View Single Post
Old 27th February 2007, 00:50   #20  |  Link
lightshadow
Registered User
 
Join Date: Feb 2007
Posts: 123
Quote:
Originally Posted by xyz987 View Post
Probably the most important discovery of Atari Vampire is not the Device Key itself, but the fact that this DK is stored at 2 different positions at memory.
If there someone in this thread with a lot of memory, we can make pattern match script/program that takes the memory dump and compares patterns of 16bytes.

I could probably write it in Matlab, but that would not be efficient=(

In psudo I guess it would be something like
  • load memory dump into an array
  • initialize 2 arrays that will contain offsets of pattern matches.
  • take the 16byte starting at offset 0, and compare them with the 16bytes starting at offset 1.
  • if pattern match, save offsets and compare with 16bytes starting at offset 0 with 16bytes starting at offset 2.
  • when end of data is reached, take the 16bytes starting at offset 1, and start pattern match all over again.

if it is made general enough it could perhaps be used for finding other types of keys? Private host keys perhaps?

Good idea/bad idea?

How big is the memdump?

Last edited by lightshadow; 27th February 2007 at 01:09. Reason: typo
lightshadow is offline   Reply With Quote