About This Blog.

Posted on 07 Jul 2019 by Aadi Bajpai

Last updated 11 Jan 2022 at 4:58 pm
permalink
Pinned post

Hello

Welcome to my blog. Some old posts may be found on Medium, but I don't like Medium anymore because too much pay to play.

I love this blog, although it is a relative pain to maintain, purely because of this retro "big-brain" vibe it has going on.

The source code of this blog is at https://github.com/aadibajpai/blog. It is composed solely of linux utilities and I am a Windows pleb unfortunately. This meant configuring a lot of stuff to work with wsl and figuring out how to run the Windows Sublime Text program from inside wsl to create and edit posts like this one. Previously, I used to actually ssh into a linux server just to run the blog, that's how much I like it.

This also serves as a test blog post because it will be built each time so I can see if something broken.

Lorem Ipsum or whatever. Random styling things now.

import __hello__ # This should be inline code

Now, let's try a code block.

from __future__ import braces
import antigravity
if x.startswith('java'):
	x = 'suck'  # check indents rendered
# A few Python easter eggs and also an example of a code block

italics and bold and strikethrough within a blockquote

Thanks for visiting, stay to read a couple of posts :)

If you have something to say about this blog (appreciation appreciated, criticism appreciated even more not really) then please go ahead and contact me at [email protected]

A huge thanks to my padawans, Nils André-Chang and Uzay Girit for adding some important functionality to this. Nils contributed the named links feature, which allows for posts to have simple, easy-to-remember links like this one. Uzay fixed a few overflow errors which were quite annoying and absolutely broke styling on mobile.

Sophomore Fall Semester

Posted on 31 Dec 2021 by Aadi Bajpai

Last updated 08 Jan 2022 at 9:11 pm
permalink

It has been a while since I wrote something and I wanted to remedy that. I figured I could write more and less, as in more posts but shorter in length and content. To that end, writing about my past semester academically while it is mostly fresh in my mind seemed to be a good idea, I had planned to write something for my spring semester along the lines of what classes I took, how I did, what I thought of them and so on but it never ended up happening. I also think writing about classes and such is good because it's not that interesting to read about college classes but easy to write on since it's just my experience.

This semester I took 17 hours worth of classes:

I am not going to talk about them in an organized manner with nice subheadings because that doesn't seem fun, I will talk about them in order though. There isn't much to say about some of them but for the others I could talk a fair bit. Let us start.

Read the entire post

VandyHacks VII vh quest Creator's Writeup

Posted on 07 Oct 2020 by Aadi Bajpai

Last updated 11 Dec 2020 at 7:46 am
permalink

Last week was VandyHacks VII, Vanderbilt's cool annual hackathon. It was awesome, I had a great time with great people. I was the only Fall recruit to the VandyHacks board, and I knew I had to underpromise and overdeliver. Thus was born the squirrel from VandyHacks. I wanted to chronicle a part of it for posterity, so here we are, approximately a month and 1250 words later.

What is the squirrel from VandyHacks?

"the squirrel from VandyHacks" is a very special Discord bot created for VandyHacks VII with a slew of commands and easter eggs to enhance hacker engagement and provide key hackathon info right on Discord. Without delving too much into all that, the important idea is that I baked in a vh quest command that essentially activated an 8 challenge long mini CTF. Why this was a good idea, I'm not sure but it got a good response so yay.

If you're curious about the bot, look at it at https://github.com/VandyHacks/the-squirrel-from-VandyHacks.

Here’s like the top three most used commands in the hackathon Discord server, just so there is a record (I also wanted to use a markdown table). I think the schedule command especially was way more popular than I expected.

command uses
vh pat 1391
vh schedule 249
vh when 145

Quest challenges

The challenges, the flags and some of the motivation behind each of them.

Level 0

welcome to vh quest! this is a ctf-style, fun treasure hunt where you look for flags like vh{yes_this_is_a_flag_hehe} hidden in places with cryptic clues to advance to the next level. Flags are always in the vh{} format. Feel free to reach out for hints and good luck on your quest! <:vh_heart:>

Read the entire post

Google Summer of Code Phase 1

Posted on 05 Jul 2020 by Aadi Bajpai

Last updated 17 Jul 2020 at 11:17 am
permalink

The first phase of GSoC concluded recently (I passed!) and I wanted to talk about the things I did so far and the process to this point.

Background

I got selected as a student for the Google Summer of Code program. You can find my proposal at https://aadibajpai.com/gsoc/. Since I go into detail in some places, reading the proposal once would make it easier to follow along as it provides important context. For phase 1, there were 3 major tracks: Logging x Notifications, Testing, and fixing a security flaw in the backend, along with a few minor tracks.

The initial application had gone by a bit fast, since I officially enrolled just a day before the application deadline. But well, I was able to apply successfully, got selected and here we are.

Community Bonding Period

Being well acquainted with the org and my mentors already, I directly began to work through my proposal during this period. I cleaned up some of the issues and pull requests—although I am saving most of them for use in later stages. Then, I made new releases for SwagLyrics and SwSpotify. The SwagLyrics Chrome Extension was also published! It adds support for the Spotify Web Player on SwagLyrics which was a long awaited feature.

More notably, I managed to complete an important major track in this time, there was a very weird unreproducible error occurring in swaglyrics that had been haunting us for a month or so. One day I stayed up, analyzed everything from the ground up and discovered that Genius had been A/B testing a new page format, which broke our parser whenever the new version was sent which was random and location dependent. Then, it was basically isolating the new html and parsing the new format. Now the worst part about this was that it wasn't anything we could handle in advance or even figure out, but I'm glad we caught it when we did if not sooner.

Read the entire post

castorsCTF 2020 Writeups

Posted on 31 May 2020 by Aadi Bajpai

Last updated 15 Jun 2020 at 1:30 pm
permalink

My CTF team Pwnzorz recently won castorsCTF20 🥳

Here are the writeups for the challenges I did for verification. I've tried to go into detail where possible but feel free to hit me up for a clarification if you don't understand what I did or the thought process, which, in my opinion, is the most important part of solving a challenge.

Let's get started.

Read the entire post

WPICTF 2020 Writeup(s)

Posted on 20 Apr 2020 by Aadi Bajpai

Last updated 20 Apr 2020 at 8:43 am
permalink

A couple of days ago, me and a couple of other GCI winners decided to participate in the WPI CTF out of quarantine boredness, we ended up finishing #14 which I think was pretty great since we were all just doing it for fun.

This is a writeup for the Luna steganography challenge, because that's the one I found the most interesting.

Luna

They say the full moon makes people go crazy... hopefully this stego won't have the same effect on you!

Luna

So as you see, we start off with a Luna.tar.xz file which on decompressing gives a Luna.tar file which on further unzipping gives a file named 1.png and a zipped folder with two password protected files—Just In Case.png and jut.

Clearly, we're supposed to start out with 1.png which in looks is nothing but an all white image.

1.png

I ran the stegoveritas tool on it to examine further and it printed a lot of metadata and exif info and carved out a couple of .zlib files. Interestingly, the metadata had 2 fields that stood out:

  1. StudyPhysician: awcIsALegendAndIHopeThisIsAStrongPasswordJackTheRipperBegone
  2. Description: oops, all #FFD2A4#

From the first, we have our password! The jut file seemed absolute gibberish while Just In Case.png was a screenshot from gimp.

Just In Case

Looking at jut from a hex editor, the first 3 characters were interesting: BPS

Upon googling, a .bps file is one used to patch ROMs on SNES emulators and stuff so I downloaded Flips, a patcher for BPS files.

I tried to patch jut on 1.png but welp, no dice.

Circling back, we hadn't yet used the 2nd line from metadata nor Just In Case.png so it has to do something with those.

Read the entire post