http://0x00.ath.cx #just something (probably) cool in computer science http://sprunge.us/idVU?pl The usage is quite simple, you can just start the script without any argument or with --help to see the available options. Have fun (not too much).]]> testing nullBB, a bulletin board I've been developing on these days, but some
good people got back to populate this new creature. The URL remains the same, if
you wish to take a look:

Forum

See ya around.]]> http://0x00.ath.cx/prog/neuralperl/ Even if I always suggest the upgraded GIT version in order to download git clone git://github.com/BlackLight/NeuralPerl.git as it's usually more upgraded and stable than the "official" release. To install it: $ perl Makefile.PL $ make % make install Then, you may look at the man page (`man NeuralPerl`) or inside the examples/ directory to see some examples of its usage.]]> 1. The randomness of the network makes these eventuality always possible, but we have now the mechanisms to make them less probable. Actually there's already a case on 10 to get an unstable and diverging network in the training phase. Another huge fix has been made about the management of multiple output values. Earlier it was in TODO list, now it's been finally implemented. So, you can use, for example, the same network to compute the sum, difference and product between two numbers, with 3 neurons in the output layer, one for each operation. Anyway this approach is quite deprecated, as it's quite hard to get a combination of synaptical weights that offers satisfying output results for every desired output value. A very important fix has been made about multiple training sets too. It was a very serious bug that made possible the training of the network from a single training set per time, and made the generated network poorly flexible. Now everything works fine. And, last but not least fix, a fix to manage arbitrary user-defined activation functions (now really working fine). By the way, now you don't have to specify both your activation function and its derivative any more, as its derivative is cleanly computed by the library itself. Last enhancement, the network now supports a threshold value. The threshold is an activation value for each neuron, below which the neuron is "off". Direct download link: http://0x00.ath.cx/prog/neuralpp/neuralpp-current.tar.bz2 GitHub download (suggested): git clone git://github.com/BlackLight/neuralpp.git Official documentation: http://0x00.ath.cx/prog/neuralpp/doc/index.html Examples: http://0x00.ath.cx/prog/neuralpp/examples/]]> /** * Little program to get some information from a 2x2 arbitrary matrix */ #include #include using namespace std; using namespace grassmann; int main() { Matrix A(2,2); for (size_t i=0; i < A.rows(); i++) for (size_t j=0; j < A.cols(); j++) { cout << "Element [" << (i+1) << "][" << (j+1) << "]: "; cin >> A(i,j); } cout << "\nMatrix:\n\n" << A.toString() << endl << "rank: " << A.rank() << endl << endl << "product A*A:\n\n" << (A*A).toString() << endl; try { cout << "determinant: " << A.det() << endl << endl << "inverse matrix:\n\n" << A.inverse().toString() << endl << "eigenvalues (probably an approximation):\n\n" << A.eigenValues().toString(); } catch (SingularMatrixException e) { cerr << "Ooops...there was an error while working with your matrix:\n" << "\t-> " << e.what() << endl; } return 0; } You can download the latest version from its GitHub repository: http://github.com/BlackLight/Grassmann or, if you prefer the static latest release, you can get it from here: http://0x00.ath.cx/prog/grassmann/]]> http://img200.imageshack.us/img200/3149/gioconda1.png Would you ever think there's the whole 1st Canto of Dante's Divine Comedy hiding inside of it? Test and believe it: jastegal -d -i gioconda1.png Download file: http://0x00.ath.cx/prog/jastegal.tar.bz2 GitHub link (I suggest you to download it from here, as you can always find here the most recent version): http://github.com/BlackLight/Jastegal/tree]]> http://0x00.ath.cx:8000/mpd.ogg.m3u. For any suggestion, just ask me.]]> Here]]> 286 and MMX extensions, but, as you could imagine, this is a damn huge job to take on my own. So, any developer with some (even basic) C and x86 Assembly skills is welcome to help me. Moreover, the library is going to support the disassemble of any binary code from any source. Actually it supports disassemble from a binary buffer (a C unsigned char[] array), while the disassemble of executable code from a Linux ELF file is still under hard development. The function get_executable_elf_code() is already available anyway, even if it can't correctly recognize the end of the .text segment inside an executable file yet. Once I fix this problem, it would be quite interesting offering the possibility to disassemble single functions, labels or segments inside an executable file. The support for Windows PE executable files is on TODO list too. This is a simple source to demonstrate what this library can do so far: #include #include main() { u8 code[] = "\xc1\xc8\x02" "\xb8\x04\x00\x00\x00" /*mov $0x4,%eax*/ "\xbb\x01\x00\x00\x00" /*mov $0x1,%ebx*/ "\xb9\x60\x80\x04\x08" /*mov $0x8048060,%ecx*/ "\xba\x06\x00\x00\x00" /*mov $0x6,%edx*/ "\xcd\x80" /*int $0x80*/ "\xb8\x01\x00\x00\x00" /*mov $0x1,%eax*/ "\xbb\x00\x00\x00\x00" /*mov $0x0,%ebx*/ "\xcd\x80" /*int $0x80*/ "\xc9" /*leave*/ "\xc3" /*ret*/; // flags = 0 -> default ASM synthax: Intel printf ("%s\n", decode_to_asm (code, sizeof(code)-1, 0, 0)); // To get the output in AT&T style: //printf ("%s\n", decode_to_asm (code, sizeof(code)-1, 0, AT_FLAVOUR)); } You can actually choose the output Assembly format between Intel (default syntax format) and AT&T, just specifying the right option (4th parameter in decode_to_asm() function) between INTEL_FLAVOR and AT_FLAVOR. Direct link: http://0x00.ath.cx/prog/elfshark/ GitHub link (I suggest you to download it from this repository, as it is always more updated than the static release on this website): http://github.com/BlackLight/ElfShark/tree/master Have fun.]]> Quando si procede per delitti di istigazione a delinquere o a disobbedire alle leggi, ovvero per delitti di apologia di reato, previsti dal codice penale o da altre disposizioni penali, e sussistono concreti elementi che consentano di ritenere che alcuno compia detta attività di apologia o di istigazione in via telematica sulla rete internet, il Ministro dell’interno, in seguito a comunicazione dell’autorità giudiziaria, può disporre con proprio decreto l’interruzione della attività indicata, ordinando ai fornitori di connettività alla rete internet di utilizzare gli appositi strumenti di filtraggio necessari a tal fine. And again, paragraph 4: I fornitori dei servizi di connettività alla rete internet, per l’effetto del decreto di cui al comma 1, devono provvedere ad eseguire l’attività di filtraggio imposta entro il termine di 24 ore. La violazione di tale obbligo comporta una sanzione amministrativa pecuniaria da euro 50.000 a euro 250.000, alla cui irrogazione provvede il Ministero dello sviluppo economico. So, if I consider a law as unjust and I use my blog to notice people about that, inviting them to disobey, my blog or website can be shut down by my internet provider, and I may risk a fine from 50 000 to 250 000 euros, or jail. This is just another attempt to mute the freedom of information in Italy, and this time the victim is the network. In Italy we have blogs like Beppe Grillo's, an important free blog that comments the injustices of our government, inviting people not to vote them again. With this law, a blog like that risks to be shut down, and so many other blogs around the network. Yesterday Beppe Grillo was at the Italian Parliament to expose his thesis about the serious danger this government represents for democracy here in Italy. No Italian TV news service talked about that. People, here in Italy the democracy and freedom of speech are more and more compromised day by day, while our government distracts people from real problems like this controlling TVs, newspapers and every kind of information. The only source of information not controlled yet by our government was the internet. With this law, the internet in Italy risks to become not very different from the internet in China or Cuba. I formally invite all the readers of this blog to disobey this law. And I formally invite my readers to publish this article on their blogs too, because as many people as possible, the whole world, must know what is happening here in Italy. I formally invite you to disobey this law. If they're really going to shut us down, then they must shut down the whole internet in Italy, because I won't sacrifice my freedom on the internet for a government that wants to destroy it.]]> http://0x00.ath.cx/nopaste/1243810877 Here the link for the download of the static version: http://0x00.ath.cx/prog/usock/ And here the GIT link (I suggest you to download the latest version from here, if possible, as it's updated more often): http://github.com/BlackLight/uSock/tree/master Sincerely, BlackLight]]> http://0x00.ath.cx/mail, and allows you to create and manage an email account @0x00.ath.cx and @blacklight.gotdns.org (soon a good 2nd level domain may be available too). The mail service so far is quite spam-free, I use newt services for anti-spam and anti-malware. You don't need anything to register but a username and a password. No licence to be accepted, no personal data revealed, nothing like that. Then, you can both read and write your emails using the web form above, and using your favorite client, just using these parameters: user name: Your username (without @0x00.ath.cx or @blacklight.gotdns.org suffix) password: Your password IMAP server: 0x00.ath.cx, port 993, use SSL/TLS SMTP server: 0x00.ath.cx, port 25 Have fun, BlackLight]]> http://0x00.ath.cx/rss. Have fun, BlackLight]]> = 2.6.8 but with ASLR disabled by /proc/sys/kernel/randomize_va_space set at 0). The technique is quite old-fashioned, but still effective on many systems out there, running deprecated Linux versions or administrated by silly administrators thinking ASLR is a loss of time for the kernel. So, just check it out: http://0x00.ath.cx/video/15 The second video tutorial illustrates how to exploit a local application vulnerable to buffer overflow under a modern Linux kernel >= 2.6.8 with ASLR on a 32 bits system, just doing a brute force attack on the stack using a very long crafted environment variable with our shellcode and a very long sequence of NOPs. Then, the exploit's going to run the vulnerable application until the ASLR assigns it a stack base address located in the NOPs sequence, making so the execution of our crafted code possible. Just check it out: http://0x00.ath.cx/video/14]]> http://0x00.ath.cx/~tut/neural.pdf]]> http//0x00.ath.cx/prog/usock After some days of hard developing, I've finally released the first, beta, version of uSock (it should be μSock, pronounced as "MicroSock", a nice word joke I'm quite proud of). uSock is a high-level interface for the use of sockets in your network application. It removes, on the developer's side, the need of managing any kind of exceptions brought by the use of network sockets, and the necessity to make some low-level operations like binary flag setting on socket descriptors or low-level struct manipulation, so the developer can just focus on the logic of his application. Actually the library supports application sockets (TCP/UDP), ICMP sockets and pure raw sockets, offering the developer a wide set of API for the high-level manipulation of these data structures. So, the developer can just create a TCP socket with a certain host, write a buffer onto that and close it in 3 lines of code, or build up a raw socket to send a SYN TCP packet in 3 lines too. In the link I posted above, and inside the package itself, you can find the "examples/" directory, containing some possible applications of this library, and the "doc/" directory, containing the official documentation for the library APIs (both in HTML and LaTeX format). Moreover, I suggest you to get the latest software release via GIT (yes, it's updated more often than the static package on this website), just launching git clone git://github.com/BlackLight/uSock.git TODO: support for SSL sockets, basic support for the main application protocols (i.e. a class for managing HTTP or FTP sockets), support for IPv6 protocol, and support for socket multiplexing and timeout managing via select(). Have fun, BlackLight]]> here. The way this program works is the following. First, the program acquires an audio sequence of 2 seconds at 8 kHz from /dev/dsp at a depth of 8 bits. Then, we compute the DCT (Discrete Cosine Transform) to translate our audio sequence from time domain to frequency domain: where N is the number of bytes read from /dev/dsp and f_t the t-th byte associated to my audio sample. Then, the algorithm subtracts to each element of this numeric succession a value D_u, computed as the u-th element of the DCT of a "neutral" audio signal (e.g. all the bytes == 0x80), and then considers the logarithm of the absolute value of this difference, for each element of the DCT: In the end, the algorithm computes the "Fourier coefficient", as Where k is a coefficient used to bring the value of s in [0,1]. This coefficient "tells" us how much the frequency in the audio sample changes. This value is then saved on a file to identify a certain audio sample. Then, when we acquire an audio sample to execute a command, the program first computes the value of s for this sample, then parses the configuration file looking for the command with the value of s nearest to the one of the new acquired sample. If the absolute value of the difference of the absolute values between the s value for the stored sample and the s value for the acquired sample is less then a certain threshold, then it's quite likely the command we wish to execute is exactly that one, and the command is executed. Have fun, BlackLight]]> this article on Phrack some time ago, I was quite skeptical and still quite optimistic for the future of our little Italian reality. But then it was quite easy to realize that, in a country having the lowest density of graduate people in Europe, where research is treated as an expenditure, and not as an investment, and research are worse paid then a generic worker, and were trash television, trash press and trash wishes for young people's future are THE reality, no underground scene very different from a "trash web oriented" scene could take place. There's been a period in which and underground scene was real. The age of onda_quadra's team, or even earlier. The age in which young boys still played with their real toys, without trying to break into their friend's computer. That age has gone now, our dear old friends are all married, workers and they can't spend their time in a web were the average age in latest years has drastically fallen. And why should we post our software or papers on the net? To let a 13-year-old little boy rip them and spread them around as belonging to him, without understanding a single line? The underground scene can only be double linked to the society it refers to. Moreover, the web is the mirror of the society, the perfect place to analyze the health of the society that meets itself on a web server, on a social network, on a forum. And if the society beyond a screen and a keyboard is deeply ill, the web can just be ill too. This is the reason why Phrack guys are right considering our country as a 'zombie scene', this is the reason why we probably can never have again valid programmers or IT experts freely sharing their knowledge on the web. Why should they? See you around, BlackLight]]>