- Category: Web
- Impact: Medium
- Solves: 20
from qiskit import Aer, ClassicalRegister, QuantumCircuit, QuantumRegister, execute | |
from qiskit.tools.monitor import job_monitor | |
from random import choice, randint # from qiskit.circuit.library import U3Gate | |
chunk_size = 16 | |
expected_key_length = 10 | |
delta = 2 * chunk_size | |
roundtrips = (4 * expected_key_length + delta) // chunk_size | |
alice_qubits = QuantumRegister(chunk_size, name="q") | |
alice_bases = ClassicalRegister(chunk_size, name="b") |
Develop an AI prompt that solves random 12-token instances of the A::B problem (defined here), with 90%+ success rate.
We'll use your prompt as the SYSTEM PROMPT, and a specific instance of problem as the PROMPT, inside XML tags. Example:
XZ Backdoor symbol deobfuscation. Updated as i make progress |
This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.
On March 29th, 2024, a backdoor was discovered in xz-utils, a suite of software that
// 3D Dom viewer, copy-paste this into your console to visualise the DOM as a stack of solid blocks. | |
// You can also minify and save it as a bookmarklet (https://www.freecodecamp.org/news/what-are-bookmarklets/) | |
(() => { | |
const SHOW_SIDES = false; // color sides of DOM nodes? | |
const COLOR_SURFACE = true; // color tops of DOM nodes? | |
const COLOR_RANDOM = false; // randomise color? | |
const COLOR_HUE = 190; // hue in HSL (https://hslpicker.com) | |
const MAX_ROTATION = 180; // set to 360 to rotate all the way round | |
const THICKNESS = 20; // thickness of layers | |
const DISTANCE = 10000; // ¯\\_(ツ)_/¯ |
- CTFtime: https://ctftime.org/event/2165
- 10 solves / 334 points
- Author: strell
- Make a malicious profile:
Vulnerable emulator is Project 64 1.6.x/1.7. 2 vulnerabilities can be used to gain arbitrary code execution from emulation container from N64 ROM.
- Container escape and arbitrary writes from N64 ROM outside of designated N64 RAM
Vulnerable function Compile_R4300i_SB and its friends Compile_R4300i_S*
https://github.com/zeromus/pj64/blob/master/RecompilerOps.cpp#L1955C6-L2024
If non const Opcode.base
is used to avoid condition at 1961-1971 which does checks properly, we can
load from volatile address addr (compiled to MIPS asm inside ROM):