From 7fd70061b4639fbe83b63d4d097d4675083b173a Mon Sep 17 00:00:00 2001
From: TheEquus <TheEquus@users.noreply.github.com>
Date: Fri, 10 Jan 2025 00:36:46 +0000
Subject: [PATCH] deploy: 3ade4ddedd4d085f3dd7d51078a6e4ed89b8202b

---
 about/index.html              |  4 +-
 categories/ctf/index.xml      | 52 ++++++++++++++++---
 categories/projects/index.xml |  9 +++-
 categories/random/index.xml   | 31 ++++++++++--
 categories/windows/index.xml  | 25 ++++++++-
 index.html                    |  2 +-
 index.xml                     | 95 ++++++++++++++++++++++++++++++-----
 posts/index.xml               | 88 ++++++++++++++++++++++++++++----
 8 files changed, 267 insertions(+), 39 deletions(-)

diff --git a/about/index.html b/about/index.html
index cb24360..d6e0f75 100644
--- a/about/index.html
+++ b/about/index.html
@@ -1,5 +1,5 @@
 <!doctype html><html lang=en data-mode=dark><head><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=description content='Annie Nie&#39;s personal website "full of" personal projects and CTF writeups, where I try not to break things'><title>About</title>
 <link rel=preload href=https://anniequus.com/fonts/AnonymousPro-Regular.ttf as=font crossorigin=anonymous><link rel=preload href=https://anniequus.com/fonts/Heebo-VariableFont_wght.ttf as=font crossorigin=anonymous><link rel=preload href=https://anniequus.com/fonts/Rubik-VariableFont_wght.ttf as=font crossorigin=anonymous><link rel=stylesheet href=https://anniequus.com/css/main.min.438d8614614734b73815278dc3c64b0220335c8c5e5168baefe118fb203f84bb.css integrity="sha256-Q42GFGFHNLc4FSeNw8ZLAiAzXIxeUWi67+EY+yA/hLs=" crossorigin=anonymous><script defer src=https://anniequus.com/js/main.min.cf29f7226a9c2b2d20303d20e6fdd133796cbbd092dfd7486f2e01b089ffe03d.js integrity="sha256-zyn3ImqcKy0gMD0g5v3RM3lsu9CS39dIby4BsIn/4D0=" crossorigin=anonymous></script></head><body><header id=navbar><h1><a href=https://anniequus.com/>Equus 🐴 (Annie)</a></h1><ul><li><a href=/about/>About</a></li><li><a href=/posts/>Posts</a></li></ul></header><a href=# id=backtotop></a><div class=content><main class=about><article><header><h1>About Me</h1></header><p>Hi I&rsquo;m Annie Nie, and I do random things.</p><p>CTF-ing with <a href=https://ctftime.org/team/140575 target=_blank rel=noreferrer>skateboarding dog</a>
-🛹🐶.</p><p>Contact me on <a href=https://www.linkedin.com/in/annienie/ target=_blank rel=noreferrer>LinkedIn</a>
+🛹🐶.</p><p>Contact me on <a href=https://www.linkedin.com/in/aaannie/ target=_blank rel=noreferrer>LinkedIn</a>
 , <a href=https://twitter.com/ThatEquus target=_blank rel=noreferrer>X</a>
-or chuck an email <a href=mailto:contact@anniequus.com>contact@anniequus.com</a></p></article></main></div></body></html>
\ No newline at end of file
+or chuck an email contact[at]anniequus.com</p></article></main></div></body></html>
\ No newline at end of file
diff --git a/categories/ctf/index.xml b/categories/ctf/index.xml
index 82d97a2..e71bdd7 100644
--- a/categories/ctf/index.xml
+++ b/categories/ctf/index.xml
@@ -1,8 +1,44 @@
-<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>CTF on Equus 🐴 (Annie)</title><link>https://anniequus.com/categories/ctf/</link><description>Recent content in CTF on Equus 🐴 (Annie)</description><generator>Hugo</generator><language>en-au</language><lastBuildDate>Sun, 26 Sep 2021 00:00:00 +0000</lastBuildDate><atom:link href="https://anniequus.com/categories/ctf/index.xml" rel="self" type="application/rss+xml"/><item><title>Path to a crypto master, the engineer way</title><link>https://anniequus.com/posts/sub1-ductf2021/</link><pubDate>Sun, 26 Sep 2021 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/sub1-ductf2021/</guid><description>Who knew I&amp;rsquo;d be writing a crypto writeup.
-The Beginning The challenge provides a SageMath bit of code, as well as a cipher text.
-def encrypt(msg, f): return &amp;#39;&amp;#39;.join(chr(f.substitute(c)) for c in msg) P.&amp;lt;x&amp;gt; = PolynomialRing(ZZ) f = 13*x^2 + 3*x + 7 FLAG = open(&amp;#39;./flag.txt&amp;#39;, &amp;#39;rb&amp;#39;).read().strip() enc = encrypt(FLAG, f) print(enc) That&amp;rsquo;s some messy looking cipher text&amp;hellip;
-Understanding the sage Thankfully the SageMath here is nice and short. All that we need to know, is that each character of the flag is thrown into the encryption function f.</description></item><item><title>"Oh yeah Motorola exists" - Revelations made in CSAW CTF 2021</title><link>https://anniequus.com/posts/csaw2021-serial/</link><pubDate>Tue, 21 Sep 2021 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/csaw2021-serial/</guid><description>A mildly interesting challenge that touches (very briefly) on serial communication. But given that the files are .sal files, we can use the trusty old Saleae&amp;rsquo;s logic analyser to help decode everything.
-TL;DR: Use Saleae to extract information, be reminded that Motorola exists and created S-records, break the information down, use Ghidra to disassemble and decompile the machine code, and make sense of everything to eventually obtain the flag.</description></item><item><title>Inefficiently solving GoogleCTF 2021 with Verilog (ModelSim)</title><link>https://anniequus.com/posts/googlectf-parking/</link><pubDate>Sat, 31 Jul 2021 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/googlectf-parking/</guid><description>I unfortunately did not solve this during the competition period, but mildly obsessed over this for about a week after the competition. Here&amp;rsquo;s how I lost way too many hours of sleep.
-TL;DR - Realise this was all just one big digital logic circuit, recognise the different logic gates and connections, build it all in Verilog, solve with some ModelSim bruteforcing, and get enough sleep.
-Introduction The challenge provides us with a zip file containing a python script that takes in some data (level1 / level2) to build the challenge.</description></item><item><title>How HackTheBoxCTF Exposed The Marriage of Saleae And Hardware</title><link>https://anniequus.com/posts/htb-hardware-writeups/</link><pubDate>Mon, 26 Apr 2021 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/htb-hardware-writeups/</guid><description>This will be a writeup of all the hardware challenges in HackTheBoxCTF 2021. Although half the challenges in the category was just figuring out the protocol used, there were some interesting lessons learned.
-The Basics The first three challenges (which I&amp;rsquo;ll just call the basics) were best for getting used to using Saleae, its analysers, and getting a basic understanding of the protocols. This is where the heavy reliance on Saleae (logic analyser alpha) begins.</description></item></channel></rss>
\ No newline at end of file
+<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>CTF on Equus 🐴 (Annie)</title><link>https://anniequus.com/categories/ctf/</link><description>Recent content in CTF on Equus 🐴 (Annie)</description><generator>Hugo</generator><language>en-au</language><lastBuildDate>Sun, 26 Sep 2021 00:00:00 +0000</lastBuildDate><atom:link href="https://anniequus.com/categories/ctf/index.xml" rel="self" type="application/rss+xml"/><item><title>Path to a crypto master, the engineer way</title><link>https://anniequus.com/posts/sub1-ductf2021/</link><pubDate>Sun, 26 Sep 2021 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/sub1-ductf2021/</guid><description>&lt;p>
+
+
+
+
+&lt;img src="media/chall.png" alt="Challenge info" loading="lazy"/>
+
+Who knew I&amp;rsquo;d be writing a crypto writeup.&lt;/p>
+&lt;h2 id="the-beginning">The Beginning&lt;/h2>
+&lt;p>The challenge provides a SageMath bit of code, as well as a cipher text.&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;">&lt;code class="language-py" data-lang="py">&lt;span style="display:flex;">&lt;span>&lt;span style="color:#66d9ef">def&lt;/span> &lt;span style="color:#a6e22e">encrypt&lt;/span>(msg, f):
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> &lt;span style="color:#66d9ef">return&lt;/span> &lt;span style="color:#e6db74">&amp;#39;&amp;#39;&lt;/span>&lt;span style="color:#f92672">.&lt;/span>join(chr(f&lt;span style="color:#f92672">.&lt;/span>substitute(c)) &lt;span style="color:#66d9ef">for&lt;/span> c &lt;span style="color:#f92672">in&lt;/span> msg)
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>P&lt;span style="color:#f92672">.&amp;lt;&lt;/span>x&lt;span style="color:#f92672">&amp;gt;&lt;/span> &lt;span style="color:#f92672">=&lt;/span> PolynomialRing(ZZ)
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>f &lt;span style="color:#f92672">=&lt;/span> &lt;span style="color:#ae81ff">13&lt;/span>&lt;span style="color:#f92672">*&lt;/span>x&lt;span style="color:#f92672">^&lt;/span>&lt;span style="color:#ae81ff">2&lt;/span> &lt;span style="color:#f92672">+&lt;/span> &lt;span style="color:#ae81ff">3&lt;/span>&lt;span style="color:#f92672">*&lt;/span>x &lt;span style="color:#f92672">+&lt;/span> &lt;span style="color:#ae81ff">7&lt;/span>
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>FLAG &lt;span style="color:#f92672">=&lt;/span> open(&lt;span style="color:#e6db74">&amp;#39;./flag.txt&amp;#39;&lt;/span>, &lt;span style="color:#e6db74">&amp;#39;rb&amp;#39;&lt;/span>)&lt;span style="color:#f92672">.&lt;/span>read()&lt;span style="color:#f92672">.&lt;/span>strip()
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>enc &lt;span style="color:#f92672">=&lt;/span> encrypt(FLAG, f)
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>print(enc)
+&lt;/span>&lt;/span>&lt;/code>&lt;/pre>&lt;/div>&lt;p>
+
+
+
+
+&lt;img src="media/CipherText.png" alt="Hex output of cipher text" loading="lazy"/>
+
+That&amp;rsquo;s some messy looking cipher text&amp;hellip;&lt;/p>
+&lt;h3 id="understanding-the-sage">Understanding the sage&lt;/h3>
+&lt;p>Thankfully the SageMath here is nice and short. All that we need to know, is that each character of the flag is thrown into the encryption function &lt;code>f&lt;/code>. So to reverse it, we just do the opposite.&lt;br>
+Since the values were obtained by substituting each character into &lt;code>13*x^2 + 3*x + 7&lt;/code>, to get x back, we solve &lt;code>13*x^2 + 3*x + 7 = &amp;lt;encrypted num&amp;gt;&lt;/code>.&lt;/p></description></item><item><title>"Oh yeah Motorola exists" - Revelations made in CSAW CTF 2021</title><link>https://anniequus.com/posts/csaw2021-serial/</link><pubDate>Tue, 21 Sep 2021 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/csaw2021-serial/</guid><description>&lt;img src="media/ChallInfo.png" alt="Challenge info" loading="lazy"/>
+
+&lt;p>A mildly interesting challenge that touches (very briefly) on serial communication. But given that the files are .sal files, we can use the trusty old Saleae&amp;rsquo;s logic analyser to help decode everything.&lt;/p>
+&lt;p>TL;DR: Use Saleae to &lt;a href="#extraction">extract information&lt;/a>, &lt;a href="#research">be reminded that Motorola exists&lt;/a> and created S-records, &lt;a href="#apply">break the information down&lt;/a>, &lt;a href="#loading-up-ghidra">use Ghidra&lt;/a> to disassemble and decompile the machine code, and &lt;a href="#trust-the-python">make sense of everything&lt;/a> to eventually obtain the flag.&lt;/p>
+&lt;h2 id="introduction">Introduction&lt;/h2>
+&lt;p>The challenge gives us two .sal files, and based solely on the challenge description, capture.sal gives us a function block, and key.sal gives us a key of some kind. This seems pretty straight forward, so time to get on extracting.&lt;/p></description></item><item><title>Inefficiently solving GoogleCTF 2021 with Verilog (ModelSim)</title><link>https://anniequus.com/posts/googlectf-parking/</link><pubDate>Sat, 31 Jul 2021 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/googlectf-parking/</guid><description>&lt;img src="media/challenge.png" alt="Challenge info" loading="lazy"/>
+
+&lt;p>I unfortunately did not solve this during the competition period, but mildly obsessed over this for about a week after the competition. Here&amp;rsquo;s how I lost way too many hours of sleep.&lt;/p>
+&lt;p>TL;DR - Realise this was all just &lt;a href="#diving-deeper">one big digital logic circuit&lt;/a>, recognise the different &lt;a href="#junction-types">logic gates and connections&lt;/a>, &lt;a href="#building-with-verilog">build it all&lt;/a> in Verilog, solve with some &lt;a href="#writing-the-testbench">ModelSim bruteforcing&lt;/a>, and get enough sleep.&lt;/p>
+&lt;h2 id="introduction">Introduction&lt;/h2>
+&lt;p>The challenge provides us with a &lt;a href="https://github.com/google/google-ctf/tree/master/2021/quals/hw-parking/attachments" target="_blank" rel="noreferrer">zip file&lt;/a>
+ containing a python script that takes in some data (level1 / level2) to build the challenge. run.sh just serves as an easy way to progress from level1 to level2.&lt;/p></description></item><item><title>How HackTheBoxCTF Exposed The Marriage of Saleae And Hardware</title><link>https://anniequus.com/posts/htb-hardware-writeups/</link><pubDate>Mon, 26 Apr 2021 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/htb-hardware-writeups/</guid><description>&lt;p>This will be a writeup of all the hardware challenges in HackTheBoxCTF 2021. Although half the challenges in the category was just figuring out the protocol used, there were some interesting lessons learned.&lt;/p>
+&lt;h2 id="the-basics">The Basics&lt;/h2>
+&lt;p>The first three challenges (which I&amp;rsquo;ll just call the basics) were best for getting used to using Saleae, its analysers, and getting a basic understanding of the protocols. This is where the heavy reliance on Saleae (logic analyser alpha) begins.&lt;/p></description></item></channel></rss>
\ No newline at end of file
diff --git a/categories/projects/index.xml b/categories/projects/index.xml
index ec4a81d..ef01aff 100644
--- a/categories/projects/index.xml
+++ b/categories/projects/index.xml
@@ -1 +1,8 @@
-<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Projects on Equus 🐴 (Annie)</title><link>https://anniequus.com/categories/projects/</link><description>Recent content in Projects on Equus 🐴 (Annie)</description><generator>Hugo</generator><language>en-au</language><lastBuildDate>Mon, 25 Oct 2021 00:00:00 +0000</lastBuildDate><atom:link href="https://anniequus.com/categories/projects/index.xml" rel="self" type="application/rss+xml"/><item><title>The password manager to cure lockdown woes</title><link>https://anniequus.com/posts/arduino-password-manager/</link><pubDate>Mon, 25 Oct 2021 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/arduino-password-manager/</guid><description>If you see this (without inspecting source), video tags don't seem to work on your browser mate. Introduction I&amp;rsquo;ll be introducing a roughly two week project that I worked on with two other group mates for a uni subject. The theme we were given was to build something that makes our home smarter or more fun. As a team, we started off with the idea of a password manager and decided to add some small fun elements, that would make this password manager the most fun password manager out there (hopefully).</description></item></channel></rss>
\ No newline at end of file
+<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Projects on Equus 🐴 (Annie)</title><link>https://anniequus.com/categories/projects/</link><description>Recent content in Projects on Equus 🐴 (Annie)</description><generator>Hugo</generator><language>en-au</language><lastBuildDate>Mon, 25 Oct 2021 00:00:00 +0000</lastBuildDate><atom:link href="https://anniequus.com/categories/projects/index.xml" rel="self" type="application/rss+xml"/><item><title>The password manager to cure lockdown woes</title><link>https://anniequus.com/posts/arduino-password-manager/</link><pubDate>Mon, 25 Oct 2021 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/arduino-password-manager/</guid><description>&lt;video controls>
+ &lt;source src="media/FinalPresVideo.mp4" type="audio/mp4">
+ If you see this (without inspecting source), video tags don't seem to work on your browser mate.
+&lt;/video>
+
+&lt;h2 id="introduction">Introduction&lt;/h2>
+&lt;p>I&amp;rsquo;ll be introducing a roughly two week project that I worked on with two other group mates for a uni subject. The theme we were given was to build something that makes our home smarter or more fun. As a team, we started off with the idea of a password manager and decided to add some small fun elements, that would make this password manager the most fun password manager out there (hopefully).
+This page will talk about the technical side of the password manager system itself in more detail than the video, as well as a bit about editing (with a tiny bit of animating) a video.&lt;/p></description></item></channel></rss>
\ No newline at end of file
diff --git a/categories/random/index.xml b/categories/random/index.xml
index fd515bc..21a245e 100644
--- a/categories/random/index.xml
+++ b/categories/random/index.xml
@@ -1,3 +1,28 @@
-<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Random on Equus 🐴 (Annie)</title><link>https://anniequus.com/categories/random/</link><description>Recent content in Random on Equus 🐴 (Annie)</description><generator>Hugo</generator><language>en-au</language><lastBuildDate>Sun, 05 Nov 2023 00:00:00 +0000</lastBuildDate><atom:link href="https://anniequus.com/categories/random/index.xml" rel="self" type="application/rss+xml"/><item><title>Wacky Windows Environment Variables</title><link>https://anniequus.com/posts/wacky-windows-env-variables/</link><pubDate>Sun, 05 Nov 2023 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/wacky-windows-env-variables/</guid><description>Introduction Picture this - you&amp;rsquo;ve been blessed with the task of dissecting a binary written in C++ that looks like the following:
-#include &amp;lt;iostream&amp;gt; using namespace std; void admin() { cout &amp;lt;&amp;lt; &amp;#34;There is no DEMO - signs of an admin!&amp;#34;; } void user() { cout &amp;lt;&amp;lt; &amp;#34;I see a DEMO variable - signs of a regular user&amp;#34;; } int main() { char* check; check = getenv(&amp;#34;DEMO&amp;#34;); if (check != NULL) { user(); } else admin(); } What is it even doing, and is it possible to get to admin without being an admin?</description></item><item><title>The Writhing South Bass Cover</title><link>https://anniequus.com/posts/tws-bass/</link><pubDate>Fri, 16 Apr 2021 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/tws-bass/</guid><description>A fun song for a fun band. Sex Baby&amp;rsquo;s cover of &amp;ldquo;The Writhing South&amp;rdquo; by Say Anything is out for the public to feast on! A band consisting of a rotation between some mates and I, it was my turn to rock out on the bass for this one.
-The final mix (on bandcamp) The Writhing South by Sex Baby The full line up can be seen on the bandcamp page of the track itself.</description></item></channel></rss>
\ No newline at end of file
+<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Random on Equus 🐴 (Annie)</title><link>https://anniequus.com/categories/random/</link><description>Recent content in Random on Equus 🐴 (Annie)</description><generator>Hugo</generator><language>en-au</language><lastBuildDate>Sun, 05 Nov 2023 00:00:00 +0000</lastBuildDate><atom:link href="https://anniequus.com/categories/random/index.xml" rel="self" type="application/rss+xml"/><item><title>Wacky Windows Environment Variables</title><link>https://anniequus.com/posts/wacky-windows-env-variables/</link><pubDate>Sun, 05 Nov 2023 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/wacky-windows-env-variables/</guid><description>&lt;h2 id="introduction">Introduction&lt;/h2>
+&lt;p>Picture this - you&amp;rsquo;ve been blessed with the task of dissecting a binary written in C++ that looks like the following:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;">&lt;code class="language-C++" data-lang="C++">&lt;span style="display:flex;">&lt;span>&lt;span style="color:#75715e">#include&lt;/span> &lt;span style="color:#75715e">&amp;lt;iostream&amp;gt;&lt;/span>&lt;span style="color:#75715e">
+&lt;/span>&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>&lt;span style="color:#75715e">&lt;/span>&lt;span style="color:#66d9ef">using&lt;/span> &lt;span style="color:#66d9ef">namespace&lt;/span> std;
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>&lt;span style="color:#66d9ef">void&lt;/span> &lt;span style="color:#a6e22e">admin&lt;/span>() {
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> cout &lt;span style="color:#f92672">&amp;lt;&amp;lt;&lt;/span> &lt;span style="color:#e6db74">&amp;#34;There is no DEMO - signs of an admin!&amp;#34;&lt;/span>;
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>}
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>&lt;span style="color:#66d9ef">void&lt;/span> &lt;span style="color:#a6e22e">user&lt;/span>() {
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> cout &lt;span style="color:#f92672">&amp;lt;&amp;lt;&lt;/span> &lt;span style="color:#e6db74">&amp;#34;I see a DEMO variable - signs of a regular user&amp;#34;&lt;/span>;
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>}
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>&lt;span style="color:#66d9ef">int&lt;/span> &lt;span style="color:#a6e22e">main&lt;/span>() {
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> &lt;span style="color:#66d9ef">char&lt;/span>&lt;span style="color:#f92672">*&lt;/span> check;
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> check &lt;span style="color:#f92672">=&lt;/span> getenv(&lt;span style="color:#e6db74">&amp;#34;DEMO&amp;#34;&lt;/span>);
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> &lt;span style="color:#66d9ef">if&lt;/span> (check &lt;span style="color:#f92672">!=&lt;/span> NULL) {
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> user();
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> }
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> &lt;span style="color:#66d9ef">else&lt;/span> 
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> admin();
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>}
+&lt;/span>&lt;/span>&lt;/code>&lt;/pre>&lt;/div>&lt;p>What is it even doing, and is it possible to get to admin without being an admin? This post will look into some interesting Windows environment variable behaviours, and how they can be used to bypass application logic.&lt;/p></description></item><item><title>The Writhing South Bass Cover</title><link>https://anniequus.com/posts/tws-bass/</link><pubDate>Fri, 16 Apr 2021 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/tws-bass/</guid><description>&lt;p>A fun song for a fun band. Sex Baby&amp;rsquo;s cover of &amp;ldquo;The Writhing South&amp;rdquo; by Say Anything is out for the public to feast on!
+A band consisting of a rotation between some mates and I, it was my turn to rock out on the bass for this one.&lt;/p>
+&lt;p>The final mix (on bandcamp)
+&lt;iframe sandbox="allow-scripts allow-same-origin allow-forms" title="The Writhing South Cover on Bandcamp" style="border: 0; width: 100%;" src="https://bandcamp.com/EmbeddedPlayer/track=4231765701/size=large/bgcol=ffffff/linkcol=06783c/tracklist=false/artwork=small/transparent=true/" seamless>&lt;a href="https://sexbaby.bandcamp.com/track/the-writhing-south">The Writhing South by Sex Baby&lt;/a>&lt;/iframe>
+
+The full line up can be seen on the bandcamp page of the track itself.&lt;/p></description></item></channel></rss>
\ No newline at end of file
diff --git a/categories/windows/index.xml b/categories/windows/index.xml
index 58c46c5..bd952cf 100644
--- a/categories/windows/index.xml
+++ b/categories/windows/index.xml
@@ -1,2 +1,23 @@
-<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Windows on Equus 🐴 (Annie)</title><link>https://anniequus.com/categories/windows/</link><description>Recent content in Windows on Equus 🐴 (Annie)</description><generator>Hugo</generator><language>en-au</language><lastBuildDate>Sun, 05 Nov 2023 00:00:00 +0000</lastBuildDate><atom:link href="https://anniequus.com/categories/windows/index.xml" rel="self" type="application/rss+xml"/><item><title>Wacky Windows Environment Variables</title><link>https://anniequus.com/posts/wacky-windows-env-variables/</link><pubDate>Sun, 05 Nov 2023 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/wacky-windows-env-variables/</guid><description>Introduction Picture this - you&amp;rsquo;ve been blessed with the task of dissecting a binary written in C++ that looks like the following:
-#include &amp;lt;iostream&amp;gt; using namespace std; void admin() { cout &amp;lt;&amp;lt; &amp;#34;There is no DEMO - signs of an admin!&amp;#34;; } void user() { cout &amp;lt;&amp;lt; &amp;#34;I see a DEMO variable - signs of a regular user&amp;#34;; } int main() { char* check; check = getenv(&amp;#34;DEMO&amp;#34;); if (check != NULL) { user(); } else admin(); } What is it even doing, and is it possible to get to admin without being an admin?</description></item></channel></rss>
\ No newline at end of file
+<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Windows on Equus 🐴 (Annie)</title><link>https://anniequus.com/categories/windows/</link><description>Recent content in Windows on Equus 🐴 (Annie)</description><generator>Hugo</generator><language>en-au</language><lastBuildDate>Sun, 05 Nov 2023 00:00:00 +0000</lastBuildDate><atom:link href="https://anniequus.com/categories/windows/index.xml" rel="self" type="application/rss+xml"/><item><title>Wacky Windows Environment Variables</title><link>https://anniequus.com/posts/wacky-windows-env-variables/</link><pubDate>Sun, 05 Nov 2023 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/wacky-windows-env-variables/</guid><description>&lt;h2 id="introduction">Introduction&lt;/h2>
+&lt;p>Picture this - you&amp;rsquo;ve been blessed with the task of dissecting a binary written in C++ that looks like the following:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;">&lt;code class="language-C++" data-lang="C++">&lt;span style="display:flex;">&lt;span>&lt;span style="color:#75715e">#include&lt;/span> &lt;span style="color:#75715e">&amp;lt;iostream&amp;gt;&lt;/span>&lt;span style="color:#75715e">
+&lt;/span>&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>&lt;span style="color:#75715e">&lt;/span>&lt;span style="color:#66d9ef">using&lt;/span> &lt;span style="color:#66d9ef">namespace&lt;/span> std;
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>&lt;span style="color:#66d9ef">void&lt;/span> &lt;span style="color:#a6e22e">admin&lt;/span>() {
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> cout &lt;span style="color:#f92672">&amp;lt;&amp;lt;&lt;/span> &lt;span style="color:#e6db74">&amp;#34;There is no DEMO - signs of an admin!&amp;#34;&lt;/span>;
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>}
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>&lt;span style="color:#66d9ef">void&lt;/span> &lt;span style="color:#a6e22e">user&lt;/span>() {
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> cout &lt;span style="color:#f92672">&amp;lt;&amp;lt;&lt;/span> &lt;span style="color:#e6db74">&amp;#34;I see a DEMO variable - signs of a regular user&amp;#34;&lt;/span>;
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>}
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>&lt;span style="color:#66d9ef">int&lt;/span> &lt;span style="color:#a6e22e">main&lt;/span>() {
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> &lt;span style="color:#66d9ef">char&lt;/span>&lt;span style="color:#f92672">*&lt;/span> check;
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> check &lt;span style="color:#f92672">=&lt;/span> getenv(&lt;span style="color:#e6db74">&amp;#34;DEMO&amp;#34;&lt;/span>);
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> &lt;span style="color:#66d9ef">if&lt;/span> (check &lt;span style="color:#f92672">!=&lt;/span> NULL) {
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> user();
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> }
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> &lt;span style="color:#66d9ef">else&lt;/span> 
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> admin();
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>}
+&lt;/span>&lt;/span>&lt;/code>&lt;/pre>&lt;/div>&lt;p>What is it even doing, and is it possible to get to admin without being an admin? This post will look into some interesting Windows environment variable behaviours, and how they can be used to bypass application logic.&lt;/p></description></item></channel></rss>
\ No newline at end of file
diff --git a/index.html b/index.html
index 4d6ad07..edc9434 100644
--- a/index.html
+++ b/index.html
@@ -1,2 +1,2 @@
-<!doctype html><html lang=en data-mode=dark><head><meta name=generator content="Hugo 0.131.0"><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=description content='Annie Nie&#39;s personal website "full of" personal projects and CTF writeups, where I try not to break things'><title>Equus 🐴</title>
+<!doctype html><html lang=en data-mode=dark><head><meta name=generator content="Hugo 0.140.2"><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=description content='Annie Nie&#39;s personal website "full of" personal projects and CTF writeups, where I try not to break things'><title>Equus 🐴</title>
 <link rel=preload href=https://anniequus.com/fonts/AnonymousPro-Regular.ttf as=font crossorigin=anonymous><link rel=preload href=https://anniequus.com/fonts/Heebo-VariableFont_wght.ttf as=font crossorigin=anonymous><link rel=preload href=https://anniequus.com/fonts/Rubik-VariableFont_wght.ttf as=font crossorigin=anonymous><link rel=stylesheet href=https://anniequus.com/css/main.min.438d8614614734b73815278dc3c64b0220335c8c5e5168baefe118fb203f84bb.css integrity="sha256-Q42GFGFHNLc4FSeNw8ZLAiAzXIxeUWi67+EY+yA/hLs=" crossorigin=anonymous><script defer src=https://anniequus.com/js/main.min.cf29f7226a9c2b2d20303d20e6fdd133796cbbd092dfd7486f2e01b089ffe03d.js integrity="sha256-zyn3ImqcKy0gMD0g5v3RM3lsu9CS39dIby4BsIn/4D0=" crossorigin=anonymous></script></head><body><header id=navbar><h1><a href=https://anniequus.com/>Equus 🐴 (Annie)</a></h1><ul><li><a href=/about/>About</a></li><li><a href=/posts/>Posts</a></li></ul></header><a href=# id=backtotop></a><div class=content><main><h1>Random things happen I guess</h1><p>This site features whatever random project I&rsquo;ve decided to do and write about.</p><hr><h2>Latest Posts</h2><ul id=featuredPosts><li><a href=/posts/wacky-windows-env-variables/ aria-label="Wacky Windows Environment Variables (2023-11-05)"><h4>Wacky Windows Environment Variables</h4><time datetime=2023-11-05>2023-11-05</time></a><p>A small dive into the weird world of Windows environment variables and how its odd behaviours can be abused to bypass application logic</p><hr></li><li><a href=/posts/arduino-password-manager/ aria-label="The password manager to cure lockdown woes (2021-10-25)"><h4>The password manager to cure lockdown woes</h4><time datetime=2021-10-25>2021-10-25</time></a><p>Ever wished that you could have a password manager that not only managed your passwords, but played music and gave you treats? Well I know I haven't, but as a group project for uni, I and some group mates decided to fulfill this exact desire. This post features some details about the python + arduino password manager, as well as a reflection on making and editing a video to present it</p><hr></li><li><a href=/posts/sub1-ductf2021/ aria-label="Path to a crypto master, the engineer way (2021-09-26)"><h4>Path to a crypto master, the engineer way</h4><time datetime=2021-09-26>2021-09-26</time></a><p>The road to becoming a crypto master is a fun journey, but still no easy feat. So, I decided to begin this journey by doing a challenge from DUCTF 2021 called "Substitution Cipher I", using a tool few people have used to solve crypto challenges, despite it almost having "maths" in its name</p><hr></li><li><a href=/posts/csaw2021-serial/ aria-label='"Oh yeah Motorola exists" - Revelations made in CSAW CTF 2021 (2021-09-21)'><h4>"Oh yeah Motorola exists" - Revelations made in CSAW CTF 2021</h4><time datetime=2021-09-21>2021-09-21</time></a><p>Read about bits being analysed and Motorola being remembered, this is a writeup on a serial challenge titled "A different Type of Serial Key" from CSAW CTF 2021</p><hr></li><li><a href=/posts/googlectf-parking/ aria-label="Inefficiently solving GoogleCTF 2021 with Verilog (ModelSim) (2021-07-31)"><h4>Inefficiently solving GoogleCTF 2021 with Verilog (ModelSim)</h4><time datetime=2021-07-31>2021-07-31</time></a><p>GoogleCTF 2021 featured a hardware challenge called "parking", which resulted in me undertaking a long and arduous journey to solve it with a software I had never thought I would use in a CTF challenge - ModelSim</p><hr></li><li><a href=/posts/htb-hardware-writeups/ aria-label="How HackTheBoxCTF Exposed The Marriage of Saleae And Hardware (2021-04-26)"><h4>How HackTheBoxCTF Exposed The Marriage of Saleae And Hardware</h4><time datetime=2021-04-26>2021-04-26</time></a><p>A collection of writeups for all the hardware challenges in HackTheBoxCTF 2021</p><hr></li><li><a href=/posts/tws-bass/ aria-label="The Writhing South Bass Cover (2021-04-16)"><h4>The Writhing South Bass Cover</h4><time datetime=2021-04-16>2021-04-16</time></a><p>A quick showcase of a fun cover band with friends where I was on the bass covering The Writhing South by Say Anything</p><hr></li></ul></main></div></body></html>
\ No newline at end of file
diff --git a/index.xml b/index.xml
index 56b9883..3f47cdf 100644
--- a/index.xml
+++ b/index.xml
@@ -1,12 +1,83 @@
-<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Equus 🐴 on Equus 🐴 (Annie)</title><link>https://anniequus.com/</link><description>Recent content in Equus 🐴 on Equus 🐴 (Annie)</description><generator>Hugo</generator><language>en-au</language><lastBuildDate>Sun, 05 Nov 2023 00:00:00 +0000</lastBuildDate><atom:link href="https://anniequus.com/index.xml" rel="self" type="application/rss+xml"/><item><title>Wacky Windows Environment Variables</title><link>https://anniequus.com/posts/wacky-windows-env-variables/</link><pubDate>Sun, 05 Nov 2023 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/wacky-windows-env-variables/</guid><description>Introduction Picture this - you&amp;rsquo;ve been blessed with the task of dissecting a binary written in C++ that looks like the following:
-#include &amp;lt;iostream&amp;gt; using namespace std; void admin() { cout &amp;lt;&amp;lt; &amp;#34;There is no DEMO - signs of an admin!&amp;#34;; } void user() { cout &amp;lt;&amp;lt; &amp;#34;I see a DEMO variable - signs of a regular user&amp;#34;; } int main() { char* check; check = getenv(&amp;#34;DEMO&amp;#34;); if (check != NULL) { user(); } else admin(); } What is it even doing, and is it possible to get to admin without being an admin?</description></item><item><title>The password manager to cure lockdown woes</title><link>https://anniequus.com/posts/arduino-password-manager/</link><pubDate>Mon, 25 Oct 2021 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/arduino-password-manager/</guid><description>If you see this (without inspecting source), video tags don't seem to work on your browser mate. Introduction I&amp;rsquo;ll be introducing a roughly two week project that I worked on with two other group mates for a uni subject. The theme we were given was to build something that makes our home smarter or more fun. As a team, we started off with the idea of a password manager and decided to add some small fun elements, that would make this password manager the most fun password manager out there (hopefully).</description></item><item><title>Path to a crypto master, the engineer way</title><link>https://anniequus.com/posts/sub1-ductf2021/</link><pubDate>Sun, 26 Sep 2021 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/sub1-ductf2021/</guid><description>Who knew I&amp;rsquo;d be writing a crypto writeup.
-The Beginning The challenge provides a SageMath bit of code, as well as a cipher text.
-def encrypt(msg, f): return &amp;#39;&amp;#39;.join(chr(f.substitute(c)) for c in msg) P.&amp;lt;x&amp;gt; = PolynomialRing(ZZ) f = 13*x^2 + 3*x + 7 FLAG = open(&amp;#39;./flag.txt&amp;#39;, &amp;#39;rb&amp;#39;).read().strip() enc = encrypt(FLAG, f) print(enc) That&amp;rsquo;s some messy looking cipher text&amp;hellip;
-Understanding the sage Thankfully the SageMath here is nice and short. All that we need to know, is that each character of the flag is thrown into the encryption function f.</description></item><item><title>"Oh yeah Motorola exists" - Revelations made in CSAW CTF 2021</title><link>https://anniequus.com/posts/csaw2021-serial/</link><pubDate>Tue, 21 Sep 2021 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/csaw2021-serial/</guid><description>A mildly interesting challenge that touches (very briefly) on serial communication. But given that the files are .sal files, we can use the trusty old Saleae&amp;rsquo;s logic analyser to help decode everything.
-TL;DR: Use Saleae to extract information, be reminded that Motorola exists and created S-records, break the information down, use Ghidra to disassemble and decompile the machine code, and make sense of everything to eventually obtain the flag.</description></item><item><title>Inefficiently solving GoogleCTF 2021 with Verilog (ModelSim)</title><link>https://anniequus.com/posts/googlectf-parking/</link><pubDate>Sat, 31 Jul 2021 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/googlectf-parking/</guid><description>I unfortunately did not solve this during the competition period, but mildly obsessed over this for about a week after the competition. Here&amp;rsquo;s how I lost way too many hours of sleep.
-TL;DR - Realise this was all just one big digital logic circuit, recognise the different logic gates and connections, build it all in Verilog, solve with some ModelSim bruteforcing, and get enough sleep.
-Introduction The challenge provides us with a zip file containing a python script that takes in some data (level1 / level2) to build the challenge.</description></item><item><title>How HackTheBoxCTF Exposed The Marriage of Saleae And Hardware</title><link>https://anniequus.com/posts/htb-hardware-writeups/</link><pubDate>Mon, 26 Apr 2021 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/htb-hardware-writeups/</guid><description>This will be a writeup of all the hardware challenges in HackTheBoxCTF 2021. Although half the challenges in the category was just figuring out the protocol used, there were some interesting lessons learned.
-The Basics The first three challenges (which I&amp;rsquo;ll just call the basics) were best for getting used to using Saleae, its analysers, and getting a basic understanding of the protocols. This is where the heavy reliance on Saleae (logic analyser alpha) begins.</description></item><item><title>The Writhing South Bass Cover</title><link>https://anniequus.com/posts/tws-bass/</link><pubDate>Fri, 16 Apr 2021 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/tws-bass/</guid><description>A fun song for a fun band. Sex Baby&amp;rsquo;s cover of &amp;ldquo;The Writhing South&amp;rdquo; by Say Anything is out for the public to feast on! A band consisting of a rotation between some mates and I, it was my turn to rock out on the bass for this one.
-The final mix (on bandcamp) The Writhing South by Sex Baby The full line up can be seen on the bandcamp page of the track itself.</description></item><item><title>About</title><link>https://anniequus.com/about/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://anniequus.com/about/</guid><description>Hi I&amp;rsquo;m Annie Nie, and I do random things.
-CTF-ing with skateboarding dog 🛹🐶.
-Contact me on LinkedIn , X or chuck an email contact@anniequus.com</description></item></channel></rss>
\ No newline at end of file
+<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Equus 🐴 on Equus 🐴 (Annie)</title><link>https://anniequus.com/</link><description>Recent content in Equus 🐴 on Equus 🐴 (Annie)</description><generator>Hugo</generator><language>en-au</language><lastBuildDate>Sun, 05 Nov 2023 00:00:00 +0000</lastBuildDate><atom:link href="https://anniequus.com/index.xml" rel="self" type="application/rss+xml"/><item><title>Wacky Windows Environment Variables</title><link>https://anniequus.com/posts/wacky-windows-env-variables/</link><pubDate>Sun, 05 Nov 2023 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/wacky-windows-env-variables/</guid><description>&lt;h2 id="introduction">Introduction&lt;/h2>
+&lt;p>Picture this - you&amp;rsquo;ve been blessed with the task of dissecting a binary written in C++ that looks like the following:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;">&lt;code class="language-C++" data-lang="C++">&lt;span style="display:flex;">&lt;span>&lt;span style="color:#75715e">#include&lt;/span> &lt;span style="color:#75715e">&amp;lt;iostream&amp;gt;&lt;/span>&lt;span style="color:#75715e">
+&lt;/span>&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>&lt;span style="color:#75715e">&lt;/span>&lt;span style="color:#66d9ef">using&lt;/span> &lt;span style="color:#66d9ef">namespace&lt;/span> std;
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>&lt;span style="color:#66d9ef">void&lt;/span> &lt;span style="color:#a6e22e">admin&lt;/span>() {
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> cout &lt;span style="color:#f92672">&amp;lt;&amp;lt;&lt;/span> &lt;span style="color:#e6db74">&amp;#34;There is no DEMO - signs of an admin!&amp;#34;&lt;/span>;
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>}
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>&lt;span style="color:#66d9ef">void&lt;/span> &lt;span style="color:#a6e22e">user&lt;/span>() {
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> cout &lt;span style="color:#f92672">&amp;lt;&amp;lt;&lt;/span> &lt;span style="color:#e6db74">&amp;#34;I see a DEMO variable - signs of a regular user&amp;#34;&lt;/span>;
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>}
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>&lt;span style="color:#66d9ef">int&lt;/span> &lt;span style="color:#a6e22e">main&lt;/span>() {
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> &lt;span style="color:#66d9ef">char&lt;/span>&lt;span style="color:#f92672">*&lt;/span> check;
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> check &lt;span style="color:#f92672">=&lt;/span> getenv(&lt;span style="color:#e6db74">&amp;#34;DEMO&amp;#34;&lt;/span>);
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> &lt;span style="color:#66d9ef">if&lt;/span> (check &lt;span style="color:#f92672">!=&lt;/span> NULL) {
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> user();
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> }
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> &lt;span style="color:#66d9ef">else&lt;/span> 
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> admin();
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>}
+&lt;/span>&lt;/span>&lt;/code>&lt;/pre>&lt;/div>&lt;p>What is it even doing, and is it possible to get to admin without being an admin? This post will look into some interesting Windows environment variable behaviours, and how they can be used to bypass application logic.&lt;/p></description></item><item><title>The password manager to cure lockdown woes</title><link>https://anniequus.com/posts/arduino-password-manager/</link><pubDate>Mon, 25 Oct 2021 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/arduino-password-manager/</guid><description>&lt;video controls>
+ &lt;source src="media/FinalPresVideo.mp4" type="audio/mp4">
+ If you see this (without inspecting source), video tags don't seem to work on your browser mate.
+&lt;/video>
+
+&lt;h2 id="introduction">Introduction&lt;/h2>
+&lt;p>I&amp;rsquo;ll be introducing a roughly two week project that I worked on with two other group mates for a uni subject. The theme we were given was to build something that makes our home smarter or more fun. As a team, we started off with the idea of a password manager and decided to add some small fun elements, that would make this password manager the most fun password manager out there (hopefully).
+This page will talk about the technical side of the password manager system itself in more detail than the video, as well as a bit about editing (with a tiny bit of animating) a video.&lt;/p></description></item><item><title>Path to a crypto master, the engineer way</title><link>https://anniequus.com/posts/sub1-ductf2021/</link><pubDate>Sun, 26 Sep 2021 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/sub1-ductf2021/</guid><description>&lt;p>
+
+
+
+
+&lt;img src="media/chall.png" alt="Challenge info" loading="lazy"/>
+
+Who knew I&amp;rsquo;d be writing a crypto writeup.&lt;/p>
+&lt;h2 id="the-beginning">The Beginning&lt;/h2>
+&lt;p>The challenge provides a SageMath bit of code, as well as a cipher text.&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;">&lt;code class="language-py" data-lang="py">&lt;span style="display:flex;">&lt;span>&lt;span style="color:#66d9ef">def&lt;/span> &lt;span style="color:#a6e22e">encrypt&lt;/span>(msg, f):
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> &lt;span style="color:#66d9ef">return&lt;/span> &lt;span style="color:#e6db74">&amp;#39;&amp;#39;&lt;/span>&lt;span style="color:#f92672">.&lt;/span>join(chr(f&lt;span style="color:#f92672">.&lt;/span>substitute(c)) &lt;span style="color:#66d9ef">for&lt;/span> c &lt;span style="color:#f92672">in&lt;/span> msg)
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>P&lt;span style="color:#f92672">.&amp;lt;&lt;/span>x&lt;span style="color:#f92672">&amp;gt;&lt;/span> &lt;span style="color:#f92672">=&lt;/span> PolynomialRing(ZZ)
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>f &lt;span style="color:#f92672">=&lt;/span> &lt;span style="color:#ae81ff">13&lt;/span>&lt;span style="color:#f92672">*&lt;/span>x&lt;span style="color:#f92672">^&lt;/span>&lt;span style="color:#ae81ff">2&lt;/span> &lt;span style="color:#f92672">+&lt;/span> &lt;span style="color:#ae81ff">3&lt;/span>&lt;span style="color:#f92672">*&lt;/span>x &lt;span style="color:#f92672">+&lt;/span> &lt;span style="color:#ae81ff">7&lt;/span>
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>FLAG &lt;span style="color:#f92672">=&lt;/span> open(&lt;span style="color:#e6db74">&amp;#39;./flag.txt&amp;#39;&lt;/span>, &lt;span style="color:#e6db74">&amp;#39;rb&amp;#39;&lt;/span>)&lt;span style="color:#f92672">.&lt;/span>read()&lt;span style="color:#f92672">.&lt;/span>strip()
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>enc &lt;span style="color:#f92672">=&lt;/span> encrypt(FLAG, f)
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>print(enc)
+&lt;/span>&lt;/span>&lt;/code>&lt;/pre>&lt;/div>&lt;p>
+
+
+
+
+&lt;img src="media/CipherText.png" alt="Hex output of cipher text" loading="lazy"/>
+
+That&amp;rsquo;s some messy looking cipher text&amp;hellip;&lt;/p>
+&lt;h3 id="understanding-the-sage">Understanding the sage&lt;/h3>
+&lt;p>Thankfully the SageMath here is nice and short. All that we need to know, is that each character of the flag is thrown into the encryption function &lt;code>f&lt;/code>. So to reverse it, we just do the opposite.&lt;br>
+Since the values were obtained by substituting each character into &lt;code>13*x^2 + 3*x + 7&lt;/code>, to get x back, we solve &lt;code>13*x^2 + 3*x + 7 = &amp;lt;encrypted num&amp;gt;&lt;/code>.&lt;/p></description></item><item><title>"Oh yeah Motorola exists" - Revelations made in CSAW CTF 2021</title><link>https://anniequus.com/posts/csaw2021-serial/</link><pubDate>Tue, 21 Sep 2021 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/csaw2021-serial/</guid><description>&lt;img src="media/ChallInfo.png" alt="Challenge info" loading="lazy"/>
+
+&lt;p>A mildly interesting challenge that touches (very briefly) on serial communication. But given that the files are .sal files, we can use the trusty old Saleae&amp;rsquo;s logic analyser to help decode everything.&lt;/p>
+&lt;p>TL;DR: Use Saleae to &lt;a href="#extraction">extract information&lt;/a>, &lt;a href="#research">be reminded that Motorola exists&lt;/a> and created S-records, &lt;a href="#apply">break the information down&lt;/a>, &lt;a href="#loading-up-ghidra">use Ghidra&lt;/a> to disassemble and decompile the machine code, and &lt;a href="#trust-the-python">make sense of everything&lt;/a> to eventually obtain the flag.&lt;/p>
+&lt;h2 id="introduction">Introduction&lt;/h2>
+&lt;p>The challenge gives us two .sal files, and based solely on the challenge description, capture.sal gives us a function block, and key.sal gives us a key of some kind. This seems pretty straight forward, so time to get on extracting.&lt;/p></description></item><item><title>Inefficiently solving GoogleCTF 2021 with Verilog (ModelSim)</title><link>https://anniequus.com/posts/googlectf-parking/</link><pubDate>Sat, 31 Jul 2021 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/googlectf-parking/</guid><description>&lt;img src="media/challenge.png" alt="Challenge info" loading="lazy"/>
+
+&lt;p>I unfortunately did not solve this during the competition period, but mildly obsessed over this for about a week after the competition. Here&amp;rsquo;s how I lost way too many hours of sleep.&lt;/p>
+&lt;p>TL;DR - Realise this was all just &lt;a href="#diving-deeper">one big digital logic circuit&lt;/a>, recognise the different &lt;a href="#junction-types">logic gates and connections&lt;/a>, &lt;a href="#building-with-verilog">build it all&lt;/a> in Verilog, solve with some &lt;a href="#writing-the-testbench">ModelSim bruteforcing&lt;/a>, and get enough sleep.&lt;/p>
+&lt;h2 id="introduction">Introduction&lt;/h2>
+&lt;p>The challenge provides us with a &lt;a href="https://github.com/google/google-ctf/tree/master/2021/quals/hw-parking/attachments" target="_blank" rel="noreferrer">zip file&lt;/a>
+ containing a python script that takes in some data (level1 / level2) to build the challenge. run.sh just serves as an easy way to progress from level1 to level2.&lt;/p></description></item><item><title>How HackTheBoxCTF Exposed The Marriage of Saleae And Hardware</title><link>https://anniequus.com/posts/htb-hardware-writeups/</link><pubDate>Mon, 26 Apr 2021 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/htb-hardware-writeups/</guid><description>&lt;p>This will be a writeup of all the hardware challenges in HackTheBoxCTF 2021. Although half the challenges in the category was just figuring out the protocol used, there were some interesting lessons learned.&lt;/p>
+&lt;h2 id="the-basics">The Basics&lt;/h2>
+&lt;p>The first three challenges (which I&amp;rsquo;ll just call the basics) were best for getting used to using Saleae, its analysers, and getting a basic understanding of the protocols. This is where the heavy reliance on Saleae (logic analyser alpha) begins.&lt;/p></description></item><item><title>The Writhing South Bass Cover</title><link>https://anniequus.com/posts/tws-bass/</link><pubDate>Fri, 16 Apr 2021 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/tws-bass/</guid><description>&lt;p>A fun song for a fun band. Sex Baby&amp;rsquo;s cover of &amp;ldquo;The Writhing South&amp;rdquo; by Say Anything is out for the public to feast on!
+A band consisting of a rotation between some mates and I, it was my turn to rock out on the bass for this one.&lt;/p>
+&lt;p>The final mix (on bandcamp)
+&lt;iframe sandbox="allow-scripts allow-same-origin allow-forms" title="The Writhing South Cover on Bandcamp" style="border: 0; width: 100%;" src="https://bandcamp.com/EmbeddedPlayer/track=4231765701/size=large/bgcol=ffffff/linkcol=06783c/tracklist=false/artwork=small/transparent=true/" seamless>&lt;a href="https://sexbaby.bandcamp.com/track/the-writhing-south">The Writhing South by Sex Baby&lt;/a>&lt;/iframe>
+
+The full line up can be seen on the bandcamp page of the track itself.&lt;/p></description></item><item><title>About</title><link>https://anniequus.com/about/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://anniequus.com/about/</guid><description>&lt;p>Hi I&amp;rsquo;m Annie Nie, and I do random things.&lt;/p>
+&lt;p>CTF-ing with &lt;a href="https://ctftime.org/team/140575" target="_blank" rel="noreferrer">skateboarding dog&lt;/a>
+🛹🐶.&lt;/p>
+&lt;p>Contact me on &lt;a href="https://www.linkedin.com/in/aaannie/" target="_blank" rel="noreferrer">LinkedIn&lt;/a>
+, &lt;a href="https://twitter.com/ThatEquus" target="_blank" rel="noreferrer">X&lt;/a>
+ or chuck an email contact[at]anniequus.com&lt;/p></description></item></channel></rss>
\ No newline at end of file
diff --git a/posts/index.xml b/posts/index.xml
index 29c6d80..be34b03 100644
--- a/posts/index.xml
+++ b/posts/index.xml
@@ -1,10 +1,78 @@
-<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Posts on Equus 🐴 (Annie)</title><link>https://anniequus.com/posts/</link><description>Recent content in Posts on Equus 🐴 (Annie)</description><generator>Hugo</generator><language>en-au</language><lastBuildDate>Sun, 05 Nov 2023 00:00:00 +0000</lastBuildDate><atom:link href="https://anniequus.com/posts/index.xml" rel="self" type="application/rss+xml"/><item><title>Wacky Windows Environment Variables</title><link>https://anniequus.com/posts/wacky-windows-env-variables/</link><pubDate>Sun, 05 Nov 2023 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/wacky-windows-env-variables/</guid><description>Introduction Picture this - you&amp;rsquo;ve been blessed with the task of dissecting a binary written in C++ that looks like the following:
-#include &amp;lt;iostream&amp;gt; using namespace std; void admin() { cout &amp;lt;&amp;lt; &amp;#34;There is no DEMO - signs of an admin!&amp;#34;; } void user() { cout &amp;lt;&amp;lt; &amp;#34;I see a DEMO variable - signs of a regular user&amp;#34;; } int main() { char* check; check = getenv(&amp;#34;DEMO&amp;#34;); if (check != NULL) { user(); } else admin(); } What is it even doing, and is it possible to get to admin without being an admin?</description></item><item><title>The password manager to cure lockdown woes</title><link>https://anniequus.com/posts/arduino-password-manager/</link><pubDate>Mon, 25 Oct 2021 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/arduino-password-manager/</guid><description>If you see this (without inspecting source), video tags don't seem to work on your browser mate. Introduction I&amp;rsquo;ll be introducing a roughly two week project that I worked on with two other group mates for a uni subject. The theme we were given was to build something that makes our home smarter or more fun. As a team, we started off with the idea of a password manager and decided to add some small fun elements, that would make this password manager the most fun password manager out there (hopefully).</description></item><item><title>Path to a crypto master, the engineer way</title><link>https://anniequus.com/posts/sub1-ductf2021/</link><pubDate>Sun, 26 Sep 2021 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/sub1-ductf2021/</guid><description>Who knew I&amp;rsquo;d be writing a crypto writeup.
-The Beginning The challenge provides a SageMath bit of code, as well as a cipher text.
-def encrypt(msg, f): return &amp;#39;&amp;#39;.join(chr(f.substitute(c)) for c in msg) P.&amp;lt;x&amp;gt; = PolynomialRing(ZZ) f = 13*x^2 + 3*x + 7 FLAG = open(&amp;#39;./flag.txt&amp;#39;, &amp;#39;rb&amp;#39;).read().strip() enc = encrypt(FLAG, f) print(enc) That&amp;rsquo;s some messy looking cipher text&amp;hellip;
-Understanding the sage Thankfully the SageMath here is nice and short. All that we need to know, is that each character of the flag is thrown into the encryption function f.</description></item><item><title>"Oh yeah Motorola exists" - Revelations made in CSAW CTF 2021</title><link>https://anniequus.com/posts/csaw2021-serial/</link><pubDate>Tue, 21 Sep 2021 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/csaw2021-serial/</guid><description>A mildly interesting challenge that touches (very briefly) on serial communication. But given that the files are .sal files, we can use the trusty old Saleae&amp;rsquo;s logic analyser to help decode everything.
-TL;DR: Use Saleae to extract information, be reminded that Motorola exists and created S-records, break the information down, use Ghidra to disassemble and decompile the machine code, and make sense of everything to eventually obtain the flag.</description></item><item><title>Inefficiently solving GoogleCTF 2021 with Verilog (ModelSim)</title><link>https://anniequus.com/posts/googlectf-parking/</link><pubDate>Sat, 31 Jul 2021 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/googlectf-parking/</guid><description>I unfortunately did not solve this during the competition period, but mildly obsessed over this for about a week after the competition. Here&amp;rsquo;s how I lost way too many hours of sleep.
-TL;DR - Realise this was all just one big digital logic circuit, recognise the different logic gates and connections, build it all in Verilog, solve with some ModelSim bruteforcing, and get enough sleep.
-Introduction The challenge provides us with a zip file containing a python script that takes in some data (level1 / level2) to build the challenge.</description></item><item><title>How HackTheBoxCTF Exposed The Marriage of Saleae And Hardware</title><link>https://anniequus.com/posts/htb-hardware-writeups/</link><pubDate>Mon, 26 Apr 2021 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/htb-hardware-writeups/</guid><description>This will be a writeup of all the hardware challenges in HackTheBoxCTF 2021. Although half the challenges in the category was just figuring out the protocol used, there were some interesting lessons learned.
-The Basics The first three challenges (which I&amp;rsquo;ll just call the basics) were best for getting used to using Saleae, its analysers, and getting a basic understanding of the protocols. This is where the heavy reliance on Saleae (logic analyser alpha) begins.</description></item><item><title>The Writhing South Bass Cover</title><link>https://anniequus.com/posts/tws-bass/</link><pubDate>Fri, 16 Apr 2021 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/tws-bass/</guid><description>A fun song for a fun band. Sex Baby&amp;rsquo;s cover of &amp;ldquo;The Writhing South&amp;rdquo; by Say Anything is out for the public to feast on! A band consisting of a rotation between some mates and I, it was my turn to rock out on the bass for this one.
-The final mix (on bandcamp) The Writhing South by Sex Baby The full line up can be seen on the bandcamp page of the track itself.</description></item></channel></rss>
\ No newline at end of file
+<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Posts on Equus 🐴 (Annie)</title><link>https://anniequus.com/posts/</link><description>Recent content in Posts on Equus 🐴 (Annie)</description><generator>Hugo</generator><language>en-au</language><lastBuildDate>Sun, 05 Nov 2023 00:00:00 +0000</lastBuildDate><atom:link href="https://anniequus.com/posts/index.xml" rel="self" type="application/rss+xml"/><item><title>Wacky Windows Environment Variables</title><link>https://anniequus.com/posts/wacky-windows-env-variables/</link><pubDate>Sun, 05 Nov 2023 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/wacky-windows-env-variables/</guid><description>&lt;h2 id="introduction">Introduction&lt;/h2>
+&lt;p>Picture this - you&amp;rsquo;ve been blessed with the task of dissecting a binary written in C++ that looks like the following:&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;">&lt;code class="language-C++" data-lang="C++">&lt;span style="display:flex;">&lt;span>&lt;span style="color:#75715e">#include&lt;/span> &lt;span style="color:#75715e">&amp;lt;iostream&amp;gt;&lt;/span>&lt;span style="color:#75715e">
+&lt;/span>&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>&lt;span style="color:#75715e">&lt;/span>&lt;span style="color:#66d9ef">using&lt;/span> &lt;span style="color:#66d9ef">namespace&lt;/span> std;
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>&lt;span style="color:#66d9ef">void&lt;/span> &lt;span style="color:#a6e22e">admin&lt;/span>() {
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> cout &lt;span style="color:#f92672">&amp;lt;&amp;lt;&lt;/span> &lt;span style="color:#e6db74">&amp;#34;There is no DEMO - signs of an admin!&amp;#34;&lt;/span>;
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>}
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>&lt;span style="color:#66d9ef">void&lt;/span> &lt;span style="color:#a6e22e">user&lt;/span>() {
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> cout &lt;span style="color:#f92672">&amp;lt;&amp;lt;&lt;/span> &lt;span style="color:#e6db74">&amp;#34;I see a DEMO variable - signs of a regular user&amp;#34;&lt;/span>;
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>}
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>&lt;span style="color:#66d9ef">int&lt;/span> &lt;span style="color:#a6e22e">main&lt;/span>() {
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> &lt;span style="color:#66d9ef">char&lt;/span>&lt;span style="color:#f92672">*&lt;/span> check;
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> check &lt;span style="color:#f92672">=&lt;/span> getenv(&lt;span style="color:#e6db74">&amp;#34;DEMO&amp;#34;&lt;/span>);
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> &lt;span style="color:#66d9ef">if&lt;/span> (check &lt;span style="color:#f92672">!=&lt;/span> NULL) {
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> user();
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> }
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> &lt;span style="color:#66d9ef">else&lt;/span> 
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> admin();
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>}
+&lt;/span>&lt;/span>&lt;/code>&lt;/pre>&lt;/div>&lt;p>What is it even doing, and is it possible to get to admin without being an admin? This post will look into some interesting Windows environment variable behaviours, and how they can be used to bypass application logic.&lt;/p></description></item><item><title>The password manager to cure lockdown woes</title><link>https://anniequus.com/posts/arduino-password-manager/</link><pubDate>Mon, 25 Oct 2021 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/arduino-password-manager/</guid><description>&lt;video controls>
+ &lt;source src="media/FinalPresVideo.mp4" type="audio/mp4">
+ If you see this (without inspecting source), video tags don't seem to work on your browser mate.
+&lt;/video>
+
+&lt;h2 id="introduction">Introduction&lt;/h2>
+&lt;p>I&amp;rsquo;ll be introducing a roughly two week project that I worked on with two other group mates for a uni subject. The theme we were given was to build something that makes our home smarter or more fun. As a team, we started off with the idea of a password manager and decided to add some small fun elements, that would make this password manager the most fun password manager out there (hopefully).
+This page will talk about the technical side of the password manager system itself in more detail than the video, as well as a bit about editing (with a tiny bit of animating) a video.&lt;/p></description></item><item><title>Path to a crypto master, the engineer way</title><link>https://anniequus.com/posts/sub1-ductf2021/</link><pubDate>Sun, 26 Sep 2021 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/sub1-ductf2021/</guid><description>&lt;p>
+
+
+
+
+&lt;img src="media/chall.png" alt="Challenge info" loading="lazy"/>
+
+Who knew I&amp;rsquo;d be writing a crypto writeup.&lt;/p>
+&lt;h2 id="the-beginning">The Beginning&lt;/h2>
+&lt;p>The challenge provides a SageMath bit of code, as well as a cipher text.&lt;/p>
+&lt;div class="highlight">&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;">&lt;code class="language-py" data-lang="py">&lt;span style="display:flex;">&lt;span>&lt;span style="color:#66d9ef">def&lt;/span> &lt;span style="color:#a6e22e">encrypt&lt;/span>(msg, f):
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> &lt;span style="color:#66d9ef">return&lt;/span> &lt;span style="color:#e6db74">&amp;#39;&amp;#39;&lt;/span>&lt;span style="color:#f92672">.&lt;/span>join(chr(f&lt;span style="color:#f92672">.&lt;/span>substitute(c)) &lt;span style="color:#66d9ef">for&lt;/span> c &lt;span style="color:#f92672">in&lt;/span> msg)
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>P&lt;span style="color:#f92672">.&amp;lt;&lt;/span>x&lt;span style="color:#f92672">&amp;gt;&lt;/span> &lt;span style="color:#f92672">=&lt;/span> PolynomialRing(ZZ)
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>f &lt;span style="color:#f92672">=&lt;/span> &lt;span style="color:#ae81ff">13&lt;/span>&lt;span style="color:#f92672">*&lt;/span>x&lt;span style="color:#f92672">^&lt;/span>&lt;span style="color:#ae81ff">2&lt;/span> &lt;span style="color:#f92672">+&lt;/span> &lt;span style="color:#ae81ff">3&lt;/span>&lt;span style="color:#f92672">*&lt;/span>x &lt;span style="color:#f92672">+&lt;/span> &lt;span style="color:#ae81ff">7&lt;/span>
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>FLAG &lt;span style="color:#f92672">=&lt;/span> open(&lt;span style="color:#e6db74">&amp;#39;./flag.txt&amp;#39;&lt;/span>, &lt;span style="color:#e6db74">&amp;#39;rb&amp;#39;&lt;/span>)&lt;span style="color:#f92672">.&lt;/span>read()&lt;span style="color:#f92672">.&lt;/span>strip()
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>enc &lt;span style="color:#f92672">=&lt;/span> encrypt(FLAG, f)
+&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>print(enc)
+&lt;/span>&lt;/span>&lt;/code>&lt;/pre>&lt;/div>&lt;p>
+
+
+
+
+&lt;img src="media/CipherText.png" alt="Hex output of cipher text" loading="lazy"/>
+
+That&amp;rsquo;s some messy looking cipher text&amp;hellip;&lt;/p>
+&lt;h3 id="understanding-the-sage">Understanding the sage&lt;/h3>
+&lt;p>Thankfully the SageMath here is nice and short. All that we need to know, is that each character of the flag is thrown into the encryption function &lt;code>f&lt;/code>. So to reverse it, we just do the opposite.&lt;br>
+Since the values were obtained by substituting each character into &lt;code>13*x^2 + 3*x + 7&lt;/code>, to get x back, we solve &lt;code>13*x^2 + 3*x + 7 = &amp;lt;encrypted num&amp;gt;&lt;/code>.&lt;/p></description></item><item><title>"Oh yeah Motorola exists" - Revelations made in CSAW CTF 2021</title><link>https://anniequus.com/posts/csaw2021-serial/</link><pubDate>Tue, 21 Sep 2021 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/csaw2021-serial/</guid><description>&lt;img src="media/ChallInfo.png" alt="Challenge info" loading="lazy"/>
+
+&lt;p>A mildly interesting challenge that touches (very briefly) on serial communication. But given that the files are .sal files, we can use the trusty old Saleae&amp;rsquo;s logic analyser to help decode everything.&lt;/p>
+&lt;p>TL;DR: Use Saleae to &lt;a href="#extraction">extract information&lt;/a>, &lt;a href="#research">be reminded that Motorola exists&lt;/a> and created S-records, &lt;a href="#apply">break the information down&lt;/a>, &lt;a href="#loading-up-ghidra">use Ghidra&lt;/a> to disassemble and decompile the machine code, and &lt;a href="#trust-the-python">make sense of everything&lt;/a> to eventually obtain the flag.&lt;/p>
+&lt;h2 id="introduction">Introduction&lt;/h2>
+&lt;p>The challenge gives us two .sal files, and based solely on the challenge description, capture.sal gives us a function block, and key.sal gives us a key of some kind. This seems pretty straight forward, so time to get on extracting.&lt;/p></description></item><item><title>Inefficiently solving GoogleCTF 2021 with Verilog (ModelSim)</title><link>https://anniequus.com/posts/googlectf-parking/</link><pubDate>Sat, 31 Jul 2021 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/googlectf-parking/</guid><description>&lt;img src="media/challenge.png" alt="Challenge info" loading="lazy"/>
+
+&lt;p>I unfortunately did not solve this during the competition period, but mildly obsessed over this for about a week after the competition. Here&amp;rsquo;s how I lost way too many hours of sleep.&lt;/p>
+&lt;p>TL;DR - Realise this was all just &lt;a href="#diving-deeper">one big digital logic circuit&lt;/a>, recognise the different &lt;a href="#junction-types">logic gates and connections&lt;/a>, &lt;a href="#building-with-verilog">build it all&lt;/a> in Verilog, solve with some &lt;a href="#writing-the-testbench">ModelSim bruteforcing&lt;/a>, and get enough sleep.&lt;/p>
+&lt;h2 id="introduction">Introduction&lt;/h2>
+&lt;p>The challenge provides us with a &lt;a href="https://github.com/google/google-ctf/tree/master/2021/quals/hw-parking/attachments" target="_blank" rel="noreferrer">zip file&lt;/a>
+ containing a python script that takes in some data (level1 / level2) to build the challenge. run.sh just serves as an easy way to progress from level1 to level2.&lt;/p></description></item><item><title>How HackTheBoxCTF Exposed The Marriage of Saleae And Hardware</title><link>https://anniequus.com/posts/htb-hardware-writeups/</link><pubDate>Mon, 26 Apr 2021 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/htb-hardware-writeups/</guid><description>&lt;p>This will be a writeup of all the hardware challenges in HackTheBoxCTF 2021. Although half the challenges in the category was just figuring out the protocol used, there were some interesting lessons learned.&lt;/p>
+&lt;h2 id="the-basics">The Basics&lt;/h2>
+&lt;p>The first three challenges (which I&amp;rsquo;ll just call the basics) were best for getting used to using Saleae, its analysers, and getting a basic understanding of the protocols. This is where the heavy reliance on Saleae (logic analyser alpha) begins.&lt;/p></description></item><item><title>The Writhing South Bass Cover</title><link>https://anniequus.com/posts/tws-bass/</link><pubDate>Fri, 16 Apr 2021 00:00:00 +0000</pubDate><guid>https://anniequus.com/posts/tws-bass/</guid><description>&lt;p>A fun song for a fun band. Sex Baby&amp;rsquo;s cover of &amp;ldquo;The Writhing South&amp;rdquo; by Say Anything is out for the public to feast on!
+A band consisting of a rotation between some mates and I, it was my turn to rock out on the bass for this one.&lt;/p>
+&lt;p>The final mix (on bandcamp)
+&lt;iframe sandbox="allow-scripts allow-same-origin allow-forms" title="The Writhing South Cover on Bandcamp" style="border: 0; width: 100%;" src="https://bandcamp.com/EmbeddedPlayer/track=4231765701/size=large/bgcol=ffffff/linkcol=06783c/tracklist=false/artwork=small/transparent=true/" seamless>&lt;a href="https://sexbaby.bandcamp.com/track/the-writhing-south">The Writhing South by Sex Baby&lt;/a>&lt;/iframe>
+
+The full line up can be seen on the bandcamp page of the track itself.&lt;/p></description></item></channel></rss>
\ No newline at end of file