new deoptimization post

doar-e · Nov 16, 2020 · b96255a · b96255a
1 parent 4b2f312
commit b96255a
Show file tree

Hide file tree

Showing 113 changed files with 24,465 additions and 15,080 deletions.
diff --git a/archives.html b/archives.html
@@ -100,6 +100,9 @@
 <h1>Archives</h1>
 
 <dl>
+	<dt>Tue 17 November 2020</dt>
+	<dd><a href='blog/2020/11/17/modern-attacks-on-the-chrome-browser-optimizations-and-deoptimizations/'>Modern attacks on the Chrome browser : optimizations and deoptimizations</a></dd>
+    <br/>
 	<dt>Mon 17 June 2019</dt>
 	<dd><a href='blog/2019/06/17/a-journey-into-ionmonkey-root-causing-cve-2019-9810/'>A journey into IonMonkey: root-causing CVE-2019-9810.</a></dd>
     <br/>

diff --git a/author/jeremy-__x86-fetiveau.html b/author/jeremy-__x86-fetiveau.html
@@ -2,7 +2,7 @@
 <html lang="en">
   <head>
     <meta charset="utf-8">
-    <title>Diary of a reverse-engineer - Jeremy "__x86" Fetiveau</title>
+    <title>Diary of a reverse-engineer - Jeremy "@__x86" Fetiveau</title>
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <meta name="description" content="">
     <meta name="author" content="Axel '0vercl0k' Souchet">
@@ -96,6 +96,34 @@
     <div class="container-fluid">
       <div class="row">
         <div class="span9" id="content">
+        <div class="article">
+                <h1><a href="../blog/2020/11/17/modern-attacks-on-the-chrome-browser-optimizations-and-deoptimizations/">Modern attacks on the Chrome browser : optimizations and deoptimizations</a></h1>
+                <div class="well small"><footer class="post-info">
+<span class="label">Date</span>
+<abbr class="published" title="2020-11-17T00:00:00-08:00">
+        <i class="icon-calendar"></i>Tue 17 November 2020
+</abbr>
+<span class="label">By</span>
+<a href="../author/jeremy-__x86-fetiveau.html"><i class="icon-user"></i>Jeremy "@__x86" Fetiveau</a>
+<span class="label">Category</span>
+<a href="../category/exploitation.html"><i class="icon-folder-open"></i>exploitation</a>
+
+
+<span class="label">Tags</span>
+	<a href="../tag/chrome.html"><i class="icon-tag"></i>chrome</a>
+	<a href="../tag/v8.html"><i class="icon-tag"></i>v8</a>
+	<a href="../tag/turbofan.html"><i class="icon-tag"></i>turbofan</a>
+	<a href="../tag/exploitation.html"><i class="icon-tag"></i>exploitation</a>
+</footer><!-- /.post-info --></div>
+                <div class="summary"><h2 id="introduction">Introduction</h2>
+
+
+<p>Late 2019, I presented at an internal Azimuth Security conference some work on hacking Chrome through it's JavaScript engine. </p>
+<p>One of the topics I've been playing with at that time was deoptimization and so I discussed, among others, vulnerabilities in the deoptimizer. For my talk at <a href="https://www.infiltratecon.com/conference/briefings/attacking-chrome-in-2020-a-journey-through-v8s-optimizing-compiler.html">InfiltrateCon 2020</a> in …</p>
+                        <a class="btn primary xsmall" href="../blog/2020/11/17/modern-attacks-on-the-chrome-browser-optimizations-and-deoptimizations/">more ...</a>
+                </div>
+        </div>
+        <hr />
         <div class="article">
                 <h1><a href="../blog/2019/05/09/circumventing-chromes-hardening-of-typer-bugs/">Circumventing Chrome's hardening of typer bugs</a></h1>
                 <div class="well small"><footer class="post-info">

diff --git a/blog/2013/08/24/regular-expressions-obfuscation-under-the-microscope/index.html b/blog/2013/08/24/regular-expressions-obfuscation-under-the-microscope/index.html
@@ -151,7 +151,7 @@ <h2 id="manually">Manually</h2>
 <p>Now, if from that string representation we extract an FSM, we can have that one:</p>
 <p><center><img alt="FSM_example.png" src="/images/regular_expressions_obfuscation_under_the_microscope/FSM_example.png"></center>
 Here is this automaton implemented in C:</p>
-<div class="highlight"><pre><span></span>    <span class="cp">#include</span> <span class="cpf">&lt;stdio.h&gt;</span><span class="cp"></span>
+<div class="highlight"><pre><span></span><code>    <span class="cp">#include</span> <span class="cpf">&lt;stdio.h&gt;</span><span class="cp"></span>
     <span class="cp">#include</span> <span class="cpf">&lt;string.h&gt;</span><span class="cp"></span>
 
     <span class="kt">unsigned</span> <span class="kt">char</span> <span class="nf">checkinput</span><span class="p">(</span><span class="kt">char</span><span class="o">*</span> <span class="n">s</span><span class="p">)</span>
@@ -222,11 +222,10 @@ <h2 id="manually">Manually</h2>
 
         <span class="k">return</span> <span class="mi">1</span><span class="p">;</span>
     <span class="p">}</span>
-</pre></div>
-
+</code></pre></div>
 
 <p>If we try to execute the program:</p>
-<div class="highlight"><pre><span></span>    &gt; fsm_example.exe garbage-Hi-1337-garbage
+<div class="highlight"><pre><span></span><code>    &gt; fsm_example.exe garbage-Hi-1337-garbage
     Good boy.
 
     &gt; fsm_example.exe garbage-Hi-1337
@@ -237,8 +236,7 @@ <h2 id="manually">Manually</h2>
 
     &gt; fsm_example.exe Hi-dudies
     Bad boy.
-</pre></div>
-
+</code></pre></div>
 
 <p>The purpose of that trivial example was just to show you how a regex string representation can be compiled into something harder to analyze but also more efficient (it doesn't need a compilation step, that's the reason why you may encounter that kind of thing in real (?) softwares). Even if the code seems trivial at the first sight, when you look at it at the assembly level, it takes a bit of time to figure out it's a simple "Hi-[0-9]{4}" regex.</p>
 <p><center><img alt="cfg.png" src="/images/regular_expressions_obfuscation_under_the_microscope/cfg.png"></center>