|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] Resp. To halvar
From: Dustin D. Trammell (dtrammell
tippingpoint.com)
Date: Tue Jun 13 2006 - 15:41:43 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, 2006-06-12 at 07:16 -0400, Dave Aitel wrote:
> it depends on where you come in on the stream and how much
> of the stream you have.
>
> each "block" of compressed data has a well known header.
>
> take a look at the GNU "file" command and you'll see
> examples of headers.
I came across this a few days ago. Might not be useful for what you're
trying to do but it may provide some interesting information:
http://ietfec.oxfordjournals.org/cgi/content/abstract/E88-A/6/1448
Also, there was an article in the most recent 2600 about extracting
various images and other media from Microsoft character (.acs) files by
trying decoders on every byte offset of the file looking for the headers
that the anonymous poster mentioned above. Perhaps you could try
something like that with all of the various encoders that you suspect
may have been used.
--
Dustin D. Trammell
VoIP Security Research
TippingPoint, a division of 3Com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQBEjyMHnCjPZ3weQjsRArHfAKCFC4dAkBX2tZs9//u3BJnU01NgqQCcDWJN
Qk/O5drUCjoLI6aY9jSk39c=
=ukCa
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]