Conversation
Notices
-
nyanide :nyancat_rainbow::nyancat_body::nyancat_face: (nyanide@lab.nyanide.com)'s status on Monday, 10-Mar-2025 06:48:17 JST 
nyanide :nyancat_rainbow::nyancat_body::nyancat_face:
Made a copy of the suspicious file and erased all of the repeating bytes in vim. The copy still works. What in the name of fuck is going on here? -
iced quinnsmas :blobcatsanta: (icedquinn@blob.cat)'s status on Monday, 10-Mar-2025 06:51:15 JST 
iced quinnsmas :blobcatsanta:
@nyanide who knows without knowing what it is? if it's malware it could just be stuffing to make it look like a less suspicious file size -
nyanide :nyancat_rainbow::nyancat_body::nyancat_face: (nyanide@lab.nyanide.com)'s status on Monday, 10-Mar-2025 06:54:36 JST
nyanide :nyancat_rainbow::nyancat_body::nyancat_face:
@icedquinn it's like, 38k. cutting all of the extra bytes off just makes it 37k, less suspicious file size doesn't make a lot of sense here.
spidey senses kicked in because some random dude claimed that the website i got the png from had suspicious origins, they also claimed that the website could steal authentication tokens for a particular gaming platform by using javascript though. yeah fucking right, i love when random people just have access to bugs worth thousands of dollars in the cybercriminal and security worlds -
tsoifan1997 (sysrq@lab.nyanide.com)'s status on Monday, 10-Mar-2025 06:54:47 JST 
tsoifan1997
@nyanide
The Mossad have 𝓽𝓸𝓾𝓬𝓱𝓮𝓭 your PNG's 👅 -
nyanide :nyancat_rainbow::nyancat_body::nyancat_face: (nyanide@lab.nyanide.com)'s status on Monday, 10-Mar-2025 06:56:10 JST
nyanide :nyancat_rainbow::nyancat_body::nyancat_face:
@icedquinn so what i figured is instead maybe if they were trying to get code running on your computer, they'd take advantage of the client for the vidya as image gets loaded in at points and is obviously poked at. feels like a more reasonable approach considering the game client is being held together by sticks and stones -
tsoifan1997 (sysrq@lab.nyanide.com)'s status on Monday, 10-Mar-2025 06:57:18 JST
tsoifan1997
@lina @nyanide
Kirby should 𝙘𝙝𝙚𝙘𝙠 his 𝖇𝖔𝖔𝖙𝖑𝖔𝖆𝖉𝖊𝖗 👅👻 -
Lina Inver:z:e :mur_close: :nuts: (lina@eientei.org)'s status on Monday, 10-Mar-2025 06:57:20 JST 
Lina Inver:z:e :mur_close: :nuts:
@sysrq @nyanide they 𝓽𝓸𝓾𝓬𝓱𝓮𝓭 more than his png's nyanide :nyancat_rainbow::nyancat_body::nyancat_face: repeated this. -
Maija (maija@netzsphaere.xyz)'s status on Monday, 10-Mar-2025 06:59:18 JST 
Maija
@nyanide pngs mark the file end with an IEND chunk and ignore all data after it, sometime this is uses for optimization purposes. a recent android vulnerability had them accidentally not deleting the leftover data when cropping images and it could be recovered.
the data could be in there for any reason but considering its just repeating its probably some weird junk data -
nyanide :nyancat_rainbow::nyancat_body::nyancat_face: (nyanide@lab.nyanide.com)'s status on Monday, 10-Mar-2025 06:59:33 JST
nyanide :nyancat_rainbow::nyancat_body::nyancat_face:
@maija this is before IEND btw -
Maija (maija@netzsphaere.xyz)'s status on Monday, 10-Mar-2025 07:02:52 JST
Maija
@nyanide weird. you can still store arbitrary data there though
the chunks have to declare their type and then length of data -
nyanide :nyancat_rainbow::nyancat_body::nyancat_face: (nyanide@lab.nyanide.com)'s status on Monday, 10-Mar-2025 07:05:47 JST
nyanide :nyancat_rainbow::nyancat_body::nyancat_face:
@maija im sort of considering this is taking advantage of a stack smash somehow but i dont think the developers of vidya are that stupid -
nyanide :nyancat_rainbow::nyancat_body::nyancat_face: (nyanide@lab.nyanide.com)'s status on Monday, 10-Mar-2025 07:06:23 JST
nyanide :nyancat_rainbow::nyancat_body::nyancat_face:
@maija mostly satisfied with "random junk data" tbh -
nyanide :nyancat_rainbow::nyancat_body::nyancat_face: (nyanide@lab.nyanide.com)'s status on Monday, 10-Mar-2025 07:14:41 JST
nyanide :nyancat_rainbow::nyancat_body::nyancat_face:
@maija yeah no it's junk data managed to acquire another png from there fuck dude i just wasted so much time lmfao
-
All 076萌SNS content and data are available under the 