Posted on 07 Jul 2019 by Aadi Bajpai
Last updated 11 Jan 2022 at 4:58 pmWelcome to my blog. Some old posts may be found on Medium, but I don't like Medium anymore because too much pay to play.
I love this blog, although it is a relative pain to maintain, purely because of this retro "big-brain" vibe it has going on.
The source code of this blog is at https://github.com/aadibajpai/blog. It is composed solely of linux utilities and I am a Windows pleb unfortunately. This meant configuring a lot of stuff to work with wsl and figuring out how to run the Windows Sublime Text program from inside wsl to create and edit posts like this one. Previously, I used to actually ssh into a linux server just to run the blog, that's how much I like it.
This also serves as a test blog post because it will be built each time so I can see if something broken.
Lorem Ipsum or whatever. Random styling things now.
import __hello__ # This should be inline code
Now, let's try a code block.
from __future__ import braces
import antigravity
if x.startswith('java'):
x = 'suck' # check indents rendered
# A few Python easter eggs and also an example of a code block
italics and bold and
strikethroughwithin a blockquote
Thanks for visiting, stay to read a couple of posts :)
If you have something to say about this blog (appreciation appreciated, criticism appreciated even more not really) then please go ahead and contact me at [email protected]
A huge thanks to my padawans, Nils André-Chang and Uzay Girit for adding some important functionality to this. Nils contributed the named links feature, which allows for posts to have simple, easy-to-remember links like this one. Uzay fixed a few overflow errors which were quite annoying and absolutely broke styling on mobile.
Posted on 31 Dec 2021 by Aadi Bajpai
Last updated 08 Jan 2022 at 9:11 pmIt has been a while since I wrote something and I wanted to remedy that. I figured I could write more and less, as in more posts but shorter in length and content. To that end, writing about my past semester academically while it is mostly fresh in my mind seemed to be a good idea, I had planned to write something for my spring semester along the lines of what classes I took, how I did, what I thought of them and so on but it never ended up happening. I also think writing about classes and such is good because it's not that interesting to read about college classes but easy to write on since it's just my experience.
This semester I took 17 hours worth of classes:
I am not going to talk about them in an organized manner with nice subheadings because that doesn't seem fun, I will talk about them in order though. There isn't much to say about some of them but for the others I could talk a fair bit. Let us start.
Read the entire postPosted on 07 Oct 2020 by Aadi Bajpai
Last updated 11 Dec 2020 at 7:46 amLast week was VandyHacks VII, Vanderbilt's cool annual hackathon. It was awesome, I had a great time with great people. I was the only Fall recruit to the VandyHacks board, and I knew I had to underpromise and overdeliver. Thus was born the squirrel from VandyHacks. I wanted to chronicle a part of it for posterity, so here we are, approximately a month and 1250 words later.
"the squirrel from VandyHacks" is a very special Discord bot created for VandyHacks VII with a slew of commands and easter eggs to enhance hacker engagement and provide key hackathon info right on Discord. Without delving too much into all that, the important idea is that I baked in a vh quest
command that essentially activated an 8 challenge long mini CTF. Why this was a good idea, I'm not sure but it got a good response so yay.
If you're curious about the bot, look at it at https://github.com/VandyHacks/the-squirrel-from-VandyHacks.
Here’s like the top three most used commands in the hackathon Discord server, just so there is a record (I also wanted to use a markdown table). I think the schedule command especially was way more popular than I expected.
command | uses |
---|---|
vh pat | 1391 |
vh schedule | 249 |
vh when | 145 |
The challenges, the flags and some of the motivation behind each of them.
Read the entire postwelcome to vh quest! this is a ctf-style, fun treasure hunt where you look for flags like
vh{yes_this_is_a_flag_hehe}
hidden in places with cryptic clues to advance to the next level. Flags are always in the vh{} format. Feel free to reach out for hints and good luck on your quest! <:vh_heart:>
Posted on 05 Jul 2020 by Aadi Bajpai
Last updated 17 Jul 2020 at 11:17 amThe first phase of GSoC concluded recently (I passed!) and I wanted to talk about the things I did so far and the process to this point.
I got selected as a student for the Google Summer of Code program. You can find my proposal at https://aadibajpai.com/gsoc/. Since I go into detail in some places, reading the proposal once would make it easier to follow along as it provides important context. For phase 1, there were 3 major tracks: Logging x Notifications, Testing, and fixing a security flaw in the backend, along with a few minor tracks.
The initial application had gone by a bit fast, since I officially enrolled just a day before the application deadline. But well, I was able to apply successfully, got selected and here we are.
Being well acquainted with the org and my mentors already, I directly began to work through my proposal during this period. I cleaned up some of the issues and pull requests—although I am saving most of them for use in later stages. Then, I made new releases for SwagLyrics and SwSpotify. The SwagLyrics Chrome Extension was also published! It adds support for the Spotify Web Player on SwagLyrics which was a long awaited feature.
More notably, I managed to complete an important major track in this time, there was a very weird unreproducible error occurring in swaglyrics that had been haunting us for a month or so. One day I stayed up, analyzed everything from the ground up and discovered that Genius had been A/B testing a new page format, which broke our parser whenever the new version was sent which was random and location dependent. Then, it was basically isolating the new html and parsing the new format. Now the worst part about this was that it wasn't anything we could handle in advance or even figure out, but I'm glad we caught it when we did if not sooner.
Read the entire postPosted on 31 May 2020 by Aadi Bajpai
Last updated 15 Jun 2020 at 1:30 pmMy CTF team Pwnzorz recently won castorsCTF20 🥳
Here are the writeups for the challenges I did for verification. I've tried to go into detail where possible but feel free to hit me up for a clarification if you don't understand what I did or the thought process, which, in my opinion, is the most important part of solving a challenge.
Let's get started.
Read the entire postPosted on 20 Apr 2020 by Aadi Bajpai
Last updated 20 Apr 2020 at 8:43 amA couple of days ago, me and a couple of other GCI winners decided to participate in the WPI CTF out of quarantine boredness, we ended up finishing #14 which I think was pretty great since we were all just doing it for fun.
This is a writeup for the Luna steganography challenge, because that's the one I found the most interesting.
They say the full moon makes people go crazy... hopefully this stego won't have the same effect on you!
So as you see, we start off with a Luna.tar.xz
file which on decompressing gives a Luna.tar
file which on further unzipping gives a file named 1.png
and a zipped folder with two password protected files—Just In Case.png
and jut
.
Clearly, we're supposed to start out with 1.png
which in looks is nothing but an all white image.
I ran the stegoveritas tool on it to examine further and it printed a lot of metadata and exif info and carved out a couple of .zlib
files. Interestingly, the metadata had 2 fields that stood out:
StudyPhysician: awcIsALegendAndIHopeThisIsAStrongPasswordJackTheRipperBegone
Description: oops, all #FFD2A4#
From the first, we have our password! The jut
file seemed absolute gibberish while Just In Case.png
was a screenshot from gimp.
Looking at jut
from a hex editor, the first 3 characters were interesting: BPS
Upon googling, a .bps file is one used to patch ROMs on SNES emulators and stuff so I downloaded Flips, a patcher for BPS files.
I tried to patch jut
on 1.png
but welp, no dice.
Circling back, we hadn't yet used the 2nd line from metadata nor Just In Case.png
so it has to do something with those.