@mattcoley.bsky.social
https://github.com/Col-E/
I spent about two days learning and implementing atmosphere rendering for planetary views from space. The tutorials and other sources I found on it were prettty lacking in implementation details but I got there in the end. Too late now, but does anyone have any recommends? Should I write an article?
30.10.2025 18:43 β π 58 π 4 π¬ 6 π 2
Big box Tux Racer!!!! Wooooo!!!!
another excellent eBay acquisition
04.11.2025 03:05 β π 7 π 1 π¬ 0 π 0
I interviewed @mattcoley.bsky.social about #Recaf and his #JavaFX libraries. But unexpectedly, I got a deep-dive course on #Java byte code, obfuscated code, and how JARs can be (ab)used to hide their real code...!
www.youtube.com/watch?v=6NIJ...
More info: webtechie.be/post/2025-10...
If you're using the JavaFX "Flowless" library for virtualized controls and are observing sluggish performance, do not add stylesheets to the Virtualized Node. Add them to the Scene. I observed an immediate 10x performance boost by doing this.
24.10.2025 10:36 β π 5 π 3 π¬ 1 π 0The good news is, they reverted that 404 -> 403 option, and *some* of our projects updated to use Artifactory first instead of last.
24.09.2025 10:52 β π 1 π 0 π¬ 0 π 0Artifactory: IT was instructed to prevent crawling, so one thing they did was change Artifactory replying 404 for missing artifacts to replying with 403 (like all other urls on other services they ran)
Result: 403 kills gradle builds, so nobody used artifactory and if they did, they put it last.
I love reading these articles and thinking "Yup, that's us on the job. We're part of the industrial inefficiency complex"
Artifactory set up but nobody uses it? π
CI jobs with zero caching? π
+ they can recursively spawn other jobs? π
+ they can trigger from simple "fix typo" commits? π
Now Recaf 4X can inline return values of simple static methods (like a xor string decryption call in this case)
08.09.2025 08:42 β π 1 π 0 π¬ 0 π 0"Sideloading" is the rentseeker word for "being able to run software of your choosing on a computing device you purchased". There is no reasonable case for an operating system developer having a say over what programs you run on your hardware.
#Android #Google
Recaf's interactive deobfuscation window now lets you specify how many passes to run. For some obfuscation patterns that can't be one-shot in one linear pass (opaque control flow leading to more opaque control flow repeated N times) increasing the pass count to N+1 reduces it completely.
20.08.2025 10:59 β π 1 π 1 π¬ 0 π 0JavaFX now has a Headless platform.
bugs.openjdk.org/browse/JDK-8... is now Resolved!
Pfew, that took me 1 year, 5 months and 29 days. Goodnight!
#JavaFX #Java
Australia's decision to require age/identity verification, including facial scans, in order to do a Google search is dystopian.
We're watching the death of an open, anonymous internet, and the gradual takeover of information online by the state β under the guise of protecting children.
And from my last 𧡠here's the sample that had attributes lying about their lengths being patched automatically (amongst many other tricks).
05.07.2025 06:01 β π 0 π 0 π¬ 0 π 0Updates to how some of the transformers work has cleaned up the output on most obfuscated samples I have. Here's a demo on a Minecraft server plugin getting optimized back to almost perfectly legible source.
05.07.2025 05:59 β π 1 π 0 π¬ 1 π 0
The class file, being patched by CafeDude is not able to be loaded into Recaf
Anyways, Recaf will soon support loading these classes so you don't have to go through any of this pain like I did.
03.07.2025 23:10 β π 0 π 0 π¬ 0 π 0
A screenshot of classfile/classFileParser.cpp - line 2394 This shows the parser ignoring discrepancies in a Code attribute's reported size when verification is disabled. Showing the git blame for this line shows that it belongs to the first commit in the project.
The exact line in the Hotspot class file parser responsible for supporting this can be found here: github.com/openjdk/jdk/...
The code is so old it predates OpenJDK's git history. No, not moving to GitHub. Git. This code has been around since before they migrated to using VCS/Git. At least 18 y/o.
The AttributeReader for a "Code" attribute shows its expected content length is 163 bytes
A hex view of the class. A red rectangle shows where the Code attribute begins. An orange rectangle shows where the Code attribute reports it will end at (but is wrong). A blue rectangle shows where the Code attribute actually ends (26 bytes after the reported end). This discrepancy is supported because Hotspot's JVM source 'classfile/classFileParser.cpp' ignores the reported length for methods when launching Java with -noverify or -Xverify:none.
Here's the reported length in the attribute vs a hex viewer annotated with the relevant locations showing the discrepancy.
03.07.2025 22:56 β π 0 π 0 π¬ 1 π 0
The sample here reports the Code attribute has 163 bytes. But if you read the attribute fully (with spec complaint parsing) then you see that it actually is 189 bytes.
The trick here is for any Code attribute on a method, you shift your read buffer index to the actually red position.
I spent the whole day wondering why my parser wasn't reading this class only for it to be a hotspot implementation "feature" of -noverify/-Xverify:none
Honestly, fuck Hotspot sometimes. A method body can just *lie* about how long its data is. Obviously nobody who makes a class parser is going to be keen on this until they see it in the wild. Does the spec say anything about this? Of course not!
03.07.2025 22:40 β π 0 π 0 π¬ 1 π 0
The slides from our @reconmtl.bsky.social talk, "Breaking Mixed Boolean-Arithmetic Obfuscation in Real-World Applications" (CC @nicolo.dev ), are now online!
Slides: synthesis.to/presentation...
Plugin: github.com/mrphrazer/ob...
We're in the annoying/grift phase of AI hyped slop. You can toss something together, put it up on vercel, and paint the sleek "AI powered" marketing over the site, to make yourself a low-investment high return product. This "success" furthers the AI hyped slop bubble and encourages others to cash in
22.06.2025 01:47 β π 2 π 0 π¬ 0 π 0And most often, people don't care either. A lot of people using AI for code-gen are making low-stakes applications. Nobody cares if there's a security hole in a personal program, or if its a bit slow. When your app is simple and doable with common tech stacks it can get a fair portion done for you.
22.06.2025 01:41 β π 1 π 0 π¬ 1 π 0Getting tired of the "AI can generate code much faster than you" slogan. Most often, the problem is not generating code. The hard part is understanding the code. What is it doing, how and why? And is that what you expect it to do?
21.06.2025 10:04 β π 9 π 1 π¬ 3 π 0
99% success
Headless JavaFX platform passes almost all tests, with remaining failures being understood.
Time to bring this to the next step: mail.openjdk.org/pipermail/op...
If something terrible pops out at YOU feel free to open an issue. I have some scattered TODO comments but mostly for things that don't immediately affect my use cases (and thus I am putting off fixing until later)
20.06.2025 22:30 β π 0 π 0 π¬ 0 π 0
github.com/Col-E/BentoFX I probably will make more drastic changes somewhere down the line, but everything that irked me with the prior implementations is solved. So until I stumble upon something else that bugs me...
Anyways, if nothing terrible pops out at me, I may call this 1.0.0
Bento is used in Recaf to create the regions seen in the application UI. On the left there is a file tree with a tab titled "Workspace". On the bottom there is a logging console with a tab titled "Logging". In the center of the app is the display holding multiple tabs for classes decompiled by Recaf. In the currently selected tab's content there are "side-tabs" which show additional information about the class, like the fields and methods declared and inheritance structure.
A similar view to the prior image, except the workspace, logging, and tool tab displays have been collapsed to maximize real estate for the primary display holding decompiled classes.
Alright, I rewrote my #JavaFX docking framework, BentoFX, from scratch (again) after incorporating it into multiple projects and learning what the pain points were with the existing architecture.
Here's what Bento looks like in practice:
