Auditing A CS:GO Betting Site for Provable Fairness

Provable fairness is one of the building blocks of modern online gambling. Many Bitcoin casinos have popped up that use “provably fair” number generation algorithms. These algorithms guarantee that the numbers generated have not been influenced by either party in a way that is favorable for them. For a more detailed explanation of these systems, …

Basics of Provable Fairness

This post is a basic primer on how provably fair betting websites and number generation algorithms work. It contains helpful background information for some of my future posts. Words to Know Provably fair number generation algorithms are built around cryptographic hashes. Provably fair systems rely on these hash functions taking input data (the plaintext or message) …

Securing NGINX with CloudFlare

A determined hacker can expose the origin IP address of a website behind a reverse proxy service using many methods. One of the methods I have seen used against me is scanning the entire IPv4 address space and making an HTTP request to every IP address with the Host header set to my domain. If …

Amazon Echo Rooting: Part 2

Filesystem Information While searching through the partial filesystem I extracted from the package updates, I found /etc/dev.tar which appears to be a skeleton of the dev filesystem. We can infer several things about the partition layout on the internal MMC with this information. View the code on Gist. We now know that the internal MMC has 8 …

Amazon Echo Rooting: Part 1

Update: You can view Ike Clinton’s paper that is mentioned in this article here. It is the basis for most of this research so far. There is also a Slack channel and wiki about this subject. The PCBs I ordered came in but I haven’t had time to solder the components on or test it …

Debian Package Visualization

Recently, a close friend sent me a link to this blog post. The blog post goes over some details about exporting package relationships for Ubuntu in a format that can be read by graph generating software. The blog post was made in early 2013, so I decided to try it myself and add a few things. I made …