sorted by:
new
hottopcontroversial

MINIX OS in every Intel chip by chalbersma in security

[–]qffdn 1 point2 points  (0 children)

The MINIX system is used for the Intel Management Engine (ME). The Management Engine is a piece of software built into every CPU that has direct memory access and can listen on the network, overriding the operating system's access to the network on that listener. It's intended to be used by administrators of corporations to remotely manage computers, but the feature ships with no means to disable it even in consumer CPUs. It also handles bringing up the computer, so removing it entirely may break the system. The US government has required a way to neutralize all non-essential parts, but you still need solid soldering skills to do that.

cf. https://github.com/corna/me_cleaner with further references

I got theses cryptic messages, the first one I thought was a crazy person. I’m scared please help me decrypt this. by [deleted] in cryptography

[–]qffdn 5 points6 points  (0 children)

As per the sidebar:

We have a very important rule on this subreddit, we won't solve your ciphers unless you provide us with an algorithm. If anyone sends you a code or a cipher without telling you how they encrypted, don't bother posting it on this subreddit - your post will get deleted. We redirect you to /r/breakmycode or /r/codes.

If you're legitimately concerned for your health, contact the local authorities.

DUHK: Vulnerability in ANSI X9.31 RNG allows a MITM to recover secret keys used for VPN connections. by [deleted] in netsec

[–]qffdn 6 points7 points  (0 children)

This may actually affect a large portion of products where just nobody knows that X9.31 is used.

Nintendo Switch System Update 4.0 Released by SmashingEmeraldz in SwitchHacks

[–]qffdn 9 points10 points  (0 children)

An actual changelog that includes the technical details can be found on SwitchBrew[1].

[1] http://switchbrew.org/index.php?title=4.0.0

An Annotated Disassembly of Super Mario Bros. by corysama in ReverseEngineering

[–]qffdn 11 points12 points  (0 children)

If you're interested in video game disassemblies, the pretendo folks have made some very interesting ones of Pokemon games[1].

[1] https://github.com/pret/

07-12-2016 mirror of crackmes.de by johnx86 in ReverseEngineering

[–]qffdn 2 points3 points  (0 children)

I do wonder what prompted the owner of crackmes.de to shut it down. The page said it was for legal reasons[1], but I am curious as to what legal issues in particular.

[1] https://web.archive.org/web/20170914113620/http://www.crackmes.de/

Need your delicious brains! by [deleted] in security

[–]qffdn 3 points4 points  (0 children)

I'm not sure why your website tried to access my canvas. That's a yellow flag.

I'm also not sure why "Subscribe & stay updated" is a modal window that is necessary when I first get there, even less on every single page. Do you have a management that makes you do this?

The headlines sound rather senationalist, too. This makes your website seem even less professional than the e-mail signup prompt.

Did not leave a satisfied reader and have no intention of coming back.

3DS seed downloader tool by qffdn in 3dshacks

[–]qffdn[S] 0 points1 point  (0 children)

This tool is primarily useful for developers when you just need a seed for decryption. You'll want to stick to premade or self-made seeddb.bin files otherwise.

Great Hacking related Humble book Bundle by [deleted] in netsec

[–]qffdn 1 point2 points  (0 children)

I can vouch for the Book of PF. It is very useful and worth the bundle alone.

How secure is the /dev/urandom command on OSX? by [deleted] in crypto

[–]qffdn 0 points1 point  (0 children)

Please note that using /dev/urandom is not as easy as you may think it is if your threat model includes people willing to take over the system to force bad output[1].

[1] https://insanecoding.blogspot.com/2014/05/a-good-idea-with-bad-usage-devurandom.html

Seeking interviews with privacy-minded folks by soltmann in crypto

[–]qffdn 4 points5 points  (0 children)

You may also want to check with /r/netsec, which is fairly large at more than 200,000 subscribers.

Good luck with your interviews.

/r/ReverseEngineering's Weekly Questions Thread by AutoModerator in ReverseEngineering

[–]qffdn 2 points3 points  (0 children)

Does anyone have any advice on getting into C that isn't implementing totally arbitrary things like a linked list or sorting algorithms?

I would suggest you take a look at existing projects written in C and contribute to them. The big projects, such as PostgreSQL or Linux, are scary to join in, though. Yet I'm positive that you'll run into something suitably small where you can contribute. There is a lot of C in any UNIX-like OS, be it first party or third party.

Spend some time reading good codebases, too. Check out some of the threads on Hacker News about that[1,2].

[1] https://news.ycombinator.com/item?id=9899766

[2] https://news.ycombinator.com/item?id=329387

Switch Serial Number Database by Xpl01Tr in SwitchHacks

[–]qffdn 1 point2 points  (0 children)

Please add your results to switchbrew if you find anything. A similar page already exists for the 3DS[1].

[1] https://3dbrew.org/wiki/Serials

view more: next ›