Robert Xiao
@nneonneo
Followers
3,984
Following
217
Media
42
Statuses
303
Assistant Professor at @UBC_CS ; CTF player with PPP @PlaidCTF ; electronics, hardware, software, HCI, security
Vancouver, British Columbia
Joined February 2009
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
FreeBuds6i x SKULLPANDA W CL
• 178432 Tweets
FAYEYOKO MACAU FANMEET
• 177004 Tweets
Miami
• 105745 Tweets
भगत सिंह
• 87080 Tweets
mingyu
• 77990 Tweets
Randle
• 76733 Tweets
PERFECT SCENE x NORAWIT
• 68552 Tweets
#B2SxNuNew
• 53845 Tweets
Donte
• 46850 Tweets
#B2SAllTimeFavoritewithNuNew
• 34090 Tweets
24th ANV B2S x CWR
• 30092 Tweets
ババコンガ
• 29967 Tweets
シリウスS
• 22045 Tweets
#AFLGF
• 20941 Tweets
PPV x Jabs TT Live
• 12496 Tweets
横須賀優勝
• 10342 Tweets
I did _not_ realize that Ghidra rendered embedded images. This seems like an excellent opportunity for mischief...
17
172
1K
Thanks to a challenge from
@angealbertini
, I made a "universal" build of DOOM that runs on everything from DOS 6 to Windows 95 & Windows 10 in a single, self-contained .exe (<1MB) using some file format trickery. Bring your own WADs!
11
171
650
When you finish a PhD in computer science, they take you to a special room and explain that you must never use recursion in real life. Its only purpose is to make programming hard for undergrads.
14
206
512
I discovered a bug in LocationSmart's API that allowed *anyone* to access *any phone's location* without any consent required. Works on major US carriers and even some Canadian ones. Utterly frightening stuff. Thanks
@briankrebs
for writing up the report.
Breaking, exclusive: Tracking Firm LocationSmart Leaked Location Data for Customers of All Major U.S. Mobile Carriers in Real Time Via Its Web Site
14
520
473
9
283
412
Oh, it supports EMBEDDED SOUND, because of course it does. Never gonna give you up, Ghidra.
4
58
271
Hello World! Aiyang and I are thrilled to announce our latest & greatest creation, Bernard Xiong Xiao! We can’t wait to see what exploits he gets up to in his future 😁
27
2
262
Just published my writeup for CPU Adventure at DSCTF, wherein me,
@zwad3
,
@thebluepichu
and
@jay_f0xtr0t
reverse engineered a program written for a completely unknown, custom CPU with no access to the CPU, emulator or any documentation:
5
84
250
For DEF CON 2018, we built a bit of assembly code that prints out shellcode in 8 different architectures: AMD64, Clemency, PDP-1, LGP-30, and several others. Check out how we did it:
1
81
170
Students in my security class joked they should just hack the server to change their grade to 100%, so I handed them my CSRF token for the gradebook and told them to have at it
5
7
148
Lest anyone think this is a joke, please feel free to open the surprise binary from
2
14
133
I've just posted my writeup for the five-part SSTIC 2021 challenge here:
This was an amazing and very deep challenge and I learned a ton from doing it. Props to the
@sstic
organizers for putting it on!
2
42
130
sound is actually extra cursed because there does not appear to be a way to *stop* the sound - clicking on it just starts playing another copy on top
2
1
125
We won DEF CON CTF for a third year in a row! I am awed by the skill and persistence of everyone on
@mmm_ctf_team
- as always, it was a blast hacking with y’all this weekend!
2
7
126
GG on GoogleCTF! Played with
@mmm_ctf_team
and got first :D
I got to try my hand at V8 pwn for the first time, solving WatTheWasm and getting the only solve on V8Box. I must admit it is pretty fun, and I look forward to more JS engine pwn in the future 😁
5
4
121
My PhD has been certified, so it’s official - I’m now Dr. Robert Xiao!
7
1
118
Proud to announce that my thesis, “On-World Computing”, won the SIGCHI Outstanding Dissertation Award. I will be going to Glasgow to present it!
5
2
104
I just finished the SSTIC 2021 CTF challenge. What an insane ride! I won’t spoil anything, but it’s a mix of reversing, binary exploitation and a bit of forensics that taught me a ton over the last couple of days. Definitely worth checking out if you want a tough challenge!
4
14
96
@ghidraninja
pointed this out years ago; I'm just independently finding out late: . If you don't like this feature, you can untick "Embedded Media" (defaults to true!) during auto-analysis.
#Ghidra
tip: Use the "Embedded Media" analyzer to find embedded JPEGs, PNGs etc. They'll appear in the "Bookmarks" window.
2
28
122
0
8
75
Life goal complete: get quote-tweeted by the director of cybersecurity at the NSA
2
0
75
Samsung CTF: 4th of ~50 (individual contest), got a little special prize out of it. Flare-On: second finisher. All-in-all not a terrible way to spend a weekend in Korea :)
1
4
68
I had an amazing two days in Beijing playing
@RealWorldCTF
with PPP. A lot of incredibly interesting and fun challenges - looking forward to next year! And, in other great news, I just found out I had a paper accepted to
#chi2020
, so I’ll be going to Hawaii :)
Congrats to
@PlaidCTF
for winning the
@RealWorldCTF
final. I think the number of
@nneonneo
’s championships is more than the number of CTFs I’ve played. See you guys in next year’s
#realworldctf
.
0
12
85
0
0
61
I’ll be coming to Vegas for DEF CON this year! The baby’s doing great & will have lots of family to take care of him 😊. I’ll also aim to make it out to Pittsburgh for UIST & say hi to all the folks at CMU. After that I probably won’t be travelling for a little while!
0
0
57
MMM {
@maplebaconctf
,
@PlaidCTF
,
@theori_io
} collaborated to win DEF CON CTF this year! Super proud of everyone - a fantastic team effort - and an amazing showing for UBC’s own CTF team! I also really enjoyed the LiveCTF event - hope we’ll see more like that in future CTFs. gg!
0
2
57
I’m happy to announce that our CHI 2020 paper, “Phasking on Paper: Accessing a Continuum of PHysically Assisted SKetchING”, was awarded an Honorable Mention award! Congrats to the team and particularly Soheil Kianzad, the lead PhD author. Hope to see you all in Hawaii!
4
0
54
Technical details of the bug are now published at .
4
36
47
Fascinating: in Québec, every restaurant receipt must be cryptographically signed & hashed with a visual hash made from Unicode symbols.
2
11
44
And here's the Git repo with scripts & build instructions:
2
10
40
@thepacketrat
Using YAFU 1.34.3 and GMP-ECM 7.0.4, I just factored two 256-bit RSA keys on my 2019 MBP (laptop) in a total of 28 seconds - completely smoking Crown Sterling's claim. And YAFU is from 2015 - almost 4 years old...
for the full YAFU log.
3
8
34
I’m excited to participate in this community pwnable race - come out and watch us hack binaries live!
Only a few days left until the 5th ep. of Pwny Racing where
@nneonneo
,
@MurmusCTF
,
@kidOfArcrania
and ottizy (from
@liuhackse
) face off against each other to be the first to solve a
#CTF
pwnable chall while me and my co-host
@0xb0bb
guide you through it:
2
9
38
0
5
30
@hugeh0ge
@giovanni_vigna
Your team name triggered a path traversal error in my downloader for corewars submissions…I think you should keep the name 😊
2
2
31
This was a good week! Xincheng Huang’s paper on AR video telepresence has been accepted to ISMAR 2023, Anika Sayara’s paper on gesture authoring is conditionally accepted to UIST 2023, and despawningbone and I published CVE-2023-37271, a high severity vuln in RestrictedPython!
1
0
30
Finished the SSTIC 2023 challenge and submitted four
@ACMUIST
papers this week - staying busy! Definitely recommend checking out the SSTIC challenge - a good mix of cryptography, binary exploitation and even signal processing this year. Give it a try!
1
2
29
This past weekend I was in Vegas playing DEFCON CTF, and just this morning I flew to lovely Vancouver to give a talk at SIGGRAPH 2018. It’s been a busy but fun 72 hours!
1
1
28
@angealbertini
That was a fun little challenge: . Runs on Win10 and DOSBox; might work on Win95/98 (untested).
2
0
26
Truly, a team effort from everyone here at
@PlaidCTF
!
The
#DEFCON27
#ctf
hosted by the fine humans of
@oooverflow
was won by the mighty, mighty
#plaidparliamentofpwning
!
3
31
136
0
0
24
Had a blast at
#UIST2023
!
@AnikaSayara12
gave a great presentation on her project, GestureCanvas, which was joint with Emily Chen,
@gnouc_
and
@dw__yoon
! Looking forward to seeing everyone again at next year’s conference :)
0
1
19
@Pwn2Win
Hello! We (Maple Bacon) have solved your challenge. Flag: CTF-BR{1209cb9375c90526914480802a54c830d7665fd2718d8805c6a71ad5}. XMR address: 82hBWE6qZ39VQSRbKCE4pWMdqAgT6qdN55hdY63KyG9A5E3Yixn1HDy1QSX5d9ftH6BLyYkaGgaEA7K31NAfiHSWVPGAXCt. Thanks for the fun challenge!
3
4
20
@Ratkoooh
@michinebeling
You might really enjoy MRTouch - we implemented touch input on arbitrary surfaces in Microsoft HoloLens:
4
1
20
In 2016, a good friend of mine told me that they didn’t need to vote b/c the polls said Hillary would win big. We were in PA - Trump won by less than 50k votes. If you want your desired outcome you’re going to have to get out there and vote!
0
0
18
Damn, I think I’m getting old. I’m finally at the age where my effectiveness drops off a cliff after 4-5am or so. Guess that means I can’t pull all-nighters any more :(
1
0
17
@cryptopathe
@1ns0mn1h4ck
and here it is! - enjoy! It was definitely a fun challenge to solve and write up 😃
1
26
17
Life hack: I cut off my FIOS because I'm leaving soon, so I'm tethering to my iPhone. To get unlimited tethering speeds, I built a very quick & dirty SOCKS proxy app which forwards all my connections so they appear to come from the phone. Works great! 🎉🎉
1
4
15
And if you're curious, the issue itself was reported through usual disclosure processes and has now been fixed. But, any future bug in these providers will cause a whole new wave of trouble.
1
1
16
I knew Saskatchewan winters were long and cold, but I never thought they’d start in mid-September!!
1
0
17
Code's online at if anyone is curious 😄
1
2
15
I am unreasonably happy to have my first patch accepted into Mozilla Firefox (), fixing a set of bugs with the "Copy as cURL" developer command.
0
0
16
@playdotjs
Wow, play.js is really cool. Full Node.js environment on iOS. Heck, it’s so complete that I got a functioning iOS torrent client in a few lines of code thanks to WebTorrent.
3
3
16
MapleCTF is on now! The team has put on a great set of challenges - check them out!
MapleCTF is live! Come join us for the next 48 hours to solve challenges across a variety of categories and compete for over $2,250 USD in prizes.
Thanks again to our sponsors: Zellic, Offensive Security, Vector35, Trail of Bits, HackerOne, and Google!
0
4
14
1
0
15
@cyanworlds
Decoded:
We all act because we're sure of what we want and we believe that the actions we perform will get us what we want.
but we never know anything for sure and so all our rationales are invented
to justify what we were going to do anyway before we thought of any reasons.
2
0
13
0CTF 3rm1 challenge - it was fun to use the bug I co-discovered in another CTF (CVE-2019-2602, with the amazing
@iamcorwin
). Great challenge!
0
0
13
If you're at
#CHI2024
, come to 313A at 11:00am to see Michael Yin (
@yinsecurity1
)'s latest work on how lies and hallucinations within game narratives affect player perception and experience!
1
0
12
IEEE VR paper (conditionally) accepted! Going to Germany in March!
0
0
11
@thepacketrat
For 512, they quite disingenuously say 5 hours using "standard computing"; I initially thought they meant also using a laptop (which would be an advance over SotA), but now it's pretty clear they meant renting cloud compute. Factoring 512-bit was demo'd in 2015 in 4 hours on EC2.
2
1
11
Went for a tandem skydive today at
@skydivetoontown
- what a rush! Great way to unwind after a crazy few months. 10/10 would fall from the sky again.
0
0
11
@unzap_
@angealbertini
In all likelihood this is a consequence of me using Chocolate Doom 2.2.1 rather than the latest version. I did this for Windows 95 compatibility. I could probably spin another build with a more recent Doom to fix it...
1
0
10
@dsredford
@gf_256
In a recent CTF a teammate remarked that they were avoiding an online tool that was obviously written by a competing CTF team...
1
0
10
And done! The last challenge is just pure fun. Loved the whole thing and really enjoyed the challenges this year. Thanks
@nickharbour
and everyone else on the FLARE team for putting it on!
0
0
10
Dear
@Google
: If my GMail is over quota, Inbox should tell me. If my GMail is over quota, you should not randomly receive some emails but not others. I just found out I've been over quota - by an entire GB - and may have been for the past year. If I missed your email - I'm sorry.
1
0
9
Hey WolframAlpha, what's the solution to the simple equation $0 = \sin(a-x) + 2\sin(b-2x)$? (WolframAlpha) Here you go (note the scrollbar)
Trigonometry is hard.
0
0
8
@netspooky
import bisect; result = [bisect.bisect_left(nums, target), bisect.bisect_right(nums, target) - 1]
plus some O(1) finagling for the -1, -1 case
I love bisect. Every time I’ve ever needed to write a binary search I just read the source code for the module 😄
0
0
8
2
0
7
Watching
@BiellaColeman
give the opening keynote on hackers at
#uist2017
. An interesting merger of my twin interests.
0
0
7
@lauriewired
With CUDA (~40s on a 3090): "The SHA256 hash of this message begins with 46eae34f1"
1
0
6