My Profile Photo

Specter's Blog


A place for Specter's random ramblings and blog posts.


Other awesome blogs
  1. Rhythm (GH) Game Engine Part III - Chart Loading

    This post is in continuation of the “Rhythm Game Engine” mini-series. It’s been a while since I’ve posted a blog post, and I’d paused development on this game engine for a while as well. There were two reasons for that, one of which was my development was broken up by a trip to Vegas for DefCon 26. The other reason was this part of the game engine was very challenging mentally - this part being loading charts and moving the notes in sync with the song track. How do we map the notes to Z-positions so that they’re in-sync with the music? How do we calculate the rate at which to move the notes every frame to keep the track in-sync? All of these will be answered in this post. …


  2. Rhythm (GH) Game Engine Part II - Model View Projection

    This post is in continuation of the first post I wrote, “Writing a Rhythm (GH) Game Engine”. In that post, I talked about simply setting up the architecture of the basic managers (scene, model, and shader managers). In this post, I’ll detail the mathy pain and suffering that is Model View Projection (MVP)… just kidding on the pain and suffering part… kind of. …


  3. Writing a Rhythm (GH) Game Engine

    I’ve always been an avid player of rhythm games, more specifically, Guitar Hero. While the game is fairly simple in concept, in practice it can be quite challenging, and there’s always areas you can improve on. There are always more difficult charts to play, even for players who play on expert difficulty. Unfortunately, around 2010, the franchise was cancelled. With the economy being in the bad state that it was combined with corporate greed, the franchise wasn’t making the money it needed to survive (as you can probably tell - I like to pretend Guitar Hero Live doesn’t exist). …


  4. REBot - A Discord Helper Bot for Reverse Engineers

    A few months ago, I started realizing how much I was referring to assemblers and disassemblers for simple things, such as shellcode, gadgets, and other short code snippets. It also occured to me through other servers I was in, most notably the “Reverse Engineering” discord server, that sometimes terms and CVE’s would get mentioned that weren’t familiar to some other chat members. It was then that my idea for REBot was born - a bot that could assemble instructions, disassemble opcodes, and look up definitions and CVE’s on the fly. …


  5. PS4 5.05 BPF Double Free Kernel Exploit Writeup

    Welcome to the 5.0x kernel exploit write-up. A few months ago, a kernel vulnerability was discovered by qwertyoruiopz and an exploit was released for BPF which involved crafting an out-of-bounds (OOB) write via use-after-free (UAF) due to the lack of proper locking. It was a fun bug, and a very trivial exploit. Sony then removed the write functionality from BPF, so that exploit was patched. However, the core issue still remained (being the lack of locking). A very similar race condition still exists in BPF past 4.55, which we will go into detail below on. The full source of the exploit can be found here. …