This is the web page for Gianni Tedesco <gianni at scaramanga
dot co dot uk> by accessing this website, you are agreeing to the terms
of the secret agreement. Refusing these terms indicates acceptance of terms.
These days I am freelancing but before that I was a bromide after a stint as a xen hacker. Before that I was mostly working on smartcard and RFID related
projects. I was also still active in developing an intrusion detection
system and a library for creating and querying constant
databases. I have also become a hacker cliche by beginning work on a
small, high-performance web
server for hosting static content. More on this at a later date. I am also
working on a toy operating system kernel called scaraOS.
I no longer accept communications encrypted with my
public GPG Key (ID: 8646BE7D)
since that bitch is revoked.
You might find a more up to date account of what I am working on
via my github page.
If you like or use any of the software on this site you can donate
some money towards the development effort:
With free software you have freedom!
- Firestorm Network Intrusion Detection System
- A high performance modular network intrusion detection system.
This project has been inactive for a while but a new version is in
the pipeline. Watch this space...
- CCID Utils
- A USB CCID (smartcard device) driver and interactive shell.
Includes a graphical interface for credit/debit cards based on the
EMV specification and a basic GSM SIM card utility.
- A driver and set of tools for the ACG HF MultiISO RFID reader.
- A language for generating BER decoders. It's different from an ASN.1
compiler in that it's much simpler and it only deals with BER
encoded messages. It is intended for smartcard and RFID applications
where much of the data stored on these devices is, in-fact, BER
encoded TLV data. The language is designed to be very similar to the
template definitions found in the specifications for smartcard and
- 32bit multiboot OS kernel with virtual memory for IA32 (PC/AT).
- Skunk DB
- A constant database for mapping string or integer values to integer
- An irc based nuclear war game
- An extremely unfair tetrinet bot which will anihilate any competitor
in a (configurably) short span of time. Trash-talk IS included :)
- N.A.D.S. (Normalized Attack Detection System) is an
HTTP normalization library and squid ACL helper.
- A library for creating and querying constant databases. Constant
databases are important for a wide range of applications where
databases are very infrequently modified but very frequently accessed.
They have the oppertunity to make very extensive optimizations compared
to read/write databases. They allow many clients to simultaneously
access the database without any locking or synchronisation.
But it's mostly on hiatus while I explore other kinds of data
structures and algorithms.
- PCI Host Proxy Support for QEMU
- The worlds sexiest PC emulator can now use real PCI devices inside
the virtual machine (while also logging data sent back and forth
across the virtual PCI bus).
- I began a project reverse-engineering the
pokerstars protocol. A number
of technical challenged had to be overcome to do this. Firstly the
protocol is SSL encrypted. I worked around this by using a debugger
and a hex editor to
patch the binary
so that the certificate was not checked. I then developed an
SSL man-in-the middle proxy
and used network address translation to force the pokerstars client to
connect to that rather than directly to the official servers. At this
point I was able to observe the traffic going back and forth between
the client and server. However after an initial exchange of messages,
all communications were compressed. By examining strings in the binary I
guessed that the LZHL algorithm was being used for this. A further
search within the binary for LZHL lookup tables confirmed this. However
I was never able to get my decompressor to work fully. Some of the data
is decompressed fine but for some reason there are "holes" in
the output consisting of all zero bytes. Perhaps some brave soul can
figure this out and apply it to the latest version of pokerstars. This
code is some 5 years old. I have some example log files:
- parses intrushield signatures out of some binary file retrieved from
the appliances disk image. Unfortunately this code is so old
(intrushield is now McAfee Secure something-or-other platform) that I
have forgotten the exact details. But the
output gives you a rough
idea of the time investment and consideration that was put in to the
- Queries websense servers
using WISP. You can also get
tcpdump captures of some
WISP traffic if you are interested.
- Broadcom BCM94306 802.11g Adapter
- Some data logs and information about the BCM94306 card, I was aiming
to write a full specification but the b43 driver came along. I think
they used my data-logs to extract the firmware blob though ;)
- This is a graphical decompiler and reverse engineering toolkit that I
work on now and then. I am developing some patent-not-pending
techniques for retreiving C source code from machine code (as close as
is possible) as well as other things. I have also written an x86
control flow graph generator and a GNOME based binary level debugger
for PowerPC using ptrace. You can see the
main window and
- act.c and
- Allow you to extract data from Symantec ACT! databases. I started
turning the code in to a GUI called fuct.
Code-Fu and Other Stuff..
- USB Support for QEMU
- I wrote the initial code for USB OHCI emulation in qemu
- Firewall Monitor (Linux only)
- A firewall monitor for Linux kernels, can dump full packets to
tcpdump files or hex dump to screen.
- Generate prime numbers using Eratosthenes sieve. Implemented using a
bit-vector making it a little less sensitive to cache timings and
- A simple red-black tree implementation. The left and right handed
versions of the various tree rotation algorithms have been folded in
to both-handed functions by using the XOR operator. This technique is
important because the code size is halved meaning more efficient use
of CPU instruction caches not to mention simplicity of implementation.
- A FAST and lean packet sniffer for Linux (mmap() packet socket),
slightly stolen from Alexey Kuznetzov ;)
- A program which generates strong random passwords from the system
entropy pool. Probably pwgen does this just as well these days?
- A program which checks the strength of passwords read from stdin.
Requires cracklib (-lcrack)
- A tool which displays which pages of a file are in the kernels page
cache utilising the mincore(2) system call.
- Adds support for capturing packets in promiscous mode in netfilter
(iptables). I am not sure what sort of nefariuous use one might apply
- allows you to specifiy a GID (via. /proc/sys/net/ipv4/tproxy_gid) to
allow access to the linux TPROXY functions. Applies on 2.4.21 +
- hardware SSL acceleration for squid 2.5
- Linux transparent proxy support for squid 2.5
- And for squid 3.0 CVS branch
- Fibonacci string hashing function for squid 3.0 (benchmark it for
- GP32 stuff
- Defunct GP32 utilities...
All the tools I use in my hacking work
- vim - I do most of my
stuff in vim, I find it to be a really efficient text editor for
- I compile all my code with GNU GCC,
a portable C compiler, and use GNU binutils for a linker etc..
- I might recommend Anjuta,
a free IDE for the GNOME desktop (similar to KDevelop).
- I quite often program in python,
a cross-platform interpreted object oriented language.
- The GNU binutils
are VERY useful.
- I love GNU diffutils for creating
but it's almost a thing of the past now that git has come along.
- I used to use CVS for version control.
- Then I used subversion.
- But now I use git.
- Qemu is a binary code
translator that pwns vmware for things like reverse engineering all kinds of
- KVM is based om qemu and uses VT extention
of your CPU if you have a modern bling computer.
Copyright (c) Spanish Inquisition 1478-1834. All rights reversed.