Skip to main content

Notice

Please note that most of the software linked on this forum is likely to be safe to use. If you are unsure, feel free to ask in the relevant topics, or send a private message to an administrator or moderator. To help curb the problems of false positives, or in the event that you do find actual malware, you can contribute through the article linked here.
Topic: wanted: damaged sample files (lossless, lossy) (Read 2813 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

wanted: damaged sample files (lossless, lossy)

i'm looking for damaged audio samples that i can use for testing, particularly header/frame issues, block misalignments, inconsistent headers,  files that don't conform to the format spec., files that include incorrect/obsolete metadata, etc.....

i searched the uploads form pretty thoroughly but didn't identify much of interest

Re: wanted: damaged sample files (lossless, lossy)

Reply #1
Possibly a tool i wrote long time ago could be useful to you:

Quote
I wrote Damage to test the error recognition and recovery abilities of my new lossless audio compressor TAK.

Damage generates a copy of user selected files, applies the extension '.err' and then damages the copies. You can define damage (bit-) patterns and the frequency of the damage. A list of the changes of the data is beeing written to a protocol file.

Link: Damage 1.02

Re: wanted: damaged sample files (lossless, lossy)

Reply #2
your tool sounds interesting but i use Linux - if you're willing to share the source perhaps i can port it

Re: wanted: damaged sample files (lossless, lossy)

Reply #3
Are you looking for anything in particular?

If you run a fuzz-tester (for example American Fuzzy Lop or AFL) on a decoder, you can easily get loads of broken files which are broken in interesting ways, but the tool doesn't tell you which way they are broken.
Music: sounds arranged such that they construct feelings.

Re: wanted: damaged sample files (lossless, lossy)

Reply #4
Quote from: ktf on
Are you looking for anything in particular?

not really, just the kind of problems i mentioned in the first post

Quote
If you run a fuzz-tester (for example American Fuzzy Lop or AFL) on a decoder, you can easily get loads of broken files which are broken in interesting ways, but the tool doesn't tell you which way they are broken.

i'd need to know what's broken so i can test for the particular problem, however a fuzz tester may come in handy also - thanks for mentioning

Re: wanted: damaged sample files (lossless, lossy)

Reply #5
For FLAC I created a testbench which only contains valid files, but that is already enough to break quite a few decoders, see here: https://hydrogenaud.io/index.php?topic=121478.0 and here https://wiki.hydrogenaud.io/index.php?title=FLAC_decoder_testbench

I had the idea to also create a testbench with broken files as you suggest, but one of the problems that I already have with the testbench of valid files, is that might prove a tool for black-hat hackers. This is even more so  for invalid files.

That's why I think you'll have a hard time finding such a thing: it the wrong hands it can be quite dangerous.
Music: sounds arranged such that they construct feelings.

Re: wanted: damaged sample files (lossless, lossy)

Reply #6
Quote from: ktf on
I had the idea to also create a testbench with broken files as you suggest, but one of the problems that I already have with the testbench of valid files, is that might prove a tool for black-hat hackers. This is even more so  for invalid files.

That's why I think you'll have a hard time finding such a thing: it the wrong hands it can be quite dangerous.

That's some weird logic. Broken decoders will always be more helpful than specific broken samples. Getting the decoders fixed (the ones that are maintained at least) is what should (and hopefully would) make life harder for the wrong hands to do damage.

Decoders like ffmpeg and libflac are fuzzed and thoroughly tested by first party developers/maintainers and others like Project Zero already. If something they missed was discovered and published. That's definitely better than something getting discovered and not published. And responsible disclosure is already a streamlined process.
 

Re: wanted: damaged sample files (lossless, lossy)

Reply #7
Quote from: hydroplane on
i'd need to know what's broken so i can test for the particular problem, however a fuzz tester may come in handy also - thanks for mentioning
Not sure if what I have here qualifies (since I don't know what's broken), but: recently I got a (previously valid) broken FLAC and MP3 file caused by some choking, or hardware cell damage, when I copied those files from an SD card. I can't share them here since they are more than 30 seconds long (and that would violate the forum's ToS), so I'll try to get them to you in other ways.

Chris
If I don't reply to your reply, it means I agree with you.

Re: wanted: damaged sample files (lossless, lossy)

Reply #8
Quote from: 2012 on
That's some weird logic.
You mentioned 'responsible disclosure'. If I distribute a bunch of files that might trigger security issues in various programs, that's hardly responsible disclosure, is it?
Music: sounds arranged such that they construct feelings.

Re: wanted: damaged sample files (lossless, lossy)

Reply #9
Quote from: ktf on
Quote from: 2012 on
That's some weird logic.
You mentioned 'responsible disclosure'. If I distribute a bunch of files that might trigger security issues in various programs, that's hardly responsible disclosure, is it?

What I was trying to say is disclosing (notifying the security mailing list) then publishing after a wait period, is better than neither disclosing nor publishing.