Jump to navigation Jump to search

Here's a (rather incomplete) list of some of the stuff I've worked on over the years.


Project Legilimensia

Project Legilimensia was a Harry Potter-themed MUD run by a group of people loosely affiliated with MuggleNet. The MUD was based on the Dawn of Time codebase, a MERC/CircleMUD/DIKU derivative (and therefore also written in C). My main contribution was adding support for Wizarding money (Galleons, Sickles, Knuts). This also included a couple of attempts to write my own codebase from scratch and my first foray into network programming in C.



kmemcheck was a patch I wrote for the Linux kernel that attempted to mimick what Valgrind and memcheck do for userspace programs: find uses of uninitialized memory, but for the kernel itself. It was pretty slow and had some severe limitations because of the way memory accesses were trapped; basically it was taking a page fault and a single-stepping debug exception for every heap access. Eventually the whole feature was obsoleted by proper instrumentation added by the compiler itself (in particular ASAN and MSAN).

RGBDS (GameBoy)

During one particularly slow day in June 2009, I decided to see if I could do some programming for my GameBoy. I had looked into this years before and not really gotten very far, mostly because I was using DOS and did not have an Internet connection at home. Anyway, I looked up the old tools and one of the most popular assemblers for the GameBoy was the RGBDS -- the "Rednex GameBoy Development System". I think the code had worked on Linux already at that point, but the age of the code showed a bit, so I spent the day trying to make it build on Linux and cleaning it up a little.

I got a few drive-by contributions to my repository over the years, but several years later I became aware that somebody had forked my GitHub repo and picked up the slack (and development continues to this day):

2D stylophone

I adapted a Wacom tablet with a custom layout and used a custom program to convert tablet input into a MIDI source which was also hooked up to a software synth. Here's a very bad demo recorded on a 2010-quality webcam:


I made a few tangential contributions to the Bitcoin code back in 2011 when GPU mining was all the rage:

Password manager

I made a password manager in JavaScript that would generate unique, per-website passwords without storing anything either locally or on a server:

I'm not sure I can really recommend the use of this, since it has some potentially-questionable cryptographic code, in particular the use of base64 to convert a random binary string into something that is useable as a password. It also doesn't really have enough hashing rounds to prevent cracking, but you can't really go very high (in terms of number of rounds) in JavaScript before it starts to get noticeable.

Master thesis

Despite the overly optimistic/pretentious title ("SAT-based preimage attacks on SHA-1"), I did not find any actual (real-world) attacks. My thesis was more about investigating the possibilities and limitations of using SAT as a method for approaching SHA-1 preimage attacks. Oh, well, I can't change the title now. In any case, I did manage to improve on the (at the time) current literature by finding a new way to encode full-adder circuits.

Here is a very concise (but detailed) description of my improvements to the CNF encoding of full adder circuits:

The really nice thing is that the SHA-1 SAT instance generator I wrote for my thesis actually ended up being used by the people who put the final nail in the coffin for SHA-1 by finding an actual collision:

I also wrote a SAT solver for my thesis, but it ended up not being part of the thesis itself. I now use it mainly as an example of really bad C++ code.



Around 2016 I got really interested in fuzzing stuff using AFL and tried applying it to a bunch of software. I wrote a few blog posts about it:

Together with Quentin Casasnovas I also adapted AFL for the Linux kernel and we gave a talk about Linux kernel filesystem fuzzing at Vault (Linux Filesystem and Storage) 2016:

Known Exploit Detection


In 2017, taking inspiration from Jonathan Blow (and his programming language, Jai), I decided to set out in earnest to create my own programming language and compiler as well. I've always been fascinated by programming languages and this was something I had wanted to do for a long time, but somehow I always got stuck on stupid problems right in the beginning (such as e.g. solving shift/reduce conflicts in a grammar file).

2018 onwards

In July 2018 I became a father and subsequently had a lot less time to work on my programming projects.