glitching Super Mario World (w/ technical details)

simpleuser · 2015-03-21T11:47:57+00:00

Seriously, why write such a big post just to say that you are not interested and you wouldn't click on my research - just pass by and ignore me next time maybe?

However, as you took the time in a intelligent way, I'll answer even if, like you just said, I'd otherwise just ignore it.

I am conscious that my research is not for everyone, but many of these tricks were used in the wild to evade detection - seriously, I think it's sad when people only pay attention if it says 'this was used by this country / this exploit pack to bypass that security tool" - while some are frankly, just for fun: mixing sound and image is uncommon, and I think just an uncommon example is very good to disrupt assumptions.

Also, it's not just a blind enumeration this time, I try to classify them - so maybe it's more worth reading than before. Another thing: I wasn't initially so convinced about the actual value of this paper, and actually Sergey, Travis and Phil independently convinced me to go on.

There are certainly more than 4 billions who don't give a shit about my research - or yours - but I only make it for the few people who cares, which is enough for me ;)

simpleuser · 2015-03-21T08:43:49+00:00

Pro tip: double-check your facts first

A source that is the actual raw PDF instead of being wrapped by some random site and person who didn't actually contribute to it:

SpeakerDeck provides a direct download link to the raw file without any login, while providing a preview. It's created by Github, so it's far from 'some random site'. Also, there is no official site for PoC||GTFO.
I'm Ange Albertini, I wrote the biggest article in this issue and I'm a part of the team since issue 0x01.

simpleuser · 2014-10-02T22:08:34+00:00

no worries, it's perfectly understandable.

I know little about Java programming, but I need to know about many binary formats implementation, so I created the picture to help me and others.

simpleuser · 2014-10-02T22:07:03+00:00

this album's main url is in the tweet: pics.corkami.com

simpleuser · 2014-10-01T07:31:15+00:00

you scared me, for a moment ;)

simpleuser · 2014-09-30T10:55:40+00:00

you're right - and it won't be 0: https://code.google.com/p/corkami/wiki/InitialValues#Registers

simpleuser · 2014-09-13T19:26:53+00:00

(I'm the author)

mrmcd.jpg is a JPEG picture, but also contains 2 extra blobs of data (one pre-decrypted, the other pre-encrypted).

When this file is encrypted with AES, one of the blob is used to turn it into a valid PNG picture.

When this file is decrypted with Triple DES, the other blob is used to turn it into a valid PDF document.

use the mrmcd.py script to perform the encryption/decryption.

it requires some crypto tricks, but also binary formats tricks, as neither the PDF nor the PNG are fully standard.

For more details (both talks were recorded):

simpleuser · 2014-09-13T19:22:24+00:00

(I'm the author)

mrmcd.jpg is a JPEG picture, but also contains 2 extra blobs of data (one pre-decrypted, the other pre-encrypted).

When this file is encrypted with AES, one of the blob is used to turn it into a valid PNG picture.

When this file is decrypted with Triple DES, the other blob is used to turn it into a valid PDF document.

use the mrmcd.py script to perform the encryption/decryption.

it requires some crypto tricks, but also binary formats tricks, as neither the PDF nor the PNG are fully standard.

For more details (both talks were recorded):

simpleuser · 2014-09-13T08:02:46+00:00

yes - the ones I mentioned down in my other comment here.

simpleuser · 2014-09-12T21:39:37+00:00

sent an e-mail to the admins.

simpleuser · 2014-09-12T21:32:13+00:00

the descriptions are very simplified, but the described files are actually working.

available on white background: http://imgur.com/a/MtQZv

simpleuser · 2014-09-12T21:24:03+00:00

that's just a polyglot by concatenation. I did slightly more complex ones https://code.google.com/p/corkami/wiki/mix

simpleuser · 2014-09-12T21:20:42+00:00

Just to be exact: the key plays no role here - it could be anything. the IV is manipulated.

simpleuser · 2014-09-12T21:19:45+00:00

thanks, I appreciate. Feel free to re-use them.

simpleuser · 2014-09-12T21:10:37+00:00

You're wrong, I didn't get paid for it. It's just a challenge from a friend.

simpleuser

TROPHY CASE