Computers and Programming

I've been into computers, tech, coding, and hacking stuff for a long time. I'll talk about it here and let you folks know what I'm up to in this field.

Exploit Development

These are tutorials and thoughts on attacking programs in their binary/executable form. We'll explore concepts like stack and heap overflows, format strings, return-to-libc attacks, off-by-one errors, and more.


During an off-day; I wrote a safecracking game that uses the Wiimote for input. By combining a cardboard box, plastic tube, water bottle and Wiimote; I built a dial control. It tracks the IR LEDs in the sensor bar (positioned about 4 feet away). The remote sends these coordinates to the PC by way of Bluetooth. My app then does some fancy trig math to figure out what angle the Wiimote is rotated and what dial graduation it is on. It then uses this in a simple simulation of a safe combination lock. The user can manipulate it using conventional methods (for an S&G 6730) to discover the combo and open it (indicated by a little message box for now). The contact points can be sensed through the fingers because the app tells the Wiimote to vibrate for a few milliseconds when passing over them. The next step is to find a real safe dial and attach it to the current dial. This would allow the player to crack the safe without even looking at the monitor (just you and the lock).

Update: Originally, the onscreen safe dial that rotates along with the dial controller was made of lines and labels. Not only did this not look very good, but the moving those labels around was a bit slow and jerky at times (Windows doesn't like to move controls around). Click the image to the left for a view of what the game looks like now. I used Blender to model a little safe dial+ring and then rendered 725 JPG images of it. Basically I told Blender to animate the safe dial rotating through 360 degrees and then save the ouput frames. My app uses the dial controller input to choose the frame of animation and displays that image (all 725 of them are preloaded at app-startup). The result is a good-looking 3d rendered safe dial that rotates smoothly and accurately as the player turns the real-world dial controller.

Update #2: I have zipped the app (including the safe dial images) and, with the help of What, uploaded it here. For now, this is only the executable for Windows (tested on Vista so far); I'll toss the source code up soon. In order to run this thing: Unzip the files into any old random folder and run the exe. Prior to that, you must make you wiimote link up with the PC by way of Bluetooth adapter. It must be recognized as a "Human Interface Device" by Windows. I went out and picked up a cheapie USB Bluetooth adapter and everything worked out fine. To get it recognized, I have to double-click the Bluetooth icon in the taskbar and then "Add a Device" while holding down the bottom two buttons on the remote (the lights on it will flash blue). Once the device is registered, it should notify you that it has been recognized as an "HID device". From here, just run the executable, point the wiimote at a sensor bar and give it a turn :-) Building a little safe dial mockup makes this much better; trying to spin the remote like a dial freehand is an exercise in futility. Here is the download link to WiiSafeCracking.

Also I'd like to thank Brian Peek for writing the library that made this all possible: WiimoteLib.