As you can see, my nickname is Nova Noir (or Nova No1R, Nova No1r, and various other variations), but what's the story behind this nickname? What will be the past, present, and future of my online alias?

This article originated from thinking about the online nickname "Lantern" while taking a bath, along with thoughts about his real name, and extrapolating from there (although I have never met "Lantern" in person, but coincidentally heard him giving a reverse fundamentals course to my roommate, and then went to observe and learn from it).

The Beginning​

My first contact with the internet began with the QQ number registered by my family. I vividly remember my first nickname, which was carefully decided after discussions with my mother, called "爱吃屎的懒羊羊" ("Lazy Lamb Who Loves Eating Poop"). I admit that this name, even by today's standards, is quite abstract, but for an 8-year-old, it seemed reasonable. CF was the first online game I played, and around third grade, I chose my first nickname, which I still remember as "丗堺" because I also used this name on MCBBS, and it is torture every time I have to enter this name, probably around 2012, a time when my mind was filled with alien symbols.

However, during this period, nicknames were frequently changed, and I only remember "丗堺" distinctly. Can these nicknames from that period really be considered nicknames?

Tieba Era​

While still in elementary school, I discovered Baidu Tieba for browsing things like comic books. Posting was easy back then, as you could directly post content without using Baidu Cloud (although I did save some on Baidu Cloud). During this time, I chose my first non-alien nickname: Haunt, also known as HauntChoc.

I can't recall the origin of this name. I guess I saw the word "hunt" somewhere but didn't want to use it directly, then found the rare word "haunt" on Baidu. As I got into Minecraft, I started using this name, gaining some popularity on the MinecraftPE forum (with 20,000 followers). I wrote many trashy ModPEs and a funny JavaScript (ModPE) tutorial.

Teaching JavaScript + Android to a primary school student who had no technical knowledge actually had a good effect. Since he didn't understand anything technical, he used simple language (based on his own understanding), which surprisingly worked well.

This period lasted until around 2016, as I remember getting into CSGO in 2016 and rarely used it as my Steam name after that.

Golden Age​

As for the origin of the nickname "Nova," and when I started using it, and why I abandoned the nickname "Haunt," I cannot recall clearly. Its appearance was sudden, much like the word "Nova" itself, denoting the sudden appearance of a bright, apparently 'new' star.

Initially, this name was used in my CSGO games for a period (although I mostly used names of anime characters, "Nova" wasn't any character I had seen before). At this time, I was active on Max+, and I made some good friends there (although we rarely play games together now, we still chat daily and share pictures). They needed a nickname to call me, and for some reason, they chose "Nova" from my Steam nickname.

Gradually, I started using Nova regularly, but faced issues with duplicate names. Also, I felt that having such a long nickname like "Nova" with no additional identifiers was inefficient and lacked uniqueness. In March 2017, after the release of the Spectrum Case, I chose "neo-noir" as a suffix, which resonated with my skin. This has been consistent till now. Interestingly, neither "Nova" nor "noir" was chosen based on their meanings; I simply thought they sounded cool.

Around 2022, after entering university, I realized the importance of Chinese identifiers. Having a Chinese nickname can leave a lasting impression among Chinese-speaking communities, especially on platforms like GitHub, which are primarily in English. Besides, I felt that a nickname without Chinese characters looked empty on common social apps. Adding Japanese characters could work, but it wouldn't have the same impact.

Hence, I started thinking about translating "NovaNoir." Obviously, "Nova" and "Noir" are two completely contrasting concepts; while their English combination may have a unique aesthetic, in a Chinese context, it could evoke a "cringey" feeling—something like "魅影新星" or "暗夜新星," but the pun on "新星" didn't sound elegant. After much thought, I settled on 黯星座 ("Dark Star Sign"), a name that felt less edgy and somewhat satisfying.

To The Future​

This should have been the end of the story. "NovaNoir" has become an irreplaceable identifier for me. Friends call me "nova" in games, classmates use "nova" in everyday life, and I use "novanoir" for gaming and competition names. I even own two domains, novanoir.dev and n.ova.moe. This coincidental yet long-standing nickname remains dear to me, and I may continue using it indefinitely.

This brings me back to why I wrote this article. When you see "nova," and then my name, what comes to mind?

As I grow older, I find myself liking my Chinese name more. My parents did a great job naming me with an elegant, high-quality, and pleasant single character. So, even though nicknames don't necessarily have to be related to real names, or only a few can be related, I suddenly wish my nickname could be one that others immediately understand the origin of.

After all, who wouldn't love a cat named Miu/Miyu that meows?

👴 was probably too exhausted. Today, he intended to study the Xian'an number theory, look into the unit and research some pwns, but in reality, 👴 didn't do anything productive all afternoon except battling himself, which only made him more emotional. So, after a long internal struggle, 👴 decided to eat first and then think.

Meeting Steve Jobs at Tsinghua​

👴 went out for dinner at five o'clock for the first time. In Beijing, the sun sets at five o'clock, which is something unimaginable in 👴's hometown. Even in winter at five o'clock, the sun still shines bright overhead. Once while video calling with a girl in his freshman year, one had dark skin and the other fair, someone who didn't know might have mistaken 👴 for dating an American girl. 👴 ordered a beef steak with abalone sauce, which is one of the highly praised dishes at Tsinghua. 👴 randomly stumbled upon a video of Steve Jobs' speech at Stanford University. 👴 thought he spoke well, although 👴 had a mediocre impression of 🍎; even after buying an iPad and finding it very useful, his opinion didn't change. However, 👴 had a good impression of Steve Jobs as a person. 👴 can't remember the details of Jobs' speech since he was already exhausted at the time. He only remembers something about "stay something, keep something," which seemed to be quite motivational.

Night Run​

The beef steak with abalone sauce came with rich side dishes. In order to practice the "clean plate" campaign, 👴 endured the greasiness for a long time. When he finally left the canteen, the moon 🌛 was already out. For someone like 👴, who lives in a low latitude region with long daylight hours every day, there was a sense of time slipping away in that moment.

🌛 Perhaps a flash of inspiration struck 👴's brain. He suddenly remembered a saying he read somewhere, which roughly meant: when you don't know what to do, go exercise. 👴 thought it was silly; feeling mentally exhausted already, the idea of becoming physically exhausted through exercise seemed unreasonable. Nevertheless, in order to achieve his ambitious goal of running 100km each semester as a healthy university student, 👴 started walking towards the playground against the darkness. 👴 usually defined night as no earlier than 8 o'clock. Even though it was only six, since it was already as dark as ten, 👴 decided to call it a night run.

Originally planning to run seriously, 📱 in his pocket, 👴 completed three laps determinedly. Normally, his sports app would vibrate if something went wrong, but this time, the app was silent. Checking it, 👴 saw he had only run 0.04 km in 22 minutes, which indeed killed his motivation to run. Since he had already achieved 1km, he decided to move on and consider it as overdoing his exercise for the day. However, he still had to complete the 5km goal; otherwise, his outing that day would be in vain. So, wearing his wf-1000xm4 earbuds, 👴 began to stroll around the playground, experiencing various sights and sounds, leading to the theme of this essay, Night Run on the Playground.

👴's Spotify playlist usually consisted of anime songs, but unexpectedly, the daily recommendation introduced an English song today. The song was "Say You Won't Let Go," which 🧑‍🎤👴 had never heard before but found quite enjoyable. (👴 still couldn't find this song in his daily recommendations, it was truly a magical occurrence.)

👴 walked with his hands in his pockets, wearing a cap on the playground. He resembled the album cover in a way, but unfortunately, he wasn't as handsome as the person on the cover. The playground was quite populated, from kids playing football and accidentally kicking the ball onto the running track, to skilled runners suddenly stopping in the inner circle to check their phones. The noise-canceling ability of the wf-1000xm4 was impressive; once the music played, 👴 couldn't hear the surrounding noise, just passing shadows one after another, leaving him with quite a few emotions, especially the spotlight on the playground casting a beautiful light on the falling leaves of what seemed to be a birch tree.

Reflecting on this composition, 👴 walking on the playground with fallen leaves, surrounded by a spotlight, would have made a great photo. Unfortunately, it was 👴 standing under the spotlight, a poorly-dressed goblin-like guy who only wore black from head to toe. He couldn't help but sigh at the artistic regret.

The first time 👴 walked through the fallen leaves was interesting, with the song "Dry Flower" playing in his ears. He could feel the satisfaction of kicking up the leaves, making him kick them every lap.

While walking, 👴 thought about various aspects of his academic life and plans for studying abroad. However, as he couldn't come up with anything and was too lazy to write, he decided not to dwell on it for now and perhaps write about it in the future in a piece entitled "Running Through the Night."

After more than an hour, 👴 finally completed the 5km. He walked slowly but jogged 2km for a faster pace, taking breaks in between. Although the sports app didn't analyze his pace after the run, perhaps due to changing the device language, 👴 was still happy. Leaving the playground, 🏫 crowded with people near the bell tower, 👴 wanted to join but considering his sweaty and exhausted state, he decided to head back to the dormitory quickly.

Attachment download link: https://pwnable.tw/static/chall/netatalk.tgz + https://pwnable.tw/static/libc/libc-18292bd12d37bfaf58e8dded9db7f1f5da1192cb.so

It took about 1.5 days, and overall it was a very productive debugging and reproducing process. I learned some exploitation and debugging techniques, and it was very helpful for expanding my mindset.

The discovery process of the vulnerability is explained clearly by the author in Exploiting an 18 Year Old Bug. A Write-up for CVE-2018–1160 | by Jacob Baines, which is very interesting. You can also find a translated version at Discovery and Exploitation of Netatalk CVE-2018-1160_c01dkit's Blog-CSDN Blog.

The author mentioned in their blog that this vulnerability can only be exploited on NAS with -no-pie. However, the creator of the HITCON 2019 challenge, DDAA, provided an exploit approach in HITCON CTF 2019 Pwn 371 Netatalk (ddaa.tw), which basically involves leveraging the nature of fork where child processes do not change the memory layout — in other words, ASLR plays a very minor role (laughs). This way, we can expose a valid address through a side channel and then exploit it.

Recently encountered this vulnerability, it seems to have a wide range of potential exploits. Although most machines in China seem to have a relatively low version of libc, let's take a look at it first.

Environment Setup​

Testing Environment​

OS: Ubuntu 22.04.1 LTS on Windows 10 x86_64

Kernel: 5.15.123.1-microsoft-standard-WSL2

Glibc: 2.35-0ubuntu3.3

I suddenly got tired of having to log in via SSH and then run git pull && npm run build to deploy my blog every time, so I thought of using a webhook.

However, I still have to fix the package-lock.json conflicts myself. I'll think of a way to deal with this later (just ignore it!).

I don't know what happened, I used to be able to access services in WSL2 directly from the host using localhost:port, but suddenly it doesn't work today. Taking this opportunity, I'll create a virtual network card based on the documentation I read recently to set up a WSL2 bridge, which will not only support IPv6 but also allow direct access to my WSL2 services in the local network without the need for port forwarding. Since my WSL2 is not sandboxed anyway, I'm not too concerned about security xD.

Frustrated with syncing data across multiple platforms for years, I suddenly remembered that I still have a SanDisk 256G Gen3.1 USB flash drive I can use, so I decided to research how to install Arch Linux on a USB drive.

Preparation:

• VMWare Workstation
• Arch Linux image
• A fast and large capacity USB drive (recommended USB 3.0+, with a size of 50GB or more)

Before You Start​

Please make sure you have some hands-on abilities. Based on the assumption that you can open a server, the following text will assume that readers will use Python3 and be familiar with using the terminal.

Prerequisites​

• Python3
• MuelNova/Palworld-Save-Patcher
• Prepare the save to be converted, referred to as %SAVE% in this guide, it should be similar to the structure below

%SAVE%
├── LevelMeta.sav
├── Level.sav
├── LocalData.sav
├── Players
│   ├── 00000000000000000000000000000001.sav
│   ├── PLAYER_B_GUID.sav
│   └── PLAYER_C_GUID.sav
└── WorldOption.sav

Version Information (Current as of)​

• Palworld v0.1.2.0
• Server deployment using https://github.com/thijsvanloef/palworld-server-docker

Modification Process​

Extracting Server Saves​

Ensure that your server is up and running and copy the entire %SAVE% to the server saves location.

The original homeowner logs into the game, which should prompt the creation of a new user. Proceed to create a new user and perform some actions before exiting the game.

At this point, a new file should appear in the %SAVE%/Players folder, representing the GUID of each STEAM user, identified as 0D000721000000000000000000000001.sav.

%SAVE%
├── LevelMeta.sav
├── Level.sav
├── LocalData.sav
├── Players
│   ├── 00000000000000000000000000000001.sav
│   ├── PLAYER_B_GUID.sav
│   ├── 0D000721000000000000000000000001.sav
│   └── PLAYER_C_GUID.sav
└── WorldOption.sav

In this case, 0D000721000000000000000000000001 is the GUID of the original homeowner.

Shutdown the server, and make sure you have backed up the %SAVE% folder.

Running the Script​

git clone https://github.com/MuelNova/Palworld-Save-Patcher.git
cd Palworld-Save-Patcher
python script.py fix-host %SAVE% %GUID%
# Replace with your own values
# python script.py fix-host /home/nova/test_pal 0D000721000000000000000000000001

Restart the Server​

The original homeowner should now have progress in the game; however, the name and guild no longer exist. You need to join a friend's server to see them. This is a small flaw (due to these details being stored in BYTE, making it inconvenient to modify).

Principles​

This part can be skipped if not interested.

Analysis of Save Files​

Located in %applocaldadta%\Pal\Saved\SavedGame\<STEAM_ID>\<WORLD_ID>

LocalData.sav​

Contains map data, unrelated to users. Can be directly copied to other saves to skip the map opening process.

Level.sav​

Critical file that stores all resources, their owners, and map events.

Player/xxxxxx.sav​

Player files

.sav Files​

Currently, only the modification method is known, without the actual principle. Refer to Converting Palworld saves to JSON and back (github.com) for more information.

For a .sav file, it is not a standard UE .sav file header but a file compressed using zlib (or double compressed).

• [0:4] is the uncompressed size
• [4:8] is the compressed size
• [8:11] is a fixed magic number "PlZ"
• [11] represents a type, with possible values: 0x30, 0x31, 0x32. 0x30 is unused, 0x31 is for single zlib compression, and 0x32 for double zlib compression
• [12:] is the compressed data

After decompression, a GVAS file is obtained, which can be converted to a JSON file using tools like trumank/uesave-rs: Rust library to read and write Unreal Engine save files (github.com).

uesave to-json --input <GUID>.sav.gvas --output <GUID>.sav.json

After much thought, I decided to share some small and not-so-interesting things from my life here rather than in the clown section or the blog section.

Buying a cost-effective non-mainstream laptop comes with consequences, as there is no hardware adaptation for Linux, and no plans to support it. After using it for a week, I managed to solve about three issues: keyboard malfunction, inactive Bluetooth module, inability to install graphics card drivers, and immediate wake-up from sleep. Here is a brief overview of how I tackled them.