hack

OpenOffice All Languages Wordlist

(As it seems like no one did this before... I tried to Smiling)

One of the coolest things from OpenOffice (IMHO) is it's huge spell checking database, available for 92 languages. It contains not only the "most popular" words, but also some "mutation rules", which describe the generic "word formation" algorithm for each language. This opens great possibilities for a dictionary attack.

So, all I did was picking an "All Language Pack" from OpenOffice.org, and expanding it (i.e. using the affix rules to generate a list of all recognized words of a dictionary) with the unmunch utility from the Hunspell. As unmunch behaved a bit... weirdly with some .aff files (namely: ar, eu_ES, gl_ES, he_IL, hu_HU, lt_LT, mn_MN, qu_BO, se), I had to use the non-expanded .dic instead. This generated a set of lists with 127,153,335 unique words, which summed up into 1,932.2 MB.

And finally, here it is, for all your security testing purposes, packed with 7-Zip into a 167.3 MB file:

Have a lot of phun Laughing out loud

Share/Save/Bookmark

stas's picture
stas » November 3, 2008 » 14:06

The Pirate Bay un-SSL

Theory

Recently, the world saw The Pirate Bay offering SSL encryption on their server. This means that your ISP won't know anymore which torrent you are downloading, right? Wrong.
HTTPS is quite useless for protecting static and public content. By static, I do mean the .torrent file itself. It is always the same. By public, I do mean than one doesn't need any kind of authentication to pick up the content. It's always the same, for everyone. For crawlers, too.
So, one could easily index (a portion of) The Pirate Bay torrent database by the Content-Length. Then, one could intercept some encrypted traffic between some machine(s) within his/her network and the torrents.thepiratebay.org server. Knowing both (encrypted) request and response lengths, it is possible to get a quite reliable list of matches from the previously indexed torrent list.

Practice

Don't try this at work, or you might hurt yourself Eye-wink

  1. Use Wireshark to capture some torrent downloads. Torrents are hosted on a separate server, which makes the task easier yet. Just use the following capture filter: "tcp and port 443 and host torrents.thepiratebay.org"
  2. Now, just go with the stream Smiling ("Follow TCP Stream" for the packet you suspect belongs to the torrent download. This will create another filter, just like "(ip.addr eq 192.168.0.10 and ip.addr eq 83.140.176.156) and (tcp.port eq 2157 and tcp.port eq 443)")
  3. Just save the displayed stream anywhere else (pcap1.pcap sounds nice)
  4. Now, use my quick&dirty TPB-TLSlen.pl Perl script to get the request/response lengths:
    perl TPB-TLSlen.pl pcap1.pcap
    Yeah, I know, it is nasty. It only supports the TLS cypher. And it simply calls the tshark (the command line version of Wireshark) to parse it's output.
  5. Now, just paste the REQ and RES values below Laughing out loud
    (note that the REQ value is optional, setting it to 0 simply ignores the request size for matching)
Note that you are able to fine-tune the maximum and minimum header sizes. For the response, the headers are almost the same all the time. The only thing that varies is the decimal representation of the file length and age. (Un)fortuately, the request headers do vary for different browsers and referring pages. However, knowing the request size still helps a bit, specially if the torrent's filename was huge Smiling

Precision

The following size distribution chart was generated using the database with ~165K torrents:

torrent size distribution

The most common torrent size is ~14 KB, and it's easy to figure out that such torrents represent the shared 700 MB files Smiling
There's also a major peak for the 454 bytes torrents. However, bigger torrents are less common, thus, the size detection technique becomes more precise. Now, the average "distance" between torrent sizes is ~44 bytes (at least for the sample I've collected). So, adding a cookie with the random size up to 128 bytes will disrupt the size matching detection a lot. The request size disruption is even easier: the largest torrent URI I've found was 150 bytes-wide. Thus, padding every request URI to match 150 characters is enough to make the requests completely indistinguishable. Joining the pieces (the padding add-on strings are bold):
GET /4319199/[a4e]Ghost_in_the_Shell_TV_01-26.4319199.TPB.torrent?nVM2UGfcG533un4ym70eT2
9r0WwBLYdmFCNN+UTV/hiJ7EAXdFU5KfdWHpkB5lXaCmITsACKOPVyjmpbaOB+CrI5
HTTP/1.1 Host: torrents.thepiratebay.org User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208
Firefox/3.0.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: https://thepiratebay.org/recent Cookie: language=pt_BR; country=BR; PHPSESSID=ad6cb7e414c8dc88e0c2444f6215165a
HTTP/1.1 200 OK Content-Type: application/x-bittorrent Etag: "2198642509" Last-Modified: Mon, 28 Jul 2008 22:28:59 GMT Server: lighttpd Content-Length: 91601 Date: Mon, 28 Jul 2008 22:37:56 GMT X-Varnish: 108010229 107999438 Age: 253 Via: 1.1 varnish Connection: keep-alive Set-Cookie: p=68eOfxOC7JwBYcMe1RJWC4Z5PV/lJzqJORW8KROPMH9zQhszSjFnRp2tsNWEoyabWAloneUaoz
MxYtx4hoM9MZUKE/7wGzC3ZKLEZdppG4og3W; expires=Mon, 28-Jul-2008 22:37:56 GMT; path=/;
domain=torrents.thepiratebay.org
(binary torrent data)

Solution

  1. Use a constant padding in the .torrent files. This messes things a bit, but stills ineffective. The only advantage is not messing up with the server Sad
  2. Patch the lighttpd server so it sends a non-lasting cookie with a random size.

Thanks

Encrypted session data

REQUESTRESPONSE
SSL size:
Min header length:
Max header length:

Possible matches

The Pirate Bay URL strlen(URI) torrent size
0 matches
Torrents indexed: 1580345

Share/Save/Bookmark

stas's picture
stas » July 31, 2008 » 11:05
database » hack » music » network » perl » php » video » web

"keyboard injection" under Linux

What to do if you want to pass some data into STDIN of some process, and it doesn't accepts it?! One of the most (un)famous example is ssh; who never tried to do a "echo password | ssh host"?! So, you just want to inject characters as there were someone typing them. Remember: TIOCSTI ioctl() call is your friend Smiling
Just google it to see what it does. And now, some actually working code:

#!/usr/bin/perl -w
use strict;
use Fcntl;
use constant TIOCSTI => 0x5412;

unless (@ARGV >= 1) {
print "usage: $0 [vt] <input>\n";
exit;
}

my $vt = shift @ARGV;
my $buf = join '', <>;
&writevt ($vt, $buf) || die "can't write to $vt: $!\n";
exit;


sub writevt {
my ($vt, $buf) = @_;
sysopen (VT, $vt, O_RDONLY) || return 0;
for (my $i = 0; $i < length $buf; $i++) {
ioctl (VT, TIOCSTI, substr ($buf, $i, 1)) || return 0;
}
close (VT) || return 0;
return 1;
}

And this is how it works (Linux-specific!!!):

[stas@home stas]$ echo id | ./catvt.pl /dev/pts/0
id
[stas@home stas]$ id
uid=?????(stas) gid=?????(stas) groups=?????(stas)

Kinda awesome Laughing out loud

Share/Save/Bookmark

stas's picture
stas » August 15, 2007 » 21:20

tiny HTTP proxy


Main screen

This is a tiny and highly experimental HTTP/1.0 proxy software that I have written to debug HTTP protocol & it's clients. It is very small and simple, yet useful to reverse-engineering purposes. It's interface is quite obvious. The Server frame controls the IP, port and connection limit of the proxy server. It also shows how many connections are active at moment. The Data Traffic frame shows in/out packets & bytes. Service frame allows you to stop, start and quit the proxy. These are the very minimalist controls for the very minimalist proxy server.

The interesting stuff begins at the Plugin frame. All the packet passed through this proxy server are forwarded to the selectable plugin module. By default, it is logger.dll. It simply saves every single packet into separate file, which uses the following name scheme: from_IP.from_port-to_IP.to_port.log (for example, 127.0.0.1.4322-127.0.0.1.21.log). The files can be ordered by their modification date in your file explorer, so you can track the entire session:

Packets list

The logger.dll can be set up to include a sequence counter at the beginning of each packet and to output saved packets into some specific directory:

logger.dll setup

Plugin module is also capable of injecting packets. Load the replicator.dll file and check the setup screen:

replicator.dll setup

When you click the Capture button and then make some action in your proxied web client, the replicator plugin will prompt you if it got a corresponding packet. This packet may be resent automatically, at the period specified in the Period box. You can capture & replicate several packets, and manipulate their resend period. A very interesting application of the replicator plugin is to flood web chats and to spin up web counters. Of course, the right way is to use logger.dll and to make a clone that imitates the "real" web client.

The final note: this is, and always will be, an alpha-state code. I do not develop this proxy application anymore. It is useful to me the way it is. But you can grab the source and make a whatever plugin you like, or even rewrite the code entirely. I don't care. Just give me the proper credits!

Share/Save/Bookmark

stas's picture
stas » January 3, 2007 » 21:50

inPEct .EXE binder

inPEct screenshot

inPEct means "infect", applicable to PE ("Portable Executable") format. It is an executable binder, thus, it's able to join two .exe files in one. Now, why should anyone want to do that, is a question apart (screenshot is self-explanatory Smiling
At the time I've wrote inPEct, most executable binders were similar to SFX ("Self-Extract") stubs: they simply extracted their content to somewhere (commonly %TEMP% directory). inPEct is a bit different, as it expands the host executable and encrypts & inserts the hosted executable inside it. When someone executes the bound application, the host executable runs normally, and the hosted executable is extracted and then executed. inPEct also has a feature to execute the hosted executable only once ('smart feature'): if the bound program is executed by user again, hosted file won't be extracted anymore. And inPEct is very fast and small, as  it's written entirely in pure assembler (in fact, inPEct's loader has only 800 bytes!). It's encryption algorithm is very cheap, but still uses a random seed. Thus, I expect that inPEct is more stealthy than similar binders.
Please note that almost every AntiVirus program detects and quarantines inPEct (and files produced by it)! This shows it's popularity in the past, I guess Eye-wink

But today it's useful mostly as a pure assembler programming example... And for AntiVirus research, as this paper actually shows.

Share/Save/Bookmark

stas's picture
stas » January 1, 2007 » 23:00

ACFTools (for X-Plane)


ACFTools screenshot

The Plane-Maker from X-Plane v7.x is fun and easy to use... Although I found it a bit limited to edit my planes' fuselage. 20 cross-sections aren't enough, sometimes. It would be nice to export the fuselage shape into any 3D-editor and fine-tune it there... This is exactly what my ACFTools are supposed to do. Please note that X-Plane v8.x is unsupported, unless you create & edit a v7 model and then import it to Plane-Maker v8. But I believe this isn't a problem: X-Plane v8 is able to use OBJ format files (which can be imported/exported by AC3D and Blender plugins) as parts of an aircraft, thus, extremely weird shapes are perfectly possible without even touching the ACF file.
Now, what exactly ACFTools does? It is able to process the file that stores all the aircraft data (except the textures), in the binary ACF format, and dump all the data in the human-readable TXT format. It is the same format as for Tony Gondola's ACF2Text utility, which inspirited my ACFTools. Then, ACFTools can extract the 3D model of the aircraft from this data, and export it in the AC3D format. After that you can edit the aircraft's shape as you want using AC3D and make the inverse process: from .ac to .txt, and then from .txt to .acf. Here comes the brief set of ACFTools features:
  • Convert from ACF (aircraft) & WPN (weapon) formats to TXT format and vice-versa.
  • Extract AC3D model from TXT file, along with wings and propellers (using the real airfoils!).
  • Import AC3D model into TXT file (fuselage, nacelles, wheel fairings & external fuel tanks only)
3D model extractor is also useful if you want to use X-Plane generated aircrafts somewhere else; as in your own Computer Graphics compositions.
ACFTools was written in Perl, thus it is able to work under Linux, MacOS & Windows. And it is Open-Source & highly modular, so you can modify it as you want, or use my functions for your own needs. When you start ACFTools, this is what you get at your console:
##############################################################################
[ACFTools v0.62a] Set of tools to play with ACF files outside of Plane-Maker
Perl script and modules coded by Stanislaw Pusep
Site of this and another X-Plane projects of mine: http://xplane.sysd.org/

Allows you to:
* export X-Plane (www.x-plane.com) aircraft data files to human-editable
plaintext format and 3D mesh editable in AC3D modeler (www.ac3d.org).
* import plaintext/3D mesh back to ACF file.
##############################################################################

Usage: acftools.exe [parameters]
o Commands:
-extract [DEF] : extract TXT from ACF (opt: using DEF definition)
-generate : generate ACF from TXT
-merge : merge body from AC3D file to TXT
o Parameters:
-acffile FILE : name of ACF file to process
-txtfile FILE : name of TXT file to process
-ac3dfile FILE : name of AC3D file to process
-noorder : DO NOT sort vertices while merging bodies
-noac3d : DO NOT generate AC3D
-(min|max)body N: write all bodies in specified range to AC3D
-force LIST : force extraction of bodies LIST (comma-separated N)
-normalize N : normalize wings to N vert/surface (N>=2 or no wings!)
o Notes:
* You can use abbreviations of commands/parameters (-gen or even -g
instead of -generate).
* The only required parameter for "extract" command is -acffile.
Both -txtfile and -ac3dfile are derivated from it.
* "generate" command and -txtfile has the same relation.
* By default "extract" uses the latest DEF file.
* "generate" doesn't need DEF at all (it is implicit in TXT)
* If file to be created already exists backup is made automatically.
o Examples:
acftools.exe --extract=ACF700 --acffile="F-22 Raptor.acf"
(extract 'F-22 Raptor.txt' from 'F-22 Raptor.acf')

acftools.exe -e -acf "F-22 Raptor.acf"
(same as above)

acftools.exe -me -ac3d ladar.ac -txt "F-22 Raptor.txt"
(merge *single* 3D body from 'ladar.ac' to 'F-22 Raptor.txt')

acftools.exe -g -txt "F-22 Raptor.txt"
(reverse operation; generate 'F-22 Raptor.acf' from 'F-22 Raptor.txt')
The most important thing you should know is that to convert from the binary ACF format to TXT, ACFTools uses one of the files stored in the defs directory. By default, it is a ACF740.def, which works for X-Plane v7.40 and later. You can specify any definition file you want, as shown on the screen above. You can also write your own definition files, if you have the structure specification. Note that to convert TXT back to ACF, no definition is necessary, as the TXT format itself holds all the data necessary to build the binary file. The second thing is to specify the file that ACFTools should convert. The name of the converted file and every of the intermediary files will be generated from this name. When converting from ACF to AC3D formats, TXT file is generated automatically. Please note that when you want to put the edited aircraft part back into the .acf file, you must save this part as a .ac separate file, then merge it into the TXT file, and after that convert it into ACF! Yes, it would be nice to have a GUI to automate the entire process, but I'm too lazy to do that! Anyway, may the source be with you Eye-wink
I strongly recommend you to read the docs\README.txt file contained in the ACFTools package before you start using it!

Share/Save/Bookmark

stas's picture
stas » May 10, 2006 » 01:09

Duke3D D.M. cheater


E1L2 near the dark room elevator: enhanced brightness
E1L2 near the dark room elevator: enhanced brightness

Do you consider yourself a good Duke3D deathmatch player?! Neither I do Eye-wink
For our luck, 3D Realms released Duke3D source code under GPL license at April 1st, 2003. No, I'm not fooling you! Since then, several people are enhancing this classic game, extending it's portability and adding some cool features to it. There are ports like icculus Duke3D port and JonoF's Duke Nukem 3D Port. So, with the source in my hands, I decided to make my own version. I called it Duke Nukem 3D v1.666. It is 100% compatible with the original MS-DOS Duke3D v1.5, and adds some cheats into deathmatch games:
  • Omniscience. You can peek at your opponents screen (using "Coop View", which now works even in the deathmatch mode!), and hear the sounds they make (you may hear them scream when hit at the long distances). You are able to see in darkness all the time, without using the night vision goggles, and without that ugly green screen tinting. You'll know when your opponent drops a holoduke, so you won't waste your ammo with it. And finally, you won't see that confusing steroids trail anymore!
  • Aim bot features. Aim bot (which can be turned off!) will track the closest visible opponent automatically. If you're close enough to your opponent, aim bot will also try to kick him while shooting. And it will auto-activate med kit when you get shot! Another cool feature associated to the aim bot is the auto-jetpack. Jump from a high place, and jetpack will be activated automatically when you're close to the ground.
  • Practical enhancements. When you find a new weapon, game won't switch to it automatically. You will always see which weapon your opponent is using, without activating the "Weapon Mode". Demo viewer doesn't switches camera automatically anymore. And game doesn't prompts you with credit screens/animations when started or finished.
  • DNCROZ during multiplayer?! Even this is possible in the cheater! The only problem is: both players should type it when the game is paused, or the "Out Of Sync" condition occurs. Other cheats that work in the multiplayer game are: DNSCOTTY###; DNCOORDS, DNVIEW; DNRATE; DNBETA; DNTODD; DNSHOWMAP; DNALLEN; DNDEBUG.
  • ".ANM viewer". Just type DNENDING while playing, and the game skips right to the episode ending video Smiling
Please note that the most useful cheat, the aim bot, only works fine with the game's internal AI opponents (A.K.A. "PP bot", started with "duke3d.exe /q2 /a" command). It may work in the acceptable way on crossover 100 Mbps LAN connection (peer-to-peer), although... And the worst thing ever: Duke3D v1.666 will only work on real DOS mode, so forget it if you only have Windows NT/2k/XP (anyway, those who play Duke3D over network frequently do have Windows 9x installed for this specific purpose Smiling)
Still interested?! It's a bit difficult to install, though... First, you need to have the original Duke Nukem 3D v1.5 installed. Second, backup it!!! After that:
  1. Unpack the DN3D1666.ZIP into your Duke3D installation directory, overwriting files.
  2. Configure Duke3D. Run SETUP.EXE, and go to "Controller Setup", then "Choose Controller Type", and then select "Keyboard and External". After this, select "Setup External", "Change External Program Name", and type "DUKE3D.EXE" there. Now you can save config, but DON'T LAUNCH A GAME YET!!!
    (NOTE: it would be great if you disabled Turn_Left and Turn_Right keyboard bindings, although, if you don't plan to use "AutoAimSelfCalibrate" setting in DUKE3D.666 file or won't use Auto-Aim feature at all, you don't need to do this).
  3. Now, edit the file DUKE3D.666. Open it in your favorite editor (EDIT.COM Eye-wink), and you'll see that it's almost self-explanatory. Note that your mouse is now configured by this file, any SETUP settings will be ignored! Also note that default mouse settings for v1.666 imitates the default settings for the original Duke3D v1.5.
I also recommend you to read the "DN3D1666.ME!" file, supplied in the download package.

Relative project: GRP packer plugin for the Total Commander.

Sorry, no source code is available for direct download. However, if you're interested in it, contact me and I'll provide it to you! Thus, GPL license of the original Duke3D source wouldn't be harmed, I beleive...

Share/Save/Bookmark

stas's picture
stas » May 9, 2006 » 16:47
addon » C » cheat » game » graphics » hack » network » software

MD5/SHA1 checksum

An enhanced file checksum plugin for the Total Commander (TC for short). It supports both MD5 & SHA1 algorithms, and is able to checksum the entire directory trees. Note that it's MD5 checksum function is much faster than TC's internal one (70% faster on my Athlon XP 1700+ with Seagate IDE 160 GB 7200 rpm HD!). Both MD5 & SHA1 algorithms were ripped from PuTTY by Simon Tatham, who implemented them directly from the specification.
Basically, the file checksum plugin integrates the functionality of GNU utilities md5sum and sha1sum into the Total Commander GUI. This is done through the packer extension API: you simply select files/directories you want to checksum, and "Pack" (Alt+F5) them into a .md5 or .sha "archive". It will be a plain text file which looks like this (just the same format as that of above GNU utilities):
3fb2924c8fb8098dbc8260f69824e9c437d28c68  FC4-i386-disc1.iso
31fdc2d7a1f1709aa02c9ea5854015645bd69504 FC4-i386-disc2.iso
032455cdf457179916be3a739ca16add75b768b7 FC4-i386-disc3.iso
f560f26a32820143e8286afb188f7c36d905a735 FC4-i386-disc4.iso
736e1555e88740d6131c5c84fbe69ed1073ba82d FC4-i386-rescuecd.iso
Note that as TC runs on Windows, checksum plugin will use DOS line endings (CRLF). To "export" the generated checksum list to a UN*X system, you can use my ToFroWin utility, which also integrates itself into TC Smiling
Then, to verify files consistence from TC, select .md5 or .sha file and "Test archive" (Shift+Alt+F9). Files generated by *BSD md5 utility are also supported. You can also browse checksum files as they were directories; this is specially useful to locate and check for consistence a single file from the huge directory tree. To do that, just "View" (F3) a file, and TC Lister will pop you a window with content like this:
D:\_INSTALL_\stentz-binary-i386\FC4-i386-rescuecd.iso

expected: 736e1555e88740d6131c5c84fbe69ed1073ba82d
computed: 736e1555e88740d6131c5c84fbe69ed1073ba82d

SHA1 checksum OK!
Check this screenshot to see the checksum plugin in operation!

Installation:

  1. Unzip the "checksum.wcx" to the Total Commander or Windows Commander plugins directory
  2. In Windows Commander 4.0 (or newer) or Total Commander, choose 'Configuration => Options'
  3. Open the 'Packer' page
  4. Click 'Configure packer extension WCXs'
  5. Type md5 as the extension
  6. Click 'New type', and select the "checksum.wcx" file
  7. Click OK and then 'Configure packer extension WCXs'
  8. Now type sha as the extension
  9. Click 'New type', and select the "checksum.wcx" file again
  10. Click OK

Usage:

(This section uses MD5 checksums as example; for SHA1 the procedure is the
same, just replace every "md5" you see by "sha" Smiling)

  1. Generate MD5 checksum:
    1. Select files you wish to compute checksum.
    2. Then go to "Files => Pack".
    3. Select "md5" as packer.
    4. PLEASE NOTE THAT ARCHIVE PATH WILL BE IGNORED!!! ".md5" 'archive' is ALWAYS generated in current directory (where checked files are), and NOT in the opposite panel! The only exception is creating checksum of the files stored on CD-ROM media as there's no way to create files there.
    5. Press OK and check CURRENT directory for ".md5" list generated.
  2. Verify MD5 checksum:
    1. Certify that ".md5" list is in it's right place (filenames listed in it should be relative to the current directory).
    2. Select it and do "Files => Test Archive(s)".
    3. If any file doesn't matches stored MD5 checksum then "CRC error" message box appears.
    4. If everything is clear Total Commander remains quiet.
  3. Browse MD5 checksum list:
    1. Certify that ".md5" list is in it's right place (filenames listed in it should be relative to the current directory).
    2. Select it and enter it as it were a normal archive.
    3. If any file is present in the ".md5" list but wasn't found in the current directory then "?" is displayed instead of file date/time and size.
    4. PLEASE NOTE THAT FILES CAN NOT BE EXTRACTED TO YOUR DISK! ".md5" isn't an archive, it stores only the hash of the file.
    5. Select file you wish to check and press F3 (call Lister).
    6. Lister will show complete file name, expected checksum and generated checksum. If both checksum matches then the last line is "MD5 checksum OK!".

Share/Save/Bookmark

stas's picture
stas » May 9, 2006 » 12:17

Diamond Rio PMP300 FS-plugin


Diamond Rio PMP300 itself!!!

Diamond Rio PMP300, with only 32 MB of flash memory, was the second portable MP3 player ever released, in 1998. Unfortunately, such a revolutionary piece of hardware is very painful to interface with: as it is connected through parallel port, highest transfer rates achieved were around 80 KB/s. And the software bundled with it was too primitive. To the luck of thousands of (un)happy Rio owners, The Snowblind Alliance released their Open-Source RIO utility, which became a starting point of several alternative Rio manager interfaces. Mine is just one of them Smiling
First of all, there's absolutely no need to write the entire file manager. Total Commander (TC for short) is one of the most feature-rich file managers ever made, and it supports a very extensible plugin API. As a result, one could use TC to manage files directly on the flash memory of his/her Rio! Actually, my plugin supports listing, uploading, downloading & deleting files from Diamond Rio PMP300 internal memory. It also displays the transfer speed and the total/remaining space. Take a look at this screenshot to see it in action. Behind the GUI, my plugin uses the source of the "RIO utility v1.07" by The Snowblind Alliance.

Installation:

Just the same as for many other FS-plugins:
  1. Unzip rio.wfx & rio.cfg files to Total Commander directory
  2. Choose "Configuration => Options => Operation => FS-Plugins"
  3. Choose rio.wfx
  4. Click OK.
  5. You can now access the plugin in the "Network Neighborhood"
  6. Open rio.cfg file and set the correct LPT port address (see below for more details)
Please note that DriverLINX Port I/O Driver by Scientific Software Tools, Inc. is required for plugin to operate. Get it below.

Configuration:

In the majority of cases, the plugin may work fine "out-of-the-box". If it doesn't work at all, probably you'll need to discover and specify your PC's parallel port hardware address. Open your system's "Device Manager" (on Windows XP, open the context menu for "My Computer", click "Properties", go to the "Hardware" tab, and click the "Device Manager"). Go straight to "Ports (COM & LPT)". Now locate the port that your Rio device is attached. On my case, it's LPT1. Double-click "Printer port (LPT1)", and go to the "Resources" tab. You need the first one of  "I/O Range" numbers:

Device Manager => Printer port (LPT1) => Resources

378 is what you need. Note that this number is in a hexadecimal format. Thus, many programs (like my plugin) may accept it as 0x378. Now, open the rio.cfg file. It looks like this, by default:
# Assume that Rio is connected to LPT1
IOPort 0x378

# default
IODelayInit 20000
IODelayTx 100
IODelayRx 2

# "turbo" mode (UNSAFE!!!)
#IODelayInit 5000
#IODelayTx 1
#IODelayRx 1
Now, just update the IOPort parameter to the value you discovered.
Note all that IODelay* parameters. For the safety reasons, the delays are high by default, and, consequently, the file transfer is slow. If you comment out the default values and uncomment the turbo mode ones, you'll get a great increase in performance! But remember to only use it when your Rio battery is 100% charged, and when your Rio is turned on. It may corrupt some bits, through.

Share/Save/Bookmark

stas's picture
stas » May 6, 2006 » 00:26

I.E. 'hidden image' maker

sample masked image

If you are using Internet Explorer (any version able to load this page Smiling, just select the above image (or go to "Edit => Select All", or press Ctrl-A). You may see a watermark with white letters forming a word "TEST". This only happens in IE, due to the specific way it masks the selected images to show their selected state. Firefox, for example, simply tints the image with bluish color. There are lots of jokes one can make using this simple principle. For example, all images on your homepage may have some "subliminal" messages. Adobe PhotoShop is perfectly suitable to make such 'Hidden Images' by hand; in fact, my inspiration was a tutorial made by Matt Kment to do this. But if you are too lazy and/or do not have PhotoShop installed (UN*X users, for example), you can use this small program I wrote in Perl to automate the "steganographic" process. I wrote it using ImageMagickTM library (so it's required to successfully run the program). It is a command line program, but it is simple enough to use, and it has an advantage to be integrable into your own scripts/programs (you can even setup your server to embed your company logo into all graphics of your site, but this will overload the server's CPU and RAM too quickly). I called my program "Internet Explorer Mask'O'Matic". Take a look at it's startup screen:
Internet Explorer Mask'O'Matic v1.0 by Stas 
Grab yours at http://sysdlabs.hypermart.net/ Eye-wink

Inspirated by some mad stuff by Lem0nHead
Based on Photoshop 'Hidden Image' Guide (http://www.atomicwienerdog.com/ot/)
made by Matt Kment & suggested to me by xfalmp


ERROR: please give us --visible


* Usage: MaskOMatic.pl
* Options (note that you can use syntaxes like --vis= --hid -out -p):
--visible filename of image normally seen (required)
--hidden filename of image seen when selected in IE (required)
--output filename to write out, format is selected automatically
using suffix provided (required)
--percentage float value between 0 & 100; how much of hidden appears
(optional, defaults to 50%)
--quality JPEG/MIFF/PNG compression level (optional, DON'T USE!)
--contrast flag, internal contrast reduction (optional)
--test filename to dump preview of selected image (optional)

* Notes:
# Visible & hidden images doesn't need to have same size, when size
doesn't matches then hidden image is rescaled using Lanczos filter
# A huge set of image formats is supported (JPG, GIF, PNG for example)
but I strongly advice you to write output in loseless format *only*
(BMP, PNG, TGA) and *then* fine-tune contrast/brightness & save
compressed in your favourite image editor (like GIMP)

* Example:
MaskOMatic.pl --vis bush.jpg --hid death.jpg --out sublim.bmp
Only 3 options are obligatory: --visible, --hidden & --output. You can abbreviate them as -v, -h & -o, respectively. "Visible" is an image that user sees by default. "Hidden" is what user sees when he/she selects the image. And "output" is the resulting image you can embed into your pages. It is also possible to use the "--test" option to preview the selected state of the output image without starting Internet Explorer. If it looks bad, you may play around with "--percentage" option, which specifies the 'weight' of the hidden image. The higher is this value, the greater is the hidden image visibility. If that's not enough to hide your image well (some things are pretty difficult to hide!), you can try to tune the output image with "--contrast" option, but I suggest you to use some GUI program to do that as you get the visual feedback instantly. I also suggest you to always save your output in the non-compressed lossless format (like BMP, TGA, TIFF), and then fine-tune the compression in some program specialized in it (GIMP has a nice compressor with visual feedback).

Alternatives:

Share/Save/Bookmark

stas's picture
stas » May 5, 2006 » 17:47
XML feed