Hacked by Subtitles

CheckPoint researchers published in the company blog a warning about a vulnerability affecting several video players. They found that VLC, Kodi (XBMC), Popcorn-Time and strem.io are all vulnerable to attack via malicious subtitle files. By carefully crafting a subtitles file they claim to have managed to take complete control over any type of device using the affected players when they try to load a video and the respective subtitles.

According to the researchers, things look pretty grim:

We estimate there are approximately 200 million video players and streamers that currently run the vulnerable software, making this one of the most widespread, easily accessed and zero-resistance vulnerability reported in recent years. (…) Each of the media players found to be vulnerable to date has millions of users, and we believe other media players could be vulnerable to similar attacks as well.

One of the reasons you might want to make sure your software is up to date is that some media players download subtitles automatically from several shared online repositories. An attacker, as the researchers proved, could manipulate the website’s ranking algorithm and not only would entice more unsuspecting users to manually download his subtitles,  but would also guarantee that his crafted malicious subtitles would be those automatically downloaded by the media players.

No additional details were disclosed yet about how each video player is affected, although the researchers did share the details to each of the software developers so they can tackle the issue. They reported that some of the problems are already fixed in their current versions, while others are still being investigated. It might be a good idea to watch carefully and update your system before the details come out.

Meanwhile, we can look at the trailer:

Continue reading “Hacked by Subtitles”

Hackaday Prize Entry: Cheap Visible Light Communication

[Jovan] is very excited about the possibilities presented by Visible Light Communication, or VLC. It’s exciting and new. His opening paragraphs is filled with so many networking acronyms that VLC could be used for, our browser search history now looks like we’re trying to learn english without any vowels.

In lots of ways he has good reason to be excited. We all know that IR can communicate quite a bit, but when you’re clever about frequency and color and throw in some polarizers with a mix of clever algorithms for good measure you can get some very high bandwidth communication with anything in line of site. You can do it for low power, and best of all, there are no pesky regulations to stand in your way.

He wants to build a system that could be used for a PAN (Personal Area Network). To do this he’ll have to figure out a way to build the system inexpensively and using less than a watt of power. The project page is full of interesting experiments and quite a few thesis on the subject of LEDs.

For example, he’s done work on how LEDs respond to polarization. He’s tested how fast an LED can actually turn on and off while still being able to detect the change. He’s also done a lot of work characterizing the kind of light that an LED emits. We don’t know if he’ll succeed yet, but we like the interesting work he’s doing to get there.

Digging HDMI Out Of UDP Packets

[Danman] was looking for a way to get the HDMI output from a camera to a PC so it could be streamed over the Internet. This is a task usually done with HDMI capture cards, either PCI or even more expensive USB 3.0 HDMI capture boxes. In his searches, [danman] sumbled across an HDMI extender that transmitted HDMI signals over standard Ethernet. Surely there must be a way to capture this data and turn it back.

The extender boxes [danman] found at everyone’s favorite chinese reseller were simple – just an Ethernet port, HDMI jack, and a power connector – and cheap – just $70 USD. After connecting the two boxes to his network and setting up his camera, [danman] listened in to the packets being set with Wireshark. The basic protocol was easy enough to grok, but thanks to the Chinese engineers and an IP header that was the wrong length, [danman] had to listen to the raw socket.

Once everything was figured out, [danman] was able to recover raw frames from the HDMI extenders, recover the audio, and stream everything to his PC with VLC. All the code is available, and if you’re looking for a way to stream HDMI to multiple locations on a network, you won’t find a better solution that’s this cheap.

Beating Super Hexagon with OpenCV and DLL Injection

Every few months a game comes along which is so addictive, players can’t seem to put it down – no matter how frustrating it may get. Last year one of those games was Super Hexagon. After fighting his way through several levels, [Val] decided that designing a bot to beat the game would be more efficient than doing it himself. Having played a few rounds of Super Hexagon ourselves, we can’t fault him on that front!

At its core, Super Hexagon is a simple game. Walls move from the screen edges toward a ship located near the center of the screen. The player uses the arrow keys to “orbit” the ship around a central shape. Avoid getting crushed by the walls, and you’re golden. However, the entire game board is constantly spinning, expanding, contracting, flashing, and generally doing things to disorient the player while ever more complex wall patterns move in to kill you. In short, Super Hexagaon makes Touhou bullet hell games look like a cakewalk.

The first step in beating the game is to capture the screen. [Val] tried Fraps and VLC, but lags of 2 seconds or more were not going to work. Then [Val] turned to DLL Injection. Super Hexagon calls the OpenGL function glutSwapBuffers() to implement double buffering. Every frame of the game is rendered in the background. Once rendering is complete glutSwapBuffers() is called to swap the buffers, and the process starts over again. [Val] changed the game code such that his own frame capture function would be called instead of glutSwapBuffers(). Once he was done capturing the game’s video buffer, [Val] then called the real glutSwapBuffers() function. It worked perfectly.

Now that he had an image, [Val] used OpenCV to process it. Although game is graphically very noisy, there are only a few colors used at any one time. It didn’t take much work to come up with an algorithm which would create a binary image of the walls and the ship itself.

step5[Val] cast rays from the center of each wall through the center of the screen. The ray which was longest before intersecting another wall would be the best escape route. This simple solution worked, but only for about 40 seconds. At that point, Super Hexagon would start throwing more complex patterns, and the AI would fail. The final solution was to create an accessibility condition which also took into account how much space was available between the various approaching walls. This new version of the AI was able to beat the game.

So was this a more efficient method than grinding through Super Hexagon manually? Since [Val] now knows all about DLL injection and OpenCV, we sure think it was!

Click past the break to see the [Val’s] bot in action!

Continue reading “Beating Super Hexagon with OpenCV and DLL Injection”

Playing DVDs on an iPad

[Harrison Jackson] figured out how to add DVD playback to an iPad. It doesn’t require a jailbreak, or any hardware modifications to your prized tablet. The work is done with some server-side processing and played back through the browser.

The popular open-source multimedia player VLC has the ability to encode from the command line during playback. [Harry’s] option flag mastery of the program allows him to convert a DVD to a 320×240 format that is iPad friendly. But this alone doesn’t get the video any closer to being on the iDevice. You’ll need to be running a webserver that can stream video. This example is on OSX, but since he’s using an Apache server it should be simple to reproduce on any Unix variant. Once you’ve enabled m3u8 files in the Apache mime-types, the iPad browser can be pointed to the file address VLC is kicking out and you’ll be watching a movie in no time.

We’ve wondered about replacing our home theater front-end with an ATV 2 running XBMC but the thought of having no optical drive in the living room requires some contemplation. If this becomes a feasible option (that isn’t downscaled from DVD quality) it will be a no-brainer to make that jump.

Don’t miss the demo video after the break. Full instruction are in the comment section of that clip.

Continue reading “Playing DVDs on an iPad”

Toddler computer remote

[Killerdark] has built a simple remote for his toddler to control videos on a PC. He gutted a USB number pad, built a new enclosure with the necessary buttons clearly labeled, and mapped the buttons in software.  He could have possibly done better with larger color coded buttons, but really, it seems to work well as is. This reminds us of the giant iPod remote from back in 2006. Good job [Killerdark]

VLC media player 0.9.2 released

VideoLAN just released VLC media player 0.9.2. VLC is probably the best known open source media player, and supports most audio/video formats without additional codecs. Before VLC, we usually installed buggy codec packs to watch videos in Winamp or Windows Media Player. We’ve found the nightly builds to be pretty stable for the past month, but it’s nice to see the final version released.

Download Squad gushed over the new interface design, but omitted the real change — VideoLAN switched from wxWidgets to the Qt toolkit. Among many changes, Qt allows video effects to be applied without restarting the media.

One of our favorite new features is an adjustments and effects menu for quick picture, sound, and subtitle tweaks. The new version has better support for flash videos (FLV), and will stream from most online video sharing sites. See the full changelog at the VideoLAN wiki, and help out if that’s your thing.

[via Download Squad]