Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Resp. To halvar

From: "Dustin D. Trammell" <dtrammell () tippingpoint com>
Date: Tue, 13 Jun 2006 15:41:43 -0500
On Mon, 2006-06-12 at 07:16 -0400, Dave Aitel wrote:

it depends on where you come in on the stream and how much
of the stream you have.

each "block" of compressed data has a well known header.

take a look at the GNU "file" command and you'll see
examples of headers.


I came across this a few days ago.  Might not be useful for what you're
trying to do but it may provide some interesting information:

http://ietfec.oxfordjournals.org/cgi/content/abstract/E88-A/6/1448

Also, there was an article in the most recent 2600 about extracting
various images and other media from Microsoft character (.acs) files by
trying decoders on every byte offset of the file looking for the headers
that the anonymous poster mentioned above.  Perhaps you could try
something like that with all of the various encoders that you suspect
may have been used.

-- 
Dustin D. Trammell
VoIP Security Research
TippingPoint, a division of 3Com

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: