
参考资料:
[1] UG904 https://www.xilinx.com/support/documentation/sw_manuals/xilinx2021_1/ug904-vivado-implementation.pdf
利用Proxmark3实现NFC手机模拟加密门禁卡过程记录
之前我一直使用ACR122U进行门禁卡的识别和读取工作,但是ACR122U的效率和能力有限。
最近正好需要用手机模拟小区的门禁卡,而使用ACR122U无法进行小区门禁卡的读取。因此,我决定换用一个能力更强的Proxmark3。
现在Proxmark3的价格也很便宜,我从咸鱼上购买,仅需200元就买到一个。
ChakraCore Var数据类型指针疑惑
我最近看ChakraCore的源码做CVE分析的时候,一直不知道为什么Object Array能存储所有类型的对象。对于Native Value,它在高16位打Tag直接存进void * ,对于Object Pointer,它在void * 存入原封不动的指针。判断的时候,用SHR右移48位,看剩下的高位是否为0,若不为0,就是Tagged Native Value,否则就是Object Pointer。
今天分析CVE的时候突然想明白了48位是怎么定出来的了。因为x86_64现在的Virtual Address Size是48位。而且还有一个原因是,x86用户态的Canonical VM Address高16位是0000h开头。换个架构,这玩意貌似就不适用了。也没准随着Arch发展一下,VA Size增大一些,ChakraCore就彻底倒闭了。
注:微软不支持,应该已经倒闭了。
批量取消Youtube视频订阅方法
发现我的Youtube账号里莫名其妙多出来大量订阅,遂想取消之。批量取消JavaScript代码如下:
页面地址:https://www.youtube.com/feed/channels
buttons = document.querySelectorAll('#grid-container tp-yt-paper-button');
len = buttons.length;
index = 0;
while (index < len) {
t = 100 * index;
setTimeout((function(index, t) {
return function() {
buttons[index].dispatchEvent(new MouseEvent('click'));
setTimeout(function() {
cancel = document.querySelector('tp-yt-paper-dialog #confirm-button');
cancel.dispatchEvent(new MouseEvent('click'));
console.log(`共{len}个订阅,正在取消第{index + 1}个订阅`);
},
50);
}
})(index, t), t);
index++;
}