You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
<p>A flaw in the wildly popular online game <em>Minecraft</em> makes it easy for just about anyone to crash the server hosting the game, according to a computer programmer who has released proof-of-concept code that exploits the vulnerability.</p>
7
9
<p>"I thought a lot before writing this post," Pakistan-based developer Ammar Askar wrote in a <ahref="http://blog.ammaraskar.com/minecraft-vulnerability-advisory">blog post published Thursday</a>, 21 months, he said, after privately reporting the bug to <em>Minecraft</em> developer Mojang. "On the one hand I don't want to expose thousands of servers to a major vulnerability, yet on the other hand Mojang has failed to act on it."</p>
8
10
<p>The bug resides in the <ahref="https://github.com/ammaraskar/pyCraft">networking internals of the <em>Minecraft </em>protocol</a>. It allows the contents of inventory slots to be exchanged, so that, among other things, items in players' hotbars are displayed automatically after logging in. <em>Minecraft</em> items can also store arbitrary metadata in a file format known as <ahref="http://wiki.vg/NBT">Named Binary Tag (NBT)</a>, which allows complex data structures to be kept in hierarchical nests. Askar has released <ahref="https://github.com/ammaraskar/pyCraft/tree/nbt_exploit">proof-of-concept attack code</a> he said exploits the vulnerability to crash any server hosting the game. Here's how it works.</p>
9
11
<blockquote>
10
12
<p>The vulnerability stems from the fact that the client is allowed to send the server information about certain slots. This, coupled with the NBT format’s nesting allows us to <em>craft</em> a packet that is incredibly complex for the server to deserialize but trivial for us to generate.</p>
11
13
<p>In my case, I chose to create lists within lists, down to five levels. This is a json representation of what it looks like.</p>
<p>The root of the object, <code>rekt</code>, contains 300 lists. Each list has a list with 10 sublists, and each of those sublists has 10 of their own, up until 5 levels of recursion. That’s a total of <code>10^5 * 300 = 30,000,000</code> lists.</p>
39
42
<p>And this isn’t even the theoretical maximum for this attack. Just the nbt data for this payload is 26.6 megabytes. But luckily Minecraft implements a way to compress large packets, lucky us! zlib shrinks down our evil data to a mere 39 kilobytes.</p>
40
43
<p>Note: in previous versions of Minecraft, there was no protocol wide compression for big packets. Previously, NBT was sent compressed with gzip and prefixed with a signed short of its length, which reduced our maximum payload size to <code>2^15 - 1</code>. Now that the length is a varint capable of storing integers up to <code>2^28</code>, our potential for attack has increased significantly.</p>
@@ -45,4 +48,4 @@
45
48
</blockquote>
46
49
<p>Ars is asking Mojang for comment and will update this post if company officials respond.</p>
Copy file name to clipboardExpand all lines: test/test-pages/blogger/expected-metadata.json
+1-1Lines changed: 1 addition & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -2,6 +2,6 @@
2
2
"title": "Open Verilog flow for Silego GreenPak4 programmable logic devices",
3
3
"byline": null,
4
4
"dir": "ltr",
5
-
"excerpt": "I've written a couple of posts in the past few months but they were all for",
5
+
"excerpt": "I've written a couple of posts in the past few months but they were all for the blog at work so I figured I'm long overdue for one on Silicon Exposed.",
<pstyle="display: inline;" class="readability-styled"> I've written a couple of posts in the past few months but they were all for </p><ahref="http://blog.ioactive.com/search/label/Andrew%20Zonenberg">the blog at work</a>
4
-
<pstyle="display: inline;" class="readability-styled"> so I figured I'm long overdue for one on Silicon Exposed.</p>
3
+
<p> I've written a couple of posts in the past few months but they were all for <ahref="http://blog.ioactive.com/search/label/Andrew%20Zonenberg">the blog at work</a> so I figured I'm long overdue for one on Silicon Exposed.</p>
5
4
<p>
6
5
<h2> So what's a GreenPak?</h2><br/> Silego Technology is a fabless semiconductor company located in the SF Bay area, which makes (among other things) a line of programmable logic devices known as GreenPak. Their <ahref="http://www.silego.com/products/greenpak5.html">5th generation parts</a> were just announced, but I started this project before that happened so I'm still targeting the <ahref="http://www.silego.com/products/greenpak4.html">4th generation</a>.</p>
7
6
<p> GreenPak devices are kind of like itty bitty <ahref="http://www.cypress.com/products/32-bit-arm-cortex-m-psoc">PSoCs</a> - they have a mixed signal fabric with an ADC, DACs, comparators, voltage references, plus a digital LUT/FF fabric and some typical digital MCU peripherals like counters and oscillators (but no CPU).</p>
Copy file name to clipboardExpand all lines: test/test-pages/breitbart/expected.html
+2-1Lines changed: 2 additions & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -1,7 +1,8 @@
1
1
<divid="readability-page-1" class="page">
2
2
<div>
3
3
<figure>
4
-
<div><imgitemprop="image" src="http://media.breitbart.com/media/2016/11/GettyImages-621866810-640x480.jpg" alt="Supporters of Republican presidential nominee Donald Trump cheer during election night at the New York Hilton Midtown in New York on November 9, 2016. / AFP / JIM WATSON (Photo credit should read JIM WATSON/AFP/Getty Images)" width="640" height="480" />
4
+
<div>
5
+
<p><imgitemprop="image" src="http://media.breitbart.com/media/2016/11/GettyImages-621866810-640x480.jpg" alt="Supporters of Republican presidential nominee Donald Trump cheer during election night at the New York Hilton Midtown in New York on November 9, 2016. / AFP / JIM WATSON (Photo credit should read JIM WATSON/AFP/Getty Images)" width="640" height="480" /></p>
Copy file name to clipboardExpand all lines: test/test-pages/bug-1255978/expected.html
+13-11Lines changed: 13 additions & 11 deletions
Original file line number
Diff line number
Diff line change
@@ -7,9 +7,9 @@
7
7
<p>Here are some of the secrets that the receptionist will never tell you when you check in, according to answers posted on <ahref="https://www.quora.com/What-are-the-things-we-dont-know-about-hotel-rooms" target="_blank">Quora</a>.</p>
<p>Even posh hotels might not wash a blanket in between stays </p>
12
+
<p>Even posh hotels might not wash a blanket in between stays </p>
13
13
</div>
14
14
<p>1. Take any blankets or duvets off the bed</p>
15
15
<p>Forrest Jones said that anything that comes into contact with any of the previous guest’s skin should be taken out and washed every time the room is made, but that even the fanciest hotels don’t always do so. "Hotels are getting away from comforters. Blankets are here to stay, however. But some hotels are still hesitant about washing them every day if they think they can get out of it," he said.</p>
<p>Forrest Jones advised stuffing the peep hole with a strip of rolled up notepaper when not in use. </p>
23
+
<p>Forrest Jones advised stuffing the peep hole with a strip of rolled up notepaper when not in use. </p>
24
24
</div>
25
25
<p>2. Check the peep hole has not been tampered with</p>
26
26
<p>This is not common, but can happen, Forrest Jones said. He advised stuffing the peep hole with a strip of rolled up notepaper when not in use. When someone knocks on the door, the paper can be removed to check who is there. If no one is visible, he recommends calling the front desk immediately. “I look forward to the day when I can tell you to choose only hotels where every employee who has access to guestroom keys is subjected to a complete public records background check, prior to hire, and every year or two thereafter. But for now, I can't,” he said.</p>
<p>Bedbugs love wood. Even though a wooden luggage rack might look nicer and more expensive than a metal one, it’s a breeding ground for bugs. Forrest Jones says guests should put the items they plan to take from bags on other pieces of furniture and leave the bag on the floor.</p>
<p>The old rule of thumb is that for every 00 invested in a room, the hotel should charge in average daily rate </p>
39
+
<p>The old rule of thumb is that for every 00 invested in a room, the hotel should charge in average daily rate </p>
40
40
</div>
41
41
<p>4. Hotel rooms are priced according to how expensive they were to build</p>
42
42
<p>Zeev Sharon said that the old rule of thumb is that for every $1000 invested in a room, the hotel should charge $1 in average daily rate. So a room that cost $300,000 to build, should sell on average for $300/night.</p>
@@ -53,9 +53,9 @@ <h3>6. Mini bars almost always lose money</h3>
53
53
<p>Despite the snacks in the minibar seeming like the most overpriced food you have ever seen, hotel owners are still struggling to make a profit from those snacks. "Minibars almost always lose money, even when they charge $10 for a Diet Coke,” Sharon said.</p>
<p>Towels should always be cleaned between stays </p>
58
+
<p>Towels should always be cleaned between stays </p>
59
59
</div>
60
60
<p>7. Always made sure the hand towels are clean when you arrive</p>
61
61
<p>Forrest Jones made a discovery when he was helping out with the housekeepers. “You know where you almost always find a hand towel in any recently-vacated hotel room that was occupied by a guy? On the floor, next to the bed, about halfway down, maybe a little toward the foot of the bed. Same spot in the floor, next to almost every bed occupied by a man, in every room. I'll leave the rest to your imagination,” he said.</p>
@@ -64,5 +64,7 @@ <h3>6. Mini bars almost always lose money</h3>
0 commit comments