It’s been awhile since I posted! I spent a fair amount of time transposing today and yesterday the Final Battle soundtrack from Mario and Luigi: Bowser’s Inside Story.
As you can see from my usage of accidentals (f natural intead of f double-sharp, lol), I was kinda lazy plus I’m bad at transposing in general.
Some of you may have heard of this, some of you may have not. The “Calculus Rush” is a reference to when students (particularly those in high-school) “rush” to the next math class – that is, instead of actively developing their problem-solving skills with what they already know, they spread themselves thin by learning new material. Several articles have been written about this which you can find by googling for or “the rush to calculus” or some similar alliteration. This does not apply to every student and/or school, but it’s foolhardy to deny that this is a problem in education in general.
Frequently, I see students asking questions more-or-less along the lines of “What’s the trick for this problem?” with the assumption that for every type of problem, there is a ready-made trick to that allows said students to get the answer quickly – essentially asking for a full solution that is copied for a similar problem that “requires” the same so-called trick. The reason this annoys me is that it fosters an environment where problem-solving and understanding are discouraged and rote memorization is encouraged.
While this rant is primarily aimed at poorly-implemented pedagogy in mathematics, it applies to pretty much every other subject as well.
Full PoC w/ abitrary code execution: Link to Issue
Update: The vulnerability has been partially fixed; however, the patch unintentionally removes desired functionality as stated here.
Not too long ago, I was casually perusing my way through GitHub and found the Threadtear Java bytecode deobfuscator.
For those of you who don’t know, I have a strong interest for Java bytecode-related projects — especially when deobfuscation and obfuscation are involved.
There’s a warning on the README.md of the repository which specifically informs the user it is possible to successfully execute arbitrary code through the deobfuscator for malicious purposes.
So of course, I decided to take up the challenge and create a proof of concept of an ACE exploit in Threadtear.
Earlier today, I visited the Tigress C obfuscator website
today (I haven’t for awhile) and it looks much nicer now ;). Anyways, something that particularly interested me was Tigress’s
page on EncodeArithmetic. Since I, a maintainer of a Java bytecode obfuscator, am
always looking for cool things to try, found
the book they linked of interest.