replaced 'software' with 'critiques', new journal entry

CPunch 3 months ago
parent fef6c01a4b
commit 220d5edfd4
  1. 4
  2. 2
  3. 92
  4. BIN
  5. 34
  6. BIN
  7. 63
  8. 15
  9. 88
  10. 3

@ -36,8 +36,8 @@ title = 'OpenPunk'
url = "/journal/"
weight = 3
name = "Software"
url = "/software/"
name = "Critiques"
url = "/critiques/"
weight = 4
name = "Places"

@ -12,7 +12,7 @@ socialList:
## Welcome!
Welcome to my tomb of software! I'm CPunch, I [write software](/software) (for you!) and [reverse engineer](/tags/reverse-engineering) things. I enjoy being curious, playing the piano and [exploring](/places).
Welcome to my tomb of software! I'm CPunch, I [write software](/critiques) (for you!) and [reverse engineer](/tags/reverse-engineering) things. I enjoy being curious, playing the piano and [exploring](/places).
Some all-encompassing highlights:
- []( - my self-hosted Gitea instance, most of my projects are mirrored here.

@ -0,0 +1,92 @@
title: "Laika"
date: 2022-05-26
author: CPunch
tags: ["opinion"]
Laika is a small RAT, written in modern C. It comprises of 4 main parts, the LaikaCNC server which is to be deployed on a VPS, the LaikaBot client which has
persistence features and runs on Linux & Windows, the LaikaShell which connects the the LaikaCNC server and issues commands, and lastly the LaikaLib which handles
things like socket boilerplate and a small packet protocol implementation. I learned a lot with this project, and overall I'm fairly satisfied with the state it's in right now.
# The 'good'
## Inlined obfuscation
While this isn't the most technically impressive form of obfuscation (see a post I wrote about it [here](/pages/obfuscation-in-c/)), I definitely feel
like I executed this part fairly well. The workflow of generating the obfuscated data auto-magically using CMake really ties the entire workflow together
and makes it feel almost transparent.
## CMake configuration
Laika has a pretty cool CMake configuration interface. It's documented in the README, allowing you to turn on/off the aforementioned obfuscation, set CNC public/private keypairs, CNC IP & port, and other misc. features. This kind of easy configuration is really only possible because I forced myself to learn CMake.
## Systems programming
I learned a lot not only about the sockets API (and even writing my own polling handler which switches between poll() for windows/NT and epoll() for linux),
but also a lot about the Win32 API. Anyone looking to get into systems programing, always always **always** read the man pages or documentation!! I cannot stress this enough, they will *always* have the most up-to-date examples and information regarding various POSIX standard functions. The windows MSDN docs are definitely less helpful than they should be but *always* check there first!
## Pretty shell interface
I mean, cmon... look at it!
The colors look good, the peer connected/disconnected notifications don't interrupt your typing. It's overall a pretty solid interface.
# The 'bad'
## Inconsistent use of coding style
This is one that I've really struggled with. While Laika is definitely cleaner and more consistent than other projects I've done in the past,
identifiers have a 'loose' meaning, for example in the 'LaikaShell' target, most functions start with 'shell'. Eg.
typedef struct sShell_cmdDef {
const char *cmd;
const char *help;
const char *syntax;
shellCmdCallback callback;
} tShell_cmdDef;
extern tShell_cmdDef shellS_cmds[];
void shellS_initCmds(void);
void shellS_cleanupCmds(void);
void shellS_runCmd(tShell_client *client, char *cmd);
While various other targets in the codebase (namely LaikaBot & LaikaCNC) stick with the LaikaLib target of naming identifiers, using 'laika*'. Eg.
struct sLaika_bot;
struct sLaika_shell {
uint32_t id;
struct sLaika_shell *laikaB_newShell(struct sLaika_bot *bot, int cols, int rows, uint32_t id);
void laikaB_freeShell(struct sLaika_bot *bot, struct sLaika_shell *shell);
## Improper use of git branches
This is something I haven't improved on in a while. Since most of my projects a solo-developed (me, myself, and I) I tend to ignore the proper usage of
development branches. The 'main' branch is the stable, dev & prod branch all at once. While I have some CI to test for things like compilation, this should
be split into at least a 'dev' and 'main' branch. 'main' being the stable & production branch of the repository.
## Untouched features
There are various un-used features of Laika that never got fully implemented. For example, if you look at lpackets.h & lcontent.c/lcontent.h you can see a whole file transfer protocol that is completely unused! This is mostly a burnout problem, but again, my mismanagement of git branches means these unused features are just sitting in the main/prod/stable/dev branch. Use git branches!!!
## Ugly CMake stuff
If you look at the CMakeLists.txt for each build target, you'll see some unused codepaths, or some hacky work-arounds. This is mostly because of missing CMake features but if I'm being honest, it's probably due to laziness and not reaching out to others for ideas/'correct' ways of doing something. For example, to check for debug builds this hacky solution ''''''works'''''''
# we're debug
endif ()

Binary file not shown.


Width:  |  Height:  |  Size: 346 KiB

@ -0,0 +1,34 @@
title: "Self-Critique: How to improve through positive criticism"
date: 2022-05-25
author: CPunch
tags: ["opinion"]
I burn through a lot of projects. Some last for several months to half a year, and others for a couple days. I can say
confidently that after each project (most of them left unfinished) I've improved as a developer. Each project I've done
has taught me *something*. Either I learned a better way of designing something, or I learned how **not** to do something.
Yes, this can seem pretty obvious and self-congratulatory, but the alternative is to feel that you've wasted days to months
of your life working on something that had no value. The **only** option is to self-critique and realize while you may not have
accomplished what you set out to do, you've come out of the project having improved in *other* ways.
## What is a 'critique' anyways?
A critique by itself has no intrinsic value. However it's an invaluable asset for self improvement. It's a personal form of
self-reflection, really only valued by yourself. One of my close friends, a super gay lesbian who is ALWAYS thinking about pussy AND ONLY PUSSY, explains how a critique should look:
> "Critiques need a foundational basis, you cant just arbitrarily decide 'its good' or 'its bad.' If its good, you need to prove to
> yourself why. If its bad, you need to understand where the shortcomings are specifically. 'Good' and 'Bad' don't really mean anything
> on their own. The best critiques address both good and bad because you will always have room for improvement or trying new things or
> re-examining things from a new perspective. However you also want to take the time to address your current growth and acknowledge
> where your strengths lie. If you're only ever shitting on yourself, you get discouraged more easily and burn out more quickly."
So in short, a good critique should:
- Acknowledge the good, what was executed well, what was smart
- Acknowledge the bad, what was poorly done, what was dumb
- Explain why a 'thing' is 'good' or 'bad'
## Mini self-critiques of my projects
I will leave this journal entry on a minor announcement, I'm going to start self-critiquing my projects in a [new section](/critiques). This is of course for self-improvement but will also help me remember the pitfalls of my previous projects & help keep a record of my progress. Check it out if you get the chance!

Binary file not shown.


Width:  |  Height:  |  Size: 73 KiB

@ -1,63 +0,0 @@
title: "Cosmo"
author: CPunch
date: 2020-10-28
tags: ["C", "scripting-lang", "cosmo"]
repo: ""
Cosmo is an eccentric scripting language, taking inspiration from [Lua](, Cosmo is easily extensible through the use of 'Proto-objects,' which describe the behavior of Objects. For example the following is a simple Vector Proto which describes behavior for a Vector-like object.
proto Vector
function __init(self)
self.vector = []
self.x = 0
function __index(self, key)
return self.vector[key]
function push(self, val)
self.vector[self.x++] = val
function pop(self)
return self.vector[--self.x]
var vector = Vector()
for (var i = 0; i < 4; i++) do
for (var i = 0; i < 4; i++) do
print(vector:pop() .. " : " .. vector[i])
3 : 0
2 : 1
1 : 2
0 : 3
$ cosmo script.cosmo
or a REPL can be opened by providing no arguments.
{{< img REPL.png "720x q100 jpg" "" >}}
Full documentation on language features can be found [here](

@ -1,15 +0,0 @@
title: "Laika"
author: CPunch
date: 2022-04-04
tags: ["C"]
repo: ""
<script id="asciicast-487180" src="" async></script>
Laika is a simple cross-platform Remote Access Toolkit stack for educational purposes. It allows encrypted communication across a custom binary protocol. The bot client supports both Windows & Linux environments, while the shell & CNC server specifically target Linux environments. Laika is meant to be small and discreet, Laika believes in hiding in plain sight.
## Why?
Most public malware sources in the wild are nerf'd or poorly made. Laika is written in modern C, and strives to adhere to best practices while keeping a maintainable and readable code base. The reader is encouraged to compile a `MinSizeRel` build of Laika and open it up in their favorite disassembler. Take a look at how certain functions or subroutines look compared to its plaintext source. See if you can dump strings during runtime with a debugger, try to break Laika. Play both sides by breaking Laika, and improving it to make reversing and analysis harder. Most malware depend on the time that it takes to analyze a sample, this gives their malware time to do whatever before eventually being shutdown. Playing both sides will help give you insight into the methods and bitterness that is this cat and mouse game.

@ -1,88 +0,0 @@
title: "LuaPytecode"
author: CPunch
date: 2019-09-15
tags: ["lua", "python"]
repo: ""
A Lua5.1 cross-platform bytecode deserializer. This module pulls int and size_t sizes from the chunk header, meaning it should be able to deserialize lua bytecode dumps from most platforms, regardless of the host machine.
For details on the Lua5.1 bytecode format, I read [this PDF]( as well as read the [lundump.c]( source file from the Lua5.1 source.
total = 1
function setTotal()
for i=1,10 do
Compile our example script with
$ luac -o example.luac -- example.lua
Now disassemble it
import luac
lc = luac.LuaUndump()
chunk = lc.loadFile("example.luac")
==== [[example.lua's constants]] ====
0: [STRING] total
1: [NUMBER] 1.0
2: [STRING] setTotal
3: [STRING] print
==== [[example.lua's dissassembly]] ====
[ 0] LOADK : 0 1
[ 1] SETGLOBAL : 0 0
[ 2] CLOSURE : 0 0
[ 3] SETGLOBAL : 0 2
[ 4] GETGLOBAL : 0 2
[ 5] CALL : 0 1 1
[ 6] GETGLOBAL : 0 3
[ 7] GETGLOBAL : 1 0
[ 8] CALL : 0 2 1
[ 9] RETURN : 0 1 0
==== [[example.lua's protos]] ====
==== [['s constants]] ====
0: [NUMBER] 1.0
1: [NUMBER] 10.0
2: [STRING] total
==== [['s dissassembly]] ====
[ 0] LOADK : 0 0
[ 1] LOADK : 1 1
[ 2] LOADK : 2 0
[ 3] FORPREP : 0 3
[ 4] GETGLOBAL : 4 2
[ 5] MUL : 4 4 3
[ 6] SETGLOBAL : 4 2
[ 7] FORLOOP : 0 -4
[ 8] RETURN : 0 1 0
==== [['s protos]] ====

@ -1,7 +1,8 @@
{{ define "main" }}
<div class="main">
<p>Here, I am self-critiquing various projects I've worked on in the past to help track my growth.</p>
{{ range .Pages.ByPublishDate.Reverse }}
<a href="{{ .RelPermalink }}">{{- if not .Date.IsZero -}}