• Apple's SSL/TLS bug →

    iOS 7.0.6, iOS 6.1.6, Apple TV 6.0.2가 배포됐다. 애플에서 공개한 iOS 7.0.6의 보안 문제는 다음과 같다.

    Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS

    Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.

    그런데 이 문제의 원인이 된 소스 코드가 흥미롭다. Adam Langley의 이 버그에 관한 글에 따르면 실제 소스(sslKeyExchange.c)는 이렇다.

    static OSStatus
    SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams,
                                     uint8_t *signature, UInt16 signatureLen)
    {
        OSStatus        err;
        ...
    
        if ((err = ReadyHash(&SSLHashSHA1, &hashCtx)) != 0)
            goto fail;
        if ((err = SSLHashSHA1.update(&hashCtx, &clientRandom)) != 0)
            goto fail;
        if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0)
            goto fail;
        if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
            goto fail;
            goto fail;
        if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0)
            goto fail;
        ...
    
    fail:
        SSLFreeBuffer(&signedHashes);
        SSLFreeBuffer(&hashCtx);
        return err;
    
    }
    

    단지 goto fail; 라인이 하나 더 있어서 if문과 관계 없이 두 번째 goto문이 실행되어 signature verification을 무조건 통과하게 된다.

    Note the two goto fail lines in a row. The first one is correctly bound to the if statement but the second, despite the indentation, isn’t conditional at all. The code will always jump to the end from that second goto, err will contain a successful value because the SHA1 update operation was successful and so the signature verification will never fail.

    또한 OS X 10.9.1에는 아직 이 문제가 있는 것으로 보인다.

  • Ghost in the Shellcode 2014: inview Write-up

    Question 3 - inview

    Points: 150

    The key is in view, what is it? File

    If the above link doesn’t work, please use this link.

    Extract file with this code:

    mv inview-324b8fb59c14da0d5ca1fe2c31192d80cec8e155 inview-324b8fb59c14da0d5ca1fe2c31192d80cec8e155.xz
    xz -d inview-324b8fb59c14da0d5ca1fe2c31192d80cec8e155.xz
    

    Then we can see some trailing whitespace in inview-324b8fb59c14da0d5ca1fe2c31192d80cec8e155.

    How to Highlight Trailing Whitespace in Vim

    Add this code to your .vimrc:

    highlight ExtraWhitespace ctermbg=red guibg=red
    autocmd BufWinEnter * match ExtraWhitespace /\s\+$/
    autocmd InsertEnter * match ExtraWhitespace //
    autocmd InsertLeave * match ExtraWhitespace /\s\+$/
    if version >= 702
      autocmd BufWinLeave * call clearmatches()
    end
    

    Then Vim highlights trailing whitespace to red color.

    How to Solve

    I felt something weird, so I converted the file to hex code. In Vim:

    :%!xxd
    

    Looking at whitespace, I realized there are 09(Tab), 0A(New Line), 20(Space) with no rule. Right after that I came up with Whitespace. Also there is a interpreter written in JavaScript. Almost done! Just copy and paste the file content to site and press ‘Exec’ button. If you want to execute it in local, you can use whitespacers.

    Finally the key is:

    WhitespaceProgrammingIsHard
    
  • How to Check and Toggle WiFi or 3G/4G State in Android

    Overview

    1. Check if WiFi or 3G/4G is Enabled (by User)
      1. WiFi
      2. 3G/4G
    2. Check if WiFi or 3G/4G is Connected
      1. WiFi
      2. 3G/4G
    3. Toggle WiFi or 3G/4G Programmatically
      1. WiFi
      2. 3G/4G

    At some point, we want to know whether the device is connected to network so that we can do some network processes. Also we want to know if user make WiFi or 3G/4G disabled on purpose. Both things are able to know.

    Read on →

  • Tomorrow Theme in Octopress

    Tomorrow Theme

    I usually use Tomorrow Night Eighties of Tomorrow Theme in Vim, iTerm2, IntelliJ IDEA (Android Studio). You can take a look of Tomorrow Theme.

    Tomorrow Night Tomorrow Tomorrow Night Eighties Tomorrow Night Blue Tomorrow Night Bright

    So I made scss files for Octopress that overrides colors of .highlight and .gist class elements. Usual code blocks and embedded gists are properly highlighted. The demo and the code are available.

    Read on →

  • Syntax Highlighting Test

    So guys
    whats up
    
    /**
    sample javascript from xui
    */
    
    var undefined,
        xui,
        window     = this,
        string     = new String('string'),
        document   = window.document,
        simpleExpr = /^#?([\w-]+)$/,
        idExpr     = /^#/,
        tagExpr    = /<([\w:]+)/,
        slice      = function (e) { return [].slice.call(e, 0); };
        try { var a = slice(document.documentElement.childNodes)[0].nodeType; }
        catch(e){ slice = function (e) { var ret=[]; for (var i=0; e[i]; i++)
            ret.push(e[i]); return ret; }; }
    
    window.x$ = window.xui = xui = function(q, context) {
        return new xui.fn.find(q, context);
    };
    
    <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
    <html><head>
    <title>A Tiny Page</title>
    <style type="text/css">
    <!--
          p { font-size:15pt; color:#000 }
        -->
    </style></head><!-- real comment -->
    <body bgcolor="#FFFFFF" text="#000000" link="#0000CC">
    <script language="javascript" type="text/javascript">
          function changeHeight(h) {
            var tds = document.getElementsByTagName("td");
            for(var i = 0; i < tds.length; i++) {
              tds[i].setAttribute("height", h + "px");
          }}
    </script>
    <h1>abc</h1>
    <h2>def</h2>
    <p>Testing page</p>
    </body></html>
    

    Read on →