Clik here to view.
Hitchhiker’s Guide to Reverse Engineering
Well, I got annoyed that I couldn’t watch the SWF-based HitchHiker’s trailer on the Amazon.com main page. swf_play failed miserably. Most of the crap Apple pulls for their movie trailer stream-hiding...
View ArticleClik here to view.
.tivo file format
After I found some details on the .tivo file format, and cooked up some code to produce the same output. So far, there isn’t a lot of detail. It’s mostly just strange stuff. mpegcat finds the MPEG2...
View ArticleClik here to view.
pattern visualization
Damn. I just thought up another piece of software (that I’m capable of writing) that I can’t find. This is bad; it means it’s going to haunt me until I code it. So, frequently, I’m faced with streams...
View ArticleClik here to view.
cvs camcorder
I was able to get my hands on a CVS camcorder this past week. The unit is very cool. It doesn’t have any features of a “real” video camera, but I view it like a super-version of my Digital camera which...
View ArticleClik here to view.
porrasturvat hacking
Three years ago, when I first saw tAAt’s Porrasturvat, I couldn’t stop playing it all day. It’s a really simple game: see how much “damage” you can score to a stick figure that you push down the...
View ArticleClik here to view.
open source disassemblers
Not a lot of OSS folks seem to be interested in reverse engineering, so as a result, there isn’t anything like IDA-Pro for the OSS reverse engineer. There is a very excellent disassembling library, but...
View ArticleClik here to view.
decompiling myself
Figured I should try to decompile myself. The first step would be get a full dump of my DNA base pairs as letters. Looks like that’s not going to be easy though. Even a DNA stain takes a lot of steps...
View ArticleClik here to view.
color printer tracking
I’m a little behind in my Slashdot reading, so apologies to those that saw this earlier. The EFF cracked the nearly invisible finger-printing code produced by color printers. This system is used by...
View ArticleClik here to view.
ngsec games
Today I was reminded of the NGsec security games site from a DefCon CTF team-mate. (This game was actually used as a prequal for DefCon 10, which I didn’t go to. Ken told me stories about it, though.)...
View ArticleClik here to view.
flag captured
I can’t believe it. We won DefCon CTF. I have no idea what to say. It just all came together this year. Great team, great contest. And to make it even sweeter, since CTF is a “Black Badge” contest, I...
View ArticleClik here to view.
flag captured again
I thought last year was going to be a fluke. Somehow we managed to do it again. Team 1@stPlace won DefCon Capture the Flag for a second year in a row. If my sources are correct, this is the first...
View ArticleClik here to view.
catching stack overflows in gdb as they happen
Recently I was trying to help debug a stack overflow crash in wpa_supplicant. The trouble with a stack crash is that you end up without a useful call history since the stack is left partially wrecked....
View ArticleClik here to view.
World Of Goo compiled on Ubuntu
I first played World of Goo on the Wii. I loved it. Great stuff, reminded me a little of Lemmings, but way way better. Today I found out it’s also available for Linux, and I immediately downloaded it....
View ArticleClik here to view.
CryptProtect broken
Dan Rosenberg pointed me to a paper from the 2010 WOOT conference that mentions my work to implement the CryptProtect function in Wine. Their research is awesome, and it was fun to compare my attempts...
View ArticleClik here to view.
fun with game memory
So, I was testing a (closed source) single-player offline game recently and thought this exercise might be fun to document. I didn’t want to spend any time actually earning in-game money since I’d...
View Article