Didier Stevens

Tuesday 8 May 2012

Why Isn’t my PoC Launching calc.exe?

Filed under: Entertainment,Hacking,My Software,Nonsense — Didier Stevens @ 11:17

I quickly developed a dll that kills calc.exe when started from anything else than explorer.exe.

This way, you can mess with all those PoCs that launch calc.exe 😉

nocalcpoc_V0_0_0_1.zip (https)
MD5: 05798543571B45E19536181DC7346330
SHA256: ED0FEDC6096420F6F09F4980A1CE36F7C4BC0A8C9191F4DFC27FA4C77D547976

Tuesday 9 June 2009

Quickpost: Make Your Own Corrupted PDFs For Free

Filed under: Entertainment,Nonsense,PDF,Quickpost — Didier Stevens @ 14:37

In response to Bruce Schneier’s latest post, let me explain how you can corrupt your own PDF documents for free. Open your PDF document with a binary editor, search for references to the root object (/Root), and overwrite the reference (36 in my example) with a non-existing reference, like 00.


Of course, be careful and make backups first.

Tested on several PDF readers:




Sunday 10 May 2009

Quickpost: Disinformational Tweets

Filed under: My Software,Nonsense,Quickpost — Didier Stevens @ 12:55

This useless Python program is the result of some lazy Sunday coding. It will create random tweets based on a template file. You could use it to try to protect your privacy on Twitter by disinforming potential data miners.

Will I use it for my Twitter account? No, I don’t need a program to disinform 😉


Each time you run the program, it will post one random tweet. This tweet is generated from a templates file. Each line in the templates file is the template for a tweet. You can use variables (between curly braces, example: {location}) in the templates to increase the number of possible tweets. Variables and their values are also stored in the template file, after the template lines. Your template file must allow the program to generate at least 2 different tweets, because it generates a tweet different from the last tweet.


The program requires the twitter module, itself requiring the simplejson module.

And you need to create a credentials file (disinformational-tweets.cred) with the Twitter credentials of the account for which the program has to generate random Tweets. The first line of the credentials file has to contain the username, the second line has to contain the password.

A Firefox plugin to generate these tweets would probably be more ‘useful’, but hey, it’s a lazy Sunday.


disinformational-tweets_v0_0_1.zip (https)

MD5: 36CDB584634ED299E7ACE0D64E846003

SHA256: C5FCE76443549C3A8882B799B6F7A754EF6AEE5F11F3E94FF255EE541205C17B

Quickpost info

Tuesday 23 September 2008

CALL -151

Filed under: Entertainment,Nonsense,Puzzle — Didier Stevens @ 10:22

A quiz question for today: what is CALL -151?

Shout-outs to everyone who ever used CALL -151!


The answer:

Tuesday 5 August 2008

How Is My Hacking? (.com)

Filed under: Announcement,Nonsense,Puzzle — Didier Stevens @ 17:50

My new stickers arrived today:

From now on, winners of my little puzzles can expect a little prize (I’ll contact winners of past puzzles)…

Wednesday 16 April 2008

Quickpost: Linux Kernel Joke

Filed under: Nonsense,Quickpost — Didier Stevens @ 9:29

A colleague challenged me, half jokingly, to perform a code review of the Linux kernel. I took his challenge: I downloaded the latest stable kernel sources and used a state of the art static code checker (grep -hEir “hack|crack|backdoor|keygen” *).

I located a couple of backdoors:

Some cracks:

And even some keygens:

And the number of hacks was countless (1000+), here is a selection:

Quickpost info

Wednesday 31 October 2007


Filed under: Entertainment,N800,Nonsense — Didier Stevens @ 7:40

I claim to be the first to practice real warclimbing.

My N800 with Kismet running:


N800 in the pocket:


Starting the climb with Kismet attached to my climbing harness:


Capturing frames at the top:


Tuesday 5 June 2007

OMG, My N800 is Infected!

Filed under: N800,Nonsense — Didier Stevens @ 19:02

I followed a link from a comment spam I had on my blog. Turns out my machine is infected:



This is really disappointing, I didn’t expect my brand new Linux-based Nokia N800 to get infected so soon:


Sunday 1 April 2007

Good Bye Security Monkey!

Filed under: Nonsense — Didier Stevens @ 16:25

Now that Security Monkey has announced his retirement from the blogosphere, I can reveal his true identity:


Monday 5 February 2007

A running light with a PIN

Filed under: Hardware,Nonsense — Didier Stevens @ 1:49

We all know the problem, you’ve set-up a running light as Christmas decoration, and then a kid starts changing the patterns you’ve programmed.

But not anymore, I’ve made a running light with security: you need a PIN to access the configuration switches!

The movie is hosted here on YouTube, and you can find a hires version (XviD) here.

Joking aside: I got a set of E-blocks from Matrix Multimedia for Christmas.

E-blocks are a suite of small circuit boards each of which contains a block of electronics that you would typically find in an electronic system. Each E-block performs a separate function as either an input sub-system, an output subsystem or a processing subsystem. E-blocks are connected together using 8 wire buses on 9 way D-type plugs and sockets.

My microcontroller is an ARM board. I develop the embedded programs on my laptop in C/C++, and then transfer the executable to the ARM’s flash memory via USB. Once programmed, the ARM executes the program independently, my laptop is disconnected.

To familiarize myself with the E-blocks, I started programming some simple applications, like a running light. And after that, just for fun, I added security…

Next Page »

Blog at WordPress.com.