https://openpunk.com/Recent content on OpenPunkHugo -- gohugo.ioen-ushttps://openpunk.com/pages/subroutine-magic/Sat, 06 Jan 2024 00:00:00 +0000https://openpunk.com/pages/subroutine-magic/If you’ve ever been involved in cheat development or reverse engineering you may have come across the problem of calculating the size of a subroutine dynamically; that is: while inside the target process’s address space, can we calculate the size of a given subroutine at address X? This is a problem that has plagued me for years and I’ve never been able to find a good solution to it, until now :Dhttps://openpunk.com/journal/go-detect-that-hash/Mon, 16 Oct 2023 00:00:00 +0000https://openpunk.com/journal/go-detect-that-hash/Recently I’ve been working on a passion project with a friend, a simple hash detector but written in Go. We were porting a large list of regular expressions from a python-based project since redoing work is annoying and a fool’s errand. The project we were stealing regular expressions from was this one. We ran into a strange issue where the Go regex engine would panic when we tried to compile a regex with a repetition limit of 2048 with this ominous error message:https://openpunk.com/pages/sw-jk2-jo/Sat, 22 Jul 2023 00:00:00 +0000https://openpunk.com/pages/sw-jk2-jo/Recently a friend of mine, dongresource, was struggling to get Star Wars Jedi Knight II: Jedi Outcast (this specific version) working over Wine/Linux. While chatting about this, we ended up collaboratively exploring all the different ways of getting the game to run that we could think of, for fun. Now I thought it’d be cool to document the resources we used and the (approximate) workflow we went through to have multiple different approaches to get the game working over Wine.https://openpunk.com/journal/gopenfusion/Thu, 09 Mar 2023 00:00:00 +0000https://openpunk.com/journal/gopenfusion/A couple weeks ago I got stuck on an idea. ‘What if FusionFall Packet Protocol, but in Go?’ I naively thought this was an easy thing. Just define the structures in Go and copy the bytes to the structure, no biggie! Oh boy was I wrong. Not only is there no way to specify the pack alignment for structure members, it was also just downright wrong to assume that Go would let you write directly to structures without jumping through some hoops.https://openpunk.com/journal/insomnia-sunrise/Sun, 19 Feb 2023 00:00:00 +0000https://openpunk.com/journal/insomnia-sunrise/I found myself up at 6am, unable to sleep, poking around google maps until I realized I lived quite close to a lake. Being 6am, I knew the sun would be rising in about an hour or so. Eager to get out of my apartment for a mini-adventure, I brewed myself some coffee and set out to Lake Ray Roberts to watch the sunrise. This was my view: The wind was fairly strong this morning, leading to some nice waves :)https://openpunk.com/journal/minimal-soundboard/Mon, 09 Jan 2023 00:00:00 +0000https://openpunk.com/journal/minimal-soundboard/Title really says it all. I wanted something that ‘just works’ and takes minimal setup and ideally uses packages and software I already had installed. I ended up writing a tiny bash script that takes one argument, a sound file to play. The script looks like: #!/bin/bash AUDIO_SOURCE=$1 VIRTUAL_MIC=~/virtmic # sanity check the argument lol if test -z "$AUDIO_SOURCE" then echo "Usage: `basename "$0"` [audio file]" exit 1 fi # create and set the virtual audio device pactl load-module module-pipe-source source_name=virtmic file=$VIRTUAL_MIC format=s16le rate=16000 channels=1 pactl set-default-source virtmic # we sleep here to give discord a chance to switch over to the new audio device (this should be done automatically) echo "piping audio from $AUDIO_SOURCE" sleep 5 # pipe the audio ffmpeg -re -i $AUDIO_SOURCE -f s16le -ar 16000 -ac 1 - > $VIRTUAL_MIC # unload the audio device, pulseaudio will switch back over to the previous audio device (your mic :D) pactl unload-module module-pipe-source I moved the script to /usr/local/bin/virtual-michttps://openpunk.com/journal/product/Wed, 21 Dec 2022 00:00:00 +0000https://openpunk.com/journal/product/I wanted to start this off by saying that you’re worth more than your productivity. In today’s world, it’s easy to fall into the trap of thinking that your worth is directly tied to what you produce. After all, if you don’t produce and create, what value are you bringing into this world? You’re worth more than your work. I do believe that the way our social structures are setup really tends to reinforce this braindead idea that “productivity = value.https://openpunk.com/pages/in-the-wild/Fri, 21 Oct 2022 00:00:00 +0000https://openpunk.com/pages/in-the-wild/A couple months back I was watching a vinesauce stream (very funny btw) where Joel was searching the bowels of youtube for not-so-nice software to install. After watching, I thought it’d be fun to try and find some shitware of my own to take apart. ‘The gutter’ Seeing as I used to poke fun at roblox I thought I’d start by searching “roblox hack 2022 working” and -as per Joel’s instructions- sorted by Upload Date.https://openpunk.com/journal/stripping-lua-protos/Sun, 04 Sep 2022 00:00:00 +0000https://openpunk.com/journal/stripping-lua-protos/In my last blog post I talked about a simple Lua decompiler I made using my updated Lua 5.1 (de)serializer. I recently added support to re-serialize chunks back into Lua dumps (the equivalent of ldump.c). Using this, I wrote a tiny python script to strip debugging info from Lua 5.1 dumps automagically. It looks like: #!/usr/bin/env python3 ''' usage: lstrip [-h] -i FILE [-o FILE] Strips local and debugging information from Lua 5.https://openpunk.com/journal/uncomfortable/Thu, 01 Sep 2022 00:00:00 +0000https://openpunk.com/journal/uncomfortable/Over the past years I’ve grown. A little bit at a time, sometimes painstakingly, but I’ve grown nonetheless. This is my official disclaimer that I am just some nerd in your computer that writes a blog about software I think is cool. I am just a CompSci student and nothing on this site should be taken as fact. Do your own exploration! Correct me when I’m wrong! Be uncomfortable If you ever find yourself in a comfortable spot in your journey, immediately stop what you’re doing.https://openpunk.com/pages/luadecompy/Sat, 27 Aug 2022 00:00:00 +0000https://openpunk.com/pages/luadecompy/Recently I struck an interest in decompilers because of a small passion project a friend of mine showed me. Gent’s project dealt with turning compiled DirectX shaders back into HLSL (High level shader language). His project (also written in python!) inspired me to write a decompiler of my own. I settled on writing a Lua 5.1 decompiler since I had already written a Lua 5.1 dump disassembler a couple years back (which needed some cleanup, but worked none-the-less).https://openpunk.com/journal/preinject-dlls/Sat, 30 Jul 2022 00:00:00 +0000https://openpunk.com/journal/preinject-dlls/Recently I faced a rather intimidating problem while working on a project. The problem was fairly simple from an objective point of view: “How do I load a DLL into a process on startup?” Now you might be wondering, “Why not just patch the IAT (import address table) on the executable and force it to load your payload DLL??” Yes! That was my exact thoughts too, however for reasons I’ll explain it wasn’t that simple.https://openpunk.com/journal/goaccess/Thu, 16 Jun 2022 00:00:00 +0000https://openpunk.com/journal/goaccess/In an effort to be more transparent on the very little information I collect from my readers, I’ve written this post to share the info I do use (literally the default log files from Nginx.) Recently I shared my “Cracking 22 year-old DRM” post on Reddit. I don’t use Reddit very often but every now and then I’ll lurk r/ReverseEngineering since it’s usually full of pretty interesting posts. Anyways, after noticing a couple people had responded to the post, I was curious how many people actually read that post.https://openpunk.com/pages/cracking-22-yr-old-drm/Mon, 06 Jun 2022 00:00:00 +0000https://openpunk.com/pages/cracking-22-yr-old-drm/EDIT: Others have pointed out that the term “DRM” isn’t exactly period accurate to this software. While what the game does is arguably a less sophisticated DRM implementation, it would have been called ‘CD Check’ or something similar at the time. The difference is negligable and both approaches accomplish the same goal, prevent pirated copies for the duration of sale. Pac-Man: Adventures in Time is a game from the year 2000.https://openpunk.com/journal/switch-to-ansible/Wed, 01 Jun 2022 00:00:00 +0000https://openpunk.com/journal/switch-to-ansible/Ansible if you hadn’t heard, is IaC’s (Infrastructure as Code) most loved obsession. Supported by RedHat, it allows deployment and management of servers in a sustainable and easy package through things called ‘Playbooks.’ These playbooks are written in YAML and specify actions to setup/maintain a server. Of course I didn’t need to use Ansible, but after writing one for the OpenPunk VPS I can confidently say that yes, you don’t need it.https://openpunk.com/journal/self-critique/Wed, 25 May 2022 00:00:00 +0000https://openpunk.com/journal/self-critique/I burn through a lot of projects. Some last for several months to half a year, and others for a couple days. I can say confidently that after each project (most of them left unfinished) I’ve improved as a developer. Each project I’ve done has taught me something. Either I learned a better way of designing something, or I learned how not to do something. Yes, this can seem pretty obvious and self-congratulatory, but the alternative is to feel that you’ve wasted days to months of your life working on something that had no value.https://openpunk.com/pages/obfuscation-in-c/Sat, 21 May 2022 00:00:00 +0000https://openpunk.com/pages/obfuscation-in-c/Recently I’ve been working on a small passion project I’ve been wanting to do for a while. Laika is a malware written in modern C. I recently added some cool obfuscation features to the LaikaBot target. Let’s take a look at how it works. Rough Idea I’m sure you’ve seen this before, malware authors love to obfuscate strings using various techniques, among those are the classic xor obfuscation. I hesitate to call it ’encryption’ given it’s numerous pitfalls, however it’s extremely simple to implement so I’ll be focusing on this one technique.https://openpunk.com/journal/error-handling/Thu, 05 May 2022 00:00:00 +0000https://openpunk.com/journal/error-handling/Error handling in C has always been a pain. Most small projects have a simple return based error handling solution. For example, #include <stdlib.h> #include <stdio.h> #include <stdbool.h> bool isEven(int i) { return i % 2 == 0; } int main() { int x = 3; if (!isEven(x)) { printf("[ERROR]: %d is not even!\n", x); return EXIT_FAILURE; } return EXIT_SUCCESS; } Our ’error’ in this case is that our variable x is odd.https://openpunk.com/journal/selflove/Thu, 31 Mar 2022 00:00:00 +0000https://openpunk.com/journal/selflove/This journal entry is my way of being more open and honest with myself. I’ve recently been focusing more on my mental health and trying to improve myself through honest self reflection. This is me being honest. Self-love If you’re like me at all somedays you really cannot tell a difference between self-love and self-hate. An interesting thought exercise is to make a list of honest thoughts about yourself. This can seem a bit cringy at first but hey, no one is looking.https://openpunk.com/journal/burnout/Mon, 10 Jan 2022 00:00:00 +0000https://openpunk.com/journal/burnout/While I will be talking specifically about software development, the methods and self-care from my experiences should be fairly universal especially if you’re working for yourself. I’ve been programming since I was 11 years old, my first language was Lua. Since I started at a relatively young age it was never ‘work’ for me, It was more like a fun hobby with which I could express myself and create things (mostly games).https://openpunk.com/journal/why-journal/Sun, 09 Jan 2022 00:00:00 +0000https://openpunk.com/journal/why-journal/I’ve come to the conclusion that I enjoy writing. Sad part is that I don’t always have a clean presentable project to write a roughly 1000 word essay over. Thats where this journal comes in! Think of these as ‘mini-blog’ posts, short and sweet. I’m not going to try to make these as presentable as my blog posts, aka “I’m lazy and would like to write about small projects or opinions that wouldn’t fit into a whole post.https://openpunk.com/pages/dead-mans-hugo/Sat, 04 Sep 2021 00:00:00 +0000https://openpunk.com/pages/dead-mans-hugo/You’re going to die Okay… maybe not right now but who knows? It’s unavoidable. No matter what diet you try or whether you know Rust™ or not, eventually the curtains will close and your show will end. Preparing for one’s death might seem like a jinx, but the truth is anything could happen. It’s sure gonna suck when you die getting mugged tomorrow, so let’s make it suck less. In honor of this Halloween season I would like to cheat death and create a dead man’s hugo post; specifically a hugo post that would be posted 2 weeks or so after my death.https://openpunk.com/pages/cosmo-workflow/Thu, 18 Feb 2021 00:00:00 +0000https://openpunk.com/pages/cosmo-workflow/I’ve been spending a lot of time recently on my own scripting language called “Cosmo.” Cosmo is an easily embeddable scripting language loosely based off of Lua. It’s definitely a student project though so don’t get your hopes up. While this does smash python in benchmarks its not quite as fast as Lua, let alone Lua-JIT. Anyways, in this post I wanted to walk through my rough workflow for working on Cosmo.https://openpunk.com/journal/screaming-bridge/Mon, 18 Jan 2021 00:00:00 +0000https://openpunk.com/journal/screaming-bridge/I’ve heard stories about the haunted ‘Screaming Bridge’ since I was an elementary kid from the older kids in my neighborhood. Always some embellished story about encounters with the paranormal, which of course I innocently believed. Wanting to experience the supernatural myself, I poked around reddit and other places looking for directions on how to get there. Learning of a simple 20ish minute hiking trail that leads directly up to the old bridge, I was determined to get there and asked my sister to come with.https://openpunk.com/pages/fusionfall-openfusion/Tue, 27 Oct 2020 00:00:00 +0000https://openpunk.com/pages/fusionfall-openfusion/If you remember my old site before I switched to a static site, I wrote a couple of posts about FusionFall Retro. Unfortunately, that project has since been shutdown. A couple of months ago in the spirit of FFR (and because it got brought up in conversation) I started to become curious about how they actually made the server. This kick started my journey into the depths of the FusionFall client.https://openpunk.com/pages/bufferoverflow-fav-color-ctf/Mon, 09 Dec 2019 00:00:00 +0000https://openpunk.com/pages/bufferoverflow-fav-color-ctf/Hey! So I recently made an account on ctflearn.com which is this great site that teaches you how to do CTFs and gives you practice ones you can use to learn! I’ve always wanted to try out a CTF, so I quickly found a fairly simple one in the binary section and tried it out. I picked one with a lot of solves because I am a complete noob haha. Let’s take a look!https://openpunk.com/pages/lua-bytecode-parser/Sun, 15 Sep 2019 00:00:00 +0000https://openpunk.com/pages/lua-bytecode-parser/So recently I’ve been getting back into Lua, my first scripting language. I’ve already done a series about manipulating the LuaVM, (which you can read here) but this time I was interested in the LuaVM bytecode, specifically the Lua 5.1 bytecode. If you don’t know what bytecode is or even how Lua works, here’s a basic rundown: LuaC is the Lua Compiler. Its job is to turn our human readable script into Lua Bytecode ready to be executed by the LVM (LuaVM) This bytecode is everything the LVM needs to run!https://openpunk.com/pages/manipulating-lua-vms-3/Sat, 24 Aug 2019 00:00:00 +0000https://openpunk.com/pages/manipulating-lua-vms-3/Now that we know how to find addresses of the lua C API in our client and how to capture a valid lua state, we can write our “exploit”. Let’s start with recapping what our end-goal is: We want to be able to run scripts that weren’t originally in our game. To do this, we’ve found where the Lua VM C API is, and even hooked lua_gettop to capture a valid lua state.https://openpunk.com/pages/manipulating-lua-vms-2/Fri, 23 Aug 2019 00:00:00 +0000https://openpunk.com/pages/manipulating-lua-vms-2/Last post we talked about why games use the Lua VM and how to find some key functions. The Lua VM runs everything based on a state. This state is basically the key to the kingdom, without a valid state with their custom API and environment on it, we really can’t do anything. Well that’s great and all, but how exactly are we going to get a valid Lua State??? How convenient of a question!https://openpunk.com/pages/manipulating-lua-vms-1/Thu, 22 Aug 2019 00:00:00 +0000https://openpunk.com/pages/manipulating-lua-vms-1/NOTE: 2022 Dec 1st – Roblox has changed a LOT even since I wrote this article. For example they’ve completely rewritten their lua implementation, not to mention I haven’t touched the current client in a while. Take the info in this with a grain of salt. Many games today rely on scripting languages and an internal API to interface with the game engine itself. One of the popular scripting languages used is the Lua language.