[prev in list] [next in list] [prev in thread] [next in thread]
List: dailydave
Subject: Re: [Dailydave] Resp. To halvar
From: "Dustin D. Trammell" <dtrammell () tippingpoint ! com>
Date: 2006-06-13 20:41:43
Message-ID: 1150231303.26435.105.camel () localhost
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On Mon, 2006-06-12 at 07:16 -0400, Dave Aitel wrote:
> it depends on where you come in on the stream and how much
> of the stream you have.
>
> each "block" of compressed data has a well known header.
>
> take a look at the GNU "file" command and you'll see
> examples of headers.
I came across this a few days ago. Might not be useful for what you're
trying to do but it may provide some interesting information:
http://ietfec.oxfordjournals.org/cgi/content/abstract/E88-A/6/1448
Also, there was an article in the most recent 2600 about extracting
various images and other media from Microsoft character (.acs) files by
trying decoders on every byte offset of the file looking for the headers
that the anonymous poster mentioned above. Perhaps you could try
something like that with all of the various encoders that you suspect
may have been used.
--
Dustin D. Trammell
VoIP Security Research
TippingPoint, a division of 3Com
["signature.asc" (application/pgp-signature)]
_______________________________________________
Dailydave mailing list
Dailydave@lists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic