# VGA controller simulation with verilator

In my two previous posts I implemented a simple VGA controller and one with the text mode but now I want to explore
the possibility to simulate it using `verilator`

.

# Reversing the USB update process of a device

I'm again at it: I have a device that I want to know how it works and I started to reverse it, this time without any particular reason if not curiosity.

What I couldn't know was that I was entering a rabbit hole of biblic proportion and this post is only the tip of the iceberg.

In this post I want to describe without any particular order, how to reverse a C++ application and the USB protocol that it uses to update the firmware on the device. I don't think this will be useful to anyone, let me know in case it has changed your life :)

# QED formulary

\(\def\Tr{\hbox{Tr}}\) \(\def\slashme#1{\rlap{\backslash}{#1}}\) \(\def\pslash{\rlap{\backslash}{p}}\) \(\def\partialslash{\rlap{\backslash}{\partial}}\)

This post is personal: I found some notes taken more than 10 years ago and I'm worried to lost them, so I write it down here in order to preserve the memory; maybe one day I'll write a post about the physics behind this stuff.

$$ \Gamma(\epsilon) = {1\over\epsilon} - \gamma + O(\epsilon) $$

$$ a^\epsilon = 1 + \epsilon\ln a + o(\epsilon) $$

$$ \int d^4k\,\theta(k_0)\delta(k^2 + m^2) \sim \int{d^3k\over2 k_0} $$

### Tensorial integrals

For some informations see this slides.

### Gamma matrices

Suppose \(D\) is the dimensionality of the space-time

### Spinors

### Lagrangian

$$ L = -{1\over4} F_{\mu\nu}F_{\mu\nu} - {1\over2}\left(\partial_\mu A_\mu\right)^2 - \bar\psi\left(\partialslash + m \right)\psi + ie A_\mu\bar\psi\gamma^\mu\psi $$

### 1loop photon

$$ \eqalign{ \Pi_{\mu\nu} &= e^2\int d^nq{1\over \left(q^2 + m^2\right)\left(\left(q+p\right)^2 + m^2\right)}\Tr\left\{\gamma^\mu\left(-i\slashme{q} + m\right)\gamma^\nu\left(-i\left(\slashme{p} + \slashme{q}\right) + m\right)\right\} \cr &= -i8\pi^2e^2 \int^1_0dx\,J_0\left(p^2\delta_{\mu\nu} - p_\mu p_\nu\right) x(1 - x)\cr &\sim -i8\pi^2e^2 \int_0^1 dx\,\left(\Delta - \ln \mu^2\right) x\left(1 - x\right)\left(p^2 \delta_\mu\nu - p_\mu p_\nu\right) \cr } $$

### QED renormalization

From an analysis using the propagators of photons and fermions and the vertex we can tell that the global degree of divergence of a diagram is given by

$$ D(G) = 4 - {3\over2}E_e - E_\gamma\quad\left\{\eqalign{ &D(G) < 0\quad\hbox{converges} \cr &D(G) \ge0\quad\hbox{diverges} \cr }\right. $$

#### Weinberg theorem

Given a \(G\) such that \(D(G) < 0\) and for all its subdiagrams then \(G\) converges.

# CVE-2020-8423: exploiting the TP-LINK TL-WR841N V10 router

In this post I'll explore the vulnerability that I found in the TL-WR841N router, a MIPS device by TP-Link, during a code auditing and how I wrote an exploit for it. To this vulnerability has been assigned the CVE-2020-8423.

# CVE-2020-9544: DLink DSL-2640B un-authenticated firmware upgrade

This is a post about CVE-2020-9544 that involves the router DSL-2640B by D-Link. I did a simple security assessment on a my old specimen because I changed ISP and this allowed me to change router.