OpenPlayChess is one of the projects I once started, got kind of working and then just dropped.
I don’t even have the code anymore that I once used, but I still got a partial documentation from google code.
You could find it here , but right now it’s not really worth a look.
I will probably clean the documentation and rewrite a small python library for it (it was meant to be implemented in pychess), but that’s about it. It’s a library to use
Since I started using linux 10 years ago I didn’t quite get the chance to play chess online. So it would be a welcome change in pace for me.


Old code anew

Google code is dead, long live google code.

So in recent days I found myself quite often looking at old code of myself and it’s sad, in so many different ways. Some projects I once started and I don’t have the latest code of anymore, some that were never finished, some which no one cared about, most no one every knew about and many I never even uploaded or shared anywhere.

So I found myself looking at a few of my old stuff, most of which I feel ashamed even looking at. So let’s share that shit.

Most programs aren’t quite release ready yet, but since they _could_ help _someone_ and maybe I want to work on them later, I think it’s best to just put it out in the open.

Nothing special in it or anything to get hyped about, but I think I will list them here.

Steam Stream – A short rundown

So today I got the invite to the Steam Streaming beta and I spent a few minutes testing it and it works reasonably well.
I don’t plan to talk here about what it is,how good it works, what it can or can’t do or anything that everybody that got invited tried and said anyway.After all, all it does is recording the screen and sending it over network + input commands.
I planned or more exactly I plan on writing a small client or maybe a libretro core for it.
So the first step is to take a look at the protocol 🙂 so let’s start.
So I started a little session and took at the traffic with wireshark.First it seems to negotiate the session through tcp and the rest of the protocol is (like one could guess) entirely in udp.
The tcp traffic format seems to have a variable length of the data stream but it always seems to start with 0x17030300.
The udp streams first package looks like:
Also it should be noted that it used the vlc libraries to encode the video.
At least the stream tells me:
x264 - core 138 - H.264/MPEG-4 AVC codec - Copyright 2003-2013 - - options: cabac=1 ref=1 deblock=1:0:0 analyse=0x1:0x1 me=dia subme=1 psy=1 psy_rd=1.00:0.00 mixed_ref=0 me_range=16 chroma_me=1 trellis=0 8x8dct=0 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=0 threads=2 lookahead_threads=2 sliced_threads=1 slices=2 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=0 weightp=1 keyint=infinite keyint_min=536870913 scenecut=40 intra_refresh=0 rc_lookahead=0 rc=crf mbtree=0 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 vbv_maxrate=250 vbv_bufsize=272 crf_max=0.0 nal_hrd=none crop_rect=0,0,0,12 ip_ratio=1.40 aq=1:1.00
The first part of the udp traffic establishes some basic informations like information of the client os (gpu informations,cpu informations and os type) and some things like encoding information and Game infos.
Later on I will try to actually understand the protocol, but that has to do for a quick look.

ATA security lock removal for seagate [Solved] ;)

After spending a few hours working on this and finding it very interesting I now write this little article to maybe help or guide people having the same problem as me, because in my opinion this really simple matter isn’t covered enough on the internet.
Don’t get me wrong it is extensively covered, but most of the coverage repeats and rehashes the same thing over and over again.
There is no new knowledge and no community (that I found) that works on this.I found the hddguru forum helpful, but exchanging real information isn’t common in there.Most times I found a question that was askable the second or third post would be like “We can’t verify it’s your hd so we can’t help”.This seems to be purely because of the lack of knowledge because they didn’t seem to have a problem with the thread itself.

But let me start at the beginning:
One week ago my uncle gave me a laptop hdd of a colleague.This guy had a friend help him setup his pc and lock his laptops hd with a password.After a few months of not using or needing the laptop both of these guys forgot the password and tried guessing it (guess how that went).My uncle is the PC expert of their choice and so they let him work on it.Because he had no luck unlocking he asked me to take a look at it.
This was the first time I had ever seen someone use this feature.If someone gave me this without telling me that it was locked I would probably just insert it into my usb sata reader see input output errors and forget it and even if I would have inserted it into my desktop pc I probably wouldn’t have checked hdparm for the locked status.Now if I get a hd like this,this will be one of the first things I’ll check.

Now how did I go about it?
After a short search I found a few sites and links I thought could be helpful.Especially this seemed interesting.I even found additional infos on hddguru.The people didn’t seem that interested in it, even thought it helps you recover your hdd password.
So I downloaded the image and booted it, the third PC I tested it on even recognized my sata controller and succesfully identified my hard disks.

Sidenote: I didn’t write on the article for 2 month now so the whole thing isn’t as fresh in my memory as it could be

Sadly it didn’t work all too well.
I was using a Seagate hd and this only seems to work for WD hds.Some commands just didn’t get executed.
Anyway after a while I found this.Now I could play around with a serial console,for which I had no documentation.
After I played with it for a bit I started to see that this actually might lead to something.A quick google helped and I actually found a pdf that documented the diagnostic functions.
Another 5 minutes later I saw the first few lines of memory and buffer (Dxx and Bxx).
I still didn’t know what to expect of this output, but I had a new angle I could work on.
I don’t want to go into to much detail for now, but I quickly realised that I could easily write a script that dumps the buffer and the memory for me and hopefully that would lead to something.I already read somewhere that you could unlock the hd by writing something to the memory of it and I thought to myself that I would have to find out how to do this if I couldn’t find the password in one of the dumps.I can tell you I didn’t had high hopes for this,I already planned on writing an entry for the Hackaday “Fail of the Week” series.

2 hours and 2 python scripts later I had my first working POC.For aesthetics I also hacked together a wget style status and watched the memory dump crawl 🙂
Another half an hour later I had the complete dump.
In the progress of my research many people suggested possible master passwords.It seems that every hd type has specific default passwords (who would have thought?) and the SeaGate passwords are mostly variations of Seagate and spaces.I already tried every possibility I found online so I was sure that the default didn’t apply here and after aimlessly looking through the dump my prediction of failure seemed all too true,but I wouldn’t go down without a fight!I still got a few Seagate hard disks in storage and it sure as hell wouldn’t hurt locking them and creating a dump.And again half an hour and one dump later I once again grepped through a dump with hexedit and sure enough / found me my password!Sadly jumping to this address in the old dump didn’t bring me the result I was looking for.Another 30 minutes and another hd dump later (again a different hd) showed me that between different models the addresses vary as well.But now that I knew that the layout itself didn’t change nothing could stop me.I searched for common features,created a small regex and tried it on the new dumps I had and what do you know?I got a sure method that found me the user and the master password contained in the dump.
Sadly the passwords for the hd I wanted to crack seemed to be garbage (because they didn’t form ascii text I could enter).Again expecting failure I tried entering the now found password with hdparm

hdparm –security-unlock $(printf ‘\x0b\x0b\x0b\x0b’) /dev/sdb

and my heart skipped a beat.HELL YEAH!IT WORKS!!!!
The owner of the HD used the bios integrated functions!I tried brute forcing the pw before,but I could have waited forever because my dictionary attack would have never worked.I had to convert my password with the scancodes of the characters to unlock this hd.And sure enough the user used 0000 as the password.

I haven’t worked on the script I used in a long time,but I don’t want that got stuck in the same situation as me to have to rewrite the script I just described and duplicate work so I will put my work in progress code onto github for everyone to see.It’s true that now no seagate hd is “secure” through this “encryption” but to be fair, they never were!For 50-100$ everybody could unlock a hd without any real proof and the loosers on the forums that tell you “Wee need to see proof that this is your HD or we can/won’t help you” simply can’t help you, because they don’t know how!And how should they know?Nobody documented this shit yet.And why trust a firm with your precious data when you can save it yourself in half an hour with parts that you got either at home (I had a cable I could use and an arduino) or get online for ~5$.
The code is located here don’t expect to much 😉 this is only my quick hack, but it works rather well and you even can fine tune a bit.
Neither the tool nor this article is finished yet, to be exact they both are far from finished but before this gets yet another Draft of mine that doesn’t get posted I will open up and share my findings.Have a nice day and keep on hacking.