Just a quick post to share a pretty wonderful utility in ran into lately.
Had a friend, asking me to get the much i could from a video he recorded using his cellphone, that had not been finalized by the camera software, due to an accident, resulting in a not viewable chunk of file on his memory card.
First things first, let’s discover what we are dealing with :
$> C:\>file temp_video.mp4
temp_video.mp4; ISO Media, MPEG v4 system, version 1
And using Winhex to get deeper insight :
ftypisomisom3gp4???mdat
Explicit Magic Headers : 3GP format using MP4 container.
Let’s fire Mplayer to get some verbose about the file :
C:\>mplayer.exe temp_video.mp4
MPlayer sherpya-r36349+gb24f15c-4.6 (C) 2000-2013 MPlayer Team
Playing temp_video.mp4.
libavformat version 55.9.100 (internal)
libavformat file format detected.
[mov,mp4,m4a,3gp,3g2,mj2 @ 0139f560]moov atom not found
LAVF_header: av_open_input_stream() failed
MOV: missing header (moov/cmov) chunk! Maybe broken file…
libavformat file format detected.
[mov,mp4,m4a,3gp,3g2,mj2 @ 0139f560]moov atom not found
LAVF_header: av_open_input_stream() failed
Exiting… (End of file)
So we can assume the file contains valid chunks. Without going further with entropy analysis and chunks stuff, after a little research i tried out a small utility named : HD Video Repair Utility @ Grau Gmbh.
And the result was wonderful. I just need to get a reference video file, created by the same device, and after a little bit of analysis, a valid video file was reconstructed by the utility.
Here comes a funny part. In its DEMO version, the utility only saves 50% of the repaired video.
This tingled my curiosity and looking into the soft internals, i figured that it was in fact written in LUA, wrapped in a standalone C++ launcher. The LUA script is in the package at the same place than the executable file. But at first sight, its obvious that this one is ciphered.
Actually the launcher looks for a .lua file, and fail over a .elua file if not found. Once this one is loaded (hello CreateFileW), it’s unciphered. I must say the process is really lite (a static XOR and a SUB).
As debugging the standalone LUA interpreter is not that much simple, a clear view of the LUA script is pretty interesting.
Had a quick sight of the licensing mecanism, which is pretty lite too. A request number derived from hard drive ID and a activation key of 4 digits easily derived from the request number. And better, a GOD activation key.
Anyway, let’s be clear, i am not saying i didn’t paid for the service. I just found the scheme interesting to analyze.
Cheers.
Hey, mind sending me an activation key? I need to get my go pro files from an event i host. SKATE NIGHT…
-_- HELP ME OUT
Just curious:
If I were to get the demo and suck out the 50% which I am allowed and then ··· reverse the file and suck out the REST! HAHA
Before the sentence was finished I had to actually think it through HAHA!
Keep REVERSING!!!