Posts by moralrecordings@digipres.club
(DIR) Post #AUEDTrCugEKO359Uae by moralrecordings@digipres.club
2023-04-02T03:02:45Z
0 likes, 0 repeats
@misty Got any recommendations for an EPROM reader/writer? I've been doing it with a Teensy but it's a bit of a pain having to wire up the pins by hand, a ZIF and chip detector would be a nice luxury
(DIR) Post #AVFcyuQxSlget1VAZc by moralrecordings@digipres.club
2023-05-02T15:48:28Z
0 likes, 1 repeats
Pretty momentous day for ScummVM's Macromedia Director support. We just opened our first ever version 5 game, Theresa Duncan's "Smarty"!D5 allows you to load and map in multiple cast member libraries at the same time, so it took a big overhaul of the cast code to make this work. Of course it's very glitchy and there's a bunch of work left, but hey! Screen with things on it! And sounds! Playing from a different file!
(DIR) Post #AVFe4kHqCbWf6jaHIm by moralrecordings@digipres.club
2023-05-02T17:27:34Z
0 likes, 0 repeats
@misty Chop Suey was the first target for D4 support, so it made sense.I'm surprised that anything worked before! The score format in D5 is slightly different; they shuffled around some of the numbers, and cast references are now lib + member IDs.
(DIR) Post #AVKcnimBR9wDKstWPA by moralrecordings@digipres.club
2023-05-05T03:06:51Z
0 likes, 0 repeats
@misty Oooof, I'm really sorry to hear that! Hope you can get some R&R before the next gig
(DIR) Post #AVKmyCb6PrfUGKLdBY by moralrecordings@digipres.club
2023-05-05T05:00:47Z
0 likes, 0 repeats
@misty For some reason people like to dunk on that type of graphic adventure... maybe because they do stuff like block progress until you do an action N times? I wish more were translated, I'd play the hell out of them with a walkthrough
(DIR) Post #AVkWAexykL6OUvldT6 by moralrecordings@digipres.club
2022-12-11T09:33:23Z
1 likes, 2 repeats
Urgh. Sometime back in September Twitch added a proprietary browser "integrity check" as part of the login process. It is ridiculously sensitive; the only way I can log in with Firefox is with a completely blank profile. Disabling extensions doesn't cut it, tech support doesn't care.Things are dire enough I am reversing the obfuscated JS blob to see what part of the stupid test isn't working.
(DIR) Post #AVkWAgNBW6rIrOZHOa by moralrecordings@digipres.club
2022-12-11T10:13:27Z
1 likes, 0 repeats
oh no a scrambled lookup table with keys scattered through the code how will we ever get past thi oh wait never mind
(DIR) Post #AVkWAhX9CYQESaEkYy by moralrecordings@digipres.club
2022-12-11T10:43:21Z
1 likes, 0 repeats
but they must do this thousands of times surely we will be driven to madness manually editing them all ba oh yeah scripting
(DIR) Post #AVkWAikIh8XODfOlhg by moralrecordings@digipres.club
2022-12-11T10:52:36Z
1 likes, 0 repeats
but but thousands of lines!!! we could be here weeks, perhaps months looking for a lead on what part is doing the chec goddamn it
(DIR) Post #AVkWAk0zyXUM9kDcMy by moralrecordings@digipres.club
2022-12-11T16:45:42Z
1 likes, 0 repeats
I win
(DIR) Post #AVkWAl6Lw7MjWdjPM0 by moralrecordings@digipres.club
2022-12-11T16:50:54Z
1 likes, 0 repeats
Ok, so let's go over what is going on. Logging into Twitch, and in fact lots of actions on Twitch (e.g. claiming the channel point bonus) requires that the browser first passes the integrity check. This involves sending an empty POST request to an URL with two key headers attached.
(DIR) Post #AVkWAmHjXI3zCE40jQ by moralrecordings@digipres.club
2022-12-11T16:57:56Z
1 likes, 0 repeats
The first is x-kpsdk-cd, the excitingly-named "challenge data". This is proof that you did a piddling little bit of busywork based on the current time of day. I have no idea what the point of this is; "challenge-response" normally implies that the server gives you the challenge, but for this one -you- get to pick the 128-bit seed id! So it's more just "response".
(DIR) Post #AVkWAnwBOO0sJxzpQ0 by moralrecordings@digipres.club
2022-12-11T17:05:08Z
1 likes, 0 repeats
And the other is x-kpsdk-ct, the "client token". This is obtained by opening an invisible iframe at a fixed URL, with a one-line script that sends a token over the message passing bus. That's it. That's the unforgeable browser check.
(DIR) Post #AVkWAp558mj3rrARvc by moralrecordings@digipres.club
2022-12-11T17:07:25Z
1 likes, 0 repeats
Knowing all this, I took another look at the successful and failed POSTs to the integrity check. Both have a near-identical request structure. Both get the correct value for x-kpsdk-ct from the iframe. Both send a x-kpsdk-cd object. But on the failed POST, the value for "duration" was always 0.
(DIR) Post #AVkWAqHsegYdbqABW4 by moralrecordings@digipres.club
2022-12-11T17:07:37Z
1 likes, 0 repeats
This is thanks to a little setting in Firefox called privacy.resistFingerprinting, which makes the JavaScript timer less accurate in order to jam exploits. The time delta rounds down to zero, and surprise!!! ILLEGAL BROWSER!
(DIR) Post #AVkWArSYIUgjFEADmy by moralrecordings@digipres.club
2022-12-11T17:08:56Z
1 likes, 0 repeats
For now I fixed it by disabling privacy.resistFingerprinting. Mea culpa, I probably could have found this out without picking apart all the source code, but now we know exactly why it's busted. This whole integrity check SDK looks like snake oil; if there's some kind of magic real-human-browser test going on I am not seeing it.
(DIR) Post #AVlZjDECMZFrcnTuOe by moralrecordings@digipres.club
2022-11-06T02:18:46Z
1 likes, 0 repeats
#introductionHi everyone. My name is Scott, I am #nonbinary, from #Australia, and I love #reverseengineering.My main project right now is adding Macromedia Director support to #ScummVM, a beloved engine for #retro games. I've been streaming my game preservation work to https://twitch.tv/moralrecordings. Sometimes I get to mess with #hardware and #electronics.#TransRights are human rights. Keeping people in poverty is a government policy choice. Surveillance capitalism can get in the bin.
(DIR) Post #AYYe09zYTBal6Ir3AG by moralrecordings@digipres.club
2023-08-08T03:15:48Z
0 likes, 0 repeats
@retronianne aged like fine wine https://www.washingtonpost.com/technology/2020/10/07/apple-geep-iphone-recycle-shred/
(DIR) Post #AYYe0C74aCnHgCO5A0 by moralrecordings@digipres.club
2023-08-09T15:02:17Z
1 likes, 1 repeats
@rastilin @retronianne Qualcomm and Google are two of the worst offenders. The former's policy to ship unmaintainable driver slop and abandon chips after two years, and the latter's utter failure to decouple Android OS updates while constantly ratcheting the minimum requirements for Google Play, are why millions of working smartphones will end up in an e-waste pile.
(DIR) Post #AZ1zsbcWOwLGBjq1uS by moralrecordings@digipres.club
2023-07-25T03:06:50Z
1 likes, 0 repeats
@mcc real frustrating to hear people miss the main point. In the context of a school district, they've bought into GSuite, they need hardware that can be MDMed through GSuite, Google decided they're fine with forcing them to buy new hardware. Nothing about the hardware has changed enough to warrant this, they just want the money. Being flashable to open firmware is insurance against regulation; school districts can't do it because there's no MDM and the whole point is MDM!