Lovely nonces (ASIS CTF Quals 2021): the unintended way Originally published in justCatTheFish repo. The quasi-crypto part by Arusekk The first thing I noticed in this task was unsafe random nonce generation. Unpredictable random values in Node.js should be generated using crypto.random*() and not Math.random(), which is designed to be fast, not safe. So while the others were working on an XSS payload that would work, I searched v8 (the JavaScript engine used by Node.js) sources for the implementation behind Math.random(). It turned out to be xorshift128, which is a wonderful algorithm, passing strict randomness tests, while still being very fast. But since it only uses bitwise xor and shift operations, it is trivial to predict. ...

So here it is! arusekk.pl is finally mine. Buying a domain is straightforward. All I did was find the registry of my favorite TLD (which is .pl for Poland), registry maintained by NASK, reachable at dns.pl. There at the list of registrars I narrowed down the list to those supporting IPv6 domain delegation (I had yet to know what it means, but I thought that it would be better to have it), DNSSEC (which I knew was something important), and that the registrar must be a Polish entity. ...

I woke up, ate my breakfast, did some workout with StepMania (a DDR clone, great game, BTW, you should definitely try it, if you like to move), practiced playing music a little on a MIDI keyboard (using QSynth with JACK (managed by Catia) for low latency response). I heard that Wine supports GTK3 themes, so I wanted to check it out, but there was none for the latest version, and that lead me to filing a bug. ...

TI 1337 Plus CE Originally published in justCatTheFish repo. Writeup written by Arusekk. Solved by Arusekk, haqpl and Disconnect3d. We included the task files in ./taskfiles/. In the task, you have to take control over a patched (sandboxed) CPython. The patch checks the opcodes against a blacklist, and if any matches, it goes exit(1). It also forbids using variables beginning with _. The checks are perfored only if current environment is missing a secret COMPILE_SECRET and the current frame’s code object has co_filename set to anything other than a predefined string (FROZEN_SECRET). ...

A friend of mine recently told me that she is not smart (that’s a lie from her, since she is), but she pretends to be smart using one simple trick. She told me that the key to being perceived as smart is to have strong, carefully researched, and strongly founded opinions on some totally irrelevant details of the things you happen to talk about. While this may be a helpful advice, the worst part is that it will not make you any true expert. But if you are part of some phenomenon for long enough, you become an expert gradually. And then you start to notice the errors of those who err. ...