Rouli.net

Steve Jobs is Still Alive and Well on Hacker News

noreply@blogger.com (rouli) — Sun, 06 Nov 2011 18:36:00 +0000

If you are a frequent patron of Hacker News, you probably have noticed that for the last month the social news site was under a deluge of submission concerning the life and death of Steve Jobs. Thirty days after his death, this phenomenon may have subsided but is still present.

To see the effect the death had on Hacker News, I fetched all the submissions with "Jobs" in their title, filtered out those concerning real jobs (the kind of jobs that pays money), and graphed below some basic statistics.

If you wonder what caused that crazy peak in the karma graph, it was "A Sister’s Eulogy for Steve Jobs", which I guess I really should read now.

Hybrid Image Generator

noreply@blogger.com (rouli) — Sat, 20 Aug 2011 16:09:00 +0000

If you have seen the picture above, blending Marilyn Monroe and Albert Einstein together, and wanted to create one of those on your own, than I guess you came to the right place. I created this hybrid image generator as a proof of concept, but I think it's quite fun.

Here's for example another Monroe hybrid:

Fridge babe magnets

noreply@blogger.com (rouli) — Fri, 06 Aug 2010 13:25:00 +0000

A common form of analog spam over where I live is the lowly fridge magnet. Many business owners leave promotional magnets on our doors, in hopes that we'll bring them into our homes to serve as a constant reminder to some restaurant's phone number or of a handyman's skills.

I always wondered whether I can cut those magnets into little tiles and rearrange them into a mosaic. As most magnets belong to plumbers (there's a 5:1 ratio between plumber magnets and food delivery magnets, not that I’m insinuating anything about the quality of the food), Ii've decided to celebrate the 25th birthday of the world's most famous plumber. After spending many evenings and weekends, I'm quite proud of the end result. For explanations on how I did it (the Why is obvious – to impress the babes), and why it turned up a little bit distorted, read on.

Click on the image to see it in full-size

How it was done

So, how do you get from this

to a mosaic that somewhat resembles Mario? With a couple of computer vision algorithms, some matching algorithms, and a lot of hard work. No way I'm doing it again without getting paid.

Step 1: Scan your magnets

I've scanned roughly 60 magnets, placing them against a pink sheet of paper, to serve as a contrasting background.

Step 2: Automatically crop each magnet

I had fun playing with a variation on Hough transform in order to automatically extract individual magnets from each scan and rotate them to the right angle (and by 'fun' I mean 'laboriously tried to tune the parameters to get the damn thing to work'). My code was based on this paper, though I haven't followed the method described there through. Which might explain the less than satisfactory results:

Notice that the pink background is showing through.

Here, early in the process errors started to creep in. Not only my auto cropping & alignment algorithm wasn't very accurate, some of the magnets themselves weren't exactly rectangular (i.e. not all of their angles were 90 degrees). Nevertheless, the errors in the following steps were even more critical.

Step 3: Digitally cut the magnets into tiles and make a mosaic

After choosing my target image, I used the Hungarian algorithm in order to find the arrangement of tiles best matching it. Unlike the previous image processing algorithm, I haven't implemented the Hungarian algorithm myself but rather took it from the internet. Quick tip to Python programmers out there - use the code linked from the Wikipedia page. I've tried using another one found on Google that looked prettier, but it was so unoptimized that even after a couple of obvious improvements was taking too long to compile the result (a couple of days).

looks pretty good doesn't it? Well, remember the errors I've mentioned earlier? Now they begin to haunt us.

Step 4: Cut the real magnets into tiles and make the mosaic

Thanks to my brother I got a nifty little tool that should have enabled me to cut the magnets according to the plan laid out by my algorithms.

but -

I wasn't able to cut tiles of the precise dimensions. I was off by no more than one millimeter, but as I went further inside the magnet, this error has accumulated.
Even worse was the fact that as time progressed the calibration of this guillotine changed a bit, so not all of the tiles were of the same size.
And lest us forget the errors I had in scanning the magnets in the first place.

My lesson here is to use lasers the next time I attempt such a feat. Toy guillotines are better than exacto knifes (at least when it comes to keeping all your fingers intact), but not good enough for this task.

Now that I’ve completed setting all the tiles in place, all that was left to do was to hang the mosaic on the wall.

Step 5: Drop the mosaic on the floor

Feel free to skip that step.

I'm not exactly sure what happened, but one moment I had the board on which I constructed the mosaic in my hands, and in the next moment it was on the floor. First I laughed, then I cried. Then I cried some more. When the crying was over, I did the only logical thing to do in such a situation: picked up all the tiles from the floor and started over. I had to reassemble the mosaic from some blurry pictures I had, since I couldn't follow the directions calculated by my algorithms, because they assume that I have the uncut magnets at hand.

Step 6: Hang it on your wall, write a blog post about it

Anyone wants some spare tiles?

Special thanks goes to:

My brother Alon for buying me the guillotine, helping me collect the tiles from the floor after I dropped the board, and proof reading this text.

Nitzan and Ella for giving me some rare blue magnets.

Spore's .png format (illustrated)

noreply@blogger.com (rouli) — Mon, 04 Aug 2008 18:22:00 +0000

Well, the obvious just happened, and I found that my work on decoding Spore's image files was in vain. A couple of clever guys from Something Awful have reversed engineered Spore Creature Creator to gain insight on the way it encodes the creature models in .png files, and then published a Python script to decode them. Looking at the encoding algorithm (which includes encryption and permutation), I'm quite sure that I couldn't find it by just examining the image files, and reverse engineering was the right path.

Following is a brief description on the steps taken by spore to encode a creature. Some of the details were omitted, just to make the big picture a bit clearer. If you know your way around Python, you may want to fill those missing details later.

So, lets start with the basics. We are given a creature model, in text format (xml) and a image of the creature. The model file is about 30k in size, and the image's width and height are 128 pixels, making it 16384 pixels long. Each pixel is composed of 4 bytes (for red, green, blue and transparency channels), which makes the image 65536 bytes long. Each byte is composed of 8 bits, where the least significant bit, the one that changes the value of the byte the least, is called the LSB.

Now, that we have our definitions straight, we can turn to the encoding process itself.
First, take the creature model, and compress it (using the deflate algorithm, nothing novel here). This usually shrinks the model size to less than 8192 bits (I'm really sorry for the Powerpoint graphics).

Add to the compressed model a header, footer containing a strong CRC (to make sure you would not open an erroneous model) and pad it with zeros to make it exactly 8192 bits long.

Now, take the image and produce an encryption key using the value of its bytes. This is done by first applying a permutation on the image bytes, and then scrambling them. The final encryption key is 8192 bits long.

Xor the compressed model bits with the key bits to produce an encrypted model. The thing to remember here is that given the key, you can simply Xor the encrypted bits again to gain the decrypted model.

Replace the the LSBs of the bytes in the image with the encrypted model bits. Since there are 65536 bytes in the image, there are 65536/8=8192 LSBs, so we have enough room for the whole creature. One last twist, you don't just replace the n'th LSB with the n'th encrypted model bit. You actually have a premutation function, p, and change the p(n)'th image LSB with the n'th model bit. Since we are changing only the least significant bits, we may not notice any change change in the output picture at all.

One thing to note - when we are creating the encryption key from the image, we don't use the image LSBs (as a matter of fact, we don't use the 3 least significant bits of each byte). This enables us to get the same encryption key from the encoded key as the one we got from the original image, even though we changed the LSBs.

Using the image as the encryption key was a smart move from Maxis, since it disable the evil user from simply taking the LSBs in one image and replacing them with LSBs from another image, to create a creature that looks one way in Sporepedia, and another within Spore. A more sinister user might have encoded a model that would crash your computer within an innocent looking image (for example, he could create a model, that when compressed weighs less than 8192 bits, but when expanded, weighs hundreds of megabytes).

So, is that all? Can we now encode the NSFW creature DonkeyPunch (by Tastyhumanburgers)

in the cute and lovely Crowned Laggie (by vib rib)?

The guys in SomethingAwful also published an encoding procedure, but it usually doesn't work. You can encode your creature in its own image, in a slightly changed version of its own image (you can move a pixel here, delete one there) and even encode the creature in a blank image. But you can't encode one creature in another's image.

We are surely missing something, but I can't tell what, two possible guesses:
1. Spore checks that the creature model resembles the creature in the image file. I doubt it, since you can encode a creature in a blank image.
2. Spore doesn't use the 3 least significant bits in each byte when creating an encryption key for a reason. We know that one of the bits is used to encode the creature, could the other two be used to encode some kind of an additional checksum? I doubt that too, but this post is long enough without going into my reasons.

Ideas?

SporeGate: the day after

noreply@blogger.com (rouli) — Tue, 29 Jul 2008 18:52:00 +0000

The email leakage that plagued Sporepedia, is now finally gone, after 3 days since it became public, and after more than two weeks since I first found it out. It was probably there from Sporepedia's day one, and more than 750000 were free for grabbing.
Now that this episode is over, here's how I've done it. No intelligence is required. As a bonus, I've attached a new mail from the masterminds of EA at the end of this post, and if you all gonna be good kids, I'm gonna tell you Will Wright's email address. There are many other interesting things to do around there, and there are some more services you can play with. I won't be surprised to find another security problem around there.

As I've said in my last post, my goal was downloading a massive amount of creatures, believing that I could learn something on the way Maxis hides creature data in the .png files. In order to do so, I had to learn how Sporepedia worked. There was some way that my browser queried Sporepedia (for example, for the first 24 creatures), and got the results back. Using Firebug a great debug tool for Firefox, I was able to see that it sent a query to www.spore.com/sporepedia/jsserv/call/plaincall/assetService.listAssets.dwr, with the following parameters (the two parameters marked in red are the first creature to retrieve, and the number of creatures to retrieve):

callCount=1
page=/sporepedia
httpSessionId=******
scriptSessionId=*****
c0-scriptName=assetService
c0-methodName=listAssets
c0-id=0
c0-e1=number:0
c0-e2=number:24
c0-param0=Object_Object:{index:reference:c0-e1, count:reference:c0-e2}
batchId=4

and got back, in plain text, the creatures details and their creatures details, including the email addresses. Now using some programming magic you could do the same requests to Sporepedia as your browser does and harvest the addresses without a problem. Moreover, you can change the parameters to get 1000 addresses at once.

Now, if you just want to know a specific user email address, say the one of MaxisWill, Sporepedia made things even easier for you. No programming or firebugging needed. If you'll try snoop around "assetService.listAssets.dwr" address you'll soon get to the sporeUserService page.

here can fill the username you want to query under findSporeUserByScreenName, press execute, and get

As simple as that.

Nowadays, you won't get the email address field. But fear not, if you still want to check whether a specific address is Will Wright's address, use the field named findSporeUserByEmail, and see if you get MaxisWill's details.

That's it. And now, as promised, one last mail from EA:

You recently contacted Electronic Arts for support of your EA game. As part of our mission to provide the highest quality support possible, we seek your thoughts on your most recent experience with our Customer Support department. The survey takes just a few minutes to complete. Your responses will help us determine ways to improve the support we provide to you.

They're kidding me, right?

See you all when (if) I would finally find how to decode the .png files! (update: here)

Sporepedia leaks email addresses

noreply@blogger.com (rouli) — Fri, 25 Jul 2008 20:02:00 +0000

I'm not a security engineer (though I wouldn't mind working in that industry). I'm just a curious guy that wanted to learn how spore encodes its creatures within .png files (see previous post). As part of this (yet to be successful) research project, I wanted to download about 100 creatures for testing purposes. This led me to look into how the Sporepedia website works, and as the title of this post suggests, I found more than I was looking for. Apart from delivering creatures' pictures and names (as you can see in your own browser), Sporepedia also delivers some creatures' stats, such as their feet number and health, and their creators email addresses.
Here's a little excerpt of what you get when you browse Sporepedia and look for the toad like creature presented above (formatting is done by yours truly):

s5.assetId=500006865544;
s5.attackRating=4.0;
s5.author=s29;
s5.baseGear=0.0; s5.bite=2.0; s5.boneCount=45;
s5.carnivoreRating=1.0; s5.charge=2.0; s5.created=new Date(1217013619767);
s5.cuteness=53.332813; s5.dance=0.0; s5.description=null;
s5.featured=null; s5.footCount=4; s5['function']=s0;
s5.gesture=2.0; s5.glide=0.0; s5.grasperCount=0;
s5.health=2.0; s5.height=1.444589; s5.herbivoreRating=1.0;
s5.id=500006865544; s5.maxAttack=2.0; s5.maxSocial=2.0;
s5.meanness=13.0; s5.name="Rana"; s5.parentId=null;
s5.posture=0.0; s5.quality=null; s5.rating=-1.0;
s5.sing=1.0; s5.social=3.0; s5.spit=0.0;
s5.sprint=0.0; s5.status=s1; s5.stealth=0.0;
s5.strike=0.0; s5.tags=null; s5.thumbnailSize=27585;
s5.totalEvoPoints=665; s5.type='CREATURE'; s5.updated=new Date(1217013619767);
s29.avatarImage="thumb/500/006/462/500006462490.png";
s29.dateCreated=new Date(1216243320000);
 s29.emailAddress="re****@hotmail.com";
s29.id=2264719288;
s29.lastUserAgent=null;
s29.name="monkey-milker";
s29.screenName="monkey-milker";
s29.subscriptionCount=0;
s29.tagline="drink enough monkey  milk ";
s29.updated=new Date(1216638225588);
s29.userId=2264719288;

As you can see, there is a creature struct linked to a creator struct, the creator struct contains the email address of the user, censored by me. True, this is not a DNS poisoning scheme, but a malevolent party can easily mine those addresses for spam and phishing. I can imagine a phishing scheme where an email apparently coming from spore.com notifies you that you are able to buy your creature "Rana" a special power for a mere $2, all you have to do is give your credit card number.

I've tried to notify EA about this issue, without success.
At first, I sent a mail to privacy_policy@ea.com, but their reply was:

We apologize, but emails regarding billing, account, technical, in-game, or Terms of Service violations or inquiries are not supported from this email address.

Please visit support.ea.com to view our knowledge base of frequently asked questions. If you are not able to find your answer there you may email the appropriate department by choosing the Ask a Question option at http://support.ea.com.

So I posted a question, or rather a warning at http://support.ea.com, and got the following reply (after a bit of correspondence):

Hello,

Thank you for contacting us here at Electronic Arts Technical Support. You can post your concern on the spore forums at http://spore.com/forum so that the administrators of the website can provide you a direct answer since they are the one managing the website.

Should you require further assistance about this or any Electronic Arts games in the future, please visit our website and review our extensive Self Help knowledgebase (http://support.ea.com).

Thanks!

However, since posting in that suggested forum required me to sign up as a Spore user, which in turn required me to risk my email address, I chose not to do so. And since posting to that forum would have made this issue public, I chose to made it public on my own turf.

Update: I encourage everyone reading this post to send a mail to EA or leave a comment in their support forums. Maybe en masse, our voices will be heard.

More Updates: Turns out that I do have an account for EA forums (they can be quite confusing for my puny mind). So I went on to register a complaint, but someone already beat me to it. If you are a spore user, and care about your email address, you should add a comment to that thread.

Last Update?: Meghan Kane McDowell who is "Producer, Pollination & Web" at Maxis, has posted that a bug fix is ready and will be deployed in 24 hours. If that turns up to be true, I'll post a full disclosure on the bug tomorrow. You are welcome to stay tuned. - here it is

Spore

noreply@blogger.com (rouli) — Mon, 30 Jun 2008 20:43:00 +0000

Following this post at Ned Batchelder blog, I've been playing with Spore Creature Creator, the new game by Will Wright, which apart from Sid Meier, is my favorite game desginer (actually, those are the only two game designers I know by name).
I won't write about the game itself, it suffice to say that from the computer science point of view, it's already marvelous, and from the biology point of view, it could be better. I would like to write a bit about how creatures are saved.
It turns out that spore saves its creators in plain .png files. Here's an example (WayneRTron):

If you open those file with any regular image viewer, you'll just see a picture of the creature. However, if you drag those images into Spore Creature Creator, the 3d model of the creature would open up.
It is still a mystery how Spore is able to do that. One thing is almost sure - the creature model is coded in the LSBs of each pixel in the image. You can see it by taking only those pictures which are fully transparent (the white background around the creature above). You'll notice then that only the LSBs of those pixels are changing. This shows that indeed something is hiding in the LSBs (why would they otherwise change if the pixels are transparent?), and that there's nothing coded in the other bits.
Not convinced yet? Take a look at the following picture.Don't worry if you don't see anything. I promise you there is indeed a picture in the center of the blank lines above (try right clicking around). The deal is that all of its pixels are either fully transparent or almost fully transparent, and if the contrast of your screen is not set to an high level, you won't see a thing. Try to save the image and load it to Spore, and lo and behold, you would see a simple green worm like creature. If you would look at the pixels composing the image, you would notice that only the LSBs are changing.

Reading the LSBs (if you haven't gone to Ned's post, do so now, to get a python script to read those pesky bits), you'll see no pattern at all. It seems that Spore's creators have either encrypted the creature's model, or compressed it. Moreover, saving again the same creature would create a different set of values for the LSBs, though the only thing that changes in the creature's model is probably a timestamp.

So we can't (yet) read the creature's model from its .png file. Can we at least change the LSBs of one creature to another's LSBs? Can we take an innocent png file and load into it a very vulgar creature (like this one, be warned), and publish it in Sporepedia? Apparently the answer is no. Such a chimera fails to load in Spore. Apparently the creature model encodes a checksum of some sort for the whole picture. I'm hopeful that this limitation could be overcome in the near future. In my next post I'll write a bit about how can one do research in this area. (A spoiler - don't upload your creatures to Sporepedia using your main email address).

Nothing new under the sun

noreply@blogger.com (rouli) — Sat, 17 May 2008 12:47:00 +0000

Hi All!
You most probably got here by mistake. If so, just gently press the back button of your browser, and no harm will be done.
In case you are not here by mistake, you must be disappointed because there's nothing here.
This blog was meant to be about natural life, artificial life and some hacking, but I can never find time for posting : / .
If you want to contact me, feel free to do so by adding a comment, or sending mail to
rouli.net /at/ gmail.com

Hope this is not a one post wonder,
Rouli