Pico 3.0.0-alpha.2 Exploit
Marketta Filipovich
this exploit allows you to run any code that is on 1 line, and doesn't use any pico-8 preproccesor based syntax extensions (i.e. +=, shorthand if, ?), while only costing 8 tokens
it works as follows:
similarly to exploit #1, before patching, our code is in a multiline string, and thus only costs 1 token. after patching, it is not in a string anymore, so pico8 just runs it as regular code. so now we can run any code (with the same caveat as before of not using pico-8's preproccesor based syntax extensions), using only 8 tokens
all of these exploits are caused by the preproccesor being kind of weird and finnicky. while i'm sure these specific ones can be fixed by changing it, i'm pretty convinced you could find things like these in every non-syntax-aware preprocessor. while @zep has been against adding compound operators (+=) to the syntax in the past, I think these examples (and all the other weird preproccesor behaviour) provide a decent argument for why it should be
I've been looking again at ditching the pre-processor recently while working a bit on Picotron (which does not use one), and this pretty much seals the deal. @samhocevar has already proved by example that it is a viable approach with z8lua, and the branch I'm experimenting with seems to have pretty good backwards compatibility already. Apart from getting rid of weird edge case behaviours and not being eternally bug-prone, I'm also happy that compound assignments like "num[rnd(5)\1] += 1" can work as expected without evaluating the rnd() twice.
Ha, @RyanC. I remember finding an exploit years ago in Pico-8 where you could use the include() command inside an executable to run a notepad file as code, defeating the purpose of purchasing the editor.
Of course it can. It's a contextual thing. The parser knows where assignment operators are vs. where expression operators are. You wouldn't find a comparison operator to the right of a receiving variable, so in that position it would obviously be an assignment operator. Likewise, Lua doesn't allow in-expression assignments the way C/C++ do, so there's no risk that it'll be mistaken for an assignment operator in the middle of an expression.
This is just like how the "-" character works both for subtraction and negation. The parser knows that when there's an expression to the left of it, it's subtraction, and when there's an operator (or nothing) next to it, it's negation.
if we're already talking about nice things we could get from this change, it'd be extremely nice if we could get multiple assignment from compound assignment (I.e. a,b += c,d). While this should definitely be possible to implement in the syntax, I don't know how difficult/ complex it would be to implement it in the parser. It'd be extremely nice to have though.
The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
Point-of-Care tests based on biomarkers, useful to monitor acute and chronic inflammations, are required for advances in medicine. In this scope, a key role is played by pro-inflammatory cytokines, of which interleukin 6 (IL-6) is generally thought as one of the most relevant. To use IL-6 in real scenarios, detection in ultra-low concentration ranges is required. In this work, two IL-6 biosensors are obtained by exploiting the combination of the same antibody self-assembled monolayer with two different plasmonic probes. This approach has demonstrated, via experimental results, that two different IL-6 concentration ranges can be explored. More specifically, IL-6 in an atto-femto molar range can be detected via polymer-based nanoplasmonic chips. On the other hand, a pico-nano molar range is obtained by a surface plasmon resonance platform in plastic optical fibers. As a proof of concept, the detection of IL-6 at the femto molar range has been obtained in Saliva and Serum. The results show that the proposed sensing approach could be useful in developing Point-of-Care devices based on a general setup with the capability to exploit both the plasmonic biosensor chips to monitor the IL-6 in the concentration range of interest, to provide an important support for the diagnosis and monitoring of oral and systemic diseases.
This year, picoCTF 2021 introduced a series of browser pwns. The first of the series was a simple shellcoding challenge, the second one was another baby v8 challenge with unlimited OOB indexing (about the same difficulty as the v8 pwnable from my Rope2 writeup - I recommend you to read this if you are unfamiliar with v8 exploitation), but what really caught my attention was the last browser pwnable, turboflan, which involved a bug in the turbofan JIT optimizer in Chromium. For those unfamiliar with turbofan, the following post from Jeremy Fetiveau is a nice read. I myself am still quite new to turbofan vulnerabilities, so please let me know if I made a mistake in my explanations.
I have two xboxes waiting to softmod>tsop, the disc drives in both are fugged so I can't use my mechassault disc. I'm wondering if the softmod can be performed from a digital copy of the game on the hard drive + hard drive copy of the exploit game save, all while running on a modchip.
yeah, just tried that with sid 5.11, it tells me something like "modded files already present" and refuses to work, then I accidentally clicked on delete ms backup and hobbled this xbox with error 13, lol
I managed to get the second xbox's disc drive working somewhat and reached the menu on mechassault but upon clicking "run linux" it goes to a black screen and hangs there, and trying with its hdd copy of splinter cell results in a freeze, this was not helped by setting the xbox's date/time as I've seen recommended on other websites
If you have a spare rp pico or 2040 board laying around you can use Arduinoprom and use it to snag your eeprom so you can create a softmodded hdd with FatXpolorer that will allow you to at least boot up and flash your tsop. This is how I was able to tsop 3 old xboxes without any save game exploit. Converting the Arduino files for the pico and determining which pins to use can be a bit of a pain though.
Just grab yourself a cheap rp2040 or pico and dump the eeprom so you can either null the hdd key or build an hdd with FatXplorer and use the eeprom to lock the drive. If you do this and happen to get either a pico or a waveshare rp 2040 zero and don't want to go through the hassle of making the uf2 file yourself just let me know and I can send you mine and let you know which pins to use. It's only a 3 wire install and takes less than 5 seconds to dump with the Arduinoprom script.
Seems that if it still boots disc's, you could just create an iso of the evox dashboard, burn it and boot it, backup the eeprom, dump it to your computer via ftp, pull the drive, unlock it with fatXplorer, create a new soft modded hdd and lock the drive with the eeprom. Or, boot the cerbios install disc and flash the tsop, pull the drive and create a new one and not having to worry about locking or soft modding it. Not sure I know what you mean by spotless disc's though.
I just mean its optical drive is so old and picky it won't read a disc that has a little tiny scratch. There was admittedly no use in mentioning that part. I don't even know how to find cerbios by the way. Is xbins still an irc channel or did it move to that trendy discord thing? I don't know what discord is but from the stories I've heard I don't think I wish to know.
I just mean its optical drive is so old and picky it won't read a disc that has a little tiny scratch. I don't even know how to find cerbios. Is xbins still an irc channel or did it move to that trendy discord thing? I don't know what discord is but from the stories I've heard I don't think I wish to know.
To be fair I've never had a chance to us Xblast OS though due to it not working with my 3rd party controller. I was just reading up on it the last couple of days since I was trying to figure out if I could install it to my tsop temporarily while attempting the ram upgrade so I would be able to run the test and I read somewhere that it didn't resize them. Must have been old info. I've ordered an OEM controller though so that should hopefully be here in a week or so and I'll be able to try it out with reflashing the Sharp tsop. Might have to eventually buy a flashable mod chip.
Although it's true that I tend to focus mostly on Linux in systemsadministration (after all, that is my day job), I've always had a secondaryinterest in security, whether it's hardening systems, performing forensicson a hacked system, getting root on a pico projector or even trying myhand at finding and exploiting vulnerabilities. Even though it's funto set up your own Web services and attempt to exploit them, there'ssomething more satisfying about finding vulnerabilities in someoneelse's code. The downside, of course, is that most Webmasters don'tappreciate it when you break into their sites. However fun hacking is,at least for me, it isn't worth the risk of jail time, so I need to havemy fun in more legal ways. This is where my wireless router comes in.
e59dfda104