[ubuntu-uk] Reverse engineering data files

Gareth France gareth.france at cliftonts.co.uk
Sun Nov 23 18:21:22 UTC 2014 

It seems that it isn't a hex file as such but mostly is a readable text 
file containing special characters which are not in the standard 
keyboard layout. With regards to figuring out the values that change 
there are several tests which are done and additional information needs 
to be stored such as the date.

In the examples below the first only contains a visual test and the 
second is a visual, earth test, insulation test, load and leakage. The 
results for the second set are as follows
Pass, 0.05, >99.99, 0.05, 0.73

Remember pass may be represented by a single letter or number (0 fail, 1 
pass etc). The date was 03-JUN-14.

I010000022S121111111
H172008021S121111111

All visual only tests appear as the first sample, the changes show at 
least part of this data must be stored within this code. I have yet to 
try a visual only on a different date.

On 23/11/14 16:31, Bruno Girin wrote:
>
>
> On 23 November 2014 at 00:26, Gareth France
> <gareth.france at cliftonts.co.uk <mailto:gareth.france at cliftonts.co.uk>>
> wrote:
>
>     I have already been peeking in hex editors. I have picked out 80% of
>     the data and been able to read it into perl (since posting this).
>     However I have noticed some characters which appear to act as
>     boundries between certain fields which are not in the standard ascii
>     set, so I'll have trouble evaluating those in my code, I know how to
>     do it in Quick Basic, I've never tried in perl.
>
>
> You should be able to treat each byte as a number or use the hexadecimal
> character representation (e.g. \x00 for a null character). The details
> in the SO question below may help [1].
>
>
>
>     The next big problem is that the most important data appears as
>     gibberish. I think I will need to experiment with several data files
>     and look for similarities and differences. I'm getting there though.
>
>
> Numerical values will likely be stored as their internal binary
> representations over several bytes. You may even have more complex
> structures encoded in there. The Perl unpack method can probably help [2].
>
> As you suggest, what you can do is experiment with multiple files.
> Change one value at a time in the file and see where the difference is.
> Once you've found the bytes that change, try to read those bytes in a
> way that returns the value you expect. You will gradually start to see
> patterns emerge in the file.
>
> [1]
> http://stackoverflow.com/questions/8920215/how-to-read-binary-file-in-perl
> [2] http://perldoc.perl.org/perlpacktut.html
>
> Bruno
>
>
>

More information about the ubuntu-uk mailing list