Reverse engineering file formats
So I found a file on my music player (it's a Sansa Clip+) called MTABLE.SYS. Being, well, me, I set about figuring out how to parse it (there's no specification for how it's stored so I need to reverse engineer it).
Anyway, that lead me to http://en.wikibooks.org/wiki/Reverse_Engineering/File_Formats which is a really nice tutorial on, well, reverse engineering file formats.
I thought you might find it useful. Also I'll post my parser code up here when its done if anyone wants it.
Edit: I also might write an article on how I did it since I'm documenting everything I do.
Anyway, that lead me to http://en.wikibooks.org/wiki/Reverse_Engineering/File_Formats which is a really nice tutorial on, well, reverse engineering file formats.
I thought you might find it useful. Also I'll post my parser code up here when its done if anyone wants it.
Edit: I also might write an article on how I did it since I'm documenting everything I do.
Last edited on
Ugh, I just found out it stores a bunch of incomprehensible binary at the end, followed by a load of zeros. I have to somehow figure out what all that means. This is going to be really hard.
I think the binary might be a rating system or something... The zeros might be some type of padding, but you might have to experiment with it on the player to see how it affects it with changes.
Yeah; I thought I wouldn't have to go through all that because I saw a bunch of ASCII strings and thought "Awesome, this is going to be really easy". But now I've had to retract that statement... ¬_¬
Plus it might be partly compressed or encrypted. I don't see why, but if it is, I won't be able to crack it for two reasons
1) Illegal
2) Really difficult
Besides, at the moment I'm messing around with backdooring my own computer. I installed Apache and I'm trying to see if I can root it using PHP.
Plus it might be partly compressed or encrypted. I don't see why, but if it is, I won't be able to crack it for two reasons
1) Illegal
2) Really difficult
Besides, at the moment I'm messing around with backdooring my own computer. I installed Apache and I'm trying to see if I can root it using PHP.
| Plus it might be partly compressed or encrypted. I don't see why, but if it is, I won't be able to crack it for two reasons |
LOL see why?
What I mean is I don't see why they would bother trying to stop me. It's not like it's a trade secret; it's only one file out of the entire player. The OS is (presumably) stored on EPROM which is inaccessible to me. I don't see why MTABLES.SYS (which is just a database of song metadata) would need protection.
I don't see how it protects the artists. I've figured out what the first few kiB do; it's a list of songs, structured like this:
drive:\path\...01 - filename.extension...S.o.n.g...A.r.t.i.s.t...A.l.b.u.m...(.#.#.#.)........########......................
e.g.
mmc:0:\MUSIC\Megadeth\1992 - Countdown to Extinction\...01 Skin o' my teeth.mp3...S.k.i.n. .o.'. .m.y. .t.e.e.t.h...M.e.g.a.d.e.t.h...C.o.u.n.t.d.o.w.n. .t.o. .E.x.t.i.n.c.t.i.o.n...(.1.3.7.)........00000111......................
I think I've figured out most of it:
mmc:0: => drive
\MUSIC\Megadeth\1992 - Countdown to Extinction\ => path
01 Skin o' my teeth.mp3 => filename
S.k.i.n. .o.'. .m.y. .t.e.e.t.h => title
M.e.g.a.d.e.t.h => artist
C.o.u.n.t.d.o.w.n. .t.o. .E.x.t.i.n.c.t.i.o.n => album
(.1.3.7.) => unknown (possibly rating)
00000111 => something to do with the track number
I'm not sure what the purpose of separating characters in a string with NULLs is, but they use "..." (three NULLs) to separate strings. Some of the "."s above are not NULLs - where there is more than three, some of them have non-zero values.
After the last song I have ~970 kiB of NULLs and followed by ~72 kiB of seemingly-random data, followed by another ~27 kiB of NULLs. It's weird.
drive:\path\...01 - filename.extension...S.o.n.g...A.r.t.i.s.t...A.l.b.u.m...(.#.#.#.)........########......................
e.g.
mmc:0:\MUSIC\Megadeth\1992 - Countdown to Extinction\...01 Skin o' my teeth.mp3...S.k.i.n. .o.'. .m.y. .t.e.e.t.h...M.e.g.a.d.e.t.h...C.o.u.n.t.d.o.w.n. .t.o. .E.x.t.i.n.c.t.i.o.n...(.1.3.7.)........00000111......................
I think I've figured out most of it:
mmc:0: => drive
\MUSIC\Megadeth\1992 - Countdown to Extinction\ => path
01 Skin o' my teeth.mp3 => filename
S.k.i.n. .o.'. .m.y. .t.e.e.t.h => title
M.e.g.a.d.e.t.h => artist
C.o.u.n.t.d.o.w.n. .t.o. .E.x.t.i.n.c.t.i.o.n => album
(.1.3.7.) => unknown (possibly rating)
00000111 => something to do with the track number
I'm not sure what the purpose of separating characters in a string with NULLs is, but they use "..." (three NULLs) to separate strings. Some of the "."s above are not NULLs - where there is more than three, some of them have non-zero values.
After the last song I have ~970 kiB of NULLs and followed by ~72 kiB of seemingly-random data, followed by another ~27 kiB of NULLs. It's weird.
Last edited on
Topic archived. No new replies allowed.