Monthly Archives: May 2005

Game Resource Archive Format Wiki

I like this idea: A game resource archive format (GRAF) Wiki. For the uninitiated, computer games often package much of their essential data– video data, audio clips, music, game maps, etc.– into monolithic archive files. This Wiki is an effort to document as many of those formats as possible. The Wiki was just released but it already boasts 600+ formats. If you see any holes, feel free to contribute.

How is this related to multimedia technology? Games often have FMV data packaged inside of such resource archives. I suspect the Wiki authors contacted me due to my meager (compared to their collection) document describing a handful of GRAFs.

If you are interested in hacking on a resource format that is not listed, check out their Definitive Guide To Exploring File Formats.

Linspire’s Binary Decoding Modules

One of Linspire’s big selling points is that it supports Microsoft Windows Media decoding out of the box. How does it do this? Several colleagues have written and informed me that Linspire has licensed binary decoding modules from Microsoft. Linspire’s packaged distribution comes with such x86/Linux-native shared objects as,,,

So why is this such a big deal? My informants tell me that the binaries are un-strip’d which means that they have a lot of debugging symbols packaged inside. Thanks, Linspire.

Monitoring The Competition

I learned that this blog ranks highly on Google with the search query “deobfuscating java”. I decided to see what other items come up with such a term. In doing so, I found someone who eats, sleeps, and breathes code obfuscation the same way I do de-obfuscation and reverse engineering.

And if “deobfuscating java” brought you here, this page on Retroguard deobfuscation is the reason.

Meet Paul Tyma, Ph.D. I became aware of him through this I, Cringely column entitled “Misinterpretation”. Tyma and his company PreEmptive Solutions have developed code obfuscators for both the Java and .NET languages. The article notes that one technique under development (possibly already deployed?) is called “Program State Code Protection”. From what I can discern, it almost sounds like self-modifying code for Java. I would be interested to see it in action.

Further, the company has 2 patents assigned to it:

  • 6,102,966: Method for renaming identifiers of a computer program
  • 5,903,761: Method of reducing the number of instructions in a program code sequence

Tyma also has an article in a Java publication entitled “The New Obfuscation”. This piece presents some examples of code mangling that are difficult to decompile and would be almost impossible to recompile.

Legal Threat #00001

Party! Do you have any idea how long I have been involved in multimedia hacking and reverse engineering? About 5 years now. All that while, folks have warned me sternly, and constantly, that this type of work would get me sued to death. I am pleased to announce that today I received my first legal threat. I feel that my work has finally been validated!

Well, it was not necessarily a legal threat, like those notorious “nastygram” cease & desist letters. It was more like a veiled reference to a possible future legal threat. Someone identifying himself as the assistant general counsel for On2 said that the company took exception to the fact that I was posting decompilations of their Java decoder.

And just when I was starting to feel that no one cared about my work…

Naturally, this raises some pressing questions. First and foremost, why was I contacted by the assistant general counsel? Why doesn’t my case warrant the attention of the lead/primary/head general counsel? Maybe if I went after their latest generation codec, VP7, my actions would merit an escalation.

For the time being, I have decided to not post the Java decompilations on my Practical Reverse Engineering site. This entire site is partially an experiment to test where the limits are. Looks like we found one such limit.

I never had a compelling reason to research legal options surrounding these RE activities. Maybe it is time to start. But I am just so lazy… As always, this subject may be revisited. Feel free to email me regarding this situation.