I've Moved! - November Status Update

Dec. 3, 2020 Update 2 min

Hey! It's the third of the month and the perfect time to write a status update for the last. The snow has fallen, the skies have darkened, and I've moved from theavid.dev to fluix.dev. To be honest, there's only a small number of reasons for this:

  1. I didn't really like the names TheAvidDev and theavid.dev
  2. fluix and fluix.dev are shorter
  3. See 1. and 2.

Overall, the new site contains the same information, albeit with styling changes and simplifications. There's still a blog and a list of projects with a new miscellanious page for random other information such as tools I've used, some recommendations, and more places to find me. An RSS feed is also still available for those that prefer it. From the technical side, I've switched to using Hugo and storing the posts in indvidual files, instead of in a database with Django. I've also setup Nginx …

View more

Sway Borders and Art - October Status Update

Nov. 5, 2020 Update 4 min

Hey! I'm writing this just after publishing my first package on the AUR, sway-borders-git. Over the past week, I've done some important work to improve sway-borders1 and get it ready for packaging. As promised in my original PR to upstream, different classes of border textures are now supported for different container states (focused, focused_inactive, unfocused, urgent). While cleaning up the rendering code, I've also fixed a long-standing bug with floating containers having only one border drawn. While certainly a little stressful, I'm happy to contribute to the AUR and hope to continue doing so in the future. Go try it out:

git clone https://aur.archlinux.org/sway-borders-git.git
makepkg -si
sway

Continuing with a little more Sway, I've gotten my graphics tablet working and decided to try my hand at a little bit of digital art. Here are my attempts at some crystals which I drew …

View more

This is late... - September Status Update

Oct. 19, 2020 Update 3 min

Well, school has begun, work has been done, and as the title says, this status update is rather late. It will also include my work over the extra half month of October, so the next update will be rather short (or who knows, maybe I'll get a lot of work done).

Getting right into it, since winning the KuriusHacks 2020 hackathon, we've been helping the Kurius team on their new initiative titled HackItForward. Its goal is to get developers to create projects and connect with organizations which are trying to solve challenges affecting the world. It's still in the very early stages of development, the largest project I've worked on with others I know, and the first project I'm the maintainer of. This has proven to be quite a great learning experience, especially in terms of project maintenance.

Moving on to some new stuff, I'm beginning my work on …

View more

Sway Fork and Hackathons - August Status Update

Sept. 3, 2020 Update 4 min

It's the first week of September, the air is getting colder, and the winds are getting stronger. There's also been some beautiful lightning storms that have lit up the sky late into the night and early hours of the morning. But back on topic, it's time for another status update to talk about what I've been working on in August and what I plan to work on in the coming month.

Let's start off with talking about Sway. It's a wonderful Wayland compositor which I have been using for the past few months and have thoroughly enjoyed. However, it does lack some more aesthetic features like rounded borders, drop shadows, and transparent window blurring. While I personally didn't have much interest in these features,1 I wanted to learn some C so I took up the challenge of making customizable window borders which would allow for some of these …

View more

DMOJ, CTFs, Sway, and More - July Status Update

Aug. 1, 2020 Update 5 min

It's the early morning of August 1st as I write this, in a style unlike any other post on this website. This will be the first in a series of monthly posts (status updates) talking about what I've worked on throughout the month, what I want to work on in the future, and what's going on in my life at the moment.

Let's start off with this site itself. I've worked on the codebase significantly and redesigned it for a more technical theme -- with lots of inspiration from emersion. No Javascript either! I've written four writeups this month to total 9 blog posts since I started writing and I think I've come up with a more concrete plan for the future. Alongside these monthly updates, posted either at the end or early start of a month, I will be making writeups for only the CTF challenges I find …

View more

My First ROP Chain - HacktivityCon 2020 Static and Dynamic Writeup

July 31, 2020 CTF 6 min

Hacktivity CON 2020 was a CTF my team and I participated in and finished fourth, one place away from the prize pool. It was a great CTF and we all learned a lot while having quite some fun. One of the pwn challenges, "Static and Dynamic" was my first experience at a Return Oriented Programming (ROP) Chain exploit, so let's break it down.

Description

Starting up the program, we can see a simple prompt that takes in a user input and segfaults if it overflows.

This is a really big binary. Hope you have everything you need ;)
tttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttt
[1]    247339 segmentation fault (core dumped)  ./sad

Looking at this executable in radare2 we find that there's a buffer of length 0x100 and the return pointer shows up after another 8 bytes of padding. By showing the memory maps (with dm) after runtime, we can …

View more

pwn intended - CSICTF 2020 Writeups

July 28, 2020 CTF 7 min

My team and I participated in csictf 2020 and enjoyed it quite a bit. This blog post will be a writeup of the pwn-intended-0x1, pwn-intended-0x2, and pwn-intended-0x3 problems. Once again this writeup is released really late, but maybe it'll still be useful to some -- or just a good read.

pwn-intended-0x1

The writeup for this challenge will be more detailed, in part because I want to understand how the stack is used in assembly. This challenge can be trivially solved by just bashing the keyboard. Hopefully this deeper explanation will provide more insight into the lower level computation. WIth that, let's begin.

For this challenge we are given an executable which asks for some input on startup. Let's decompile it with r2ghidra-dec -- a Ghidra decompiler integration into radare.

View more

Intro to Binary Exploitation - DMOJ CTF 2020 Writeups

July 27, 2020 CTF 12 min

This blog post covers the solutions to the binary exploitation problems of DMOJ CTF '20. If you want to try the problems by yourself, either before or after reading this writeup, the links are below:

These problems are relatively simple and cover some of the most basic techniques when it comes to binary exploitation so don't be scared to give them a try. All of these techniques can become very useful later down the line and are often used as part of larger, more complex exploits.

View more

Mars University - FAUST CTF 2020 Writeup

July 26, 2020 CTF 5 min

FAUST CTF 2020: Exploring Planet Mars was my very first experience at an attack & defense CTF and I really enjoyed it. This writeup is coming out quite late, but I wanted to write about one of the problems I helped in solving, alongside Evan Zhang, and the rest of my team.

Description

marsu was a service that consisted of a Django web server which allowed users to create accounts, projects, and "pads" within these projects -- sort of like smaller notes within a larger notepad. When viewing a project, all the pads and their content were shown. These pads contained the flag which the gameserver added and could only be viewed through a project.

Below is the code that creates a project and adds the pads the user selected into it. Keep in mind that the pads have already been created as Django models and there's nothing …

View more

Periculum - Final Project

June 14, 2020 Java 9 min

Check out this project on Github!


As I write this, we are well underway to finish our final project, a game called Periculum, by June 15th. The basis was as follows:

The goal of the game is to survive in contagion environment — an ongoing virus exposure in unexpected places and unexpected ways. In order to survive the player first must learn how to navigate the given environment/setting. The player skills will later be tested in a level which will be filled with life endangering traps which he/she has to avoid or eliminate.

Research

The first step in developing our game was to do some research on the setting in which our gave will take place — a miniature university campus. The player will walk around and make choices that will affect the ending of the game.

View more

Object Oriented Programming

June 13, 2020 Java 14 min

We'll all heard that Java is an Object Oriented Programming language, but what does tha really mean? It means that everything in Java is part of an object, sort of like a container, that holds variables and methods which get executed. These objects can interact with one another to perform various tasks created by the programmer.

Classes

Classes are created by the programming as blueprints from which objects are then made. The basic definition for a class in Java is the following:

public class Name {
    // All code in here
}

Technically, classes can also be private or protected but these (specifically private) are much rarer because it limits where a class can be accessed. The creation of an object is done using the new keyword as such:

new Name();

What parameters this takes in and how to use this new object is explained in further sections. …

View more

Searching and Sorting

June 10, 2020 Java 9 min

Sorting

Sorting is the process of arranging a set of data into an ordered sequence. Most commonly, this is done with numbers in either ascending or descending order, but can also be done on other types of data such as strings. In the real world sorting is used in a variety of tasks, from attendance lists, to databases, and even to improve searching speed (something we will cover in the second part of this tutorial).

Throughout this tutorial, we will be primarily sorting numbers because they are easier to work with. We will also be sorting them in ascending order, as shown in the example below:

{5, 4, 2, 1, 3} in to {1, 2, 3, 4, 5}

View more

Arrays and ArrayLists

June 7, 2020 Java 12 min

Arrays

Arrays are one of the most important data structures in programming of any kind. In Java, they allow one to store many objects in a single variable, indexed using an unsigned integer always starting at 0 and progressing to one less than the number of elements in the array.1

One example of where an array would be useful is handling the students that are present within a classroom.

Creating an array


Declaration

The syntax for declaring an array in Java is quite simple:

type[] name;

This declares an array of type type and name name. The [] are used to define that this is a 1 dimensional array. For an example of declaring an integer array called numbers, we can do the following:

int[] numbers;
View more

How a Bad Random Number Generator Froze Sway

May 21, 2020 Wayland 6 min

Several months ago, I made the decision to switch from the i3 window manager which uses the X display protocol to Sway which uses the new Wayland protocol. This decision was based off the fact that I had display-specific workspaces were quite buggy in i3 and because I wanted to try something new. At first it went well, really well in fact — workspaces worked perfectly and any tearing I used to have was nonexistent.

All was going well until the last week of April after I updated Sway and rebooted. Sway instantly froze on the startup and kept keyboard input. After some investigation, I found that Waybar seemed to be the problem. Removing it from the config let Sway startup and work normally... or so I thought. Randomly, Sway would completely freeze, the same way that it did on startup, so it was time to debug.

View more