Projects

A selection of open-source projects from my Github profile

custom vm emulator and debugger
Morse code web radio
Infrastructure
Students management system
Parsers in exotic languages
Sailing regattas Android app
Older projects

Custom VM emulator and debugger

I’m currently following pwn.college, the Arizona State University course on binary exploitation. The reverse engineering challenges are obfuscated with a vm-based custom architecture called yan85. Although this wasn’t stricty required to solve the challenges, I implemented a yan85 emulator, assember, disassembler and a TUI debugger that simplified the reverse engineering process

Screenshot of a terminal showing a Textual User interface resembling a debugger. the terminal is split in two vertical sections. on the left there is a hexdump, on the right there is a disassembly listing. an ascii arrow points to the current instruction. At the bottom there is a row showing the values of some registers: registers A,B,C,D have a value of 0. register s has a value of 0x5, register f has a value of 0x6, which corresponds to the flags EZ. In the same row, there is a summary of the debugger commands: (s: step, r: reverse step, c: continue, ctrl-c: quit )

The tools are available on github. I doubt that they will be of use for anyone, since all challenges can be easily solved manually, and the time required to customize this code is longer than the time required to solve a challenge.

At the moment i’m still following the course, and practicing binary exploitation by playing CTFs. All my experiences on this subject are documented in these articles

Morse code web radio

This is an old project I started in 2018, during my first years of high school.
It’s a realtime morse code chat, currently used by hundreds of radio amateurs around the world to practice morse code. You can try it live on morse.halb.it. The code is available on github.

Screenshot of a webapp. it's a chat, where all text is in morse code. At the bottom there is a single key. At the left side of the chat there is a panel: it shows two online users, one is typing. at the bottom there are some sliders, labelled: wpm, receiver volume, key volume. There is also a switch labelled 'show letters', and a settings buttom

It’s clearly a pretty niche project, but it has the advantage of being large enough to cover all main areas of web development: It requires websocket communication, authentication, a database, settings synchronization, custom code and ux for the morse chat.
For this reason, I’ve used it over the years as a playground to test various web technologies.

It went from being a php + vanilla js web app in 2018 to being a react+redux monstruosity in 2021, hosted on an equally complex kubernetes cluster. Keep in mind that these were simpler times, I was not working, and I wanted maximum complexity as the main requirement just for an extra challenge.

Infrastructure

Between 2021 and 2022, driven by a curiosity to explore modern infrastructure and DevOps practices, I containerized all my projects on Github and integrated CI/CD pipelines based on Github actions.

I also took the cursed decision to move everything to a self-managed, single-node k3s cluster, running on an OVH vps provisioned through Ansible scripts.

A diagram of a CI/CD pipeline involving github actions, a docker registry, argoCD and kubernetes

For a while, the cluster successfully hosted all my personal projects. SSL certificates were managed by Cert-manager, and Traefik served as the ingress controller.
I also efficiently handled metrics and logs using a Loki-Prometheus-Grafana stack, and managed Continuous Deployments with Argo CD.

After a year of infrastructure experimentation, i got a part-time job as a backend and cloud infrastructure developer. At my job I was already managing unnecessarily complex k8s clusters and pipelines every day, so I got rid of my personal cluster.

Currently, all my projects are hosted on a Hetzner VPS. Each project is packaged with a Docker-compose file, and deployed using Ansible. Everything is tightly integrated with a control plane running Traefik, a Grafana-Prometheus-Loki stack, and various other utilities. The code for this infrastructure is publicly available on github.
I’m working to put everything into a public template that will simplify the process of running personal projects on a vps.

Students management system

I started this project in 2020, in the last years of high school. The website is still online on pinboards.halb.it, and an archive of the code is available on github

Screenshot of the landing page of pinboards.halb.it

This web app was designed to simplify a critical issue:
In my high school, most professors followed the common practice of scheduling weekly oral tests. It was a feared activity, worsened by the fact that the victims were usually selected randomly. It was only towards the final years that they started to allow volunteers, aware of the time it took to properly prepare for a test.
This shift meant that with a bit of organization, we could schedule all our oral exams weeks in advance - A significant improvement in our quality of life!

Whenever a professor announced the start of an oral test season, they typically provided details about the days of the week and the expected number of volunteers.
The class then gathered around a large cork pinboard, sketched the tests calendar with the empty slots to fill, and started the complex process of finding the optimal candidate for each slot. The process vaguely resembled traders fighting on an stock exchange floor.
Everyone had other oral exams, personal issues and countless other hard constraints that made this problem difficult to solve by hand. The web app successfully solved the problem.

Screenshot of the pinboards web app. It shows a calendar, with names in each slot. the calendar is labelled 'Inglese', and has an orange background. There are other calendars with other colors, that are minimized.

Parsers in exotic languages

Back in February 2022, I took a course at my university titled Programming Languages, which I particularly enjoyed. A more fitting name for the course would have been Exotic Programming Languages, as it focused on relatively obscure programming paradigms.

Railroad diagram of the URI ebpf grammar

The final project consisted of implementing an URI parser in both Lisp and Prolog. There were some extravagant requirements: the code had to be written exclusively in Emacs, with a line limit of 80 columns, or it would be disqualified.
With that said, it was one of those rare situations in software development where all the project requirements were defined in advance; we had a detailed description of the grammar to implement and an extensive set of tests the professor would use on the code.

You don’t get that many chances in life to practice pure test-driven development: I took a couple of days to write a ton of unit tests in Python, including tests for Emacs-like code formatting and for the 80-line limit. Then, together with two other classmates, we started the development. It was a pretty satisfying experience to know that when all tests passed, you had the certainty of a full grade.

The code for the parsers and the language-agnostic unit tests is on github

The emacs code formatter tests could still be of use to some fellow UniMib student looking to develop the project in vim, or some other editor forbidden by the emacs church

Sailing regattas Android app

This was yet another university group project, that took an unconfortable amount of my time back in 2022. Our task was to develop an Android app in Java, adhering to Google’s recommended best practices.

some screens from an android app. The first screen is a login form. The second screen shows a list of regattas. The third screen shows the same page as the previous one, but there are no regattas, and a placeholder text is shown instead. The text says: 'There are no regattas. Regattas are interactive sailing courses that you can design and manage in real time with others. Create a new regatta with the create new regatta button.' The last screen shows a nautical map. a compass on top is pointing north, and a large text says 'Buoy stacchetto 40° N' On the map, a flag connected to a long line is overlayed on top of the water

We decided to create an app for managing sailing regattas. It featured a nautical map displaying a customizable regatta track and provided real-time updates on the position of buoys and support boats.

Android java development can be a scarring experience when your requirements are to follow Google’s best practices to the letter. Navigating through layers of outdated Java app development practices proved to be far more complex than any webpack-react-redux or other convoluted web projects I’ve encountered. I still have flashbacks about fighting ViewModelProviderFactory patterns, broken xml layout editors, and LiveData mixing with rxJava

The fact that i’m talking about this project however means that i enjoyed some parts of it. In particular, I’m proud of the figma design I created, which we managed to fully implement.

I also enjoyed developing the API server for the app. I wrote it in FastAPI, and used the openapi documentation to automatically generate the schema for the Android Retrofit client.
Additionally, I established a basic CI/CD pipeline that automatically created a pull request on the app repository containing new Retrofit client models whenever a new version of the API was released.

Both the app code and the API server are available on the open-roboe github organization

Older projects

Around 2015, I learned programming by developing minecraft pocket edition mods using a cursed javascript+java scripting language.

Since then, I’ve created several web projects that got lost in time, along with miscellaneous stuff that is not worth its own section such as a website for my old high school or my dotfiles