Deobfuscate file
in [Cryptography]
|
From: Tom St Denis on 12 May 2010 08:46 On May 12, 8:36 am, "balzer" <nos...(a)news.eternal-september.org> wrote: > "jbriggs444" <jbriggs...(a)gmail.com> wrote in message > > news:b23d01a7-a00a-4409-84c2-3d376301737d(a)42g2000prb.googlegroups.com... > On May 12, 7:08 am, "balzer" <nos...(a)news.eternal-september.org> > wrote: > > > > > > > "Tom St Denis" <t...(a)iahu.ca> wrote in > > messagenews:9a8297c3-54b9-4e24-a969-3bc1bcd0c8c7(a)q30g2000yqd.googlegroups.com... > > On May 12, 5:59 am, "balzer" <nos...(a)news.eternal-september.org> > > wrote: > > > > How to deobfuscate file stroed inside Array > > > > %b=Array(c(077),c(090),c(144),c(000),c(003),c(000),c(000),c(000),c(004),c(0 > > > 00),c(000)::this > > > line is 248413 characters long::c(000),c(000),c(000),c(000 ),"") > > > > Is this binary or ASCII strings obfuscated? > > > first two bytes presumably are MZ, it could be an EXE header. > > > Tom > > --------- > > which method used to convert EXE to this strings? Its not base64. > > [Log on to a Windows machine and go to the DOS prompt] > C:\> dir *.exe > ... > putty.exe > ... > C:\> notepad putty.exe > > MZ...(gibberish here)...This program cannot be run in DOS mode... > > Note the first two characters in the file contents. Compare to other > executable files. Note pattern. > -------- > > well, I guess every byte is encoded in octal or decimal notation? What is > encoding utility for this? Some online tool that convert exe to strings? Heck if I know, it's not exactly hard to reformat a binary file as some programming language constant. Tom
From: jbriggs444 on 12 May 2010 12:55 On May 12, 8:36 am, "balzer" <nos...(a)news.eternal-september.org> wrote: > "jbriggs444" <jbriggs...(a)gmail.com> wrote in message > > news:b23d01a7-a00a-4409-84c2-3d376301737d(a)42g2000prb.googlegroups.com... > On May 12, 7:08 am, "balzer" <nos...(a)news.eternal-september.org> > wrote: > > > > > > > "Tom St Denis" <t...(a)iahu.ca> wrote in > > messagenews:9a8297c3-54b9-4e24-a969-3bc1bcd0c8c7(a)q30g2000yqd.googlegroups.com... > > On May 12, 5:59 am, "balzer" <nos...(a)news.eternal-september.org> > > wrote: > > > > How to deobfuscate file stroed inside Array > > > > %b=Array(c(077),c(090),c(144),c(000),c(003),c(000),c(000),c(000),c(004),c(0 > > > 00),c(000)::this > > > line is 248413 characters long::c(000),c(000),c(000),c(000 ),"") > > > > Is this binary or ASCII strings obfuscated? > > > first two bytes presumably are MZ, it could be an EXE header. > > > Tom > > --------- > > which method used to convert EXE to this strings? Its not base64. > > [Log on to a Windows machine and go to the DOS prompt] > C:\> dir *.exe > ... > putty.exe > ... > C:\> notepad putty.exe > > MZ...(gibberish here)...This program cannot be run in DOS mode... > > Note the first two characters in the file contents. Compare to other > executable files. Note pattern. > -------- > > well, I guess every byte is encoded in octal or decimal notation? What is > encoding utility for this? Some online tool that convert exe to strings?- Hide quoted text - > > - Show quoted text - What tool are you searching for? One which will take an executable file and encode it as a magnetic pattern on disk? Or one which will take the magnetic pattern on disk that encodes an executable file and recover from it the glyphs for "M" and "Z". The utility normally used for the former is called "copy". In some environments it may be referenced as "cp" or even "PIP". Support routines to facilitate the proper functioning of this utility program are found in things called "operating systems", "drivers" and, for instance, "SCSI disks". The latter function can be performed by a number of utilities such as "notepad" (see the posting you are responding to), "type", "cat" or "dump". Again, significant support from the operating system and, in particular, the display subsystem and its font library is typically required. Advanced practicioners have been known to read executable code directly from 8 track punched paper tape or from 9 track magnetic tape with the naked eye. Few and far between are the reports of someone performing the reverse operation with a hole punch or a magnet. But I digress -- bootstrap loaders on paper tape tend not to be prefixed with a fixed header such as "MZ". You whippersnappers need to learn to toggle in the primary bootstrap code by hand.
From: balzer on 12 May 2010 14:23 "jbriggs444" <jbriggs444(a)gmail.com> wrote in message news:506f1866-34a8-4763-a9a9-2779596e2ce5(a)u20g2000pru.googlegroups.com... On May 12, 8:36 am, "balzer" <nos...(a)news.eternal-september.org> wrote: > "jbriggs444" <jbriggs...(a)gmail.com> wrote in message > > news:b23d01a7-a00a-4409-84c2-3d376301737d(a)42g2000prb.googlegroups.com... > On May 12, 7:08 am, "balzer" <nos...(a)news.eternal-september.org> > wrote: > > > > > > > "Tom St Denis" <t...(a)iahu.ca> wrote in > > messagenews:9a8297c3-54b9-4e24-a969-3bc1bcd0c8c7(a)q30g2000yqd.googlegroups.com... > > On May 12, 5:59 am, "balzer" <nos...(a)news.eternal-september.org> > > wrote: > > > > How to deobfuscate file stroed inside Array > > > > %b=Array(c(077),c(090),c(144),c(000),c(003),c(000),c(000),c(000),c(004),c(0 > > > 00),c(000)::this > > > line is 248413 characters long::c(000),c(000),c(000),c(000 ),"") > > > > Is this binary or ASCII strings obfuscated? > > > first two bytes presumably are MZ, it could be an EXE header. > > > Tom > > --------- > > which method used to convert EXE to this strings? Its not base64. > > [Log on to a Windows machine and go to the DOS prompt] > C:\> dir *.exe > ... > putty.exe > ... > C:\> notepad putty.exe > > MZ...(gibberish here)...This program cannot be run in DOS mode... > > Note the first two characters in the file contents. Compare to other > executable files. Note pattern. > -------- > > well, I guess every byte is encoded in octal or decimal notation? What is > encoding utility for this? Some online tool that convert exe to strings?- > Hide quoted text - > > - Show quoted text - What tool are you searching for? One which will take an executable file and encode it as a magnetic pattern on disk? Or one which will take the magnetic pattern on disk that encodes an executable file and recover from it the glyphs for "M" and "Z". The utility normally used for the former is called "copy". In some environments it may be referenced as "cp" or even "PIP". Support routines to facilitate the proper functioning of this utility program are found in things called "operating systems", "drivers" and, for instance, "SCSI disks". The latter function can be performed by a number of utilities such as "notepad" (see the posting you are responding to), "type", "cat" or "dump". Again, significant support from the operating system and, in particular, the display subsystem and its font library is typically required. Advanced practicioners have been known to read executable code directly from 8 track punched paper tape or from 9 track magnetic tape with the naked eye. Few and far between are the reports of someone performing the reverse operation with a hole punch or a magnet. But I digress -- bootstrap loaders on paper tape tend not to be prefixed with a fixed header such as "MZ". You whippersnappers need to learn to toggle in the primary bootstrap code by hand. ----------- sorry, you didn't understand the question I asked. There is various online resources where you can encrypt/decrypt almost any file format. Like this http://www.binaryhexconverter.com/ or this http://www.motobit.com/util/base64-decoder-encoder.asp I meant which format was that example and where I can encrypt/decrypt in that format.
From: jbriggs444 on 12 May 2010 16:19
On May 12, 2:23 pm, "balzer" <nos...(a)news.eternal-september.org> wrote: > "jbriggs444" <jbriggs...(a)gmail.com> wrote in message [misunderstanding snipped] > sorry, you didn't understand the question I asked. There is various online So the question is "how did you pick out 'MZ' from the input text, you must be a frigging genious" Answer: decimal coded ASCII Or "an encapsulation which expands the input by a factor of seven to one and which is fiendishly difficult to crack, where can I lay my hands on something like that"? Answer: Use hex and add five blanks between each encoded character |