How I trusted my intuition and was very stubborn

Have you ever had an elusive feeling as if you were on the right track? Perhaps you did something, unconsciously realizing that you are moving in the right direction, you felt that elusive state when "I have no idea what I'm doing now, but it seems to me that I am on the right path." I often have this condition. Your attention is invited to a modest story that happened to me a few years ago. I apologize in advance if I misuse technical terms somewhere, correct me in the comments, thank you.

Actually, it all started with the call of my beloved sister and a description of the immediate problem that stood before her. The following happened - the organization in which she worked a year ago ordered the creation of a site with 15 virtual tours (this is where, using the built-in flash player, you can twist in all directions and explore the space around you, for example, a hotel room). At some certain point, as you probably already guessed, all virtual tours on the site instead of colorful pictures began to show an error: “Error 20” on a beautiful white background. With this and I had to figure it out.

To begin with, having studied the principle by which these virtual tours were built into the site, I found out the following:

• Each virtual tour is a file with the .ivp extension .
• Tours are loaded with a special flash player.
• The error, in fact, throws this very player

At first, I began to sin on the fact that someone's “curved handles” had spoiled something, but after a brief torture of the system administrator, it turned out that no one had touched the site. The file change date was the same; there were no traces of a virus or web shell either. But something told me that I must get to the bottom of the truth and, I will not torment you, the problem was quickly localized and surrounded.

It turned out that if you translate the date a few months ago, on the computer from which the site opens - virtual tours work fine and no errors are observed. At that moment for me this behavior was not a special revelation. Somehow, working in the same organization, where I was engaged in supporting all computer equipment, there was a similar problem, a certain configuration written in 1C successfully fell on certain days, as scheduled, after which the company supporting this configuration sent a specialist and he took a long time and painfully (for several days) restored work. After another fall, it seemed to me too suspicious and I changed the system time a day ago, in the end everything worked, there was a terrible scandal :). But the story is not about that.
')
It turned out that the problem arose when the top management decided to refuse the services of monthly web site support from the web studio that created it. Apparently, in this way, they decided not to let their clients go. Anticipating the issue - all works were paid on time and in full, including for each virtual tour. But this is a business, a stern Russian business :).

Everything could have ended already then, but the creators of the tours rested like the ram at a new gate and didn’t admit their guilt, just ignoring the claims. Of course, one could go to court, or make new virtual tours - but this is not our method, Shurik!

Actually, I was determined to help, and so that justice would prevail, I began to think about how to make the "whisker work". Using a great search tool on the Internet and knowing the file extension, I quickly found a foreign website selling a program to create these very virtual tours. After examining the site, I found out that each file of the virtual tour is encrypted in some tricky way, and only a “proprietary” flash player, which is intended for this, can decrypt it. It is worth noting that in data encryption, I am a complete layman.

The first approach to the projectile

I tried to decompile the flash player on hand to remove the restriction on date validation with the help of several programs designed for this purpose. Actually, here I failed completely, perhaps my crooked hands did not allow me to do this, but what I received as a result was completely unreadable. Depressed

The second approach to the projectile

He turned his clear eyes to the files of virtual tours. At this moment I had a feeling that I described at the very beginning of the article, it seemed to me that I would succeed. Just like that. Do and succeed.

Well, I did the following, downloaded the hex editor and opened the file with the virtual tour, what I saw can be viewed on the first attached image. Not a very inspiring sight. At that moment, I couldn’t even think how to achieve something from the received squiggles. Why do I open the encrypted file with a hex editor and look at it. It seems to me that any sane person would not do what I do. Now it seems to me utter nonsense. Actually, then it seemed to me to be nonsense too, the only thing I felt was the unquenchable feeling that everything would work out - how? why? from where I dont know.



It turned out that only the area highlighted in pink is repeated in each file of the virtual tour, and everything that goes below does not. For a start, I found a normal example of a virtual tour that worked on the current date and compared it with my experimental ones. It turned out that his one-to-one pink part coincides with my tours, apparently, this is general official information.

Idea

She came to me suddenly and very clumsily, I understood how to restore the files, you just need to find a place where the date is stored on which the virtual tour will work and change it, or change some general parameter that is responsible for displaying the tour. And it should be done in the blind, in the HEX-editor, randomly changing arbitrary characters to other arbitrary characters. Funny No one. No one dares to offend Hippo> <.

After some thought, I realized that the date or the parameter that is responsible for the display will most likely be at the very beginning of the file, or at the end, and in the middle there will be information about the tour itself. But most likely at the beginning. Therefore, I singled out for myself an approximate area of ​​work, roughly speaking, something like this:



And he began to change symbols :) Perhaps it would seem “a little” stupid and inadequate to someone, I just took any symbol or several symbols, changed them to any others and checked whether the virtual tour works, of course, it did not work, but fell off with an error like "Corrupted file".

This lasted for several hours, I tried to insert the zone from the working tours downloaded from the official site and the like. I think I rather quickly approached the moment when you can look at yourself in the mirror and say: "Well, you, duraaaak." At that moment I completely felt the absurdity of my attempts.

A few hours later I decided that everything was enough, this is utter nonsense, I even closed the hex editor, deciding that it was time to do other things or else I would go crazy, but finally I decided to change two characters for the last time, opened the file and replaced these selected characters with “RS” (I don't know why, I just copied them from another tour):



For me at that moment a miracle happened, such a feeling as I then rarely experienced, it worked! The file began to work on the current time. It was something, I was right, it was possible!

Further events developed as follows, I wrote a simple PHP script that opened the file indicated to it and changed characters in a certain range, in order, it turned out that to remove the restriction, the spread for changing characters was quite large, sometimes it was necessary to change 1 I indicated the symbol, sometimes 2, for the change of position approximately as follows: from 135 characters to 180. Given that the options for each character are 255 (without the initial one), the script generated a huge number of virtual tour files from which it was necessary to find a worker.

I solved this problem quickly by downloading the tour player for win7 from the program’s website, writing all the files into one folder and opening this folder in thumbnail view or something like that, after which I just visually looked through the folder among the white sheets, I caught a glimpse of a colorful icon and it was a working virtual tour :) Needless to say, when it was necessary to change 2 characters of files there were thousands.

By the way, it turned out that the options under which the tours will open are several, that is, sometimes I received 5-6 working files with different changed characters in different places.

After that, I quickly restored half of the virtual tours and put them on the site, I decided to deal with the rest later, because Immediately restore them failed. But this did not have to be done, literally in a few days the “web studio” who did the tours sent the files without reference to the time and everything ended well.

Actually, this is such a story, perhaps without knowing it, I did something from the usual practice? I will be glad to your comments.