[ubuntu-uk] Reverse engineering data files

Bruno Girin brunogirin at gmail.com
Sun Nov 23 16:31:00 UTC 2014


On 23 November 2014 at 00:26, Gareth France <gareth.france at cliftonts.co.uk>
wrote:

> I have already been peeking in hex editors. I have picked out 80% of the
> data and been able to read it into perl (since posting this). However I
> have noticed some characters which appear to act as boundries between
> certain fields which are not in the standard ascii set, so I'll have
> trouble evaluating those in my code, I know how to do it in Quick Basic,
> I've never tried in perl.
>

You should be able to treat each byte as a number or use the hexadecimal
character representation (e.g. \x00 for a null character). The details in
the SO question below may help [1].



> The next big problem is that the most important data appears as gibberish.
> I think I will need to experiment with several data files and look for
> similarities and differences. I'm getting there though.
>

Numerical values will likely be stored as their internal binary
representations over several bytes. You may even have more complex
structures encoded in there. The Perl unpack method can probably help [2].

As you suggest, what you can do is experiment with multiple files. Change
one value at a time in the file and see where the difference is. Once
you've found the bytes that change, try to read those bytes in a way that
returns the value you expect. You will gradually start to see patterns
emerge in the file.

[1]
http://stackoverflow.com/questions/8920215/how-to-read-binary-file-in-perl
[2] http://perldoc.perl.org/perlpacktut.html

Bruno
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-uk/attachments/20141123/ab1777fd/attachment.html>


More information about the ubuntu-uk mailing list