Home
Welcome to my personal site!
If you have stumbled upon this place, why not look around and try one of my personal projects Periotris.js?
Posts
-
Flare-On 11 Writeup - csmantle
Forewords First time player, first time finisher. Thank you FLARE team/MANDIANT for these great challenges in Flare-On 11 that really satisfied my appetite for high-quality inspirations of what could still be done in reverse engineering. ...
-
截断Base64编码的不动点: 借助Z3的分析与证明
An English version is available here. 1. 导语 Base64 (Wikipedia, RFC 4648) 是相当常见的编码格式, 可以将任意二进制数据至一个 ASCII 码子集, 其原理为将原始数据中的位视为 $2^6 = 64$ 元字母表中的元素下标. 显然, 由于输入为6位元素而输出为8位元素 (ASCII 字符), 数据在编码后会比原来更长. 若只考虑相同长度的部分 (前缀), 我们能够构造一个 $N$ 元串 $S$ 使得它的 Ba...
-
Fixed point in truncated Base64 encoding: analysis and proof with Z3
中文版本见此. 1. Introduction Base64 (Wikipedia, RFC 4648) is a well-known encoding for turing arbitrary binary data into an alphanumeric ASCII string. It’s basic idea is to reinterpret original data as characters in a $2^6 = 64$-membered alphabet...
-
在 BIRD2 中使用 BFD 协议
本文为 DN11 项目编写. 1. 前言 双向转发检测 (Bidirectional Forward Detection, BFD) 通过在一条链路的两端建立会话 (session) 以检测链路连通性. 链路的两端协商 Hello 包的发包间隔, 在一定数量的包丢失后, 链路即被判断发生故障. 由于 BFD 本身不支持对端发现, 因此在某一条链路上建立 BFD 需要链路的两端均正确配置协议. BFD 协议本身仅负责进行链路连通性检测, 其得到的结果如何处理由使用者决定. 多种...
-
Comments with utteranc.es
You can now leave comments on each post with your GitHub account! This is achieved through service provided by https://utteranc.es/. Slide to the bottom to see the comment area, or quickly go there now! Comments are stored as public GitHub Issues...
-
Turning off $PATH inheritance in a WSL2 guest
1. Description of problem Some operations involving searching $PATH are extremely slow. This could include very slow shell command execution, tab completion, and rendering of certain themes in ohmyzsh and oh-my-bash. The $PATH environment variab...
-
What can I scanf? Buffer out
1. Description of problem Explain the behavior of the following program under given inputs: // scanf_test.c #include <stdio.h> int main(void) { int ret; int x; while ((ret = scanf("%d", &x)) != EOF) { printf("ret=...
-
简短的问候
1. 问题描述 在x86-64 Linux平台下, 构造一个文件字节数最小的静态ELF可执行文件, 实现以下伪代码的功能: print("Hello!\n") exit(0) 2. 解决方案 本文中实现的最小ELF文件落盘大小为152字节. 2.1. 888KB 编写一个C代码并静态编译能够给出最naive的结果. #include <stdio.h> int main(void) { puts("Hello!"); return 0; } ...
-
A single fmtstr away from shell
0. Background If you are a security analyst, you’ll be delighted to see this kind of construction in code you’re auditing: char *fmt = build_format(); printf(fmt, arg1, arg2); free_format(fmt); If fmt in the above code may be controlled by mal...
-
CBCTF 2023 Writeup - csmantle
杭州电子科技大学网络安全赛博协会 0RAYS 战队第七届 “赛博杯” 网络安全大赛 (CBCTF 2023) (https://mp.weixin.qq.com/s/M6hdEf4thXjYwVF0QlAH7A) 官方仓库及 Writeup: 0RAYS/2023-CBCTF 原始文档发布于https://vidar-team.feishu.cn/docx/BlJFd0xs0oNYHExOJiAcpzFXnQf. 竞赛结果与个人信息 Name: [REDACTE...
-
自由与开放:在HDU思想道德与法制课上的分享
各位上午好。 我想成为一个 <Slide> 具有自由与开放精神的人。 <Slide> 为了阐释自由与开放的具体含义,我想先给出两个名字: <Slide> Richard Stallman 和 Alexandra Elbakyan 。也许各位对这两个名字有些陌生,但一定听说过、也许还使用过这两位的作品。 <Slide> RMS 是 GNU 和自由软件基金会的创始人,而 Elbakyan 是文献共享平台 Sci-Hub 的创建者。这两位分别...
-
Good bye, Crowded-Up Laundries: Building chart database for AstroDX
0. Introduction Tired of going to the laundry house every day? You can play with the washing machines at home. However, finding appropriate resources can be quite a tough process. This is an early, immature guide for you to build your own databas...
-
Upgrading VITS to PyTorch 2 on Windows
0. Introduction Many issues may arise in the process of upgrading software dependencies, especially for stepping widely from torch == 1.6.0 to torch == 2.0.1, where many breaking changes has been shipped by the PyTorch team. This article targets...
-
Code Snippet: Generalized Transpose in C++
Generalized transpose, or ‘permutation’ sometimes, reorders the dimensions of a tensor. /* * MIT License * * Copyright (c) 2022 Rong "Mantle" Bao * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this s...
-
Python随笔(5):数值字面量与一元取反操作符 Numeric Literals vs. Unary Negation Operator
0. 前言 在Python中,-10到底属于什么类型?是一个原子的(atomic)数值字面量(即-10作为一个整体),还是一个表达式串(即对10取相反数)?这个看似很简单的问题,因为一个特殊的操作符而变得不那么平凡。我们将在此对Python中的数值字面量和一元取反操作符的关系展开探讨。 本文中使用的软件环境: python:Python 3.7.0 (v3.7.0:1bf9cc5093, Jun 27 2018, 04:59:51) [MSC v.1914 64 bit (AMD...
-
Endianness in ESP32/Arduino IPAddress
0. Introduction ESP32, manufactured by Espressif, is a multi-purpose WiFi and BLE-enabled MCU for embedded systems. It is gaining popularity in the area thanks to its documentation, ecosystems and so on. One scenario I have just experienced in E...
-
Python随笔(i1):DataFrame多条件“与”选择 Parallel Criteria Selection in DataFrame
可以使用&操作符连接由形为dataframe_obj[col] Op arg的语句所创建的布尔值Series。 import pandas data = { "Name": [ "pencil", "ruler", "compass" ], "Price": [ 1.5, 4.3, 8.1 ], "InStock": [ False, True, True ] } df = pandas.DataFrame(data) print("Mantle ...
-
知乎回答草稿箱:long long
有意思的问题。我们先来看看long long的发展历史。 世有long int,然后有long long int。long int常有而long long int 不常有。 在C89标准中没有long long,但是给自定义的新类型留下了空间1: There are four signed integer types, designated as signed char, short int, int, and long int. (The signed integ...
-
Python随笔(4):自定义索引器 Custom Indexers
0. 前言 索引器(indexer,也被某些人称为“下标操作”)是大多数程序设计语言中访问有序数据结构(元组、向量、列表等)的传统方法。借助Python提供的强大自定义能力,我们可以为这一经典操作赋予新的功能——这也给刚刚接触各种数学计算库的新手带来了许多困惑。本文将简述索引器的几种可能用途并对此展开一些讨论。 本文中Python Interpreter版本:Python 3.9.7 (tags/v3.9.7:1016ef3, Aug 30 2021, 20:19:38) [MSC v...
-
Python随笔(3):作用域 Scopes
0. 前言 变量与其作用域(scope)是大部分计算机语言入门所不能回避的问题。但是,在传统C-like语言中存在的“作用域”概念并不完全适用于Python。本文将对Python的作用域机制进行分析。 本文中使用的软件环境: Python Interpreter: Python 3.7.0 (v3.7.0:1bf9cc5093, Jun 27 2018, 04:59:51) [MSC v.1914 64 bit (AMD64)] on win32 (CPython) Rust...
-
Python随笔(2):连锁比较操作 Chained Comparisons
0. 前言 Python中的连锁比较操作(chained comparisons)是在其他语言中少有实现的特性之一,本文将对此特性展开一定研究。 本文中Python Interpreter版本:Python 3.8.0 (tags/v3.8.0:fa919fd, Oct 14 2019, 19:21:23) [MSC v.1916 32 bit (Intel)] on win32 (CPython) 1. 问题描述 代码片段如下: def is_ascending_simple(...
-
Announcing Periotris.js
Periotris.js is a Progressive Web App-compliant Periotris game built with React in TypeScript, Gatsby and Material UI. Aimed to be played directly on modern browsers, Periotris.js is a great tool for teaching periodic table in a fun way. FIGURE ...
-
Python随笔(1):int常量池 Constant Pooling of int
0. 前言 浙江省新版高中技术教材将采用Python 3作为信息技术教学语言。作为一名高一学生,笔者开始复习自己的Python知识。复习之余,特意开设这个系列,来记录自己的复习所得。 本次笔记中提到的问题由笔者的一位同学提出,与Python中的int object pool有关。 1. 问题描述 代码片段如下: var_a = 1 var_b = 1 print("Address: var_a: {0} var_b: {1}".format(id(var_a), id(var_b))...
Subscribe via RSS