Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

A Filemaker Story

All the collected blog posts from the members of our community, and some others
(i.e. both from <a href="http://www.woodmann.com/forum/blog.php">local</a> and external blogs, please let us know about any good external ones to import!). Feel free to discuss/comment any blog post in here.
Posts: 61
Joined: Tue Jul 31, 2007 8:38 am

A Filemaker Story

Post by dion »

once upon a time, i saw a request for filemaker target. so, i took my time to familiar myself with it (as normal user), as it was the first time i ever heard about it.

one thing that appeal to me that time, was, it's capability to produce a so called runtime application, or in their term, a filemaker solution, by means of developer tool menu at filemaker pro.

so, like a noob, i tried to break at msgbox error, to see where things go. but after sometime, i failed to got one, and i dropped it. it took a while since i didn't really have much free time, to get back into it. and this time, i start with none but with winhex (no debugging at all), collecting any information i can get about this filemaker.

i was thinking as a real noob. so, this is a database application. see, let say i made a table and put a 'name' field as text, and type some text in, to see where it goes in the file. alas, i can't find that text i typed in, in the file that just created. so, i assume there is somekind of encryption involved.

there is a bit pre-assumption i made. this is a database, so, it will hold a massive size of data. so since it'll involve a huge data read/write, as a programmer, i'd use something fast. block cipher speed is fairly good, but i didn't see any reason why it should be used for entire table fields.

so, i made 2 file, with palindrom texts to test it, i.e. text in file1 : "abcd", text in file2 : "dcba". scan the diff with winhex, and found that there were actually some strange bytes forming palindrom sequence. it is actually a bit long to notice that. but it was that time, i found that Examdiff ease my job excelently. so, right now, when i need to compare things, i use it. winhex compare routine is dumb.

at first, i thought it was a subtitution cipher. but as i revisit my preassumption, it can't be true. subtitution can really take a long delay, so it won't be suitable. a simple xor maybe? and then i test it, IT IS!! (i was a bit glad).

so, now i know how the texts 'encoded' in the file, what next?
let see how things managed inside the binary file. i opened it up with winhex, and letting my eyes stared at it, again and again. to ease seeing things, i set 2 window in winhex, one opened it normally, and one opened it and xored (so i can see texts clearly).

the first one i noticed, was, the file content somehow managed for every 1000h bytes (later i found it called a 'page' in filemaker term). and it was interest me that in the beginning of each page, there are some bytes showed some small number. i took a note for every pages in the file, and made an assume, that it was a linked list struct numbers. so, i take my time to observe some another filemaker file, and i thought, it's true.

i also took advantage of recover menu from filemaker pro, to recover a dummy file, just to see the recover log. there are some usefull information i got there. well, i learned 'page' term from there ;)

so what else?

well, at the time i found that it was a linked list, i was thrilled enough to continue exploring the binary further... so, i don't really want to spoil anything here, but i'd rather let the reader to do their homework :D
Junior Member
Posts: 3
Joined: Thu Dec 05, 2013 5:00 pm

Post by Sipher »

VERY interesting.... and I think this is the FIRST post of someone investigating and giving some clues on the Filemaker files.

Thank you.

Dion... have you investigated this any further?? Am particularly interested specially to see/know if I can get these files to load in Olly. Like you know, Passware removes the passwords on the files but there is still no way of bypassing any registration routines encoded within the file.

Your insight will be appreciated.