My Blog

And this is my blog. When I do occasionally get off of my ass to write something, it's typically very technical and related to something that I've been working on. I have a basic tagging system, but haven't been bothered to write any sort of statistical rankings, so here's a few cherry-picked ones: tutorial, writeup, programming, and security.

If you use a feed reader, there's an RSS stream available here.

Posts tagged as security

Bad BEHAVIOR

Posted on Thu, 4 Jan 2018.

TL;DR, I discovered a stack-smashing vulnerability in GZDoom's interpreter for ACS. As a preface, there's a tendency for whitepapers like this in the security community to be written with a somewhat condescending tone towards the product's vendor. I do not mean for any portion of this writeup to come off as degrading to the developers involved. Yes, the bug was obvious to me<... (read on)

BackdoorCTF 2017: FUNSIGNALS

Posted on Sat, 24 Sep 2017.

"funsignals" was a 250 point binary exploitation challenge with 58 solves. The challenge itself was a very trivial example of sigreturn-oriented programming.

Sigreturn-oriented programming is a means of getting values into certain registers without having to use ROP gadgets that pop values from the stack. It's a technique that relies on how UNIX-like operating systems impl... (read on)

Reverse Engineering Babby's First Archive Format

Posted on Thu, 2 Mar 2017.

About two months have passed since the first release of Nekopack - a tool I wrote for extracting game data from Nekopara's XP3 archives. While the process wasn't an amazing reverse-engineering war story that will keep you on the edge of your seat, I feel it deserves a small blog post explaining how I did it. Additionally, there's no real documentation on the XP3 format as far as ... (read on)