Since I had to migrate my work machine to Windows, it became impossible to use the TPM of my Precision 5520 as a secure key store. The open source tpm2-software stack does not work on Windows, and there is no alternative software stack provided by Microsoft. So I figured, might as well switch to a crypto stick. This post contains my notes from that process.

Ubuntu 20.04 LTS is on the horizon and while we’re all hyped about the new set of wallpapers, here is my small wish list of technical improvements to have out of the box in the next LTS:

I was pretty impressed with two new pieces of technology recently:

1. Being able to run Quake Champions on Linux using Proton
2. External GPUs seeing just a 20% performance hit on external displays and being compatible with Linux

Below are results of my experiments.

There has been somewhat of a hiatus to my ARM crackme series. There are two reasons for this: r2con 2019 and 44CON 2019. Both had CTF challenges and that’s what I’ve been busy with.

First item on the list is the 500 points binary challenge from 44CON:

┌─────┐                 ┌─────┐
│ BIN │                 │ WEB │
│     ├─┐             ┌>│     ├┐
│ ¥10 │ │             │ │ ¥30 ││
└─────┘ │             │ └─────┘│
┌─────┐ │    ┌──────┐ │        │  ┌──────┐  ┌──────┐  ┌──────┐
│ WEB │ │    │  WEB │ │        │  │  TRI │  │  WEB │  │  BIN │
│     ├─┼─┬─>│      ├─┤        ├─>│      ├─>│      ├─>│      │
│ ¥ 5 │ │ │  │  ¥10 │ │        │  │ ¥100 │  │ ¥120 │  │ ¥250 │
└─────┘ │ │  └──────┘ │        │  └──────┘  └──────┘  └──────┘
┌─────┐ │ │  ╔══════╗ │ ┌─────┐│
│ TRI │ │ │  ║  BIN ║ │ │ BIN ││
│     ├─┘ └─>║      ║ └>│     ├┘
│ ¥ 3 │      ║ ¥500 ║   │ ¥50 │
└─────┘      ╚══════╝   └─────┘

Recently, I decided to put my reversing skills to a test by solving some of the public crackmes and writing down my solutions. This is the second post of the series.

For work, I do some very basic Android, TEE, RASP and IoT reversing, but most of those tasks are too shallow and repetitive. You can’t get much depth when reversing is an “if there’s time to waste” part of an engagement with overall length of a week and bottomless scope, so this series is about a monkey learning to dive deeper.

I decided to source my first batch of challenges from Crackmes.One. Second challenge is of difficulty level 2 and is targeting ARM/Linux.

Recently, I decided to put my reversing skills to a test by solving some of the public crackmes and writing down my solutions. This is the first of many to come.

For work, I do some very basic Android, TEE, RASP and IoT reversing, but most of those tasks are too shallow and repetitive. You can’t get much depth when reversing is an “if there’s time to waste” part of an engagement with overall length of a week and bottomless scope, so this series is about a monkey learning to dive deeper.

I decided to source my first batch of challenges from Crackmes.One. First challenge is of difficulty level 1 and is targeting ARM/Linux.

Preamble

As it turns out, font rendering is a highly controversial topic. If you don’t see anything wrong with Linux font rendering, please disregard this as a shitpost. Thanks.

I spent the first 25 years of my life on Windows and therefore I am biased towards Windows font rendering with ClearType. I also agree with research which suggests that this rendering approach makes reading easier on the eyes. There are also some facts you can’t argue with, such as non-linear rendering without anti-aliasing looking awful.

With that out of the way, let’s proceed.

Say you have a homelab and, like me, you don’t have the space for a 42U rack and an enterprise vSphere license. Your options are Hyper-V, Xen, Proxmox or… a standalone ESXi machine on a free license.

Every now and then VMware releases updates for it, but there is no way to get them automatically on a standalone ESXi host. Thankfully, it’s not too hard to do by hand and here is a step-by-step that I wrote down for my own purposes.

Outdated ESXi hosts also may or may not be one of the most common findings in network security tests.

It turns out Intel GuC and HuC bits of the i915 driver don’t get loaded by default on Linux. Ubuntu kernel changes make it extra difficult to get them to load manually, so I wrote it down. This is how you get it to work.

One thing I really wanted to have on my server was the ability for system packages to send mail externally. This is useful for upgrade notifications or any kind of monitoring alerts that systems may emit. One the other hand, I have better things to do than worry about a private mail server. The solution I came up with is setting up postfix to act as an SMTP-relay, using an SMTP account at a third-party mail server for outgoing mail.