If you aren't into challenges, have never looked at a Rubik's cube as anything but a colorful plastic square, suck at math, are regularly infuriated by computers, and have zero patience, you can stop reading now, there is nothing for you here beyond this sentence. For the rest of you, read on...
Every now and then I come across a topic I am simultaneously unfamiliar and fascinated with. Recently this as been reversing (and yes I'm talking about reverse engineering software, not taking apart your cable box to try and figure out how to get more channels you cheapskate). I have had my share of brushes with reverse engineering, and most of us probably have without knowing it. Anyone who has been exposed to a 'cracked' version of a program, run an anti malware application, got a computer virus, used a key generator, watched a 'backed up' DVD, or used a patch to modify the way a program runs (like removing a nag screen or something similar) has been blessed with the byproduct of reverse engineering software.
In short, reversing is looking at the files that make up a program, and using tools to peek inside, prod around, and find ways to tweak the files and make the system behave the way you want it to. The amount of changes you can make to a binary application are obviously limited and it can be very complex, time consuming and challenging, but the end result is unbelievably rewarding.
Of course I'm not condoning pirating software or violating any applications terms of use agreement, but these sorts of intense puzzles are far more entertaining than sudoku or a Rubik's cube, and can yield some pretty cool results while strengthening your general understanding of exactly how applications work at the ground level. For example, reversing is a powerful tool used to thwart malware and is one of the ways anti spyware/malware applications are able to remove those nasties from an infected system. Awwww, thanks reverse engineering! It is also very useful to developers who want to make their application more secure, after all you have to know how people break into them in order to protect against it (like that movie where Martin Laurence is a thief who becomes a cop and ends up finding out he's pretty good at catching thieves... yea kind of like that).
The thing I've really found interesting is how many new areas studying this topic really opens up. It forces you to delve into assembly language for example, and understand the transmission of network packets at a very different level. Diving into these subjects introduces tools and techniques that are applicable to so many troubleshooting tasks that it can really improve your capabilities as a tech person in virtually any area of expertise.
To get your feet wet, I would recommend searching youtube for videos on ollydbg, IDA pro, (both disassemblers), DeObfuscation, unpacking, and revers engineering in general. Also get familiar with hex editors and what they can be used for, decompilers like flasm and sothink for flash decompilation, etc. etc. etc.
Here are a couple links to sites with lots of different tools you can play with:
http://reversingproject.info/?page_id=153
RCE's tool library
And here is a list of some other apps that I've been toying with as of late:
XVI32, Hex Workshop, PEid, .NET Reflector, OllyDBG, IDA Pro
more reversing resources:
RCE Messageboard - be sure to check out the FAQ, tons of great information on there.
Lena's tutorial series - An excellent set of 40 tutorials including demo files, videos, documentation and even the freeware apps you'll need to get started. Highly recommended.
Bottom line is, if you're not familiar with any of these things, that's ok, you've just got a lot of toying around to do. If you want to try cracking a very simple application, check out oldversion.com - they keep a repository of older versions of all types of popular software that is much less complex and easier to crack than then more heavily protected modern applications (of course this is a sweeping generalization and not universally applicable).
And of course what would a blog post be without a couple little videos to show you what the hell I'm talking about:
Happy reversing =)
Friday, February 26, 2010
Wednesday, February 17, 2010
Starcraft 2 Closed Beta Lanches
Blizzard announced today that the multiplayer beta test for StarCraft II: Wings of Liberty is now underway. The client downloader is available through Battle.net for people who have received invites, and the system requirements have been posted as well. A list of known issues is up on the official forums.
Lots of questions about the Beta have been answered by Blizzard on a German website instarcraft.de. You can access the translated FAQ here.
In addition there have been a few live streams popping up for those of you want to get an early look at the game. Several of them are getting thousands of active viewers only a couple hours after the beta has launched. The masses are certainly writhing in anticipation for their opportunity to either get in on the Beta, or to pick up a copy of the game when it is released later this year. Here are the streams:
Starcraft Method:
http://www.livestream.com/starcraftmethod
Several streams from Starcraftmethod.com
1Up:
http://www.1up.com/do/newsStory?cId=3177988
LiquidNazgul's Livestream:
http://www.teamliquid.net/video/userstream.php?user=Chill
http://www.livestream.com/jobbies
Wr3k's SC2 stream
KOre's Stream
Response's Stream
Lots of questions about the Beta have been answered by Blizzard on a German website instarcraft.de. You can access the translated FAQ here.
In addition there have been a few live streams popping up for those of you want to get an early look at the game. Several of them are getting thousands of active viewers only a couple hours after the beta has launched. The masses are certainly writhing in anticipation for their opportunity to either get in on the Beta, or to pick up a copy of the game when it is released later this year. Here are the streams:
Starcraft Method:
http://www.livestream.com/starcraftmethod
Several streams from Starcraftmethod.com
1Up:
http://www.1up.com/do/newsStory?cId=3177988
LiquidNazgul's Livestream:
http://www.teamliquid.net/video/userstream.php?user=Chill
http://www.livestream.com/jobbies
Wr3k's SC2 stream
KOre's Stream
Response's Stream
Windows 7 Mobile - First Impressions
There's no doubting that the initial end-user impressions scattered in comments across blogs, youtube videos and technology forums from all around the internet have been very good. The only real negative feedback seems to be centered on the bad taste Microsoft has left in so many nerdy mouths over the years, especially in the mobile world. Microsoft has lost over 30% of the U.S. smart phone market share since 2007 and is currently hovering somewhere around 16% and dropping like a rock.
So what has Microsoft done that is making real success a possibility?
They have completely redesigned windows mobile from the looks of things. The new user interface is reminiscent of Windows Media Center in terms of looks and comes paired with a new ideology in terms of navigation and functionality. The information is data-centric unlike our current popular mobile Os platforms like Apple's iPhone OS and Google Android OS among others. The layout makes sense and could really stir things up if the cards are played correctly.
All of this is exciting and all, but I can't help but to be somewhat afraid of what Microsoft will manage to do to undermine its own success. This reminds me of how excited I was about xBox Live and the many possibilities there specifically with the integration with Windows Media Center and how I couldn't wait to replace my cable box with a media center computer and an xBox360. Unfortunately the corporate mentality of Microsoft killed both of these things for me over time. Instead of allowing free and cheap user created content to integrate with xBox and Windows Media Center pcs, we were locked into only playing windows media formatted files and purchasing videos. We were forced to rely on all sorts of hacks and workarounds to get our xvid movies to play on our TV and couldnt enjoy most of what the internet already offers us for free (Like HULU and YouTube!). The dream of a centralized unrestricted home entertainment seems to be hitting road blocks everywhere, and the first one to tear them down will undoubtedly see some real success.
Here are a few items we will just have to wait and see about before we go buying a Windows Mobile 7 device...
These are just a few things that come to mind, but I'm sure all of the thorough comparisons, benchmarks, overviews, photos and videos that are sure to begin flooding the interwebs will reveal the answers in due time.
Microsoft, don't lock us out of our own content. Don't force us to use something when we already like something else much more. Feel free to give us the option to try something new, but don't flood me with nag screens teasing me to open my wallet to enjoy what I thought I had already purchased (like with xBox), or handcuff me to your favorite video and audio services owned by you and your buddies. You've got a good idea here, and you seem to have done well with Windows 7. Please don't make Windows 7 brief moment of clarity, tell me you've changed for good.
So what has Microsoft done that is making real success a possibility?
They have completely redesigned windows mobile from the looks of things. The new user interface is reminiscent of Windows Media Center in terms of looks and comes paired with a new ideology in terms of navigation and functionality. The information is data-centric unlike our current popular mobile Os platforms like Apple's iPhone OS and Google Android OS among others. The layout makes sense and could really stir things up if the cards are played correctly.
All of this is exciting and all, but I can't help but to be somewhat afraid of what Microsoft will manage to do to undermine its own success. This reminds me of how excited I was about xBox Live and the many possibilities there specifically with the integration with Windows Media Center and how I couldn't wait to replace my cable box with a media center computer and an xBox360. Unfortunately the corporate mentality of Microsoft killed both of these things for me over time. Instead of allowing free and cheap user created content to integrate with xBox and Windows Media Center pcs, we were locked into only playing windows media formatted files and purchasing videos. We were forced to rely on all sorts of hacks and workarounds to get our xvid movies to play on our TV and couldnt enjoy most of what the internet already offers us for free (Like HULU and YouTube!). The dream of a centralized unrestricted home entertainment seems to be hitting road blocks everywhere, and the first one to tear them down will undoubtedly see some real success.
Here are a few items we will just have to wait and see about before we go buying a Windows Mobile 7 device...
- Will Microsoft lock down media formats, cripple xBox Live and media center integration or try and heavy handedly push 'premium content'?
- Can apps directly integrate with the UI to bring their data front and center (which is what makes this OS so attractive anyway), or will microsoft lock down which services get special treatment? If they can, can I get in and tweak what shows where, when and how it is displayed? This style of interface could quickly become overrun with useless app notifications at time when they aren't needed if I can't have tight control over it.
- Can users disable the long transitions? They look great but I'm sure some people would like to shave any extra seconds off their day to day tasks like adding contacts, browsing the internet or looking up someones contact details, etc.
These are just a few things that come to mind, but I'm sure all of the thorough comparisons, benchmarks, overviews, photos and videos that are sure to begin flooding the interwebs will reveal the answers in due time.
Microsoft, don't lock us out of our own content. Don't force us to use something when we already like something else much more. Feel free to give us the option to try something new, but don't flood me with nag screens teasing me to open my wallet to enjoy what I thought I had already purchased (like with xBox), or handcuff me to your favorite video and audio services owned by you and your buddies. You've got a good idea here, and you seem to have done well with Windows 7. Please don't make Windows 7 brief moment of clarity, tell me you've changed for good.
Sunday, February 14, 2010
FL Studio 9
Haven't been toying with this too much these days but figured I'd post what I have done lately anyway. Heres a track I made recently. FL files included so you can tweak it yourself if you like.Feel free to use it as you wish =)
Dethroned.zip
Dethroned.zip
Friday, February 12, 2010
How to Customize an Office 2007 Installation
Requirements: Office 2007 copied to an accessible network location
To start the customization Wizard launch setup.exe with the /admin switch like this:
Start > Run and then:
"\\server\share\distrib\Microsoft\Office 2007\setup.exe" /admin
This will launch the Office Customization Tool
Each section has options that can be configures, such as adding trusted macros and security certificates of trusted applications, Added the Volume license keycode so it doesnt have to be entered during installation and even customizing outlook exchange server settings to automate profile creation.
Example of licensing and User Interface section:
In the Outlook Section, do the following to auto setup a users profile so you dont have to enter the exchange and user settings each time a new profile is configured:
Once you are done configuring the various options, click File > Save from the main menu.
Save the file (you can name it anything) in the 'Updates' folder located on your network installation source.
Next time you launch the installer (via setup.exe, not the .msp file you created), all of the settings will be automatically applied during installation. The .msp file you created can also be used to update existing installations of MS Office 2007.
Thursday, February 11, 2010
The Buzz on Google Buzz
Over the past few days since the release of Google Buzz I have noticed countless articles stating that Google is stepping on their own toes, people cant wait to see Buzz launched so they can turn it off, and that it's redundant, useless, privacy nightmare, etc etc etc.
This is a far stretch from Google's typical announcement reactions, to for example their up coming 1Gbps fiber to home service . So why the bad sentiment?
Two reasons.
First, the only big complaint people have with Google these days is Power and Privacy (yes that's one complaint). Google holds so much information about each individual's habits that they could probably launch some software that will give you accurate life coaching advice! The fear is that this info could some day (once the 'don't be evil' mantra is worn down by greedy board execs and share holders) fall into the wrong hands, and be used for the wrong reasons. Google Buzz is just another avenue for personal data gathering, which is the most precious type. I could care less if people knew about something as generic as what brand of cell phone I prefer, but to tap into conversation with close friends and family about private matters is a bit invasive. I see Google Buzz taking the wrap for that, but it's just like anything else, just like this blog for example. I just don't post things that are too personal to be public, and that's that.
Second reason is that people already have their beloved Facebook. Facebook is the one hub that has captured the market (which was MySpace's to lose). The universal, no frills, clean interface which brought an older age group into the fold, coupled with the chat feature was a hit.
What do I think will come from Google Buzz?
I think it will do well in due time. Facebook will not be replaced any time soon, but they are having some huge problems. Facebook's site is often so slow its almost unusable. This keeps them from expanding into more robust functionality and paves the way for up and coming competition like Google Buzz. Facebook is also getting into bed with some unsavories like AOL. Just the sheer mention of AOL brings back floods of
Facebook now has over 100 million mobile users. This number is only growing, and with social tools integrated out of the box with these types of tools this number shows no signs of slowing. Who is the king of mobile app development? Google of course. Their Android team is quickly sweeping the marking and positioned to be a major competitor in the smartphone marketplace for years to come. When all the android handsets start shipping with Google Buzz clients by default (which will possibly become more well produced and useful than the facebook app), and the facebook app is no longer pre installed we might notice a shift of power in the long run.
All in all there are privacy concerns with any social app, and its a new era that takes new responsibility and awareness that nothing is private. Social apps are not going anywhere, and the same complaints can be launched toward any one of the many services floating around out there. Google's ridiculous collection of gobs of personal data is scary as hell, but I dont think that will deter the service from being a success if they can continue to product the type of software we have seen that they are capable of (gmail, android, google maps, and of course search, etc. etc.)
Will be interesting to see how it all plays out.
Wednesday, February 10, 2010
Starcraft 2 Beta Launching This Month, and Final Release Summer 2010
As confirmed by the Activision Blizzard Fourth Quarter Calendar 2009 Results Conference Call, the Starcraft 2 Beta will be launching before the end of this month. Starcraft 2 is the sequel to the highly acclaimed Starcraft that first launched 12 years ago and still boasts a large online player base, particularly in Korea and other countries. This comes after lots of speculation flying around recently regarding the release date and beta launch date coming very soon, despite several delay announcements since mid 2007. In addition to the beta announcement, there was also mention that the ship date for the first installment of starcraft 2 (Wings of Liberty) is slated to be shipped mid 2010. This can be confirmed by looking at the earnings guidance provided (if you consider attributing the expected revenue increases for Q2 to come from preorders which would likely begin in Q2 also).
According to the call, this will be a global beta with "thousands" of users from the US as well as other nations around the world. We know they gave out several beta keys during Blizzcon over the past few years, several others via their official twitter page, as well as others via several contests they have been running on the official SC2 website. They have also been accepting beta opt ins via the battle.net website so long as you have a valid product key from an existing Blizzard game for some time now, but we still don't know just how many users will be able to get in on the Beta in comparison to how many opt ins they have received, or what the criteria is. All we can do for now is sit and wait for an email...
The conference call was recorded and will likely be available on the Activision website after the call is concluded as well as the slides provided during the call:
http://investor.activision.com/results.cfm
According to the call, this will be a global beta with "thousands" of users from the US as well as other nations around the world. We know they gave out several beta keys during Blizzcon over the past few years, several others via their official twitter page, as well as others via several contests they have been running on the official SC2 website. They have also been accepting beta opt ins via the battle.net website so long as you have a valid product key from an existing Blizzard game for some time now, but we still don't know just how many users will be able to get in on the Beta in comparison to how many opt ins they have received, or what the criteria is. All we can do for now is sit and wait for an email...
The conference call was recorded and will likely be available on the Activision website after the call is concluded as well as the slides provided during the call:
http://investor.activision.com/results.cfm
Friday, February 5, 2010
The Missing Software - Painless Imaging
I think there is a huge hole in the market when it comes to imaging software. We've got some really good companies out there like Symantec and Acronis, but I feel like there is a big gap requiring an IT Administrator to take multiple steps to create a universal image that can be rolled out to many different hardware types throughout the office. This can be achieved using imaging software like Backup Exec System Recovery or True Image in conjunction with Sysprep and MySysprep but its clunky and takes time to set up.
I see it like this. Why cant I just create an image as usual, and have a bootable application that will go to a web based driver repository and download the network and storage drivers needed to boot that image on dissimilar hardware, as well as switch to the correct hardware abstract layer as well as regenerate SIDs AND join the PC to the domain automatically and name the PC according to serial number all in one product? In addition most of these apps support converting to and from virtual images. Forget converting, we want to boot the image so we can update it from time to time and just 'save' it back when we are done installing windows updates.
I've been putting together a tutorial on how to achieve this with BESR and sysprep, but like Conan O'Brien it's not quite ready for prime time yet. Stay tuned.
UPDATE: Somehow I missed UIU (Universal Imaging Utility). I'm trying it out now to see how well it works but it came highly recommended from a colleague. Looks like it does most of what I mentioned above but instead of downloading only your necessary drivers on the fly, it loads a 2GB repository of just about every driver you could need. Luckily it does give you the ability to narrow that down after it is already installed on your base image.
My big question is, will it allow for more flexibility than sysprep in terms of customizing your settings, specifically with computer naming schemes and domain autojoin? We will soon find out.
I see it like this. Why cant I just create an image as usual, and have a bootable application that will go to a web based driver repository and download the network and storage drivers needed to boot that image on dissimilar hardware, as well as switch to the correct hardware abstract layer as well as regenerate SIDs AND join the PC to the domain automatically and name the PC according to serial number all in one product? In addition most of these apps support converting to and from virtual images. Forget converting, we want to boot the image so we can update it from time to time and just 'save' it back when we are done installing windows updates.
I've been putting together a tutorial on how to achieve this with BESR and sysprep, but like Conan O'Brien it's not quite ready for prime time yet. Stay tuned.
UPDATE: Somehow I missed UIU (Universal Imaging Utility). I'm trying it out now to see how well it works but it came highly recommended from a colleague. Looks like it does most of what I mentioned above but instead of downloading only your necessary drivers on the fly, it loads a 2GB repository of just about every driver you could need. Luckily it does give you the ability to narrow that down after it is already installed on your base image.
My big question is, will it allow for more flexibility than sysprep in terms of customizing your settings, specifically with computer naming schemes and domain autojoin? We will soon find out.
Friday, January 29, 2010
Introducing the iPad, the iPod Touch for huge people...
At dinner last night I was sitting with two friends who adamantly defended the iPad and how cool it is. They also marveled at how low the price tag was, especially for a new apple device. Had to do all that I could to keep from spitting iced tea all over the table. When I watched the iPad launch video I sat silently, in disbelief. Steve was trying so hard to be enthusiastic about nothing new at all, like the ability to change the wallpaper to whatever you want. If you closed your eyes and couldn't see the device, you would have thought without question this was the release video for the iPod touch. It's the same device, only huge.
I'm not saying the iPad is useless, but I am saying its not such a game changing announcement at all. The iPad has some serious flaws that should have been addressed to make up for its bulk and help this device to stand out. The iPad needed to compete with netbooks and all the upcoming tablets, and I really don't it comes close. You're going to see a lot of other tablets begin to overshadow the iPad in terms of functionality (maybe not in the hype department though, Apple has got that market cornered). There will be a slew of Android based devices from lots of different manufacturers that will out of the box perform a lot of the same functionality and then some, including the Flash support that the iPad doesn't have.
Let us count the ways the iPad is lacking vs a Netbook
- no flash support
- no external storage device support
- no access to non apple media stores
- no built in web cam or camera, or mic for that matter
- can't angle the screen when device is on your lap
- no physical keyboard
- no SD card slot
- more expensive!
What Apple Should have released imo:
The iPad certainly should have had a mic, webcam, sd card slot, usb port for external devices, flash support, and it should come with the carrying case they sell as an accessory, and maybe a digital TV tuner or something to make it stand ABOVE what we already have.
I'll be waiting for the iPad G2 or whatever they will be calling it.
UPDATE: Just days Later We get the announcement that the JooJoo is set to hit the market and has most of the features the iPad is missing. It doesnt have the name recognition but it certainly looks good and has some serious specs to back it up... all for the same price as the iPad. Now that's what Apple should have done. Oh well maybe next time.
Check out the new device here: https://thejoojoo.com/
Check out the new device here: https://thejoojoo.com/
Thursday, January 28, 2010
Use Google Voice to Deal with Pushy Debt Collectors
It's happened to everyone. You receive a phone call from an unknown number and next thing you know they are informing you that they are recording your phone call. Lots of times after the conversation is over and you think you've made some progress explaining whatever the situation is, and you get a call the next day from someone else who has no idea what you've talked about, or what the previous person had promised you.
For me it was when a mystery account showed up on my credit report and now I had to fight to get it removed. Turned out years ago I was on a short term lease with someone who had stained the carpet in their bedroom. The management company had to replace it and billed it back to us, the tenants. I was unaware of this until seeing it show up on my credit report. After tracking down the collection agency assigned to the debt I began to get the equivalent of Navy Seal trained debt collection efforts in the mount of over $2,000. I wasn't personally responsible for the carpet, but I was on the lease after all. I did what anyone would do and asked them what the minimum amount was that they would accept to clear the debt (since of course they purchased the debt for pennies on the dollar). The process can be pretty daunting if it is considered a legitimate debt, but there are some things you can do to protect yourself when negotiating a settlement. One thing is to use Google Voice to record any conversations with the debt collectors to get them to keep their promises. These guys are shady and they are trained to be that way. For example they will always lie to you and tell you 1) they need an entire lump sum, and cannot accept payments (generally false) 2) they need it within 3 days or some ridiculous timeframe, etc. etc. If they hear 'voice recording is now on', they are much less likely to try and BS you.
It's funny how people change when they are on camera, or being recorded unexpectedly. Doing this is simple, log into Google Voice, press the call button, type in the number to the slimy bill collector, and it will ring your phone. Once they are on the call press the number 4 and you will hear 'call recording on'. Your call will be recorded and will be accessible from your Google voice account. You can even save the file for future reference.
One other good practice is to call them from google voice and record the call, then request they update their records with your Google voice phone number so you can record calls and you no longer authorize them to call your cell phone directly. Let them know it will ring the same phone. They are much less likely to refuse when they know they are being recorded.
