I like this idea: A game resource archive format (GRAF) Wiki. For the uninitiated, computer games often package much of their essential data– video data, audio clips, music, game maps, etc.– into monolithic archive files. This Wiki is an effort to document as many of those formats as possible. The Wiki was just released but it already boasts 600+ formats. If you see any holes, feel free to contribute.

How is this related to multimedia technology? Games often have FMV data packaged inside of such resource archives. I suspect the Wiki authors contacted me due to my meager (compared to their collection) document describing a handful of GRAFs.

If you are interested in hacking on a resource format that is not listed, check out their Definitive Guide To Exploring File Formats.

One of Linspire’s big selling points is that it supports Microsoft Windows Media decoding out of the box. How does it do this? Several colleagues have written and informed me that Linspire has licensed binary decoding modules from Microsoft. Linspire’s packaged distribution comes with such x86/Linux-native shared objects as libwma2.so, libwma3.so, libwmv2.so, libwmv3.so.

So why is this such a big deal? My informants tell me that the binaries are un-strip’d which means that they have a lot of debugging symbols packaged inside. Thanks, Linspire.

I learned that this blog ranks highly on Google with the search query “deobfuscating java”. I decided to see what other items come up with such a term. In doing so, I found someone who eats, sleeps, and breathes code obfuscation the same way I do de-obfuscation and reverse engineering.

And if “deobfuscating java” brought you here, this page on Retroguard deobfuscation is the reason.

Meet Paul Tyma, Ph.D. I became aware of him through this I, Cringely column entitled “Misinterpretation”. Tyma and his company PreEmptive Solutions have developed code obfuscators for both the Java and .NET languages. The article notes that one technique under development (possibly already deployed?) is called “Program State Code Protection”. From what I can discern, it almost sounds like self-modifying code for Java. I would be interested to see it in action.

Further, the company has 2 patents assigned to it:

• 6,102,966: Method for renaming identifiers of a computer program
• 5,903,761: Method of reducing the number of instructions in a program code sequence

Tyma also has an article in a Java publication entitled “The New Obfuscation”. This piece presents some examples of code mangling that are difficult to decompile and would be almost impossible to recompile.

Do you have any idea how long I have been involved in multimedia hacking and reverse engineering? About 5 years now. All that while, folks have warned me sternly, and constantly, that this type of work would get me sued to death. I am pleased to announce that today I received my first legal threat. I feel that my work has finally been validated! Well, it was not necessarily a legal threat, like those notorious “nastygram” cease & desist letters. It was more like a veiled reference to a possible future legal threat. Someone identifying himself as the assistant general counsel for On2 said that the company took exception to the fact that I was posting decompilations of their Java decoder. And just when I was starting to feel that no one cared about my work…

Naturally, this raises some pressing questions. First and foremost, why was I contacted by the assistant general counsel? Why doesn’t my case warrant the attention of the lead/primary/head general counsel? Maybe if I went after their latest generation codec, VP7, my actions would merit an escalation.

For the time being, I have decided to not post the Java decompilations on my Practical Reverse Engineering site. This entire site is partially an experiment to test where the limits are. Looks like we found one such limit.

I never had a compelling reason to research legal options surrounding these RE activities. Maybe it is time to start. But I am just so lazy… As always, this subject may be revisited. Feel free to email me regarding this situation.

I am pleased to report that people have been jumping on the decompiled Java-based VP5 decoder. Notably, it was clear to one individual that the method called clinch() that read bits from the stream using some bizarre algorithm is, in fact, an arithmetic decoding algorithm.

Regarding credits: I realize that many people engaged in reverse engineering activities are a little paranoid about having their achievements recognized. As such, my default policy is to not mention a contributor’s name unless they specifically ask for credit.

This is the current version of the decompiled VP5 Java cryptogram. Updates may occur at any time so check on the version number and timestamp inserted by SVN.

I don’t know why this did not occur to me sooner: Distributed reverse engineering!

Read the rest of this entry »

Roine Gustafsson has contributed an open source FPS1 decoder implementation to the FFmpeg project. Note that there are 3 different FPS1 versions and the decoder only supports the first 2. But this is a good start. Check out CVS. And samples are here.

It was 6 years ago that George Lucas began savaging the emotions of old-school Star Wars fans by unleashing Star Wars Episode I: The Phantom Menace. I have blocked out many of my negative memories of that film (which I only viewed once). Strangely, the fondest memories I have surrounding the film were of the downloadable trailers. Odd as it sounds, these QuickTime trailers were a large part of what inspired me to study multimedia technology.

In early 1999, the word was out that Apple had posted to the web these awe-inspiring trailers. The files showcased remarkably higher resolution than anything that was easily downloadable before. This screen capture of Master Yoda was taken from the first Phantom Menace trailer. For Linux users, the most notable feature of these new multimedia files was that they could not be played under Linux.

In you much fear Yoda senses, hhrrmmm?

Read the rest of this entry »

My main Multimedia Research Institute page has gone without update since I started this blog. Not a great trend. Tonight I added an errata document for the official Vorbis specification. Also, I start digging into my backlog of multimedia software since my last Multimedia Exploration Journal entry. I have about 50 titles stacked up. I did a quick review of 7 of the dollar-bin titles tonight.

I recently discovered Zelda Classic, a fascinating project to clone the classic Legend of Zelda game. This is what the original game looks like running in an emulator:

Why does anyone care? Look, it’s just a really cool game, okay?

These programmers created their own game engine and then cloned the original Zelda graphics for use in the game. But the real value-add is being able to create new quests, distribute them for others to play, and download other quests to play in the engine.

Read the rest of this entry »