Alok Menghrajani

Previously: security engineer at Square, co-author of HackLang, put the 's' in https at Facebook. Maker of CTFs.

This blog does not use any tracking cookies and does not serve any ads. Enjoy your anonymity; I have no idea who you are, where you came from, and where you are headed to. Let's dream of an Internet from times past.

Contact me | Github | Twitter | Facebook | RSS feed | Coaching Services

2022

Final post

Alok's Sliding Puzzle

puzzle | game | javascript

Quine Maze Game

quine | maze

2021

Running a 40-plus-year-old piece of code in today's browser (part 3)

kaleidoscope | 8-bit | Intel 8080 | Cromemco Dazzler

Running a 40-plus-year-old piece of code in today's browser (part 2)

kaleidoscope | 8-bit | Intel 8080 | Cromemco Dazzler

Rust on nCipher 🦀🛡️

ncipher | hsm | rust | codesafe

Unicode(*) superscript 💩

unicode | borked

Square CTF: How to run a capture the flag

capture the flag | ctf | event planning

2020

Pure Digital CSS, Swiss Made, Clock. No JavaScript, No HTML.

css | browser hack | clock

<blink> howto

blink

Running a 40-plus-year-old piece of code in today's browser (part 1)

kaleidoscope | 8-bit | Intel 8080 | Cromemco Dazzler

VII-segment display

seven-segment | roman numerals

BIP39 input validation demo

web | contentEditable

Truncating hashes

browser | search

Sqchess Set

3d printing | Blender | chess

IBM Ponder This · April 2020 Solution

ponder this

Deterministic ECDSA Cross Validation

ecc | ecdsa | secp256k1 | bitcoin | validation

Generative Plotter Art

generative art | axidraw | xy plotter

2019

Winter Spring Summer Fall

floppy | file system | golfing

Sigbovik

conference | joke research

Security Formula

mathematica

Random Things on the Internet

links | blogs | potpourri

PagedOut! Issue #2

ezine | pagedout! | qrcode | font

Square CTF 2019

Square | CTF | Hacking competition

Chess puzzle in four acts

chess | puzzle | esoteric

International marquee day

marquee

2018

Advent of code 2018

adventofcode | 2018 | fpga | verilog | icestick

Square CTF 2018

Square | CTF | Hacking competition

Open Sourcing Subzero: Square's Bitcoin Cold Storage Solution

Bitcoin | cold storage | hardware security module

Kudos from Jack

fun

Bootable CD + retro game in a tweet

bootloader | iso | el torito | tron | code golf

Bitcoin Transaction Malleability in 2018

bitcoin | security | crypto | blockchain | malleability

2017

Advent of code 2017

adventofcode | 2017 | solution | rust | rust-lang

Square CTF 2017

Square | CTF | Hacking competition

3D printed chess set

3d printing | bezier curves | experimental user interface

Thoughts on web security & privacy

web security | privacy | random thoughts

2016

Advent of code 2016

adventofcode | 2016 | solution | rust | rust-lang

Building multi-master distributed systems using feeds

distributed systems | data replication | multi-master | tla+

Year of Plenty

charitable | fund

My $3/month backup setup

backup | life tips

Exploring 3 insecure usage of RSA

crypto | rsa | chinese remainder theorem

The hardware CTF

hardware | ctf

Programming an at89s4051 with an Arduino

arduino | at89s4051 | bitbang

On the design of Hack

Hack | PHP | Facebook

AFOL (adult fan of Lego)

lego | super cars

Voting experience for a Swiss expat

voting | Switzerland

2015

Crypto white elephant gift exchange puzzle

crypto | algorithm

Advent of code 2015

adventofcode | 2015 | solution | rust | rust-lang

Three cylinders: random geometry geekery

math | 3d objects

Interested in working at Square?

A simple yet robust approach to sanitizing user supplied HTML and CSS

html | css | parser | xss

µ mod player from scratch

demo scene | mod file format | music | javascript

A few (easy | fun) math puzzles

math | puzzle

Hub-ctrl

usb | hub | Yubikey | control

Reporting "authenticity_token is not random across page loads" to a bunch of companies

bug bounty | csrf

A chess engine to improve my Golang-fu

golang | chess | ai

My experience serving in the Swiss army

switzerland | army

git rebase + conflicts with deleted files

git

Bootloader + retro game in a tweet

bootloader | operating systems | nibbles | code golf

A simple, auditable and anonymous voting scheme

voting | algorithm

Hackerone for open source projects

hackerone | bug bounty | open source

Open sourcing Keywhiz: Protecting infrastructure secrets

keywhiz | open source

PGP 'quine': a key where the user == the key's fingerprint

quine | pgp | gpg | crypto

WebRTC leaks internal IP addresses

websec

Message Board over PGP Key Servers

Detecting incognito mode in Chrome

websec

2014

A less error prone HMAC-based hash construction
or how to avoid shooting yourself in the foot with HMAC

crypto | security | engineering

Forth Haiku
mixing math, art and Forth

math | computer graphics | Forth | esoteric programming language

I am working at Square

ajsone
Abusing JSON Esolang

esolang | compiler

Dodecahedron Folding

math | computer graphics | webgl

Rough thoughts on Login Systems

web login | security | engineering

(minor) WTF Openssl

crypto | openssl | wtf

2048-undo: a modification to 2048 which lets you undo as many moves as you wish

Prolog program to solve "inverting three signals" puzzle

prolog | puzzle

2013

CSRF & state mutation on read requests

csrf | security | engineering

Universal logic gates

Various wood (and non-wood) projects using lathes, laser cutters & 3d printers

wood | 3d printing | laser cutter | lathe | stuff I make

JSONP & handcrafted Flash files

jsonp | xss | flash

qrquine: a QR code based quine

qrcode | quine | javascript | size optimization | code golf

Combining React and Firebase: sample TicTacToe game & chat widget

Secure browsing by default (https @ Facebook, part 2)

Piet: a language where programs are works of modern art

esolang | compiler

WTF Python

python | wtf

Ten Technology Ideas

technology | random thoughts

Obfuscated coding contest

C | coding | contest

Some dark corners of C (Rob Kendrick)

Do you know your bitwise operators?

puzzle | bitwise | operators

GIF encoder from scratch

Arduino: showing information from a GPS on a LCD

arduino | gps

Sum of first n natural numbers

A perpetual calendar in JavaScript

a linter and visualizer for regular expressions

Mapping an IP address to an ASN

Random list of extinct web or software technology

Javscript model of Ackermann steering

Regular expression to match multiples of 3

WTF jQuery

FAT12 file system "driver" in javascript

WTF Adobe! Adobe Flash: a quirk in TextFields

2012 and older

fun with HP-15C

Getting your first commit in an open source project

219 bytes tron: javascript size optimization fun

Facebook Rubik Cube in javascript

Taint support for PHP

PHP turtles: a list of things you might not know about PHP

A simple ray tracer in PHP

A Continued Commitment to Security (https @ Facebook, part 1)

LinearML: write safe, fast, parallel program without any garbage collector

(legally) Hacking my manager's Facebook account

Tab nabbing attack

Types in web applications

type system | web application security | random thoughts

Pastebin: easy way to share text

Synergy: a software keyboard & mouse switch

Slax 6.0 released

Managing passwords with Keepass

Tiger team TV show

physical security

Covert communications: subverting Windows applications (pdf)

Patent granted

ibm | provisioning | patent

Ray casting

ray casting | computer graphics | ruby

étude sur l'utilisation des moyens informatiques à l'UNIL (in french)

UNIL | moyens informatiques | Université de Lausanne

A VGA controller in VHDL

Adaptive Machines

Mars rover in OpenGL.

mars rover | opengl | linux | solaris | windows

Maze mapper

robotics | RokEPXA | Cyclope | maze

Transparent PLD use from Java

PLD | Java | hardware synthesis

Teaching assistant experience

random thoughts

License Plate Recognition

machine learning | artificial intelligence | car license plate | localization | recognition

Operating System Design & Implementation

operating system | simics | oskit

Compiler design & implementation

compiler

Malloc

malloc | dynamic memory allocator

Mobile payments

mobile | payments

Writing Your Own Unix Shell

unix | shell | signal | process

Mips microprocessor

mips | cpu architecture | cpu design

Building Virtual Worlds

Scrabble

ada | scrabble | coding competition

Hugi: taquin

hugi | coding competition | size optimization | taquin | fifteen puzzle

Binary Adder (transistor-less)

binary adder | computing | relay

Ci-mots

word game