Computer Science

Recently, I was stuck trying to understand how Firebase gRPC calls worked and how I could generate, modify, and replay them. Trapping and modifying existing gRPC traffic was not working well. Finally, I took a step back and spent some time learning how to build and debug simple Firebase applications. This approach helped me tremendously, and I was able to make further progress with my original task quickly. Solution You may find the following code sample useful when reversing/debugging Firebase applications. ...

Here is a quick script to verify that the certificate chain is valid and will work. % cat verify-cert-key.sh #!/usr/bin/env bash certFile="${1}" keyFile="${2}" caFile="${3}" certPubKey="$(openssl x509 -noout -pubkey -in "${certFile}")" keyPubKey="$(openssl pkey -pubout -in "${keyFile}")" if [[ "${certPubKey}" == "${keyPubKey}" ]] then echo "PASS: key and cert match" else echo "FAIL: key and cert DO NOT match" fi openssl verify -CAfile "${3}" "${1}"

Aim Finding 'Heartbleed' class of bugs with taint analysis. Background reading: https://heartbleed.com/ Motivation While Coverity is now able to detect this bug, we wanted to evaluate the state of open-source security tooling in 2024. Have we been able to reduce the cost of finding such bugs after all these years? The Idea Can we find an execution path from the tainted data in the n2s function to sensitive functions? Since n2s typically operates on network received bytes, it can serve as a taint source. ...