BetaArchive Logo
Navigation Home Database Screenshots Gallery Image Uploader Server Info FTP Servers Wiki Forum RSS Feed Rules Please Donate
UP: 60d, 3h, 44m | CPU: 3% | MEM: 5116MB of 12119MB used
{The community for beta collectors}

Post new topic Reply to topic  [ 1 post ] 
Author Message
 PostPost subject: Win9x DMF floppy user/org writing.        Posted: Sat Sep 17, 2016 7:55 pm 
Reply with quote
Donator
User avatar
Offline

Joined
Sat Oct 07, 2006 12:04 pm

Posts
2797

Favourite OS
Anything checked :P
I recently was lead into this research because something wasn't quite right with a set of DMF images made from a folder dump. Setup was erroring out, obviously trying to read the "name/org" data written to Disk 2.

Some research lead me to find out that this data is actually written to track 0, sector 0 of the floppy, right after the actual BPB/boot sector data, at offset 0x94:

Code:
struct diskusagedata {
  uint16_t magic; // 0x5555
  uint16_t offsetchecksum; // 0x1FA - <offset to magic>
  uint16_t length;
  char data[length];
}


On an untouched Windows 95 Disk 2, length and data should be entirely zeroes.

On a touched Disk 2, length is 0x54.

The data is encrypted with a hardcoded XOR key:
Code:
char dataxorkey[] = "sdfERzs@$&%|])\x13\x9f";
void decryptdata(char *data,uint16_t length) {
  int i;
  for (i = 0; i < length; i++) {
    data[i] ^= dataxorkey[i % 0x10];
  }
}


After decryption, the data is in the following structure:
Code:
struct decrypteddiskusage {
  char name[0x1e];
  char org[0x1e];
  char serial[0x18];
}


The strings are null terminated and padded with what seems to be an information leak.

For an example, take a look at the current (because I'm sure this touched disk 2 will be rectified soon!) disk 2 of Windows 95 4.00.499 on the FTP:

Here's the whole diskusagedata block, from 0x94 until the end of the sector, base64'd:
Code:
VVVmAVQAJwsILHI2UwxdSEYUXek+4Z6CvRdO5FsIxLihHRSgE5hb3Ly1OEDMBYE/lXis9rE8ij3bswDhJhIvYjiPbx8ir0dJVn1iV0NyFhUTT2gEJq9FXFdFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=


After decryption, you can easily see that this disk 2 was previously used by:
Code:
Name: Toni L Lynch
Company: <blank>
Serial: 26104-080-0223635-50681


..which is (almost) exactly what the setup tells you (it regens the last 5 chars of the serial, by generating 5 new random digits):

ImageImage

_________________
C H E C K E D . B U I L D S . A R E . A W E S O M E N E S S

Glitch City Laboratories ForumsSoftHistory Forumsirc.rol.im #softhistory,#galaxy

If you like my posts, donate me Dogecoin: DLnZV8DS3CaZmLKAVxL2aMijY2vUZeyjBi


Top  Profile
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 




Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  

All views expressed in these forums are those of the author and do not necessarily represent the views of the BetaArchive site owner.

Powered by phpBB® Forum Software © phpBB Group

Copyright © 2006-2020

 

Sitemap | XML | RSS