Didier Stevens

Tuesday 10 June 2025

My Fridge & My Portable Power Station

Filed under: Hardware — Didier Stevens @ 0:00

You probably heard about the blackout in Spain & Portugal that happened more than a month ago at the time I’m writing this, and is still under investigation to find out the root cause.

It inspired me to do the following test: how long will my fridge run when powered by my power station. I own a portable power station (Ecoflow Delta EU), its batteries have a total capacity of 1260 Wh.

My fridge consumes 1,72W in standby and about 27W when the motor is running. Here is a graph of the power it consumes while running over a period of 24 hours:

On average, it requires 529 Wh per day to run.

So I was thinking, theoretically, it should run a bit more than 2 days (1260 Wh / 529 Wh per day = 2,38 days) when powered by my power station.

In practice, it ran just shy of 24 hours before my power station was depleted:

It consumed 266 Wh. Which is far less then the capacity of the batteries in the power station (1260 Wh).

How can this be explained?

My first idea was maybe it’s because of the inductive load (it’s a motor). The power factor is very low (0.06):

I was thinking: maybe the 230V inverter in my power station is not efficient at handling inductive loads.

So I tried with a pure resistive load (an incandescent light bulb of 60W):

I got 595 Wh. Which is still far less than 1260 Wh.

Then I tried with a fan that requires 21W at a power factor of 0.70:

I got 362 Wh:

I started to reformulate my hypothesis: me it’s not the low power factor that make the inverter inefficient, but maybe it’s inefficient at low power demands.

Because while this fan requires 21W, the power station was displaying 31W :

So I did run the fan again, but now with the resistive heating element powered on, so that it would consume a large amount of power (around 1 kWh, that’s the maximum sustained load my power station can handle):

I got 778 Wh out of it:

So that’s the best my power station can deliver at a maximum sustained load of 1 kWh and a nearly pure resistive power factor of 0.99.

Which is only 62% of the rated battery capacity.

Conclusion: I can power my fridge for 1 day in case of a power outage, which should be ample enough in case of a power outage similar to the Spain & Portugal incident. But it’s far from efficient. Inverters seem to very less efficient at very low loads.

Monday 9 June 2025

Update: pngdump.py Version 0.0.7

Filed under: Beta,My Software,Update — Didier Stevens @ 0:00

This update to pngdump.py adds an index for chunks, and allows for the selection of a chunk via its index.

Sunday 8 June 2025

Quickpost: USB-C Couplers

Filed under: Hardware — Didier Stevens @ 0:00

I have this USB C coupler to connect 2 USB C cables. The coupler has 2 female connectors:

I use it to extend my cables when charging:

But it doesn’t always work. Sometimes it does, sometimes it doesn’t (e.g., the device is not charging).

So I assumed this coupler was defective, and got another one:

This one has a small LED, and it too wouldn’t always work.

But because of the LED, I quickly figured it out:

If the LED isn’t on (e.g., not current is flowing), I just have to flip one of the male connectors 180°. Then it works.

And that’s what I also have to do with the first coupler I got: if it doesn’t work, flip one of the connectors. I just needed a LED to figure this out 🙂

Quickpost info

Saturday 7 June 2025

Python Requirements for Didier Stevens Suite

Filed under: My Software — Didier Stevens @ 0:00

Although many of my tools have zero or a just a few dependencies (it’s a design decision), I’ve had requests to create a requirements file.

It is available now in Didier Stevens Suite ZIP file and on GitHub.

Some dependencies are only necessary when you actually use the corresponding feature. For example, many of my tools support YARA rules, but it’s not a mandatory requirement. If you don’t use YARA rules with my tools, you don’t need to install module yara-python.

Friday 6 June 2025

DSS_DEFAULT_HASH_ALGORITHMS

Filed under: My Software — Didier Stevens @ 0:00

I’ve a feature in some of my tools, that let you choose the hash algorithm.

Many of my tools calculate hashes, and for historical reasons, that is the MD5 hash.

But if you want another hash, you can change this (for some of my tools) by setting environment variable DSS_DEFAULT_HASH_ALGORITHMS.

Like for pdf-parser.py, on Windows, you can set DSS_DEFAULT_HASH_ALGORITHMS=sha256 and then the hashes of the streams will be SHA256 in stead of MD5.

Thursday 5 June 2025

Quickpost: emldump Bulk Extraction

Filed under: Quickpost — Didier Stevens @ 0:00

A reader asked about bulk extraction of email attachments with emldump.py

If you want to extract all attachments and write them to disk, you can use the following command:

emldump.py --jsonoutput sample.eml | myjson-filter.py -W hashvir

This command will produce a MyJSON data structure will the content and metadata of all parts (not only attachments, also the different bodies) and save the parts to disk with filenames formatted as the sha256 hash of the content and the extension .vir.

You can then run the desired analysis commands on the files written to disk.

But you can also run a command directly on the items, without writing them to disk. Here is an example of such a command:

emldump.py --jsonoutput sample.eml | myjson-filter.py -r "cmd.exe /c oledump.py"

This command will start a oledump.py command for each part in the multipart document, and provide the content of each part via stdout.

Quickpost info

Wednesday 4 June 2025

Quickpost: Firefox Profiles and Multiple Instances

Filed under: Quickpost — Didier Stevens @ 0:00

It’s something that I’ve been doing for 10+years, but every couple of years I need to configure this again (on a new machine), and then I need to look it up because I forgot the details. Hence this quickpost.

This is how I run Firefox on Windows:

"C:\Program Files\Mozilla Firefox\firefox.exe" -ProfileManager -no-remote

This allow me to run multiple instances (option -no-remote) of Firefox and invoke the profile manager to select the desired profile at startup

Quickpost info

Tuesday 3 June 2025

Update: search-for-compression.py Version 0.0.4

Filed under: Beta,My Software,Update — Didier Stevens @ 0:00

This tool is still beta.

VBA compression is now supported, besides zlib compression. Option -t (–type) was added so that one can choose the compression type to search for. Possible values are zlib (default) or vba.

And shortcut #p# was added to the yara option, to predefine these rules:

rule attribute_vb_name {
    strings:
        $a = "Attribute VB_Name = "
    condition:
        $a
}

rule dir {
    strings:
        $a = { 01 00 04 }
    condition:
        $a at 0
}

I’ll explain in another blog post how these features can be used to analyze MS Access databases with VBA project.

Monday 2 June 2025

Update: myjson-transform.py Version 0.0.2

Filed under: My Software,Update — Didier Stevens @ 0:00

This update brings options -f and -c.

Option -f is used to define a Python function (function name or lambda) that will be applied to the content of each item in the MyJSON data.

Option -c is a shortcut for calling the CutData function via option -f. The lambda that is generated is: lambda data: CutData(data, ‘CUTEXPRESSION’)[0]
CUTEXPRESSION is the cut-expression provides as value for option -c.

myjson-transform_V0_0_2.zip (http)
MD5: BAA4F4E7E8159EB05063C588DAF2A111
SHA256: 0F79D0D1B35D3F6C7DF0C17746E18F257AF9493D8C474448D16774A405B620E4

Sunday 1 June 2025

Overview of Content Published in May

Filed under: Announcement — Didier Stevens @ 0:00
Here is an overview of content I published in May:

Blog posts: SANS ISC Diary entries:

« Previous PageNext Page »

Blog at WordPress.com.