IPv4 has been invented in the eighties. IPv6 has quickly followed in the nineties, exactly after fourteen years of IPv4 practical application. It’s been nearly 30 years since then, and we’re still stuck with IPv4. Stuck? The main problem with IPv4 is its 32-bit addressing. It limits the Internet to 4 billion true participants (in practice even less, because of reserved address ranges, broadcast addresses, masks, and so on): less than half the world population! All its shortcomings come from this single problem. ...

Lovely nonces (ASIS CTF Quals 2021): the unintended way Originally published in justCatTheFish repo. The quasi-crypto part by Arusekk The first thing I noticed in this task was unsafe random nonce generation. Unpredictable random values in Node.js should be generated using crypto.random*() and not Math.random(), which is designed to be fast, not safe. So while the others were working on an XSS payload that would work, I searched v8 (the JavaScript engine used by Node.js) sources for the implementation behind Math.random(). It turned out to be xorshift128, which is a wonderful algorithm, passing strict randomness tests, while still being very fast. But since it only uses bitwise xor and shift operations, it is trivial to predict. ...

So here it is! arusekk.pl is finally mine. Buying a domain is straightforward. All I did was find the registry of my favorite TLD (which is .pl for Poland), registry maintained by NASK, reachable at dns.pl. There at the list of registrars I narrowed down the list to those supporting IPv6 domain delegation (I had yet to know what it means, but I thought that it would be better to have it), DNSSEC (which I knew was something important), and that the registrar must be a Polish entity. ...

I woke up, ate my breakfast, did some workout with StepMania (a DDR clone, great game, BTW, you should definitely try it, if you like to move), practiced playing music a little on a MIDI keyboard (using QSynth with JACK (managed by Catia) for low latency response). I heard that Wine supports GTK3 themes, so I wanted to check it out, but there was none for the latest version, and that lead me to filing a bug. ...

TI 1337 Plus CE Originally published in justCatTheFish repo. Writeup written by Arusekk. Solved by Arusekk, haqpl and Disconnect3d. We included the task files in ./taskfiles/. In the task, you have to take control over a patched (sandboxed) CPython. The patch checks the opcodes against a blacklist, and if any matches, it goes exit(1). It also forbids using variables beginning with _. The checks are perfored only if current environment is missing a secret COMPILE_SECRET and the current frame’s code object has co_filename set to anything other than a predefined string (FROZEN_SECRET). ...