About This Blog.

Posted on 08 Jul 2019 by Aadi Bajpai

Last updated 18 Nov 2020 at 8:54 pm
permalink
Pinned post

Hello

Welcome to my blog. Some old posts may be found on Medium, but I don't like Medium anymore because too much pay to play.

I love this blog, although it is a relative pain to maintain, purely because of this retro "big-brain" vibe it has going on.

The source code of this blog is at https://github.com/aadibajpai/blog. It is composed solely of linux utilities and I am a Windows pleb unfortunately. This meant configuring a lot of stuff to work with wsl and figuring out how to run the Windows Sublime Text program from inside wsl to create and edit posts like this one. Previously, I used to actually ssh into a linux server just to run the blog, that's how much I like it.

This also serves as a test blog post because it will be built each time so I can see if something broken.

Lorem Ipsum or whatever. Random styling things now.

import __hello__ # This should be inline code

Now, let's try a code block.

from __future__ import braces
import antigravity
if x.startswith('java'):
	x = 'suck'  # check indents rendered
# A few Python easter eggs and also an example of a code block

italics and bold and strikethrough within a blockquote

Thanks for visiting, stay to read a couple of posts :)

If you have something to say about this blog (appreciation appreciated, criticism appreciated even more not really) then please go ahead and contact me at [email protected]

A huge thanks to my padawans, Nils André-Chang and Uzay Girit for adding some important functionality to this. Nils contributed the named links feature, which allows for posts to have simple, easy-to-remember links like this one. Uzay fixed a few overflow errors which were quite annoying and absolutely broke styling on mobile.

VandyHacks VII vh quest Creator's Writeup

Posted on 08 Oct 2020 by Aadi Bajpai

Last updated 22 Nov 2020 at 6:40 pm
permalink

Last week was VandyHacks VII, Vanderbilt's cool annual hackathon. It was awesome, I had a great time with great people. I was the only Fall recruit to the VandyHacks board, and I knew I had to underpromise and overdeliver. Thus was born the squirrel from VandyHacks. I wanted to chronicle a part of it for posterity, so here we are, approximately a month and 1250 words later.

What is the squirrel from VandyHacks?

"the squirrel from VandyHacks" is a very special Discord bot created for VandyHacks VII with a slew of commands and easter eggs to enhance hacker engagement and provide key hackathon info right on Discord. Without delving too much into all that, the important idea is that I baked in a vh quest command that essentially activated an 8 challenge long mini CTF. Why this was a good idea, I'm not sure but it got a good response so yay.

If you're curious about the bot, look at it at https://github.com/VandyHacks/the-squirrel-from-VandyHacks.

Here’s like the top three most used commands in the hackathon Discord server, just so there is a record (I also wanted to use a markdown table). I think the schedule command especially was way more popular than I expected.

command uses
vh pat 1391
vh schedule 249
vh when 145

Quest challenges

The challenges, the flags and some of the motivation behind each of them.

Level 0

welcome to vh quest! this is a ctf-style, fun treasure hunt where you look for flags like vh{yes_this_is_a_flag_hehe} hidden in places with cryptic clues to advance to the next level. Flags are always in the vh{} format. Feel free to reach out for hints and good luck on your quest! <:vh_heart:>

Read the entire post

Google Summer of Code Phase 1

Posted on 05 Jul 2020 by Aadi Bajpai

Last updated 17 Jul 2020 at 9:47 pm
permalink

The first phase of GSoC concluded recently (I passed!) and I wanted to talk about the things I did so far and the process to this point.

Background

I got selected as a student for the Google Summer of Code program. You can find my proposal at https://aadibajpai.com/gsoc/. Since I go into detail in some places, reading the proposal once would make it easier to follow along as it provides important context. For phase 1, there were 3 major tracks: Logging x Notifications, Testing, and fixing a security flaw in the backend, along with a few minor tracks.

The initial application had gone by a bit fast, since I officially enrolled just a day before the application deadline. But well, I was able to apply successfully, got selected and here we are.

Community Bonding Period

Being well acquainted with the org and my mentors already, I directly began to work through my proposal during this period. I cleaned up some of the issues and pull requests—although I am saving most of them for use in later stages. Then, I made new releases for SwagLyrics and SwSpotify. The SwagLyrics Chrome Extension was also published! It adds support for the Spotify Web Player on SwagLyrics which was a long awaited feature.

More notably, I managed to complete an important major track in this time, there was a very weird unreproducible error occurring in swaglyrics that had been haunting us for a month or so. One day I stayed up, analyzed everything from the ground up and discovered that Genius had been A/B testing a new page format, which broke our parser whenever the new version was sent which was random and location dependent. Then, it was basically isolating the new html and parsing the new format. Now the worst part about this was that it wasn't anything we could handle in advance or even figure out, but I'm glad we caught it when we did if not sooner.

Read the entire post

castorsCTF 2020 Writeups

Posted on 01 Jun 2020 by Aadi Bajpai

Last updated 16 Jun 2020 at 12:00 am
permalink

My CTF team Pwnzorz recently won castorsCTF20 🥳

Here are the writeups for the challenges I did for verification. I've tried to go into detail where possible but feel free to hit me up for a clarification if you don't understand what I did or the thought process, which, in my opinion, is the most important part of solving a challenge.

Let's get started.

Read the entire post

WPICTF 2020 Writeup(s)

Posted on 20 Apr 2020 by Aadi Bajpai

Last updated 20 Apr 2020 at 7:13 pm
permalink

A couple of days ago, me and a couple of other GCI winners decided to participate in the WPI CTF out of quarantine boredness, we ended up finishing #14 which I think was pretty great since we were all just doing it for fun.

This is a writeup for the Luna steganography challenge, because that's the one I found the most interesting.

Luna

They say the full moon makes people go crazy... hopefully this stego won't have the same effect on you!

Luna

So as you see, we start off with a Luna.tar.xz file which on decompressing gives a Luna.tar file which on further unzipping gives a file named 1.png and a zipped folder with two password protected files—Just In Case.png and jut.

Clearly, we're supposed to start out with 1.png which in looks is nothing but an all white image.

1.png

I ran the stegoveritas tool on it to examine further and it printed a lot of metadata and exif info and carved out a couple of .zlib files. Interestingly, the metadata had 2 fields that stood out:

  1. StudyPhysician: awcIsALegendAndIHopeThisIsAStrongPasswordJackTheRipperBegone
  2. Description: oops, all #FFD2A4#

From the first, we have our password! The jut file seemed absolute gibberish while Just In Case.png was a screenshot from gimp.

Just In Case

Looking at jut from a hex editor, the first 3 characters were interesting: BPS

Upon googling, a .bps file is one used to patch ROMs on SNES emulators and stuff so I downloaded Flips, a patcher for BPS files.

I tried to patch jut on 1.png but welp, no dice.

Circling back, we hadn't yet used the 2nd line from metadata nor Just In Case.png so it has to do something with those.

Read the entire post

How To Google Code-in

Posted on 12 Jul 2019 by Aadi Bajpai

Last updated 01 Nov 2020 at 7:39 am
permalink

June 2020 (and probably final) edit: Google Code-in has now been discontinued.

As much as I'd like to say my disappointment is immeasurable and my day has been ruined, I'm just grateful for the amazing people I got to meet and the fun stuff I got to do directly or indirectly through the program. If you're reading this in expectation of GCI, I wish you luck in your endeavours :)

Ultimately, here is a testimonial from Dylan Iskandar, GCI GPW 2019:

ngl tho that article saved my ass


I originally wrote this way back in early 2018 but it's still valid today.

Googleplex - where the winners go

If you read this in time for Code-in 2019 and are aged between 13 to 17, you might be in luck, for this post might just help you out. It would’ve made it easier for me too, if this existed before I won. I list some pro tips that I feel would be useful in order to fully experience GCI.

The aim of the contest is to simply encourage young developers to get started with open-source. Interestingly, unlike other contests, not everyone participates in GCI to truly win. Yes, I hear you, the Grand Prize is an all expenses paid 4 days trip to fucking Googleplex and here you see me saying some people don’t really concentrate on that. It is true though, a participant can approach Code-in two ways-

  1. Quickly complete 3 noob tasks (including 2 beginner tasks) which guarantees you a Google Code-in t-shirt and call it quits. It’s that simple, you could do that in just a day.

  2. Work constantly through the 7 weeks and go all in hoping for the big prize.

Unsurprisingly, most people go with the first option. Google Code-in 2017 had 3555 students who completed 16468 tasks. That averages to a bit over 4 tasks per student. (I did 21 - and that’s just the tasks I could claim)

Read the entire post