Year: 2017

How to get the real require function in Node.js, when using a bundler

Recently I wanted to create a JavaScript module that would use the zlib module in Node, and fallback on pako in browsers. Seems simple enough, but actually proved somewhat difficult. Browser bundlers rewrite the CommonJS require function and by default shim the Node built-in zlib module with a less-performant pseudo-asynchronous pure-JS implementation. So how can we accomplish this you ask?

Is your captcha system secure? sure isn't

Recently I was asked if is still secure today. My guess was it probably was not very secure, when compared to the fuzzy text of reCAPTCHA, but I wasn’t sure by how much, so I decided to look into it a bit more.

As you may know, Google has deprecated their old reCAPTCHA V1 API, in favor of their new reputation and image recognition based system. Apparently this may also in-part be because advances in text recognition software is starting to make the fuzzy text challenge obsolete.

As a research experiment, I decided to try my hand at solving captchas with only software, and see how well I could do.

A Silly Anti-Disassembly Trick

Recently while reverse engineering a piece of malicious macOS software to study what exactly it does, I noticed something odd in the binary. There seemed to be a little signature or message in the binary.

(c) 2014 - Cryptic Apps SARL - Disassembling not allowed

Adding a needed feature to Node.js's zlib module

Necessity is the mother of pull requests, so that’s what I did.

As you may know, Node.js is the JavaScript web server. As such, one of the necessary features for it to have is a zlib compression and decompression module. That module is actually pretty neat. It features both a syncronous and an asyncronous API backed by native-code which makes it much more efficient than JavaScript-based alternative.