Skip to content

Commit

Permalink
Track a bunch of files that @JeremyFetiveau forgot to add :P.
Browse files Browse the repository at this point in the history
  • Loading branch information
0vercl0k committed Jun 20, 2019
1 parent c42d42b commit 3c909b5
Show file tree
Hide file tree
Showing 14 changed files with 16,820 additions and 0 deletions.
1,446 changes: 1,446 additions & 0 deletions feeds/category.debugging.atom.xml
View file

Large diffs are not rendered by default.

6,806 changes: 6,806 additions & 0 deletions feeds/category.exploitation.atom.xml
View file

Large diffs are not rendered by default.

1,769 changes: 1,769 additions & 0 deletions feeds/category.misc.atom.xml
View file

Large diffs are not rendered by default.

1,148 changes: 1,148 additions & 0 deletions feeds/category.obfuscation.atom.xml
View file

Large diffs are not rendered by default.

5,499 changes: 5,499 additions & 0 deletions feeds/category.reverse-engineering.atom.xml
View file

Large diffs are not rendered by default.

Binary file added images/turbofan_bce/effect_linearization.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added images/turbofan_bce/effect_linearization_schedule.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added images/turbofan_bce/final_asm.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added images/turbofan_bce/final_replacement_of_bound_check.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added images/turbofan_bce/scheduling.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added images/turbofan_bce/simplified_lowering.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added images/turbofan_bce/typer.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added presentations/typhooncon2019/AttackingTurboFan_TyphoonCon_2019.pdf
View file
Binary file not shown.
152 changes: 152 additions & 0 deletions tag/chrome.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,152 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Diary of a reverse-engineer - chrome</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="Axel '0vercl0k' Souchet">
<link rel="stylesheet" href="../theme/css/bootstrap.min.css" type="text/css" />
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
.tag-1 {
font-size: 13pt;
}
.tag-2 {
font-size: 10pt;
}
.tag-2 {
font-size: 8pt;
}
.tag-4 {
font-size: 6pt;
}
</style>
<link href="../theme/css/bootstrap-responsive.min.css" rel="stylesheet" />
<link href="../theme/css/font-awesome.css" rel="stylesheet" />
<link href="../theme/css/pygments.css" rel="stylesheet" />

<!--[if lt IE 9]>
<script src="//html5shim.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->

<link href="../feeds/atom.xml" type="application/atom+xml" rel="alternate" title="Diary of a reverse-engineer ATOM Feed" />
<link href="../feeds/rss.xml" type="application/atom+xml" rel="alternate" title="Diary of a reverse-engineer RSS Feed" />

</head>

<body>

<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<a class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</a>
<a class="brand" href="../index.html">Diary of a reverse-engineer </a>
<div class="nav-collapse">
<ul class="nav">
<ul class="nav">
<li><a href="../archives.html"><i class="icon-th-list"></i>Archives</a></li>
</ul>

<li >
<a href="../category/debugging.html">
<i class="icon-folder-open icon-large"></i>debugging
</a>
</li>
<li >
<a href="../category/exploitation.html">
<i class="icon-folder-open icon-large"></i>exploitation
</a>
</li>
<li >
<a href="../category/misc.html">
<i class="icon-folder-open icon-large"></i>misc
</a>
</li>
<li >
<a href="../category/obfuscation.html">
<i class="icon-folder-open icon-large"></i>obfuscation
</a>
</li>
<li >
<a href="../category/reverse-engineering.html">
<i class="icon-folder-open icon-large"></i>reverse-engineering
</a>
</li>

<li><a href="../pages/about.html">About</a></li>
<li><a href="../pages/presentations.html">Presentations</a></li>

</ul>
</div><!--/.nav-collapse -->
</div>
</div>
</div>

<div class="container-fluid">
<div class="row">
<div class="span9" id="content">
<div class="article">
<h1><a href="../blog/2019/05/09/circumventing-chromes-hardening-of-typer-bugs/">Circumventing Chrome's hardening of typer bugs</a></h1>
<div class="well small"><footer class="post-info">
<span class="label">Date</span>
<abbr class="published" title="2019-05-09T08:00:00-07:00">
<i class="icon-calendar"></i>Thu 09 May 2019
</abbr>
<span class="label">By</span>
<a href="../author/jeremy-__x86-fetiveau.html"><i class="icon-user"></i>Jeremy "__x86" Fetiveau</a>
<span class="label">Category</span>
<a href="../category/exploitation.html"><i class="icon-folder-open"></i>exploitation</a>


<span class="label">Tags</span>
<a href="../tag/v8.html"><i class="icon-tag"></i>v8</a>
<a href="../tag/turbofan.html"><i class="icon-tag"></i>turbofan</a>
<a href="../tag/chrome.html"><i class="icon-tag"></i>chrome</a>
<a href="../tag/exploitation.html"><i class="icon-tag"></i>exploitation</a>
</footer><!-- /.post-info --></div>
<div class="summary"><h1 id="introduction">Introduction</h1>
<p>Some <a href="http://eternalsakura13.com/2018/11/19/justintime/">recent</a> <a href="https://abiondo.me/2019/01/02/exploiting-math-expm1-v8">Chrome</a> <a href="https://www.jaybosamiya.com/blog/2019/01/02/krautflare/">exploits</a> were taking advantage of <a href="https://en.wikipedia.org/wiki/Bounds-checking_elimination">Bounds-Check-Elimination</a> in order to get a R/W primitive from a TurboFan's typer bug (a bug that incorrectly computes type information during code optimization). Indeed during the simplified lowering phase when visiting a CheckBounds node if the engine can guarantee that …</p>
<a class="btn primary xsmall" href="../blog/2019/05/09/circumventing-chromes-hardening-of-typer-bugs/">more ...</a>
</div>
</div>
<hr />

<section id="content" class="body">
<h1>Pages</h1>
<li><a href="../pages/about.html">About</a></li>
<li><a href="../pages/presentations.html">Presentations</a></li>
</section>
</div><!--/span-->
</div><!--/row-->
<hr>

<footer style='background-color:#00000000'>
<center>
<address id="about">
Proudly powered by <a href="http://pelican.notmyidea.org/">Pelican <i class="icon-external-link"></i></a>,
which takes great advantage of <a href="http://python.org">Python <i class="icon-external-link"></i></a>.
</address><!-- /#about -->

<p>The theme is from <a href="http://twitter.github.com/bootstrap/">Bootstrap from Twitter <i class="icon-external-link"></i></a>,
and <a href="http://fortawesome.github.com/Font-Awesome/">Font-Awesome <i class="icon-external-link"></i></a>, thanks!</p>
</center>
</footer>

</div><!--/.fluid-container-->


<script src="../theme/js/jquery-1.7.2.min.js"></script>
<script src="../theme/js/bootstrap.min.js"></script>
</body>
</html>

0 comments on commit 3c909b5

Please sign in to comment.