#SlackathonMTL

Hey there! Been a while hasn’t it? So what has been up with me? Well I’ve been pretty busy with school and work, but that’s the usual. What I’m writing about is the event that occured last week-end. I’m talking about the hackathon organized by GSOFT, the #SlackathonMTL. The hackathon theme was very simple: For a better workplace. And as you may have figure out already, the hackathon revolved around Slack. In fact, we had to make a SlackBot for Slack that respected the theme. In a total of 24h. From Saturday 9:30AM to Sunday 9:30AM. And wow, we did good.

Here comes Schedulo

For our bot, we decided to tackle a specific problem that arise in every organisation, the struggle of setting up meetings. We figured out that when you want to schedule a meeting, as soon as you need more than 3 persons in that meeting, it gets painful to setup. Finding the right moment that everyone is free, for how long, etc. is not easy. And the more people that needs to be in the meeting, the more painful it gets to organized. And this is where Schedulo comes in play. Our bot uses natural language processing to analyse what is going on in the conversation and figure out that you want a meeting. It tracks specific keyword to be sure he won’t start the process of a meeting for nothing. And once it starts the process of a meeting it’s very easy, Schedulo will pull out the calendar of the different members in the channel that could be useful in the meeting and find the best moment that a meeting could be scheduled for the team members. And if somebody can’t at that moment for whatever reason, he can say it and Schedulo will find another moment that fits the best for everyone. And once the everyone is happy with a date, it put the meeting diretly in your calendar. That simple.

The challenge

Now, unlike most hackathon in which I took part, this one focus was more on the marketing and sale than on the code itself. But we didn’t know that before end and so we arrived 4 programmers, ready to rock the code. That hurted us, because we had to do a pitch sale and present the project in front of two judges to go to the final round, and present in front of everyone. Thankfully, a member of our team was good enough to make a nice slideshow and did an incredible job to sale us, because we got into the final round, with 5 other bots. Sadly, we didn’t win. We got a special mention from the judges though.

While I’m sharing the website of the project, please keep in mind we had no designer. Yes the landing page is a disaster. Gotta deal with it! Come and see Schedulo!

On such, have a nice day friends!

Ubisoft Mtl Game Lab Competition 2016

Wow! What a few crazy months it has been. I didn’t see the time pass by. To be honest, I’ve been very, VERY occupied in the last few month. School took the usual toll but this time I had also something else: The Ubisoft Mtl Game Lab Competition 2016. This competition organized by Ubisoft Montreal is simple. Each team has 10 weeks to make a game prototype that follow multiple constraint and a common theme. And each team are composed of up to 8 students currently in enrolled in a University. Well, I’m proud to say, we did it.

The constaints

Like I said, the game had multiple constraints and a specific mandate:

  • Have two systems that interact with each other
  • Have three game mechanics that interact with the systems
  • Have an evolutionary progressive curve
  • Checkpoints
  • Elements of physics
  • An element of AI
  • The game must use either Unity3D or Unreal Engine 4
  • The game must be rendered in 3D
  • The avatar must be visible on screen
  • Have at least 10 minutes of gameplay
  • The use of a gamepad is mandatory

And the theme was Ocean.

Astral Tides

This is our game. Three programmers and five artists contributed to the game. The concept is simple: You’re an astral being that realises that the stars of the constellation starts to fall in the arctic. You decide to take the shape of a wolf to go in search of the stars. To help you in your task, you can control the tides to solve the different puzzle that you will come across. Our systems were the water tides and the water streams.

For more information, make sure to take a look at astral-tides.com. A build will soon be put available for people to play.

Finally, here’s a small gameplay footage.

Thanks and have a nice day folks

Advent of Code 2015

So here I am, not far from Christmas and wondering what to do. And that is when I find this marvelous thing call Advent Of Code. It’s a countdown to Christmas and offer a different programming challenge for every day until the 25th. So I thought, why not participate in this. It’s a good occasion to learn some new tricks, new language, to experiment in some funky way and be creative. And if you guys want to see how I do it, just go take a look at my repository on github.

On such, have fun and have some nice holidays.

Hackfest 2015

Last weekend was the Hackfest 2015 in Quebec City. A cybersecurity meeting with multiple conferences concerning different security issues and flaws. Most of those conferences were interesting and showed some very interesting technique and technology. But the thing that was the most interesting to me was the CTF.

A very much network oriented CTF

The CTF was not like other CTF I did. Most challenges were network oriented, and this is not the kind of things I’m really interested in. But I guess it was a good occasion to learn and practice. Which is why I’m going to talk about a specific challenge on which I needed to get a shell through a website, giving me access to the server behind it.

Poping a shell

Here’s how it went. Basically, we had a website with multiple pages. There wasn’t much we could do on those, but there was one specific page where we could upload our resume. This to me rings, here’s my entrance door. Now how to exploit this? The first thing that came into my head was to upload a php file where I would have a simple shell_exec('ls') to see what could be done. Now the server refused the file since it’s extension was not pdf. Alright, let’s change the extension and see what happens. Uploading the php file with the extension .pdf works. Great. That means I can put anything in the file, as long as it fits the pdf extension.

After a little bit of search, I found out the files were uploaded to /uploads of the website. Now I know where to go to execute the code. But loading my uploaded php/pdf file does not execute the code. It thinks it’s a pdf file, and just tell me the pdf is corrupted. How to fix this? This is the moment where using Burpsuit is usefull. Using Burpsuit, I could change the extension after server validation to .php. That still failed though. But the extension .php4 was not. Changed the extension to that, load the file in /uploads, and BAM! got my shell.

After that, it was just a question of finding the flag. Doing ls showed a file call flag.php. That was it. Doing cat on it, outputed the content of the page, and in html comments was the flag. Success.

Local Hack Day 2015

Hey there peeps, today is the local hack day. It’s a 12h hackaton. Basically, you program whatever things you want, as long as you have fun and learn. So I’ll probably be live tweeting throughout the day. Be sure to follow me on twitter: Twitter Handle

Have a nice day!

Program on Photon

Been a while heh?
So I’ve been fairly occupied in the last month, with work and school starting. But one thing I had the chance to work on is the latest toy from Particle: The Photon. Though the performance are not incredible, for the price, it’s incredible. This little thing is really nice, and you flash it over the air. Actually, this thing stays connected on the internet and you can interact with it from anywhere, as long as you have access to the particle dashboard and services. I really suggest that you guys try it.

So what did I do with it?
Well as some of you know, I’ve been working on home automation devices for the past few month and we thought that this little thing could really help. Attaching a Zigbee radio to this thing, I was able to set up a whole network and control system for the Zigbee devices. And what is really nice is the fact that it’s really lightweight and small. It doesn’t take any place at all and only require a small micro-usb connection to power up.

So yeah, try it!

GitLab + Jenkins + CMake = Party!

Oh the joy of deploying an automated build system. I mean, how I hard can it really be? Well harder than it looks. Now don’t get me wrong, most CI(continuous integration) system are well done and make it easy. But when you need to test on multiple system at the same time, with very subtle difference, you end up with no system almost that can really fit your needs.

Now what I wanted was setup a full CI with GitLab. The first thing I obviously tried was GitLab-CI. That would have been too easy. Even if I don’t talk about the non-understandable error 500 I kept getting, I was stuck on a old version of GitLab, making it impossible to really make it work with GitLab-CI. Next? Well an obvious choice was Jenkins. It’s popular and has a lot of plugins and support. Let’s try this!

Oh god, why did I do that. Now don’t get me wrong, I got Jenkins running fairly fast, and using a few plugins such as the CMake and GitLab plugins, I was able to get it running. But only for one platform. The issue is, I needed a distributed system that build on Linux, Mac, and Windows. Where is the problem? CMake. CMake requires you specify the generator for the project. But Jenkins allows me to only configure one CMake generator. So it’s either Visual Studio generator for Windows, or Unix Makefiles for Linux and Mac. Making it in the end fail, but just because the CMake plugin is too dumb. Now I could program another plugin and allow multiple generator, but that would be way too much work. What to do?

I thought I could easily set up multiple installation of Jenkins instead, and just tell GitLab to tell all of them when a commit is pushed to the project. I was more or less right. I can do that in GitLab. But Jenkins ignores the request for somereason. It really wants to be configured as a CI system in GitLab, else it won’t work. But there is a workaround. Dirty, but it works just fine and is not really a problem. How did I do it? Well normally in GitLab you would set-up a web hook like this: http://myJenkinsServer:8080/job/MyProject/. And with the CI configuration done in Jenkins and GitLab, this would trigger the thing correctly. But since I couldn’t do that, I found that you can basically write anything has a web hook. Here’s what it looks like instead: http://myJenkinsServer:8080/job/MyProject/build?delay=0sec. See what I did that? I scheduled a build to be executed in exactly 0 seconds. Making it right now. So whenever a commit gets pushed to GitLab, the web hook is called. Jenkins is going to ignore the data that is sent at the same time, but is going to trigger a build, running the test and doing everything I need. All I have to do is have this web hook set up for my different projects, and for the diffrent platforms. No biggy there.

tl;dr: Had to setup CI with GitLab. Did it with Jenkins. Used a workaround to scheduled a build every commit instead of automatic trigger on commit getting pushed. Works and we’re happy.

Polictf 2015 - 48 hours of Capture The Flag

Last weekend, I had the chance to once again participate in a CTF Security Tournament. Those tournament are very interesting since they serve as a way to test my knowledge, but also learn in a very fast way new thing. As such, I had to learn another type of VM that I never even heard of, QEMU. Luckily for me, QEMU was part of Arch packages and installing it wasn’t hard. But I still had to break through the Debian system in the VM, and find the binary to reverse. Sadly, I ran out of time before finding the flag. Nonetheless, it was a very fun experiment.

Isn’t capture the flag in FPS games?

When people hear capture the flag, they think an FPS game. And I can’t blame them. But no, that’s not what it is in this case. A CTF in security tournament is multiple security challenges where you have to find a flag that is identified by a unique string. That flag then gives you point based on the difficulty. The harder, the more points. The challenges can be of all kind: Reversing binaries, web security, forensic, and it keeps going. I personnally really like reversing challenges. What is also great with those challenges, is that they teach you new way to master the tools and software you may be used to use.

Polictf 2015

So last weekend, the CTF tournament I was in was the Polictf. Due to its nature of being online, people from around the world were able to participate. I am also very happy to say we finished 10th in the world, a team composed only of students. This experience was great, and I just can’t wait for the next one.

Having fun with a midi keyboard

So recently, I bought a great midi keyboard. The M-Audio Oxygen 61. Honestly, this keyboard is awesome. I love it. I’ve been playing with it non-stop ever since. And as a programmer, and mostly a game programmer in my spare time, I kept thinking about game music. One of the most important thing in a game in my opinion is the music. It makes the ambiance, create the feeling. It is underrated and is often overlooked. But that should not be the case. So what did you think I do? I made something. Some haunted house theme I guess. Enjoy.

PS: Yeah yeah, I know. This is a developement blog. And this post is not about programming. But must it always be about programming? Not really. This is for general stuff I make and think about. Though mostly related to programming and project, there is other thing I’m going to post, like this one.

A mix of C and C++

Oh the joy of mixing two different languages. Because yeah, even though C and C++ have a common root, it’s two different language with each their own set of functionnality. But why would I mix those two languages? Because I had to use a C library. Openssl to be exact. And god do I hate it right now. Not only because Openssl is quite frankly a mess, but also because the way C++ is made make it hard to have a clean code. And the person I am refuse to work with disgusting code. Knowing that C++ can throw, and how it handles the memory, I am making a wrapper around Openssl to be RAII compatible. Now that’s great, isn’t it? Well not really. Because of the very way Openssl is made, writing a nice and proper wrapper is much harder than expected. And once that is done, of course nothing works. Because Openssl is so complicated. Rant over.

Moral of the story: Kids. Don’t play with Openssl.