• Unicode Adopt-a-Character

    Now you can adopt a character!

    1. Select your character
    2. Make your donation

    Then you’re done. After the donation, your character along with your name will be listed in Sponsors of Adopted Characters. You support Unicode Consortium by donation while expressing your interests in the adopted character as チルノ adopted ⑨.

    I chose ‘유’ (U+C720, HANGUL SYLLABLE YU), which is my family name written in Korean. And this is one of the first adoptions of hangul character.

  • Installing Ruby 1.8.7 on OS X El Capitan

    A bug in Ruby 1.8.7

    There is a bug in Ruby 1.8.7’s exponentiation. See “Exponentiation in Ruby 1.8.7 Returns Wrong Answers”.

    >> 2 ** 62
    => 4611686018427387904
    >> 2 ** 63
    => -9223372036854775808
    >> 2 ** 64
    => 0
    

    Note that following gives the correct result:

    >> 2 ** 62 * 2
    => 9223372036854775808
    

    Supporting an ancient Ruby

    Seeing this bug, I wanted to reproduce this by myself, so I just tried to install Ruby 1.8.7 on OS X 10.11.4. As I’m using chruby, I used ruby-install.

    ruby-install ruby 1.8.7
    

    But there are several errors:

    ...
    gcc -I. -I../.. -I../../. -I../.././ext/openssl -DRUBY_EXTCONF_H=\"extconf.h\" -I/usr/local/opt/openssl/include -I/usr/local/opt/readline/include -I/usr/local/opt/libyaml/include -I/usr/local/opt/gdbm/include  -D_XOPEN_SOURCE -D_DARWIN_C_SOURCE   -fno-common -g -O2 -pipe -fno-common   -c ossl.c
    ossl.c:118:1: error: unknown type name 'STACK'; did you mean '_STACK'?
    OSSL_IMPL_SK2ARY(x509, X509)
    ^
    ossl.c:95:22: note: expanded from macro 'OSSL_IMPL_SK2ARY'
    ossl_##name##_sk2ary(STACK *sk)                 \
                         ^
    /usr/local/opt/openssl/include/openssl/stack.h:72:3: note: '_STACK' declared here
    } _STACK;                       /* Use STACK_OF(...) instead */
      ^
    ...
    4 errors generated.
    make[1]: *** [ossl.o] Error 1
    make: *** [all] Error 1
    !!! Compiling ruby 1.8.7 failed!
    

    This is because of the version of OpenSSL used for compilation is too high for Ruby 1.8.7, see rbenv/ruby-build#445. After some searching about OpenSSL and Ruby 1.8.7, I found that RVM is using openssl098 for Ruby 1.8.7 compilation. But, unfortunately, they decided to remove it from homebrew/versions tap because of deprecation and security issues. See Homebrew/homebrew-versions#1150 for the issue and the commit removing openssl098.

    Building Ruby 1.8.7

    As I just wanted to reproduce a bug, I used the openssl098.rb right before the removal.

    brew install https://github.com/Homebrew/homebrew-versions/raw/586b7e9012a3ed1f9df6c43d0483c65549349289/openssl098.rb
    

    Then we can provide --with-openssl-dir option to ruby-install.

    ruby-install ruby 1.8.7 -- --with-openssl-dir=/usr/local/opt/openssl098
    

    It’ll be successful! You can use Ruby 1.8.7 on OS X El Capitan.

    $ ruby --version
    ruby 1.8.7 (2008-05-31 patchlevel 0) [i686-darwin15.4.0]
    

    Finally I was able to reproduce the bug.

    >> 2 ** 62
    => 4611686018427387904
    >> 2 ** 63
    => -9223372036854775808
    >> 2 ** 64
    => 0
    

    Also, for Ruby 1.8.7-p374, you don’t need openssl098, but you may need X11. If you don’t need tk, then try the following command:

    ruby-install ruby 1.8.7-p374 -- --without-tk
    

    This version of Ruby 1.8.7 still has the same bug.

  • Switching RVM to chruby

    I’ve found RVM’s gemsets are no longer useful to me. I used to make a separate gemset for each project by placing .ruby-version and .ruby-gemset file in each project directory. But whenever a Ruby release come out, I repeated uninstalling previous version and then clean installing new version. So I decided to move to chruby, smaller and simpler one.

    Goodbye, RVM

    rvm implode
    

    Also if you have additional script lines loading RVM, remove them. I left them to make it work only if RVM is installed.

    [[ -s "$HOME/.rvm/scripts/rvm/" ]] && source "$HOME/.rvm/scripts/rvm"
    

    Installing ruby-install

    ruby-install handles installations of various Rubies.

    If you’re on OS X:

    brew install ruby-install
    

    If you’re on Arch Linux:

    yaourt -S ruby-install
    

    Otherwise:

    wget -O ruby-install-0.6.0.tar.gz
    https://github.com/postmodern/ruby-install/archive/v0.6.0.tar.gz
    tar -xzvf ruby-install-0.6.0.tar.gz
    cd ruby-install-0.6.0/
    sudo make install
    

    Installing chruby

    If you’re on OS X:

    brew install chruby
    

    Otherwise:

    wget -O chruby-0.3.9.tar.gz
    https://github.com/postmodern/chruby/archive/v0.3.9.tar.gz
    tar -xzvf chruby-0.3.9.tar.gz
    cd chruby-0.3.9/
    sudo make install
    

    Then all I need to do is to load it from startup script, ~/.*shrc.

    if [ -e /usr/local/share/chruby/chruby.sh ]; then
      source /usr/local/share/chruby/chruby.sh
      source /usr/local/share/chruby/auto.sh
    fi
    

    The auto.sh is for auto-switching the current version of Ruby according to .ruby-version file of the current directory. This is optional.

    chruby provides ways to migrate Rubies from another Ruby manager, but I started from scratch, so installed latest Ruby using ruby-install.

    ruby-install ruby 2.3.0
    

    Then which ruby will points to some path under ~/.rubies directory.

    which ruby
    ~/.rubies/ruby-2.3.0/bin/ruby
    

    Now it’s possible to auto-switch the Ruby version with .ruby-version file or manually with chruby commands like chruby ruby-2.3.0 or chruby system, etc.

  • 32C3 CTF 2015: libdroid Write-up

    Reversing (150)

    Solves: 17

    Please install this on your new android phone, enter pass code and get the flag.

    Hints:

    • Updated the libdroid.apk, this one is now also able to run on a device. No changes to internal logic.

    If the above link doesn’t work, please use this link.

    Read on →

  • Moving Timezone to UTC in Jekyll

    At the very first, I haven’t think about the timezone of my blog. I had used to generate my blog on my local machine and deploy manually. At that time every content is released based on KST timezone, which is GMT+9.

    Right after that I tried to deploy my blog through Travis CI, I realized that something went wrong. Travis CI uses UTC by default, so the URL of every post between 0AM and 9AM was shifted by one day backward. I had to modify /etc/timezone or set environment variable TZ to restore the URLs.

    Yes, this can solve the problem I faced. But should I really use the KST for this whole blog? It’ll be nice if I can show the time based on timezone of each client, but I won’t be able to handle the date part of the post URL as well. So I decided to move the timezone of this site to UTC, global standard at least.

    First I should write some tests for the migration since I want to change URLs by only one push. You can access current posts by using jekyll gem. Place spec/support/jekyll_helper.rb with:

    require 'jekyll'
    
    module JekyllHelper
      def site
        unless @site
          @site = Jekyll::Site.new(
            Jekyll.configuration('serving' => false, 'full_rebuild' => true))
          @site.process
        end
      end
    end
    

    Note @site.process. This makes you be able to access @site.posts. The basic test is simple. I placed this on spec/site_spec.rb:

    RSpec.describe '_site' do
      include JekyllHelper
    
      describe 'timezone' do
        it 'uses UTC instead of local timezone' do
          expect(site.posts).to all(be_utc_post)
          expect(site.posts).to all(have_utc_filename)
          expect(site.posts).to all(have_utc_url)
        end
      end
    end
    

    So, what’s the be_utc_post, have_utc_filename, and have_utc_url? Each of them is RSpec custom matcher. I separated the validation into three parts.

    1. Does the date object of the post have UTC timezone?
    2. Does the post have filename with the UTC date?
    3. Does the generated URL have the UTC date?

    So the each matcher is like following:

    RSpec::Matchers.define :be_utc_post do
      match do |actual|
        expect(actual.date.zone).to eq('UTC')
      end
      failure_message do |actual|
        "expected #{actual.date} to have UTC timezone"
      end
    end
    
    RSpec::Matchers.define :have_utc_filename do
      match do |actual|
        date = actual.date.utc
        year = date.strftime('%Y')
        month = date.strftime('%m')
        day = date.strftime('%d')
    
        expect(actual.name)
          .to eq("#{year}-#{month}-#{day}-#{actual.slug}#{actual.ext}")
      end
      failure_message do |actual|
        "expected #{actual.name} to have UTC date"
      end
    end
    
    RSpec::Matchers.define :have_utc_url do
      match do |actual|
        date = actual.date.utc
        year = date.strftime('%Y')
        month = date.strftime('%m')
        day = date.strftime('%d')
    
        expect(actual.url).to eq("/#{year}/#{month}/#{day}/#{actual.slug}/")
      end
      failure_message do |actual|
        "expected #{actual.url} to have UTC date"
      end
    end
    

    Note that "/#{year}/#{month}/#{day}/#{actual.slug}/" is based on my permalink setting of _config.yml in Jekyll, so you may have to change the template appropriately.

    Update: Jekyll released 3.0.0, and there were some changes on Jekyll::Post. Following code is updated version of spec code. Also you can track the file on GitHub.

    RSpec::Matchers.define :be_utc_post do
      match do |actual|
        expect(actual.date.zone).to eq('UTC')
      end
      failure_message do |actual|
        "expected #{actual.date} to have UTC timezone"
      end
    end
    
    RSpec::Matchers.define :have_utc_filename do
      match do |actual|
        date = actual.date.utc
        year = date.strftime('%Y')
        month = date.strftime('%m')
        day = date.strftime('%d')
        slug = actual.data['slug']
        ext = actual.data['ext']
    
        expect(actual.basename)
          .to eq("#{year}-#{month}-#{day}-#{slug}#{ext}")
      end
      failure_message do |actual|
        "expected #{actual.basename} to have UTC date"
      end
    end
    
    RSpec::Matchers.define :have_utc_url do
      match do |actual|
        date = actual.date.utc
        year = date.strftime('%Y')
        month = date.strftime('%m')
        day = date.strftime('%d')
        slug = Jekyll::Utils.slugify(actual.data['slug'])
    
        expect(actual.url).to eq("/#{year}/#{month}/#{day}/#{slug}/")
      end
      failure_message do |actual|
        "expected #{actual.url} to have UTC date"
      end
    end
    
    RSpec.describe '_site' do
      include JekyllHelper
    
      describe 'timezone' do
        it 'uses UTC instead of local timezone' do
          expect(site.posts.docs).to all(be_utc_post)
          expect(site.posts.docs).to all(have_utc_filename)
          expect(site.posts.docs).to all(have_utc_url)
        end
      end
    end
    

    Tests are ready, so now we start migrating. See ‘Time Zone’ part of the documentation of Jekyll configuration.

    Set the time zone for site generation. This sets the TZ environment variable, which Ruby uses to handle time and date creation and manipulation. Any entry from the IANA Time Zone Database is valid, e.g. America/New_York. A list of all available values can be found here. The default is the local time zone, as set by your operating system.

    So when you add timezone: UTC to your _config.yml, you’re almost done! Remained things are boring file renames and making backward redirect links, using jekyll-redirect-from.

    You can see the full changes on this commit.