Clever Title Goes Here

Security educator, researcher, and developer

Read this first

Nintendo Switch nvservices Info Leak

In this post I’m going to discuss a Nintendo Switch bug I submitted to the Nintendo bug bounty program a few months ago, which they fixed recently (in 6.0, I believe, though I haven’t tested this myself).

 Background

The Switch runs on a custom OS called Horizon. It’s a really sleek, simple microkernel, and because of that, the majority of key functionality that would normally be in the kernel is actually in a userland service. To communicate between services or from an app/game to services, you use IPC: Get a handle to a service (by an <=8 character name, e.g. ‘ssl’), then send messages to it. Each message consists of some amount of data and some number of objects, which are typically kernel objects. Kernel objects are things like transfer memory, shared memory, event handles, etc. The details here aren’t important, with one exception: transfer memory.

Transfer memory is a...

Continue reading →


No, Presidential alerts can’t “access […] your phone”

On 2018-10-03, John McAfee tweeted:

This has spread like wildfire, with nearly 30k retweets and 41k likes as of writing. Unfortunately, it’s also completely untrue and does nothing but spread FUD.

While I have issues with the Presidential alert system (something I plan on writing about soon), absolutely none of the claims made in this tweet have even a grain of truth. Let’s break this down.

 There is no E911 chip

Simply put, there’s no such thing as an E911 chip in any phone that has ever or will ever exist. This is one of many things that the baseband of...

Continue reading →


If I were Bitfi

(Disclaimer: I am with HackerOne’s community team. I don’t want to bury the lede on that in any way, as H1 does come into this story.)

If you’ve been on Twitter in the past two months and live in the security world, chances are good that you’ve seen the fighting around Bitfi. A short summary for those who missed it:

  • Bitfi launched a hardware wallet for cryptocurrency
  • They subsequently launched a $250k reward for it to be hacked, claiming it to be unhackable, the “Bitfi Bounty”
  • Numerous researchers successfully hacked the device, to varying degrees
  • Harassing tweets and threats were made by Bitfi employees against these researchers, when they attempted to claim the reward
  • Bitfi subsequently pulled the reward and rescinded the unhackable claim, as well as signaling their intention to launch a HackerOne bug bounty
  • They also hired a head of security, who subsequently quit the next day...

Continue reading →


A Stupidly Simple, Fast Octree Traversal Algorithm for Ray Intersection

I’ve been doing some game dev stuff lately and I needed to intersect a ray with an octree of triangles, for collision detection. I first implemented a naive algorithm that simply checked if the AABB of each octant intersected the ray, then found the closest point. This was devastatingly slow, as you might expect. I then implemented the algorithm described by Revelles et al which is a nice algorithm, but limited (all octants must be half the size of their parents, for instance; this means it can work only on true octrees and not “loose octrees” or k-d trees) and fairly complicated.

Today I had a random thought while doing day-job work: what if I treat the octree divisions as splitting planes and essentially do a binary search? By knowing which plane my ray is closest to at a given step, I know which nodes I need to search. To my surprise – and slight horror, because it’s never a...

Continue reading →


Steal This Idea

This blog post will exist as a living document of ideas – some very fleshed out, some barely more than a concept – which I would love to implement if I had 15 of me. Unfortunately, there’s just the one (for now) and I don’t have time to work on any of this. As such, please take these ideas and run with them; if you make them and charge for them, I will throw money at you.

I completely rescind any rights to these ideas. You are free to implement them in any form you wish. I just want to see these happen.

 Mario Maker clone

Mario Maker is an awesome game, but by its nature it’s limited to Wii U (and kind of, almost 3ds. But not really) and thus the audience is even more limited. Additionally, I think there’s some really fun stuff that could be done regarding visual scripting to make this powerful and awesome.

I actually started work on something like this a while back but...

Continue reading →


Running Project List

I always have a large number of projects, which shuffle between active, inactive, and effectively abandoned. In the interest of self-accountability and maybe letting others take over or get involved in projects, I’ve decided to make an incomplete list (last ~6 months), which I’ll attempt to keep up to date:

  • HypervisorSharp (H#) [Active]: This project seeks to allow trivial development of hypervisors and emulators for .NET Core. Currently targets only Hypervisor.framework on MacOS. https://github.com/daeken/PaleFlag/tree/master/HypervisorSharp
  • PaleFlag [Active]: Xbox emulator built on H#. https://github.com/daeken/PaleFlag/tree/master/PaleFlag
  • GdbStub [needs real name - Active]: .NET [Core] library to embed a GDB stub trivially in any emulator, hypervisor, or other project. https://github.com/daeken/PaleFlag/tree/master/GdbStub
  • SharpStation [Inactive/Abandoned?]: Playstation...

Continue reading →


Goodbye, Console Hacking

Today is a bittersweet day. This is my last day in the ReSwitched Discord, and the console hacking community at large. But before I dive into why, some background.

ReSwitched began with just me and the goal of hacking the Switch to run homebrew code. I started a Discord in case anyone was interested in watching/helping out and I registered reswitched.tech to throw information I/we gathered. I tweeted about it and posted it on Hacker News and it grew slowly but steadily. By the release of the Switch, we had something like 50 users.

At first, the work we did was primarily in public channels, then in “private” channels. To get into the latter, you simply had to message me and tell me that you didn’t work for Nintendo. No skill test, no participation threshold – just a simple assertion, which could be a lie if you cared enough. This was enough until we started making real progress...

Continue reading →


The Media Didn’t Create This Divide

Like most Americans, I’ve spent the last 72 hours following the events of Charlottesville, VA very closely. I’ve laughed at the memes, I’ve been angered by the Nazis alt-right protesters, and I’ve spent my fair share of that time arguing with people on the internet. But you know what? I understand why these protests (and the subsequent counter-protests) are going on, why they’ve become violent, and why people are justifying them.

Two Facebook comments popped up on a friend’s post wherein she shared a video showing the torch-bearing mob intimidating counter-protesting students. These strike at the heart of the issue in a way unlike anything else I’ve seen:

Lol did you not see this coming? News and media has been making white people out to be the bad guy for so long and doubly so recently it was only a matter of time before big things like tnis happened. Not says its right or okay...

Continue reading →


The Thieves In My Head

For the past 13 years, I’ve known about a pair of thieves that live inside me, rummaging through my things and stealing what I most care about. It’s been so long that it feels almost normal; that it feels impossible to rid myself of these unseen, unwanted, altogether intrusive guests.

Those thieves are named Anxiety and Depression. It’s something I’ve written about for as long as I’ve known the name to pin on them, working – in my own way – to fight against the stigma that pervades discussions about mental illness and causes a great deal of harm to so many people. What I haven’t written much about, however, is the way they affect me on a day-to-day basis.

Nearly every morning, Anxiety is the one to wake me. He tells me that I’ve slept through an important call for work, that I forgot to respond to that email, that today is the day I’m going to be fired because I’m a fraud...

Continue reading →


Refugees and Homeless Veterans: Victims of the war machine

TL;DR: Every time someone brings up homeless veterans in the conversation around refugees, God kills a kitten. Please, stop the senseless killing.

In 1968, the United States – along with 145 other nations – signed a UN treaty called the “Protocol relating to the Status of Refugees”. This was an extension of 1951’s “Convention relating to the Status of Refugees”, another UN treaty which laid the groundwork for dealing with refugees in Europe following the fallout of WWII.

While the details of these treaties are too numerous and intricate to describe here, the summary is this: all signatories agreed that they would accept refugees from many areas of the world. It defined a refugee as such: “A person who owing to a well-founded fear of being persecuted for reasons of race, religion, nationality, membership of a particular social group or political opinion, is outside the country of his...

Continue reading →