This is the web page for Gianni Tedesco <gianni at scaramanga
dot co dot uk>. By accessing this website, you are agreeing to the terms
of the secret agreement. Refusing these terms indicates acceptance of terms.
I've been programming in C on Linux for around 20 years for fun and profit.
More recently I have taken up python programming.
I write a very-occasional blog
where I discuss programming techniques or where I disclose vulnerabilities in
open source software which I have discovered along my journey.
There are a few projects on my
github page that are not
covered on this site.
- The snatch Network Intrusion Detection System
- An experimental IDS rule evaluation engine. It features a
decision-tree based rule optimiser and compiles rules in to x86-64
machine code. Intel's hyperscan is used for string matching.
- Firestorm Network Intrusion Detection System
- A high performance modular network intrusion detection system.
This project is, essentially, redundant now that Suricata exists.
- N.A.D.S. (Normalized Attack Detection System) is an
HTTP normalization library and squid ACL helper.
- Was a cdb-inspired hash-file but has evolved in to an experimental
RDBMS for OLAP-style workloads. First I tried a volcano style query
executor and then experimented with bytecode evaluation and then,
finally, JIT compilation.
- An earlier work on a write-once query-many database system. It
consists of tables and indexes for append-only record-structured files.
Physical operators are provided which could be plugged in to a planner.
Operating Systems and Virtualization
- The Hierophant. A Legacy-free 64bit kernel with SMP support.
- 32bit multiboot OS kernel with virtual memory for IA32 (PC/AT).
- PCI Host Proxy Support for QEMU
- I wrote an early version of PCI passthrough as a hack for qemu back
before it was really possible to handle interrupts and DMA because MSI
and IOMMU hardware had not been invented yet.
- USB Support for QEMU
- I wrote the initial code for USB OHCI emulation in qemu. I ended up
developing this in to the USB stack for a commercial virtualisation
product which is now owned by some kind of evil tax-dodging tech
- I was a contributor to the libxenlight toolstack in Xen
- I developed code at Bromium for converting physical disk images on
windows laptop to virtual-machine disk images efficiently.
- CCID Utils
- A USB CCID (smartcard device) driver and interactive shell.
Includes a graphical interface for credit/debit cards based on the
EMV specification and a basic GSM SIM card utility.
- A driver and set of tools for the ACG HF MultiISO RFID reader.
- A language for generating BER decoders. It's different from an ASN.1
compiler in that it's much simpler and it only deals with BER
encoded messages. It is intended for smartcard and RFID applications
where much of the data stored on these devices is, in-fact, BER
encoded TLV data. The language is designed to be very similar to the
template definitions found in the specifications for smartcard and
- An alternative client for the BrettSpielWelt Funkenschlag/PowerGrid
game writtin in python using GTK+3
- An irc based nuclear war game
- An extremely unfair tetrinet bot which will anihilate any competitor
in a (configurably) short span of time. Trash-talk IS included :)
- An online monopoly-playing bot implemeted in python and using numpy.
It used some numerical methods, like eigenvector centrality, to
determine steady-state probabilities for landing on any given square
while playing monopoly. The idea is that it would use these, along with
some basic rules, to play the game. The probabilities could be used to
calculate expected takings and payouts which can be used to inform the
decision of whether to remain in jail (RIJ) or leave jail (LJ) and also
whether a trade is worth taking or not.
- I've had a brief, and lucky, career as a blackjack player. I've written
some code to calculate optimal strategies and to simulate various
card-counting strategies. And also some tools to aid in memorisation of
such strategies, although they'd be better-off employing targetted
spaced-repeition. They do however contain some interesting
representations of the blackjack state-space and basic statistical
concepts. I'll post them here eventually.
HFT and Algorithmic Trading
I spent a brief time working on high-frequency trading of
derivatives. Whenever I get a moment, I've been looking at real-time order-flow
reconstruction from direct-market-access TAQ price feeds. This is sort of the
opposite of what matching engines do. We see new trades and quotes, and we use
this to infer the sequence of operations happening on the customer-side. Doing
this is basically data-cleaning for developing short-term predictions of the
possibility of taking the spread - which is a way of managing risk for
automated market makers.
- I began a project reverse-engineering the
pokerstars protocol. A number
of technical challenged had to be overcome to do this. Firstly the
protocol is SSL encrypted. I worked around this by using a debugger
and a hex editor to
patch the binary
so that the certificate was not checked. I then developed an
SSL man-in-the middle proxy
and used network address translation to force the pokerstars client to
connect to that rather than directly to the official servers. At this
point I was able to observe the traffic going back and forth between
the client and server. However after an initial exchange of messages,
all communications were compressed. By examining strings in the binary I
guessed that the LZHL algorithm was being used for this. A further
search within the binary for LZHL lookup tables confirmed this. However
I was never able to get my decompressor to work fully. Some of the data
is decompressed fine but for some reason there are "holes" in
the output consisting of all zero bytes. Perhaps some brave soul can
figure this out and apply it to the latest version of pokerstars. This
code is some 5 years old. I have some example log files:
- parses intrushield signatures out of some binary file retrieved from
the appliances disk image. Unfortunately this code is so old
(intrushield is now McAfee Secure something-or-other platform) that I
have forgotten the exact details. But the
output gives you a rough
idea of the time investment and consideration that was put in to the
- Queries websense servers
using WISP. You can also get
tcpdump captures of some
WISP traffic if you are interested.
- Broadcom BCM94306 802.11g Adapter
- Some data logs and information about the BCM94306 card, I was aiming
to write a full specification but the b43 driver came along. I think
they used my data-logs to extract the firmware blob though ;)
- This is a graphical decompiler and reverse engineering toolkit that I
work on now and then. I am developing some patent-not-pending
techniques for retreiving C source code from machine code (as close as
is possible) as well as other things. I have also written an x86
control flow graph generator and a GNOME based binary level debugger
for PowerPC using ptrace. You can see the
main window and
- act.c and
- Allow you to extract data from Symantec ACT! databases. I started
turning the code in to a GUI called fuct.
Code-Fu and Historical Stuff..
- Firewall Monitor (Linux only)
- A firewall monitor for Linux kernels, can dump full packets to
tcpdump files or hex dump to screen.
- Generate prime numbers using Eratosthenes sieve. Implemented using a
bit-vector making it a little less sensitive to cache timings and
- A FAST and lean packet sniffer for Linux (mmap() packet socket),
slightly stolen from Alexey Kuznetzov ;)
- A program which checks the strength of passwords read from stdin.
Requires cracklib (-lcrack)
- A tool which displays which pages of a file are in the kernels page
cache utilising the mincore(2) system call.
Copyright (c) Your Mom. 536 AD. All rights reversed.