As a result of analyzing more than 60,000 Winamp skins, a large number of interesting files such as 'password-filled files' and 'mysterious advertising PDFs' were discovered



The long-established music player '

Winamp ' has a skin function that allows users to customize the appearance, and a culture has developed where users create their own skins and publish them on the Internet. As a result of collecting such Winamp skins, programmer and musician Jordan Eldridge discovered a large number of interesting files stored in the skin files, such as 'mysterious advertisements,' 'memorable photos,' and 'password-filled text files.'

The bizarre secrets I found investigating corrupt Winamp skins / Jordan Eldredge
https://jordaneldredge.com/notes/corrupted-skins/

Eldridge is an avid Winamp enthusiast and has worked on several Winamp-related projects, including Webamp , a perfect recreation of Winamp in a browser, and the Winamp Skin Museum , an online museum where you can browse a huge number of Winamp skins.

In developing the Winamp Skin Museum, Eldridge collected about 65,000 skins from the Internet. Among the huge number of skins he collected were corrupted files that could not be opened correctly. As a result of analyzing the corrupted skin files, many mysterious files were found, whether they were installed by the skin creator or mixed in.

Winamp skins are saved in the 'XX.wsz' format. This WSZ format file is actually a ZIP file with only the extension changed. Therefore, by changing the extension of a corrupted skin, it is easy to check the contents of the file. Here is an example of an interesting file discovered by Eldridge: The skin 'Wicked_Ways.wsz' contained the following 'advertisement for a bowling pin costume rental service.' 'Wicked_Ways.wsz' did not contain any files related to the skin, only a PDF file of the advertisement.



The skin, 'bobs_car.wsz', contained only a photo of the following car, which was

identified by internet volunteers as a lookout point in the UK :



The corrupted skin, 'resubmitted.2003_rsx.wsz,' was an 'encrypted ZIP file.' Eldridge ran a dictionary attack that revealed the password was 'honda.' Entering the password to decrypt it revealed the skin ' 2003_acura_rsx.updated.wsz ,' with a photo of the ' Acura RSX ' at the top. It's unclear why the creator encrypted the file.



After learning of the existence of the encrypted skins, Eldridge expanded his search to include uncorrupted skins as well, searching for files in the skins with words like 'password.' As a result, he found a file called 'Email passwords.txt,' which contained both email addresses and their passwords.

Additionally, the skin '

Chet_Baker.wsz ' contained a text file named 'secret.txt' that contained a biography of legendary trumpeter Chet Baker.



There was also a skin that included a photo file called 'Standing around the hoop.jpg.'



There was also a pattern where 'skins are stored inside skins,' and a total of 127 skins were discovered among the skins. Of these, 54 were skins that Eldridge had never seen before. In addition, the online museum 'Winamp Skin Museum' developed by Eldridge has a large number of Winamp skins available to the public, where you can check the appearance of each skin, actually move the buttons and adjustment bars, and play music.

Winamp Skin Museum
https://skins.webamp.org/



Related Posts:

in Software, Posted by log1o_hf