Didier Stevens

Friday 9 September 2022

Quickpost: Dolmen du roc de l’Arca

Filed under: Quickpost — Didier Stevens @ 0:00

While on holiday in Feilluns (France, Pyrénées-Orientales) in September 2021, I did search several dolmens.

While the dolmen Caouno del Moro is easy to find (it is right next to a road, just follow the signs starting in the village), the nearby dolmen du roc de l’Arca is not so easy to find, as there are no signs and it’s on the top of a wooded hill.

Dolmen du roc de l’Arca:

Map:

Drone picture:

Video: walking from dolmen Caouno del Moro to dolmen du roc de l’Arca.

Video: drone view of dolmen du roc de l’Arca.

Quickpost info

Thursday 8 September 2022

Quickpost: Sun Drying Biodegradable Waste

Filed under: Quickpost — Didier Stevens @ 0:00

As biodegradable waste contains a lot of water, I was wondering how much mass reduction I can achieve by exposing it to the sun (by evaporating some of the contained water).

On a sunny day in March (Belgium), I weighed these fruit peels (I had just consumed the fruit):

66 grams

Exposing it to sun & air:

After 7 hours, 24 grams left:

So we lost 42 grams, almost 2/3 of the original mass.

For those of you having to pay for their household biodegradable waste processing by the kilo, it might be something to look into.

I’ll have to figure out if this is something practical & that scales easily, or not.

Quickpost info

Wednesday 7 September 2022

Update: hex-to-bin.py Version 0.0.6

Filed under: My Software,Update — Didier Stevens @ 0:00

This is a small update: when non-hexadecimal characters are found, they are listed before an exception is raised.

hex-to-bin_V0_0_6.zip (http)
MD5: 9939263DCF538BBF5FC98DB2EC83F247
SHA256: 94B2B23BCA5C000CA85EEE8AE1A16AEEDB77E72057111C8207A683BD4DDF4581

Tuesday 6 September 2022

Update: xor-kpa.py Version 0.0.6

Filed under: Encryption,My Software,Update — Didier Stevens @ 0:00

This is an update for my tool to perform XOR known plaintext attacks: xor-kpa.py.

The tool has been updated for Python 3, and 3 new plaintext have been added, all for Cobalt Strike configurations.

cs-key is the header of the configuration entry for the public key.

cs-key-dot is the header of the configuration entry for the public key XORed with value 0x2E (a dot).

cs-key-i is the header of the configuration entry for the public key XORed with value 0x69 (letter i).

xor-kpa_V0_0_6.zip (http)
MD5: 4BA5EDEAEF6C8D528227607E78A2A797
SHA256: F7BE170D09E8B8A5B4127F64EC66FFF69EFD3EFA3B4EAC0304B39905A75CDE2A

Monday 5 September 2022

Update: translate.py Version 2.5.12

Filed under: My Software,Update — Didier Stevens @ 15:50

A small update for my translate.py program.

Python function Xor takes now 2 extra, optional arguments:

hexadecimal: a boolean, by default False.

When True, the key is provided as an hexadecimal string.

rotation: an integer, by default 0

This is the number of bytes to rotate the key to the left. For example, when the key is ABCD, a rotation value of 1 yiels key BCDA.

translate_v2_5_12.zip (http)
MD5: 4B0C79AF8A1D41BA735C5030912E6C28
SHA256: 899109A9D787D6781AEB0569330A01709063BB3FD58F4AED068A57951B230F88

Sunday 4 September 2022

Update: oledump.py Version 0.0.70

Filed under: maldoc,My Software,Update,video — Didier Stevens @ 15:38

This is an update to plugin plugin_vba_dco.py, improving generalization and adding option -p.

You can watch this maldoc analysis video to learn how to use the generalization feature of this plugin:

oledump_V0_0_70.zip (http)
MD5: D6EC4FD6B7BE60E01A98922BC06A1E8F
SHA256: E9EE79501A08E896A601F1AFDDB6D3C05D9A2A1FD5899D44AC422DD79E4EF678

Friday 2 September 2022

Update: jpegdump.py Version 0.0.10

Filed under: My Software,Update — Didier Stevens @ 19:14

This update to jpegdump.py, my tool to analyze JPEG images, brings 2 small changes:

Data between segments can be selected with suffix d. Like this: -s 10d

This means: select the data between segments 9 and 10.

And when option -E is used to add hash values, repeating hashes are marked with parentheses.

jpegdump_V0_0_10.zip (http)
MD5: 5B33C0ECB94E3284CA64E98B5A0947C3
SHA256: D8C657DB7564160725C95677BE200EB3A902BDC74CF335EFA8499596495633F0

Quickpost: Standby Power Consumption Of My Bosch 18V Chargers

Filed under: Hardware,Quickpost — Didier Stevens @ 0:00

I have 2 Bosch 18V “power for all” chargers. A normal charger (AL 1830 CV) and a fast charger (AL 1880 CV).

Measuring the power consumption of these 2 chargers in standby mode (plugged into a 230V outlet, but no battery connected) with a GPM-8310 powermeter, I obtained the following results:

AL 1830 CV: 476,33 mW

AL 1880 CV: 344,39 mW

Quickpost info

Thursday 1 September 2022

Overview of Content Published in August

Filed under: Announcement — Didier Stevens @ 16:00
Here is an overview of content I published in August:

Blog posts: YouTube videos: Videoblog posts: SANS ISC Diary entries:
« Previous Page

Blog at WordPress.com.