Jailbreaking RabbitOS: Uncovering Secret Logs, and GPL Violations

By David Buchanan, 7th October 2024 Spoiler alert: Yes. the elite hacking tool they don't want you to know you already own Before you can write an exploit, you need a bug. When there are no bugs, we have to get creative—that's where Fault Injection comes in. Fault injection can take many forms, including software-controlled data...

By David Buchanan, 4th January 2024 First of all, this article is an exercise in recreational "because I can" programming. If you just want to make your Python code go fast, this is perhaps not the article for you. And perhaps Python is not the language you want, either! By the end, I'll explain how I implemented Game of Life in pure Python (plus pysdl2...

By David Buchanan, 2nd January 2024 This is a rant. You have been warned! I'd like text editors to be worse. Specifically, I'd like their default behaviour to be as close as possible to the median text input box you'd find in any piece of software, like the humble HTML <textarea>. More realistically, I'd like a configuration preset that lets me opt in to the same, without having to hunt for a thousand...

By David Buchanan, 31th December 2023 ...or at least, it will be for mine! Social media platforms come and go, but the one constant for me has been my blog. Same domain. Same URLs. Almost the same web design. It's been here since I started writing in 2018, and for that year I updated it regularly with CTF write-ups. Between 2019 and 2022 however, I neglected it, with only 2 posts for the whole duration. The "death" of my blog was...

By David Buchanan, 27th December 2023 Signing JSON sucks. Don't do it. But if you must, you have two main options: Serialize your JSON to bytes, sign the bytes, and transmit the bytes+signature. Serialize your JSON to a canonical byte representation, sign those bytes, and transmit your JSON+signature. 1 is the most straight-forward option, but now you need to ship those bytes around...