blug

The "What's the trick?" Dilemma

Frequently, I see students asking questions more-or-less along the lines of “What’s the trick for this problem?” with the assumption that for every type of problem, there is a ready-made trick to that allows said students to get the answer quickly – essentially asking for a full solution that is copied for a similar problem that “requires” the same so-called trick. The reason this annoys me is that it fosters an environment where problem-solving and understanding are discouraged and rote memorization is encouraged.

While this rant is primarily aimed at poorly-implemented pedagogy in mathematics, it applies to pretty much every other subject as well.

Killing Threadtear's Sandbox

Full PoC w/ abitrary code execution: Link to Issue

Update: The vulnerability has been partially fixed; however, the patch unintentionally removes desired functionality as stated here.

Not too long ago, I was casually perusing my way through GitHub and found the Threadtear Java bytecode deobfuscator. For those of you who don’t know, I have a strong interest for Java bytecode-related projects — especially when deobfuscation and obfuscation are involved.

There’s a warning on the README.md of the repository which specifically informs the user it is possible to successfully execute arbitrary code through the deobfuscator for malicious purposes. So of course, I decided to take up the challenge and create a proof of concept of an ACE exploit in Threadtear.

Math Obfuscation of Java Bytecode

Earlier today, I visited the Tigress C obfuscator website today (I haven’t for awhile) and it looks much nicer now ;). Anyways, something that particularly interested me was Tigress’s page on EncodeArithmetic. Since I, a maintainer of a Java bytecode obfuscator, am always looking for cool things to try, found the book they linked of interest.

Ice Cream in Isolation

Isolation. The fearful enemy.. the enemy who takes away the feeling of life. Together with COVID-19… a powerful couple which completely drains even the strongest of all purpose. Every day we spend in isolation is another day we spend our short lives doing nothing. However, a worthy opponent approaches! And that worthy opponent is… salted caramel ice cream! Oh, how salted caramel ice scream is so brave… it fights off the possessiveness of isolation and restores life to us all! Salted caramel ice cream is our true hero in these dark times.

Thank you for attending my TED talk. Have a good night folks!

Unpacking Odin Minecraft Anticheat

Edit: This JAR was protected with the Paramorphism Java obfuscator by Anthony Som.

Edit #2: Removed JAR link at request of the author.

While this JAR wasn’t too hard to poke around in and figure out what is going on, I found this one of the more unique obfuscations I have seen in attempting to prevent Java reverse-engineering.