File Format Posters

It’s not uncommon for hackers to have a particular delectation for unusual interior decoration. Maybe it’s a Nixie tube clock, or a vacuum fluorescent display reading out the latest tweets from a favorite chatbot. If this sounds like your living room already, perhaps you’d like some of these file format posters to adorn your walls.

The collection of images includes all kinds of formats — GIF, ZIP and WAV are all represented, but it even gets into some real esoterica — DOLphin format executables are here if you’re a total GameCube fanatic. Each poster breaks down the format into parts, such as the header, metadata and descriptor sections, and come in a variety of formats themselves — most available in SVG, PDF and PNG.

If we’re totally honest, these aren’t all designed for hanging on your wall as-is — we’d consider putting some work into to optimize the color palettes and layouts before putting these to print. But regardless, they’re an excellent visual representation of data structures that you might find particularly useful if you need to do some reverse engineering down the track.

If you still have wall space available after seeing this, here’s the electronic reference poster that should fill it.

[Thanks to JD for the tip!]

Hacklet 97 – Camera Projects

We last covered camera projects way back in Hacklet #11. A ton of camera projects have been added to since then. While the rest of the world is taking selfies, hackers, makers, and engineers have been coming up with new ways to hack their image capture devices. This week on the Hacklet, we’re taking a look at some of the best camera projects on!

pixelzFirst up is [aleksey.grishchenko] with PiXel camera. PiXel is a camera and a live video display all in one, We wouldn’t exactly call it high-definition though! A Raspberry Pi uses its camera module to capture images of the world. [Aleksey] then processes those images and displays them on a 32 x 32 RGB LED matrix. This matrix is the same kind of tile used in large outdoor LED signs. The result is a surreal low resolution view of the world. Since the Pi, batteries, and camera all hide behind the LED matrix, there is an unobstructed view of the world around you. [Aleksey] used  [Henner Zeller’s] matrix library to make this hack happen.

imagerNext up is [Esben Rossel] with Linear CCD module. [Esben] is building a Raman spectrometer, much like 2014 Hackaday Prize finalist [fl@C@] with his own ramanPi. The heart of a spectrometer is the linear image capture device. Both of these projects use the same TCD1304 linear CCD. Linear Charge Coupled Devices (CCDs) are the same type of device used in flatbed document scanners. The output of the CCD is analog, so an ADC must be used to capture the data. [Esben] is using an STM32F401RE on a Nucleo board as the control logic. The ST’s internal ADC converts the analog signal to digital. From there, it’s time to process all the spectra.

wiimote-cam[Chiprobot] brings the classic Wii remote camera to the internet of things with
ESP8266 meets Wii Mote Camera. The Wii remote uses a camera which doesn’t output images, instead it plots the location of up to four IR LEDs. Normally these LEDs are located in the poorly named sensor bar that is sold with the Wii. Hackers have been using these cameras in projects for years now. [Chiprobot] paired his camera with the modern classic ESP8266 WiFi module. The ‘8266 is programmed to read data from the camera’s I2C bus. It then sends the data as an SVG request to the W3C website. W3C returns a formatted image based on those coordinates. The resulting image is a picture of the IR LEDs seen by the camera. Kind of like sending your negatives out to be developed.

photoboothFinally, we have [GuyisIT] with Raspberry Pi Photobooth. Photo booths are all the rage these days. First it was weddings, but now it seems like every kids party has one. [GuyisIT] didn’t rent a booth for his daughter’s birthday, he built one using his Raspberry Pi and Pi camera. The project is written in python, based upon [John Croucher’s] code. When the kids press a button, the Pi Snaps a series of pictures. The tiny Linux computer then joins and rotates the images while adding in some superhero themed graphics. Finally the Pi prints the image on to a photo printer. The biggest problem with this hack is re-triggering. The kids loved it so much, they kept pressing the big red button!

If you want to see more camera projects, check out our updated camera projects list! If I missed your project, don’t be shy! Just drop me a message on That’s it for this week’s Hacklet. As always, see you next week. Same hack time, same hack channel, bringing you the best of!

Stegosploit: Owned by a JPG

We’re primarily hardware hackers, but every once in a while we see a software hack that really tickles our fancy. One such hack is Stegosploit, by [Saumil Shah]. Stegosploit isn’t really an exploit, so much as it’s a means of delivering exploits to browsers by hiding them in pictures. Why? Because nobody expects a picture to contain executable code.

stegosploit_diagram[Saumil] starts off by packing the real exploit code into an image. He demonstrates that you can do this directly, by encoding characters of the code in the color values of the pixels. But that would look strange, so instead the code is delivered steganographically by spreading the bits of the characters that represent the code among the least-significant bits in either a JPG or PNG image.

OK, so the exploit code is hidden in the picture. Reading it out is actually simple: the HTML canvas element has a built-in getImageData() method that reads the (numeric) value of a given pixel. A little bit of JavaScript later, and you’ve reconstructed your code from the image. This is sneaky because there’s exploit code that’s now runnable in your browser, but your anti-virus software won’t see it because it wasn’t ever written out — it was in the image and reconstructed on the fly by innocuous-looking “normal” JavaScript.

232115_1366x1792_scrotAnd here’s the coup de grâce. By packing HTML and JavaScript into the header data of the image file, you can end up with a valid image (JPG or PNG) file that will nonetheless be interpreted as HTML by a browser. The simplest way to do this is send your file myPic.JPG from the webserver with a Content-Type: text/html HTTP header. Even though it’s a totally valid image file, with an image file extension, a browser will treat it as HTML, render the page and run the script it finds within.

The end result of this is a single image that the browser thinks is HTML with JavaScript inside it, which displays the image in question and at the same time unpacks the exploit code that’s hidden in the shadows of the image and runs that as well. You’re owned by a single image file! And everything looks normal.

We like this because it combines two sweet tricks in one hack: steganography to deliver the exploit code, and “polyglot” files that can be read two ways, depending on which application is doing the reading. A quick tag-search of Hackaday will dig up a lot on steganography here, but polyglot files are a relatively new hack.

[Ange Ablertini] is the undisputed master of packing one file type inside another, so if you want to get into the nitty-gritty of [Ange]’s style of “polyglot” file types, watch his talk on “Funky File Formats” (YouTube). You’ll never look at a ZIP file the same again.

Sweet hack, right? Who says the hardware guys get to have all the fun?

Hiding Executable Javascript in Images That Pass Validation

Here’s an interesting proof-of-concept that could be useful or hazardous depending on the situation in which you encounter it. [jklmnn] drew inspiration from the work of [Ange Albertini] who has documented a way to hide Javascript within the header of a .gif file. Not only does it carry the complete code but both image and the Javascript are seen as valid.

With just a little bit of work [jklmnn] boiled down the concept to the most basic parts so that it is easy to understand. Next, a quick program was written to automate the embedding of the Javascript. Grab the source code if you want to give it a try yourself.

Let’s get back to how this might be useful rather than harmful. What if you are working on a computer that doesn’t allow the browser to load Javascript. You may be able to embed something useful, kind of like the hack that allowed movies to be played by abusing Microsoft Excel.

Images carrying an encrypted data payload


This is a tidy looking banner image. But according to [Ian] it contains 52KB of source code. You can’t just read out all of that data. Well, you can but it will be gibberish. Before hiding the bits in plain sight he encrypted them with two different keys.

He’s using AES-256 encryption to keep his data away from prying eyes. But if that wasn’t enough, he also wrote a PHP program to hide the bits in a PNG image. Not just any picture will do (otherwise your eye will be able to see something’s awry). The post linked above focuses mainly on how to choose an image that will hide your data most easily. We asked him if he would share his techniques for actually merging the encrypted file with the picture and he delivered. Head on over to his repository if you want to take a look at the generator code.

Dissecting a firmware image


[Leland Flynn] did a great job of picking apart the firmware image for a Westell 9100EM FiOS router. Unfortunately he didn’t actually find the information he was looking for. But he’s not quite done poking around yet either. If you have never tried to make sense of an embedded Linux firmware image this serves as a great beginner’s example of how it’s done.

He was turned on to the project after port scanning his external IP and finding a random login prompt which he certainly didn’t set up. Some searching led him to believe this is some kind of back door for Verizon to push automatic firmware updates to his router. He figured why not see if he could yank the credentials and poke around inside of the machine?

He started by downloading the latest firmware upgrade. Running ‘hexdump’ and ‘strings’ gives him confirmation that the image is based on Linux. He’s then able to pick apart the package, getting at just the filesystem portion. His persistence takes him through extracting and decompressing three different filesystems. Even though he now has access to all of those files, broken symlinks meant a dead-end on his login search.

Dumping a C64 kernel

[Blark] picked up a couple of Commodore 64 machines on Craig’s List so that he could play around with the SID chips inside. But there’s some other fun stuff in there and his attention was drawn to the PROM which stores the kernel. He thought it would be a fun adventure to build a ROM dumper capable of storing binary images.

In the video after the break you can see that when powered up the dumper immediately starts streaming hex values to the terminal. The system is set up to feed a Python script which packs the data stream into an image file. The reading is done by a PIC 18F4520, streaming the data in at 9600 baud with a generous delay between each address read to get the cleanest read possible. He had a bit of help from the AVR Freaks to get to this point.

We’d guess he’s going to pull the image off the chip several times and compare results to filter out any possible data corruption. From there we’re not sure what he’ll do with the files but there’s always the possibility of making is own emulator using this kernel image.

Continue reading “Dumping a C64 kernel”