Monthly Archives: August 2005

Jumping In With IDA Pro

This may come as a surprise to many hardcore reverse engineers out there but I have actually never used DataRescue’s IDA Pro disassembler tool. Chalk it up to a general aversion to non-free software as well as the chore of having to boot into Windows for the experiment (there is supposed to be a limited Linux version available as well). Add to that the fact that it’s always hard to get myself psyched about any RE-related task, necessary though it may be.

I finally tried the program tonight. It really is every bit as amazing as I have heard about. Recognizing that the computer can not be smart enough to completely reverse engineer as program, IDA’s guiding principle is to give the reverse engineer a powerful workbench of tools to apply towards the craft. One tool maps functions in blocks of ASM instructions grouped by code branches. Another tool allows you to edit a function’s prototype, which is then taken into account in the function’s analysis. Another tool allows you to create new structure definitions to be used as functions parameters.

Fortunately, a trial version of the software that can analyze Windows PE and Linux ELF files is free for download. Unfortunately, it is set to expire after an unspecified period of time. Further, it will not allow you to save your work. The full version of the software will set you back several hundred dollars or euros. Alternatively, you could put a fresh installation of the program on a reliable computer plugged into a UPS and do as much as you can with it. I suppose another workaround is virtualization– set up a virtual environment to save and load the entire machine state.

I had no idea that IDA Pro (full version) can even process console executable files from Nintendo GameBoy and N64 games, Sony Playstation games, Sega Dreamcast games, and Microsoft Xbox games. Makes me wish there were some interesting targets there.

PAVC: Bisqwit Forum Discussion

A few weeks ago, I posted a new thread over on Bisqwit’s Nesvideos forums about my experimental codec research: Custom Video Codec For Console Movies. There has been some interesting discussion regarding PAVC-related compression concepts and it is worth reading.

It has been a little while since I have posted a gratuitous console game screenshot. For a change, instead of posting a screenshot of a game of which I have fond memories, I am posting a screenshot of one of the most dreadful games ever published on the NES:


Bad Game: Heroes of the Lance
Heroes of the Lance

Thanks as always to MobyGames and their vast screenshot archive.

Java Multimedia Library

Every so often, a discussion of the Java Multimedia Format (JMF) library pops up on an open source multimedia development list. I had never given it any kind of attention until a Google search recently led me to the documentation. I always assumed that it just supported raw formats and some common, open MPEG formats. It turns out that the library actually supports a few better known codecs, some of which are not completely reverse engineering. Of course, my interest in this would be decompiling them and de-obfuscating them beforehand, as necessary. The library contains a non-obfuscated, pure-Java implementation of the Cinepak codec. It also includes an obfuscated, pure-Java implementation of what I believe are some or all of the MPEG-1 codecs.

However, most interesting codecs (including all of those that are not yet RE’d) are only supported via the Win32 or Linux/Solaris “Performance Packs” which are presumably compiled, SIMD-optimized x86 code.

Some curious features– the pure-Java portion of the library supports some of the quirkier Sound Blaster playback frequencies like 11127 Hz and 22254 Hz (while the performance packs support 8000 Hz -> 48000 Hz). Also, I can not get over the fact that the documentation for the javax.media.format.VideoFormat class states that SMC corresponds to “Sorenson format”. (Here is the SMC format, apparently named for its creator, one Sean M. Callahan.)