Liste de visionnage

This talk explores the security and accessibility of household appliances like washing machines, dryers, and dishwashers. Speakers demonstrate how to access internal components and discuss proprietary diagnostic tools like the MA Diagnostic Utility (MDU), which requires special hardware. The optical interface, present on many appliances, is analyzed for its UART communication protocol.

• reverse engineering
• IoT security
• UART interface

This presentation investigates a widespread fraud in Germany's train ticket system, specifically targeting Deutsche Bahn tickets. Researchers discovered that tickets could be purchased cheaply using fake SEPA direct debit information, which bypasses immediate payment verification. The system only checks the payment validity days later, allowing fraudulent tickets to be issued before potential revocation.

This talk explores a research project called 'WalledGardenLeaks,' which uncovered how the Great Firewall's DNS injectors can leak vast amounts of unfiltered internal network traffic. The researchers discovered that querying blocked domains in China could return responses containing leaked data from Injector 3, including internal network protocols like SSDP and UPnP, as well as user credentials. By sending millions of probes, they collected over 5 billion leaked packets, revealing sensitive information and internal management traffic.

• Great Firewall
• DNS injection
• WalledGardenLeaks

The speaker discusses the challenge of running x86 software, such as games and applications, on ARM-based systems. This issue arises because many popular software titles are compiled for x86 architectures and are not easily adaptable to ARM platforms, despite the growing prevalence of ARM in devices like laptops and tablets. The solution presented is the FAX emulator, which tackles this problem by dynamically translating x86 instructions into ARM-compatible code at runtime. FAX employs a binary recompiler that translates x86 assembly instructions into ARM instructions, using an intermediate representation to optimize performance and minimize overhead.

• emulator
• binary recompiler
• ARM
• x86

This video demonstrates the process of extracting firmware from a Chinese IP camera's flash chip using a XGecu reader. After identifying the flash chip model, the firmware is successfully read and analyzed using binwalk, revealing a writable JFS2 file system, a read-only squashfs file system, and a Linux kernel binary. During the analysis, a hardcoded password hash is discovered, and a vulnerable version of mini_httpd is identified with a buffer overflow vulnerability that could lead to memory disclosure.

• firmware extraction
• IoT security
• mini_httpd

This video demonstrates the fundamentals of IoT pentesting by obtaining root access via hardware interfaces. Starting with physical disassembly of an overseas IP camera, the presenter identifies a UART interface using specialized tools. By connecting to this interface, a root shell is gained, revealing hardcoded credentials and bootloader vulnerabilities.

• IoT security
• hardware security
• UART interface

This video demonstrates how to reverse engineer Bluetooth packets for smart home devices. It covers using developer options on Android devices to capture Bluetooth traffic via HCI snoop logs, extracting and analyzing these logs in Wireshark with specific filters like BTLE to isolate low energy packets, and understanding how devices communicate. The practical goal is crafting custom packets to send commands like turning devices on or off, achieved through Python scripting.

• BLE
• network security
• Wireshark

This video explores reverse engineering and hacking a Unity game to modify gameplay. It demonstrates techniques such as using reflection to access game data, DLL hijacking to inject custom code, and hooking into the game's rendering engine to alter visuals. The process involves decompiling Unity's C# code, identifying key game mechanics like power-ups and slot machines, and overcoming debugging challenges.

• game reverse engineering
• DLL hijacking

This talk explores the reverse engineering of Denuvo's anti-tamper protection in Hogwarts Legacy. It explains that Denuvo protects game licenses rather than preventing copying, using unique hardware fingerprints and runtime validation. The presenter details their bypass technique involving thousands of hooks to simulate valid fingerprints from another PC, resulting in a stable but patched game. The analysis shows minimal performance impact during gameplay but significant during transitions.

• Denuvo
• reverse engineering
• anti-tamper
• fingerprint

This video details the process of debugging and fixing a crashing issue in the 2006 point-and-click adventure game Keepsake. The issue involved memory corruption during gameplay, particularly when navigating through specific areas. The creator used debugging tools to analyze the problem, identified the root cause in a pathfinding algorithm, and implemented a binary patch to resolve the crashes.

• game reverse engineering
• memory corruption
• binary patching
• reverse engineering

This video explores the process of analyzing and bypassing the DRM protection in the old racing game, Michelin Rally Masters. The creator discovers the game uses a custom library called RLM32.dll to obfuscate Windows API calls, making debugging difficult. By using hardware breakpoints, they find a way to intercept and resolve these obfuscated calls without triggering the game's anti-debugging checks.

• DRM bypass
• function obfuscation

This video explores the challenges of preserving and running old games, using the example of Discworld Noir, which has compatibility issues with modern systems due to outdated DRM and obfuscation techniques. The creator employs reverse engineering tools, debuggers, and decompilers to bypass these barriers, including patching anti-debug checks and creating emulated drivers to enable gameplay.

• reverse engineering
• DRM bypass
• obfuscation

An analysis of why an old real-time strategy game fails to start on Windows 11, focusing on a specific DLL loading issue. The game, released in 1998, gets stuck during initialization due to a bug in how Windows 11 handles DLL initialization threads, leading to a deadlock. The solution involved replacing the game's outdated draw.dll with a compatibility library that resolves the threading conflict.

• game reverse engineering
• DLL hijacking

Apple intentionally included a private API within its widget system to support smooth animations in its own Clock app, despite previously restricting such features for third-party developers. This creates an uneven playing field, allowing Apple apps to bypass standard limitations. Developers have found workarounds, primarily using the built-in timer component with custom fonts to create animations, though achieving high frame rates remains challenging.

• iOS internals

A Windows 11 update caused crashes in the Alpha Centauri expansion 'Alien Crossfire' due to undefined behavior in the game code. The issue arises from the game relying on uninitialized stack memory, which was previously harmless due to a specific stack state. The update altered this state, leading to a crash. The problem stems from the game code rather than Windows itself. Solutions include a community mod or applying a patch to preserve the old behavior.

• software bugs

This video explores the challenges of playing an old James Bond game due to its restrictive DRM. The creator attempts to bypass the activation system through various methods, including reverse engineering the key validation process. The game's reliance on outdated DRM, specifically SafeDisc, prevents it from running on modern operating systems, highlighting compatibility issues with legacy software.

• reverse engineering
• SafeDisc
• DRM bypass

This video explores the possibility of embedding a complete 3D game into a YouTube thumbnail image. The creator demonstrates how to compress game code and assets using techniques like procedural generation, compiler optimizations, and efficient OpenGL rendering. Starting from a basic 'hello world' example, the video shows how to progressively build a small FPS game within the 2MB PNG size limit, using simplified math functions, procedural textures, and instance rendering to minimize file size. The result is a functional, albeit minimalistic, game rendered entirely through the image.

• PNG embedding
• game reverse engineering

This video details the process of reverse engineering and modifying an old, obscure game called 'A Bugs Life'. The author discovers a peculiar installer that triggers an unexpected error, leading to a patching exercise. The game was designed to require a physical disc, but the author bypasses this by patching the executable to ignore a specific check and hooking a function to load files from a local drive instead of the CD. The game's manual contains unusual warnings about epilepsy and screen distance. The reverse engineering reveals a logging function that helps understand the game's runtime behavior.

• game reverse engineering
• reverse engineering
• disc checking

This video explores how to debug iOS apps that implement strong protections against debugging, such as PT_DENY_ATTACH. It explains how PT_DENY_ATTACH works by exiting an app if a debugger is attached, and demonstrates two methods to bypass it. The first approach involves setting a breakpoint before the PT_DENY_ATTACH call in a simulator environment. The second, more advanced method, uses direct kernel-level system calls via inline assembly to replicate the same functionality without invoking the private API directly.

• iOS internals
• PT_DENY_ATTACH
• debugging protections

This video explores the challenges of running an old video game blocked by DRM. The user initially tries a standard crack but finds it ineffective due to the game's anti-debugging and obfuscation techniques. Using a debugger (x64dbg), he intercepted the game's error message related to missing CD requirements and traced the issue back to a SecuROM DRM component. Further analysis reveals the game's executable is encrypted with a key stored on the original CD. The user then attempts to dump the executable and faces obfuscation designed to prevent analysis. To bypass the DRM, he developed a custom 32-bit debugger tool that automates the process of identifying and patching out the DRM checks by modifying function calls in memory.

• DRM bypass
• reverse engineering
• debugging
• SecuROM
• obfuscation

This video details the process of making an obscure 2000 game compatible with modern Windows systems, primarily Windows 11. Initial attempts resulted in a blank screen or crashes. The approach involved using a VM for safety, debugging tools to identify issues, and specialized software like cff Explorer and IDA to analyze the game's executable. Key techniques included modifying section permissions, hooking DirectDraw functions via code caves or manipulating the Import Address Table (IAT), and adjusting window creation parameters.

• game reverse engineering
• code caves
• IAT

This video details the process of running an outdated game, The Sims 2, which no longer receives support from its publisher. The journey begins with acquiring a CD rip of the game, but the installer requires a unique key that is not available. The creator uses a debugger to reverse engineer the key validation system, discovering a complex algorithm involving multiple transformations and checksums. After successfully replicating the key generation algorithm in C++, the focus shifts to bypassing the game's anti-debugging measures and a mysterious runtime unpacking mechanism.

• reverse engineering
• game reverse engineering
• DRM bypass
• key cracking

This video explores the process of modifying Diablo II, a game originally released in 1999, to render with modern graphics APIs. The core challenge involves reverse engineering the game's reliance on the Glide API, an older graphics interface not supported by modern hardware. The creator achieves this by creating a Glide emulation layer that translates the game's API calls into Vulkan, a modern graphics API. The process involves debugging, understanding API specifications, and handling specific game mechanics like texture loading and rendering commands.

• game reverse engineering
• Vulkan

This video details the process of reverse engineering the AI decision-making in the original Age of Empires game. The creator explores assembly code and strings to understand how the AI determines what to build next, analyzes logging mechanisms, examines how different civilizations are configured for AI gameplay, and investigates specific functions related to AI tasks and player data. The reverse engineering involves patching code to test logging functionality and understanding how the AI's behavior is structured.

• reverse engineering
• AI mechanics

This exploration delves into reverse engineering the original Age of Empires game to understand its AI mechanics. Starting with analyzing AI files containing action instructions (like 'U' for unit, 'R' for research), the focus shifts to disassembling the game code using tools like Ghidra. Key findings include identifying the structure of AI commands, understanding how the game loads and processes these files, and figuring out how the AI determines priorities and executes actions.

• reverse engineering
• AI mechanics

iOS allows apps to provide alternate static icons via the setAlternateIconName API, which can be exploited to create a false animation effect. The method triggers a user alert upon each call, and doesn't work in the background. Reverse engineering the system code revealed that a private method, underscore_setAlternateIconName, handles the actual icon change without displaying the alert. By calling this private method directly, developers can bypass the alert and achieve smooth icon transitions, though background functionality remains limited.

• private API
• iOS internals

This video explores methods to hack the game Balatro by injecting custom code to achieve an impossible score. The creator examines the game's use of the LÖVE engine and its reliance on the LÖVE scripting language. Techniques include modifying the game's executable structure, embedding custom LÖVE code, and injecting code while the game is running. Specific steps involve patching LÖVE functions to intercept calls, detouring execution to save game state, and manipulating game mechanics like adding unlimited Jokers.

• code injection
• game reverse engineering

This video explores the challenge of playing an abandoned game due to publisher restrictions, using the example of 'Black and White'. The author discovers that the game requires a key for activation, but reverse engineering tools like IDA and x64dbg reveals the key validation algorithm. By analyzing the code, they understand the validation rules and use brute force techniques to generate a valid key.

• reverse engineering
• keygen
• game reverse engineering

This video details the process of reverse engineering a horror game called 'I'm On Observation Duty' to detect anomalies without jump scares. The creator dislikes traditional horror elements and instead focuses on the game's core mechanic of monitoring multiple camera feeds for strange occurrences. The approach involves several steps: first, using a program to capture and compare screen images, but this fails due to the game's TV static effect. Then, decompiling the Unity game's C code reveals how anomalies are managed. Finally, dynamic memory analysis allows tracking the anomaly list in real-time, enabling automated detection and reporting.

• game reverse engineering
• dynamic analysis

This video explores the process of reverse engineering the TikTok iOS app to filter its content exclusively to cat videos. The creator outlines two main approaches: intercepting network requests to modify API responses, and analyzing the app's UI layer to identify the data source for posts. Initial attempts to intercept network traffic faced challenges like certificate pinning, leading to a shift toward debugging the UI layer using tools like lldb.

• reverse engineering
• network security
• certificate pinning

This video explores the challenges of running a classic game, Worms 2, on modern Windows systems. Despite its release in 1997, the game fails to launch properly on Windows 11 due to legacy audio library dependencies. Through debugging tools, the creator identifies that the game is attempting to load audio files from a CD, a common practice back then but problematic on modern systems. A solution involves modifying a third-party DLL to redirect audio loading. Additionally, the creator delves into the game's code to understand why certain menu items are missing, tracing the menu rendering process and the button click handling mechanism.

• game reverse engineering
• reverse engineering
• DLL patching