Difference between revisions of "PoC or GTFO"

Latest revision as of 12:08, 23 December 2021

Intro

This page assembles various matters related to the International Journal of Proof-of-Concept or Get The Fuck Out (PoC||GTFO or PoC or GTFO)
I limit voluntarily myself to topics I've been directly involved with.

Articles

PoC||GTFO 0x05 3: ECB as an Electronic Coloring Book
- See also https://doegox.github.io/ElectronicColoringBook/
- See also my lightning talk @ hack.lu 2014
PoC||GTFO 0x06 7: More Cryptographic Coloring Books (original title was "Coloring Book Continued")
- Errata in 7.6 due to Frenglish to English translation ;-) : OFB and CTR are fine, only CBC & CFB can be compared to ECB
PoC||GTFO 0x08 12: Weird cryptography; or, How to resist brute-force attacks.
- See also Sci-Fi Crypto
- pocorgtfo08.pdf itself is also a ZIP and a shell script to perform grammatically correct encryption
PoC||GTFO 0x09 12: What If You Could Listen to This PDF?
- pocorgtfo09.pdf itself is also a ZIP and a WavPack audio file
PoC||GTFO 0x12 11: Are Androids Polyglots?
- pocorgtfo12.pdf itself is also a ZIP and an Android APK able to share itself via NFC
PoC||GTFO 0x13 10: Post Scriptum: A Schizophrenic Ghost, with E. Sultanik
- pocorgtfo12.pdf itself is also a ZIP and a PostScript file

Misc from PoC||GTFO

PoC||GTFO 0x06

Happy thanksgiving ;)

sed '4025,4048!d' pocorgtfo06.pdf

Spoilers for our Pictures of Cats

- 1.png is a PNG picture. It's a RGB picture, with a palette.
  The RGB values have been altered to display another picture via the palette.
  So just change offset 0x19 from 0x2 (RGB) to 0x3 (paletted)
  to enjoy the hidden picture.
  Extra efforts were taken to make the picture not trivial to extract,
  and remove as many artifacts as possible

  by Philippe Teuwen & Ange Albertini, original idea by Dominique Bongard

- 2.bmp is a BMP/PCM polyglot, which means it's a Bitmap picture,
  and a RAW audio polyglot that is directly playable
  (it's not really hidden, it's just happy co-existence).
  The audio, when viewed in spectrogram view, will show a familiar face.

  To enjoy it fully, just run
  sox -t raw -r 44100 -c 1 -e signed -b 32 2.bmp -n spectrogram
  (with optional -m -x 555 -y 512 -z 24 -Z -36, for better rendering)

  For more details, check http://wiki.yobi.be/wiki/BMP_PCM_polyglot,
  including a nifty RGB spectrogram via baudline.

  by Philippe Teuwen & Ange Albertini

For PNG in PNG, see PNG Merge
For BMP/PCM, see BMP PCM polyglot

PoC||GTFO 0x06 contains also a scan of a softstrip

I made a clean version here
which can be decoded with this code
@johnmaushammer posted the result together with his own code

PoC||GTFO 0x07

Anybody noticed what the boy is reading on PoC||GTFO 0x07 cover?
Did you notice BlueRay microdots in PoC||GTFO 7:3 ? First one depicts @scanlime's artwork
Two new polyglots sound + spectrograms

PoC||GTFO 0x08

Animated covers
- @pdfkungfoo made lovely gifs for those of you not having Adobe to enjoy last PoC||GTFO 0x08

(click them to see the animations)

Also as video: https://vimeo.com/131434211 and https://vimeo.com/131445216

PoC||GTFO '08 painting inspired by Magritte's Empire of Lights:

Polyglot is a shell script to encode English into grammatically correct English
- Did you know? PoC||GTFO 8.12 drawing is a Hugues printing telegraph
PoC||GTFO 0x08 Ossmann artwork is based on Osman videogame

Misc in the same PoC spirit

Ange had fun with Cameron recent declarations: https://imgur.com/xNUlzaE
That PNG contains a dummy chunk ("dumb" chunk actually) with 32b PCM so you can actually play the PNG and hear the content of dumb chunk (before hearing the white noise of the picture data itself)

wget -O - https://imgur.com/download/xNUlzaE | aplay -r 44100 -c1 -f S32_BE

Note that we're supposed to apply a ROT13 but I don't hear a difference (rot13 on binary only affects slightly a small part of the range)

wget -O - https://imgur.com/download/xNUlzaE | tr '[A-Za-z]' '[N-ZA-Mn-za-m]' |aplay -r 44100 -c1 -f S32_BE

The voice says "I've no idea what I'm saying"

@@ Line 1: / Line 1: @@
 ==Intro==
 This page assembles various matters related to the [https://www.alchemistowl.org/pocorgtfo/ International Journal of Proof-of-Concept or Get The Fuck Out] (PoC||GTFO or PoC or GTFO)
+<br>I limit voluntarily myself to topics I've been directly involved with.
+<!--
 ==Mirror==
 My PoC mirror:
@@ Line 9: / Line 11: @@
 </source>
 You can find also lighter booklet versions ready for printing (and only printing!) at http://[2a02:af00:8:0:506f:43ba:4754:464f]/booklets
+-->
 ==Articles==
 * [https://www.alchemistowl.org/pocorgtfo/pocorgtfo05.pdf PoC||GTFO 0x05] 3: ECB as an Electronic Coloring Book
@@ Line 15: / Line 18: @@
 * [https://www.alchemistowl.org/pocorgtfo/pocorgtfo06.pdf PoC||GTFO 0x06] 7: More Cryptographic Coloring Books (original title was "Coloring Book Continued")
 ** Errata in 7.6 due to Frenglish to English translation ;-) :  OFB and CTR are fine, only CBC & CFB can be compared to ECB
+* [https://www.alchemistowl.org/pocorgtfo/pocorgtfo08.pdf PoC||GTFO 0x08] 12: Weird cryptography; or, How to resist brute-force attacks.
+** See also [[Sci-Fi Crypto]]
+** pocorgtfo08.pdf itself is also a ZIP and a shell script to perform grammatically correct encryption
+* [https://www.alchemistowl.org/pocorgtfo/pocorgtfo09.pdf PoC||GTFO 0x09] 12: What If You Could Listen to This PDF?
+** pocorgtfo09.pdf itself is also a ZIP and a WavPack audio file
+* [https://www.alchemistowl.org/pocorgtfo/pocorgtfo09.pdf PoC||GTFO 0x12] 11: Are Androids Polyglots?
+** pocorgtfo12.pdf itself is also a ZIP and an Android APK able to share itself via NFC
+* [https://www.alchemistowl.org/pocorgtfo/pocorgtfo13.pdf PoC||GTFO 0x13] 10: Post Scriptum: A Schizophrenic Ghost, with E. Sultanik
+** pocorgtfo12.pdf itself is also a ZIP and a PostScript file
 ==Misc from PoC||GTFO==
 ===[https://www.alchemistowl.org/pocorgtfo/pocorgtfo06.pdf PoC||GTFO 0x06]===
+Happy thanksgiving ;)
 <source lang=bash>
 sed '4025,4048!d' pocorgtfo06.pdf
@@ Line 53: / Line 67: @@
 * which can be decoded with [http://pastebin.com/hU8mSj1D this code]
 * @johnmaushammer posted the result together with [http://pastebin.com/7GvSM8Q9 his own code]
+===[https://www.alchemistowl.org/pocorgtfo/pocorgtfo07.pdf PoC||GTFO 0x07]===
+* [https://twitter.com/doegox/status/578948443814629376 Anybody noticed what the boy is reading on PoC||GTFO 0x07 cover?]
+* [https://twitter.com/doegox/status/590889853811875840 Did you notice BlueRay microdots in  PoC||GTFO 7:3 ? First one depicts @scanlime's artwork]
+* Two new polyglots sound + spectrograms
+===[https://www.alchemistowl.org/pocorgtfo/pocorgtfo08.pdf PoC||GTFO 0x08]===
+* Animated covers
+** @pdfkungfoo made lovely gifs for those of you not having Adobe to enjoy last PoC||GTFO 0x08<br>
+(click them to see the animations)
+<br>[[Image:Family-pocorgtfo08.gif|400px|link=http://wiki.yobi.be/images/2/26/Family-pocorgtfo08.gif]]
+<br>[[Image:Birds-pocorgtfo08.gif|400px|link=http://wiki.yobi.be/images/7/7b/Birds-pocorgtfo08.gif]]
+<br>Also as video: https://vimeo.com/131434211 and https://vimeo.com/131445216
+* PoC||GTFO '08 painting inspired by [https://en.wikipedia.org/wiki/The_Empire_of_Lights Magritte's Empire of Lights]:
+<br>[[Image:Pocorgtfo08EmpireLumieres.png|400px]]
+* Polyglot is a shell script to encode English into grammatically correct English
+** [https://twitter.com/doegox/status/615893486542286852 Did you know? PoC||GTFO 8.12 drawing is a Hugues printing telegraph]
+* [https://twitter.com/doegox/status/615603544184516608 PoC||GTFO 0x08 Ossmann artwork is based on Osman videogame]
 ==Misc in the same PoC spirit==
 Ange had fun with Cameron recent declarations: https://imgur.com/xNUlzaE
@@ Line 59: / Line 92: @@
 wget -O - https://imgur.com/download/xNUlzaE | aplay -r 44100 -c1 -f S32_BE
 </source>
+Note that we're supposed to apply a ROT13 but I don't hear a difference (rot13 on binary only affects slightly a small part of the range)
+<source lang=bash>
+wget -O - https://imgur.com/download/xNUlzaE | tr '[A-Za-z]' '[N-ZA-Mn-za-m]' |aplay -r 44100 -c1 -f S32_BE
+</source>
+The voice says "I've no idea what I'm saying"