Note: You are viewing an old version of this page. View the current version.

Differences between version 3 and previous revision of KnowledgeBase/ExpressGate.

Other diffs: Previous Major Revision, Previous Author

Newer page: version 3 Last edited on Saturday, 6 November 2010 3:09:03 by CyberLeo Revert
Older page: version 2 Last edited on Saturday, 6 November 2010 3:08:30 by CyberLeo Revert
@@ -1,13 +1,13 @@
-DFI image file format: 
+!! DFI image file format: 
  
-32-byte header  
-16-byte padding  
-MBR-partitioned disk image  
-FAT16 filesystem 
+* 32-byte header  
+* 16-byte padding  
+* MBR-partitioned disk image  
+* FAT16 filesystem 
  
  
-CE.CEX format: 
+!! CE.CEX format: 
 Weird. Looks like a debian archive, but it's not. More specifically, it appears to be a debian archive header that's been overwritten with other values in certain places: 
  
 64-byte header with overwrite at 0x10-0x13 and 0x30-0x37, with the actual data payload starting at 0x40 instead of 0x44 
  

version 3

DFI image file format:

  • 32-byte header
  • 16-byte padding
  • MBR-partitioned disk image
  • FAT16 filesystem

CE.CEX format:

Weird. Looks like a debian archive, but it's not. More specifically, it appears to be a debian archive header that's been overwritten with other values in certain places:

64-byte header with overwrite at 0x10-0x13 and 0x30-0x37, with the actual data payload starting at 0x40 instead of 0x44

0x10-0x13 contains the hex value '27 5b c9 47', or '[EG in ascii

The useful bits are at offset 0x30-0x37, two little-endian encoded int32 sizes (including headers), representing the sizes of the two chunks in the file:

First chunk is a 64-byte header (since it includes the file header) and a tar.gz

Second chunk is an empty debian archive.