Skip to main content

Latin1 vs UTF8

Latin1 was the early default character set for encoding documents delivered via HTTP for MIME types beginning with /text . Today, only around only 1.1% of websites on the internet use the encoding, along with some older appplications. However, it is still the most popular single-byte character encoding scheme in use today. A funny thing about Latin1 encoding is that it maps every byte from 0 to 255 to a valid character. This means that literally any sequence of bytes can be interpreted as a valid string. The main drawback is that it only supports characters from Western European languages. The same is not true for UTF8. Unlike Latin1, UTF8 supports a vastly broader range of characters from different languages and scripts. But as a consequence, not every byte sequence is valid. This fact is due to UTF8's added complexity, using multi-byte sequences for characters beyond the general ASCII range. This is also why you can't just throw any sequence of bytes at it and e...
Post a Comment

Using Reflection in Go

Have you ever been writing Go and needed to quickly find all the possible methods or fields you can use with a particular function?

Go's built in "reflection" is a quick way to find out. A neat metaprogramming trick. For example, the following code, when used against a particular crypto library:

import ( 
	"reflect"
	"github.com/zmap/zcrypto/tls"
)
...

func GetJa3Hash(serverHello *tls.ServerHello) string {
    byteString := make([]byte, 0)
...

Next, we can iterate over the serverHello within our function call. I mostly use this for debugging. Essentially, reflection allows us to use a program to inspect its own source code on the fly. Consider the example below. We can iterate and print all of the fields, methods, and their corresponding types accessible from serverHello.

typ := reflect.TypeOf(*serverHello)

for i := 0; i < typ.NumField(); i++ {
	field := typ.Field(i)
	fmt.Printf("Field: %s, Type: %s\n", field.Name, field.Type)
}

for i := 0; i < typ.NumMethod(); i++ {
	method := typ.Method(i)
	fmt.Printf("Method: %s\n", method.Name)
}

And... wham. Now we have a quick list of fields we can access, along with their corresponding types. For example, SessionID or HeartbeatSupported, and so on.

Field: Version, Type: tls.TLSVersion
Field: Random, Type: []uint8
Field: SessionID, Type: []uint8
Field: CipherSuite, Type: tls.CipherSuite
Field: CompressionMethod, Type: uint8
Field: OcspStapling, Type: bool
Field: TicketSupported, Type: bool
Field: SecureRenegotiation, Type: bool
Field: HeartbeatSupported, Type: bool
Field: ExtendedRandom, Type: []uint8
Field: ExtendedMasterSecret, Type: bool
Field: SignedCertificateTimestamps, Type: []tls.ParsedAndRawSCT
Field: AlpnProtocol, Type: string

"The Laws of Reflection"

Labels:

Comments

Post a Comment

Popular posts from this blog

yt-dlp Archiving, Improved

One annoying thing about YouTube is that, by default, some videos are now served in .webm format or use VP9 encoding. However, I prefer storing media in more widely supported codecs and formats, like .mp4, which has broader support and runs on more devices than .webm files. And sometimes I prefer AVC1 MP4 encoding because it just works out of the box on OSX with QuickTime, as QuickTime doesn't natively support VP9/VPO9. AVC1-encoded MP4s are still the most portable video format. AVC1 ... is by far the most commonly used format for the recording, compression, and distribution of video content, used by 91% of video industry developers as of September 2019. [ 1 ] yt-dlp , the command-line audio/video downloader for YouTube videos, is a great project. But between YouTube supporting various codecs and compatibility issues with various video players, this can make getting what you want out of yt-dlp a bit more challenging: $ yt-dlp -f "bestvideo[ext=mp4]+bestaudio[ext=m4a]/best...
Post a Comment
Read more