Ended buying a real fidget cube.

Nice to see that Antsy Labs now sells via a global distributor. The difference in cubes compared to my knockoff was obvious:

  • The switch is recessed deeper and has a rather nice satisfying click.
  • The ball bearing can be clicked in
  • The rollers are raised for more surface area
  • The circle wheel works properly and smooth
  • The joystick is more like a 3DS circlepad instead of a loose joystick
  • The 5 buttons on the bottom side each can be pushed differently instead of one way.
  • Build quality is greatly improved.
  • The real cube comes in a nice case.

For people wanting a video review, “Fidget Central” did a nice unpacking video of the real deal:

And here is a video (done by “The Coffee Apple”) of the brand of knockoff I also bought, called the “Gidget Widget”. Avoid at all costs. Heh.:




Spent a bit working on doing up a small shader editing tool, has the fundamentals of realtime shader editing.

Many things are missing:

  • Audio (FFT, playback, 4klang playback)
  • Widgets (progressbar, shader uniform editing)
  • Post processing (DoF/AA)
  • GNU Rocket integration

Update: The original developer noticed my IL level hacks and made them official in the next Monochrome version (and current private beta), with a configurable and hidden blacklist. Thanks to Piotr Pawlowski (foobar2000/ex official Winamp plugin dev) for this!

The following tutorial shows the very basics of .NET hacking.

This time, a practical real world application is used: modifying IL to self-censor content that is said and received on IRC. This was done by me to help eradicate possible sources of drama in my life (thus saving myself from an early death). Plus it gives people a possible relief from my ranting.

This tutorial will go through the basics of editing a .NET executable on a IL level using code decompilation/recompilation.

First of all, acquire dnSpy. It is a excellent debugger for .NET with extra capabilities for recompilation of CLR code.

The target used is Monochrome : I am well aware its GPL, but its good for a tutorial such as this, plus where is the fun in just recompiling the app?

Secondly, load up Monochrome in dnSpy:

You can see the various namespaces in use by Monochrome, thankfully its not protected. Various .NET based protections will scramble code making it harder to debug such applications, just like Denuvo and VMProtect with native C/C++ apps.

Next will take some time, to find some code that relates to what we want: basically we want to just limit what we can say and what we can receive. I did some looking around and funnily enough there is a C# class called “InputBox” in the code…

Suspiciously, there is some methods in there that look, well, suspicious :). sendinput() looks like a dead giveaway for something, so lets find out….

Press “Start” and click “OK” to start the debugging process.

To debug a class method, simply double click on the method. You can select breakpoints by double clicking the code line in the decompile.

To check if this method is responsible, I just typed into monochrome’s inputbox “test test test”. Instantly, the breakpoint is hit and….

We found our line. Now lets try editing the code of Monochrome so that it filters out what we type according to a filter list. Right click the code listing in dnSpy and click “Edit Class (C#)”

Here we see a decompiled listing of the code in the InputBox class. From here we can do edits to the source code.

Here I added a line so we can use the regular expression namespace and classes in .NET, which could be useful for text filtering.

In the sendInput method, I did some extra code which will be appended. The code basically looks for any mention of keywords in a list that are in the entered text. If they exist, they are rejected, otherwise, the sentences are rejected. Then click “Compile” to recompile the code. You may need to clean up any code errors the recompiler picks up, which are listed in the log.

To test our code injection, we save the module by going to File -> “Save Module”.

Then we just run the debugging process again, with the patched executable to test.

As you can see, the new code is in the executable, now time to test…..

No matter how hard I try, I cannot enter anything with the word “byuu” in it. It is not registered in the log, and thus, never sent.

Next is finding the code responsible for recieving entries in the channel view, ironically there is a class called “ChannelView” with the “addline” entries.

Which seems to fit the format of the text in the main log box shown earlier. Now is just a matter of adding code to filter lines based on content.

To make the job easier, just right click the code and click “Edit Method (C#)”. This will allow editing of just the code relevant for that particular function.

From there….

Make your alterations and then click “Compile”. Don’t forget to save the module again to save your patched code changes.

One thing I wasn’t sure of, is whether dnSpy allows realtime code editing and then rerunning of recompiled code. Feel free to correct me if it can, which will make imo, a great .NET assembly editor even better.



A while back I did some work with GlideN64 to perform noise emulation entirely on the GPU.

I stopped working on it. As usual, certain groups of people said this is due to “people being mean”.

So, today, figured I relook at it and see if I could improve on the implementation as last time and see if I can optimize the current implementation.

The implementation this time around is rather simple:

  • Use one line of GLSL for the actual noise generation
  • Scale the coordinates used for the noise seeding according to N64 resolution *properly*
  • Use prime numbers to seed the PRNG more.

This results in *8* lines of GLSL compared to *183* lines of C++.

The shader is as follows:



Lately I have been playing games after work and on my days off to pass the time. Most of the time its CSGO.

After around 150 hours, started to get better, never going to try competitive though. Still got a long way to go. Its nigh on impossible to play at night, due to medication completely dulling senses and response time. so only chance I can play is at morning and afternoons.

Recordings of other games might go up, depending if they have licensed music of course.

What happened:

  • Played Starcraft for a bit, up to the point of getting into Brood War.

So nice to be able to relax again. Been catching up on CSGO though, haven’t done much new videos.

  • Been working on and off on foo_dsp_effect, gave it its dedicated Git repository this time since I think its big enough for that. Started to add 3 other audio DSPs to the effect array.
  • Finally watched Ghost in the Shell, was a decent enough movie, to me at least.

  • Figured stopping doing Cemu cracking. Would rather do other stuff than constantly cracking the same thing over and over again. People still think I was paid by Exzap a fee to stop doing it, and people will just believe what they want to believe regardless of what was said.
  • That said, made the Cemu hack DLL open source. Figured it might be useful to whoever wants it. It still needs some things like checking memory page permissions as well as optimizations to the pattern search, as well as general additions for patching and inserting code caves.


This will be a basic primer in the bypassing of Cemu 1.74x/1.75 DRM. This is subject to change in future versions as Exzap fixes these vulnerabilities.

Tools used:

  • x64dbg with the SwissArmyKnife plugin.
  • MSVC2017 using MinHook (though I tried using libudis86 in the past)


1) Start by finding the 64bit hash, you can find it by finding out where the cpuid and harddrive hash meet, as well as the timestamp.

2) Make it always return 0

The function prototype for the hardware hash was found out through basic RE, not using a decompiler.

3) Using hardware breakpoints in the calls that use the 64bit hash method, try to find where the unregistered bytes are flipped and reset them back to known registered state. As in, trace when the 64bit hash fails.


4) Kill server calls. Plain killing all network related code is not enough. I found hooking some Wininet calls is enough to do it, though Exzap could detect hooks using some off the shelf protector or some own code.

I found redirecting to localhost is enough for the other network code to succeed.

The full sourcecode for this primer is here: https://github.com/mudlord/cemuhack

No, I wasn’t paid off.

Some of the reasons I stopped developing it are:

  • In my personal life, I recently found things that actually have more meaning than just repeatedly cracking the same thing over and over again. I rather focus on those things. I rather spend the time I have on things now I actually enjoy instead of cracking something I hardly use. Plus, I rather spend time doing things I actually enjoy with the time I have these days, like a normal person would.
  • I cannot fight Exzap, its clear pirating Cemu hardly made a dent in his profit base.
  • I learnt what I wanted to know from Cemu’s DRM system. I learnt a great deal about x64 reversing in the process and worked out some new ways for myself on cracking things.

Just from a traffic report for the month/week.

  • VBA-M is explained due to my avatars.
  • cs.rin.ru is fine, since I know there is a presence of some people who use Cemu there.
  • Yandex is probably some Russian forum, so, again, fine.
  • 4chan is, as expected.

What I don’t expect nor like is the adfly or zytpirwai links. Personally I wish those would go the heck away since I would rather they link to my blog like Reddit and cs.rin does. I wish there was a way to starve adfly links of oxygen.