dion
April 10th, 2010, 13:17
once upon a time, i saw a request for filemaker target. so, i took my time to familiar myself with it (as normal user), as it was the first time i ever heard about it.
one thing that appeal to me that time, was, it's capability to produce a so called runtime application, or in their term, a filemaker solution, by means of developer tool menu at filemaker pro.
so, like a noob, i tried to break at msgbox error, to see where things go. but after sometime, i failed to got one, and i dropped it. it took a while since i didn't really have much free time, to get back into it. and this time, i start with none but with winhex (no debugging at all), collecting any information i can get about this filemaker.
i was thinking as a real noob. so, this is a database application. see, let say i made a table and put a 'name' field as text, and type some text in, to see where it goes in the file. alas, i can't find that text i typed in, in the file that just created. so, i assume there is somekind of encryption involved.
there is a bit pre-assumption i made. this is a database, so, it will hold a massive size of data. so since it'll involve a huge data read/write, as a programmer, i'd use something fast. block cipher speed is fairly good, but i didn't see any reason why it should be used for entire table fields.
so, i made 2 file, with palindrom texts to test it, i.e. text in file1 : "abcd", text in file2 : "dcba". scan the diff with winhex, and found that there were actually some strange bytes forming palindrom sequence. it is actually a bit long to notice that. but it was that time, i found that Examdiff ease my job excelently. so, right now, when i need to compare things, i use it. winhex compare routine is dumb.
at first, i thought it was a subtitution cipher. but as i revisit my preassumption, it can't be true. subtitution can really take a long delay, so it won't be suitable. a simple xor maybe? and then i test it, IT IS!! (i was a bit glad).
so, now i know how the texts 'encoded' in the file, what next?
let see how things managed inside the binary file. i opened it up with winhex, and letting my eyes stared at it, again and again. to ease seeing things, i set 2 window in winhex, one opened it normally, and one opened it and xored (so i can see texts clearly).
the first one i noticed, was, the file content somehow managed for every 1000h bytes (later i found it called a 'page' in filemaker term). and it was interest me that in the beginning of each page, there are some bytes showed some small number. i took a note for every pages in the file, and made an assume, that it was a linked list struct numbers. so, i take my time to observe some another filemaker file, and i thought, it's true.
i also took advantage of recover menu from filemaker pro, to recover a dummy file, just to see the recover log. there are some usefull information i got there. well, i learned 'page' term from there
so what else?
well, at the time i found that it was a linked list, i was thrilled enough to continue exploring the binary further... so, i don't really want to spoil anything here, but i'd rather let the reader to do their homework
one thing that appeal to me that time, was, it's capability to produce a so called runtime application, or in their term, a filemaker solution, by means of developer tool menu at filemaker pro.
so, like a noob, i tried to break at msgbox error, to see where things go. but after sometime, i failed to got one, and i dropped it. it took a while since i didn't really have much free time, to get back into it. and this time, i start with none but with winhex (no debugging at all), collecting any information i can get about this filemaker.
i was thinking as a real noob. so, this is a database application. see, let say i made a table and put a 'name' field as text, and type some text in, to see where it goes in the file. alas, i can't find that text i typed in, in the file that just created. so, i assume there is somekind of encryption involved.
there is a bit pre-assumption i made. this is a database, so, it will hold a massive size of data. so since it'll involve a huge data read/write, as a programmer, i'd use something fast. block cipher speed is fairly good, but i didn't see any reason why it should be used for entire table fields.
so, i made 2 file, with palindrom texts to test it, i.e. text in file1 : "abcd", text in file2 : "dcba". scan the diff with winhex, and found that there were actually some strange bytes forming palindrom sequence. it is actually a bit long to notice that. but it was that time, i found that Examdiff ease my job excelently. so, right now, when i need to compare things, i use it. winhex compare routine is dumb.
at first, i thought it was a subtitution cipher. but as i revisit my preassumption, it can't be true. subtitution can really take a long delay, so it won't be suitable. a simple xor maybe? and then i test it, IT IS!! (i was a bit glad).
so, now i know how the texts 'encoded' in the file, what next?
let see how things managed inside the binary file. i opened it up with winhex, and letting my eyes stared at it, again and again. to ease seeing things, i set 2 window in winhex, one opened it normally, and one opened it and xored (so i can see texts clearly).
the first one i noticed, was, the file content somehow managed for every 1000h bytes (later i found it called a 'page' in filemaker term). and it was interest me that in the beginning of each page, there are some bytes showed some small number. i took a note for every pages in the file, and made an assume, that it was a linked list struct numbers. so, i take my time to observe some another filemaker file, and i thought, it's true.
i also took advantage of recover menu from filemaker pro, to recover a dummy file, just to see the recover log. there are some usefull information i got there. well, i learned 'page' term from there
so what else?
well, at the time i found that it was a linked list, i was thrilled enough to continue exploring the binary further... so, i don't really want to spoil anything here, but i'd rather let the reader to do their homework