jm + reverse-engineering   10

How they did it: an analysis of emissions defeat devices in modern automobiles
Using CurveDiff, the team analysed 963 firmware images, for which analysis completed successfully for 924. 406 of the analysed images contained a defeat device, out of which 333 contained at least one active profile. In at least 268 images, the test detection affects the EGR. Firmware images released on Dec 3rd 2014 are used in VW Passat cars, and include the refinement to the defeat device to detect steering wheel angle that we discussed previously.
cars  driving  emissions  diesel  volkswagen  law  regulation  firmware  reverse-engineering 
4 weeks ago by jm
Reverse engineering the 76477 "Space Invaders" sound effect chip from die photos
Now _this_ is reversing:
Remember the old video game Space Invaders? Some of its sound effects were provided by a chip called the 76477 Complex Sound Generation chip. While the sound effects1 produced by this 1978 chip seem primitive today, it was used in many video games, pinball games. But what's inside this chip and how does it work internally? By reverse-engineering the chip from die photos, we can find out. (Photos courtesy of Sean Riddle.) In this article, I explain how the analog circuits of this chip works and show how the hundreds of transistors on the silicon die form the circuits of this complex chip.
space-invaders  games  history  reverse-engineering  chips  analog  sound-effects 
11 weeks ago by jm
Extracting the SuperFish certificate
not exactly the most challenging reverse I've ever seen ;)
reverse-engineering  security  crypto  hacking  tls  ssl  superfish  lenovo 
february 2015 by jm
From Gongkai to Open Source
This is an amazing post from Bunnie Huang, reverse engineering the Mediatek MT6260 to make "Fernvale", an open, hackable reference platform. Also worth noting for the "facts are not copyrightable" section regarding the legality of extracting memory locations and bitmasks from a copyrighted include file...

'We released Fernvale because we think it’s imperative to exercise our fair use rights to reverse engineer and create interoperable, open source solutions. Rights tend to atrophy and get squeezed out by competing interests if they are not vigorously exercised; for decades engineers have sat on the sidelines and seen ever more expansive patent and copyright laws shrink their latitude to learn freely and to innovate. I am saddened that the formative tinkering I did as a child is no longer a legal option for the next generation of engineers. The rise of the Shanzhai and their amazing capabilities is a wake-up call. I see it as evidence that a permissive IP environment spurs innovation, especially at the grass-roots level. If more engineers become aware of their fair use rights, and exercise them vigorously and deliberately, perhaps this can catalyze a larger and much-needed reform of the patent and copyright system.'

Freedom to tinker!
opensource  china  gongkai  tinkering  reverse-engineering  bunnie-huang  open-source  mediatek  copyright  facts  fair-use  shanzhai  patents 
december 2014 by jm
#BPjMleak
'Leak of the secret German Internet Censorship URL blacklist BPjM-Modul'.

Turns out there's a blocklist of adult-only or prohibited domains issued by a German government department, The Federal Department for Media Harmful to Young Persons (German: "Bundesprüfstelle für jugendgefährdende Medien" or BPjM), issued in the form of a list of hashes of those domains. These were extracted from an AVM router, then the hashes were brute forced using several other plaintext URL blocklists and domain lists.

Needless to say, there's an assortment of silly false positives, such as the listing of the website for the 1997 3D Realms game "Shadow Warrior": http://en.wikipedia.org/wiki/Shadow_Warrior
hashes  reversing  reverse-engineering  germany  german  bpjm  filtering  blocklists  blacklists  avm  domains  censorship  fps 
july 2014 by jm
Reversing Sinclair's amazing 1974 calculator hack - half the ROM of the HP-35
Amazing reverse engineering.
In a hotel room in Texas, Clive Sinclair had a big problem. He wanted to sell a cheap scientific calculator that would grab the market from expensive calculators such as the popular HP-35. Hewlett-Packard had taken two years, 20 engineers, and a million dollars to design the HP-35, which used 5 complex chips and sold for $395. Sinclair's partnership with calculator manufacturer Bowmar had gone nowhere. Now Texas Instruments offered him an inexpensive calculator chip that could barely do four-function math. Could he use this chip to build a $100 scientific calculator?
Texas Instruments' engineers said this was impossible - their chip only had 3 storage registers, no subroutine calls, and no storage for constants such as π. The ROM storage in the calculator held only 320 instructions, just enough for basic arithmetic. How could they possibly squeeze any scientific functions into this chip?

Fortunately Clive Sinclair, head of Sinclair Radionics, had a secret weapon - programming whiz and math PhD Nigel Searle. In a few days in Texas, they came up with new algorithms and wrote the code for the world's first single-chip scientific calculator, somehow programming sine, cosine, tangent, arcsine, arccos, arctan, log, and exponentiation into the chip. The engineers at Texas Instruments were amazed.

How did they do it? Up until now it's been a mystery. But through reverse engineering, I've determined the exact algorithms and implemented a simulator that runs the calculator's actual code. The reverse-engineered code along with my detailed comments is in the window below.
reversing  reverse-engineering  history  calculators  sinclair  ti  hp  chips  silicon  hacks 
august 2013 by jm
Literate Jenks Natural Breaks and How The Idea Of Code is Lost
A crazy amount of code archaeology to discover exactly an algorithm -- specifically 'Jenks natural breaks", works, after decades of cargo-cult copying (via Nelson):

'I spent a day reading the original text and decoding as much as possible of the code’s intention, so that I could write a ‘literate’ implementation. My definition of literate is highly descriptive variable names, detailed and narrative comments, and straightforward code with no hijinks.

So: yes, this isn’t the first implementation of Jenks in Javascript. And it took me several times longer to do things this way than to just get the code working.

But the sad and foreboding state of this algorithm’s existing implementations said that to think critically about this code, its result, and possibilities for improvement, we need at least one version that’s clear about what it’s doing.'
jenks-natural-breaks  algorithms  chloropleth  javascript  reverse-engineering  history  software  copyright  via:nelson 
february 2013 by jm
ChessBase.com - Chess News - A Gross Miscarriage of Justice in Computer Chess (part two)
An amazing article, via Nelson Minar -- careful examination of the evolution of chess programs over the past 8 years appears to show clear signs of code/algorithm copying and unauthorised reverse engineering -- by many of the developers. 'Dr Søren Riis of Queen Mary University in London shows how most programs (legally) profited from Fruit, and subsequently much more so from the (illegally) reverse engineered Rybka. Yet it is Vasik Rajlich who was investigated, found guilty of plagiarism, banned for life, stripped of his titles, and vilified in the international press – for a five-year-old alleged tournament rule violation. Ironic.'
chess  code  games  open-source  licensing  reverse-engineering  copyright  infringement  via:nelson 
january 2012 by jm
Mallory: Transparent TCP and UDP Proxy – Intrepidus Group - Insight
'a transparent TCP and UDP proxy. It can be used to get at those hard to intercept network streams, assess those tricky mobile web applications, or maybe just pull a prank on your friend.'  basically, cause wifi clients to associate with an Ubuntu host, then sniff their packets
proxy  security  network  sniffing  transparent-proxies  mobile  reverse-engineering  from delicious
april 2011 by jm
Security Fix - Clampi Trojan: The Rise of Matryoshka Malware
'[Joe] Stewart said the sophistication and stealth of this malware strain has become so bad that it's time for Windows users to start thinking of doing their banking and other sensitive transactions on a dedicated system that is not used for everyday Web surfing.' it's that bad
joe-stewart  secureworks  malware  reverse-engineering  clampi  trojans  banking  security  danger  risks  windows  microsoft  fraud 
august 2009 by jm

Copy this bookmark:



description:


tags: