Today’s format has been on my list since the early days of my journey in this reverse engineering of image file formats started about a year ago. My interest in it was re-kindled by a recent comment by “RedMike” to my PIC File Format summary. The format in question is the .PAN File format from […]| Ouch my eye!
Stardate -298165.9: As is often the case, new adventures in reverse engineering are inspired by random comments that I stumble across. I was enjoying a lazy Sunday when I stumbled across this in one of the groups I participate in. The “request” (it wasn’t directed at me specifically) comes as a result of the release […]| Ouch my eye!
In my last post we took on the .RES Container File format from Nova Logic. In that post I mentioned that there was a 2nd variant of the format that we see with “F-22 Lightning II” (1996) from Nova Logic. While working on the original format we found with “Comanche 3”, I took a quick […]| Ouch my eye!
It all started so innocently. I’ve been away from the scene for a while so I was catching up on some chat history on one of the modding/gaming servers on Discord that I’m on and I stumbled across the following. Well we can’t have that now, can we? I’ll take that as a sign for […]| Ouch my eye!
As I’ve been slowly working on getting the PIC file format code into a releasable state, another title popped up. Well not so much another title, but a rare, and nearly forgotten, version of a title. In this case it’s a 16 colour EGA specific release, while the version we’ve previously looked at was targeted […]| Ouch my eye!
Sorry for the silence everyone. It’s been a tough ride the past while. I have been dealing with a serious illness with a member of my family, and have spent most of my time and energy helping…| Ouch my eye!
Having a charger installed at home for your electric car is very convenient, not only for the obvious home charging, but also for having scheduling and other features built-in. Sadly, …read more| Hackaday
A beginner-friendly tutorial on analyzing .NET malware teaches you how to use common tools, recognize techniques and understand infection chains. The post A Mega Malware Analysis Tutorial Featuring Donut-Generated Shellcode appeared first on Unit 42.| Unit 42
A gentle introduction to reverse-engineering vintage synthesiser ROMs using the Ghidra disassembler.| ajxs.me
A technical overview of how the cassette interface used in Yamaha's FM synthesisers encodes, and decodes patch data for external storage.| ajxs.me
A brief update regarding the reverse-engineering of the Yamaha DX7's firmware ROM.| ajxs.me
An introductory technical analysis of the Yamaha DX7, detailing some of the known information about the synthesiser’s engineering.| ajxs.me
My personal notes about the ELF file format| Eduardo Blázquez’s Personal Webpage
My personal notes about the Linux ptrace syscall| Eduardo Blázquez’s Personal Webpage
Hex-rays has published a second CTF where we have to uncover the location of the traitors in the story of Madame de Maintenon (the IDA Lady)| Eduardo Blázquez’s Personal Webpage
Note: This was originally a Twitter thread, and has been lightly edited for presentation here, with some additional clarifications.| Luna’s Blog
Note: This is an article from my old dev blog. External links have been updated, but the text is otherwise reposted verbatim.| Luna’s Blog
Collaboration Between Casting and Machining to Re-Engineer a Lost Component of a Vietnam-Era Patrol Boat Muskegon-based manufacturers Eagle CNC and Eagle Alloy put their capabilities to the test when they set out to replicate a key component of a Vietnam-era patrol boat as a steel casting. For the team behind the casting, this project is about more than fixing a boat; it’s about preserving history, honoring the legacy of those who served and sacrificed, and ensuring their stories continue ...| Eagle Group Blog
Sur ce post, je vais faire 2 writeups de la catégorie “Applicatif”, 1 et 2, les deux étant des challenges Buffer Overflow niveau Facile.| Chocapikk's Cybersecurity Blog 🛡️
In this post, I will explain how you can locate cross references programmatically using Python modules that are generally helpful in reverse engineering.| 0ffset Training Solutions | Practical and Affordable Cyber Security Training
“A large fraction of the flaws […]| hn security
“Rebels on the rise, we have […]| hn security
Intro In our previous article Fault […]| hn security
As part of our ongoing research of the IBM i platform we monitor news and updates related to the platform. Two weeks ago IBM published a support article about a compatibility issue affecting IBM i Access Client Solutions (ACS) when running on Windows 11 24H2. The “no man’s land” between system boundaries is always a playground for hackers, and this article was fascinating because it pointed to the Local Security Authority subsystem of Windows:| Silent Signal Techblog
Configuration of Honeywell Barcode Scanners 2024-12-02, 00:00 en Hardware USB Reverse Engineering I had recently obtained an used USB barcode scanner: A Honeywell Hyperion 1300G. These scanners can be configured to use one of multiple USB operation modes: USB Keyboard mode: The scanner emulates a…| s3lph.me
Intro This series of articles describes […]| hn security
After attending the OST2 – Exp4011 […]| hn security
I love a good crackme. It was one of the first things I practised when I did my first CTF (Pico) this year. This challenge is for newcomers to Reverse Engineering. Crackme1 Nothing special, you just need to give execution permissions to the binary and then execute it. Crackme2 This binary asks us for a […]| Sharp Security
Explore the impressive features of Gemini 1.5 Pro and learn how it revolutionizes malware analysis effortlessly. Discover its capabilities now!| Govindhtech
This post has a little bit of everything. Hardware diagnostics, some suspiciously similar datasheets from two separate Taiwan chip manufacturers, and firmware reverse engineering. Read on if that sounds like fun!| Downtown Doug Brown
Time to stop procrastinating, and distracting myself with other formats, and time to put the MicroProse PIC file format to rest – at least with what we know about it so far. This post serves to act…| Ouch my eye!
Here we go again, on yet another side quest, I didn’t mean to, but couldn’t help myself. After finishing off with the CAT file variant we saw with M1 Tank Platoon from MicroProse in my …| Ouch my eye!
We have some unfinished business with regards to the MicroProse CAT file format, it’s time to start wrapping things up. The last time when we looked at the CAT file format we determined the f…| Ouch my eye!
Hooking is a technique to intercept function calls/messages or events passed between software, or in this case malware. The technique can be used for malicious, as well as defensive cases. Rootkits for example can hook API calls to make themselves invisible from analysis tools, while we as defenders can use hooking to gain more knowledge […]| Malware and Stuff
Once again it appears we need to realign the naming of our PIC file formats. Luckily it’s only a small one this time around, and with it we also add a new title, or rather a port of a title t…| Ouch my eye!
As summer comes to an end, it’s time to get back in the seat and start reverse engineering again. While we still have some unfinished business with several formats, I thought I’d kick t…| Ouch my eye!
Well now that the RAID data has been recovered, and a new one is up and running, we can get back to some of the regular programming around these parts. Seems with my ADD and jumping around between …| Ouch my eye!
Some time ago I was using Logic Pro to record some of my music and I needed a way to start and stop the recording from an iPhone, so I found about Logic Remote and was quite happy with it. After the session, the hacker in me became curious about how the tools were communicating with each other, so I quickly started Wireshark while establishing a connection and saw something that tickled my curiosity even more: some of the data, such as the client and server names, were transmitted in cleartex...| evilsocket
Master Android malware reversal with ease using Incinerator, your trusted ally in the fight against threat actors for experts and novices alike.| Boschko Security Blog
TP-Link's TDDP programs fail to properly verify data length during parsing, leading to memory structure destruction and denial of service.| Boschko Security Blog
Simplifying the discovery of IoT/ICS 0-days. Revolutionizing embedded systems reverse engineering in a tool for everyone.| Boschko Security Blog
CVE-2022-40843 CVE-2022-40845 CVE-2022-40847 CVE-2022-40844 CVE-2022-40846 CVE-2022-41395 CVE-2022-41396 CVE-2022-42053 CVE-2022-42058 CVE-2022-42060| Boschko Security Blog
How a path across processes can be obtained from PEB's LDR linked list through QueryFullProcessImageNameW under the hood.| Boschko Security Blog
OSCP/eCPPT braindead buffer overflow guide.| Boschko Security Blog
As I have mentioned in the review, the stock firmware on the Xiaomi AX3600 wireless router is extremely limiting. On top of that, the firmware is also locked to install only authorized updates from the manufacturer. If you have been following the blog, you will know that I like the flexibility that ASUSWRT provides for […]| irq5.io
How to use Ghidra's Version Tracking to avoid reverse engineering binaries from scratch when a new software version is released.| LRQA Nettitude Labs
In my last post we left of having successfully decoded the PAK and EGA image formats used by Electronic Arts with 688 Attack Sub. In this post we will reverse the process allowing us to convert an …| Ouch my eye!
A little diversion while I wait for parts to arrive for my RAID data recovery and rebuild. Fingers crossed we don’t end up in a whole series of reverse engineering the Drobo BeyondRaid Filesy…| Ouch my eye!
After wrapping up with the SSI-IMG format yesterday, I’ve been struggling to come up with what to blog about next. My brain isn’t quite ready to jump back into the PIC format. Then I go…| Ouch my eye!
I couldn’t let it go, or at least my brain couldn’t. After decoding the SSI-IMG file format for the EGA/VGA assets I had planned to leave it at that. The dark corners of my brain, howev…| Ouch my eye!
At the request of one of my readers here, I was asked to look at another graphics asset format. This time it’s the IMG format used by Strategic Simulations, Inc. (SSI) with their 1989 release…| Ouch my eye!
Well looks like the break from the PIC file format didn’t last long. My last post we were wrapping up with the decoding of the MicroProse CAT file format when we stumbled upon what appears to…| Ouch my eye!
After practically melting my brain figuring out the LZSS compressor over the past several days, it’s time to take a break from the PIC file format for a post or two, and focus in on another f…| Ouch my eye!
With luck this will be the final post on the Bellard-LZSS compressor, allowing us to sign off on the last piece of the puzzle required to write a PIC encoder for the Railroad Tycoon Deluxe (RRDX) v…| Ouch my eye!
In my last post, we wrapped up writing our Bellard-LZSS compressor, to facilitate eventually writing a PIC93 encoder for Railroad Tycoon Deluxe (RRDX) from MicroProse. In this post we will take the…| Ouch my eye!
This post is not what I thought it would end up being about. I had plans, but it seems fate, and the dark corners of my brain, had a different path set out for me. You see after I wrapped up my las…| Ouch my eye!
Abuse the HalPrivateDispatchTable to hook SYSCALL system-wide while maintain compliance with PatchGuard on Windows 10 and 11.| Reverse Engineering
Takes a third-party crackme and teaches assembly while reverse engineering the target application. Covers data structure analysis, flow validation, and more| Reverse Engineering
Part 1 of the x86_64 assembly crash course for people looking to learn how to reverse engineer, read assembly, and understand how exploits work.| Reverse Engineering
Maybe not rewriting it, but correcting our recording of it. In my last post we analyzed the assets for a large number of titles from MicroProse that expanded our understanding of the sub variants a…| Ouch my eye!
Several posts back we looked at some other MicroProse titles and discovered that the PIC file format has evolved over the years with various titles. In this post we’re going to look at a few …| Ouch my eye!
I may or may not have rage quit at the end of the last post. I had spent so much time debugging and getting it working only to have this one file break everything… again! It was late, I was tired, …| Ouch my eye!
Now that we have our decoding of the PIC images up to a well-defined point for F15-SE2, it’s time to look and see where else MicroProse has used this format. As we know from the DarkLands doc…| Ouch my eye!
In a previous post, we left off having validated that all the parts we created for the pipeline required to decode a PIC file worked. While it was helpful in testing/debugging each part to have it …| Ouch my eye!
In my last post we left off with having a basic LZW decompressor up and running, now it’s time for tackling the RLERun-Length Encodingencoding of the data that the LZW comp…| Ouch my eye!
By the end of my last post we had established that the MicroProse PIC file format likely uses LZWLempel-Ziv-Welch compression, on top of RLERun-Length Encoding&nb…| Ouch my eye!
As we left off in my last entry, we had determined that the format was not the Pictor PC Paint .PIC file format as I had hypothesized. One of the first things to do is to search the Internet to see…| Ouch my eye!
Preface This article is a partial-rebuttal/partial-confirmation to KGOnTech’s Apple Vision Pro’s Optics Blurrier & Lower Contrast than Meta Quest 3, prompted by RoadToVR’s Quest 3 Has Higher Effective Resolution, So Why Does Everyone Think Vision Pro Looks Best? which cites KGOnTech. I suppose it’s a bit late, but it’s taken me a while to really get a good intuition for how visionOS renders frames, because there is a metric shitton of nuance and it’s unfortunately very, very easy ...| [Segmentation Fault]
Coming from our last post, we left off with the conclusion that the only real way to figure out Bluetooth would probably be to leak the at-runtime firmware being executed. From there I initially set out to attempt fishing out some data by using SPI writes to modify the firmware patches, however I was disappointed to discover some things: When writing to SPI, the firmware itself actually limits writes from 0x6000 to 0x10000, anywhere else will unfortunately be ignored entirely. My attempts to ...| [Segmentation Fault]
It’s been a little while since I last continued this series of posts, and since I’ve made quite a bit of progress since I figured I’d do a quick post on some things. With my hidtest utilities out in the open, getting results from other’s Pro Controllers took very little time. Initially, Pro Controllers worked out of the box except they disconnected after a short bit. Additionally, sending commands to only one Joy-Con would cause the other to eventually disconnect sometimes. The soluti...| [Segmentation Fault]
Earlier this week I made a short post detailing some of my endeavors towards talking to Joy-Con and getting their firmware. However, as fun as it is to have my Joy-Con in pieces talking to my ESP32, I wanted a better way to conduct research with my Joy-Con. To do this, I ended up buying a charging Joy-Con grip for about $30, a little bit costly but worthwhile if it happened to have the rail connectors I could tap into for UART (though I also had hoped when buying it, at least a little, that I...| [Segmentation Fault]
For the past few days I’ve poked around a bit with the fancy new controllers that ship with the Nintendo Switch, the Joy-Con. My primary motivation in looking at these devices mostly come back to the fact that they’re almost everything I wanted in my VR controller project: analog joysticks, four buttons, and grip buttons (to a degree). Position tracking aside, I think they’re basically perfect for VR and have huge potential as a standard Bluetooth controller as well, with some interesti...| [Segmentation Fault]
So for Christmas a few days ago I ended up getting a 1080p, 144Hz monitor, partially because I just needed a new monitor in general, but also because I wished to mirror my DK2 to it since I planned on using it as a part of my senior project product I am working on for my school. However, I came to be extremely disappointed due to the fact that, for some reason, ovrd (the background daemon which manages the Rift and ultimately provides a lot of functionality to the SDK itself) segfaulted short...| [Segmentation Fault]
So over the last week or so I was bored and decided to poke around and see how exactly the Mystery Gift protocol worked for Gen VI Pokemon games. My motivation actually came primarily from some of the findings that you could actually spoof a Hoopa by changing your SSID to “McDonalds Free Wifi”, and this made me somewhat curious as to how the differences in SSIDs were determined in finding a Mystery Gift. As a forewarning to how I conducted this research, this was all done using MITM as o...| [Segmentation Fault]
If you ever used Process Monitor to track activity of a process, you might have encountered the following pattern: The image above is a snippet from events captured by Process Monitor during the execution of x32dbg.exe on Windows 7. DNSAPI.DLL and IPHLPPAPI.DLL are persisted in the System directory, so you might question yourself: Why would …The DLL Search Order And Hijacking It Read More »| Malware and Stuff
As a reverse engineer, every now and then you encounter a situation where you dive deeper into the internal structures of an operating system as usual. Be it out of simple curiosity, or because you need to understand how a binary uses specific parts of the operating system in certain ways . One of the …PEB: Where Magic Is Stored Read More »| Malware and Stuff
As a Reverse Engineer, you will always have to deal with various anti analysis measures. The amount of possibilities to hamper our work is endless. Not only you will have to deal with code obfuscation to hinder your static analysis, but also tricks to prevent you from debugging the software you want to dig deeper …Catching Debuggers with Section Hashing Read More »| Malware and Stuff
A domain generation algorithm is a routine/program that generates a domain dynamically. Think of the following example: An actor registers the domain evil.com. The corresponding backdoor has this domain hardcoded into its code. Once the attacker infects a target with this malware, it will start contacting its C2 server. As soon as a security company …DGAs – Generating domains dynamically Read More »| Malware and Stuff
Having an overview of the running processes on the operating system is something we usually take for granted. We can’t think of working without fundamental features like that. But how does the kernel keep track of the processes, which are currently running ? Today, we take a look at the corresponding structures of the Windows …Linux/Windows Internals – Process structures Read More »| Malware and Stuff
UpnP is a set of networking protocols to permit network devices to discover each other’s presence on a network and establish services for various functionalities.Too lazy to port forward yourself ? Just enable UpnP to automatically establish working configurations with devices! Dynamic device configuration like this makes our life more comfortable for sure. Sadly it …UpnP – Messing up Security since years Read More »| Malware and Stuff
Overcoming obfuscation in binaries has always been an interesting topic for me, especially in combination with malware. Over the last weeks I’ve been playing around with Virtualised Code Protection in order to see how well I could handle it. I decided to download a simple crack-me challenge which is obfuscated with this technique. It takes …Taming Virtual Machine Based Code Protection – 1 Read More »| Malware and Stuff
Okay, I've been waiting for a long time for a case worth posting in my blog. I ran into this one during a search for much less interesting, standard challenges, for teaching newbies the basics of RE. | Ben Hayak - Security Blog
It's not uncommon to come across some kind of string encryption functionality within malware samples, often more complex than a simple single-byte XOR operation which can often be brute-forced with simplicity. By encrypting strings, malware authors are able to potentially lower the detection rate by anti-malware software, obscuring strings that may be identified as "malicious",| 0ffset Training Solutions | Practical and Affordable Cyber Security Training
I have a lot of Pull Distributiont Point to manage (near 3000..). My problem is people around the world managing Pull Distribution Point computers are not always IT. Sometimes, they remove folder for "good" reasons or whatever. And sometimes it is SCCM which makes some impressive bugs...| Franck RICHARD's Blog
In my previous article Exploring the MS-DOS Stub I stated that after experimenting, the Windows loader only cares about the e_magic and the e_lfanew members from the _IMAGE_DOS_HEADER. Because the rest of the members of the DOS header is used by MS-DOS to execute the stub program. Check it out if you have not. If […]| 🔐Blog of Osanda
A long time ago when I got my first computer, I accidentally opened a 32-bit demo with a nice chiptune inside MS-DOS and it worked. I was surprised by how this happens. I was curious to find out how this works behind the scenes. Back in the time I was a little kid and had […]| 🔐Blog of Osanda
Exploit Developer Student – XDS Course Review I first want to thank eLearnSecurity for creating such a course on this topic of exploit development. I have always been a big fan of the Windows operating system. For the past few years, I have spent a lot of time on Windows reverse engineering, Windows internals and […]| 🔐Blog of Osanda
This is kind of a shot in the dark when it comes to content. As with most of my blog, this is mainly for my own tracking and edification but I hope to provide something adequate for others. This is a subject matter I’ve been trying to break into for a while but have been struggling for quite some time. It’s definitely out my realm of comfortability, but I’m hoping this blog will help with that.| anubissec.github.io
Hacking,Information Security,Penetration Testing,Google Hacking,Google Dorking,Keith Makan,Black Hat,Security Research,InfoSec,Web Site Security| blog.k3170makan.com
In this very brief post I'm going to share a tool I've build that does binary taint analysis using Angr. There really isn't much to talk about since the code is pretty readable and not complex but I will also walk though a quick introduction to the concept and why its cool. The post will include links to all the scripts used. I should mention that the tools used here are research tools they have bugs, they don't always run so smooth and there's a bunch of cases they can't manage; but they do ...| k3170
This post is going to cover some stuff I learned while suffering through some rando keygen style reverse engineering CTFs. Basically, what do you do| k3170
Hi folks, its been a while! In this post I'm going to talk about getting started with LLVM and I'll discuss writing a basic pass which we will build on as the post series develops.| k3170
Hi folks, in the previous post I covered a simple example showing how Angr can speed up solving keygen / crackme type challenge. In this one I'm covering an explanation of how symbolic modeling of registers works with Angr and throwing in a weird little problem that required argv constraints to solve.| k3170
Hi folks, I just learned a couple nifty tricks with angr, a popular symbolic execution framework with a very slick python front end. Turns out this tool makes solving the odd crack me CTF extremely easy, I've been porting the same script around for a number of CTF challenges and it's knocking em down like nobody's business. So in the following post I'm going to give you folks a quick crash course in using the tool and show you how easy it is to solve a sample crack me.| k3170
This post is part of a series, check out the others in the series here:| k3170
In this post and the others in this series, I will unpack some of the internals to glibc's dynamic heap data structures and associated beasts. This post specifically will start you off with no background insight on the heap (perhaps a little on ELF internals and debugging), and detail some experiments you can perform to learn how the heap works.| k3170
This post is part of a series on the ELF format, if you haven't checked out the other parts of the series here they are:| k3170
So I lied a little about what would be the next in the series, I realized there was something I should have added to the previous one - which ironically was the addends about the r_addend field :) So here it is, the section on mangling r_addend fields with some other tricks I left out.| k3170
This post is part of a series on the ELF format, if you haven't checked out the other parts of the series here they are:| k3170