Home

I am Rong “Mantle” Bao. Welcome to my blog, where I bake all my potatoes.

Read my most recent posts or browse by tag, and meet some of my friends.

Some deployed web apps:

Read about JavaScript usage on this site.

Recent 30 posts

  • WSL2 上使用 Canokeys 踩坑

    本文可供大多数需要将USB设备直通至WSL2虚拟机内的场景参考,并不局限于Canokeys或USB智能卡等话题 。 WSL2支持使用usbipd-win实现USB设备直通,可以较为方便地将OpenPGP智能卡直通至虚拟机内供GPG使用,配置方法推荐阅读微软的文章。一般而言,出...

  • JavaScript usage on csmantle.top

    The main blog site does not use JavaScript for any critical functions. Features that requires JavaScript: Comments by https://utteranc.es/ Broken link converter on 404.html Web apps deployed under their own path prefixes If you don’t need them, feel free to disable JavaScript entirely when browsing through my site.

  • When spaces break your CreateProcess (and how to fix it)

    The username on my Windows laptop contains a space (“ ”). This little character is known to cause dozens of software problems, and most of them are attributed to the existing codebase which does not properly quote file paths. Recently this space started troubling me more than before. Two pieces of software suddenly refused to work. I spent a while diagnosing the bugs, then filed bug reports and patches to the developers: Nushell. It’s my daily shell environment. Nushell is functional, elegant, and expressive. However, it now refused to start up in my Windows Terminal, producing an ERROR_BAD_EXE_FORMAT. PR nushell/nushell#15881...

  • Numbers as expressions

    A while ago, I saw an interesting post from a Telegram channel I subscribed to. Briefly, it said: With these constants defined… const a = -3 / 80; const e = 1; const f = 5; const g = 8 / 3; const h = 9 / 10; const i = 1; const l = 11 / 3; const n = 3; const o = 1 / 3; const r = 1; const s = 7 / 3; const t = 10 / 3; const u = 12 / 5; const v = 1; const w = 9 / 5;...

  • Building chart database for AstroDX: Revisited

    See the previous article for a list of needed tools and supplementary tutorials. The first step is, as always, obtaining a copy of original game image. If you have an “.app” file, refer to this awesome post to decrypt it into a mountable VHD. An extra note: When you are asked to use ImDisk (Chocolatey), just use it. Don’t use any “remastered” versions. They lack critical features. These revised scripts utilize MaichartConverter’s built-in database creation feature. That tool has some peculiarities of its own: For a chart with ID 123456, its corresponding BGA file should be “003456.mp4”, and its sound...

  • When to use Seq or Vec in Chisel?

    Use Seq if you just need a Scala array or container. Use Vec if you want a multiplexer. scala.collection.immutable.Seq is purely a Scala-land concept. You can index into it via a Int thanks to its apply function. chisel3.Vec is a hardware container that can be indexed by Scala-land Ints and hardware UInts. It has two apply overloads: apply(idx: Int): T and apply(p: UInt): T. It also have connection operators like :=, allowing for element-wise connection. Always refer to the (scarce) Chisel documentation when in doubt. If the API in question is not documented (which is very likely), read the source...

  • Have fun decoding in Chisel

    0. Introduction Decoders are everyday components in digital logic designs. Maintaining large, complex decoding circuits can be challenging in vanilla SystemVerilog. Today, we are exploring the utilities provided by chisel3.util.experimental.decode._ to decode whatever we want elegantly. We’ll see how Chisel’s circuit generator nature contributes to its simplicity and extensibility. Chisel’s experimental public APIs often lack usage information. This post is also intended to be an incomprehensive example of (in my view) important yet undocumented utilities. 0. Introduction 1. The problem 2. TruthTable: Programmatic logic generation 3. DecodeTable: Combined truth tables Extensibility 4. Conclusion 1. The problem Suppose we are making...

  • Finite state machine pitfalls with Chisel: Revisited

    A while ago, I wrote about how Chisel’s early optimization breaks common heuristics used by other tools to detect finite state machine patterns. Here is its workaround. Instead of following Chisel’s “advised way”, you need to wrap every next state expression with dontTouch optimization barrier. Some wrappers are helpful in making this step more elegant, such as the following MuxDontTouch: import chisel3._ object MuxDontTouch { def apply[T <: Data](cond: Bool, con: T, alt: T): T = { val conWire = WireInit(con) val altWire = WireInit(alt) Mux(cond, dontTouch(conWire), dontTouch(altWire)) } } Since CIRCT won’t be happy if you apply dontTouch annotations...

  • You can’t eliminate useless stack allocations in Rust

    The shiny “language of the year” lacks such an important and widely-used feature.

  • HGAME 2025 命题小记 - WEEK2

    阅读赛题源码和研究writeup同样重要。(第二部分)

  • HGAME 2025 命题小记 - WEEK1

    阅读赛题源码和研究writeup同样重要。(第一部分)

  • A parser for LoongArch instruction encoding table

    Turn an AsciiDoc table of LoongArch instruction encodings into a machine-readable format.

  • Much ado about nothing

    There’s quite a lot to say about doing nothing.

  • Achilles’s heel of Nushell

    Gradual typing is not an excuse for inexpressibility.

  • 翻译:《我的电动牙刷坏了,所以我试着重启它》

    原标题 :My electric toothbrush was acting up, so I tried to reboot it 作者 :Raymond Chen 地址 :<link> 我的电动牙刷坏了。互联网告诉我,我需要重启的我的电动牙刷 。 放在40年前,上面最后一句话绝对没有人听得懂 。 我的一个参与了USB标准研发的朋友有次给我发邮件,说:“我刚...

  • 翻译:《我尝试给闹钟调时间。我失败了。》

    原标题 :I tried to adjust the time on my alarm clock. I failed. 作者 :Raymond Chen 地址 :<link> 不知为何,我的闹钟非得让我在手机上安装一个应用,结果这个应用还要求我创建账号 。 我再强调一遍:为了定闹钟,我居然要在闹钟厂商那里注册账号 。 总之,当初我买来这个...

  • 翻译:《留意文档中的时间用语:参照时刻为何?》

    原标题 :Be mindful of temporal terms in documents: What is the reference point in time? 作者 :Raymond Chen 地址 :<link> 在诸如功能提案或 pullrequest的文档中,需要特别注意指代时刻的词语,因为语境中隐含的参照时刻并不总是清晰的 。 例如,在 pullrequest中也许会有如下的对话 : 甲:“如果文件不存在会...

  • Finite state machine pitfalls with Chisel, SystemVerilog and Vivado

    TL;DR: Vivado 2024.1 fails to infer FSMs from Chisel-generated SystemVerilog files due to Chisel’s optimizations; no solutions except manual patching are known by the author as of writing. 1. Background 2. Experiments and results 2.1. Vanilla SystemVerilog 2.2. Chisel with recommended switch statements 2.3. Chisel with MuxLookup 3. Speculation of cause 4. Conclusion Appendix A. Chisel project boilerplate Appendix B. CIRCT-generated prolog 1. Background Finite state machines (FSMs), or more specifically deterministic finite state machines, are crucial to digital circuits. In such context, it could be generalized to a sequential logic unit whose current state is determined by equation $Q^{n+1}...

  • Flare-On 11 Writeup - csmantle

    Flare-On capture-the-flag event organized by MANDIANT is an annual reverse engineering event featuring creative challenges, a dazzling show-off of various techniques and a broad range of real-world scenarios. The author, as finisher #179 of Flare-On 11, presents the challenges’s writeup in this post.

  • 截断Base64编码的不动点: 借助Z3的分析与证明

    An English version is available here. 1.导语 Base64 (Wikipedia, RFC 4648)是相当常见的编码格式 ,可以将任意二进制数据至一个 ASCII码子集 ,其原理为将原始数据中的位视为 $2^6 = 64$元字母表中的元素下标 .显然 ,由于输入为6位元素而输出为8位元素 (ASCII字符 ),数据在编码后...

  • Fixed point in truncated Base64 encoding: analysis and proof with Z3

    中文版本见此 . 1. Introduction Base64 (Wikipedia, RFC 4648) is a well-known encoding for turing arbitrary binary data into an alphanumeric ASCII string. It’s basic idea is to reinterpret original data as characters in a $2^6 = 64$-membered alphabet. Due to the input characters being 6-bits and output ones being 8-bits (ASCII characters), the length of encoded data will be different from that of the original one. If we consider only the common part of input and output, it is possible to construct a $N$-membered string $S$ whose Base64-encoding $\mathrm{Base64}(S)$ has $S$ as its prefix, i.e....

  • 在 BIRD2 中使用 BFD 协议

    本文为 DN11项目编写 . 1.前言 双向转发检测 (Bidirectional Forward Detection, BFD)通过在一条链路的两端建立会话 (session)以检测链路连通性 .链路的两端协商 Hello包的发包间隔 ,在一定数量的包丢失后 ,链路即被判断发生故障 .由于 BFD本身不支持对端发现 ,因此在某...

  • Comments with utteranc.es

    You can now leave comments on each post with your GitHub account! This is achieved through service provided by <link> Slide to the bottom to see the comment area, or quickly go there now! Comments are stored as public GitHub Issues on a per-page basis. All such thread will be labeled utterances. To properly perform third-party authentication with GitHub, utteranc.es would store a session ID in your Local Storage. This blog site will not store any other information in addition to that. If you don’t want this storage, please do not login, which will also prevent you from commenting. The...

  • Turning off $PATH inheritance in a WSL2 guest

    For Windows builds higher than 17713, there is a convenient way to prevent the inheritance of $PATH on the host environment into guests. Inherited $PATH may lead to significantly-low performance on certain scenarios, such as tab completion and shell theming.

  • What can I scanf? Buffer out

    When we fail to pay attention to the specified behavior of failure.

  • 简短的问候

    1.问题描述 在 x86-64Linux平台下 ,构造一个文件字节数最小的静态ELF可执行文件 ,实现以下伪代码的功能 : print(“Hello!\n”) exit(0) 2.解决方案 本文中实现的最小ELF文件落盘大小为152字节 . 2.1. 888KB 编写一个C代码并静态编译能够给出最naive的结果 . #include <stdio.h> int main(void) {...

  • HGAME 2024 Writeup - Mantle - Week 4

    原地址为 <link>。 URL: <link> Username: csmantle (Individual participation) Start Time: 2024-02-21 20:00:00 End Time: 2024-02-28 20:00:00 Status: -2 Web; -1 Pwn; -2 Crypto Web Reverse and Escalation Whose Home? 火箭大头兵 Reverse again! change crackme2 Misc maybezip ezKeyboard IOT ez7621 Web Reverse and Escalation The container takes time to start, please be patient. CVE-2023-46604 RCE,Linux 5.10提权 。 <link> <link> shell一直死 。Stageless HTTP Meterpreter可以,但是很慢。(裸 bash reverse shell也可以,是更好的选择,因为不...

  • HGAME 2024 Writeup - Mantle - Week 3

    原地址为 <link>。 URL: <link> Username: csmantle (Individual participation) Start Time: 2024-02-14 20:00:00 End Time: 2024-02-21 20:00:00 Status: -1 Pwn; -1 Crypto Web WebVPN ZeroLink VidarBox Pwn 你满了,那我就漫出来了 ! Reverse findme mystery crackme encrypt Crypto exRSA HNP Misc 与 AI聊天 Blind SQL Injection 简单的 vmdk取证 简单的取证,不过前十个有红包 Web WebVPN WebVPN是新一代纯网页形式的VPN,用户无需安装任何插...

  • HGAME 2024 Writeup - Mantle - Week 2

    原地址为 <link>。 URL: <link> Username: csmantle (Individual participation) Start Time: 2024-02-05 20:00:00 End Time: 2024-02-14 20:00:00 Status: AAK @ 2024-02-12 09:1?:?? Web What does the cow say? myflask search4member Select More Courses 梅开二度 Pwn ShellcodeMaster Elden Ring II fastnote old_fastnote Reverse arithmetic ezcpp babyre babyAndroid Crypto midRSA(非预期 ) backpack(非预期 ) midRSA revenge backpack revenge babyRSA 奇怪的图片 plus Misc ek1ng_want_girlfriend 龙之舞 ezWord 我要成为华容道高手 Web What does the cow say? the cow want to...

  • HGAME 2024 Writeup - Mantle - Week 1

    原地址为 <link>。 URL: <link> Username: csmantle (Individual participation) Start Time: 2024-01-29 20:00:00 End Time: 2024-02-05 20:00:00 Status: AAK @ 2024-02-01 AM Web ezHTTP Select Courses Bypass it jhat 2048*16 Pwn ezSignIn ezshellcode Elden Ring I Elden Random Challenge ezfmt string Reverse ezASM ezPYC ezUPX ezIDA Crypto ezRSA ezPRNG 奇怪的图片 ezMath Misc 签到 SignIn simple_attack 希儿希儿希尔 来自星尘的问候 Web ezHTTP HTTP Protocol Basics PS D:\Workspace\rev\hgame_2024> curl -v <link> * Trying 139.196.200.143:30264… * Connected to 139.196.200.143 (139.196.200.143) port 30264 > GET / HTTP/1.1 >...

  • ... See all posts organized by tag.

Subscribe via RSS