SixFoisNeuf

Systems administration, DFIR and malware analysis

Recent posts

Jan 7, 2021
Kindle Hacking: porting Doom to the Kindle 4As promised, here is a writeup about how I ported Doom to my old Kindle 4! I will try to detail my thought process for each step, and why I chose to do it the way I did (spoiler: it’s mostly because that’s what worked first). It could be useful to read the previous part if you haven’t yet, because it details how the OS exposes the e-ink screen and hardware buttons to applications.…
Jan 1, 2021
Kindle hacking: a deeper dive into the internalsIn this blog post, we will research in more details how the system interacts with all the different hardware components of this e-book reader. In the previous blog post, we stayed within Amazon’s “walled garden” (kind of): our apps had to use the Kindle Developement Kit, and with it all kinds of restrictions: No socket connection. All network connections must be HTTP/S. Cannot react to key presses however we want: for example, pressing Menu always brings up a menu.…
Dec 27, 2020
Kindle hacking: jailbreaking your Kindle 4 and writing KindletsI have been back at my folks for winter holiday, which means I’m rediscovering some old stuff I had laying around. One of these is a Kindle 4, an old ebook reader which was gathering dust in the corner of my room. After seeing someone use it as a weather station, I started to look up how I could go about running custom code on this thing. It turns out it’s pretty easy to get SSH access to the device as root, and from there add custom applications, or even access the framebuffer directly.…
Jan 29, 2020
Oculus Quest wireless castingI recently caved in and acquired an Oculus Quest. Even if Oculus is now part of the Facebook conglomerate (ugh), this piece of hardware is really impressive, and relatively affordable: you essentially get all the hardware you need to get access to the VR ecosystem for about ~€450. No need for a beefy PC or anything of the sort! On the technical side, it seems the headset runs a modified Android version (7.…
Apr 19, 2019
Introducing RegRippyThis post was written as part of my work as a member of the Airbus CERT. Anectodes and opinions shared in this post only reflect my own beliefs and not necessarily my teammates’ or my employer’s. When investigating an intrusion on a system, the Windows registry can be a treasure mine of information. From quick wins like grabbing the machine’s name or recent documents to more advanced techniques like parsing shellbags, you can get some very deep insight on what a machine was used for.…
Feb 8, 2017
AlexCTF WriteupThe only challenge I solved during this CTF was the “unVM_me” reverse engineering challenge (finally! Something other than crypto!) We were given a pyc (Python Bytecode) file containing the flag. Executing it asked for the flag, and told us if it was right or wrong. Decompiling the bytecode I used PyCDC to decompile the pyc file. This gave me the following source code (I modified it to add some error checking to help with debugging):…
Feb 6, 2017
BITSCTF WriteupHere’s a quick writeup on the two challenges I solved (Banana Princess and Beginner’s luck) during BITSCTF with the Cryptis team. It was my first CTF and a great experience :D Banana Princess For this challenge, we were given a PDF file which was said to have been encrypted. Hexdump, search for a header By running hexdump -C MinionQuest.pdf | head, we can get the header of the PDF file.…
Jan 27, 2017
Analysis of a Word macro virus - 2701.docOn 2017-01-27, I received a suspicious email on an address I no longer use. EDIT: I received two more emails with the same file, only the message was different. Is it a recent ongoing spam campaign? Hello, My name is Adam Buchbinder, I saw your GitHub repo and i’m pretty amazed. The point is that i have an open position in my company and looks like you are a good fit.…
Jan 26, 2017
Nous sommes désolés de vous apprendre que...Ce post est une traduction libre de “We Are Sorry To Inform You” Il présente des commentaires de peers auxquels certains articles fondateurs de l’informatique et de la cryptographie moderne ont été envoyés. E.W. DIJKSTRA “Goto Statements Considered Harmful” Cette publication essaie de nous convaincre que la fonctionnalité goto devrait être retirée des langages de programmation, ou au moins (puisque je ne pense pas qu’elle sera un jour éliminée) que les programmeurs cessent de l’utiliser.…
Jan 23, 2017
3DS Hacking 101 (WIP)3DS hacking can be a bit daunting to approach even by tech-savvy people because of the lingo and all the different security measures implemented by Nintendo. This post will try to clear everything up. Most of the information here comes from 3DBrew. Glossary o3DS(XL): Original 3DS (the first model) and its XL counterpart n3DS(XL): Upgraded 3DS (New 3DS & New 3DS XL) 2DS: the 2DS if functionnaly the same as an o3DS, so it’s just called “o3DS” CTR: codename for the 3DS NAND: Flash memory, the “hard disk” of your 3DS.…