Auditing A CS:GO Betting Site for Provable Fairness
Provable fairness is one of the building blocks of modern online gambling. Many Bitcoin casinos have popped up that use “provably fair” number generation algorithms. These algorithms guarantee that the numbers generated have not been influenced by either party in a way that is favorable for them. For a more detailed explanation of these systems, read this blog post. Recently, I have been introduced to the Counter-Strike: Global Offensive gambling scene.
...Basics of Provable Fairness
This post is a basic primer on how provably fair betting websites and number generation algorithms work. It contains helpful background information for some of my future posts.
Words to Know Provably fair number generation algorithms are built around cryptographic hashes. Provably fair systems rely on these hash functions taking input data (the plaintext or message) and outputting a representation of that data that can not be reversed, but is the same every time (the hash or message digest).
...Securing NGINX with CloudFlare
A determined hacker can expose the origin IP address of a website behind a reverse proxy service using many methods. One of the methods I have seen used against me is scanning the entire IPv4 address space and making an HTTP request to every IP address with the Host header set to my domain. If the origin server responds to this request with the same page that is served over CloudFlare, the attacker will know that they have found the correct origin server.
...Amazon Echo Rooting: Part 2
Filesystem Information While searching through the partial filesystem I extracted from the package updates, I found /etc/dev.tar which appears to be a skeleton of the dev filesystem. We can infer several things about the partition layout on the internal MMC with this information.
Building the SD Card Partitioning the SD Card It appears that uBoot will only attempt to use the partition named main-A as the root filesystem. I created a small partition named _ because there is a bug with get_partition_num that will cause it to occasionally be unable to find the first partition on the disk.
...Amazon Echo Rooting: Part 1
Update: You can view Ike Clinton’s paper that is mentioned in this article here. It is the basis for most of this research so far. There is also a Slack channel and wiki about this subject. The PCBs I ordered came in but I haven’t had time to solder the components on or test it out. A few people in the Slack channel have gotten their own code running on the Echo, so it is possible!
...Debian Package Visualization
Recently, a close friend sent me a link to this blog post. The blog post goes over some details about exporting package relationships for Ubuntu in a format that can be read by graph generating software. The blog post was made in early 2013, so I decided to try it myself and add a few things. I made some slight modifications to his code, which can be found below.
The original blog post only contained image renderings.
...
