[ale] tool to repair a binary file given a diff between hex dumps of the original and the altered
Jerry Yu
jjj863 at gmail.com
Thu Apr 24 13:25:08 EDT 2008
The remote Windows admin was not as timid as thought. Given the hex diff, he
repaired the file himself (w/o me giving him pointers to tools gathered from
this thread)
He reported successful decryption.
On Thu, Apr 24, 2008 at 1:17 PM, Jerry Yu <jjj863 at gmail.com> wrote:
> I meant "The presence of CR or NL in the encrypted file" instead of "The
> presence of CR or NL in the plain-text", near the end of the 2nd paragraph.
>
>
> On Thu, Apr 24, 2008 at 1:14 PM, Jerry Yu <jjj863 at gmail.com> wrote:
>
>> Greg,
>>
>> that was my initial assumption too, with two twists.
>>
>> - The \r\n is not an EOL, but part of a file encrypted in binary
>> format.
>> - the \r\n is on our Linux (RHEL5/ppc) server, while the \n only
>> version is on the Windows server to be decrypted. I expected the other
>> direction.
>>
>> I tried to spare the list the gory details of the whole thing when I
>> initially posted the question. The file actually jumped a few more hops
>> (outside my control, mainframe and all that) to get decrypted. Only one or
>> two out of twenty files will get screwed like this. My theory is these one
>> or two encrypted files happen to use \r, \n, or both in the middle of the
>> file, just as it uses 'a' or 'b'. The presence of CR or NL in the
>> plain-text, causing decryption to fail, if any \r \n or both get dropped or
>> inserted *en route*.
>>
>> Long-term, I proposed to switch to armor text to avoid non-ascii in the
>> encrypted files. GPG can survive a unix2dos transformation.
>> For troubleshooting, I wants the final destination to verify decryption
>> with the exact file on our Linux server (by repairing the 'bad' one) and
>> make sure it is absolutely not an encryption/decryption problem, but a
>> transmission problem. No good & secure channel exists to ensure the final
>> recipient receive an exact replica.
>>
>>
>> On Thu, Apr 24, 2008 at 12:33 PM, Greg Freemyer <greg.freemyer at gmail.com>
>> wrote:
>>
>>> Jerry,
>>>
>>> I just looked at your diff again and realized it really is a binary
>>> file, not a text file so a simple editor like I described won't work
>>> most likely.
>>>
>>> I bet you FTP'ed it in text mode and thus the corruption. If you have
>>> to resend it, be sure to use binary mode in FTP.
>>>
>>> Greg
>>>
>>> On Thu, Apr 24, 2008 at 12:29 PM, Greg Freemyer <greg.freemyer at gmail.com>
>>> wrote:
>>> > Jerry,
>>> >
>>> > If you look closely at the diff, you have a \n in the first and \r\n
>>> > in the second.
>>> >
>>> > \n is the Unix / Linux way
>>> > \r\\n is the Windows way (iirc).
>>> >
>>> > Assuming \r\n is never valid in this doc, then there are several
>>> > little converters available to do that. I think just bringing it into
>>> > vi and saving back out will do it.
>>> >
>>> > Greg
>>> >
>>> >
>>> >
>>> > 2008/4/24 Jerry Yu <jjj863 at gmail.com>:
>>> >
>>> >
>>> > > what tool can I suggest a remote Windows admin to use to 'repair' his
>>> binary
>>> > > file given the hex diff below.
>>> > > Of course, if this 'repair' is too hairy, I'd go down the
>>> retransmission
>>> > > route (expensive).
>>> > >
>>> > > diff meta.od-x tpp.od-x
>>> > > 24,25c24,26
>>> > > < 0000560 6b92 d311 01fb f7be 402c c959 a125 0ac4
>>> > > < 0000600
>>> > > ---
>>> > > > 0000560 6b92 d311 01fb f7be 402c c959 a125 0d0a
>>> > > > 0000600 c400
>>> > > > 0000601
>>> >
>>> > > _______________________________________________
>>> > > Ale mailing list
>>> > > Ale at ale.org
>>> > > http://mail.ale.org/mailman/listinfo/ale
>>> > >
>>> > >
>>> >
>>> >
>>> >
>>> > --
>>> > Greg Freemyer
>>> > Litigation Triage Solutions Specialist
>>> > http://www.linkedin.com/in/gregfreemyer
>>> > First 99 Days Litigation White Paper -
>>> >
>>> http://www.norcrossgroup.com/forms/whitepapers/99%20Days%20whitepaper.pdf
>>> >
>>> > The Norcross Group
>>> > The Intersection of Evidence & Technology
>>> > http://www.norcrossgroup.com
>>> >
>>>
>>>
>>>
>>> --
>>> Greg Freemyer
>>> Litigation Triage Solutions Specialist
>>> http://www.linkedin.com/in/gregfreemyer
>>> First 99 Days Litigation White Paper -
>>> http://www.norcrossgroup.com/forms/whitepapers/99%20Days%20whitepaper.pdf
>>>
>>> The Norcross Group
>>> The Intersection of Evidence & Technology
>>> http://www.norcrossgroup.com
>>> _______________________________________________
>>> Ale mailing list
>>> Ale at ale.org
>>> http://mail.ale.org/mailman/listinfo/ale
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20080424/623b1069/attachment.html
More information about the Ale
mailing list