2024 Will Be the Year of the Blog

By David Buchanan, 31th December 2023

...or at least, it will be for mine!

Social media platforms come and go, but the one constant for me has been my blog. Same domain. Same URLs. Almost the same web design. It's been here since I started writing in 2018, and for that year I updated it regularly with CTF write-ups. Between 2019 and 2022 however, I neglected it, with only 2 posts for the whole duration.

The "death" of my blog was in part caused by the growth of my Twitter audience. Once I had a few hundred followers, and then thousands, the instant gratification of microblogging was too much to resist. At some point in Elon's pram toy ejection routine, it became clear to me that this had been a mistake. It was fun while it lasted, but so many of my achievements and ideas were (and still are) embedded in random Twitter threads. In late 2022, or maybe early 2023 (I can't remember the precise tipping point), I decided I needed to fix this, and that I should put more energy into blogging again.

I published 8 blog posts in 2023, with several more drafts in the works, and I feel like I'm getting back into the swing of things. I hope this is a trend that continues for me in 2024.

There are so many of my "old" projects I never got around to documenting or explaining fully. Candidates for future (re)appearances include:

  • Documenting my PNG MD5 hashquine.

  • Documenting my .tar.zstd hashquine (spoiler alert, there's also a zstd-flavoured ZIP hashquine hiding in there too, waiting for me to write the code to reveal it).

  • Talking about my 6502 SBC, and the weird assembler I wrote for it.

  • Some meta-commentary on the RootMyTV exploit, and the wider webOS homebrew community. I'm only a small part of the overall picture, but I think my work on RootMyTV played a significant role in catalysing the current homebrew scene, and I'm proud of what's been collectively achieved there.

  • Publishing and documenting my "RF to root" exploit chain for LG smart TVs, which goes all the way from broadcast TV signals transmitted from an SDR, to remote root code execution (tl;dr: HbbTV + V8 n-day + LPE. If you have a smart TV, you should disable HbbTV).

  • Explaining how to predict and/or manipulate the outputs of XorShift128+ RNGs, and CRC checksums (it's mostly the same math for both!) These are not new ideas, but I think it's something I can put my own spin on.

I'm inevitably forgetting a lot of things here, and I have many more projects sitting around waiting for completion—not to mention all the new projects I'll start in 2024!

Something else I'd like to do is get something published in a zine. tmp.out, phrack, and Paged Out are all on my radar for potential submissions.

I feel the reflexive urge to write a conclusion here, but I don't have one yet. Watch this space!