My blog

Main topics are reverse engineering, programming, math...

The posts:

08-Mar-2018Graph coloring and scheduling, part II
07-Mar-2018Graph coloring and scheduling, part I
03-Mar-2018Enumerating all possible inputs for specific a regexp using Z3 SMT-solver
26-Feb-2018Dependency graphs and topological sorting using Z3 SMT-solver
23-Feb-2018TAOCP 7.1.3 Exercise 203, MMIX MOR instruction and program synthesis by sketching
23-Feb-2018TAOCP 7.1.3 Exercise 198, UTF-8 encoding and program synthesis by sketching
21-Feb-2018School teams scheduling, Kirkman’s Schoolgirl Problem, etc
17-Feb-2018Numberlink (AKA Flow Free) puzzle as a MaxSAT problem + toy PCB router
12-Feb-2018Solving Numberlink (AKA Flow Free) puzzle using Z3
07-Feb-2018Simple logic synthesis using Z3: exercise from TAOCP
03-Feb-2018Travelling salesman problem using Z3
30-Jan-2018Simple logic synthesis using Z3; Apollo Guidance Computer
17-Jan-2018Hilbert’s 10th problem, Fermat’s last theorem and SMT solvers
16-Jan-2018Yet another explanation of modulo inverse using SMT-solvers
14-Jan-2018Simple adder in SAT/SMT
13-Jan-2018Yet another logical puzzle and SAT/SMT solvers
13-Jan-2018Multiple choice logic puzzle, and solving it using SAT/SMT solvers
01-Jan-2018ToySMT - simple SMT solver under ~1500 SLOC of pure C.
07-Dec-2017Ménage problem
05-Dec-2017Can rand() generate 10 consecutive zeroes?
05-Dec-2017Yet another explanation of modulo inverse
04-Dec-2017Coin flipping problem: Z3 and MaxSAT (Open-WBO)
01-Dec-2017Assignment problem and Z3
29-Nov-2017Stable marriage problem and Z3
23-Nov-2017Solving Killer Sudoku using Z3
23-Nov-2017Greater Than Sudoku
23-Nov-2017Kirkman’s Schoolgirl Problem
22-Nov-2017Magic/Latin square of Knut Vik design: getting it using Z3
15-Nov-2017Crossword generator based on Z3
14-Nov-2017Finding (good) CRC polynomial using Z3
11-Nov-2017Getting CRC polynomial and other CRC generator parameters using Z3
06-Nov-2017Factorize GF(2)/CRC polynomials using Z3
05-Nov-2017Yet another explanation of CRC (Cyclic redundancy check)
27-Oct-2017Alphametics and Z3 SMT solver
22-Oct-2017Explanation of the Least Common Multiple using Z3 SMT solver, etc
11-Oct-2017Explanation of the Greatest Common Divisor using Z3 SMT solver, etc
07-Oct-2017SAP cluster table unpacker
04-Oct-2017Proving sorting network correctness using Z3 SMT solver
30-Sep-2017Proving bizarre XOR alternative using SAT solver
29-Sep-2017Tiling puzzle and Z3 SMT solver
27-Sep-2017Balanced Gray code and Z3 SMT solver
24-Sep-2017Integer factorization using SAT solver
23-Sep-2017Integer factorization using Z3 SMT solver
20-Sep-2017Rubik’s cube (3*3*3) and Z3 SMT-solver, part II
11-Sep-2017Solving pocket Rubiks cube (2*2*2) using Z3 and SAT solver
13-Jul-2017Solving XKCD 287 using Z3 SMT-solver
11-Jul-2017Generating de Bruijn sequences using Z3 SMT-solver
02-Jul-2017De Morgan’s laws and decompilation
01-Jul-2017Zebra puzzle as a SAT problem
28-Jun-2017Simplifying long and messy expressions using Mathematica and Z3
26-Jun-2017Simplest SAT solver in ~120 lines
24-Jun-2017Cracking Minesweeper with PIN
19-Jun-2017Cracking simple XOR cipher with Z3
07-Jun-2017Eight queens problem in 93 bytes
03-Jun-2017Worst sorting algorithm I ever saw
02-Jun-2017Making smallest possible test suite using Z3
30-May-2017Using PIN DBI for XOR interception
13-May-2017Cyclomatic complexity
29-Apr-2017Recalculating micro-spreadsheet using Z3Py
12-Mar-2017Conway’s Game of Life and SAT solver
07-Mar-2017Cracking Minesweeper with SAT solver
05-Mar-2017Cracking Minesweeper with Z3 SMT solver
02-Mar-2017Cracking simple LCG PRNG
28-Feb-2017Symbolic execution and (amateur) cryptography
25-Feb-2017Text strings right in the middle of compressed data
09-Feb-2017Symbolic execution
15-Jan-2017Simple program synthesis using Z3 SMT-solver
05-Dec-2016"Reverse Engineering for Beginners" book in Farsi (Persian language)
05-Dec-2016Toy decompiler for x86-64 written in Python
10-Jul-2016Another loop optimization
29-Jun-2016C/C++ pointers: array as function argument
27-Jun-2016Overclocking Cointerra Bitcoin miner
13-Jun-2016C/C++ pointers: null pointers
02-Jun-2016C/C++ pointers: pointers abuse in Windows kernel
22-May-2016C/C++ pointers: yet another abuse
19-May-2016Weird loop optimization
08-May-2016C/C++ pointers: yet another short example
06-May-2016Breaking simple executable cryptor
06-May-2016Function arguments statistics
03-May-2016Simple encryption using XOR mask, part II
29-Apr-2016Simple encryption using XOR mask
22-Apr-2016Signed division using shifts
19-Apr-2016Bug in LZHuf.c by Haruyasu Yoshizaki
12-Nov-2015My new website about reverse engineering challenges/exercises/problems/tasks:
27-Sep-2015Some of git internals
27-Sep-2015Content-addressable storage
08-Sep-2015Typeless programming languages (BCPL, B), C evolution and decompiling
04-Sep-2015(Beginners level) packing 12-bit values into array using bit operations (x64, ARM/ARM64, MIPS)
26-Aug-2015Yet another compiler anomaly
26-Aug-2015Encrypted database case #1
22-Aug-2015De Bruijn sequences (solution for the exercise posted at 18-Aug-2015); leading/trailing zero bits counting.
20-Aug-2015Some parts of my Reverse Engineering book translated to Chinese.
13-Aug-2015Introduction to logarithms; yet another x86 reverse engineering exercise
23-Jul-2015Fuzzy string matching + simplest possible spellchecking + hunting for typos and misspellings in Wikipedia
22-Jul-2015Clique in graph theory
09-Jul-2015How RSA works
13-Jun-2015Modular arithmetic + division by multiplication + reversible LCG (PRNG) + cracking LCG with Z3
16-May-2015Tweaking LLVM Obfuscator + quick look into some of LLVM internals
13-May-2015(Beginners level) Analyzing unknown binary files using information entropy
25-Apr-2015(Beginners level) reverse engineering of simple fortune program indexing file
20-Apr-2015Using Z3 theorem prover to prove equivalence of some bizarre alternative to XOR operation.
21-Jan-2015Korean publication of "Reverse Engineering for Beginners" book is available for pre-order!
08-Aug-2014"Reverse Engineering for Beginners" free book news
09-Apr-2014Couple of win32 PE patching utilities
29-Mar-2014Cracking simple hash-function using Z3 SMT-solver
05-Mar-2014My "Reverse Engineering for Beginners" book
18-Feb-2014PE add imports
18-Dec-2013Convert to sparse file utility (win32)
16-Oct-2013Add import to PE executable file
15-Oct-2013New tracer features for software testing
19-Aug-2013Bug or typo or?..
03-Jul-2013"Quick introduction to reverse engineering for beginners" book update
14-Mar-2013"Quick introduction to reverse engineering for beginners"
14-Aug-2012Finding unknown algorithm using only input/output pairs and Z3 SMT solver
19-Jul-2012Three PoCs from CPUjul2012
17-Jul-2012CVE-2012-0072 PoC (fixed in CPUjan2012)
17-Jul-2012CVE-2010-0911 PoC (fixed in CPUjul2010)
23-Sep-2011Extreme hardening by code modification.
27-Jul-2011Dataflow tracker
27-Jul-2011Strings in Oracle RDBMS network layer
06-Apr-2011ops_SIMD 0.3
19-Jan-2011Oracle passwords (DES) solver updating to support AVX
14-Jan-2011Generic tracer 0.5 beta
07-Dec-2010Making C compiler generate obfuscated code
24-Nov-2010Oracle .msb files unpacker
31-Oct-2010Adding old dongle support to DosBox
29-Oct-2010Using debugging features of DosBox
10-Oct-2010Oracle passwords (DES) solver 0.2 (SSE2)
13-Jul-2010Tracing connection between TDW_NOCOMPRESS SAPGUI envrionment variable to bothering window and actual data compression routine
11-Jul-2010"QR9": Rubik's cube inspired amateur crypto-algorithm
07-Jul-2010About Oracle PL/SQL undocumented "interface" pragma.
07-Jun-2010SAP license + password checking functions...
07-Jun-2010Generic tracer 0.4
02-Jun-2010About SAP network packets decompressing and also SAP network password sniffing
24-May-2010PEEKs and POKEs in Windows x64?
15-Apr-2010My two oracle passwords crackers
06-Feb-2010Oracle RDBMS internal self-testing features
30-Jan-2010Random Oracle hosts statistics
26-Jan-2010Rendering data structures passed to functions as arguments
22-Jan-2010Metasploit plugin based on CVE-2009-1979
20-Jan-2010My Oracle TNS Listener rootkit experiment
19-Jan-2010My Oracle rootkit experiment
15-Jan-2010More information about CVE-2009-1979 (CPUoct2009)
24-Dec-2009Events checked in some major Oracle RDBMS versions
24-Dec-2009Radiohead lyrics in Oracle RDBMS code
22-Dec-2009Rare x86 instruction
06-Dec-2009FPGA-based Oracle RDBMS passwords solver
05-Dec-2009Generic tracer 0.3
30-Oct-2009CVE-2009-1979 PoC (CPUoct2009)
05-Oct-2009Oracle RDBMS passwords solver
24-Jul-2009CVE-2009-1970 PoC (CPUjul2009)
24-Jul-2009CVE-2009-1963 PoC (CPUjul2009)
24-Jul-2009CVE-2009-1019 PoC (CPUjul2009)
24-Jul-2009CVE-2009-1020 PoC (CPUjul2009)
21-May-2009Generic tracer
02-Apr-2009IBM DB2
07-Jan-2009CHANGE USER OPI call
04-Nov-2008Oracle SPY Events
29-Sep-2008Oracle RDBMS some internals info
25-Sep-2008Basics of C within the Oracle kernel.
04-Sep-2008Oracle internals
30-Jul-2008Oracle SPY
23-Jul-2008Intel(R) C++?
13-Jul-2008Network trace in Oracle RDBMS
13-Jul-2008malloc() comments
13-Jul-2008Solving Oracle passwords hashes using FPGA.
10-Jul-2008_disable_txn_alert undocumented parameter in Oracle 11g
26-Jun-2008Oracle X$KSMLRU fixed table
17-Feb-2008Oracle V$TIMER

Feel free to translate them to other languages, except Russian, please! Just ask me, I will prepare Russian version by myself.

Some of my other writings are: "Reverse Engineering for Beginners" free book,

All reverse engineering exercises are moved to separate website:

There are also some random notes at GitHub.

only search this site

Subscribe to the blog:

→ [list of blog posts]

Please drop me email about any bug(s) and suggestion(s): dennis(@)