Moved main repositories to github, the gitea instance is just a mirror (since github has some dumb outages every now and then)

main
CPunch 2 months ago
parent 538bc92f42
commit 7afd9fff6a
  1. 6
      content/journal/site-rewrite/index.md
  2. 4
      content/pages/dead-mans-hugo/index.md
  3. 12
      content/pages/obfuscation-in-c/index.md

@ -3,7 +3,7 @@ title: "Site Rewrite: From theme to lean"
date: 2021-12-07
author: CPunch
tags: ["hugo"]
repo: "https://git.openpunk.com/OpenPunk/openpunk"
repo: "https://github.com/CPunch/openpunk"
draft: false
---
@ -21,9 +21,9 @@ Another thing about using a Hugo theme is it doesn't force you to *learn* Hugo.
## The rewrite and some nice-to-haves
After deciding to get rid of my Hugo theme, I was forced to learn a lot more about Hugo than I had before. Writing my own [shortcodes](https://git.openpunk.com/OpenPunk/openpunk/src/branch/main/layouts/shortcodes), [section parsers](https://git.openpunk.com/OpenPunk/openpunk/src/branch/main/layouts/section), and of course the actual rendered HTML and CSS.
After deciding to get rid of my Hugo theme, I was forced to learn a lot more about Hugo than I had before. Writing my own [shortcodes](https://github.com/CPunch/openpunk/tree/main/layouts/shortcodes), [section parsers](https://github.com/CPunch/openpunk/tree/main/layouts/section), and of course the actual rendered HTML and CSS.
[One such shortcode](https://git.openpunk.com/OpenPunk/openpunk/src/branch/main/layouts/shortcodes/img.html) enables me to compress images into a more friendly format for your web browser automagically. This made sharing photos (and ultimately [/places/](/places)) a lot more intuitive and friendly for my servers bandwidth and yours! Having to compress my images manually is such a chore, but Hugo and this shortcode makes it as easy as adding
[One such shortcode](https://github.com/CPunch/openpunk/tree/main/layouts/shortcodes/img.html) enables me to compress images into a more friendly format for your web browser automagically. This made sharing photos (and ultimately [/places/](/places)) a lot more intuitive and friendly for my servers bandwidth and yours! Having to compress my images manually is such a chore, but Hugo and this shortcode makes it as easy as adding
```md
{{</* img image.png "q70 jpg" "alt-text" */>}}

@ -13,7 +13,7 @@ Okay... maybe not right now but who knows? It's unavoidable. No matter what diet
## Some background
OpenPunk (the blog that you're reading right now!) is statically generated from [this repository.](https://git.openpunk.com/OpenPunk/openpunk) There's a cronjob on my server that force pulls from the latest master branch and regenerates the hugo blog every hour or so. If you’re ever curious how long ago the current build of OpenPunk you’re reading was generated from, just check the datetime at the bottom of the page. The generated html is then served through apache and is also mirrored on a tor mirror. (`opnpnk6eutjiqy4ndpyvwxd5pncj2g2cmz6fkocr5uh3omnn4utvspad.onion` btw) To make a new post, I commit the markdown & images in the content/pages directory to the repository, and within an hour my live site will be updated. It's a very simple and elegant solution that works quite well with my workflow, I write posts locally and when I feel they are finished I simply commit and push.
OpenPunk (the blog that you're reading right now!) is statically generated from [this repository.](https://github.com/CPunch/openpunk) There's a cronjob on my server that force pulls from the latest master branch and regenerates the hugo blog every hour or so. If you’re ever curious how long ago the current build of OpenPunk you’re reading was generated from, just check the datetime at the bottom of the page. The generated html is then served through apache and is also mirrored on a tor mirror. (`opnpnk6eutjiqy4ndpyvwxd5pncj2g2cmz6fkocr5uh3omnn4utvspad.onion` btw) To make a new post, I commit the markdown & images in the content/pages directory to the repository, and within an hour my live site will be updated. It's a very simple and elegant solution that works quite well with my workflow, I write posts locally and when I feel they are finished I simply commit and push.
## Your trigger
@ -117,7 +117,7 @@ postTemplate='dead.md'
pageName='openpunk/content/pages/dead.md'
currDate=$(date '+%Y-%m-%d')
git clone git@git.openpunk.com:OpenPunk/openpunk.git
git clone git@github.com:CPunch/openpunk.git
cp $postTemplate $pageName
# replace our {{DATE}} with the current date

@ -2,11 +2,11 @@
title: "Laika: Obfuscation in Modern C"
date: 2022-05-21
author: CPunch
repo: "https://git.openpunk.com/CPunch/Laika"
repo: "https://github.com/CPunch/Laika"
tags: ["C", "reverse-engineering", "ida", "laika"]
---
Recently I've been working on a small passion project I've been wanting to do for a while. [Laika](https://git.openpunk.com/CPunch/Laika) is a malware written in modern C. I recently added some cool obfuscation features to the LaikaBot target. Let's take a look at how it works.
Recently I've been working on a small passion project I've been wanting to do for a while. [Laika](https://github.com/CPunch/Laika) is a malware written in modern C. I recently added some cool obfuscation features to the LaikaBot target. Let's take a look at how it works.
## Rough Idea
@ -30,7 +30,7 @@ While this works for obfuscating the strings from static dumping using something
## Mini VM
What if, we had a mini VM interpreter inlined into the function? This would become a mess in the pseudo-code of disassemblers like IDA or Ghidra. Thats exactly what Laika does! Checkout the tiny turing-complete vm [here](https://git.openpunk.com/CPunch/Laika/src/branch/main/lib/include/lvm.h). TLDR: We can implement tiny programs for the mini-vm to run, including our xor deobfuscation!
What if, we had a mini VM interpreter inlined into the function? This would become a mess in the pseudo-code of disassemblers like IDA or Ghidra. Thats exactly what Laika does! Checkout the tiny turing-complete vm [here](https://github.com/CPunch/Laika/tree/main/lib/include/lvm.h). TLDR: We can implement tiny programs for the mini-vm to run, including our xor deobfuscation!
The program blob looks something like:
@ -58,7 +58,7 @@ The program blob looks something like:
} \
}
```
> This is also [here](https://git.openpunk.com/CPunch/Laika/src/branch/main/lib/include/lbox.h) in the repository
> This is also [here](https://github.com/CPunch/Laika/tree/main/lib/include/lbox.h) in the repository
The program is a lot simpler than it looks, lets take it apart.
@ -90,7 +90,7 @@ We then increment both pointers, our in & out buffers, and test if the character
## Generating the blobs
Now what if we want to change the strings? That's a lot of manual labor in regenerating our data blob. Luckily for us, Laika also has a solution for that! The [VMBoxGen](https://git.openpunk.com/CPunch/Laika/src/branch/main/tools/vmboxgen/src/main.c) target reads our configured strings and generates a header file for our data-blobs *before* everything is compiled.
Now what if we want to change the strings? That's a lot of manual labor in regenerating our data blob. Luckily for us, Laika also has a solution for that! The [VMBoxGen](https://github.com/CPunch/Laika/tree/main/tools/vmboxgen/src/main.c) target reads our configured strings and generates a header file for our data-blobs *before* everything is compiled.
The strings the `VMBoxGen` target uses are from our `lconfig.h` file, which in turn is generated before compilation using cmake:
@ -209,4 +209,4 @@ You can see the whole vm was inlined into the function, this has become a mess.
## Conclusion
Obviously I left massive sections of code out to keep this brief, but of course if you're curious about any of the code, checkout the full repo for Laika [here](https://git.openpunk.com/CPunch/Laika).
Obviously I left massive sections of code out to keep this brief, but of course if you're curious about any of the code, checkout the full repo for Laika [here](https://github.com/CPunch/Laika).
Loading…
Cancel
Save