I love hacking. I love vulnerability research. I love software exploitation. I love finding creative ways to subvert control of an application or system to make it do something it wasn't intended to do.
But this is research, and like any research, lots of things never pan out. It's weird because it involves hours, often hundreds or even thousands of hours, of frustration paid off by successes that last only moments. And the cycle repeats.
In order to develop an exploit we spend countless hours dissecting hardware and software looking for an oversight or misstep on the part of the developer. We follow dead end paths, only to realize they're dead ends days or weeks in. We often spend even more time wrestling with tools, trying to get them to work the way they should or to work together properly. When there isn't a tool already available we spend hours developing one that will help answer an esoteric question or shine light in a dark crevice.
When nothing's going right and at the height of frustration, I'm known to mutter "hacking is bullshit" and walk out of the room. My colleague, Craig, and I have now taken to calling arbitrary things "bullshit." Usually hacking, but often computers, programming, people, or D-Link routers.
Yet, we are driven to hack. We are driven to further the study of vulnerability research, to keep moving the ball down the field. The exchange of hours of frustration for minutes of victory is worth it. It's worth it because the next time we solve a similar problem, it takes a few hours rather than hundreds. It's worth it because the victory is amazing. It's worth it because the euphoria is like nothing else.
It's worth it, but let's be clear: hacking is bullshit.
I wanted to capture the irony of the frustration-to-victory inequity of hacking, so I made a T-shirt on Zazzle called "Hacking is Bullshit."
Here are some pictures:
I made it for myself, but if you'd like one of your own, here's a link that sends me a little kickback for beer.
Cheers and keep up the hacking. It's worth it.