As part of my obsession with the seminal Chinese blockbuster game Black Myth: Wukong, I've spent countless hours studying Chinese literature, language, and culture to better appreciate the rich lore and context of the story. This post serves as a record of my learning process, as well as a guide for other novice language learners seeking to immerse themselves in the refined beauty of Chinese literature.
The most hyped videogame release of this year might just be Black Myth: Wukong, a Chinese action RPG set in the fantasy world of Journey to the West. To improve my Chinese and be able to fully immerse myself in the game on release, I've been consuming anything I can find about it online. During public demos last year, players screen-captured a lore book called yǐng shén tú (影神图), an illustrated compendium of supernatural enemies encountered in one of the game's regions, Purple Cloud Mountain (紫云山). Here, I've translated the available compendium entries from the original blog post, with some help from ChatGPT.
Since quarantine days, I’ve picked up a lot of hobbies. And if you know me, you know I’m not overselling myself — try surfing, archery, sporting clays, golf, coral reef aquarium-keeping, climbing, skateboarding, skiing, and travel for a start…
Why? Full reasons unclear, but at least a combination of pure impulsiveness and a desire to challenge myself and become a more versatile person.
Along the way, I’ve survived some self-discovery and learned a lot about the process of learning. This post should hopefully spark some interest in my diverse activities and provide insights on how to pick up and enjoy new skills.
This original short story — about a rogue AI living in an Amazon-like datacenter — was inspired by brilliant research from several of my classmates at the MIT AI Lab during my undergrad. They showed the world that “machine learning” could just as easily be hacked as any other computer system, with fascinating consequences.
If you’re looking for a new fandom to obsess about in the new year, or just some entertainment to pass the time during quarantine, take a look at some of what I’ve discovered in recent games, books, TV, and films.
New year, new job, and now an all-new battlestation setup! You might know that I have an obsession with ergonomics and productivity boosting, and now that I’ve finally moved out of college dorm rooms, I went all out and painstakingly customized my work station to fulfill all my needs.
What’s even better, I did it on a low budget without any compromises. I really hit the sweet spot of cost effectiveness — either buying top-of-the-line when it was worth it, or getting better value from mid-tier products. The total came out to just under $2k and has absolutely everything you might want for maximum comfort during long hacking sessions.
In this post, I’ll break down the process of constructing my battlestation by discussing each component and giving tips on how to find the right equipment for yourself.
Perhaps the best investment that you could make in your own learning, knowledge retention, and organization is a good note-taking application. Over the years, I’ve dumped all of my accumulated knowledge about computer science, security, and technology into various note-taking apps, ensuring that I can easily recall information from the thousands of different sources that I’ve found useful.
This post will be a general braindump of the factors behind choosing a note-taking app, a shameless plug for my favorite one, Quiver, and an explanation of how I use a note-taking app effectively.
During a weekend hackathon with some of the Lincoln Lab maintainers of PANDA, I implemented a really useful feature — time-travel debugging!
As has been discussed in Ret2Systems’ great blog post, time-travel debugging is an invaluable tool in the reverse engineer’s arsenal. While Mozilla’s brilliant rr is the dominant choice for Linux user binaries and WinDBG Preview works on Windows binaries, PANDA can debug user and kernel space on both systems.
In this blog post, I’ll talk about the simple design behind reverse-execution and demonstrate its utility in root-causing a Linux kernel n-day.
The Three-Body Problem trilogy, by brilliant Chinese author Cixin Liu, is a triumph of human creativity that I’ve previously extolled as one of the greatest sci-fi epics of all time. This short story was written in 2016, and is based off of events in the spectacular final book, Death’s End.
Category: pwnable | Points: 124 | Solves: 49 | Challenge files
1
2
3
4
5
6
7
> checksec mario
[*] '/home/raywang/ctf/DEFCONQ2018/mario'
Arch: amd64-64-little
RELRO: Full RELRO
Stack: Canary found
NX: NX enabled
PIE: PIE enabled
This is a classic C++ menu challenge that features a UAF and heap overflow with a vtable pointer overwrite. The main heap techniques involve using a free unsorted bin chunk to leak a libc and heap address, as well as some feng shui to place an object in an overflow-able region on the heap. fortenforge, qzqxq, and I combined to reverse the binary and discover the 3 separate vulnerabilities.
I discovered my interest in film at the start of college. As an arts reviewer for The Tech, MIT’s student newspaper, I had the luxury of attending advance press screenings of big-name films like Suicide Squad and the final Hobbit film. But more importantly, my reviews cultivated an appreciation for the medium and an insatiable desire to experience all it had to offer. Since then, I’ve devoured films of all genres and eras, directors and actors, cinematographers and writers.
Thanks to Vlad Brown and Drawings Team for Russian and Uzbek translations.
In Fall 2017, I took MIT’s 6.826, Principles of Computer Systems, taught by Turing Award-winner Butler Lampson, Nickolai Zeldovich, and Frans Kaashoek. Despite its rudimentary title, it’s a grad class on building formally verified systems. Using the proof language Coq, we wrote specifications, implementations, and proofs of toy structures: a remapped disk, an atomic pair of blocks, and a replicated disk. We also read quite a few papers from the state-of-the-art in formal methods.
I went into the class believing that formal verification is the future — the only solution to a world of software ridden with bugs and security issues. But after recent events and a semester of trying to apply formal methods, I’m a serious skeptic. In this post, I’ll discuss why I think formal verification has a long way to go — and why it just doesn’t work right now.
In this post, I’ll walk through how to link an application against LLVM and show a simple usage of the LLVM McDisassembler API. It’s a little more complex that it seems, probably because there’s not many good resources for using this API.
I’m currently taking the Fall 2017 iteration of 6.826, Principles of Computer Systems. This class has been offered in various forms over the years, but this iteration is quite different. It focuses on formal verification of computer systems using Coq, a language for mechanical theorem proving.
The goal of this class is to write the spec, implementation, and proofs for a formally verified RAID filesystem in Coq, then generate Haskell code from it.
Into uncharted waters we venture… this set has some various problems about famous real-world vulnerabilities, and it was challenging. fortenforge and I worked together quite a bit to get through it.
I’ve been wanting to write this post for a while — here I’ll describe all the excellent customizations that I’ve accrued over several years of optimizing my Mac for speed and alleviating repetitive stress injury (RSI). If you’re a Mac power user, or if you make a living at a keyboard, you want to read this.
It’s always bothered me that MIT or MIT Lincoln Lab didn’t submit anything to DARPA’s Cyber Grand Challenge. With all the smart people, such as my advisor, Armando Solar-Lezama, working on program analysis and formal methods (which I currently know nothing about), I would have expected that we could create a strong Cyber Reasoning System worthy of CGC.
That’s sort of what I will be working on this summer at Lincoln and probably writing my thesis on. But I’m very new to the field and have just started diving in.
The last of the original crypto challenges… here we go!
Challenge 41 Implement unpadded message recovery oracleUnpadded RSA is homomorphic, meaning that, if operations like multiplication and addition are carried out on ciphertext, it is as if the same operation were applied to the plaintext.
Update 5/5/17: We qualified to DEF CON CTF 2017!!! We just got the email today! Congrats to everyone from Lab RATs, TechSec, and RPISEC that competed. Vegas, here we come!
Well, this was my first foray into the world of Rust, the systems language that is Mozilla’s precious baby. And what better way to learn this hip new language than to write an MITScript bytecode interpreter for Computer Language Engineering?
Rust was not gentle for this first-time developer. It does so much to protect you that my first attempt writing a few hundred lines of code resulted in the same number of compiler errors, and I needed a lot of help from my team to just get anything to compile. For this reason, it’s not great for iterating quickly if you aren’t very experienced already. But, I’m licking my chops at the fact that the end result will be much safer, and hopefully faster, than our classmates’ C++ compilers. This post will be about the struggles I encountered as a Rust newbie, as well as the fun of generating/interpreting MITScript bytecode.