Welcome to the Ministry of Hack. This is where I toss random hacks that typically took a weekend or so of work, and that I don't intend on maintaining, but I feel are clever enough to warrant a little writeup. Much of it is pretty ancient, and might suffer from extreme bitrot, but all of it did work at one point, I swear.
Pop quiz hotshot: You're on a bus with no Internet connection. You absolutely need to interface some new C++ code with a shoddy old C interface based on function pointers. The new C++ code makes heavy use of functors to carry state between call invocations. The C code must call these C++ functors by way of a function pointer, and only a function pointer. Your function pointer prototype cannot take any additional arguments for the class type. What do you do? What do you do...
This was an entertaining little one-off. Basically, it started with the l0pht announcing a sniffer detection utility on Friday, July 23, 1999. Coincidentally, I was bored late that night at the NCSA when I was reading their announcement, and decided I'd spend the night defeating their program. Normally I would have just went home, but when I realized that I could call my program The AntiAntiSniffer Sniffer, I couldn't resist. I worked through the night and the next day, and by Sunday, I had come up with something that in theory, defeated all of their methods of sniffer detection, 3 days before they actually released the detector.
As part of a CS397 project, I did a lot of research into the RC4 Stream Cipher just to try my hand at crypto research. I was supposed to be researching general wireless vulnerabilities, but I was obsessed. I investigated all sorts of attacks, weaknesses, formalisms, etc for the RC4 cipher itself. In the end, I decided the easiest new contribution would be to improve the bounds on the Knudson Attack on RC4 by implementing the state array as a probability distribution in order to find the exact distribution over the state table after the Key Scheduler ran, and then to use this to help Knudson's algorithm generate more accurate guesses. All said and done I discovered exactly what Aurther Roo surmised back in 1995, just months after the RC4 source leaked. This was when I decided that crypto research wasn't for me.
The point of this project was to write platform independent stack overflow shellcode using only a C compiler and no asm. I succeeded, almost. The compiled autocode.c file disassembles itself, and outputs working shellcode. However, the major drawback is that on x86 it doesn't seem possible to eliminate the 0's from the resulting instructions. I attempted to fix this by adding an XOR encoder, but the problem is even that contained 0's when it attempted to obtain EIP through the usual call mechanism. The offset to the relative call instruction contained 0s.. Oh well. It was a fun exercise.
This is another project inspired by the PosterChildren. I was listening to their song by the same name, and decided I felt like coding a visualization program for the Lorentz Strange Attractors. I also wanted to brush up on my NDE skillz, and so I implemented a vectorized 4th-order Runge-Kutta solver to plot the thing. This was actually a pretty ridiculous idea. I think I was on drugs or something.
See, now this is where I make up for comments like that Fisher Faces one. One weekend I was bored, and was reading some interviews by the PosterChildren. In one question, the bass player in the band, Rose Marshack, describes a way to divide a triangle a bunch of times to yeild an object with infinite parameter that still fits inside a circle with finite parameter. I decided this could be made to look like a rose, and the rest was history. Smooth eh? You know what's smoother? She's married. To the lead singer. (Who is also awesome).
Basically this is some Octave source code that implements both EigenFaces and FisherFaces for face recognition techniques, as well as a paper that describes the implementation details and provides a brief comparison. I didn't discover anything particularly interesting, but I did manage to replicate in one weekend a project that took the WCS a full year. Oh, and mine worked, theirs didn't ;).
Back in about 2002, I wrote a Linux 2.4.x device driver for a neat solvenian company in exchange for some of their equipment. You see, back in my more maverick and idealistic days, I was in to pirate radio. (I suppose by admitting this, I just blew my chances at getting an FCC license, but I don't foresee ever appling for one anyways). The prose below represents an idealism that to me now feels almost pointlessly quixotic (and I say this while volunteering to preserve Internet privacy! HAH!), but it was a lot of fun at the time, and still is quite informative for anyone who feels like tinkering with this stuff. It is a rare surviving excerpt from the fscked.org of 2002.
Perhaps the most amusing part of this whole project was when I interviewed at Microsoft for an internship. My last interviewer was a real clean-cut, stodgy, almost military-looking guy who didn't ask me any technical questions at all. Instead, he just grilled me about this project: why I did it, what it was for, if I thought it was a good idea, etc etc. I recall doing my best to answer his questions without getting into too many specifics. Whatever I said must have done the trick, because they actually gave me the job.