ROM Trojan Scanner

BLYND · October 12, 2005, 09:25:13 AM

Quote from: "look"http://darkfader.net/

There is info on here that shows you how to search a rom for the bricker code.

Also DF says he's now trying to write a fixer program.

Bit of an oddball. Obviously a clever guy but seems to be a bit of a schizo.

From Darkfaders site:

Quote
You can detect DSbrick by using DSbrick.signature and the utility grep:
grep -F -U -f DSbrick.signature FileToBeTested.nds

Thought this deserved it’s own thread.
So supposedly there is a rom trojan scanner produced by Darkfader.
Now, would you trust this not to add something nasty to the ROM you are supposed to be scanning?
Someone please let me know when you have tested this.

Also a nice GUI would be good if someone can build one – otherwise I will just use a .bat file…

It would be good if someone volunteered to test roms and apps like these. We could alll donate a couple of $'s to help pay for any collateral damage caused on the way - for replacement bricked supercards etc...

mgarrine · October 12, 2005, 09:29:11 AM

the community should reject all the activity of this vile man, darkfader, how you can still trust it?

the crc-32 method is the solution, please be aware by the thing this animal will let you download form its website...
bye :wink:

NT · October 12, 2005, 09:48:47 AM

I don't see how grep could add malicious code to a ROM.

Here's what those grep command line options do:

Quote-F, --fixed-strings
    Interpret PATTERN as a list of fixed strings, separated by new-
    lines, any of which is to be matched.

-U, --binary
    Treat the file(s) as binary. By default, under MS-DOS and MS-
    Windows, grep guesses the file type by looking at    the contents
    of the first 32KB read from the file. If grep decides the file
    is a text file, it strips the CR characters from    the original
    file contents (to make    regular expressions with ^ and $ work
    correctly). Specifying -U overrules this guesswork, causing all
    files to be read and passed to the matching mechanism verbatim;
    if the file is a text file with CR/LF pairs at the end of each
    line, this will    cause some regular expressions to fail. This
    option has no effect on platforms other than MS-DOS and MS-Win-
    dows.

-f FILE, --file=FILE
    Obtain patterns from FILE, one per line.   The empty file con-
    tains zero patterns, and therefore matches nothing.

look · October 12, 2005, 10:01:07 AM

the grep is to search a file for the bricker sig

run the grep on the suspect rom and if it finds a match dont use it

socket · October 12, 2005, 10:10:39 AM

yeah, this will definately work. i really dont understand darkfader, he seems like 2 different people.

look · October 12, 2005, 10:17:51 AM

You should be able to perform similar tests using a hex editor.

Someone (with skills) should be able to bodge a vbscript to do this too.

for a nice little windoze app.

come on chop chop!

Overdrive_X · October 12, 2005, 10:24:52 AM

Quote from: "socket"yeah, this will definately work. i really dont understand darkfader, he seems like 2 different people.

Nah , sometimes when people trust themself too much this is what happening.

SigmaX6 · October 12, 2005, 12:00:36 PM

ive stopped dloading backups completly until somone like romman adds anti brick coding, to there patchers, or atleast gets a win based gui up and running to scan them

socket · October 12, 2005, 12:41:30 PM

I'm thinking a simple windows tool would be fairly easy to make. I'll see what I can come up with if i have time.