Note: You are viewing an old version of this page. View the current version.

Differences between version 2 and previous revision of KnowledgeBase/ExpressGate.

Other diffs: Previous Major Revision, Previous Author

Newer page: version 2 Last edited on Saturday, 6 November 2010 3:08:30 by CyberLeo Revert
Older page: version 1 Last edited on Saturday, 6 November 2010 3:08:16 by CyberLeo Revert
@@ -7,9 +7,14 @@
  
  
 CE.CEX format: 
 Weird. Looks like a debian archive, but it's not. More specifically, it appears to be a debian archive header that's been overwritten with other values in certain places: 
+  
 64-byte header with overwrite at 0x10-0x13 and 0x30-0x37, with the actual data payload starting at 0x40 instead of 0x44 
+  
 0x10-0x13 contains the hex value '27 5b c9 47', or '[EG in ascii 
+  
 The useful bits are at offset 0x30-0x37, two little-endian encoded int32 sizes (including headers), representing the sizes of the two chunks in the file: 
+  
 First chunk is a 64-byte header (since it includes the file header) and a tar.gz 
+  
 Second chunk is an empty debian archive. 

version 2

DFI image file format:

32-byte header 16-byte padding MBR-partitioned disk image FAT16 filesystem

CE.CEX format: Weird. Looks like a debian archive, but it's not. More specifically, it appears to be a debian archive header that's been overwritten with other values in certain places:

64-byte header with overwrite at 0x10-0x13 and 0x30-0x37, with the actual data payload starting at 0x40 instead of 0x44

0x10-0x13 contains the hex value '27 5b c9 47', or '[EG in ascii

The useful bits are at offset 0x30-0x37, two little-endian encoded int32 sizes (including headers), representing the sizes of the two chunks in the file:

First chunk is a 64-byte header (since it includes the file header) and a tar.gz

Second chunk is an empty debian archive.