It's (scarily) available in the commercial sector[1][2] from space if you have the need to purchase their services.
Suffice to say, military and intelligence agencies are probably a few generations ahead of this and you won't find them commenting on strategic capabilities on HN.
Thanks! Technically, what do you think is the biggest obstacle to achieve military grade hopping? Is it just cost, or something you simply cannot buy from open market AND cannot make one if you have the knowledge?
Military frequency hopping / spread spectrum isn’t really about preventing being noticed, it’s more about making it harder to jam. If you don’t have physical safety from the people “more powerful” than you who want to stop you, then they will still locate you easily and stop you using physical force.
I've been toying with photogrammetry a little bit lately, specifically for scanning indoor rooms and spaces. So far I'm finding metashape the most suitable for it, but some of the precision isn't great (but I'm still improving my technique). I mostly want to convert the interior of one real building into a digital model for preservation and analysis. I've briefly considered LIDAR, but put it in the too hard/expensive bucket. This project seems to challenge that assumption.
What does the software post-processing look like for this? Can I get a point cloud that I can then merge with other data (like DSLR photographs for texturing)?
I see in their second image[1] some of the wall is not scanned as it was blocked by a hanging lamp, and possibly the LIDAR could not see over the top of the couch either. Can I merge two (or more) point clouds to see around objects and corners? Will software be able to self-align common walls/points to identify its in the same physical room, or will that require some jiggery-pokery? Is there a LIDAR equivalent of coded targets or ARTags[0]? Would this scale to multiple rooms?
Is this even worth considering, or will it be more hassle than its worth compared to well-done photogrammetry?
(Apologies for the peak-of-mount-stupid questions, I don't know what I don't know)
Shameless plug, but if you own an iPhone pro or iPad Pro (which have Lidar integrated), you should give Dot3D a try. It does everything you describe and we made it very easy to use.
Thank you for the reply. Unfortunately, I don't own an iPhone - maybe I can borrow one, though. Any limitations of the app or practical advice you might want to share?
Good news, everyone! There is a WiFi standard for it: 802.11ah[1]. Seems like you can even buy hardware for it[2] today. Its most likely not going to show up in your phone anytime soon, though.
Broadly speaking, the wasm stuff is only there as a method of getting the browser to execute shellcode, its a pretty standard lump of code for turning a memory bug into code execution in v8. What this shellcode does is open calculator when the browser's sandbox is disabled (`--no-sandbox`). In general in v8 exploitation, once you've reached a point where you can read and write arbitrary memory, you find that v8 will only create either RW or RX pages for you when the JIT compilation happens. WASM is a neat little trick for getting a handle to a RWX page.
At first glance to me, the core bug is actually in abusing an array enough to get an unsigned int into a function that expects them all to be signed, causing an off-by-one error and leveraging that into a memory leak (to get the pointer to a FixedArray for floats and a pointer to a FixedArray of objects) and then replacing one with another to create a type confusion and read/write arbitrary memory through that. r4j will probably correct me on the subtlety here though!
Source: extremely similar to HackTheBox RopeTwo, which I spent more time than I am prepared to admit solving.
Disclaimer: am noob at v8 exploitation, but have done enough of it to know some of the tricks.
> In general in v8 exploitation, once you've reached a point where you can read and write arbitrary memory, you find that v8 will only create either RW or RX pages for you when the JIT compilation happens. WASM is a neat little trick for getting a handle to a RWX page.
It's not a neat trick, but a grave problem of WASM model.
WASM memory (in)security will be a big problem until all of memory security tricks from native code will be migrated to WASM world, and then there will be not much use of WASM anymore.
You understand that having W^X protections on any JIT area is fairly useless without a strong CFI model in place right? Any attacker could easily execute a ROP/JOP chain to switch JIT protections to RX or even more simply allocate an RWX area where the shellcode can be copied and executed.
Yes, and this is the part of the problem of the general direction of JS ecosystem development.
JS promoters want so hard for JS to subplant other major languages, but not noticing themselves ignoring the decades long other path major languages took on robustness, and security.
To add some further context that isn't written here, the exploit developer here has been tinkering around with v8 for a while. Last year he published a vulnerable VM to HackTheBox (a CTF platform) called RopeTwo[1], where the initial entry point looked extremely similar to this. Its largely regarded as one of the most difficult challenges to solve to date.
Suffice to say, military and intelligence agencies are probably a few generations ahead of this and you won't find them commenting on strategic capabilities on HN.
1. https://www.he360.com/ 2. https://spire.com/space-reconnaissance