Click on (more) for the solutions to the brief RE puzzles…

RE puzzle #1 is a simple bitstream decoder extracted from the Sorenson Video 1 (SVQ1) decoder in Apple’s QuickTime v5 program. The C prototype and operation of the function can be expressed thusly:

unsigned int svq1_get_bits(struct bitstruct, unsigned int n);

The function takes 2 parameters– a bitstream accounting structure (bitstruct) and an integer (n)– and returns the next (n) bits from the bitstream according to the information in bitstruct.

The bitstruct data structure must have at least 5 32-bit parameters (based on the fact that the last known member is at +0x10); only 2 of these are used in the function:

• bitstruct + 0x04 = current bit index
• bitstruct + 0x10 = bit buffer start address

RE puzzle #2 takes a pointer to a data structure, checks that the pointer is non-NULL, and checks that the first field is equal to a particular size (0x3C). If everything checks out, return 1. If there is an error, set a global variable (at address 0xnnnn9000) to 4 and return 0. This ASM fragment comes from xanlib.dll, a video decoding module for decoding ‘Xxan’ video used in various Origin games such as Wing Commander IV.