A. A. Ortega's software projects
Hi! I am living in Buenos Aires, Argentina. Programming is my hobby (And my work too) but that's not what I say in parties, because thats boring. I usually say that I'm a penguin rescuer and nature-figther from Patagonia, that is of course false, as I hate many birds including penguins. But I like stuff like security and error correction codes. Here you will find links to my several open source projects. Every critic is welcomed, and ignored.
- My best project so far (More than 650 downloads wow!) , a tiny OS for the PIC18 plataform Picix
- SmartMap (J2ME, for cell phones). This is not my best project in my opinion, but it has >200 downloads per day, so surely is the most popular.
- GDB Patches, some small gdb patches to add functionality and missing commands.
- Google Android Debugging Utilites, including gdb, strace and bash, indispensable tools for android hax0ring.
- My FPGA page, some projects involving a not very small FPGA that i bought some time ago.
- I have crafted my own linux distro for this board, I call it: virtex-linux !
- Some heavy algorithms implemented on a couple of tiny and slow devices:
- PIC18 RSA, implementation of the RSA public-key algorithm for PIC18 and dsPIC30 microcontrollers.
- Reed Solomon, implementation of the Reed Solomon error correction scheme, for PIC18 and dsPIC30 devices.
- Eccchain - Error correction chain, this is a simulator for my thesis project
- Talks and articles that I managed to appear or contribute in some way.
- Vacuum Tube Headphone Amp, a retro-hardware project.
I have discovered and exploited some security bugs in current and past jobs. My speciality is open-source software vulnerabilities:
- ProFTPD "mod_ctrld" privilege scalation
- Synce Remote command Injection (Oren Isacson did the exploit in this one)
- Firebird Multiple Vulnerabilites (Did some research to help Damian Frizza in this one)
- MPlayer 1.0rc2 buffer overflow vulnerability (Together with Damian Frizza too)
- GNU ED heap buffer overflow (It was hard, considering the small source code of ED )
- GNU Make heap buffer overflow (Actually, it was already reported, and the exploitability was minimal )
- Vinagre "vinagre_utils_show_error()" Format String Vulnerability
- Qemu and KVM VNC server remote DoS
- Amaya multiple Stack buffer overflows : Dan Crowley found the first bug, I just did the detailed analysis and found a couple of additional bugs (more like 50 overflows), most of them still exists. I recommend Amaya as a tutorial for vulnerability research, because is written very very badly.
- Multiple VNC Clients Multiple Integer Overflow Vulnerabilities I just did a small analysis for this bug, the credit must remain on Futo and Fernando, they did most of the work.
- And my "Attention whore" bugs :)
- OpenBSD's IPv6 mbufs remote kernel buffer overflow (Gerardo Richarte did much of the exploit design) (It made to slashdot!)
- Multiple vulnerabilities in Google's Android SDK (This was a hard one) (It made to slashdot too!)
- NASA CDF stack overflow: Simple bug, but very fun!
- NASA BigView stack overflow: I don't think that this one is "Highly critical" but anyway, it was a little hard to exploit.
BIOS Rootkit Attack (With Anibal Sacco) Yess! another hit on Slashdot. This is not even a vulnerability, but hey, we made the PoC, it really works, and was the result of two research weeks of pure fun.
NOTE: Even if I say it is "pure fun", it is of course not pure fun. There are a lot of hard work and non-fun activities, like reporting and exploit writing. Also the process of finding and reporting the bug is not fun for all parties involved, usually the developer of the vulnerable software have a terrible time. I feel your pain, developer.
- Deactivate the Rootkit (Also with my pal Anibal Sacco) You never know what you are going to find lurking in unexplored places in software, and this is a great example. While trying to insert our own rootkit in a notebook, we found one already there! well in fact, is not initially a rootkit but an Anti-Theft device, but many security vulnerabilities make it behave that way. Also on your Slashdot.
Personal and pictures:
BlackHat/Defcon 2007, great times!
Real Curriculum in LinkedIn
Some papers that I made in the past.
The infamous "coplitas" (A prank that I and a couple of friends made 10 years ago in high school)
Also, I have a small bike, pics here.
Links to friend's pages:
exploiting.wordpress.com - The adventures of Anibal Sacco
http://breakingcode.wordpress.com/ - Because is not broken enough
ret2libc.blogspot.com - The evil blog of Sebastian "Topo" Muñiz
La pilita de Gutes - Gutes' stack
Copyright 2006 (c) Alfredo Ortega, no rights reserved. ortegaalfredo#gmail.com