-
A forensic analysis of the Google Home: repairing compressed data without error correction
Authors:
Hadrien Barral,
Georges-Axel Jaloyan,
Fabien Thomas-Brans,
Matthieu Regnery,
Rémi Géraud-Stewart,
Thibaut Heckmann,
Thomas Souvignet,
David Naccache
Abstract:
This paper provides a detailed explanation of the steps taken to extract and repair a Google Home's internal data. Starting with reverse engineering the hardware of a commercial off-the-shelf Google Home, internal data is then extracted by desoldering and dum** the flash memory. As error correction is performed by the CPU using an undisclosed method, a new alternative method is shown to repair a…
▽ More
This paper provides a detailed explanation of the steps taken to extract and repair a Google Home's internal data. Starting with reverse engineering the hardware of a commercial off-the-shelf Google Home, internal data is then extracted by desoldering and dum** the flash memory. As error correction is performed by the CPU using an undisclosed method, a new alternative method is shown to repair a corrupted SquashFS filesystem, under the assumption of a single or double bitflip per gzip-compressed fragment. Finally, a new method to handle multiple possible repairs using three-valued logic is presented.
△ Less
Submitted 29 September, 2022;
originally announced October 2022.
-
Near-Optimal Pool Testing under Urgency Constraints
Authors:
Éric Brier,
Megi Dervishi,
Rémi Géraud-Stewart,
David Naccache,
Ofer Yifrach-Stav
Abstract:
Detection of rare traits or diseases in a large population is challenging. Pool testing allows covering larger swathes of population at a reduced cost, while simplifying logistics. However, testing precision decreases as it becomes unclear which member of a pool made the global test positive.
In this paper we discuss testing strategies that provably approach best-possible strategy - optimal in t…
▽ More
Detection of rare traits or diseases in a large population is challenging. Pool testing allows covering larger swathes of population at a reduced cost, while simplifying logistics. However, testing precision decreases as it becomes unclear which member of a pool made the global test positive.
In this paper we discuss testing strategies that provably approach best-possible strategy - optimal in the sense that no other strategy can give exact results with fewer tests. Our algorithms guarantee that they provide a complete and exact result for every individual, without exceeding $1/0.99$ times the number of tests the optimal strategy would require.
This threshold is arbitrary: algorithms closer to the optimal bound can be described, however their complexity increases, making them less practical.
Moreover, the way the algorithms process input samples leads to some individuals' status to be known sooner, thus allowing to take urgency into account when assigning individuals to tests.
△ Less
Submitted 21 June, 2021;
originally announced June 2021.
-
A Fractional $3n+1$ Conjecture
Authors:
Éric Brier,
Rémi Géraud-Stewart,
David Naccache
Abstract:
In this paper we introduce and discuss the sequence of \emph{real numbers} defined as $u_0 \in \mathbb R$ and $u_{n+1} = Δ(u_n)$ where \begin{equation*} Δ(x) = \begin{cases} \frac{x}{2} &\text{if } \operatorname{frac}(x)<\frac{1}{2} \\[4px] \frac{3x+1}{2} & \text{if } \operatorname{frac}(x)\geq\frac{1}{2} \end{cases} \end{equation*} This sequence is reminiscent of the famous Collatz sequence, and…
▽ More
In this paper we introduce and discuss the sequence of \emph{real numbers} defined as $u_0 \in \mathbb R$ and $u_{n+1} = Δ(u_n)$ where \begin{equation*} Δ(x) = \begin{cases} \frac{x}{2} &\text{if } \operatorname{frac}(x)<\frac{1}{2} \\[4px] \frac{3x+1}{2} & \text{if } \operatorname{frac}(x)\geq\frac{1}{2} \end{cases} \end{equation*} This sequence is reminiscent of the famous Collatz sequence, and seems to exhibit an interesting behaviour. Indeed, we conjecture that iterating $Δ$ will eventually either converge to zero, or loop over sequences of real numbers with integer parts $1,2,4,7,11,18,9,4,7,3,5,9,4,7,11,18,9,4,7,3,6,3,1,2,4,7,3,6,3$.
We prove this conjecture for $u_0 \in [0, 100]$. Extending the proof to larger fixed values seems to be a matter of computing power. The authors pledge to offer a reward to the first person who proves or refutes the conjecture completely -- with a proof published in a serious refereed mathematical conference or journal.
△ Less
Submitted 20 June, 2020;
originally announced June 2020.
-
The Look-and-Say The Biggest Sequence Eventually Cycles
Authors:
Éric Brier,
Rémi Géraud-Stewart,
David Naccache,
Alessandro Pacco,
Emanuele Troiani
Abstract:
In this paper we consider a variant of Conway's sequence (OEIS A005150, A006715) defined as follows: the next term in the sequence is obtained by considering contiguous runs of digits, and rewriting them as $ab$ where $b$ is the digit and $a$ is the maximum of $b$ and the run's length. We dub this the "look-and-say the biggest" (LSB) sequence. Conway's sequence is very similar ($b$ is just the run…
▽ More
In this paper we consider a variant of Conway's sequence (OEIS A005150, A006715) defined as follows: the next term in the sequence is obtained by considering contiguous runs of digits, and rewriting them as $ab$ where $b$ is the digit and $a$ is the maximum of $b$ and the run's length. We dub this the "look-and-say the biggest" (LSB) sequence. Conway's sequence is very similar ($b$ is just the run's length). For any starting value except 22, Conway's sequence grows exponentially: the ration of lengths converges to a known constant $λ$. We show that LSB does not: for every starting value, LSB eventually reaches a cycle. Furthermore, all cycles have a period of at most 9.
△ Less
Submitted 12 June, 2020;
originally announced June 2020.
-
Stuttering Conway Sequences Are Still Conway Sequences
Authors:
Éric Brier,
Rémi Géraud-Stewart,
David Naccache,
Alessandro Pacco,
Emanuele Troiani
Abstract:
A look-and-say sequence is obtained iteratively by reading off the digits of the current value, grou** identical digits together: starting with 1, the sequence reads: 1, 11, 21, 1211, 111221, 312211, etc. (OEIS A005150). Starting with any digit $d \neq 1$ gives Conway's sequence: $d$, $1d$, $111d$, $311d$, $13211d$, etc. (OEIS A006715). Conway popularised these sequences and studied some of thei…
▽ More
A look-and-say sequence is obtained iteratively by reading off the digits of the current value, grou** identical digits together: starting with 1, the sequence reads: 1, 11, 21, 1211, 111221, 312211, etc. (OEIS A005150). Starting with any digit $d \neq 1$ gives Conway's sequence: $d$, $1d$, $111d$, $311d$, $13211d$, etc. (OEIS A006715). Conway popularised these sequences and studied some of their properties. In this paper we consider a variant subbed "look-and-say again" where digits are repeated twice. We prove that the look-and-say again sequence contains only the digits $1, 2, 4, 6, d$, where $d$ represents the starting digit. Such sequences decompose and the ratio of successive lengths converges to Conway's constant. In fact, these properties result from a commuting diagram between look-and-say again sequences and "classical" look-and-say sequences. Similar results apply to the "look-and-say three times" sequence.
△ Less
Submitted 11 June, 2020;
originally announced June 2020.
-
At Most 43 Moves, At Least 29: Optimal Strategies and Bounds for Ultimate Tic-Tac-Toe
Authors:
Guillaume Bertholon,
Rémi Géraud-Stewart,
Axel Kugelmann,
Théo Lenoir,
David Naccache
Abstract:
Ultimate Tic-Tac-Toe is a variant of the well known tic-tac-toe (noughts and crosses) board game. Two players compete to win three aligned "fields", each of them being a tic-tac-toe game. Each move determines which field the next player must play in.
We show that there exist a winning strategy for the first player, and therefore that there exist an optimal winning strategy taking at most 43 move…
▽ More
Ultimate Tic-Tac-Toe is a variant of the well known tic-tac-toe (noughts and crosses) board game. Two players compete to win three aligned "fields", each of them being a tic-tac-toe game. Each move determines which field the next player must play in.
We show that there exist a winning strategy for the first player, and therefore that there exist an optimal winning strategy taking at most 43 moves; that the second player can hold on at least 29 rounds; and identify any optimal strategy's first two moves.
△ Less
Submitted 6 June, 2020; v1 submitted 3 June, 2020;
originally announced June 2020.
-
Approaching Optimal Duplicate Detection in a Sliding Window
Authors:
Rémi Géraud-Stewart,
Marius Lombard-Platet,
David Naccache
Abstract:
Duplicate detection is the problem of identifying whether a given item has previously appeared in a (possibly infinite) stream of data, when only a limited amount of memory is available.
Unfortunately the infinite stream setting is ill-posed, and error rates of duplicate detection filters turn out to be heavily constrained: consequently they appear to provide no advantage, asymptotically, over a…
▽ More
Duplicate detection is the problem of identifying whether a given item has previously appeared in a (possibly infinite) stream of data, when only a limited amount of memory is available.
Unfortunately the infinite stream setting is ill-posed, and error rates of duplicate detection filters turn out to be heavily constrained: consequently they appear to provide no advantage, asymptotically, over a biased coin toss [8].
In this paper we formalize the sliding window setting introduced by [13,16], and show that a perfect (zero error) solution can be used up to a maximal window size $w_\text{max}$. Above this threshold we show that some existing duplicate detection filters (designed for the $\textit{non-windowed}$ setting) perform better that those targeting the windowed problem. Finally, we introduce a "queuing construction" that improves on the performance of some duplicate detection filters in the windowed setting.
We also analyse the security of our filters in an adversarial setting.
△ Less
Submitted 10 May, 2020;
originally announced May 2020.
-
Optimal Covid-19 Pool Testing with a priori Information
Authors:
Marc Beunardeau,
Éric Brier,
Noémie Cartier,
Aisling Connolly,
Nathanaël Courant,
Rémi Géraud-Stewart,
David Naccache,
Ofer Yifrach-Stav
Abstract:
As humanity struggles to contain the global Covid-19 infection, prophylactic actions are grandly slowed down by the shortage of testing kits. Governments have taken several measures to work around this shortage: the FDA has become more liberal on the approval of Covid-19 tests in the US. In the UK emergency measures allowed to increase the daily number of locally produced test kits to 100,000. Chi…
▽ More
As humanity struggles to contain the global Covid-19 infection, prophylactic actions are grandly slowed down by the shortage of testing kits. Governments have taken several measures to work around this shortage: the FDA has become more liberal on the approval of Covid-19 tests in the US. In the UK emergency measures allowed to increase the daily number of locally produced test kits to 100,000. China has recently launched a massive test manufacturing program. However, all those efforts are very insufficient and many poor countries are still under threat. A popular method for reducing the number of tests consists in pooling samples, i.e. mixing patient samples and testing the mixed samples once. If all the samples are negative, pooling succeeds at a unitary cost. However, if a single sample is positive, failure does not indicate which patient is infected. This paper describes how to optimally detect infected patients in pools, i.e. using a minimal number of tests to precisely identify them, given the a priori probabilities that each of the patients is healthy. Those probabilities can be estimated using questionnaires, supervised machine learning or clinical examinations. The resulting algorithms, which can be interpreted as informed divide-and-conquer strategies, are non-intuitive and quite surprising. They are patent-free. Co-authors are listed in alphabetical order.
△ Less
Submitted 11 May, 2020; v1 submitted 6 May, 2020;
originally announced May 2020.
-
RISC-V: #AlphanumericShellcoding
Authors:
Hadrien Barral,
Rémi Géraud-Stewart,
Georges-Axel Jaloyan,
David Naccache
Abstract:
We explain how to design RISC-V shellcodes capable of running arbitrary code, whose ASCII binary representation use only letters a-zA-Z, digits 0-9, and either of the three characters: #, /, '.
We explain how to design RISC-V shellcodes capable of running arbitrary code, whose ASCII binary representation use only letters a-zA-Z, digits 0-9, and either of the three characters: #, /, '.
△ Less
Submitted 10 August, 2019;
originally announced August 2019.