Converting a hexdump back to a rar - reverse-engineering

I have a plaintext file that I wish to convert to something I can extract.
00000000 52 61 72 21 1a 07 01 00 f3 e1 82 eb 0b 01 05 07 |Rar!............|
00000010 00 06 01 01 80 80 80 00 3b fd 42 9f 51 02 03 31 |........;.B.Q..1|
00000020 a0 02 06 82 03 80 83 02 20 15 d4 6e 5b 46 b6 57 |........ ..n[F.W|
00000030 80 03 01 09 69 6e 73 74 72 2e 74 78 74 30 01 00 |....instr.txt0..|
00000040 03 0f 44 a5 ce af b3 09 b9 96 44 22 f4 99 ef 04 |..D.......D"....|
This is part of the file which made me believe it is a rar file. I tried using xxd with the -r option to no avail.
I tried the solution from here but it also didn't work.
Any ideas?

To solve my own question, and for future reference.
Use vim's visual block select to copy just the hex values into 'justhexvalues.txt'.
Then use xxd:
xxd -r -p justhexvalues.txt answer.rar
That was it.

Related

Sending email to a gmail account via SMTP

I'm trying to make a SMTP client library and am trying to send email via the command line first.
250 SMTPUTF8
EHLO gmail.com
write to 0x7fb0e6c16130 [0x7fb0ea011a03] (37 bytes => 37 (0x25))
0000 - 17 03 03 00 20 3f a5 65-6f 8a a3 b8 a7 13 7e 70 .... ?.eo.....~p
0010 - 57 a1 7b ca c1 4b 25 56-39 b5 df d6 c4 b7 49 c1 W.{..K%V9.....I.
0020 - 32 f2 f4 5a c5 2..Z.
read from 0x7fb0e6c16130 [0x7fb0ea00d803] (5 bytes => 5 (0x5))
0000 - 17 03 03 00 c2 .....
read from 0x7fb0e6c16130 [0x7fb0ea00d808] (194 bytes => 194 (0xC2))
0000 - 23 b5 8f 8e 31 26 8a dd-98 ce fd 73 58 8b e4 f5 #...1&.....sX...
0010 - 0a d6 8d 7b a8 a0 97 fb-ef 48 84 9b 10 f4 58 2b ...{.....H....X+
0020 - 65 0c 61 29 17 f7 41 0b-c4 59 8a 87 87 4b f7 b9 e.a)..A..Y...K..
0030 - 7a 68 8c f8 1b ec 05 bb-fa 97 dc 81 76 ba 12 86 zh..........v...
0040 - ed a6 6f 06 44 74 e1 80-4c 24 37 a4 06 a6 40 9d ..o.Dt..L$7...#.
0050 - c9 57 b2 2d 6c a7 fe cf-bb 7b 32 4e 01 f2 65 94 .W.-l....{2N..e.
0060 - b5 1f f9 aa eb 73 c6 b8-6c 93 71 89 2c 84 83 ad .....s..l.q.,...
0070 - 73 bb 5a 8b 63 c4 5a 94-d9 65 fa 2e 3b 1a 3d 21 s.Z.c.Z..e..;.=!
0080 - f8 6f 97 f0 61 1d 13 b3-ee 68 cf ed 92 aa dd e0 .o..a....h......
0090 - 86 16 e3 14 71 ef b0 28-74 ec fa ba ad 9f e2 6d ....q..(t......m
00a0 - 05 c1 39 7a 65 71 21 34-e8 a7 be d1 6c 39 68 42 ..9zeq!4....l9hB
00b0 - 84 a2 8d 9e 7c 03 57 49-6f 5b c1 af 78 2d 72 e5 ....|.WIo[..x-r.
00c0 - 47 67 Gg
250-mx.google.com at your service, [2800:e2:37f:ecc6:9426:2eed:fdd4:795b]
250-SIZE 157286400
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8
MAIL FROM:kyle#live.com
write to 0x7fb0e6c16130 [0x7fb0ea011a03] (46 bytes => 46 (0x2E))
0000 - 17 03 03 00 29 1a 31 f6-c0 39 da 57 95 3e 85 0c ....).1..9.W.>..
0010 - 48 86 29 1c a5 c2 80 cb-40 79 ef fa 66 dd e7 10 H.).....#y..f...
0020 - 8e dd 14 d2 f3 c8 07 98-ff 06 68 8b 4d b2 ..........h.M.
read from 0x7fb0e6c16130 [0x7fb0ea00d803] (5 bytes => 5 (0x5))
0000 - 17 03 03 00 44 ....D
read from 0x7fb0e6c16130 [0x7fb0ea00d808] (68 bytes => 68 (0x44))
0000 - 4a 7d f0 e2 01 00 00 eb-8b c0 82 70 fd 09 1a 50 J}.........p...P
0010 - 3b b3 fb ab 8a a1 83 df-af cd c8 bb 96 4f eb 19 ;............O..
0020 - 38 19 fa 4c 28 5d 75 f9-a4 d5 20 38 c4 f3 b6 db 8..L(]u... 8....
0030 - cd 44 3f 36 6a 8c f6 79-38 2e d3 2f b2 c4 4d 91 .D?6j..y8../..M.
0040 - 51 e8 2f ff Q./.
555 5.5.2 Syntax error. d7si1665405vsj.297 - gsmtp
The problem is no matter what email address I use I get a syntax error. What am I doing wrong?
Missing brackets enclosing your source mailbox.
The first step in the procedure is the MAIL command.
MAIL FROM:<reverse-path> [SP <mail-parameters> ] <CRLF>
The portion of the first or only argument contains
the source mailbox (between "<" and ">" brackets), which can be
used to report errors (see Section 4.2 for a discussion of error
reporting). If accepted, the SMTP server returns a "250 OK" reply.
-- from RFC 5321 Section 3.3 (emphasis mine)
Change this
MAIL FROM:kyle#live.com
Into this:
MAIL FROM:<kyle#live.com>
That being said..
I'm trying to make a SMTP client library
Please don't do that! Almost every programming language has such libraries already, most often even in the respective stdlib. And the authors of those have generally carefully considered more edge cases than you and I ever could. Do not reinvent the wheel, especially if handling mail (where it is all too easy to cause interoperability issues or new vectors for spam/abuse).

MasterCard Generate AC

I tried to process payment with MasterCard / MIR.
I do read data from VISA successfully after send PDOL, but MS does not requires PDOL.
1st step in transaction:
Select 2PAY.SYS
[SEND] : 00 A4 04 00 0E 32 50 41 59 2E 53 59 53 2E 44 44 46 30 31 00
[READ] : 6F 23 84 0E 32 50 41 59 2E 53 59 53 2E 44 44 46 30 31 A5 11
BF 0C 0E 61 0C 4F 07 A0 00 00 00 04 10 10 87 01 01 90 00
2nd step:
[SEND] : 00 A4 04 00 07 A0 00 00 00 04 10 10 00
F
[READ] : 6F 44 84 07 A0 00 00 00 04 10 10 A5 39 50 0A 4D 41 53 54 45 52 43 41 52 44 5F 2D 04 72 75 65 6E 87 01 01 9F 11 01 01 9F 12 0A 4D 41 53 54 45 52 43 41 52 44 BF 0C 0F 9F 4D 02 0B 0A 9F 6E 07 06 43 00 00 30 30 00 90 00
Card does not requres PDOL
3rd step:
[SEND] : 80 A8 00 00 02 83 00 00
[READ] : 77 16 82 02 19 80 94 10 08 01 01 00 10 01 01 01 18 01 02 00 20 01 02 00 90 00
Recieved Application File Locator (AFL)
Step 4:
Read all available data.
[SEND] : 00 B2 01 0C 00
and other sectors
I red all sectors. But there are not tags requires for payment: 9F26 - Application Cryptogram, 9F37 - Unpredictable Number, 9F36 - Transatcion Counter.
To get this tags I could make command Generate AC with CDOL, but how to generate CDOL?
Card says about CDOL1 and CDOL2. And CDOL1 requires tags that card generate itself.
Card answers, contains CDOL1 and CDOL2:
70 81 A0 57 13 55 45 46 77 77 25 42 79 D2 01 12 01 58 11 10 00 00 79 0F 5A 08 55 45 46 77 77 25 42 79 5F 24 03 20 11 30 5F 25 03 17 11 01 5F 28 02 06 43 5F 34 01 01 8C 21 9F 02 06 9F 03 06 9F 1A 02 95 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F 35 01 9F 45 02 9F 4C 08 9F 34 03 8D 0C 91 0A 8A 02 95 05 9F 37 04 9F 4C 08 8E 0E 00 00 00 00 00 00 00 00 42 03 1E 03 1F 03 9F 07 02 3D 00 9F 08 02 00 02 9F 0D 05 B4 50 84 00 00 9F 0E 05 00 00 00 00 00 9F 0F 05 B4 70 84 80 00 9F 42 02 06 43 9F 4A 01 82 90 00
How generate offline limit transaction using paypass? How to do Generate AC?
Thank you!
CDOL1 and CDOL2 splits like below. Tag and its lengths. You are supposed to provide the data alone in the same order and size as you would for PDOL. In the below case, apart from two towards the bottom, rest all are available in the terminal ready to use.
CDOL1
9F02 06 //transaction amount
9F03 06 //other amount, cashback
9F1A 02 //termial country
95 05 //TVR terminal has arrived after terminal risk management
5F2A 02 //currency code
9A 03 //Transaction date
9C 01 //transaction type
9F37 04 //unpredictable number
9F35 01 //terminal type
9F45 02 //data Authentication code from Transaction Related Data ODA
9F4C 08 //icc dynamic number from Transaction Related Data ODA
9F34 03 //cvm results
CDOL2
91 0A //issuer authentication data
8A 02 //ARC
95 05 //TVR
9F37 04 //unpredictable number
9F4C 08 //icc dynamic number
9F26 and 9F36 will be returned by the card in response to your GEN AC.
9F37 is generated by the terminal.

'Invalid sender' error after upgrading to geth 1.4.0

My program was able to craft and send raw transactions to geth v1.3.3 before, but after I upgrade to geth v1.4.0, calling sendRawTransaction over RPC always returns invalid sender error.
Is transaction serialization (i.e. RLP) changed somehow from v1.3.3 to v1.4.0? Here is a dump of by raw transaction that triggers an invalid user error:
0x0000: F8 CA 80 85 0B A4 3B 74 00 83 01 5F 90 94 08 BE ......;t..._....
0x0010: 24 CD 8D CF 73 F8 FA 5D B4 2B 85 5B 43 70 BD 5C $...s..].+.[Cp.\
0x0020: 44 8B 80 B8 64 B0 70 B9 BA 00 00 00 00 00 00 00 D...d.p.........
0x0030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x0040: 00 00 00 00 00 00 00 00 01 87 44 2E B8 96 6A 07 ..........D...j.
0x0050: 0C 31 C1 E8 AE A3 60 F5 35 32 47 81 13 34 31 D4 .1....`.52G..41.
0x0060: 4B FA 0A 0B 1B 9F 13 C6 F5 00 00 00 00 00 00 00 K...............
0x0070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x0080: 00 00 00 00 00 00 00 00 00 1B A0 DE A4 6B 8C E8 .............k..
0x0090: 72 5A 31 49 92 EC 6B 6F C6 89 8C BB D7 A4 B9 8A rZ1I..ko........
0x00A0: 10 D2 F7 9E CE 6B D5 0F C5 19 E9 A0 8F 74 57 C2 .....k.......tW.
0x00B0: 1C DA CB 7D 7A 2B 46 58 98 53 31 C3 4B CF 50 1F ...}z+FX.S1.K.P.
0x00C0: 17 CE 16 80 95 30 38 9B 98 3C 5B B8 .....08..<[.
A more machine readable version of my transaction is:
F8CA80850BA43B740083015F909408BE24CD8DCF73F8FA5DB42B855B4370BD5C448B80B864B070B9BA000000000000000000000000000000000000000000000000000000000000000187442EB8966A070C31C1E8AEA360F535324781133431D44BFA0A0B1B9F13C6F500000000000000000000000000000000000000000000000000000000000000001BA0DEA46B8CE8725A314992EC6B6FC6898CBBD7A4B98A10D2F79ECE6BD50FC519E9A08F7457C21CDACB7D7A2B4658985331C34BCF501F17CE16809530389B983C5BB8
Log from geth gives
I0504 20:22:27.392581 9768 types.go:106] Generated response: *shared.ErrorResponse &{%!s(float64=1) 2.0 %!s(*shared.ErrorObject=&{-32603 Invalid sender})}
I0504 20:22:27.392886 9768 http.go:157] Sending payload: {
"id": 1,
"jsonrpc": "2.0",
"error": {
"code": -32603,
"message": "Invalid sender"
}
}
I believe the JSON RPC stuff changed in geth v1.4.0. I can't tell why this is happening without seeing the full sendRawTransaction you are calling but check out the docs: https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_sendtransaction
Also, this should be migrated to https://ethereum.stackexchange.com/

How to convert to text the Chrome cache gzipped data?

I was overwrite my CSS file, but the original is in my mobile's Chrome cache. I found the file in cache, but if I opened the link in the cache list I see something like this:
HTTP/1.1 200 OK
Date: Sat, 25 Jul 2015 16:58:50 GMT
Server: Apache
Vary: Host,Accept-Encoding
Last-Modified: Fri, 17 Jul 2015 10:51:25 GMT
ETag: "14ff-51b0ff82ba5ad-gzip"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 1483
Content-Type: text/css
00000000: 48 01 00 00 03 08 04 00 87 ec 5a 51 4c 7a 2e 00 H.........ZQLz..
00000010: 18 97 5c 51 4c 7a 2e 00 04 01 00 00 48 54 54 50 ..\QLz......HTTP
00000020: 2f 31 2e 31 20 32 30 30 20 4f 4b 00 44 61 74 65 /1.1 200 OK.Date
00000030: 3a 20 53 61 74 2c 20 32 35 20 4a 75 6c 20 32 30 : Sat, 25 Jul 20
00000040: 31 35 20 31 36 3a 35 38 3a 35 30 20 47 4d 54 00 15 16:58:50 GMT.
How can I convert this back to a CSS text file?

open a jpeg image from binary format

I have a binary file that I want to open as (or to convert to) jpeg image.
The file is only supposed by me to be a jpeg within a binary format, therefore I include a part of it so that You can tell me if I'm wrong ('cause unfortunately I never saw one of those before):
0000000000 0E 03 13 01 00 10 00 00 EC B0 00 1E 00 01 00 00 [................]
0000000016 00 CA 00 00 00 5C 00 0F 00 01 00 00 01 26 00 00 [.....\.......&..]
0000000032 00 00 01 2F 00 01 00 00 01 26 00 00 83 B2 00 6A [.../.....&.....j]
0000000048 00 01 00 00 84 D8 00 00 00 04 01 2C 00 01 00 00 [...........,....]
0000000064 84 DC 00 00 00 14 01 32 00 01 00 00 84 F0 00 00 [.......2........]
0000000080 00 08 07 AD 00 02 00 00 84 F8 00 00 00 19 00 0F [................]
0000000096 00 02 00 00 85 11 00 00 00 00 01 2F 00 02 00 00 [.........../....]
0000000112 85 11 00 00 0D D3 01 2C 00 02 00 00 92 E4 00 00 [.......,........]
0000000128 00 14 01 32 00 02 00 00 92 F8 00 00 00 08 07 AD [...2............]
0000000144 00 03 00 00 93 00 00 00 00 19 00 0F 00 03 00 00 [................]
0000000160 93 19 00 00 00 00 01 2F 00 03 00 00 93 19 00 00 [......./........]
0000000176 59 7B 01 2C 00 03 00 00 EC 94 00 00 00 14 01 32 [Y{.,...........2]
0000000192 00 03 00 00 EC A8 00 00 00 08 00 00 00 04 00 00 [................]
0000000208 00 02 00 00 00 00 4E 43 53 41 20 48 44 46 20 56 [......NCSA HDF V]
0000000224 65 72 73 69 6F 6E 20 34 2E 32 20 52 65 6C 65 61 [ersion 4.2 Relea]
0000000240 73 65 20 30 2C 20 44 65 63 65 6D 62 65 72 20 32 [se 0, December 2]
0000000256 2C 20 32 30 30 33 00 00 00 00 00 00 00 00 00 00 [, 2003..........]
0000000272 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [................]
0000000288 00 00 00 00 00 00 FF D8 FF E0 00 10 4A 46 49 46 [............JFIF]
0000000304 00 01 01 00 00 01 00 01 00 00 FF DB 00 43 00 10 [.............C..]
0000000320 0B 0C 0E 0C 0A 10 0E 0D 0E 12 11 10 13 18 28 1A [..............(.]
0000000336 18 16 16 18 31 23 25 1D 28 3A 33 3D 3C 39 33 38 [....1#%.(:3=<938]
0000000352 37 40 48 5C 4E 40 44 57 45 37 38 50 6D 51 57 5F [7#H\N#DWE78PmQW_]
0000000368 62 67 68 67 3E 4D 71 79 70 64 78 5C 65 67 63 FF [bghg>Mqypdx\egc.]
0000000384 DB 00 43 01 11 12 12 18 15 18 2F 1A 1A 2F 63 42 [..C......./../cB]
0000000400 38 42 63 63 63 63 63 63 63 63 63 63 63 63 63 63 [8Bcccccccccccccc]
0000000416 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 [cccccccccccccccc]
0000000432 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 [cccccccccccccccc]
0000000448 63 63 63 63 FF C0 00 11 08 01 A0 01 C0 03 01 22 [cccc..........."]
0000000464 00 02 11 01 03 11 01 FF C4 00 1F 00 00 01 05 01 [................]
0000000480 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 [................]
0000000496 04 05 06 07 08 09 0A 0B FF C4 00 B5 10 00 02 01 [................]
How can I convert it to jpeg to view its content (that is supposed to be an image)?
Is this conversion necessary or would You reccomend a software that can open it as I like?
I hope someone could help me, thanks in advance.
ANSWER
(As I can't answer my own question right now, I'm doing it here...)
At the end I came up with a solution thanks to the input information of unwind.
I downloaded HEX editor (http://www.hhdsoftware.com/free-hex-editor) to edit my binary file. Then I searched for the string where the 0xff 0xd8 was (in may case in line 0000000288). This is supposed to be the beginning of a JPEG file. Then I deleted everything that came before of that (also the six pair of zeros within the same line). Then I saved m edits and tried again to open it with an image processing program (in my case, I'm usin ENVI), and....IT WORKS! Now the binary file is red as an image file!
The problem now is that I have plenty of those files (302), and I need to edit all of them. Moreover, they each contain more than one jpeg, so I need to modify each one ore times. Guess I need to improve my programming knowledge...
Well, according to this page JPEG files begin with the byte pair 0xff 0xd8, so you could search forwards for that sequence, and throw away the data before it.
In your file, it happens on the line starting 0000000288.