• WSL2 上使用 Canokeys 踩坑

    本文可供大多数需要将USB设备直通至WSL2虚拟机内的场景参考,并不局限于Canokeys或USB智能卡等话题 。 WSL2支持使用usbipd-win实现USB设备直通,可以较为方便地将OpenPGP智能卡直通至虚拟机内供GPG使用,配置方法推荐阅读微软的文章。一般而言,出...

  • JavaScript usage on csmantle.top

    The main blog site does not use JavaScript for any critical functions. Features that requires JavaScript: Comments by https://utteranc.es/ Broken link converter on 404.html Web apps deployed under their own path prefixes If you don’t need them, feel free to disable JavaScript entirely when browsing through my site.

  • When spaces break your CreateProcess (and how to fix it)

    The username on my Windows laptop contains a space (“ ”). This little character is known to cause dozens of software problems, and most of them are attributed to the existing codebase which does not properly quote file paths. Recently this space started troubling me more than before. Two pieces of software suddenly refused to work. I spent a while diagnosing the bugs, then filed bug reports and patches to the developers: Nushell. It’s my daily shell environment. Nushell is functional, elegant, and expressive. However, it now refused to start up in my Windows Terminal, producing an ERROR_BAD_EXE_FORMAT. PR nushell/nushell#15881...

  • Numbers as expressions

    A while ago, I saw an interesting post from a Telegram channel I subscribed to. Briefly, it said: With these constants defined… const a = -3 / 80; const e = 1; const f = 5; const g = 8 / 3; const h = 9 / 10; const i = 1; const l = 11 / 3; const n = 3; const o = 1 / 3; const r = 1; const s = 7 / 3; const t = 10 / 3; const u = 12 / 5; const v = 1; const w = 9 / 5;...

  • Building chart database for AstroDX: Revisited

    See the previous article for a list of needed tools and supplementary tutorials. The first step is, as always, obtaining a copy of original game image. If you have an “.app” file, refer to this awesome post to decrypt it into a mountable VHD. An extra note: When you are asked to use ImDisk (Chocolatey), just use it. Don’t use any “remastered” versions. They lack critical features. These revised scripts utilize MaichartConverter’s built-in database creation feature. That tool has some peculiarities of its own: For a chart with ID 123456, its corresponding BGA file should be “003456.mp4”, and its sound...

  • When to use Seq or Vec in Chisel?

    Use Seq if you just need a Scala array or container. Use Vec if you want a multiplexer. scala.collection.immutable.Seq is purely a Scala-land concept. You can index into it via a Int thanks to its apply function. chisel3.Vec is a hardware container that can be indexed by Scala-land Ints and hardware UInts. It has two apply overloads: apply(idx: Int): T and apply(p: UInt): T. It also have connection operators like :=, allowing for element-wise connection. Always refer to the (scarce) Chisel documentation when in doubt. If the API in question is not documented (which is very likely), read the source...

  • Have fun decoding in Chisel

    0. Introduction Decoders are everyday components in digital logic designs. Maintaining large, complex decoding circuits can be challenging in vanilla SystemVerilog. Today, we are exploring the utilities provided by chisel3.util.experimental.decode._ to decode whatever we want elegantly. We’ll see how Chisel’s circuit generator nature contributes to its simplicity and extensibility. Chisel’s experimental public APIs often lack usage information. This post is also intended to be an incomprehensive example of (in my view) important yet undocumented utilities. 0. Introduction 1. The problem 2. TruthTable: Programmatic logic generation 3. DecodeTable: Combined truth tables Extensibility 4. Conclusion 1. The problem Suppose we are making...

  • Finite state machine pitfalls with Chisel: Revisited

    A while ago, I wrote about how Chisel’s early optimization breaks common heuristics used by other tools to detect finite state machine patterns. Here is its workaround. Instead of following Chisel’s “advised way”, you need to wrap every next state expression with dontTouch optimization barrier. Some wrappers are helpful in making this step more elegant, such as the following MuxDontTouch: import chisel3._ object MuxDontTouch { def apply[T <: Data](cond: Bool, con: T, alt: T): T = { val conWire = WireInit(con) val altWire = WireInit(alt) Mux(cond, dontTouch(conWire), dontTouch(altWire)) } } Since CIRCT won’t be happy if you apply dontTouch annotations...

  • You can’t eliminate useless stack allocations in Rust

    The shiny “language of the year” lacks such an important and widely-used feature.

  • HGAME 2025 命题小记 - WEEK2

    阅读赛题源码和研究writeup同样重要。(第二部分)

  • HGAME 2025 命题小记 - WEEK1

    阅读赛题源码和研究writeup同样重要。(第一部分)

  • A parser for LoongArch instruction encoding table

    Turn an AsciiDoc table of LoongArch instruction encodings into a machine-readable format.

  • Much ado about nothing

    There’s quite a lot to say about doing nothing.

  • Achilles’s heel of Nushell

    Gradual typing is not an excuse for inexpressibility.

  • 翻译:《我的电动牙刷坏了,所以我试着重启它》

    原标题 :My electric toothbrush was acting up, so I tried to reboot it 作者 :Raymond Chen 地址 :<link> 我的电动牙刷坏了。互联网告诉我,我需要重启的我的电动牙刷 。 放在40年前,上面最后一句话绝对没有人听得懂 。 我的一个参与了USB标准研发的朋友有次给我发邮件,说:“我刚...

  • 翻译:《我尝试给闹钟调时间。我失败了。》

    原标题 :I tried to adjust the time on my alarm clock. I failed. 作者 :Raymond Chen 地址 :<link> 不知为何,我的闹钟非得让我在手机上安装一个应用,结果这个应用还要求我创建账号 。 我再强调一遍:为了定闹钟,我居然要在闹钟厂商那里注册账号 。 总之,当初我买来这个...

  • 翻译:《留意文档中的时间用语:参照时刻为何?》

    原标题 :Be mindful of temporal terms in documents: What is the reference point in time? 作者 :Raymond Chen 地址 :<link> 在诸如功能提案或 pullrequest的文档中,需要特别注意指代时刻的词语,因为语境中隐含的参照时刻并不总是清晰的 。 例如,在 pullrequest中也许会有如下的对话 : 甲:“如果文件不存在会...

  • Finite state machine pitfalls with Chisel, SystemVerilog and Vivado

    TL;DR: Vivado 2024.1 fails to infer FSMs from Chisel-generated SystemVerilog files due to Chisel’s optimizations; no solutions except manual patching are known by the author as of writing. 1. Background 2. Experiments and results 2.1. Vanilla SystemVerilog 2.2. Chisel with recommended switch statements 2.3. Chisel with MuxLookup 3. Speculation of cause 4. Conclusion Appendix A. Chisel project boilerplate Appendix B. CIRCT-generated prolog 1. Background Finite state machines (FSMs), or more specifically deterministic finite state machines, are crucial to digital circuits. In such context, it could be generalized to a sequential logic unit whose current state is determined by equation $Q^{n+1}...

  • Flare-On 11 Writeup - csmantle

    Flare-On capture-the-flag event organized by MANDIANT is an annual reverse engineering event featuring creative challenges, a dazzling show-off of various techniques and a broad range of real-world scenarios. The author, as finisher #179 of Flare-On 11, presents the challenges’s writeup in this post.

  • 截断Base64编码的不动点: 借助Z3的分析与证明

    An English version is available here. 1.导语 Base64 (Wikipedia, RFC 4648)是相当常见的编码格式 ,可以将任意二进制数据至一个 ASCII码子集 ,其原理为将原始数据中的位视为 $2^6 = 64$元字母表中的元素下标 .显然 ,由于输入为6位元素而输出为8位元素 (ASCII字符 ),数据在编码后...

  • Fixed point in truncated Base64 encoding: analysis and proof with Z3

    中文版本见此 . 1. Introduction Base64 (Wikipedia, RFC 4648) is a well-known encoding for turing arbitrary binary data into an alphanumeric ASCII string. It’s basic idea is to reinterpret original data as characters in a $2^6 = 64$-membered alphabet. Due to the input characters being 6-bits and output ones being 8-bits (ASCII characters), the length of encoded data will be different from that of the original one. If we consider only the common part of input and output, it is possible to construct a $N$-membered string $S$ whose Base64-encoding $\mathrm{Base64}(S)$ has $S$ as its prefix, i.e....

  • 在 BIRD2 中使用 BFD 协议

    本文为 DN11项目编写 . 1.前言 双向转发检测 (Bidirectional Forward Detection, BFD)通过在一条链路的两端建立会话 (session)以检测链路连通性 .链路的两端协商 Hello包的发包间隔 ,在一定数量的包丢失后 ,链路即被判断发生故障 .由于 BFD本身不支持对端发现 ,因此在某...

  • Comments with utteranc.es

    You can now leave comments on each post with your GitHub account! This is achieved through service provided by <link> Slide to the bottom to see the comment area, or quickly go there now! Comments are stored as public GitHub Issues on a per-page basis. All such thread will be labeled utterances. To properly perform third-party authentication with GitHub, utteranc.es would store a session ID in your Local Storage. This blog site will not store any other information in addition to that. If you don’t want this storage, please do not login, which will also prevent you from commenting. The...

  • Turning off $PATH inheritance in a WSL2 guest

    For Windows builds higher than 17713, there is a convenient way to prevent the inheritance of $PATH on the host environment into guests. Inherited $PATH may lead to significantly-low performance on certain scenarios, such as tab completion and shell theming.

  • What can I scanf? Buffer out

    When we fail to pay attention to the specified behavior of failure.

  • 简短的问候

    1.问题描述 在 x86-64Linux平台下 ,构造一个文件字节数最小的静态ELF可执行文件 ,实现以下伪代码的功能 : print(“Hello!\n”) exit(0) 2.解决方案 本文中实现的最小ELF文件落盘大小为152字节 . 2.1. 888KB 编写一个C代码并静态编译能够给出最naive的结果 . #include <stdio.h> int main(void) {...

  • HGAME 2024 Writeup - Mantle - Week 4

    原地址为 <link>。 URL: <link> Username: csmantle (Individual participation) Start Time: 2024-02-21 20:00:00 End Time: 2024-02-28 20:00:00 Status: -2 Web; -1 Pwn; -2 Crypto Web Reverse and Escalation Whose Home? 火箭大头兵 Reverse again! change crackme2 Misc maybezip ezKeyboard IOT ez7621 Web Reverse and Escalation The container takes time to start, please be patient. CVE-2023-46604 RCE,Linux 5.10提权 。 <link> <link> shell一直死 。Stageless HTTP Meterpreter可以,但是很慢。(裸 bash reverse shell也可以,是更好的选择,因为不...

  • HGAME 2024 Writeup - Mantle - Week 3

    原地址为 <link>。 URL: <link> Username: csmantle (Individual participation) Start Time: 2024-02-14 20:00:00 End Time: 2024-02-21 20:00:00 Status: -1 Pwn; -1 Crypto Web WebVPN ZeroLink VidarBox Pwn 你满了,那我就漫出来了 ! Reverse findme mystery crackme encrypt Crypto exRSA HNP Misc 与 AI聊天 Blind SQL Injection 简单的 vmdk取证 简单的取证,不过前十个有红包 Web WebVPN WebVPN是新一代纯网页形式的VPN,用户无需安装任何插...

  • HGAME 2024 Writeup - Mantle - Week 2

    原地址为 <link>。 URL: <link> Username: csmantle (Individual participation) Start Time: 2024-02-05 20:00:00 End Time: 2024-02-14 20:00:00 Status: AAK @ 2024-02-12 09:1?:?? Web What does the cow say? myflask search4member Select More Courses 梅开二度 Pwn ShellcodeMaster Elden Ring II fastnote old_fastnote Reverse arithmetic ezcpp babyre babyAndroid Crypto midRSA(非预期 ) backpack(非预期 ) midRSA revenge backpack revenge babyRSA 奇怪的图片 plus Misc ek1ng_want_girlfriend 龙之舞 ezWord 我要成为华容道高手 Web What does the cow say? the cow want to...

  • HGAME 2024 Writeup - Mantle - Week 1

    原地址为 <link>。 URL: <link> Username: csmantle (Individual participation) Start Time: 2024-01-29 20:00:00 End Time: 2024-02-05 20:00:00 Status: AAK @ 2024-02-01 AM Web ezHTTP Select Courses Bypass it jhat 2048*16 Pwn ezSignIn ezshellcode Elden Ring I Elden Random Challenge ezfmt string Reverse ezASM ezPYC ezUPX ezIDA Crypto ezRSA ezPRNG 奇怪的图片 ezMath Misc 签到 SignIn simple_attack 希儿希儿希尔 来自星尘的问候 Web ezHTTP HTTP Protocol Basics PS D:\Workspace\rev\hgame_2024> curl -v <link> * Trying 139.196.200.143:30264… * Connected to 139.196.200.143 (139.196.200.143) port 30264 > GET / HTTP/1.1 >...

  • A single fmtstr away from shell

    In this article we describe a special kind of Pwn challenge in which only a single fmtstr is needed to get shell without overwriting returning address.

  • CBCTF 2023 Writeup - csmantle

    杭州电子科技大学网络安全赛博协会 0RAYS战队第七届“赛博杯 ”网络安全大赛 (CBCTF 2023) (<link> 官方仓库及 Writeup: 0RAYS/2023-CBCTF 原始文档发布于 <link> 竞赛结果与个人信息 Name: [REDACTED] Student ID: [REDACTED] Alias: csmantle Mail: [REDACTED] QQ: [REDACTED] Rank: 1 Score: 14377 Breakdown: Misc*3; Web*4; RE*9 (AK); Pwn*2;签到 *1; PyJail*9 Achievements: FB*5 竞赛信息 URL: <link> Username: csmantle (Individual participation) Password: N/A Start...

  • 自由与开放:在HDU思想道德与法制课上的分享

    各位上午好 。 我想成为一个 <Slide>具有自由与开放精神的人 。 <Slide> 为了阐释自由与开放的具体含义,我想先给出两个名字 : <Slide> Richard Stallman和 Alexandra Elbakyan。也许各位对这两个名字有些陌生,但一定听说过、也许还使用过这两位的作品 。 <Slide> RMS是 GNU和自由...

  • Good bye, Crowded-Up Laundries: Building chart database for AstroDX

    0. Introduction Tired of going to the laundry house every day? You can play with the washing machines at home. However, finding appropriate resources can be quite a tough process. This is an early, immature guide for you to build your own database to play on any platforms supported by AstroDX. Disclaimer: In this tutorial, the author assume that you are computer-literate. Readers should verify the validity and safety of everything described here before running them on their device. Readers are expected to have these abilities: 1. Working with .NET toolchains; 2. Running Node.js scripts; 3. Use PowerShell Core; 4....

  • Upgrading VITS to PyTorch 2 on Windows

    0. Introduction Many issues may arise in the process of upgrading software dependencies, especially for stepping widely from torch == 1.6.0 to torch == 2.0.1, where many breaking changes has been shipped by the PyTorch team. This article targets users who wish to run the famous VITS by Kim, J. et al. with upgraded frameworks on Windows. Common issues, their solutions and workarounds, and various improvements will be discussed here. In this blog, the following conventions will be used: [vits]: The location of VITS repository. If you clone VITS to D:\my_path\vits, then substitute [vits] with D:\my_path\vits. [venv]: The location of...

  • Code Snippet: Generalized Transpose in C++

    Generalized transpose, or ‘permutation’ sometimes, reorders the dimensions of a tensor. /* * MIT License * * Copyright (c) 2022 Rong “Mantle” Bao * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the “Software”), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above...

  • Python随笔(5):数值字面量与一元取反操作符 Numeric Literals vs. Unary Negation Operator

    0.前言 在Python中,-10到底属于什么类型?是一个原子的(atomic)数值字面量(即-10作为一个整体),还是一个表达式串(即对10取相反数)?这个看似很简单的问题,因为一个特殊的操作符而变得不那么平凡。我们将在此对Python中的数值字面量和...

  • Endianness in ESP32/Arduino IPAddress

    0. Introduction ESP32, manufactured by Espressif, is a multi-purpose WiFi and BLE-enabled MCU for embedded systems. It is gaining popularity in the area thanks to its documentation, ecosystems and so on. One scenario I have just experienced in ESP32 is a handshake protocol which utilized extensively the broadcast feature in UDP. A client has to confirm that a handshake confirmation contains the IP address of itself by comparing the uint32_t representation of IP carried in the message and in the client itself. While implementing this, I discovered that the byte order of IPAddress is odd, which finally led to the...

  • Python随笔(i1):DataFrame多条件“与”选择 Parallel Criteria Selection in DataFrame

    可以使用&操作符连接由形为 dataframe_obj[col] Oparg的语句所创建的布尔值 Series。 import pandas data = { “Name”: [ “pencil”, “ruler”, “compass” ], “Price”: [ 1.5, 4.3, 8.1 ], “InStock”: [ False, True, True ] } df = pandas.DataFrame(data) print(“Mantle has 5 yuan so he can afford the following stuff:”) print(df[df[“Price”] < 5.0]) print(“… but he can only buy things in stock so he can actually get:”) print(df[(df[“Price”] <= 5.0) & (df[“InStock”] == True)]) 结果 : mantlebao@mantletmx:~# python3 pandas_comb_cond.py Mantle has 5 yuan so...

  • 知乎回答草稿箱:long long

    本文是一篇知乎回答的草稿。

  • Python随笔(4):自定义索引器 Custom Indexers

    0.前言 索引器(indexer,也被某些人称为“下标操作”)是大多数程序设计语言中访问有序数据结构(元组、向量、列表等)的传统方法。借助Python提供的强大自定义能力,我们可以为这一经典操作赋予新的功能——这也给刚刚接触各种数学计...

  • Python随笔(3):作用域 Scopes

    0.前言 变量与其作用域(scope)是大部分计算机语言入门所不能回避的问题。但是,在传统C-like语言中存在的“作用域”概念并不完全适用于Python。本文将对Python的作用域机制进行分析 。 本文中使用的软件环境 : Python Interpreter: Python 3.7.0 (v3.7.0:1bf9cc5093, Jun 27 2018, 04:59:51) [MSC v.1914 64 bit (AMD64)]...

  • Python随笔(2):连锁比较操作 Chained Comparisons

    0.前言 Python中的连锁比较操作 (chainedcomparisons)是在其他语言中少有实现的特性之一,本文将对此特性展开一定研究 。 本文中 PythonInterpreter版本 :Python 3.8.0 (tags/v3.8.0:fa919fd, Oct 14 2019, 19:21:23) [MSC v.1916 32 bit (Intel)] on win32 (CPython) 1.问题描述 代码片段如下 : def is_ascending_simple(a: int, b: int, c: int) -> bool: return a < b and b < c def is_ascending_chained(a: int, b:...

  • Announcing Periotris.js

    Periotris.js is a Progressive Web App-compliant Periotris game built with React in TypeScript, Gatsby and Material UI. Aimed to be played directly on modern browsers, Periotris.js is a great tool for teaching periodic table in a fun way. FIGURE 1: Periotris.js v1.3.2 screenshot, captured in a standalone PWA window in Microsoft Edge Getting started Way One: Play in browsers directly An instance of Periotris.js is hosted on GitHub Pages as a Progressive Web Application (PWA). Try it here. Tips: The app runs best on screens larger than 1024768. If you are using mobile browsers please switch to *landscape mode for...

  • Python随笔(1):int常量池 Constant Pooling of int

    0.前言浙江省新版高中技术教材将采用 Python3作为信息技术教学语言。作为一名高一学生,笔者开始复习自己的Python知识。复习之余,特意开设这个系列,来记录自己的复习所得 。 本次笔记中提到的问题由笔者的一位同学提出,与Python...