Alok Menghrajani

Previously: security engineer at Square, co-author of HackLang, put the 's' in https at Facebook. Maker of CTFs.

This blog does not use any tracking cookies and does not serve any ads. Enjoy your anonymity; I have no idea who you are, where you came from, and where you are headed to. Let's dream of an Internet from times past.

Contact me | Github | @alok@infosec.exchange | Feed | Coaching Services

2022

Final post

Hacker News' favorite XKCD comics

data science | hackernews | xkcd

Daily QRCode

social experiment

Types of circuit boards

electronic circuits

Alok's Sliding Puzzle

puzzle | game | javascript

Quine Maze Game

quine | maze

2021

Running a 40-plus-year-old piece of code in today's browser (part 3)

kaleidoscope | 8-bit | Intel 8080 | Cromemco Dazzler

Running a 40-plus-year-old piece of code in today's browser (part 2)

kaleidoscope | 8-bit | Intel 8080 | Cromemco Dazzler

Rust on nCipher 🦀🛡️

ncipher | hsm | rust | codesafe

Unicode(*) superscript 💩

unicode | borked

Square CTF: How to run a capture the flag

capture the flag | ctf | event planning

2020

Pure Digital CSS, Swiss Made, Clock. No JavaScript, No HTML.

css | browser hack | clock

<blink> howto

blink

Running a 40-plus-year-old piece of code in today's browser (part 1)

kaleidoscope | 8-bit | Intel 8080 | Cromemco Dazzler

VII-segment display

seven-segment | roman numerals

BIP39 input validation demo

web | contentEditable

Truncating hashes

browser | search

Sqchess Set

3d printing | Blender | chess

IBM Ponder This · April 2020 Solution

ponder this

Deterministic ECDSA Cross Validation

ecc | ecdsa | secp256k1 | bitcoin | validation

Generative Plotter Art

generative art | axidraw | xy plotter

2019

Winter Spring Summer Fall

floppy | file system | golfing

Sigbovik

conference | joke research

Security Formula

mathematica

Random Things on the Internet

links | blogs | potpourri

PagedOut! Issue #2

ezine | pagedout! | qrcode | font

Square CTF 2019

Square | CTF | Hacking competition

Chess puzzle in four acts

chess | puzzle | esoteric

International marquee day

marquee

2018

Advent of code 2018

adventofcode | 2018 | fpga | verilog | icestick

Square CTF 2018

Square | CTF | Hacking competition

Open Sourcing Subzero: Square's Bitcoin Cold Storage Solution

Bitcoin | cold storage | hardware security module

Kudos from Jack

fun

Bootable CD + retro game in a tweet

bootloader | iso | el torito | tron | code golf

Bitcoin Transaction Malleability in 2018

bitcoin | security | crypto | blockchain | malleability

2017

Advent of code 2017

adventofcode | 2017 | solution | rust | rust-lang

Square CTF 2017

Square | CTF | Hacking competition

3D printed chess set

3d printing | bezier curves | experimental user interface

Thoughts on web security & privacy

web security | privacy | random thoughts

2016

Advent of code 2016

adventofcode | 2016 | solution | rust | rust-lang

Building multi-master distributed systems using feeds

distributed systems | data replication | multi-master | tla+

Year of Plenty

charitable | fund

My $3/month backup setup

backup | life tips

Exploring 3 insecure usage of RSA

crypto | rsa | chinese remainder theorem

The hardware CTF

hardware | ctf

Programming an at89s4051 with an Arduino

arduino | at89s4051 | bitbang

On the design of Hack

Hack | PHP | Facebook

AFOL (adult fan of Lego)

lego | super cars

Voting experience for a Swiss expat

voting | Switzerland

2015

Crypto white elephant gift exchange puzzle

crypto | algorithm

Advent of code 2015

adventofcode | 2015 | solution | rust | rust-lang

Three cylinders: random geometry geekery

math | 3d objects

Interested in working at Square?

A simple yet robust approach to sanitizing user supplied HTML and CSS

html | css | parser | xss

µ mod player from scratch

demo scene | mod file format | music | javascript

A few (easy | fun) math puzzles

math | puzzle

Hub-ctrl

usb | hub | Yubikey | control

Reporting "authenticity_token is not random across page loads" to a bunch of companies

bug bounty | csrf

A chess engine to improve my Golang-fu

golang | chess | ai

My experience serving in the Swiss army

switzerland | army

git rebase + conflicts with deleted files

git

Bootloader + retro game in a tweet

bootloader | operating systems | nibbles | code golf

A simple, auditable and anonymous voting scheme

voting | algorithm

Hackerone for open source projects

hackerone | bug bounty | open source

Open sourcing Keywhiz: Protecting infrastructure secrets

keywhiz | open source

PGP 'quine': a key where the user == the key's fingerprint

quine | pgp | gpg | crypto

WebRTC leaks internal IP addresses

websec

Message Board over PGP Key Servers

Detecting incognito mode in Chrome

websec

2014

A less error prone HMAC-based hash construction
or how to avoid shooting yourself in the foot with HMAC

crypto | security | engineering

Forth Haiku
mixing math, art and Forth

math | computer graphics | Forth | esoteric programming language

I am working at Square

ajsone
Abusing JSON Esolang

esolang | compiler

Dodecahedron Folding

math | computer graphics | webgl

Rough thoughts on Login Systems

web login | security | engineering

(minor) WTF Openssl

crypto | openssl | wtf

2048-undo: a modification to 2048 which lets you undo as many moves as you wish

Prolog program to solve "inverting three signals" puzzle

prolog | puzzle

2013

CSRF & state mutation on read requests

csrf | security | engineering

Universal logic gates

Various wood (and non-wood) projects using lathes, laser cutters & 3d printers

wood | 3d printing | laser cutter | lathe | stuff I make

JSONP & handcrafted Flash files

jsonp | xss | flash

qrquine: a QR code based quine

qrcode | quine | javascript | size optimization | code golf

Combining React and Firebase: sample TicTacToe game & chat widget

reactjs | firebase | realtime database

Secure browsing by default (https @ Facebook, part 2)

Piet: a language where programs are works of modern art

esolang | compiler

WTF Python

python | wtf

Ten Technology Ideas

technology | random thoughts

Obfuscated coding contest

C | coding | contest

Some dark corners of C (Rob Kendrick)

Do you know your bitwise operators?

puzzle | bitwise | operators

GIF encoder from scratch

Arduino: showing information from a GPS on a LCD

arduino | gps

Sum of first n natural numbers

math

A perpetual calendar in JavaScript

calendar | javascript

a linter and visualizer for regular expressions

Mapping an IP address to an ASN

internet core routers | bgp | asn

Random list of extinct web or software technology

nostalgia

JavaScript model of Ackermann steering

javascript | steering | physics

Regular expression to match multiples of 3

regexp

WTF jQuery

FAT12 file system "driver" in javascript

WTF Adobe! Adobe Flash: a quirk in TextFields

2012 and older

fun with HP-15C

Getting your first commit in an open source project

219 bytes tron: javascript size optimization fun

Facebook Rubik Cube in javascript

Taint support for PHP

web security | php

PHP turtles: a list of things you might not know about PHP

php | wtf

An unsophisticated ray tracer in PHP

computer graphics | php

A Continued Commitment to Security (https @ Facebook, part 1)

LinearML: write safe, fast, parallel program without any garbage collector

(legally) Hacking my manager's Facebook account

Tab nabbing attack

web security | phishing

Types in web applications

type system | web application security | random thoughts

Pastebin: easy way to share text

tools | productivity hack

Synergy: a software keyboard & mouse switch

productivity

Slax 6.0 released

linux | slax

Managing passwords with Keepass

infosec | tools

Tiger team TV show

physical security

Covert communications: subverting Windows applications (pdf)

Patent granted

ibm | provisioning | patent

Ray casting

ray casting | computer graphics | ruby

étude sur l'utilisation des moyens informatiques à l'UNIL (in french)

UNIL | moyens informatiques | Université de Lausanne

A VGA controller in VHDL

vga | vhdl

Bioinspired Adaptive Machines

machine learning

Mars rover in OpenGL.

mars rover | opengl | linux | solaris | windows

Maze mapper

robotics | RokEPXA | Cyclope | maze

Transparent PLD use from Java

PLD | Java | hardware synthesis

Teaching assistant experience

random thoughts

License Plate Recognition

machine learning | artificial intelligence | car license plate | localization | recognition

Operating System Design & Implementation

operating system | simics | oskit

Compiler design & implementation

compiler

Malloc

malloc | dynamic memory allocator

Mobile payments

mobile | payments

Writing Your Own Unix Shell

unix | shell | signal | process

Mips microprocessor

mips | cpu architecture | cpu design

Building Virtual Worlds

cmu | carnegie mellon university | vr | virtual reality

Scrabble

ada | scrabble | coding competition

Hugi: taquin

hugi | coding competition | size optimization | taquin | fifteen puzzle

Binary Adder (transistor-less)

binary adder | computing | relay

Ci-mots

word game