https://archive.is/zYuHd
Readit Newskhangaroo commented on What kids told us about how to get them off their phones theatlantic.com/ideas/arc... · Posted by u/jc_811
khangaroo commented on "This question has been retired" learn.microsoft.com/en-us... · Posted by u/1970-01-01
Hi, I’m an Independent Advisor. It sounds like you expected Microsoft community support to be a valuable resource for answers to your technical problems. I can understand how frustrating that would be. At this point, the most reliable solution is to perform a clean reinstall of Windows.
Option 2: sfc /scannow
khangaroo commented on Breaking out of VRChat using a Unity bug khang06.github.io/vrcesca... · Posted by u/sonixier
Wow, allowing remote execution of a bytecode language that directly operates on system resources is a bit terrifying. This can’t be the only Unity API that wasn’t designed to be secure when called by untrusted code from the internet.
Absolutely. The other exploit I wrote from two years ago that I alluded to in the post involved a vulnerability completely different component. That one abused a (presumably decades-old) heap overflow in the S3M tracker module format in the FMOD audio library built into Unity. I think there isn't nearly enough serious vulnerability research into games outside of cheater groups.
As a side note, that S3M vuln was a massive pain because the chain of responsibility was even longer. That's why I lost a good chunk of the writeup for that before it was safe to publish it.
khangaroo commented on Breaking out of VRChat using a Unity bug khang06.github.io/vrcesca... · Posted by u/sonixier
That part about the Steam overlay is interesting. This stuff is over my head, but this makes it sound like Valve's implementation creates an unnecessary attack surface. Its also pretty lame that disabling the option for it has no effect on the exploit.
Personally, I think that part ended up being more interesting than the Unity bug itself purely because of the implications. A friend was able to abuse the xinput1_3 RWX region in particular to get code execution in a different game with only an arbitrary write primitive and no ASLR leaks. I wouldn't be surprised if this trick got abused for in-the-wild game RCE exploits like the Apex Legends one (though I have no way to verify that).
khangaroo commented on Everything I know about the fast inverse square root algorithm github.com/francisrstokes... · Posted by u/atan2
If your computer was built after 1999, it probably supports the SSE instruction set. It contains the _mm_rsqrt_ps instruction, which is faster and will give you four reciprocal square roots at once: https://www.intel.com/content/www/us/en/docs/intrinsics-guid...
That being said, the techniques discussed here are not totally irrelevant (yet). There still exists some hardware with fast instructions for float/int conversion, but lacking rsqrt, sqrt, pow, log instructions, which can all be approximated with this nice trick.
The SSE float reciprocal instructions have slightly different results between Intel and AMD, which can be a source of headaches for those expecting deterministic results between PCs. (see https://robert.ocallahan.org/2021/09/rr-trace-portability-di...)
Fun fact, both the Wii's seconday ARM chip used for security tasks and the iPhone 2G's processors had Jazelle but never used them.
The 3DS has it too: https://github.com/SonoSooS/libjz
khangaroo commented on Half-Life 25th Anniversary Update half-life.com/en/halflife... · Posted by u/Philpax
khangaroo commented on Subtraction is functionally complete orlp.net/blog/subtraction... · Posted by u/orlp
I posted this on the thread in /r/programming a while ago, but I might as well post this here too. It's possible to implement the adder in "only" 11 subtractions:
fn adder(a: Bit, b: Bit, c: Bit) -> (Bit, Bit) {
let r0 = c - b;
let r1 = c - r0;
let r2 = ZERO - r0;
let r3 = b - r1;
let r4 = r2 - r3;
let r5 = a - r4;
let r6 = r4 - a;
let r7 = ZERO - r5;
let r8 = r7 - r1;
let r9 = r7 - r6;
let r10 = ZERO - r8;
(r9, r10)
}