home

Recent Posts

UMass CTF 2020 - suckless Writeup

December 13, 2020 ❖ Tags: writeup, capture-the-flag, security, binary-exploitation, myrddin

Well, this is certainly overdue. It's the writeup for a challenge I authored for this year's UMass CTF, which ran from October 5th to October 12th. Yes, I'm late. But when you attend a university that tried very hard to squeeze the entire semester twelve weeks, you're going to deal with burnout and not nearly enough time to do things outside of your coursework. So I'm finally coming back to the challenge now that the semester's ended.

read more →

The Many Faces of an Undying Programming Language

July 20, 2020 ❖ Tags: opinion, programming, lisp, common-lisp, scheme

This is a post I've been meaning to write for a while now: one anecdotally comparing programming languages in the Lisp family. I consider myself to be a Lisp hacker. Perhaps that much was obvious from the letter λ adorning my website's header, a reference to the λ-calculus which inspired John McCarthy to design the first LISP [1]. Yet, "Lisp hacker" likely means little unless you, too, consider yourself to be a Lisp hacker. Calling yourself one seems carry some level of unstated meaning. Indeed, some identify with more specific groups. "Schemer," or "Guiler," or "Racketeer," or "Clojurist." But "Lisp Hackers" ⊇ "Schemers". There is commonality shared among all, or at least most, of these programming languages, and the Lisp hackers recognize and appreciate that commonality – the characteristics that make a programming language a Lisp. Homoiconic syntax, powerful metaprogramming facilities, and editor support that, in my opinion, is unparalleled. (Yes, I am alluding to GNU Emacs.) This article, however, is concerned with the differences. In it, I will be considering the specifics of each dialect, and whether or not those specifics make for a language I would want to use to develop a new piece of software.

read more →

Investigating a Backdoor.SH.SHELLBOT.AA Infection

January 22, 2020 ❖ Tags: writeup, reverse-engineering, linux, security

It's typical for the younger sibling to look up to and mimic the older sibling, which is apparently what happened while I was away at school. I'm self-hosting a few services off of a Raspberry Pi B+ back at my parents' house, and when my brother got a Pi of his own, he decided that he also wanted to use it for self-hosting. Unfortunately, he doesn't know much about security, and unintentionally did me the favor of setting up a honeypot.

read more →

Browser Games Aren't an Easy Target

January 10, 2020 ❖ Tags: writeup, programming, reverse-engineering, video-games, game-hacking, javascript

If you're about my age and had a similarly dull upbringing, you probably also have memories of playing video games behind a teacher's back whenever class involved going to some sort of "computer lab." Flash games were the thing when I was in elementary school, and when I was in middle school, I'd bring Quake with me on a flash drive. By the time I was in high school, I'd realized that these opportunities were better spent getting a head start on homework for other classes, but I did have a few friends who still passed the time playing video games. Rather than Flash games or Quake, though, these were browser games using the new-fangled HTML5 canvas. I'd practically forgotten these games existed until someone from my capture-the-flag team mentioned "krunker.io". Apparently it's one of the more popular ones. It got me thinking about how I'd go about writing cheats for a game in the browser. Writing cheats for CS:GO was a breeze, so why would this be any harder? I had some time to spare over winter break, so I decided to give it a go and see what kind of damage I could do.

read more →

First Impressions of the Myrddin Programming Language

January 05, 2020 ❖ Tags: opinion, programming, myrddin

It's been over a year since I last wrote about contenders for the throne that C currently sits upon, so I'll spare you the prosy introduction and cut to the chase. I'd like to share some thoughts on my recent foray into a little programming language I came across while browsing lobste.rs some years ago: Myrddin, the pet project of Ori Bernstein. From the language specification, "Myrddin is designed to be a simple programming language. It is designed to provide the programmer with predictable behavior and a pragmatic set of semantics, providing the benefits of strong type checking, generics, type inference, and modern features with a high cost-benefit ratio. Myrddin is not a language designed to explore the forefront of type theory or compiler technology. Its focus is on being a practical, small, well defined, and easy to understand language for work that needs to be close to the hardware. Myrddin is influenced strongly by C and ML, with ideas from too many other places to name." The front page of the website specifically states that "[i]t aims to fit into a similar niche as C, but with fewer bullets in your feet." I see these descriptions and the cat-v-inspired stylesheets as a warning to those who don't appreciate a spartan attitude towards software development. Fortunately, I'm not one of those people.

read more →

Writeups for Dennis Yurichev's Reverse Engineering Challenges (#36-#74)

December 29, 2019 ❖ Tags: writeup, reverse-engineering, x86

This is the fourth and final set of for my self-imposed challenge of completing at least fifty of the exercises on Dennis Yurichev's challenges.re by the end of the year. The previous set is available here.

read more →

Writeups for Dennis Yurichev's Reverse Engineering Challenges (#23-#35)

August 18, 2019 ❖ Tags: writeup, reverse-engineering, x86

This is the third set of solutions for my self-imposed challenge of completing at least fifty of the exercises on Dennis Yurichev's challenges.re by the end of the year. The previous set is available here.

read more →

Towards Guix for DevOps

July 13, 2019 ↻ Crosspost ❖ Tags: writeup, programming, functional-programming, linux, guix, lisp, scheme, guile

Hey, there! I'm Jakob, a Google Summer of Code intern and new contributor to Guix. Since May, I've been working on a DevOps automation tool for the Guix System, which we've been calling guix deploy.

read more →

Writeups for Dennis Yurichev's Reverse Engineering Challenges (#12-#22)

May 28, 2019 ❖ Tags: writeup, reverse-engineering, x86

This is the second set of solutions for my self-imposed challenge of completing at least fifty of the exercises on Dennis Yurichev's challenges.re by the end of the year. The first set is available here.

read more →

Transitioning to Haunt

May 04, 2019 ❖ Tags: writeup, programming, lisp, scheme, emacs, emacs-lisp

Rather than study for finals this week, I spent my time moving this blog over to Haunt. Previously, I was using Hugo, and while ox-hugo made the authoring workflow tolerable, doing anything on the rendering side of things was unsavory at best. I eventually had enough and decided to look for another solution, of which Haunt was the most enticing.

read more →