pwn::musings & syndications

Hacking 10$ Nexus Phone Into a Hacking Machine

Fri, 17 Apr 2026 00:00:00 GMT

I saw Nexus 6P on Facebook Marketplace for $10. Owner forgot the PIN, just wanted it gone.

I already know Kali NetHunter support this phone officially. So I bought immediately without a second thought.

Literaly drove 25 miles after college to pick it up. First I spent a couple hours researching how to get in without the PIN. Wanted to do it properly and then i found CVE-2016-8467. Tried it. It worked. Here's the full story on how come.

The Phone

Nexus 6P : Inside name angler. Made by Huawei, Google flagship from 2015.

$ fastboot getvar version-bootloader
version-bootloader: 03.61

Bootloader 03.61. This one is weak. Safe version is 03.64 and above. When I see this number I actually pump my fist lol.

CVE-2016-8467

It's a High risk cve and was already fixed in January 2017, but the phone wasn't even updated since then. A big plus point for me ;P So, to summarize this,

| CVE | CVE-2016-8467 | |---------------|-------------------------------------| | Type | Boot mode bypass | | Risk | High | | Affected | Nexus 6P bootloader < 03.64 | | Need | Physical access only, no PIN |

So basically: this phone has hidden boot modes that Huawei put inside for factory testing. One of them called bp-tools. When you turn it on, phone open ADB connection even if you already disable developer mode, because the system enable it from boot level, not from the settings toggle.

The bug is Huawei forget to block this option when phone is locked. Anyone can just select it. No password, nothing.

Why PIN not important here

  PIN / Lock Screen  →  protect Android only
  CVE-2016-8467      →  go in before Android even start

  We didn't pick the lock. We went through the basement.

The Exploit

Need: phone, USB cable, laptop with fastboot. That's all.

Hold Volume Down + Power to enter fastboot mode. On weak phone you see this menu:

  START
  RESTART BOOTLOADER
  RECOVERY MODE
  POWER OFF
  BP-TOOLS          ← this one
  FACTORY

Press volume to go down to BP-Tools. Press Power.

That's it. One button. No command, no tool, no password. I'm serious.

Phone save this setting inside, so every reboot also still have it. Lock screen look totally normal. Owner don't know anything.

$ fastboot devices
84B5T15B08000140    fastboot

Full access on a locked phone. Can flash anything.

Unlock and Flash

$ fastboot oem unlock
(bootloader) Bootloader unlocked.
OKAY

Then flash TWRP recovery:

$ fastboot boot twrp-3.7.0-angler.img   # test before flash
$ fastboot flash recovery twrp-3.7.0-angler.img

Here I made mistake ,i flashed custom ROM but forget to wipe cache. Phone go bootloop straight away. Had to reflash stock and start again. So painful.

Always wipe Dalvik and cache before flash new ROM.

Wipe → Advanced Wipe: ☑ Dalvik  ☑ System  ☑ Cache  ☑ Data

$ adb shell
angler:/ $ chroot /data/local/nhsystem/kali-arm64 /bin/bash
┌──(root㉿kali)-[/]
└─# whoami
root

Full Kali Linux. On a phone. For $10. Cannot believe.

What It Can Do

WiFi monitor mode work on built-in WiFi, can run full aircrack-ng, no need extra hardware. Can also do USB attack where target computer think phone is a keyboard, i always wanted to try this and it did work, i might write an another blog for the same if i get a chance from these college assignments..

I guess that's it for this. See ya :/

Aditional resources

CVE-2016-8467 original research — alephsecurity.com/2017/01/05/attacking-android-custom-bootmodes
Bypassing Nexus 6 Secure Boot.. - Bypassing Nexus 6 Secure Boot through....
IBM X-Force full paper — docdroid.net/dxKUj5c/attacking-nexus-6-6p-custom-bootmodes.pdf
January 2017 Android Security Bulletin — source.android.com/security/bulletin/2017-01-01
NetHunter downloads — kali.org/get-kali/#kali-mobile
TWRP for angler — twrp.me/huawei/huaweinexus6p.html

hackathon: won best elevenlabs at morganhacks

Wed, 15 Apr 2026 00:00:00 GMT

Hacked for 2 days straight at MorganHacks and walked away with the Best ElevenLabs title. Our project was inventoryAi, really proud of what the team pulled off. Tired but happy.

nvim: per project configuration

Thu, 02 Apr 2026 00:00:00 GMT

I recently flipped the switch and upgraded to Neovim 0.12, and it’s a meaningful shift in how configuration and package management can be handled.

The standout change for me is the built-in package manager.

Leaving `lazy.nvim` Behind

Previously, I relied on lazy.nvim with a .lazy.lua setup. That approach worked well, but with the direction Neovim is heading, and things are getting inside neovim itself. Why to bother with external plugins.

So I migrated away from lazy.nvim to use the native package management approach.

Here’s what my .nvim.lua looks like now:

vim.pack.add({
  { src = "https://github.com/neovim/nvim-lspconfig", name = "lspconfig" }
})

vim.lsp.enable({
  "ts_ls", -- typescript
  "astro", -- astro
  "tailwindcss", -- tailwindcss
  "tinymist", -- typst
  "harper_ls", -- markdown
  "ty", -- python
})

return {}

What This Does

Installs nvim-lspconfig using the built-in package manager
Enables a set of LSP servers with default config from upstream lspconfig plugin.

That’s it.

on eipi.boo

Tue, 24 Mar 2026 00:00:00 GMT

made this because it deserved a place on the internet

$e^{i\pi} + 1 = 0$

https://eipi.boo

SSH Home Server Anywhere

Thu, 05 Mar 2026 00:00:00 GMT

I recently got a ThinkPad and decided to turn it into a small home server. I plan to use it for heavier tasks like running Hack The Box machines, practicing for Red Hat, and other lab work. Since it stays at home, I wanted a simple way to SSH into it from anywhere.

The usual way is to port-forward port 22, but that exposes your server directly to the internet. I didn’t want that.

Instead, I used Cloudflare Tunnel.

With a tunnel, my server creates a secure outbound connection to Cloudflare’s network, and I reach it through my domain. No open ports, no public IP, and it works even behind NAT.

Create the tunnel

After installing cloudflared, I logged in and created a tunnel:

cloudflared tunnel login
cloudflared tunnel create pwnlab

Cloudflare generates a credential file inside ~/.cloudflared/.

Configure the tunnel

Then I created a small config file:

~/.cloudflared/config.yml

tunnel: pwnlab
credentials-file: /home/pwn/.cloudflared/<tunnel-id>.json

ingress:
  - hostname: ssh.pwnwriter.me
    service: ssh://localhost:22
  - service: http_status:404

This tells the tunnel to send traffic from ssh.pwnwriter.me to my local SSH server.

Add the DNS route

Next I mapped the subdomain to the tunnel:

cloudflared tunnel route dns pwnlab ssh.pwnwriter.me

Cloudflare automatically creates the DNS record.

Run the tunnel

cloudflared tunnel run pwnlab

Now my server stays connected to Cloudflare through a secure tunnel.

SSH from anywhere

From any machine I can now simply run:

ssh pwn@ssh.pwnwriter.me

That’s it.

No router configuration. No exposed ports. Just a clean and secure.

Oneshot canceled haylxon

Thu, 26 Feb 2026 00:00:00 GMT

A small bug in haylxoncaused screenshots to fail with this warning:

warning: oneshot canceled

But the tool still said:

info: Screenshots Taken and saved in directory hxnshots

No screenshot was actually saved.

What Was Happening

haylxon uses chromiumoxide to talk to Chrome. In the background, there’s a handler loop that keeps reading messages from Chrome and sending responses back through oneshot channels.

This was the code:

task::spawn(async move {
    while let Some(h) = handler.next().await {
        if h.is_err() {
            break;
        }
    }
});

It looks fine. If something errors, stop.

But Chrome sends non-fatal errors all the time — like console warnings from websites. When that happened:

handler.next() returned Some(Err(...))
The loop hit break
The handler stopped running
All pending oneshot senders were dropped
The receiver saw that and returned: "oneshot canceled"

So the screenshot call was waiting for a response… but the handler had already exited.

The connection wasn’t broken. We just stopped listening too early.

The Fix

I changed it to:

task::spawn(async move {
    while handler.next().await.is_some() {}
});

Now it keeps running until Chrome actually disconnects. It ignores non-fatal errors instead of shutting everything down.

That’s it.

One break statement was killing the whole message loop. Removing it fixed the issue completely.

Issue: #140

font: migrate jetbrains → lilex

Tue, 24 Feb 2026 00:00:00 GMT

Today I finally switched to Lilex Nerd Font Mono.

Feels weird… but also kinda refreshing. Didn’t realize how attached I was to a font until I changed it.

nix: local postgresql with nix flake

Sun, 15 Feb 2026 00:00:00 GMT

Was working on a project that needed postgres. Didn't want to install it globally or spin up docker for something this simple. So I wrote a flake that gives me a local postgres instance — data stays in .pg/, auto-starts when I enter the shell, stops when I leave.

No system pollution, no port conflicts with other projects. Just nix develop and I'm ready to go.

{
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
  };

  outputs =
    { nixpkgs, ... }:
    let
      systems = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ];
      forAllSystems = fn: nixpkgs.lib.genAttrs systems (system: fn (import nixpkgs { inherit system; }));
    in
    {
      devShells = forAllSystems (pkgs: {
        default = pkgs.mkShell {
          packages = with pkgs; [
            postgresql
            pgcli          # nicer postgres cli with autocomplete
            sqlx-cli       # if you're doing rust + sqlx
          ];

          shellHook = ''
            export PGDATA="$PWD/.pg/data"
            export PGHOST="$PWD/.pg"
            export PGPORT=5432
            export PGDATABASE="devdb"
            export DATABASE_URL="postgresql:///devdb?host=$PGHOST"

            if [ ! -d "$PGDATA" ]; then
              echo "Initializing postgres..."
              initdb -D "$PGDATA" --auth=trust --no-locale --encoding=UTF8
              echo "unix_socket_directories = '$PGHOST'" >> "$PGDATA/postgresql.conf"
            fi

            if ! pg_ctl status -D "$PGDATA" > /dev/null 2>&1; then
              mkdir -p "$PGHOST"
              pg_ctl start -D "$PGDATA" -l "$PGHOST/log" -o "-c listen_addresses="
              createdb "$PGDATABASE" 2>/dev/null || true
            fi

            trap "pg_ctl stop -D '$PGDATA' -m fast 2>/dev/null" EXIT
          '';
        };
      });
    };
}

Add .pg/ to your .gitignore and you're set.

milestone: calculus reaches 1M+ members

Thu, 12 Feb 2026 00:00:00 GMT

We just reached 1M+ members in the Calculus group.

We started in 2021 with just 4 admins, from different countries — and it’s honestly unreal to see how far this community has come.

Managing the posts and members at this scale has become challenging, but I’m truly grateful for the support, contributions, and kindness from everyone here.

Thank you for being part of this journey.

$$\text{Love MATHS} < 3 = \lim_{x \to \infty}\text{happiness}$$

gadget: got my first split keyboard

Mon, 12 Jan 2026 00:00:00 GMT

Got my split keyboard today. Still slow, but enjoying every keystroke.

Cozy

Wed, 10 Dec 2025 14:52:14 GMT

I spend a lot of time building, breaking, and rebuilding software, so my workspace matters.

For the past two years, I’ve been using Nix on my MacBook and NixOS as a daily driver. Everything is declarative, reproducible, and easy to roll back when experiments go wrong.

Most of my work happens in the terminal and Neovim — for coding, notes, and writing. The setup is simple, predictable, and quiet.

Nothing fancy. Just cozy, reliable tools that stay out of the way.

life: buffering

Sat, 06 Dec 2025 00:00:00 GMT

I swear something’s wrong with me rn, not a single song is hitting. All my playlists feel dead. Music isn’t even curing my mood anymore.

milestone: bought my first car

Mon, 13 Oct 2025 00:00:00 GMT

Never thought I’d say this, I just got my license today and also bought my first car. Used to walk those roads in the rain, now I drive them 💢

thought: gratitude without chains

Wed, 17 Sep 2025 00:00:00 GMT

Too much gratitude lowkey turns into chains. Be thankful, but don’t get stuck worshipping one thing. Stay free.

Typst for University Notes

Thu, 17 Jul 2025 12:26:54 GMT

“Your assignments look so beautiful — do you spend hours making them?”
My professor once asked me this with genuine curiosity.

The truth? Not really. I just take my rough class notes, clean them up a bit, and turn them into polished PDFs — all in far less time than most of my classmates.

Why I moved from Markdown to Typst

In my first two semesters, I relied on Markdown and Obsidian to take notes, Git to version them, and GitHub to back them up. I exported them as PDFs when needed. It worked — but it always felt like a patchwork solution.

Then I discovered Typst — a modern typesetting system built for simplicity and power. The moment I tried it, I knew this was the upgrade I needed. Typst gives me beautiful PDFs, powerful macros, and math support — all without the friction I had with Markdown.

Here’s a screenshot of a CSIT assignment I did using Typst:

My Workflow: Typst + Git + Neovim

Here’s how I’ve set up my note-taking flow now:

A dedicated Git repo for notes on Github.
Neovim as my editor with tinymist for Typst LSP.
A flake / nix-direnv for all dependencies.

Now, you'd be asking, why this complex setup??

I use NixOS and macOS, so flakes work everywhere.
I love git push/pull workflow.
I can use Neovim as the editor.

My `flake.nix` setup

{
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
  };

  outputs = { nixpkgs, ... }:
    let
      systems = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ];
      forAllSystems = f: nixpkgs.lib.genAttrs systems (system: f (import nixpkgs { inherit system; }));
    in {
      devShells = forAllSystems (pkgs: {
        default = pkgs.mkShell {
          packages = with pkgs; [
            typst         # Typesetting
            tinymist      # LSP for Typst
            python3       # Python runtime
            basedpyright  # Python LSP
            ruff          # Formatter
            uv            # Python package manager
          ];

          env.LD_LIBRARY_PATH = pkgs.lib.makeLibraryPath [
            pkgs.libz
            pkgs.stdenv.cc.cc.lib
          ];
        };
      });
    };
}

Neovim Configuration

I use lazy.nvim plugin manager which allows having a seprate .lazy.lua file for setting up plugins specific to the project directory.

Here’s my .lazy.lua spec for the lazy.nvim plugin manager which sets the lsp for python and typst with a couple of keybind for the specific project only.

return {
  {
    "neovim/nvim-lspconfig",
    name = "lspconfig",
    event = { "BufReadPost", "BufNewFile" },
  },

  vim.lsp.enable({ 'basedpyright', 'tinymist' }),

  vim.api.nvim_create_autocmd("filetype", {
    pattern = "python",
    callback = function()
      vim.keymap.set("n", "<leader>lf", function()
        vim.cmd("silent! !ruff format %") -- Format current file
        vim.cmd("edit!")                  -- Reload file after formatting
      end, { desc = "Format Python file with ruff" })
    end,
  }),
}

With this, I get inline errors, autocompletion, signature help, and quick formatting — exactly what I want. Here’s how it feels in action:

Final Thoughts

At this point, Typst feels like the real OG. A couple of years ago, my older brothers introduced me to LaTeX — and I thought that was the gold standard. But after showing them Typst, even they’ve made the switch.

I’m still keeping an eye on the HTML support pull request, which would make it even easier to integrate Typst on many places like even website itself.. But even now, it’s already changed how I work.

If you’re a student, especially one who writes a lot of math-heavy content, I can’t recommend Typst enough.

Remaining silent

Tue, 15 Jul 2025 04:49:36 GMT

Staying silent is powerful. Not every question needs an answer. Not every comment deserves a reply. And not every situation needs your voice in it.

I was watching this video by Ron White, where he says,“You have the right to remain silent, and I wish to God you’d use it.”.It’s a joke, but it really stuck with me. Silence is a choice, one that can save you from unnecessary trouble and help you stay in control of yourself.

When you’re quiet, you notice more, not just what people say, but how they feel. You give yourself space to think before reacting, and you avoid saying things you might later regret.

Remaining silent has helped me focus on what really matters. It gives me time to reflect and keeps me out of unnecessary conflicts.

Not every moment needs words. Sometimes, silence says enough.

life: turned 21

Fri, 11 Jul 2025 00:00:00 GMT

Turned 21 today, I feel grateful for the growth, the lessons, and the people who made it all worthwhile 🤍

college: first semester done

Thu, 28 Nov 2024 00:00:00 GMT

First semester done!

Sometimes I miss home, the food, the people, but it’s okay.

I really appreciate how my professor is helping me connect with everyone at the university. I also work in the computer lab here, and it feels awesome to be part of it.

travel: first flight, miami bound

Mon, 26 Aug 2024 00:00:00 GMT

Goodbye home, hello hustle. Miami bound 🤍

A Year in Corporate

Mon, 19 Aug 2024 23:32:00 GMT

Background

After high school, I was at home with my parents, doing errands and self-learning while preparing for my USA visa interview. Out of the blue, a well-known company reached out with a job offer. Despite not getting the terms I hoped for, I decided to take the opportunity.

The job

There wasn't anything specifically like working on just one domain. I used to manage linux server's, providing technical support and so on.

what did i get..?

The best boys:

It’s probably impossible to find teammates who are both incredibly helpful and equally supportive and encouraging at the same time.

Gotta miss them ♥

A new opportunity :

I was able to introduce nix across my teammates, Not just that but 3 of our production servers now use nix as a user level and core level.

It was an absolutely fantastic opportunity for me to learn and apply Nix on servers according to user requirements, rather than just for personal projects.

I believe that working to fulfill other’s needs teaches you more than working on personal projects alone.
The Experience :

While I’m a bit sad this is ending, we had an amazing time exploring different places. My first week alone was filled with tours and adventures. The office environment was incredibly friendly and helpful, which made the experience even better.

Moving on

I've my USA flight soon within a very few weeks. I took resign from the job but i miss the boys i met there. They were absolute amazing people. I wish to work with them later and forever.

My talk on PTN 11

Sat, 03 Aug 2024 20:32:00 GMT

PTN — Pentester Nepal, is a community for security folks in Nepal. They organize events, meetups, and challenges. PTN 11 was their 11th anniversary event, and I got to speak there.

My talk was on OS as Code: Using Nix on Apple Silicon.

What even is Nix?

Nix is three things at once — a purely functional programming language, a package manager, and an entire Linux distro (NixOS) built around it.

The package repo, nixpkgs, lives on GitHub and is honestly the largest and most up-to-date collection of packages I've seen. Everything is a derivation.

NixOS

If you take Nix the package manager and build an entire OS around it, you get NixOS. Your whole system — packages, services, users, networking — lives in a single configuration.nix file. That's the "OS as Code" part. You commit it to git, push it, and spin up the exact same machine anywhere. Wipe and reinstall? Just run nixos-rebuild switch. Back to exactly where you were.

Why Nix though?

The main idea is declarative configuration. Instead of running:

$ apt install git

You write:

{
  environment.systemPackages = with pkgs; [ git ];
}

And you get the exact same result every time, on every machine. That's the whole point — reproducible environments. No more "works on my machine" nonsense.

It's also immutable by default. All packages live in /nix/store with their hash in the path. Nothing overwrites anything. Rollbacks are trivial.

The learning curve is real though. New filesystem layout, new language, a whole rabbit hole — but once it clicks, it clicks.

Installing

The cleanest way to install Nix (not NixOS, just the package manager) is via the Determinate Systems installer:

curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install

It comes with flake support out of the box, it's easy to uninstall, and it's written in Rust — so obviously I like it.

Flakes and Direnv

A flake.nix has two parts — inputs (your dependencies) and outputs (what you're providing). It pins everything, so unlike the old nix-shell approach, you're not at the mercy of whatever channel your system has.

Pair that with direnv and nix-direnv, and your dev shell loads automatically when you cd into a directory. The presentation repo itself is an example of this — just direnv allow and you're in.

Home Manager and nix-darwin

Home Manager lets you manage all your dotfiles and user packages declaratively through Nix. One fun example from the talk — building a starship prompt that shows a different icon depending on whether you're on macOS or Linux, all in Nix.

For Apple Silicon specifically, nix-darwin brings the NixOS-style declarative config to macOS. You get the same environment.systemPackages and module system but on Darwin.

This is what makes "OS as Code" actually work on a Mac — nix-darwin handles the system layer, home-manager handles the user layer, and flakes tie it all together.

The presentation itself was built and rendered using presenterm, inside a Nix flake, on NixOS. Bit of a meta moment.

You can find the slides at github:pwnwriter/PTN11.

career: resigned from job

Thu, 25 Jul 2024 00:00:00 GMT

Wrapped up my job, said goodbye to colleagues. I feel both sad and excited at the same time.

Read my full blog post »

NixOS on a VPS

Fri, 19 Jul 2024 23:32:00 GMT

My company has recently provided me with a VPS to test things before deploying them to production. This is a great opportunity for me to push the envelope and use Nix extensively.

While most VPS providers don't offer Nix as a default OS installation option, there is a workaround using nixos-anywhere. In this post, I'll walk you through how to install NixOS on any VPS.

PS: I'm using hetzner vps, already running an ubuntu iso.

How

Kexec is a system call that allows you to load and boot into a new kernel directly from the currently running kernel. We will use it to boot into our minimal install system without needing a flash drive. Additionally, nixos-anywhere allows us to automatically format and partition using disko declaratively, and install the OS.

Requirements:

A nix(os) system
Root access over the server
1 gigs of RAM
1 cores of cpu

Configuration

We'll be using flakes to define our overall nixos config.

The file tree structure should look like this below.

$ tree .
   nixos-on-vps
   ├── configuration.nix
   ├── disk-config.nix
   └── flake.nix

flake.lock is similar to cargo.lock, package.json, lazy-lock.json it locks the package git rev hash.
configuration.nix is used to define our configuration for the nixos.
disk-config.nix is to define our disko config

The initial flake.nix skeleton look like this

{
  inputs = {

  };

  outputs = { ... }: {

  };
}

Inside flake.nix, we'll add our input repository url, nixpkgs and disko.

{
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
    disko.url = "github:nix-community/disko";
    disko.inputs.nixpkgs.follows = "nixpkgs";
  };

  outputs = {  ... }: {

  };
}

and then we'll define our output servers. For this example, i'm using my server name as wolf, you can name yours anything.

{
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
    disko.url = "github:nix-community/disko";
    disko.inputs.nixpkgs.follows = "nixpkgs";
  };

  outputs = { nixpkgs, disko, ... }: {
    nixosConfigurations.wolf = nixpkgs.lib.nixosSystem { #FIXME: change server name
      system = "x86_64-linux"; # FIXME: Change arch
      modules = [
        disko.nixosModules.disko
        ./configuration.nix
      ];
    };
  };
}

My server is x86_64-linux you'll want to change that accordingly.

I'm using the default example disk config from disko. It'll create boot and root partitions. I also recommend using the default unless you explicitly want to change. You'll want to change the device name, to know run $ lsblk

disk-config.nix

{ lib, ... }:
{
  disko.devices = {
    disk.disk1 = {
      device = lib.mkDefault "/dev/sda"; # FIXME: do lsblk  and change it to your's
      type = "disk";
      content = {
        type = "gpt";
        partitions = {
          boot = {
            name = "boot";
            size = "1M";
            type = "EF02";
          };
          esp = {
            name = "ESP";
            size = "500M";
            type = "EF00";
            content = {
              type = "filesystem";
              format = "vfat";
              mountpoint = "/boot";
            };
          };
          root = {
            name = "root";
            size = "100%";
            content = {
              type = "lvm_pv";
              vg = "pool";
            };
          };
        };
      };
    };
    lvm_vg = {
      pool = {
        type = "lvm_vg";
        lvs = {
          root = {
            size = "100%FREE";
            content = {
              type = "filesystem";
              format = "ext4";
              mountpoint = "/";
              mountOptions = [
                "defaults"
              ];
            };
          };
        };
      };
    };
  };
}

Now the configuration part.

configuration.nix

We'll first import qemu-guest module since it's a virtual machine.

{ modulesPath, config, lib, pkgs, ... }: {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
    (modulesPath + "/profiles/qemu-guest.nix")
    ./disk-config.nix
  ];
  system.stateVersion = "24.05";
}

I'll be using grub as bootloader.

{
  boot.loader.grub = {
        efiSupport = true;
        efiInstallAsRemovable = true;
    };
}

Openssh is necessary for us to be able to ssh into the new server.

{
  services.openssh.enable = true;
  users.users.root.openssh.authorizedKeys.keys = [
    "Your public ssh key" #FIXME: Add your ssh public key
  ];

You can define aditional packages to install as follows.

{
environment.systemPackages = map lib.lowPrio [
    pkgs.curl # FIXME: define your more packages here
    pkgs.gitMinimal
  ];
}

Now, our final configuration.nix should look like this.

{ modulesPath, config, lib, pkgs, ... }: {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
    (modulesPath + "/profiles/qemu-guest.nix")
    ./disk-config.nix
  ];
  boot.loader.grub = {
    efiSupport = true;
    efiInstallAsRemovable = true;
  };
  services.openssh.enable = true;

  environment.systemPackages = map lib.lowPrio [
    pkgs.curl
    pkgs.gitMinimal
  ];

  users.users.root.openssh.authorizedKeys.keys = [
    "You're public ssh key"
  ];

  system.stateVersion = "24.05";
}

Install the os

Now, we'll have to run our flake to install nixos on the vps.

 nix run github:nix-community/nixos-anywhere -- --flake .#wolf root@<server-ip>

It'll ask for the root password on installation.

Congratulations!! The nixos has been installed successfully. You should be able to just edit the configuration and run

sudo nixos-rebuild switch --flake .#wolf

the other time on any changes.

Aditional tips

You can use justfile to make this script running easy

set shell := ["zsh", "-c"]

_default:
    @just -l

alias g := gens
alias c := clean
alias r := rebuild

# lists build generations
gens:
    @echo "Listing build generations "
    @nix-env --list-generations

# cleans up the nix garbage
clean:
    @echo "Cleaning up unused Nix store items"
    @sudo nix-collect-garbage -d

# Builds the serer
rebuild:
    @echo "Rebuilding server configuration"
    @sudo nixos-rebuild switch --flake .#wolf

The recipe should look like this

$ just
Available recipes:
    clean   # cleans up the nix garbage
    c       # alias for `clean`
    gens    # lists build generations
    g       # alias for `gens`
    rebuild # Builds the serer
    r       # alias for `rebuild`

Now, rebuild the os with just r(ebuild)

Well, it's this for now, I'll see you in the next one!

life: US student visa approved

Mon, 20 May 2024 00:00:00 GMT

Got my US student visa approved today! Excited to start this new chapter. Flying to Miami, FL for my bachelor’s!

My talk on owasp 0x03

Tue, 25 Apr 2023 20:32:00 GMT

OWASP is a non-profit open-source foundation focused on application security. They have local and global chapters around the world aimed at improving community security. We also have a local chapter called OWASP Kathmandu, which organizes events to spread awareness within Nepal. I had the privilege to speak at OWASP Kathmandu 0x03, where I presented my tool, Halyxon.

If you do not know what haylxon is, simple, it's a tool to take screenshots of webpages from terminal using chrome's headless feature written in Rust!

You can simply take a screenshot of a webpage as below!

hxn -b <path/to/chrome/bin> -u https://example.com

But wait, you could do that by just opening a browser and pressing some holy keys?

I mean yeah? but what would you do when you have hundreds of urls, sub(domains) to take?

Background

There were already tools like Eyewitness and Gowitness, which I had used, but they either felt slow or lacked my personal touch. Since I wanted to learn Rust, it was the perfect time to start a new project, especially since I already had a basic knowledge of Rust.

Usages

Haylxon comes with a lot of options now, reading urls from stdin, defining ports, running arbitary javascript and a lot more.

You can pass a file containing a list of urls, and define height, width and even a delayed screenshot is possible.

One of the most interesting usages of this tools is that, you can run it on github actions to take screenshot of your subdomain, zip that out upload to 0x0.st or your own instance.

After the talk, I was gifted some cute swag and a letter of appreciation. I want to thank OWASP for that <3.

year: 2023 in review

Mon, 02 Jan 2023 00:00:00 GMT

I finally got to spend more time with my parents, staying home and helping at our shop near the school. I enjoyed chatting with people, playing cricket with kids, and having fun with my brother — even those foggy morning runs and playing with goats. I also did a lot of open-source work in Rust, writing haylxon and hysp, and diving deep into Rust internals. Like last year, I attended Threatcon again — it was a blast. Bye!

year: 2022 in review

Sat, 01 Jan 2022 00:00:00 GMT

This year was amazing. I launched METISLinux, met great people at Threatcon, and finished +2 science with some good grades. I got recognized by the Dutch government and Cambridge for bug reports, earned eJPT, and started learning Rust. Met some old online friends in real.

See yaa!

pwn::musings & syndications

Hacking 10$ Nexus Phone Into a Hacking Machine

The Phone

CVE-2016-8467

Why PIN not important here

The Exploit

Unlock and Flash

What It Can Do

Aditional resources

hackathon: won best elevenlabs at morganhacks

nvim: per project configuration

Leaving lazy.nvim Behind

What This Does

on eipi.boo

SSH Home Server Anywhere

Create the tunnel

Configure the tunnel

Add the DNS route

Run the tunnel

SSH from anywhere

Oneshot canceled haylxon

What Was Happening

The Fix

font: migrate jetbrains → lilex

nix: local postgresql with nix flake

milestone: calculus reaches 1M+ members

gadget: got my first split keyboard

Cozy

life: buffering

milestone: bought my first car

thought: gratitude without chains

Typst for University Notes

Why I moved from Markdown to Typst

My Workflow: Typst + Git + Neovim

My flake.nix setup

Neovim Configuration

Final Thoughts

Remaining silent

life: turned 21

college: first semester done

travel: first flight, miami bound

A Year in Corporate

Background

The job

what did i get..?

Moving on

My talk on PTN 11

What even is Nix?

NixOS

Why Nix though?

Installing

Flakes and Direnv

Home Manager and nix-darwin

career: resigned from job

NixOS on a VPS

How

Configuration

Install the os

Aditional tips

life: US student visa approved

My talk on owasp 0x03

Background

Usages

year: 2023 in review

year: 2022 in review

Leaving `lazy.nvim` Behind

My `flake.nix` setup