#reverse-engineering

Remora adhesive disks are an evolutionary adaptation of the fish’s first dorsal fin, the one that in other species sits on top of the body, just behind the head and gill covers. The disk rests on an intercalary backbone—a bone structure that most likely evolved from parts of the spine. This bony structure supports lamellae, specialized bony plates with tiny backward-facing spikes called spinules. The entire disk is covered with soft tissue compartments that are open at the top. “This makes the remora fish adhere very securely to soft-bodied, fast-moving marine hosts,” Traverso says.

This tutorial actually works for all Macromedia Director games, not just Eastern Mind!

To set up Director, download the installer from here: http://download.macromedia.com/pub/director/updates/mx2004/win/dmx2004_101_update_en.exe In newer versions of Windows, you may need to run both the installer and the program itself in Compatibility Mode for Windows XP. When you're prompted for a license key, type the following: DRD100-50836-87264-59396

In order to export, download these Xtras: Sharp Export http://web.archive.org/web/20070214181137/http://www.sharp-software.com:80/xtras/SharpExport.zip Audio Xtra - http://xtras.tabuleiro.com/download/audio.htm Extract them and place the .x32 files in this directory: C:\Program Files (x86)\Macromedia\Director MX 2004\Configuration\Xtras\Scripting.

Now open Director and create a new movie (Ctrl+N). Press CTRL + Shift + U to create a new script. Link each game file to your movie (CTRL + Shift + C; Link...). Each file needs to have a ".dir" extension; don't use a game version with protected ".dxr" files. Be sure to select "all files" from the "files of type" dropdown, or your files will not appear. If any dialogs (such as "locate replacement") show up just dismiss them. (Note: If you really need to export from protected files, download DirOpener from here -  http://web.archive.org/web/20150512145925/http://www.j-roen.net/diropener/dirOpener300-702-1-PC.zip You can use DirOpener to convert the dxr files.)

Once all the files are linked, go back to your script window and paste in the code from here: https://pastebin.com/QWvHzzfd

Next, find the folder on your computer that you want to put your new files in. Copy the path to that folder. In Director, find "your_path_here" in the script and replace it with the path you just copied. Make sure you don't delete the quotes! Press Shift-F8 to save your changes.

Press Ctrl-M to bring up Director's message window. To export all of the game's pictures, type "exportImages" (without the quotes) and hit enter. To export all the sounds, type "exportAudio" (without the quotes) and hit enter. The files should appear in the folder on your computer that you defined.

Congratulations, you're done!

Researchers analyze the security of MIFARE Classic cards, focusing exclusively on card-only attacks. They uncover multiple new attack vectors by examining the CRYPTO-1 algorithm, existing vulnerabilities, and a novel countermeasure.  Through a combination of reverse engineering, cryptanalysis, and experimental analysis, they demonstrate the ability to extract card data and keys, clone cards, and…

I recently saw a tweet from FireEye that they have updated the flare VM system and now it comes with a method for installing and uninstalling reverse engineering tools and many updates to the old tools along with numerous new ones, especially for malicious document analysis. More information about the update can be found here.

I have tried installing the VM once before but quickly gave up as my university proxy was constantly swatting all the download requests down from the chocolatey and BoxStarter interfaces. Seeing this blog post, I finally decided I should give this a chance and try and figure out why my machine is not responding the way I would like it to.

The problem lies in at the proxy server level. The way our sysadmin has set up the proxy, for every request or connection, there is a need for authentication form the service. Weirdly enough setting up or trying to update the connection setting already loaded in the Powershell does not work OR at least I could not find a way for it to update and reflect my credentials.

Software Defined Radio (SDR) and Radio Frequency (RF) analysis have been becoming significantly more popular in recent years. Software & hardware advancements, particularly in the open source arena, have undoubtedly contributed to the SDR becoming something of a zeitgeist in the security community. As a former software engineer, I set out to automate the process of translating signals employing simple modulation schemes to raw binary data. The modulation schemes of greatest interest to me, due to their sheer popularity in the automotive, internet of things (IOT), and home automation/security industries, are On-Off Keying (OOK), and Frequency-Shift Keying (FSK/2FSK).

I started out using GQRX to record RF transmissions, storing them as wave files, and then attempting to analyse them visually in the open-source audio tool: Audacity. As a beginner to SDR & RF, I found this quite daunting. GQRX is undoubtedly a powerful application, however, it is was not the right fit for reverse engineering data. It felt non-intuitive and required hefty configuration based on the type of signal you were attempting to analyse. Further, the output features were not designed to allow the user to observe changes in frequency.

I found a new cross-platform tool called Inspectrum. Inspectrum visualises both the frequency shifts, and the amplitude values, of RF signals. It also supports the raw file format (complex 32-bit floating point) produced by osmocom_fft, which is a simple but effective tool for capturing and persisting true representations of RF transmissions.

With a reliable means of viewing both OOK and 2FSK signals, the process I'd follow to reverse engineer signals in Inspectrum, was to use its grid overlay to help determine the baudrate of the transmission, and visually decode it. This process was very similar to the process I was previously following with Audacity, but this approach had a few significant differences: improved reliability of transmissions, ability to inspect frequency shifts, and the somewhat automatic calculation of the transmission's baudrate.

As a former software engineer, I have a tendancy to become inspired to build tools to automate tasks as they become tedious to perform. Once I felt I had a solid grasp on the identification and demodulation of these signals, I set out to build a wrapper for Inspectrum. The wrapper assesses the amplitude measurements, or frequency shifts, that are reported by Inspectrum. The wrapper uses the average of the provided values as a threshold. When a cell's value falls below the threshold, the wrapper determines that the value is a binary '0', and when it is above the threshold, it records the value as a '1'. It then returns this raw binary data as output, in addition to the binary's hex and ascii translations.

With this automated, my reverse engineering process had seen a significant gain in efficiency and was nowhere near as error prone as my previous process was. However, at this stage, I still had to compare signals by sight. I developed an enhancement for the wrapper that turned it into an interactive console. Another two features were included: the semi-automatic comparison of two portions of a transmission in the same file, and the semi-automatic comparison of two signals in separate files.

I went through the process of (re)reverse engineering some of my RF transmitting devices, and found that the average time to determine their binary values, and whether they employ rolling code systems, or have separate functions, has been reduced from an average of 1 hour per device to approximately 5 minutes.

Figure 1: dspectrum providing an automated comparison of two 2FSK signals

I have created a short video demonstrating the wrapper application. In this demonstration, I am comparing two separate signals produced by 'twin' devices with different codes/identifiers. I was able to determine which portion of the signal contained the codes/identifiers for this unit in approximately 2 minutes.

The wrapper (dubbed: dspectrum): https://github.com/tresacton/dspectrum