Polictf 2015 - 48 hours of Capture The Flag

Last weekend, I had the chance to once again participate in a CTF Security Tournament. Those tournament are very interesting since they serve as a way to test my knowledge, but also learn in a very fast way new thing. As such, I had to learn another type of VM that I never even heard of, QEMU. Luckily for me, QEMU was part of Arch packages and installing it wasn’t hard. But I still had to break through the Debian system in the VM, and find the binary to reverse. Sadly, I ran out of time before finding the flag. Nonetheless, it was a very fun experiment.

Isn’t capture the flag in FPS games?

When people hear capture the flag, they think an FPS game. And I can’t blame them. But no, that’s not what it is in this case. A CTF in security tournament is multiple security challenges where you have to find a flag that is identified by a unique string. That flag then gives you point based on the difficulty. The harder, the more points. The challenges can be of all kind: Reversing binaries, web security, forensic, and it keeps going. I personnally really like reversing challenges. What is also great with those challenges, is that they teach you new way to master the tools and software you may be used to use.

Polictf 2015

So last weekend, the CTF tournament I was in was the Polictf. Due to its nature of being online, people from around the world were able to participate. I am also very happy to say we finished 10th in the world, a team composed only of students. This experience was great, and I just can’t wait for the next one.

Having fun with a midi keyboard

So recently, I bought a great midi keyboard. The M-Audio Oxygen 61. Honestly, this keyboard is awesome. I love it. I’ve been playing with it non-stop ever since. And as a programmer, and mostly a game programmer in my spare time, I kept thinking about game music. One of the most important thing in a game in my opinion is the music. It makes the ambiance, create the feeling. It is underrated and is often overlooked. But that should not be the case. So what did you think I do? I made something. Some haunted house theme I guess. Enjoy.

PS: Yeah yeah, I know. This is a developement blog. And this post is not about programming. But must it always be about programming? Not really. This is for general stuff I make and think about. Though mostly related to programming and project, there is other thing I’m going to post, like this one.

A mix of C and C++

Oh the joy of mixing two different languages. Because yeah, even though C and C++ have a common root, it’s two different language with each their own set of functionnality. But why would I mix those two languages? Because I had to use a C library. Openssl to be exact. And god do I hate it right now. Not only because Openssl is quite frankly a mess, but also because the way C++ is made make it hard to have a clean code. And the person I am refuse to work with disgusting code. Knowing that C++ can throw, and how it handles the memory, I am making a wrapper around Openssl to be RAII compatible. Now that’s great, isn’t it? Well not really. Because of the very way Openssl is made, writing a nice and proper wrapper is much harder than expected. And once that is done, of course nothing works. Because Openssl is so complicated. Rant over.

Moral of the story: Kids. Don’t play with Openssl.

All aboard the message bus

Recently, I’ve been searching for different way to handle data through a game. How to pass in an efficient and beautiful way data to the differents module that can handle said data. And I remember a post I read here. Messaging bus is a nice way to handle data with minimal coupling. So I tried implementing a very basic and simple messaging bus.

Though I honestly believe the implementation and design could be better, it works. And I’m happy with the result. The code is available under zlib/png license so it’s freely usable by anyone.

Test your C++ code with Catch

I recently came upon the need to test some code, but I didn’t want to bother with doing manual testing. Hence, unit testing. It’s magic for real, when you have a nice system to do it. This is where Catch comes in handy. Catch is a very powerful testing tool for C++, that is header only. Now that is magic. No external library. And it’s only one header file. Even better. No? Yes.

Using Catch

Catch is easy, simple, and efficient. For real. I recently decided to test it on my small config class I made for my general utility library. Writing a test case is as easy as this:

Catch TestCase
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
TEST_CASE("RSM::Config", "[config]") {

RSM::Config config;

SECTION("Creating a config file from scratch") {
config.set("StringKey", "StringValue");

REQUIRE(config.hasConfig("StringKey") == true);

REQUIRE_NOTHROW(config.save("config.txt"));
}

SECTION("Loading a config file") {
REQUIRE_NOTHROW(config.load("config.txt"));

REQUIRE(config.hasConfig("StringKey") == true);

REQUIRE(config.get("StringKey") == "StringValue");
}
}

That’s it. This test the creation of a config file, and the loading of said config file. Compile, run, done. How hard can it be?

Onward to…

What comes out of this is the simplicity that I can make unit test for pretty much anything now, for all my projects. I intend to try myself at TDD eventually. I believe Catch is going to help me for that.