0xKit

Devlog 3 - DevBox becomes 0xKit

Big pivot. DevBox is turning into 0xKit, a toolkit for CTF recon, crypto and forensics. Same offline browser app, sharper focus.

The honest reason: DevBox worked, but it was a pile of converters you could find
in ten other places. No reason to reach for it. So instead of bolting on more
generic tools, I pointed the whole thing at one user, a CTF player, and built
the harder tools that crowd actually needs.

What sold me on the pivot was realising DevBox’s “nice to have” is a real selling point here. Everything runs in your browser and never leaves your machine. For a dev formatting JSON, who cares. For someone poking at competition data they shouldn’t paste into a random website, that matters.

The centerpiece is a pipeline. Instead of one tool per page, you stack operations and each feeds the next: From Base64, then From Hex, then XOR. It’s the CyberChef idea, rebuilt small and dependency-free. Underneath, every operation speaks one language, raw bytes, so a gzip blob survives the chain instead of getting mangled. Building it meant writing things by hand you’d normally install: MD5, SHA-1, a base58 codec with a sneaky all-zeros bug a test caught.

So was it worth it? Yes. 0xKit has a point of view now, it’s for someone instead of being a drawer of odds and ends. And it forced real work: a composable engine, hand-rolled crypto, a pile of tests. I even cut JSON, color and cron to commit to the bet. Felt scary, then immediately right.

Next up: the Magic button, which guesses the decode chain for a blob you don’t understand, then the crypto and forensics tools, and getting 0xKit live.

Devlog 2 - Four more tools and search

DevBox grew up a bit this round. It went from three tools to seven, and the sidebar finally got a search box.

The new ones: Regex tester, Timestamp converter, Color converter, and Text Case. The Regex one is my favorite - it highlights matches live as you type and counts them, with the g/i/m flags as little checkboxes. Timestamp figures out on its own whether you handed it seconds or milliseconds. Color swaps between HEX, RGB and HSL and shows a swatch. Text Case turns whatever you type into camelCase, snake_case, kebab-case and the rest.

Now that the list was getting longer, I added a search box up top - just start typing to filter, or hit Ctrl+K to jump straight to it.

The fiddly bits were the small edge cases. Regex with something like \d* used to duplicate the text in the preview, and the case converter choked on acronyms like parseHTTPRequest. Both fixed now. Boring stuff, but it’s the difference between a toy and something you actually trust.

Next up: a hash generator, and making the whole thing work offline as an installable app.

Devlog 1 - Getting started

My first devlog! DevBox just went from an empty folder to something I can
actually use, with three working tools.

The idea: one page with all the little tools devs keep googling - JSON, Base64,
URL encoding - running right in your browser. No submit buttons, works offline,
nothing you type ever leaves your machine.

I started with the shell, so adding a tool is dead easy: one folder plus one
line in a config file gets it into the sidebar, routing, and search. Then the
first three tools - JSON Formatter, Base64, and URL, the last two auto-detecting
whether to encode or decode.

The tricky part was that auto-detect: it only treats input as Base64 if it
survives a clean round-trip, otherwise plain text turns to garbage.

Next up: four more tools (Regex, Timestamp, Color, Text Case).