The bizarre secrets I found investigating corrupt Winamp skins
In January of 2021 I was exploring the corpus of Skins I collected for the Winamp Skin Museum and found some that seemed corrupted, so I decided to explore them. Winamp skins are actually just zip files with a different file extension, so I tried extracting their files to see what I could find.
This ended up leading me down a series of wild rabbit holes where I found:
- Encrypted files which I was able to crack to discover their secrets
- A gift a dad in Thailand had made for his two and a half year old son, but didn’t want published online
- Somebody’s email password
- A secret biography of Chet Baker
- Cryptic backwards audio files
- A file called
worm.exewhich held quite the surprise - A host of extremely random images and files
- 56 previously unknown Winamp skins hidden inside other Winamp skins!
This all aligned perfectly with my love of Winamp, my love of found items and was enabled by storing all the data I have about these skins in an sqlite database (as discussed on Hacker News).
Here’s the story:
The first corrupted file I looked at contained just a PDF advertising a rentable bowling pin mascot costume:
Another was called bobs_car.wsz and, as advertised, contained just this picture, which I have to assume is the titular “Bob’s car”.
Update 2024/7/25: Someone on Hacker News identified this location as Kilmacolm Road Viewpoint in Scotland.
But then things got interesting. I found one that was an encrypted zip archive.
I took the opportunity to learn about tools for brute forcing passwords in zip files. Soon enough, I cracked it, and found its contents:
The password was "honda”. No idea why it might have been encrypted.
Another one had been created by a dad in Thailand who made an Adobe Illustrator mock up illustration of a Winamp skin he had designed as a gift to his two and a half year old son. But he didn’t know how to make it a skin, so he sent it to winamp.com (along with a text file letter) asking that it be made into a skin that he could use. The letter was very touching but he asked them not to share the skin, so I have not included it here.
I found another encrypted zip file. This time the password was not in my wordlist. After a bit of fiddling with the cracking tool’s config file, I was able to brute force it as well. The result was a valid Winamp skin!
Password was "nayane”.
I went ahead and uploaded the decrypted version here.
This got me interested in other “sensitive” things that might be included in skins, so I started searching for things like “password” inside the files inside all the Winamp skins.
I found one with a file called E-mail passwords.txt which contained… their email address and email password. Not great operational security.
Another skin contained a text file with hundreds of blank lines and then, at the very bottom, the text:
YOU HAVE FOUND THE SUPRISE!!!USE THIS PASSWORD:KEWL16
Inside the skin was a file Suprise!.zip which was itself encrypted, but the password didn’t work! Eventually I figured out that the password needed to be lower case. Inside were a bunch of .avs files:
This skin included a file named secret.txt which was just a biography of Chet Baker.
Some skins included mp3s inside them:
sqlite> SELECT skin_md5, file_name FROM archive_files WHERE file_name LIKE "%.mp3";105a63846a068bcd2199f3921c006c99|winampme/MSNet d�marrage Win-Me.mp3125a87ff1e2b7bce537aa3126b1a80d8|cool.mp3329105cd7d11d3ec1236a7333a6b46e9|WILLIAM/Winamp Skin/MegaMan/Megaman/[MegaMan X] - X Theme.mp357a98f6b68236dd22a006fc8171f94b5|SPARKY.MP37653b2504bc3d9404a17c8eca7ba71af|Knuckle-Duster/hagmans_demo.mp386080023e53a798ccda91109d33abeb7|arrrrrrg.mp39f9c65a5d416d1a97f18dd8488e8cf7b|Blair Amp Project f/Heather_Sorry.mp3a5a3a08340feb5dae3aa87af698b0654|cool.mp3b6a51893dde10f4bcbee50a1fa24b217|(Adam Sandler - Billy Madison - Back 2 School).mp3b6a51893dde10f4bcbee50a1fa24b217|(Mike Myers - Huge Head).mp3b6cf670eb351e2e76f9048a25aeb639d|Diablo.mp3b8ba93a4d427d8fd4f4c5fba7bcba627|BROTHEL - Breathe Swallow.mp3b8ba93a4d427d8fd4f4c5fba7bcba627|BROTHEL - Fuck That Noise.mp3b8ba93a4d427d8fd4f4c5fba7bcba627|BROTHEL - SunScreen2000.mp3c647cd24f5809664e0d2e210a68310c1|SKATEBOARDING - Osiris ShoesTheme.mp3c9b348ae2b93471b76ee2634a12d1dce|The Mark, Tom and Travis show/Blink 182 - Dammit (Sample).mp3d54e166f5227967e153ec40783473c0b|cos-xenu.mp3d54e166f5227967e153ec40783473c0b|lrh-xenu.mp3e47edeecb002afecf1b30ebab8c8d1e9|Destroy v2.0.mp3fcf17a808fdb485bb3e95a64debea848|Diablo.mp3
For example this bizarre five second cool.mp3.
cool.mp3
This skin included a file named Sovergein Sect.wav.
Sovergein_Sect.wav
Upon listening it sounded like it was being played backwards, so I reversed the audio file:
Sovergein_Sect_mp3cut.net.mp3
I think it’s someone saying the name of the skin and some other information?
Update 2024/7/25: @PenanceArkana on Twitter:
The “Sovereign Sect” audio appears to say “Alien Workshop Sovereign Sect 2001”. “Sovereign Sect” is/was what appears to be a collaborative skate products effort between Habitat Skateboards and Alien Workshop Skateboards.
Some days later I found a skin that contained just one file: WORM.EXE That sounds dangerous!
I fed it to Virus Total but it didn’t detect any issues. So, someone in the Webamp Discord bravely tried running it in a VM and got this prompt:
It was a worm game, like the game snake!
Here’s top speed:
Another skin had just one file Standing around the hoop.jpg
Another one contained just a single file ellie.bmp Here’s Ellie I suppose?
Reencoded as .png
Another had two new born baby pictures and a text file:
Here is a few pictures of Dom’s baby.
Joe
Finally, I thought to look for skins that contained other skins within them, and discovered 127 skins! 54 of which were not already in the museum, so I uploaded them.
It’s so interesting how if you get a large enough number of things that were created by real people, you can end up finding all kinds of crazy stuff! This was such an amazingly strange and interesting ride!