BGGP 4 (2023), Result has been announced on 31th Oct
|
|
  Jun 23 2023, 10:57 PM, updated 3y ago
Show posts by this member only | IPv6 | Post
#1
|
 
Validating
329 posts Joined: Jun 2023 
|
 BGGP 4 starts tomorrow! I am excited, it is an annual small file competition (organized by security researchers specializing in malware analysis, reverse engineering and exploit) since 2020! Will update here tomorrow! RESULT: https://github.com/binarygolf/BGGP/tree/main/2023 This post has been edited by MatQuasar: Oct 31 2023, 01:03 PM |
|
|
|
|
|
Jun 24 2023, 05:38 AM
Show posts by this member only | IPv6 | Post
#2
|
|
Validating
329 posts Joined: Jun 2023
|
The organizer has announced it a few hours ago.
The theme is : "Create the smallest self-replicating file", A valid submission will: - Produce exactly 1 copy of itself - Name the copy "4" - Not execute the copied file - Print, return, or display the number 4 Please go to their website for more info: https :// binary.golf |
|
|
Jun 24 2023, 01:10 PM
Show posts by this member only | IPv6 | Post
#3
|
|
Validating
329 posts Joined: Jun 2023
|
Below is my example in VBScript, 97 bytes (if you use CR/LF as new line):
CODE Dim f Set f=CreateObject("Scripting.FileSystemObject") f.CopyFile "04.vbs","4" MsgBox "4",0,"" It copies itself (must be named as 04.vbs) to a new file "4", then display "4" in message box. According to organizer, other file types that can be fun are: Smallest self-replicating shell script Smallest self-replicating COM Smallest self-replicating Kernel Module Smallest self-replicating core dump Smallest self-replicating VxD Smallest self-replicating Makefile Smallest self-replicating UEFI App Smallest self-replicating .pyc Smallest self-replicating APK Smallest self-replicating Gameboy ROM Smallest self-replicating GIF Smallest self-replicating MP4 Smallest self-replicating Postgres query Smallest self-replicating .tar.gz Smallest self-replicating Word Document But a self-replicating GIF? The organizer also just demonstrate (through diagram) how a GIF can copies itself (through some protocol). Who wants to join?   It involves coding this time, Python/Lua/Perl scripts are also accepted, according to organizer on Twitter. |
|
|
Jun 24 2023, 05:05 PM
Show posts by this member only | IPv6 | Post
#4
|
|
Validating
329 posts Joined: Jun 2023
|
QUOTE(MatQuasar @ Jun 24 2023, 01:10 PM) Smallest self-replicating COM For the smallest COM, which one you think will be smaller using Assembly language? 1. Use DOS Interrupt to open existing file, create new file, read and write as usual 2. Execute an external program (in this case, run internal "copy" command) From what I found on the Internet CODE Int 21h Function 4B00h (AX) to execute an external program, Is there third option to replicate itself to a new file "4"? |
|
|
Jun 24 2023, 09:16 PM
Show posts by this member only | Post
#5
|
Junior Member
355 posts Joined: Aug 2021 
|
QUOTE(MatQuasar @ Jun 24 2023, 05:05 PM) For the smallest COM, which one you think will be smaller using Assembly language? IMHO, using Windows API or linux syscall should be preferred. 1. Use DOS Interrupt to open existing file, create new file, read and write as usual 2. Execute an external program (in this case, run internal "copy" command) From what I found on the Internet CODE Int 21h Function 4B00h (AX) to execute an external program, Is there third option to replicate itself to a new file "4"? Obsolete DOS INT may only applicable on emulator, which may difficult for justified the "usability", and not accessible by most of the people. If someone create an environment with shortcut of command, and use script to create shorter code, should this result accepted by others who was using standard shell ?  |
|
|
Jun 24 2023, 09:45 PM
Show posts by this member only | IPv6 | Post
#6
|
|
Validating
329 posts Joined: Jun 2023
|
QUOTE(flashang @ Jun 24 2023, 09:16 PM) IMHO, using Windows API or linux syscall should be preferred. Thanks for your feedback. Yes, I already submitted a Windows EXE as my first entry for this competition, thinking to either submit another program, maybe ELF (Linux) or DOS COM. But there is not much challenge, because it is open file, create file, read /write, close file, not much improvement can be done to make them shorter. Maybe I don't know how, I am not expert in reverse-engineering.Obsolete DOS INT may only applicable on emulator, which may difficult for justified the "usability", and not accessible by most of the people. If someone create an environment with shortcut of command, and use script to create shorter code, should this result accepted by others who was using standard shell ? As for your last question, that will be classified as another file type. And binary.golf website says: QUOTE The smallest entry of each file type wins. So each file type is different category, standard shell script file is different category than custom shell script file, so I think it is still acceptable. Will you join, flashang?  |
|
|
|
|
|
Jun 24 2023, 10:24 PM
Show posts by this member only | Post
#7
|
|
Junior Member
355 posts Joined: Aug 2021
|
QUOTE(MatQuasar @ Jun 24 2023, 09:45 PM) Thanks for your feedback. Yes, I already submitted a Windows EXE as my first entry for this competition, thinking to either submit another program, maybe ELF (Linux) or DOS COM. But there is not much challenge, because it is open file, create file, read /write, close file, not much improvement can be done to make them shorter. Maybe I don't know how, I am not expert in reverse-engineering. already submitted lua file.As for your last question, that will be classified as another file type. And binary.golf website says: So each file type is different category, standard shell script file is different category than custom shell script file, so I think it is still acceptable. Will you join, flashang? may be do other language when free.  MatQuasar liked this post
|
|
|
Jun 25 2023, 06:15 PM
Show posts by this member only | IPv6 | Post
#8
|
|
Validating
329 posts Joined: Jun 2023
|
Good news for me! It is definitely an honour to be followed by the organizer of BGGP (Binary Golf Association)! I am one of the 37 users whom they are following on Twitter.  This post has been edited by MatQuasar: Jul 31 2023, 03:25 AM flashang liked this post
|
|
|
Jun 26 2023, 11:20 PM
Show posts by this member only | IPv6 | Post
#9
|
|
Validating
329 posts Joined: Jun 2023
|
For those who have visited the binary.golf website would know, the submission format requires the SHA256 and BASE64 of the entry.
On the other forum, an expert (he submitted a lot of entries for BGGP4) suggested this is the command in Windows to generate that automatically. CODE copy entry.txt %1.entry CertUtil -hashfile %1 SHA256 >>%1.entry powershell -Command "[convert]::ToBase64String([IO.File]::ReadAllBytes('%1'))" >> %1.entry I haven't tried it myself, but you may want to use it next time if you plan to participate BGGP4 and your script/program is residing in Windows. |
|
|
Jun 27 2023, 03:14 PM
Show posts by this member only | IPv6 | Post
#10
|
|
Validating
329 posts Joined: Jun 2023
|
Someone almost beat me with its small EXE! Fortunately I still win after comparing the final size:
His/Her: 1548 bytes .NET PE Mine: 1024 bytes PE (standalone)  You can read up about his/her write-up here: https :// knifecoat.com/Posts/Writing+Small+.NET+PE's |
|
|
Jun 28 2023, 06:41 PM
Show posts by this member only | IPv6 | Post
#11
|
|
Validating
329 posts Joined: Jun 2023
|
I submitted another Linux program, 290 bytes for self-replicating file, using syscall 0 (sys_read), 1 (sys_write), 2 (sys_open), 3 (sys_close), 60 (sys_exit) and 85 (sys_creat for creating file).
I don't think conventional programming can do smallest program, but anyhow I have participated with two entries, 1KB PE and 290-byte ELF64. EDIT: @flashang, nice to see you on Twitter! This post has been edited by MatQuasar: Sep 23 2023, 08:48 PM |
|
|
Jun 28 2023, 06:43 PM
Show posts by this member only | IPv6 | Post
#12
|
|
Validating
329 posts Joined: Jun 2023
|
Sorry, I mean @flashang..... not angch who is already on Twitter long time ago. flashang liked this post
|
|
|
Jun 29 2023, 06:30 PM
Show posts by this member only | IPv6 | Post
#13
|
|
Validating
329 posts Joined: Jun 2023
|
Below is some code posted by another guy on another forum.
Please don't copy and send this to BGGP4, because that guy already submitted it. It is pasted here as an example for all. Lua. @flashang  CODE io.open("4", "wb"):write(io.open(arg[0], "rb"):read("*a")) print(4) Makefile CODE 4: cp Makefile 4 echo 4 BAT/CMD: CODE @copy %0 4 >NUL @echo 4 He also has entries for DOS COM, Python and refined VBScript, but I am not going to post them all on here. If you have participated BGGP this year, I hope you have had fun! |
|
|
|
|
|
Jun 30 2023, 06:55 PM
Show posts by this member only | IPv6 | Post
#14
|
|
Validating
329 posts Joined: Jun 2023
|
For those not following Binary Golf Association, here's the latest update about this BGGP4 event.
Someone posted a DOS COM solution at just 22 bytes! Terrific!  And when you think it is not possible to further squeeze it, someone came up with 18-byte DOS COM code snippet! https :// github.com/yo-yo-yo-jbo/binary_golf_com/issues They used very sophisticated technique that if I joined one, my DOS COM would be 50~60 bytes, I think. |
|
|
Jul 3 2023, 09:11 AM
Show posts by this member only | IPv6 | Post
#15
|
|
Validating
329 posts Joined: Jun 2023
|
I sent another entry, this time is DLL.....  angch liked this post
|
|
|
Jul 3 2023, 11:46 AM
|
Junior Member
636 posts Joined: Jul 2006
|
Does sound like everyone is just writing to a new file called "4" from orig or the memory, then outputting "4".
Very "Hello World" exercise, and not as fun as it *could* be. I *think* I can better the 22 byte .COM file, but I don't have spare cycles these days. Just need to write the memory to disk, and output "4". Perl quine version, though copying the file version is smaller: (so not entering this one, esp since I adapted from a known Perl quine) CODE % md5sum 4.pl perl.pl b21082af8283b67cb8c82a3b6f2db2d8 4.pl b21082af8283b67cb8c82a3b6f2db2d8 perl.pl % cat perl.pl # Note: no new line: $_=q(open(F,'>4.pl');print F"\$_=q($_);eval;";print"4";);eval % perl perl.pl 4 This post has been edited by angch: Jul 3 2023, 12:03 PM |
|
|
Jul 3 2023, 02:33 PM
Show posts by this member only | IPv6 | Post
#17
|
|
Validating
329 posts Joined: Jun 2023
|
QUOTE(angch @ Jul 3 2023, 11:46 AM) Does sound like everyone is just writing to a new file called "4" from orig or the memory, then outputting "4". Yes, I agree that it is "not as fun as it could be", but it does open to a wide audience for participation, since the entry level is low, almost everyone can do file copying and displaying "4" in their scripts or programs. Very "Hello World" exercise, and not as fun as it *could* be. I *think* I can better the 22 byte .COM file, but I don't have spare cycles these days. Just need to write the memory to disk, and output "4". Perl quine version, though copying the file version is smaller: (so not entering this one, esp since I adapted from a known Perl quine) CODE % md5sum 4.pl perl.pl b21082af8283b67cb8c82a3b6f2db2d8 4.pl b21082af8283b67cb8c82a3b6f2db2d8 perl.pl % cat perl.pl # Note: no new line: $_=q(open(F,'>4.pl');print F"\$_=q($_);eval;";print"4";);eval % perl perl.pl 4  Perl script, or your Perl script, is known to be short, that one you posted is just 61 bytes. But no comparison can be done, as my end does not have any known entries that are in Perl. Still about over one month left, take your time, angch, to try 22-byte COM file challenge. They relied on undocumented behavior, and some replies on DOSBox-X (not DOSBox) and real DOS to run properly. |
|
|
Jul 6 2023, 08:13 PM
Show posts by this member only | IPv6 | Post
#18
|
|
Validating
329 posts Joined: Jun 2023
|
QUOTE(flashang @ Jun 24 2023, 10:24 PM) already submitted lua file. That day I saw this "Uncle Lua" restaurant on the way to nearby town in Cheras. may be do other language when free.  (But the photo is from Google Maps, not my own) Sorry, just kidding.  |
|
|
Jul 6 2023, 08:56 PM
|
|
Junior Member
355 posts Joined: Aug 2021
|
QUOTE(MatQuasar @ Jul 6 2023, 08:13 PM) That day I saw this "Uncle Lua" restaurant on the way to nearby town in Cheras. Just learn lua for some testing when free. (But the photo is from Google Maps, not my own) Sorry, just kidding. It's quite easy. |
|
|
Jul 8 2023, 09:22 PM
Show posts by this member only | IPv6 | Post
#20
|
|
Validating
329 posts Joined: Jun 2023
|
QUOTE(MatQuasar @ Jun 28 2023, 06:41 PM) I submitted another Linux program, 290 bytes for self-replicating file, using syscall 0 (sys_read), 1 (sys_write), 2 (sys_create for file open), 3 (sys_close), 60 (sys_exit) and 85 (sys_creat for creating file). Whoa! A security researcher beat me with his/her 158-byte ELF! I surrender! His recorded video : https :// asciinema.org/a/595560  |
|
|
Jul 9 2023, 03:53 PM
Show posts by this member only | IPv6 | Post
#21
|
|
Validating
329 posts Joined: Jun 2023
|
I saw two different Python entries:
66 bytes CODE o,p,f=open,print,'4';p(f);p(*o(__file__,'r'),file=o(f,'w'),end='') 49 bytes CODE import shutil as s s.copy2(__file__,'4') print(4) The latter wins! But please don't send these to BGGP4, because they already submitted them. |
|
|
Jul 9 2023, 04:22 PM
|
|
Probation
9 posts Joined: Aug 2021
|
bat file CODE copy %0 4 echo 4 MatQuasar liked this post
|
|
|
Jul 9 2023, 05:07 PM
Show posts by this member only | IPv6 | Post
#23
|
|
Validating
329 posts Joined: Jun 2023
|
QUOTE(epud2 @ Jul 9 2023, 04:22 PM) bat file Good! CODE copy %0 4 echo 4  Maybe now you can try other scripting / programming language. |
|
|
Jul 10 2023, 03:45 AM
Show posts by this member only | IPv6 | Post
#24
|
|
Validating
329 posts Joined: Jun 2023
|
QUOTE(epud2 @ Jul 9 2023, 04:22 PM) bat file But.... it can be improved to meet contest requirement just to print '4'.CODE copy %0 4 echo 4 Currently when running this bat file, it prints the command itself and also the message '1 file(s) copied'. To avoid that, you can refer to my previous code at page 1, Send "copy %0 4 > nul' to nul device to hide the "1 file(s) copied" message. Then prefix each command with alias symbol "@echo 4" to hide the command. Actually I also learn from that guy, if without first referring to his code, my batch script will also look like yours. Hehe This post has been edited by MatQuasar: Aug 19 2023, 03:06 AM epud2 liked this post
|
|
|
Jul 10 2023, 08:59 PM
|
|
Probation
9 posts Joined: Aug 2021
|
32bit elf binary 171 bytes
It is the same as batch script, relying on external program to do replicating. CODE format ELF executable 3 segment readable executable entry main main: push ebp mov ebp, esp ;sub esp,0xc mov ebx, bash ;save 1 bytes instead of lea push arg2 ;push operation save more bytes than mov push arg1 ;push arg1;this is arg0 push ebx ; ;------------------------------- ;mov has been replaced with push ;mov edi, arg1 ;this is arg0 but it can be anything ;use arg1 as arg0 to save few bytes ;mov [ebp-0xc],edi ;mov edi, arg1 ;mov [ebp-0x8],edi ;mov edi, arg2 ;xchg [ebp-0x4],edi;use 3 bytes same as mov operation ;--------------------------------- mov ecx,esp ;args for bash ;no need to zero out edx ;at beginning most register 0 value ;xor edx,edx ;env variable = null ;no need to zero out eax ;xor eax,eax ;save 1 byte instead of mov eax,1 mov al,11 ;execve int 0x80 ;syscall ;no need to call exit because the way execve behave ?? ;mov eax, 1 ;xor ebx, ebx ;int 0x80 segment readable writable ;arg0 db '',0 ;no longer needed arg1 db '-c',0 arg2 db 'cp a 4 && echo 4',0 bash db '/bin/bash', 0 |
|
|
Jul 10 2023, 09:11 PM
Show posts by this member only | IPv6 | Post
#26
|
|
Validating
329 posts Joined: Jun 2023
|
QUOTE(epud2 @ Jul 10 2023, 08:59 PM) 32bit elf binary 171 bytes Wow, nice! Didn't know LYN forum has Linux assembly coder, your binary is indeed 171 bytes and pose a challenge to the 158-byte record set by the security researcher.It is the same as batch script, relying on external program to do replicating. CODE format ELF executable 3 segment readable executable entry main main: push ebp mov ebp, esp ;sub esp,0xc mov ebx, bash ;save 1 bytes instead of lea push arg2 ;push operation save more bytes than mov push arg1 ;push arg1;this is arg0 push ebx ; ;------------------------------- ;mov has been replaced with push ;mov edi, arg1 ;this is arg0 but it can be anything ;use arg1 as arg0 to save few bytes ;mov [ebp-0xc],edi ;mov edi, arg1 ;mov [ebp-0x8],edi ;mov edi, arg2 ;xchg [ebp-0x4],edi;use 3 bytes same as mov operation ;--------------------------------- mov ecx,esp ;args for bash ;no need to zero out edx ;at beginning most register 0 value ;xor edx,edx ;env variable = null ;no need to zero out eax ;xor eax,eax ;save 1 byte instead of mov eax,1 mov al,11 ;execve int 0x80 ;syscall ;no need to call exit because the way execve behave ?? ;mov eax, 1 ;xor ebx, ebx ;int 0x80 segment readable writable ;arg0 db '',0;no longer needed arg1 db '-c',0 arg2 db 'cp a 4 && echo 4',0 bash db '/bin/bash', 0 I haven't looked into detail, but when I run it in WSL (Ubuntu 22.04.2 LTS), I got this error: CODE boo@DESKTOP-1V5DHQJ:/mnt/c/Users/BOO/Projects$ ./a -bash: ./a: cannot execute binary file: Exec format error From your arg2, I think must name the program as "a"? A very nice attempt, you should send this entry to BGGP4. |
|
|
Jul 10 2023, 09:19 PM
Show posts by this member only | IPv6 | Post
#27
|
|
Validating
329 posts Joined: Jun 2023
|
QUOTE(epud2 @ Jul 10 2023, 08:59 PM) 32bit elf binary 171 bytes Hey, epud2! I think you can save a lot more, by using just one segment, you can move the arg* declaration after (below) "int 0x80", but make sure you set the first segment as "writeable" also.It is the same as batch script, relying on external program to do replicating. CODE format ELF executable 3 segment readable executable entry main ....... segment readable writable That way you beat the 158-byte smallest ELF record! (A program header is about 56 bytes in 64-bit ELF, don't know about 32-bit ELF, or how many more bytes you can save) |
|
|
Jul 11 2023, 05:11 PM
Show posts by this member only | IPv6 | Post
#28
|
|
Validating
329 posts Joined: Jun 2023
|
@epud2, I try to find out why the error when I run it, this is the stripped-down version to 118 bytes from yours:
CODE format ELF executable 3 segment readable executable writeable entry $ mov ebx, bash mov ecx, arg mov al, 11 int 0x80 arg db '-c "echo 4"',0 bash db '/bin/sh',0 Again, when I run it, it says cannot execute the "a" program (I named it as "a") instead of /bin/bash or /bin/sh: CODE boo@DESKTOP-1V5DHQJ:/mnt/c/Users/BOO/Projects$ strace ./a execve("./a", ["./a"], 0x7fffd638d550 /* 18 vars */) = -1 ENOEXEC (Exec format error) strace: exec: Exec format error +++ exited with 1 +++ Strange is it, it tries to execute the current calling program. |
|
|
Jul 11 2023, 10:12 PM
|
|
Probation
9 posts Joined: Aug 2021
|
QUOTE(MatQuasar @ Jul 10 2023, 09:11 PM) Wow, nice! Didn't know LYN forum has Linux assembly coder, your binary is indeed 171 bytes and pose a challenge to the 158-byte record set by the security researcher. Sorry for late respondI haven't looked into detail, but when I run it in WSL (Ubuntu 22.04.2 LTS), I got this error: CODE boo@DESKTOP-1V5DHQJ:/mnt/c/Users/BOO/Projects$ ./a -bash: ./a: cannot execute binary file: Exec format error From your arg2, I think must name the program as "a"? A very nice attempt, you should send this entry to BGGP4. I ran the binary on wsl it works fine.Not sure why it didn't work on your machine. I'm not professional coder nor do I have deep understanding of linux. Maybe someone else can figure out why it didn't work on your machine The code do has limitations. Filename must be 'a' and current working directory must be the same as where the binary is. My aim was to get the binary as small as possible while making sure the application still works (at least on my machine) even though if it is just for the happy path only. In that code if execve fails the next instruction will run and causes weird behaviour because I didn't call exit. I have no intention to participate, you can post the code/binary if you want.I'm not sure if the code meet entry requirement though, I just do it for my own satisfaction to see if I can do it how far I can go. Plus it seems to not working on every machine. I did as you suggested and managed to get it down to 139 bytes. This is the nice thing about sharing knowledge. I wouldn't have known what you suggested was possible. New code following your suggestion CODE format ELF executable 3 segment readable writable executable entry main main: push ebp mov ebp, esp mov ebx, bash push arg2 push arg1 push ebx mov ecx,esp ;args for bash mov al,11 ;execve int 0x80 ;syscall arg1 db '-c',0 arg2 db 'cp a 4 && echo 4',0 bash db '/bin/bash', 0 QUOTE(MatQuasar @ Jul 11 2023, 05:11 PM) @epud2, I try to find out why the error when I run it, this is the stripped-down version to 118 bytes from yours: ecx should be an array of arguments. This array is the 2nd argument to execve.CODE format ELF executable 3 segment readable executable writeable entry $ mov ebx, bash mov ecx, arg mov al, 11 int 0x80 arg db '-c "echo 4"',0 bash db '/bin/sh',0 Again, when I run it, it says cannot execute the "a" program (I named it as "a") instead of /bin/bash or /bin/sh: CODE boo@DESKTOP-1V5DHQJ:/mnt/c/Users/BOO/Projects$ strace ./a execve("./a", ["./a"], 0x7fffd638d550 /* 18 vars */) = -1 ENOEXEC (Exec format error) strace: exec: Exec format error +++ exited with 1 +++ Strange is it, it tries to execute the current calling program. I had a hard time figuring how to do it in assembly Your array should look something like ["can be anything" , "-c" , "cp a 4 && echo 4"] <-- each element should be pointer to string In my code i use "bash" as 1st element to save some bytes.It can be anything mov ebx, bash <-- this put "bash" to ebx which is 1st argument to execve push ebx <-- then i use it as 1st element to array above to save few bytes '-c "echo 4"' You cant do it this way. I tried before it did not work The reason for "/bin/bash" instead of "bash" because 3rd argument of execve needs a pointer to array of env variables. In my code I set it to null to save some bytes. My guess since the PATH var is not available I need to include complete path to bash. I tried just "bash" it didn't work signatute of execve execve(executable_name, array_of_pointers_to_strings (list of arguments as I explain above), array_of_pointers_to_strings (list of env var)) execve(const char *pathname, char *const _Nullable argv[], char *const _Nullable envp[]); ** cant add link to doc because probation acc MatQuasar liked this post
|
|
|
Jul 12 2023, 02:04 AM
Show posts by this member only | IPv6 | Post
#30
|
|
Validating
329 posts Joined: Jun 2023
|
QUOTE(epud2 @ Jul 11 2023, 10:12 PM) Sorry for late respond Thanks for your kind reply. And your explanation helps. It is a pity you don't want to participate, but I am glad you are able to solve it using such a small piece of code. Much better than my 290 bytes program, hah.» Click to show Spoiler - click again to hide... « I am also amazed by what others know. No one knows everything, we need to consult in a group, and I too, always benefit by sharing my knowledge, because then other persons can show a better way to do it, or show me there is something wrong in my understanding. That said, I am amazed at the way you know how to use stack pointer efficiently, I always need some time to figure out whether stack grows downward or upward in x86 systems. Your code met the contest entry requirement, you just need to include sha256 and base64 of your binary, then link to your weiteup or/and source code. You are welcomed to submit it anytime if you change your mind later. It was nice to know you capable of doing reversing that day and doing compact ELF code yesterday. |
|
|
Jul 12 2023, 06:59 PM
Show posts by this member only | IPv6 | Post
#31
|
|
Validating
329 posts Joined: Jun 2023
|
There are a couple more file type submitted to BGGP4.
Besides following @binarygolf, you can also follow hashtag #BGGP4, because most posts were not retweeted by @binarygolf. Lastest, a self-replicating HTML, click this and be surprised: https :// remyhax.xyz/4.html (You have been warned) |
|
|
Jul 20 2023, 09:13 PM
Show posts by this member only | IPv6 | Post
#32
|
|
Validating
329 posts Joined: Jun 2023
|
The organizer of BGGP4 themselves already showcased their UEFI App that displays "4" (and replicate itself?).
 It is amazing they able to make certain registers with "44444444" like RIP (instruction pointer) I know UEFI app is also PE format, and can be done in C#, but I totally have no idea about it. |
|
|
Jul 21 2023, 08:52 AM
|
|
Junior Member
355 posts Joined: Aug 2021
|
QUOTE(MatQuasar @ Jul 9 2023, 03:53 PM) I saw two different Python entries: at the end, the shortest is "use shell to copy file and echo 4"66 bytes CODE o,p,f=open,print,'4';p(f);p(*o(__file__,'r'),file=o(f,'w'),end='') 49 bytes CODE import shutil as s s.copy2(__file__,'4') print(4) The latter wins! But please don't send these to BGGP4, because they already submitted them. and the contest become less meaningful. it become what @angch said "not as fun as it *could* be." angch liked this post
|
|
|
Jul 23 2023, 03:41 PM
Show posts by this member only | IPv6 | Post
#34
|
|
Validating
329 posts Joined: Jun 2023
|
Still one month to go before this year BGGP competition ends. Hehe.
By the way, the organizer has retweeted several submissions, so please check out your Feeds (if you follow @binarygolf) for the updates, include a even smaller Python script submission! |
|
|
Jul 23 2023, 07:06 PM
Show posts by this member only | IPv6 | Post
#35
|
|
Validating
329 posts Joined: Jun 2023
|
QUOTE(flashang @ Jul 21 2023, 08:52 AM) at the end, the shortest is "use shell to copy file and echo 4" True, maybe only except HTML:and the contest become less meaningful. it become what @angch said "not as fun as it *could* be." CODE <body/><script>d=document;e=d.createElement('a');s='setAttribute';i='innerHTML';e[s]('href','data:application/o;,'+'<body/>'+d.body[i]);d.body[i]=4;e[s]('download',4);e.click()</script> I think that is very advanced code for average programmer like me.  |
|
|
Jul 24 2023, 10:53 AM
|
|
Junior Member
355 posts Joined: Aug 2021
|
QUOTE(MatQuasar @ Jul 23 2023, 07:06 PM) True, maybe only except HTML: for web developer, CODE <body/><script>d=document;e=d.createElement('a');s='setAttribute';i='innerHTML';e[s]('href','data:application/o;,'+'<body/>'+d.body[i]);d.body[i]=4;e[s]('download',4);e.click()</script> I think that is very advanced code for average programmer like me. familiar with dom, js dynamic create object / action, it is not that hard. |
|
|
Jul 24 2023, 02:26 PM
|
|
Junior Member
636 posts Joined: Jul 2006
|
QUOTE(flashang @ Jul 24 2023, 10:53 AM) for web developer, Quine. Clever use of s='setAttribute' to minimize characters, using e[s]() to call it instead of e.setAttribute().familiar with dom, js dynamic create object / action, it is not that hard. Very nice. |
|
|
Jul 28 2023, 04:16 PM
Show posts by this member only | IPv6 | Post
#38
|
|
Validating
329 posts Joined: Jun 2023
|
This is even shorter than the official shell script example: CODE cp $0 4;ls 4 https://rap.sh/Shell_Script_Golf The official example is 2 bytes longer: CODE cp $0 4;echo 4 Walau.... angch liked this post
|
|
|
Jul 31 2023, 03:19 AM
Show posts by this member only | IPv6 | Post
#39
|
|
Validating
329 posts Joined: Jun 2023
|
A software developer at Google also participated BGGP4 with his 110 byte ELF32.
https://github.com/CianLR/bggp4 |
|
|
Jul 31 2023, 09:01 PM
Show posts by this member only | IPv6 | Post
#40
|
|
Validating
329 posts Joined: Jun 2023
|
It is possible to do self-replicating GIF, by referring to this article by Google Project Zero.
What is Project Zero: QUOTE Formed in 2014, Project Zero is a team of security researchers at Google who study zero-day vulnerabilities in the hardware and software systems that are depended upon by users around the world. Our mission is to make the discovery and exploitation of security vulnerabilities more difficult, and to significantly improve the safety and security of the Internet for everyone. We perform vulnerability research on popular software like mobile operating systems, web browsers, and open source libraries. We use the results from this research to patch serious security vulnerabilities, to improve our understanding of how exploit-based attacks work, and to drive long-term structural improvements to security. The article: https://googleprojectzero.blogspot.com/2022...box-escape.html |
|
|
Jul 31 2023, 09:12 PM
Show posts by this member only | IPv6 | Post
#41
|
|
Validating
329 posts Joined: Jun 2023
|
QUOTE(MatQuasar @ Jul 3 2023, 09:11 AM) I sent another entry, this time is DLL..... Found a DLL entry for BGGP4 by a user on Mastodon:QUOTE Dn-FamiTracker-dll-hijack BGGP4 Submission https://binary.golf/ Produce exactly 1 copy of itself ✅ Name the copy "4" ✅ Not execute the copied file ✅ Print, return, or display the number 4 ✅ Size: 19456 bggp4.dll (pretty big for a dll?) Dn-FamiTracker v0.5.0.1 contains an undocumented plugins feature. https://github.com/Dn-Programming-Core-Mana...racker/releases Step 1. Download and unzip Dn-FamiTracker v0.5.0.1 Step 2. Create a folder called Plugins in the same directory as the exe Step 3. Place attached DLL in the folder, name it bggp4.dll Step 4. Launch Dn-Famitracker https://github.com/eatscrayon/Dn-FamiTracker-dll-hijack Mine is only 3KB! His/Hers is 19KB, I win!!!  But I understand that it is a hijack, his/her DLL has exported function only known to Dn-FamiTracker: CODE ; fasm1 autogenerated include ; builder script: "export.cmd" ; library bggp4.dll, "C:\FASMW\bggp4.dll" import bggp4.dll,\ file_exists, "file_exists" I tried running "rundll32 bggp4.dll, file_exists" but it doesn't work that way. Check out more on : https://haunted.computer/tags/BGGP4 on Mastodon, or https://twitter.com/hashtag/BGGP4 on Twitter. ---- International visitors might see this thread if searched from Google, currently listed as no. 2 in search result using keyword "bggp4". This post has been edited by MatQuasar: Aug 6 2023, 05:45 PM |
|
|
Aug 19 2023, 03:11 AM
Show posts by this member only | IPv6 | Post
#42
|
|
Validating
329 posts Joined: Jun 2023
|
The competition is ending soon, still 6 days left.
The organizer of BGGP said they might migrate @binarygolf account from Twitter to Mastodon in the future. Sad news is @junyian is not participating as he is busy with his day job. --- Update: 3 days left until deadline. Can't wait to see the result on netspooky's GitHub BGGP repo. I hope to see @angch, @flashang, @bitRAKE (from other forum) in this year's BGGP competition. This post has been edited by MatQuasar: Aug 22 2023, 09:59 PM |
|
|
Aug 22 2023, 10:03 PM
Show posts by this member only | IPv6 | Post
#43
|
|
Validating
329 posts Joined: Jun 2023
|
Here is the video "DN-Famitracker Plugin #BGGP4" by eatscrayon (He/she is a hacker)
|
|
|
Aug 24 2023, 05:43 PM
Show posts by this member only | IPv6 | Post
#44
|
|
Validating
329 posts Joined: Jun 2023
|
The competition is not ending tomorrow, but it has been extended for another two weeks.
The organizer said this year entries is more than twice as much as last year, last year about 30 submission, so this year 60+ submission is expected, wah..... Me alone had submitted 3 entries.... Update (for those not on Twitter or Mastodon following @binarygolf)  EDIT: To visit their Mastodon profile, type in URL like this https://haunted.computer/@binarygolf This post has been edited by MatQuasar: Aug 24 2023, 09:20 PM |
|
|
Sep 4 2023, 06:41 PM
Show posts by this member only | IPv6 | Post
#45
|
|
Validating
329 posts Joined: Jun 2023
|
Some notes by organizer of BGGP worths reading
 https://haunted.computer/@netspooky/111053550813845300  Reposted from : https://haunted.computer/@binarygolf/111054125124497417 This post has been edited by MatQuasar: Sep 26 2023, 05:03 PM |
|
|
Sep 22 2023, 03:31 PM
Show posts by this member only | IPv6 | Post
#46
|
|
Validating
329 posts Joined: Jun 2023
|
Result is expected to be uploaded to the organizer's GitHub repo:
https://github.com/netspooky/BGGP It has not been announced yet, so perhaps anyone eagerly waiting can check the GitHub repo above for "2023" folder in the next few days for BGGP4 result. ---- https://xcellerator.github.io/posts/bggp4/ says: QUOTE Similar to previous years, I didn’t actually submit any of these entries for scoring as I actually help out with scoring other people’s entries with the Binary Golf Association. So xcellerator, a smart guy in Linux kernel hacking and tmp.0ut 1:1 contributor, was not participating BGGP3 and BGGP4 even though he had entries / write-ups for them. He is joining netspooky to score our entries, nice one! This post has been edited by MatQuasar: Sep 26 2023, 05:05 PM |
|
|
Oct 28 2023, 05:41 PM
Show posts by this member only | IPv6 | Post
#47
|
|
Validating
329 posts Joined: Jun 2023
|
QUOTE(flashang @ Jul 6 2023, 08:56 PM) Just learn lua for some testing when free. It is certainly nice to see you latest work: https://github.com/Flash-ang/lua-mod using Lua . It's quite easy. But I am not familiar with web server, so have no clue how to run it. flashang liked this post
|
|
|
Oct 31 2023, 01:04 PM
Show posts by this member only | IPv6 | Post
#48
|
|
Validating
329 posts Joined: Jun 2023
|
Finally, results have been announced 4 hours ago on:
https://github.com/binarygolf/BGGP/tree/main/2023 |
|
|
Oct 31 2023, 01:10 PM
Show posts by this member only | IPv6 | Post
#49
|
|
Validating
329 posts Joined: Jun 2023
|
QUOTE(flashang @ Jun 24 2023, 10:24 PM) already submitted lua file. may be do other language when free.  Woohoo, you won the Lua category! You're No. 2 in PHP category. Not bad! And you ranked No. 2 in Python.....  This post has been edited by MatQuasar: Oct 31 2023, 01:15 PM |
|
|
Oct 31 2023, 01:13 PM
Show posts by this member only | IPv6 | Post
#50
|
|
Validating
329 posts Joined: Jun 2023
|
I won the PE category! Yuppy! My ELF, however, ranked the last.  Link to my PE write-up: How to create 1024-byte PE for BGGP4 code golf ( https://forum.lowyat.net/topic/5406205 ) This post has been edited by MatQuasar: Oct 31 2023, 01:50 PM flashang liked this post
|
|
|
Oct 31 2023, 03:59 PM
Show posts by this member only | IPv6 | Post
#51
|
|
Validating
329 posts Joined: Jun 2023
|
 I ranked last in ELF64.... CianLR is a Google software developer, according to his/her GitHub profile. flashang liked this post
|
|
|
Oct 31 2023, 05:19 PM
|
|
Junior Member
355 posts Joined: Aug 2021
|
QUOTE(MatQuasar @ Oct 31 2023, 01:10 PM) Woohoo, you won the Lua category! You're No. 2 in PHP category. Not bad! And you ranked No. 2 in Python..... all using the same method, call shell to copy, remove any extra space... This post has been edited by flashang: Oct 31 2023, 05:21 PM MatQuasar liked this post
|
|
|
Dec 9 2023, 05:46 PM
Show posts by this member only | IPv6 | Post
#53
|
|
Validating
329 posts Joined: Jun 2023
|
I plan to reverse ic3queen's UEFI App in the next few weeks, I will then publish my finding on here.
But then I haven't even try to create "Hello,world " UEFI App..... Stay tuned. https://haunted.computer/@ic3qu33n@infosec....044987010309755 QUOTE Yo @binarygolf, here’s my entry 0 for BGGP4 — a self-replicating UEFI app.
This is the first submission of the collab entry that I’m working on w @netspooky We’ll be golfing this lil self-rep app so expect smaller and smaller entries to follow. Entry 0 is a UEFI self-rep app I wrote in nasm-syntax x86 asm (1480 bytes) xoxo: *** TVoAAVBFAABkhgMAAAAAAAAAAAAAAAAAoAAGAgsCAAD7AgAAzAAAAAAAAAAAAgAAAAIAAAAAAAAAAAAABAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAyAUAAAACAAAAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAAPsCAAAAAgAA+wIAAAACAAAAAAAAAAAAAAAAAAAgAFBgLmRhdGEAAADMAAAA/AQAAMwAAAD8BAAAAAAAAAAAAAAAAAAAQAAA0C5yZWxvYwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABVSInlSIHswAAAAEiJDQIDAABIiRXjAgAASIsd3AIAAEiLW2BIiR3ZAgAASIsFygIAAEiLQEBIiQXPAgAASIsdwAIAAEiLu5gAAABIiw3CAgAATI0FwwIAAMdFwKExG1tmx0XEYpVmx0XG0hFIuI4/AKDJaXI7SIlFyEiNVcBMiw2PAgAAU//XW0iDOAB1JkiLBYYCAABIi1gYSIkdgwIAAEiLBXQCAABIi1hISIkdeQIAAOsiTI0t2gIAAOgFAAAA6SwCAABMiepIiw08AgAASItBCP/Qw0iLHSYCAABIiw0/AgAAx0WgIltOlmbHRaRZZGbHRabSEUi4jjkAoMlpcjtIiUWoSI1VoEyNBSsCAABMiw38AQAATTHSSIuDmAAAALsBAAAAU//QW0iDOAB1hEiLBQQCAABIi0AISIsN+QEAAEiNFeoBAAD/0EiJRfhIg334AA+FWv///0iLBdIBAABIi0AISIsNxwEAAEiNFdABAABMjQXxAQAAQbkBAAAATTHS/9BIiUX4SIN9+AAPhSD///9IiwWYAQAASItACEiLDY0BAABIx0WIAAAAAEiNVYhMjQXYAQAASbkDAAAAAAAAgEjHRCQgAAAAAP/QSIlF+EiDffgAD4XX/v//SItFiEiJBWMBAABIiwUUAQAASItAQEiLDWkBAABIixUqAQAATI0FSwEAAP/QSIlF+EiDffgAD4Wb/v//SIsFIwEAAEiLQCBIiw0YAQAASI0V+QAAAEyLBRoBAAD/0EiJRfhIg334AA+Fav7//0iLBfoAAABIi0AoSIsN7wAAAEiNFcgAAABMiwXpAAAA/9BIiUX4SIN9+AAPhTn+///rAEyNLTsBAADoPP7//+scTInoSItAEEyJ6f/QSIlF+EiDffgAD4UO/v//w0yLLZ0AAADo2P///0iLHUkAAABIi0NISIsNjgAAAP/QSIlF+EiDffgAD4Xe/f//TIstZgAAAOip////TTHtTIstRwAAAOia////SIHEwAAAAF3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcAHMAZQBsAGYALQByAGUAcAAtAGcAbwBsAGYALgBlAGYAaQAAADQAAAB1AGgAIABvAGgAaABoACAARQBGAEkAIABlAHIAcgBvAHIAIAANAAoAAAA0AA0ACgAAAA== This post has been edited by MatQuasar: Dec 9 2023, 05:47 PM |
|
|
Dec 10 2023, 02:35 AM
Show posts by this member only | IPv6 | Post
#54
|
|
Validating
329 posts Joined: Jun 2023
|
This is an update to the ic3queen UEFI app, I try to run it from EFI Shell within QEMU.
Looks like it is not successful. No new file created.  This is the command line I used: CODE "C:\Program Files\qemu\qemu-system-x86_64" -bios OVMF.fd -hda fat:rw:LYN/ I downloaded OVMF.fd from the Internet, it is an emulated UEFI firmware for virtual machine. A fast hexdump to the ic3queen.EFI executable found that there is no DOS Stub, just MZ signature followed by PE header. Wow. Is there anything wrong with my settings? This post has been edited by MatQuasar: Dec 10 2023, 03:23 AM |
|
|
Dec 10 2023, 01:02 PM
Show posts by this member only | IPv6 | Post
#55
|
|
Validating
329 posts Joined: Jun 2023
|
Ah, finally I solved the ic3queen's problem. I know why it didn't work previously.
From disassembler by IDA Free, I found a path name called "\\self-rep-golf.efi", which means the EFI app must be named exactly that.  Now it works as expected:  And from hexdump again, I can see 3 sections: code, data and reloc(ation). Puzzle solved! |
|
|
Dec 11 2023, 10:00 PM
Show posts by this member only | IPv6 | Post
#56
|
|
Validating
329 posts Joined: Jun 2023
|
Another UEFI app entry for BGGP4 is by a German, written in Rust, reduced to 7KB in size from 40KB. But he/she didn't win the smallest UEFI category, because ic3queen's is only 1,480 bytes (written in NASM).
https://www.ytvwld.de/blog/bggp23.html  |
| Change to: |  0.0555sec
 0.54
 5 queries
 GZIP Disabled
Time is now: 24th December 2025 - 08:46 PM |
Quote