Search
1000 results for “tcl_tk”
-
@patricus Depending on your definition of "sane", you might find Tcl/Tk fits the bill. See https://www.tcl-lang.org and https://wiki.tcl-lang.org/welcome . Indentation is optional, you can write:
if {$a > 0} {puts OK} else {puts "TOO LOW"; set a 1}
or:
if {$a > 0} {
puts OK
} else {
puts "TOO LOW"
set a 1
}or:
if {$a > 0} \
{puts OK} \
else \
{puts "TOO LOW"
set a 1}or even:
eval [lreverse {{puts "TOO LOW"; set a 1} else {puts OK} {$a > 0} if}]
🤪 -
@patricus Depending on your definition of "sane", you might find Tcl/Tk fits the bill. See https://www.tcl-lang.org and https://wiki.tcl-lang.org/welcome . Indentation is optional, you can write:
if {$a > 0} {puts OK} else {puts "TOO LOW"; set a 1}
or:
if {$a > 0} {
puts OK
} else {
puts "TOO LOW"
set a 1
}or:
if {$a > 0} \
{puts OK} \
else \
{puts "TOO LOW"
set a 1}or even:
eval [lreverse {{puts "TOO LOW"; set a 1} else {puts OK} {$a > 0} if}]
🤪 -
@patricus Depending on your definition of "sane", you might find Tcl/Tk fits the bill. See https://www.tcl-lang.org and https://wiki.tcl-lang.org/welcome . Indentation is optional, you can write:
if {$a > 0} {puts OK} else {puts "TOO LOW"; set a 1}
or:
if {$a > 0} {
puts OK
} else {
puts "TOO LOW"
set a 1
}or:
if {$a > 0} \
{puts OK} \
else \
{puts "TOO LOW"
set a 1}or even:
eval [lreverse {{puts "TOO LOW"; set a 1} else {puts OK} {$a > 0} if}]
🤪 -
@patricus Depending on your definition of "sane", you might find Tcl/Tk fits the bill. See https://www.tcl-lang.org and https://wiki.tcl-lang.org/welcome . Indentation is optional, you can write:
if {$a > 0} {puts OK} else {puts "TOO LOW"; set a 1}
or:
if {$a > 0} {
puts OK
} else {
puts "TOO LOW"
set a 1
}or:
if {$a > 0} \
{puts OK} \
else \
{puts "TOO LOW"
set a 1}or even:
eval [lreverse {{puts "TOO LOW"; set a 1} else {puts OK} {$a > 0} if}]
🤪 -
@jaywilson1988 @ebassi Do you have a source for this you can point to? I'm a big Tcl/Tk fan, but am resigned to it remaining a minority interest.
#tcltk #gtk -
@jaywilson1988 @ebassi Do you have a source for this you can point to? I'm a big Tcl/Tk fan, but am resigned to it remaining a minority interest.
#tcltk #gtk -
@jaywilson1988 @ebassi Do you have a source for this you can point to? I'm a big Tcl/Tk fan, but am resigned to it remaining a minority interest.
#tcltk #gtk -
@jaywilson1988 @ebassi Do you have a source for this you can point to? I'm a big Tcl/Tk fan, but am resigned to it remaining a minority interest.
#tcltk #gtk -
Random Wiki page of the day:
🔗 https://wiki.tcl-lang.org/page/Hearts
It's a card game, from back in 2013. The page claims that some of the code is from an AI. In 2013?
-
Unmasking the Moon: Comparing LunaStealer Samples with MalChela and Claude
As one tends to do on Saturday mornings with coffee in hand, I was reviewing two samples that were attributed to the LunaStealer / LunaGrabber family. Originally I was validating that
tiquerywas working with the MCP configuration, however what started as a quick TI check turned into a full static analysis session — and it gave me a good opportunity to put the MalChela MCP integration through its paces in a real workflow. This post walks through how that investigation unfolded, what the pivot points were, and what we found at the bottom of the rabbit hole.The Setup
If you haven’t seen the MalChela MCP plugin before, the short version is this: MalChela is a Rust-based malware analysis toolkit I’ve been building for a while — tools like
tiquery,fileanalyzer,mstrings, and others. The MCP server exposes all of those tools to Claude Desktop natively, so instead of dropping to the terminal for every command, I can run analysis steps conversationally and let Claude help interpret the results and suggest next moves.This is not replacing the terminal — it’s augmenting it. The pivot decisions still come from the analyst. But having a reasoning layer that can look at
mstringsoutput and say “thatSetDllDirectoryW+GetTempPathWcombination is staging behavior, and here’s the ATT&CK mapping” is genuinely useful when you’re moving fast.Both samples were sitting in a folder on my Desktop. I had SHA-256 hashes. Let’s go.
Phase 1: Threat Intelligence Query
First move is always TI. The MalChela
tiquerytool hits MalwareBazaar, VirusTotal, Hybrid Analysis, MetaDefender, and Triage simultaneously and returns a combined results matrix. Two calls, two answers.Sample 1 (
4f3b8971...) came back confirmed LunaStealer across all five sources. First seen 2025-12-01. Original filenamesdas.exe. VT tagged ittrojan.generickdq/python— already telling us something about the build.Sample 2 (
d4f57b42...) was more interesting. MalwareBazaar returned both LunaGrabber and LunaStealer tags. Triage clustered it with BlankGrabber, GlassWorm, IcedID, and Luca-Stealer. The original filename wasloader.exe. That’s a different kind of name thansdas.exe. One sounds like a throwaway test artifact. The other sounds deliberate.The TI results alone suggested these weren’t just two copies of the same thing. They were potentially different components of the same campaign.
Phase 2: Static PE Analysis
fileanalyzerandmstringson both samples.The first thing that jumped out was the imphash —
f3c0dbc597607baa2ea891bc3a114b19— identical on both. Same section layout, same section sizes, same import count (146), same 7 PE sections including the.fptablesection that PyInstaller uses for its frozen module table. These two samples were compiled from the same PyInstaller loader template with different payloads bundled inside.But the entropy diverged sharply. Sample 1 (
sdas.exe) came in at 3.9 — low, even for a PyInstaller bundle. Sample 2 (loader.exe) was 6.9 — high, indicating the embedded payload is compressed or encrypted more aggressively. Combined with the file size difference (47 MB vs 22 MB), this was the first signal that what was inside each bundle was meaningfully different.mstringsgave us 22–23 ATT&CK-mapped detections across both samples — largely the same set:IsDebuggerPresent,QueryPerformanceCounter,SetDllDirectoryW,GetTempPathW,ExpandEnvironmentStringsW,OpenProcessToken. Standard infostealer staging behavior.Tcl_CreateThreadshowed up in both, which is a PyInstaller artifact from bundling Python with Tkinter. The VTpythonfamily tag made more sense in context.Phase 3: PyInstaller Extraction
Both samples were extracted with
pyinstxtractor-ng. This is where the two samples started to diverge clearly.Sample 1 entry point:
sdas.pyc— Python 3.13, 112 files in the CArchive, 752 modules in the PYZ archive.Sample 2 entry point:
cleaner.pyc— Python 3.11, 113 files, 760 modules.The name
cleaner.pycinside a file calledloader.exeis a tell. That’s not a stealer payload name. That’s something that runs after.The bundled library sets were nearly identical between both —
requests,requests_toolbelt,Cryptodome,cryptography,psutil,PIL,sqlite3,win32— same stealer framework. But Sample 2 had a unique addition: al.jsreference (mapped to T1059 — Command and Scripting Interpreter). A JavaScript component not present in the December build. The OpenSSL versions also differed: Sample 1 bundledlibcrypto-3.dll(OpenSSL 3.x), Sample 2 hadlibcrypto-1_1.dll(OpenSSL 1.1). Different build environments, roughly one month apart.At this point the working theory was solid: Sample 1 is a standalone stealer. Sample 2 is a later-generation dropper/installer with an updated payload and additional capability.
Phase 4: Bytecode Decompilation
decompile3couldn’t handle Python 3.11 or 3.13 bytecode. That’s a known limitation.pycdc(Decompyle++) handles both.sdas.pycdecompiled cleanly — the import stack made the capability set immediately obvious:from win32crypt import CryptUnprotectData from Cryptodome.Cipher import AES from PIL import Image, ImageGrab from requests_toolbelt.multipart.encoder import MultipartEncoder import sqlite3CryptUnprotectDatafor browser master key decryption.AESfor the decryption itself.ImageGrabfor screenshots.MultipartEncoderfor structured exfiltration. Classic infostealer, nothing surprising.cleaner.pycwas a different story. The decompiler output opened with this:__________ = eval(getattr(__import__(bytes([98,97,115,101,54,52]).decode()), ...Heavy obfuscation — byte arrays used to reconstruct
eval,getattr, and__import__at runtime so none of those strings appear in plain text. The approach is designed to evade static string detection. Decode the byte arrays and you get:bytes([98,97,115,101,54,52]) → "base64" bytes([90,88,90,104,98,65,61,61]) → b64decode("ZXZhbA==") → "eval" bytes([90,50,86,48,...]) → "getattr" bytes([88,49,57,112,...]) → "__import__"Standard Python malware obfuscation. But buried further down in the decompile output was a large binary blob — a
bytesliteral starting with\xfd7zXZ. That’s the LZMA magic header.Phase 5: LZMA Stage 2 Extraction
The blob was located at offset
0x17d4in the pyc file. Extract and decompress it:import lzma blob = open('cleaner.pyc', 'rb').read() idx = blob.find(b'\xfd7zXZ') decompressed = lzma.decompress(blob[idx:]) # → 102,923 bytesOne important detail: the decompression is wrapped in a
try/except LZMAErrorblock withos._exit(0)on failure. If the decompression fails — as it would in some emulated sandbox environments — the process exits silently with no error. That’s the anti-sandbox mechanism.The decompressed payload was another obfuscated Python source using a custom alphabet substitution encoding. The final execution chain was
compile() + exec(). Decoding the full stage 2 revealed everything:The injection URL:
https://raw.githubusercontent.com/Smug246/luna-injection/main/obfuscated-injection.jsThis is the live Discord injection payload. The stage 2 pulls this JavaScript file from GitHub and injects it into the Discord desktop client’s core module, persisting across restarts.
The capability set from stage 2:
- Anti-analysis checks on startup: process blacklist (~30 entries including
wireshark,processhacker,vboxservice,ollydbg,x96dbg,pestudio), MAC address blacklist (80+ VM prefixes), HWID blacklist, IP blacklist, username/PC name blacklists - Discord token theft from all three release channels (stable, canary, PTB)
- Browser credential theft across 20+ Chromium and non-Chromium browsers
- Roblox session cookie harvesting (
.ROBLOSECURITY=targeting with API validation) - Desktop screenshot capture
- Self-destruct:
ping localhost -n 3 > NUL && del /F "{path}"
The ping delay is a simple trick — the 3-second wait lets the process fully exit before the delete fires, so the file removes itself cleanly after execution.
What MalChela + MCP Added to This Workflow
The honest answer is: speed and synthesis.
tiqueryhitting five TI sources in one call versus five separate browser tabs or CLI invocations is a meaningful time saving, but that’s the surface benefit. The deeper value showed up in themstringsstep — getting ATT&CK-mapped output with technique IDs alongside the raw strings meant the behavioral picture came together faster than manually correlating imports against the ATT&CK matrix.The MCP integration meant each of those steps — TI query, PE analysis, string extraction — could happen within the same conversation context. Claude could see the
fileanalyzeroutput and themstringsoutput together and note that the entropy difference between the two samples was significant, that the identical imphash meant shared loader infrastructure, that the staging imports inmstringswere consistent with the exfil approach suggested by the TI tags. That cross-tool synthesis is where the integration earns its keep.The parts that still required manual work:
pyinstxtractor-ng,pycdc, the LZMA extraction, and decoding the stage 2. Those are terminal steps on the Mac.IOCs at a Glance
Samples:
SHA-256FilenameFamily4f3b8971...d0sdas.exeLunaStealerd4f57b42...24loader.exeLunaGrabberInjection URL:
https://raw.githubusercontent.com/Smug246/luna-injection/main/obfuscated-injection.jsSelf-destruct pattern:
ping localhost -n 3 > NUL && del /F "{executable}"Imphash (shared loader stub):
f3c0dbc597607baa2ea891bc3a114b19A full IOC list including ~60 C2 IPs, MAC address blacklists, and HWID blacklists is in the analysis report linked below.
Downloads
- 📄 [Full Analysis Report] — Complete investigation narrative, sample properties, capability breakdown, IOC documentation, campaign timeline, and recommendations. (lunaStealer_analysis_report.pdf)
- 🛡️ [YARA Rules — PE] — Four rules targeting the PE samples: exact hash match, shared PyInstaller stub (imphash-based), infostealer payload strings, generic PyInstaller infostealer. (lunastealer_pe.yar)
If you’re running MalChela in your environment and want to reproduce the TI query steps, the MalChela MCP plugin source is on GitHub at github.com/dwmetz/MalChela. Questions or additions to the IOC list — find me on the usual channels.
#DFIR #Forensics #Github #lumastealer #MalChela #Malware #Python #yara - Anti-analysis checks on startup: process blacklist (~30 entries including
-
I created an actual "release" today, for my Xiaolong Dictionary language learning tool [1].
I wonder however, why the GNU/Linux built is bigger. Maybe 'cause I ran another command making the executable. Makefile target:
pyinstaller --clean --onefile --noconsole --add-data "$(TCL_LIBRARY):tcl8.6" --add-data "$(TK_LIBRARY):tk8.6" "$(MODULE)")
While on Windows I have no idea how to do that.
[1]: https://codeberg.org/ZelphirKaltstahl/xiaolong-dictionary/releases
#python #tkinter #matplotlib #pillow #pyinstaller #executable
-
@jaywilson1988 @felipeborges @GTK Well the graphics here will be done with Tk which was developed for use with Tcl, though other languages have bindings to it as well now. You can see some other examples here: https://wiki.tcl-lang.org/page/Showcase .
#tcltk -
Last Easter, I was running a checkpoint at Imbil as I’ve done before… operating a checkpoint at Derrier Hill Grid with horses passing through from three different events simultaneously, coming from two different directions, and getting more confused than a moth in a light shop. At that time I thought it’d be really handy to have a software program that could “sort ’em all out”. I punch in the competitor numbers, it tells me what division they’re in and records the time… I then assign the check-points and update the paperwork.
We have such a program, a VisualBASIC 6 application written by one of the other amateurs, however I use Linux. My current tablet, a Panasonic FZ-G1 Mk1, won’t run any supported version of Windows well (Windows 10 on 4GB RAM is agonisingly slow… and it goes out of support in October anyway), but otherwise would be an ideal workhorse for this, if I could write a program.
So I rolled up my sleeves, and wrote a checkpoint reporting application. Java was used because then it can be used on Windows too, as well as any Linux distribution with OpenJDK’s JRE. I wanted a single “distribution package” that would run on any system with the appropriate runtime, that way I wouldn’t need a build environment for each OS/architecture I wanted to support.
One thing that troubled me through this process… was getting image resources working. I used the Netbeans IDE to try and make it easier for others to contribute later on if desired: it has a GUI form builder that can help with all the GUI creation boilerplate, and helps keep the project structure more-or-less resembling a “standard” structure. (This is something that Python’s
tkinterseriously lacks: a RAD tool for producing the UIs. The author of the aforementioned VB6 software calls it “T-stinker”, and I find it hard to disagree!)Netbeans defaults to using the Maven build system for Java projects, although Ant and Gradle are both supported as well. (Not sure which one of the three is “preferred”, I know Android often use Gradle… thoughts Java people?) It also supports adding bitmap resources to a project for things like icons. I used some icons from the GTK+ v3 (LGPLv2) and Gnome Adwaita Legacy (CCBYSA3) projects.
The problem I faced, was actually using them in the UI. I was getting a
NullPointerExceptionevery time I tried setting one, and Netbeans’ documentation was no help at all. It just wasn’t finding the.pngfiles no matter what I did:2025-06-15T06:32:54.461Z [FINEST] com.vk4msl.checkpointreporter.ui.ReporterForm: Choose nav tree node testException in thread "AWT-EventQueue-0" java.lang.NullPointerException at javax.swing.ImageIcon.<init>(ImageIcon.java:217) at com.vk4msl.checkpointreporter.ui.event.EventPanel.initComponents(EventPanel.java:239) at com.vk4msl.checkpointreporter.ui.event.EventPanel.<init>(EventPanel.java:63) at com.vk4msl.checkpointreporter.ui.ReporterForm.showEvent(ReporterForm.java:895) at com.vk4msl.checkpointreporter.CheckpointReporter.showEntity(CheckpointReporter.java:532) at com.vk4msl.checkpointreporter.ui.ReporterForm.navTreeValueChanged(ReporterForm.java:480) at com.vk4msl.checkpointreporter.ui.ReporterForm.access$100(ReporterForm.java:70) at com.vk4msl.checkpointreporter.ui.ReporterForm$2.valueChanged(ReporterForm.java:182)Maybe it’s my search skills, or the degradation of search, but I could not put my finger on why it kept failing… the file was where it should be, the path in the code was correct according to the docs, why was it failing?
Turns out, when Maven does a build, it builds all the objects in a
target/classesdirectory. When Netbeans runs your project, it does so out of that directory. Maven did not bother to copy the.pngfiles across, because Netbeans never told it to.I needed the following bit of code in my
pom.xmlfile:<resources> <resource> <targetPath>com/vk4msl/checkpointreporter/ui/components/icons</targetPath> <directory>${project.basedir}/src/main/java/com/vk4msl/checkpointreporter/ui/components/icons</directory> <includes> <include>**/README.md</include> <include>**/*.png</include> </includes> </resource> </resources>That tells Maven to pick up those
.pngfiles (in thecom.vk4msl.checkpointreporter.ui.components.iconspackage) and put them, along with theREADME.md, in the staging directory for the application. Then Java would be able to find those resources, and they’d be in the.jarfile in the right place.Other suggestions have been to move the project to using Ant (which was the old way Java projects were built, but seems to be out of favour now?)… not sure if Gradle has this problem… maybe some people more familiar with Java’s build systems can comment. This is probably the most serious Java stuff I’ve done in the last 20 years.
I used Java because it produced a single platform-independent binary that could run anywhere with the appropriate runtime, and featured a runtime that had everything I needed in a format that was easy to pick back up. C# I’ve used for command-line applications at university, but I’ve never done anything with Windows Forms, so I’d have to learn that from scratch as well as wrestling MSBuild (yuck!). Python almost was it, but as I say, dealing with
tkinterand trying to map that to all the TK docs out there that assume you’re using TCL, made it a nightmare to use. I didn’t want to bring in third-party libraries like Qt or wxWidgets as that’d complicate deployment, and other options like C++, Rust and Go all produce native binaries, meaning I’d have to compile for each platform. (Or force people to build it themselves.)Java did the job nicely. Not the prettiest application, but the end result is I have a basic Java program, using the classical Swing UI interface that should be a big help at Southbrook later this month. I’ll probably build on this further, but this should go a big way to scratching the itch I had.
https://vk4msl.com/2025/06/15/using-image-resources-with-maven-java-projects-in-netbeans/
-
I created an actual "release" today, for my Xiaolong Dictionary language learning tool [1].
I wonder however, why the GNU/Linux built is bigger. Maybe 'cause I ran another command making the executable. Makefile target:
pyinstaller --clean --onefile --noconsole --add-data "$(TCL_LIBRARY):tcl8.6" --add-data "$(TK_LIBRARY):tk8.6" "$(MODULE)")
While on Windows I have no idea how to do that.
[1]: https://codeberg.org/ZelphirKaltstahl/xiaolong-dictionary/releases
#python #tkinter #matplotlib #pillow #pyinstaller #executable
-
I created an actual "release" today, for my Xiaolong Dictionary language learning tool [1].
I wonder however, why the GNU/Linux built is bigger. Maybe 'cause I ran another command making the executable. Makefile target:
pyinstaller --clean --onefile --noconsole --add-data "$(TCL_LIBRARY):tcl8.6" --add-data "$(TK_LIBRARY):tk8.6" "$(MODULE)")
While on Windows I have no idea how to do that.
[1]: https://codeberg.org/ZelphirKaltstahl/xiaolong-dictionary/releases
#python #tkinter #matplotlib #pillow #pyinstaller #executable
-
I created an actual "release" today, for my Xiaolong Dictionary language learning tool [1].
I wonder however, why the GNU/Linux built is bigger. Maybe 'cause I ran another command making the executable. Makefile target:
pyinstaller --clean --onefile --noconsole --add-data "$(TCL_LIBRARY):tcl8.6" --add-data "$(TK_LIBRARY):tk8.6" "$(MODULE)")
While on Windows I have no idea how to do that.
[1]: https://codeberg.org/ZelphirKaltstahl/xiaolong-dictionary/releases
#python #tkinter #matplotlib #pillow #pyinstaller #executable
-
I created an actual "release" today, for my Xiaolong Dictionary language learning tool [1].
I wonder however, why the GNU/Linux built is bigger. Maybe 'cause I ran another command making the executable. Makefile target:
pyinstaller --clean --onefile --noconsole --add-data "$(TCL_LIBRARY):tcl8.6" --add-data "$(TK_LIBRARY):tk8.6" "$(MODULE)")
While on Windows I have no idea how to do that.
[1]: https://codeberg.org/ZelphirKaltstahl/xiaolong-dictionary/releases
#python #tkinter #matplotlib #pillow #pyinstaller #executable
-
@jaywilson1988 @felipeborges @GTK Well the graphics here will be done with Tk which was developed for use with Tcl, though other languages have bindings to it as well now. You can see some other examples here: https://wiki.tcl-lang.org/page/Showcase .
#tcltk -
@jaywilson1988 @felipeborges @GTK Well the graphics here will be done with Tk which was developed for use with Tcl, though other languages have bindings to it as well now. You can see some other examples here: https://wiki.tcl-lang.org/page/Showcase .
#tcltk -
@jaywilson1988 @felipeborges @GTK Well the graphics here will be done with Tk which was developed for use with Tcl, though other languages have bindings to it as well now. You can see some other examples here: https://wiki.tcl-lang.org/page/Showcase .
#tcltk -
@jaywilson1988 @felipeborges @GTK Well the graphics here will be done with Tk which was developed for use with Tcl, though other languages have bindings to it as well now. You can see some other examples here: https://wiki.tcl-lang.org/page/Showcase .
#tcltk -
A pauta sobre easter eggs da #SegundaFicha cobre apenas jogos? Como um usuário #Linux da velha guarda, gostaria de resgatar o easter egg das antigas versões do Red Hat (incluindo o #Conectiva Red Hat Linux), que exibiam um chapéu giratório se uma determinada região do `timetool` (aplicativo para ajuste de data e hora) era clicada. Não achei captura de tela, então, precisei eu mesmo fazer uma (emulador PCem, distribuição Conectiva Red Hat Linux Marumbi).
🏷️ Etiquetas adicionais: #retrocomputing #redhat #fvwm #fvwm2 #anotherlevel #tcltk #emulacao #emulation
-
I have never heard a story that begins with the words "Richard Stallman..." and ends in a good place.
In other news, TIL tcl got screwed.
smh...again.
#ThisFuckingGuyAgain #rms #tcl #browsers #internetlanguages #tcltk #scriptinglanguage #scriptinglanguages
-
Ah yes, because the world was desperately yearning for yet another obscure text editor clone, this time written in everyone's favorite "what is this even?" language, #TclTk. 🖥️🤔 Clearly, the future of editing lies in turning our keyboards into irrelevant relics while we bask in the glory of mouse-induced carpal tunnel. 🖱️😂
http://www.call-with-current-continuation.org/ma/README #texteditor #softwaredevelopment #programminghumor #carpalTunnel #mouseoverload #HackerNews #ngated -
@jacket Tcl is something of an acquired taste. Perhaps you need to have a twisted brain to really appreciate it (as I do)! 🤪
That's quite a good introductory video though. My one criticism would be that it may give the impression that all commands operate directly on strings, which would be very inefficient. This was the case in the very earliest versions of Tcl, but now strings are converted to/from more efficient representations behind the scenes as required. #tcltk 🪶
-
@colinmford Hex "magic" numbers - in the new logo created for #tcltk version 9 the light green colour has hex code BADA55. ( SVG file is at https://wiki.tcl-lang.org/image/Tcl9LogoFinal )
