Comment by userbinator
3 years ago
It's less than 8kLoC, including what seems to be a bunch of tests at the end, although much of the actual crypto appears to be done using the native advapi32/crypt32/ncrypt libraries. (For those used to OpenSSL, I suppose this could be compared to the libssl part of it.)
Yep, one of the features of VB was you could call into Win32 fairly easily.
I once worked with a guy who was a VB savant. He had reverse-engineered the DOC and PST formats in Visual Basic and was comfortable bit-bashing stuff in that environment. His higher-level code was really not good, that wasn't important to him, so he pasted stuff everywhere. Lost track, but hope he found his niche.
I think we all have similar stories of tools like VB being pushed far beyond their original purpose by someone with enough motivation, and creating perfectly functional, yet extremely unconventional code. Here's another example I found in my links of old interesting web stuff --- a server for the MMO Habbo Hotel, written by (at the time) a teenager:
https://files.johno.uk/habbo/h4bbo.net/archive/HabboStuff/Mo...
The most impressive 'pushed beyond it's limits' code I've seen is The trick's VB6 kernel mode driver. Yep, really. VB6. Kernel mode. You have to strip out the MSVBVM60.dll dependency, which dramatically limits what language features you can use, but it's possible, albeit for 32bit Windows only, of course.
https://www.vbforums.com/showthread.php?788179-VB6-Kernel-mo...
Inspired by that, I made a similar 'hello world' type kernel mode driver and in addition to the VB6 version, made a twinBASIC version, which can compile to x64 and run on current Windows. twinBASIC has no runtime dependency, so you can use far more of the language features, supports cdecl for calling dbgprint, and it has native support for putting APIs into the IAT so no TLB dependency and overriding the entry point so no special hack for that.
https://github.com/fafalone/HelloWorldDriver
I'm not nearly as brilliant as The trick or wqweto to figure these things out to begin with, but it's so much fun taking the techniques of these legends and running with them. Although I did claim the title of first to create a realtime kernel ETW event tracer, a notoriously unfriendly API that requires multithreading (possible in VB6 thanks to The trick et al, natively supported in tB via API for now, language syntax soon).
2 replies →
Wow, TIL Habbo still exists: https://en.wikipedia.org/wiki/Habbo
Oh boy, I remember when this came around. That was incredible to see come together.
The big lines of code in TLS is x.509 certificate parsing, and supporting multiple protocols. If you just want 1.3 and you've got existing cipher and certificate validation libraries to call, it's not too bad. There's some published test vectors to help you get the cipher setup right as well; it gets fiddly, but it's not going to be a lot of code unless you have an Object Extravaganza, and even then, still not too bad.
I implemented TLS without any external deps by supporting only mandatory stuff from the RFC specifications.
DER parsing here: https://github.com/mateuszb/tls1.3/blob/master/der.lisp
Elliptic curves here: https://github.com/mateuszb/tls1.3/blob/master/elliptic-curv...
Protocol records: https://github.com/mateuszb/tls1.3/blob/master/record.lisp
At the time I implemented TLS1.3 there was very little support for it and it seemed like a fun project. The parsing wasn’t the difficult part
Does supporting only the mandatory stuff give you acceptable compatibility in the real world, or do too many people rely on things that were supposed to be optional?
1 reply →
der.lisp is only loading a PKCS1/DER-encoded private RSA key, which is a far cry from certificate parsing. (And certificate.lisp just loads a blob.) Granted, for a server which doesn't support mTLS you don't need to parse certificates, or any other complex DER-encoded structures.
I don't know much Lisp, but your code is wonderfully readable! Great job!
1 reply →
Let's not forget the ~600 lines of type declarations lol...
To be fair, though, in C, those would just be hidden inside a header file, so you wouldn't notice them as much.