VLC Kill Bill: Easter Egg Reverse Engineering

Показать описание

This was a fun little project - hunting down an easter egg in the open source code of VLC.
I made this video in 2018.

-=[ ❤️ Support ]=-

-=[ 🐕 Social ]=-

-=[ 📄 P.S. ]=-

All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.

#EasterEgg #ReverseEngineering

Рекомендации по теме

Комментарии

"I stopped being dumb and looked for the image that was used..."
\*snaps singers\* and my stupidity was no longer.
Amazing!

playerguy

I'd love to see more of these side tangents. I bet there are loads of hidden Easter eggs in everyday software.

rubberbawlz

Me to my brain : "Stop being stupid."
My brain : "Understandable have a nice day."

infreezydark

The comments are just to make it look like Ki is referencing the term ‘kilobytes’ and Bi referencing ‘Bidirectional’.. just helped make the code look like it was doing something more useful than an egg to a glancing eye. nicely hidden.

hiburn

I like how above the if-condition is the comment: "don't ask" xD

neintonine

Interviewer to vlc team: what’s your favourite movie
Vlc team: you are going to see that one day

zsin

Quick note - changing the file name *does* work, you just have to make sure the words are separated by a space: "kill bill.mp4" as opposed to "killbill.mp4"

benchilcott

"Ki-Bps" and "bi-directional" are probably intended a defence against anyone stripping punctuation from the source code and grepping that.

jamesflames

On linux i changed name to "kill bill.mp4" and it worked ...
EDIT: Both on windows and linux any sequence of <prefix> "kill" <any one byte linking character> "bill" <suffix> will work as filename
In the video you omitted the linking character

krzysztof-wsog

For those who wants to find it : the full path of the file is and it has been remove the 29th of May 2020 (commit so it is not on the master branch any more.

On Linux you just need "kill bill" to be in the file name (with any character instead of space between the 2 words like "killobill").

EDIT : found the commit when it was added : (Jan 4 2018)

kajikabis

When it's more about the learning process rather than the Easter Egg. Love it.

conanbdetective

0:45 You should have spaced out the name. I put "kill bill" as the name of a random video file (didn't even delete what was there before), and it worked normally for me.

MTMguy

4:01
"Ki" /*Bps*/ "11"
"Bi" /*directional*/ "11"

Ki11
Bi11

Very nice!

cheesypoohalo

I thought they would hide it with an obscure regular expression.

markm

Great video!

Regarding VideoLAN's comment at 4:09

"Also KiBps could be something valid"

I took this to mean that, because the string "KiBps" looks like a valid unit of measurement, for example, that it wouldn't set off any red flags for someone who wasn't specifically searching for the word "Kill" in the source code.

I think their intent was to clarify how this obfuscation approach simultaneously makes this Easter egg harder to spot by the casual observer as well as by an observer specifically trying to spot how the Easter egg was implemented.

EXQEX

To add to this project: It would seem it not only looks for the movie's name, but also looks for the names of other media associated with it. I have a file called "Meiko Kaji - The Flower of Carnage.mp3" which is a soundtrack used for the film. Despite no mentions of the words or phrases "Ki", "Bi", "Kill", "Bill", "Kill Bill" in the metadata of the file, it gave me the Kill Bill stylized traffic cone at the end as well.

DBAWESOMESAUCE

My first thought was maybe they hashed the strings but no, a simple comment was all. Always a good thing to remember, sometimes simple is just as effective.

QuickNETTech

That's real nifty. I just tried to reproduce it with an audio file and it showed up the same way as the video file. I think its because they are reading the "Title" information for the file loaded.

Also, I did not know that VLC was open source even though I should have known this. I just simply used it because it was a better alternative.

SageChaozu

Huge code repos are scary! Is there a tool (static analyzer) where you can see call graph, structures, definitions etc.? Edit: for source code of course

gentlevandal

Yeah that's one thing I always do when a tool I use is broken (or there isn't documentation), search the error message in the source to see what triggers it, and start from there, rather than try to follow the code path from main.

tsobf

VLC Kill Bill: Easter Egg Reverse Engineering

VLC Kill Bill: Easter Egg Reverse Engineering

Microsoft Edge Has a Secret Linux Easter Egg😁Ubuntu 21.04🕹 #shorts

The Easter Egg For Geeks | PCB design on a Real Egg

Drawing VLC Player🔥🤯Logo Using Python #coding #programmerlife #cse #cs #btech #ytshorts #turtle #diy...

How to Download and Install VLC Media Player.

5 Easter Eggs Hidden in PC Hardware

Download Youtube videos using VLC Media Player

How to rotate video in VLC?| Settings tutorial| SirJayson

NUESTRO ÚLTIMO VIDEO

Video Tutor: Install VLC for Ubuntu Unity/Mint-Best Media Player

How to Take Photos, Snapshots VLC & Paint Tricks

5 fonctions CACHéS dans vos PC, smartphone et navigateur ! EASTER EGGS

The End Of Haxember - See You In 2020!

Analyzing the Blocky Logic Puzzle - Pwn Adventure 3

Easter Eggs en PROGRAMAS QUE USAS EN TU PC

kill issue

Cazzu || easter egg

SIEGECAST: Buffer Overflow 101

Fake XSS Tested on Website NASA

HOW TO USE VLC MEDIA PLAYER AND SOME INTERESTING VIDEO EFFECTS-PART III-LEARN WITH SURYA-SURYA TEJA

Showing various security issue of the Wifi-Cloud Hub

A short demonstration results of GTA 2 reverse engineering with Ghidra.

So, Eggs are Engineered in an Amazing Way.

Reverse Engineering The Witcher 3 - Gwent Mini-Game