PaulDotCom mailing list archives
SNOW stego
From: dimitrios at gmail.com (Dimitrios Kapsalis)
Date: Wed, 30 Sep 2009 11:13:24 -0500
I was able to. Posted it in the other thread. On Wed, Sep 30, 2009 at 10:04 AM, Adrian Crenshaw <irongeek at irongeek.com>wrote:
Were yo able to successfully convert the message back? It should read something like "Listen to pauldotcom" Adrian On Wed, Sep 30, 2009 at 10:32 AM, Grymoire <pauldotcom at grymoire.com>wrote:It might be interesting to see if it survives being replied/forwardedtoo. It got converted to quoted-printable. So '\240' (the space character with parity bit set) got converted into =A0 Hmm....... Just looking at the tail end of the message where the whitespace is, I used the following filter on the quoted printable forwarded message: sed 's/=A0/X/g' </tmp/b |tr -cd 'X ' | tr 'X' '\240' | od -c and got: 0000000 240 240 240 240 240 240 240 240 240 240 240 240 0000020 240 240 240 240 240 240 240 240 240 240 240 240 240 0000040 240 240 240 240 240 240 240 240 240 240 0000060 240 240 240 240 240 240 240 240 240 240 240 240 0000100 240 240 240 240 240 240 240 240 240 240 240 240 240 0000120 240 240 240 240 240 240 240 240 240 240 240 240 240 0000140 240 240 240 240 240 240 240 240 240 240 240 0000160 240 240 240 240 240 240 240 240 240 240 240 240 240 0000200 240 240 240 240 240 240 240 240 240 240 240 240 0000220 240 240 240 240 240 240 240 240 240 240 240 240 0000240 240 240 240 240 240 240 240 240 240 240 240 240 0000260 240 240 240 240 240 240 240 240 240 240 240 240 240 0000300 240 240 240 240 240 240 240 240 240 0000314 I used tr -d 'a-zA-Z,<>'| od -c on the tail end of the original HTML message gives: 0000000 240 240 240 240 240 240 240 240 240 240 240 240 0000020 240 240 240 240 240 240 240 240 240 240 240 240 240 0000040 240 240 240 240 240 240 240 240 240 240 0000060 240 240 240 240 240 240 240 240 240 240 240 240 0000100 240 240 240 240 240 240 240 240 240 240 240 240 240 0000120 240 240 240 240 240 240 240 240 240 240 240 240 240 0000140 240 240 240 240 240 240 240 240 240 240 240 0000160 240 240 240 240 240 240 240 240 240 240 240 240 240 0000200 240 240 240 240 240 240 240 240 240 240 240 240 0000220 240 240 240 240 240 240 240 240 240 240 240 240 0000240 240 240 240 240 240 240 240 240 240 240 240 240 0000260 240 240 240 240 240 240 240 240 240 240 240 240 240 0000300 240 240 240 240 240 240 240 240 240 \n 0000315 So I think it's conclusive that it does survive forwarding _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090930/98e3c07f/attachment.htm
Current thread:
- SNOW stego Grymoire (Sep 30)
- <Possible follow-ups>
- SNOW stego Grymoire (Sep 30)
- SNOW stego Adrian Crenshaw (Sep 30)
- SNOW stego Dimitrios Kapsalis (Sep 30)
- SNOW stego Adrian Crenshaw (Sep 30)