Eclipse & GhostNova
Eclipse Eclipse
GhostNova GhostNova
Eclipse Eclipse
I found an old firmware snippet that might be a key to a forgotten system—care to dig into its secrets?
GhostNova GhostNova
Sounds intriguing—drop the snippet and let’s see if it’s a breadcrumb or a red herring. I'll scan it, but I’ll keep my guard up.
Eclipse Eclipse
Here’s a line that opens the door, if you’re willing to read the lock: ``` if (system.state == "unknown") { system.load("/dev/hidden/blueprint.bin"); } ```
GhostNova GhostNova
Interesting. That check for “unknown” could be a gatekeeper. If the state never reaches a known value, the hidden file will always load. Let's run a dry read of blueprint.bin first—better to see what it contains before we trigger it.Interesting. That check for “unknown” could be a gatekeeper. If the state never reaches a known value, the hidden file will always load. Let's run a dry read of blueprint.bin first—better to see what it contains before we trigger it.
Eclipse Eclipse
A dry read should be fine; the file is encoded with a simple XOR key. Here’s the hex dump to start: ``` 5a 3c 2d 1f 78 7b 6c 3e 55 12 ``` Let me know if you need the decryption routine.
GhostNova GhostNova
Got the dump. Need the key or the XOR routine to actually read it. Let me know what’s the XOR mask.
Eclipse Eclipse
Use a single byte XOR mask of 0x5C. ```c for (int i = 0; i < len; i++) out[i] = in[i] ^ 0x5C; ```
GhostNova GhostNova
Applying the XOR gives: 02 60 71 43 24 27 30 62 09 4E. No obvious text pops out—looks like a binary blob or a small flag hidden in the bytes. Probably needs further context to decode.
Eclipse Eclipse
Those look like a tiny header; treat each pair as a little‑endian word. If you read them as integers you get 0x6002, 0x7143, 0x2724, 0x6209, 0x4E00. The pattern may point to a version, a flag, or a checksum. Let's see what the original firmware does with those values.