Dailydave mailing list archives
Re: Resp. To halvar
From: "Dustin D. Trammell" <dtrammell () tippingpoint com>
Date: Tue, 13 Jun 2006 15:41:43 -0500
On Mon, 2006-06-12 at 07:16 -0400, Dave Aitel wrote:
it depends on where you come in on the stream and how much of the stream you have. each "block" of compressed data has a well known header. take a look at the GNU "file" command and you'll see examples of headers.
I came across this a few days ago. Might not be useful for what you're trying to do but it may provide some interesting information: http://ietfec.oxfordjournals.org/cgi/content/abstract/E88-A/6/1448 Also, there was an article in the most recent 2600 about extracting various images and other media from Microsoft character (.acs) files by trying decoders on every byte offset of the file looking for the headers that the anonymous poster mentioned above. Perhaps you could try something like that with all of the various encoders that you suspect may have been used. -- Dustin D. Trammell VoIP Security Research TippingPoint, a division of 3Com
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Resp. To halvar Dave Aitel (Jun 12)
- Re: Resp. To halvar Dustin D. Trammell (Jun 14)