Liste de visionnage

An old RPG called Vanetica crashes consistently when interacting with a specific character during dialogue, despite functioning properly elsewhere. Reverse engineering revealed the issue stemmed from an improperly configured camera transition, specifically a double pop operation that left a critical value uninitialized. The fix involved modifying a shared data file to correct corrupted data.

• game reverse engineering
• reverse engineering
• debugging

This video explores the intricate process behind a developer tool that hooks and swizzles methods across entire iOS frameworks, demonstrating how to dynamically intercept and modify method calls. The tutorial dives into memory remapping techniques, leveraging relative and absolute addressing to create self-replicating trampolines.

• hooking
• iOS
• dynamic code injection

This video details the process of reverse engineering a smart cooking pot, specifically the Krups Cook4Me, to run the video game Doom on its touchscreen interface. The device was disassembled to identify key components, including an ESP32 Wi-Fi module, an STM32 microcontroller, and a Renesas R7S72103 (or similar) main processor. Firmware was dumped, and the system was modified to support the game, resulting in a functional Doom experience running on the cooking pot's display and touch controls.

• ESP32
• STM32
• firmware extraction
• reverse engineering

This video explores the inner workings of Denuvo DRM by analyzing its hardware-based checks in Formula 1 2016, a game using an early version of the system. The process involves bypassing Denuvo's token validation by reverse-engineering its virtualization layer (VMP2), patching CPU ID checks, and intercepting hardware ID reads to spoof system-specific data. The project highlights the complexity of Denuvo's anti-tamper mechanisms and the technical hurdles of reverse engineering obfuscated code.

• Denuvo
• DRM
• reverse engineering
• anti-tamper
• fingerprint

This video demonstrates the vulnerability of a common Chinese GPS tracker, the GL 320 MG. The analysis reveals that the device transmits location data over cellular networks. By using a logic analyzer, the specific UART communication channel (PA2 and PA3) and baud rate (115200) are identified.

• reverse engineering
• IoT security
• UART

This talk explores the security and accessibility of household appliances like washing machines, dryers, and dishwashers. Speakers demonstrate how to access internal components and discuss proprietary diagnostic tools like the MA Diagnostic Utility (MDU), which requires special hardware. The optical interface, present on many appliances, is analyzed for its UART communication protocol.

• reverse engineering
• IoT security
• UART

This presentation investigates a widespread fraud in Germany's train ticket system, specifically targeting Deutsche Bahn tickets. Researchers discovered that tickets could be purchased cheaply using fake SEPA direct debit information, which bypasses immediate payment verification. The system only checks the payment validity days later, allowing fraudulent tickets to be issued before potential revocation.

This talk explores a research project called 'WalledGardenLeaks,' which uncovered how the Great Firewall's DNS injectors can leak vast amounts of unfiltered internal network traffic. The researchers discovered that querying blocked domains in China could return responses containing leaked data from Injector 3, including internal network protocols like SSDP and UPnP, as well as user credentials. By sending millions of probes, they collected over 5 billion leaked packets, revealing sensitive information and internal management traffic.

• Great Firewall
• DNS injection
• WalledGardenLeaks

The speaker discusses the challenge of running x86 software, such as games and applications, on ARM-based systems. This issue arises because many popular software titles are compiled for x86 architectures and are not easily adaptable to ARM platforms, despite the growing prevalence of ARM in devices like laptops and tablets. The solution presented is the FAX emulator, which tackles this problem by dynamically translating x86 instructions into ARM-compatible code at runtime. FAX employs a binary recompiler that translates x86 assembly instructions into ARM instructions, using an intermediate representation to optimize performance and minimize overhead.

• emulator
• binary recompiler
• ARM
• x86

A security researcher details their journey hacking Free's Freebox HD set-top box from 2006 to restore disabled FTP download functionality. The exploit chain began with a buffer overflow vulnerability in PRBoom's save file handling, allowing arbitrary code execution. This was followed by discovering a stack-based overflow in the Linux kernel's HFS Plus filesystem driver to achieve privilege escalation. With root access obtained, the researcher bypassed the chroot jail, modified PVR configuration files to re-enable recording downloads, and explored the device's architecture including its IPsec networking, SSH access controls, and custom HTTP RPC interface.

• buffer overflow
• reverse engineering

This video details the process of reverse engineering a sub-gigahertz remote for a smart fireplace to integrate it with Home Assistant. The creator initially struggled with tools like the Flipper Zero but found success using an SDR (Software Defined Radio) and the UR (Universal Radio Hacker) software. Key steps include identifying the remote's frequency and modulation, capturing and splitting signal segments, analyzing the data structure, and generating a replayable signal.

• reverse engineering
• SDR
• ESP32
• RF signal

This video examines a vulnerability in iOS's image processing logic, specifically within the raw camera library used by applications like WhatsApp. The vulnerability was found to be exploited in the wild as a zeroclick exploit. A zeroclick exploit allows remote code execution on vulnerable iPhones without any user interaction, combining a flaw in WhatsApp that triggers image processing with a memory corruption issue in the DNG image format handler. The root cause was identified as a mishandled condition in the decoding logic, where incorrect image format parameters led to excessive looping and out-of-bounds memory writes.

• iOS
• zeroclick
• reverse engineering
• DNG format
• RCE
• heap overflow

This video analyzes network traffic from the SuperBox Android set-top box, revealing that most communication uses unencrypted HTTP despite some TLS usage. The analysis exposes hardcoded lookups and clear-text data transmission for content distribution, raising security and privacy concerns.

• IoT security
• network analysis

This video demonstrates using AI tools to reverse engineer and analyze the SuperBox S6 Pro app for malware. The process involves decompiling the APK with APKTool and Jadx, revealing excessive permissions, hardcoded URLs, and suspicious behavior.

• malware analysis
• reverse engineering
• IoT security

This video demonstrates gaining root access to the SuperBox S6 Pro Android TV box to investigate potential malware. The process involves hardware hacking techniques including opening the device, locating the UART debug port, and using a logic analyzer to dump the firmware for security analysis.

• IoT security
• hardware security
• firmware extraction
• malware analysis

This video demonstrates a vulnerability in a Chinese IP camera allowing remote takeover without authentication. The researcher found that certain ONVIF API endpoints, which should require authentication, are accessible without credentials. A custom tool, ONVIF Scan, was used to identify these insecure endpoints.

• IoT security
• pentesting

This video demonstrates the process of extracting firmware from a Chinese IP camera's flash chip using a XGecu reader. After identifying the flash chip model, the firmware is successfully read and analyzed using binwalk, revealing a writable JFS2 file system, a read-only squashfs file system, and a Linux kernel binary. During the analysis, a hardcoded password hash is discovered, and a vulnerable version of mini_httpd is identified with a buffer overflow vulnerability that could lead to memory disclosure.

• firmware extraction
• IoT security
• mini_httpd

A 2-year experiment testing fast vs. slow charging on 40+ smartphones found minimal difference in battery degradation (around 0.5%). Keeping batteries between 30-80% helps slightly reduce wear. Modern batteries age slowly, with performance issues only appearing below 85-80% health.

• electronics

This video demonstrates the fundamentals of IoT pentesting by obtaining root access via hardware interfaces. Starting with physical disassembly of an overseas IP camera, the presenter identifies a UART interface using specialized tools. By connecting to this interface, a root shell is gained, revealing hardcoded credentials and bootloader vulnerabilities.

• IoT security
• hardware security
• UART

This video demonstrates how to reverse engineer Bluetooth packets for smart home devices. It covers using developer options on Android devices to capture Bluetooth traffic via HCI snoop logs, extracting and analyzing these logs in Wireshark with specific filters like BTLE to isolate low energy packets, and understanding how devices communicate. The practical goal is crafting custom packets to send commands like turning devices on or off, achieved through Python scripting.

• BLE
• network security
• Wireshark

This video explores reverse engineering and hacking a Unity game to modify gameplay. It demonstrates techniques such as using reflection to access game data, DLL hijacking to inject custom code, and hooking into the game's rendering engine to alter visuals. The process involves decompiling Unity's C# code, identifying key game mechanics like power-ups and slot machines, and overcoming debugging challenges.

• game reverse engineering
• DLL hijacking

This talk explores the reverse engineering of Denuvo's anti-tamper protection in Hogwarts Legacy. It explains that Denuvo protects game licenses rather than preventing copying, using unique hardware fingerprints and runtime validation. The presenter details their bypass technique involving thousands of hooks to simulate valid fingerprints from another PC, resulting in a stable but patched game. The analysis shows minimal performance impact during gameplay but significant during transitions.

• Denuvo
• reverse engineering
• anti-tamper
• fingerprint

This video details the process of debugging and fixing a crashing issue in the 2006 point-and-click adventure game Keepsake. The issue involved memory corruption during gameplay, particularly when navigating through specific areas. The creator used debugging tools to analyze the problem, identified the root cause in a pathfinding algorithm, and implemented a binary patch to resolve the crashes.

• game reverse engineering
• memory corruption
• binary patching
• reverse engineering

This video explores the process of analyzing and bypassing the DRM protection in the old racing game, Michelin Rally Masters. The creator discovers the game uses a custom library called RLM32.dll to obfuscate Windows API calls, making debugging difficult. By using hardware breakpoints, they find a way to intercept and resolve these obfuscated calls without triggering the game's anti-debugging checks.

• DRM bypass
• function obfuscation

This video explores the challenges of preserving and running old games, using the example of Discworld Noir, which has compatibility issues with modern systems due to outdated DRM and obfuscation techniques. The creator employs reverse engineering tools, debuggers, and decompilers to bypass these barriers, including patching anti-debug checks and creating emulated drivers to enable gameplay.

• reverse engineering
• DRM bypass
• obfuscation

This video shows upgrading the ASUS ROG Ally from 16GB to 32GB RAM by desoldering the original Micron chips and installing Samsung K3L KC0BM chips. The process requires specialized soldering tools and careful motherboard work.

• soldering
• electronics

An analysis of why an old real-time strategy game fails to start on Windows 11, focusing on a specific DLL loading issue. The game, released in 1998, gets stuck during initialization due to a bug in how Windows 11 handles DLL initialization threads, leading to a deadlock. The solution involved replacing the game's outdated draw.dll with a compatibility library that resolves the threading conflict.

• game reverse engineering
• DLL hijacking

Apple intentionally included a private API within its widget system to support smooth animations in its own Clock app, despite previously restricting such features for third-party developers. This creates an uneven playing field, allowing Apple apps to bypass standard limitations. Developers have found workarounds, primarily using the built-in timer component with custom fonts to create animations, though achieving high frame rates remains challenging.

• iOS internals

A Windows 11 update caused crashes in the Alpha Centauri expansion 'Alien Crossfire' due to undefined behavior in the game code. The issue arises from the game relying on uninitialized stack memory, which was previously harmless due to a specific stack state. The update altered this state, leading to a crash. The problem stems from the game code rather than Windows itself. Solutions include a community mod or applying a patch to preserve the old behavior.

• software bugs

This video shows repairing a MacBook Air with a drilled M1 chip. The damage was too severe for chip reballing, requiring a full board swap by transferring the SOC from a compatible donor Mac.

• electronics
• soldering

This video explores the challenges of playing an old James Bond game due to its restrictive DRM. The creator attempts to bypass the activation system through various methods, including reverse engineering the key validation process. The game's reliance on outdated DRM, specifically SafeDisc, prevents it from running on modern operating systems, highlighting compatibility issues with legacy software.

• reverse engineering
• SafeDisc
• DRM bypass

This video demonstrates a reverse engineering process focused on uncovering a vulnerability in a microcontroller that allows unauthorized access to its memory. Using specialized hardware like oscilloscopes and the ChipWhisperer-Husky, the presenter analyzes power consumption and signal timing to identify a fault injection point. The vulnerability, described as a zero-day issue, arises from how the chip handles power cycles versus simple resets, enabling an attacker to manipulate the chip's behavior.

• reverse engineering
• microprocessor vulnerabilities
• 0day
• fault injection
• hardware security

This video explores the possibility of embedding a complete 3D game into a YouTube thumbnail image. The creator demonstrates how to compress game code and assets using techniques like procedural generation, compiler optimizations, and efficient OpenGL rendering. Starting from a basic 'hello world' example, the video shows how to progressively build a small FPS game within the 2MB PNG size limit, using simplified math functions, procedural textures, and instance rendering to minimize file size. The result is a functional, albeit minimalistic, game rendered entirely through the image.

• PNG embedding
• game reverse engineering

This video demonstrates "Intercycle Cart Swapping", a technique that swaps NES cartridges between CPU cycles to manipulate the program counter. By swapping cartridges at precise moments during instruction execution, the video shows how to redirect the CPU to jump directly to Super Mario Bros. 3's victory screen, completing the game in just 5 microseconds from reset.

• software bugs
• game reverse engineering

This video details the process of reverse engineering and modifying an old, obscure game called 'A Bugs Life'. The author discovers a peculiar installer that triggers an unexpected error, leading to a patching exercise. The game was designed to require a physical disc, but the author bypasses this by patching the executable to ignore a specific check and hooking a function to load files from a local drive instead of the CD. The game's manual contains unusual warnings about epilepsy and screen distance. The reverse engineering reveals a logging function that helps understand the game's runtime behavior.

• game reverse engineering
• reverse engineering
• disc checking

This video explores how to debug iOS apps that implement strong protections against debugging, such as PT_DENY_ATTACH. It explains how PT_DENY_ATTACH works by exiting an app if a debugger is attached, and demonstrates two methods to bypass it. The first approach involves setting a breakpoint before the PT_DENY_ATTACH call in a simulator environment. The second, more advanced method, uses direct kernel-level system calls via inline assembly to replicate the same functionality without invoking the private API directly.

• iOS internals
• PT_DENY_ATTACH
• debugging protections

This video explores the challenges of running an old video game blocked by DRM. The user initially tries a standard crack but finds it ineffective due to the game's anti-debugging and obfuscation techniques. Using a debugger (x64dbg), he intercepted the game's error message related to missing CD requirements and traced the issue back to a SecuROM DRM component. Further analysis reveals the game's executable is encrypted with a key stored on the original CD. The user then attempts to dump the executable and faces obfuscation designed to prevent analysis. To bypass the DRM, he developed a custom 32-bit debugger tool that automates the process of identifying and patching out the DRM checks by modifying function calls in memory.

• DRM bypass
• reverse engineering
• debugging
• SecuROM
• obfuscation

This video details the process of making an obscure 2000 game compatible with modern Windows systems, primarily Windows 11. Initial attempts resulted in a blank screen or crashes. The approach involved using a VM for safety, debugging tools to identify issues, and specialized software like cff Explorer and IDA to analyze the game's executable. Key techniques included modifying section permissions, hooking DirectDraw functions via code caves or manipulating the Import Address Table (IAT), and adjusting window creation parameters.

• game reverse engineering
• code caves
• IAT

This video demonstrates upgrading the base M4 Mac mini's storage from 256GB to a larger capacity. The process involves disassembling the device and replacing the removable SSD modules, similar to the Mac Studio. The video includes benchmark tests showing the base model's performance with 16GB RAM.

• electronics
• soldering

This video details reverse engineering The Sims 2 to bypass its obsolete CD key validation. Using a debugger, the creator analyzes the key verification algorithm, overcomes anti-debugging protections, and replicates the validation logic in C++ to generate working keys, enabling the game to run on modern systems.

• reverse engineering
• DRM
• keygen
• anti-debugging
• game obfuscation

This video details the process of running an outdated game, The Sims 2, which no longer receives support from its publisher. The journey begins with acquiring a CD rip of the game, but the installer requires a unique key that is not available. The creator uses a debugger to reverse engineer the key validation system, discovering a complex algorithm involving multiple transformations and checksums. After successfully replicating the key generation algorithm in C++, the focus shifts to bypassing the game's anti-debugging measures and a mysterious runtime unpacking mechanism.

• reverse engineering
• game reverse engineering
• DRM bypass
• key cracking

This video explores the process of modifying Diablo II, a game originally released in 1999, to render with modern graphics APIs. The core challenge involves reverse engineering the game's reliance on the Glide API, an older graphics interface not supported by modern hardware. The creator achieves this by creating a Glide emulation layer that translates the game's API calls into Vulkan, a modern graphics API. The process involves debugging, understanding API specifications, and handling specific game mechanics like texture loading and rendering commands.

• game reverse engineering
• Vulkan

This video demonstrates upgrading a Mac Studio's storage from 512GB to 8TB using custom PCBs and blank NAND chips. Since Apple's proprietary modules can't be directly swapped, the process involves reballing 1TB NAND chips onto custom boards and letting the M1 Max's integrated storage controller configure them during system restore.

• electronics

This video details the process of reverse engineering the AI decision-making in the original Age of Empires game. The creator explores assembly code and strings to understand how the AI determines what to build next, analyzes logging mechanisms, examines how different civilizations are configured for AI gameplay, and investigates specific functions related to AI tasks and player data. The reverse engineering involves patching code to test logging functionality and understanding how the AI's behavior is structured.

• reverse engineering
• AI mechanics

This exploration delves into reverse engineering the original Age of Empires game to understand its AI mechanics. Starting with analyzing AI files containing action instructions (like 'U' for unit, 'R' for research), the focus shifts to disassembling the game code using tools like Ghidra. Key findings include identifying the structure of AI commands, understanding how the game loads and processes these files, and figuring out how the AI determines priorities and executes actions.

• reverse engineering
• AI mechanics

iOS allows apps to provide alternate static icons via the setAlternateIconName API, which can be exploited to create a false animation effect. The method triggers a user alert upon each call, and doesn't work in the background. Reverse engineering the system code revealed that a private method, underscore_setAlternateIconName, handles the actual icon change without displaying the alert. By calling this private method directly, developers can bypass the alert and achieve smooth icon transitions, though background functionality remains limited.

• private API
• iOS internals

This video shows the restoration of an Apple Developer Transition Kit (DTK) with an A12Z chip that Apple damaged during recycling. The repair involves fixing a cut board and reinstalling removed NAND chips to restore functionality.

• electronics

This video explores methods to hack the game Balatro by injecting custom code to achieve an impossible score. The creator examines the game's use of the LÖVE engine and its reliance on the LÖVE scripting language. Techniques include modifying the game's executable structure, embedding custom LÖVE code, and injecting code while the game is running. Specific steps involve patching LÖVE functions to intercept calls, detouring execution to save game state, and manipulating game mechanics like adding unlimited Jokers.

• code injection
• game reverse engineering

The Disneyland app would freeze when users swiped to navigate back from a restaurant view, preventing interaction. Debugging revealed that iOS's parallax dimming view, which disables interaction during transitions, was being improperly managed by the app's viewDidAppear method, causing the freeze. A fix involved preventing the disabling of the swipe gesture recognizer during the transition, ensuring the app remains responsive.

• iOS
• lldb

This video explores the challenge of playing an abandoned game due to publisher restrictions, using the example of 'Black and White'. The author discovers that the game requires a key for activation, but reverse engineering tools like IDA and x64dbg reveals the key validation algorithm. By analyzing the code, they understand the validation rules and use brute force techniques to generate a valid key.

• reverse engineering
• keygen
• game reverse engineering

This video details the process of reverse engineering a horror game called 'I'm On Observation Duty' to detect anomalies without jump scares. The creator dislikes traditional horror elements and instead focuses on the game's core mechanic of monitoring multiple camera feeds for strange occurrences. The approach involves several steps: first, using a program to capture and compare screen images, but this fails due to the game's TV static effect. Then, decompiling the Unity game's C code reveals how anomalies are managed. Finally, dynamic memory analysis allows tracking the anomaly list in real-time, enabling automated detection and reporting.

• game reverse engineering
• dynamic analysis

This video demonstrates upgrading soldered SSDs on Apple Silicon MacBooks that only support single drives, like the 128GB education M1 MacBook Air. The process involves removing the original SSD with heat, installing additional components (capacitors, resistors), and adding two 1TB SSDs to enable dual-SSD functionality.

• electronics
• soldering

This video explores the process of reverse engineering the TikTok iOS app to filter its content exclusively to cat videos. The creator outlines two main approaches: intercepting network requests to modify API responses, and analyzing the app's UI layer to identify the data source for posts. Initial attempts to intercept network traffic faced challenges like certificate pinning, leading to a shift toward debugging the UI layer using tools like lldb.

• lldb
• reverse engineering
• network security
• certificate pinning

This video explores the challenges of running a classic game, Worms 2, on modern Windows systems. Despite its release in 1997, the game fails to launch properly on Windows 11 due to legacy audio library dependencies. Through debugging tools, the creator identifies that the game is attempting to load audio files from a CD, a common practice back then but problematic on modern systems. A solution involves modifying a third-party DLL to redirect audio loading. Additionally, the creator delves into the game's code to understand why certain menu items are missing, tracing the menu rendering process and the button click handling mechanism.

• game reverse engineering
• reverse engineering
• DLL patching

This video shows how to upgrade an M1 Mac Mini's soldered SSD from 256GB to 2TB by desoldering the original NAND chips and installing new 1TB chips. The process involves careful desoldering, cleaning, reballing, and resoldering.

• electronics
• soldering

This video details the process of reverse engineering the iOS game Temple Run 2, which uses Unity's il2cpp technology. The presenter utilizes tools like il2cppdumper, IDA Pro, and lldb to analyze the game's executable, resolve function names, bypass iOS ASLR by calculating memory offsets, and exploit a specific currency function to modify coin and gem counts arbitrarily.

• reverse engineering
• game reverse engineering
• iOS
• il2cppdumper
• IDA
• lldb

This video demonstrates reverse engineering the Candy Crush Saga iOS game by connecting an iPhone to a Mac via SSH and using lldb for debugging alongside Hopper disassembler. The process involves debugging a running instance of the game, calculating memory addresses due to iOS's ASLR mechanism, identifying key functions like booster mechanics, and potentially modifying memory to alter game behavior.

• iOS
• lldb
• Hopper
• ASLR
• game reverse engineering