I research on all things computer science, with a special focus on applied computer security. I relish computational thinking and human-computer interaction. I'm interested in making systems more natural and transparent to help people engage and educate, and that's the reason my early research spans password dynamics, software and hardware vulnerabilities, software obfuscation, privacy on the Internet and beyond.

Thank you for taking the time to visit my website. Feel free to reach out to me at hello@piyushraj.org or connect on LinkedIn.

Publications

Academic explorations at the intersection of systems, security, and usability.

2021

Jun 04^th: Augmenting Motion Sensing To Improve Ordinary IP Webcam Feeds Exploiting Alpha Compositing, Copyright Office, Govt. of India
«cold storage»

2020

Dec 28^th: Contre Sozial — Breaking the doomscrolling cycle using the power of machine learning algorithms.
«GitHub»

Jun 26^th: Full Address Bar Spoofing On Opera Mini Android (ANMEXT-148725) — The vulnerability not only spoofs the address bar, but makes the spoofed web-page completely responsive so the attack becomes practical.
«hall of fame» «blog»

Jun 23^rd: Medium Android — Injection of augmented malicious stories in Reading List capable of causing Javascript Injection & Open Redirects.
«hall of fame»

Jun 22^nd: Medium Android — Camouflaged GitHub Activity Giving Access to Internal API Calls.
«hall of fame» «blog»

Mar 20^th: Deaf-INATOR & Noisy — Urbane Microphone Jamming.
«blog»

Mar 14^th: Introducing πrate — Pi Day 2020
«blog» «GitHub»

2019

Nov 24^th: Delatar — Exposing hackers. The story of CMU-PPP.
«GitHub»

Oct 11^th: Server fingerprinting — How I broke most famous recon tools and made the script kiddies sad, BSides Delhi.
«pdf» «blog» «GitHub»

Sep 19^th: res-block — Extension Resources Block Attack on Chrome, Google.
«code» «blog»

Sep 7^th: SNYK-JS-JISON-570539 — OS Command Injection on Jison [all-parser-ports], Node.js third-party modules, HackerOne, Snyk.
«report#690010» «advisory»

Sep 5^th: CVE-2019-14339 — Canon PRINT 2.5.5 URI Injection, MITRE, NVD, U.S. govt.
«advisory» «exploit»

Aug 29^th: Address bar spoofing in Firefox Lite for Android.
«blog» «PoC»

Jun 25^th: Gaming py4e — Python for Everybody, Dr. Charles Russell Severance.
«exploit»

2017

Aug 26^th: Possible Information Leak & RCE on Motorola, Sony, OnePlus Android 7.0.
«report»

Projects

Things I've built, tested, and learned from over the years.

Aroma of the songs

Music visualization in the form of intricate and unique rose petals

I love music and frankly, who doesn't. From my childhood days, I have this innate tendency of tinkering things for example, from sending songs wirelessly using light, trying encoding songs visually to making machine generated synthetic songs, somehow music has always been a center piece to all of it. “Aroma of the songs” follows this progression and transforms songs into roses creating exploration space of a unique kind — the one that helps you in connecting with music while impacting you on many levels.

Peek into the process ⟶

SmearHash

A hashing algorithm to create compact representations of videos.

In short, SmearHash takes a video, and gives you a short list of strings (only 20-30 characters!) that represents the placeholder for that video. You do this on the backend of your service, and store the strings list along with the video. When you send media to your client, you send both the URL to the video, and the SmearHash strings list. Your client then takes the list, and decodes it into an video that it shows while the real video is loading over the network. The strings are short enough that it comfortably fits into whatever data format you use. For instance, it can easily be added as a field in a JSON object.

See how it all came together ⟶

MyoDetect

An attempt in creating an non-invasive upper-limb prosthetic interface.

Gesture Detection on Myo Armband using Neural Networks. One of the significant challenges in the upper-limb-prosthetics research field is to identify appropriate interfaces that utilize the full potential of current state-of-the-art neuroprostheses. As the new generation of such prostheses paces towards approximating the human physiological performance in terms of movement dexterity and sensory feedback, it is clear that current non-invasive interfaces are still severely limited. Surface electromyography, the interface ubiquitously used in the field, is riddled with several shortcomings. Gesture recognition, an interface pervasively used in wearables and mobile devices, shows a strong potential as a non-invasive upper-limb prosthetic interface.

Check out the build log ⟶

FadBlock Origin

A fast, lightweight, and undetectable YouTube Ads Blocker.

This blocker is designed to monitor advertisements, automatically seek the ads, and skip them. It's important to note that this doesn't classify as traditional ad blocking, as the ad content is technically "loaded".

Learn more about this project ⟶

M.I.N.N.

Wi-Fi indoor positioning system for Manipal University Jaipur.

An IPS system built for the college utilizing localization techniques and machine learning. Global navigation satellite systems (GPS or GNSS) are generally not suitable to establish indoor locations, since microwaves will be attenuated and scattered by roofs, walls and other objects. Building three dimensional (3d) map of whole university is a difficult job. However, in order to make positioning signals ubiquitous, integration between GPS and indoor positioning can be made.

Go behind the scenes ⟶

Wapparalyser

Fuzzing and fooling Wappalyzer

A security tool presented at BSides Delhi 2019 which defeats Wappalyzer, a red team tool used for enumerating web services running on targets.

Read the build notes ⟶

Wrong8007

Wrong Boot OS is an equivalent of a burner phone.

This project is starting with a simple Linux Kernel Module (or LKM) which is always running in the background (from kernel-space) waiting for the "secret" phrase to nuke everything in it's entirety.

View the build journey ⟶

πrate

All of it is in π! They were always there!

All personal information that has ever existed or will ever exist, the PII credentials of every person ever, can be searched just by using this project which utilizes the almighty power of Pi.

Trace the tech trail ⟶

Emoface

HCI wearable device for manifesting emotions.

An experiment to recreate the infamous "Wrench mask" from Watch Dogs 2.