Sunday, February 28, 2016

Incomplete, or unfinalized GoPro Videos

The GoPro camera is very popular for activities that involve action.  At times these can go wrong and the camera can be thrown off, and sometimes stop recording.

The latest version of GoPro recovery (V1.25) can recover these partial files for Hero 3 camera.

When a camera is stopped from recording video data is normally left on the memory chip in an unplayable format.  It is this data that the GoPro recovery software will find and reconstruct into a playable video file.  GoPro recovery software goes much further than most packages as it will demultiplex the low and high resolution video and audio streams.  Thus a new file might be created out of maybe 100 separate fragments.

How much data will be recovered.  This is a slightly harder question.  When the camera records, obviously at first the video is saved in memory, and then written to the memory chip.  The unknown question is how quickly is data written to the memory chip, ie how much data up to the point of failure will be saved.  The answer is probably up to the final few seconds.

On some recent examples recovered using GoPro Recovery, the saved data seems to have stopped between 1 and 3 seconds before the critical event.  On one occasion this was made worse beacue the police, thinking nothing further could be recovered, told the owner to use the memory chip again.  On this occasion, the saved data was set by the file system, which is almost certainly updated after the data has been written to the memory chip.  ie there would have been more video data saved in unallocated memory which was then overwritten.

The new version of V1.25 works for just Hero 3 cameras, it has a very good reponse to low res videos, but can be slightly mixed with high res video.  This problem will be resolved very soon, and support for Hero 4 cameras will be added next

Monday, February 1, 2016

Digital signatures and SHA256

A very important point for anyone selling software is to make sure that the demo downloads and works.  A critical point of the download is that it is not recognised as a virus, or malicious software.  Hence, for the past several years, all my software has been digitally signed.

The signing was with a SHA-1 signature, and a recognised certificate.  Recently, (Jan 2016) this started give nasty warning messages on downloads.  What has happened is that SHA-1 is no longer considered safe, and so from 2016, web browsers etc have started to look for SHA-256 signatures.

The solution was to contact GlobalSign who provide my certificate,  and they very quickly supplied one with a SHA-256 code.

The next stage was updating my batch files to add the signature.  This was a matter of changing the .PFX name and the password, and all almost worked.  It worked, but the signature was still showing as SHA-1.  Curiously, the code signed within InstallShield 2015 was showing SHA-256.  This did mean my new certificate was correct.  It turned that my signing routine was along the lines

c:\signtool  sign  /f 1234.pfx   etc

By default the sign routine adds a SHA-1 signature, when I changed the line above to be

c:\signtool  sign /fd SHA256  /f1234.pfx  etc

it all worked OK.

Hopefully my programs will now download without alarm bells.