Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Binary files

Posted on 2003-03-21
7
Medium Priority
?
480 Views
Last Modified: 2012-06-22
I just got ahold of a piece of software that has a tremendous amount of data archived in external binary files inside of individual folders in the application's directory.  When I try to view these files, which all share the extension of .mpz, I am greeted with data that looks like this:

-- Snip --

PK   «¢‹-Sk‡d  Ž     prtid107319801644.XMLˆxÖ²Œ ;È_ÅNª§Ê|»c"µžŽÓb(@p×MƒüYŽÖá#U[&ís»ˆGL÷òèsÂÅdW;bÈm}‰Ñ+r·?rÉcVÞ·ó¤>ƒ—Ú
Øàð°+ƒÎÕrk£ÄéüÉ"­Ì'‘0ĺPÌà0{×н lsÛ&ᵪI,O&µºä5Ôæºw”÷/z“~Mý 1?"YMΨÛ

-- Snip --

I'm not sure if the above data will be displayed properly after I submit this question or if it will be translated into another font type or encoding, but I am curious to know if there is a way to decrpyt this data into a readable form.  I've downloaded one program that converts binary files from binary to ascii, but I'm not sure if it knows what type of encoding to use to encode it from.

This application I'm using is heavily XML oriented.  The pages it uses to display the data appear to be written, in part, in XML, but the data it's searching through and pulling from is in an array of binary .MPZ files.  Does anyone have any insight on this ?

I'm not really sure if there is an answer to this question, as programmers can pretty much do whatever they want to data to store and retrieve it from flat files.  If the answer to its encoding lies within the code, what's a good program to decompile C++ programs ?

Thanks for any help you can give,
Tim
0
Comment
Question by:timtrolious
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 8

Expert Comment

by:fl0yd
ID: 8184616
From the header I would assume that it is a zipped archive. Change the extension to .zip and you should be able to view the file with winzip/pkzip or the like.

Decompiling c++ programs is impossible to do. All you can possibly hope to get is an assembly-code listing, which may not even be accurate. If the original developer has taken measures to scramble the code you are pretty much out of luck, unless you are willing to pour a tremendous amount of effort into descrambling it.

.f
0
 
LVL 3

Expert Comment

by:taisk
ID: 8184618
This binary file appears to be a ZIP file from the tell-tale "PK" at the start of the file.  Try unzipping the file and see what you get.

The application must have stored the file in the zipped format and unzip them when necessary.



0
 
LVL 3

Expert Comment

by:DRY_GIN
ID: 8184928
If renamin files to zip will not allow you to unzip them,
You can use SoftICE from numega in order to do low-level debugging - you will be able to see how files are pakced/uppacked.
plus you can use IDA from http://www.datarescue.com/ to decompile binary file into assembler, plus to simplify everythings by automatically mark all standart C functions.

Ussially in such situations people are looking for the buffer where packed data is temporally uncompressed and they create small program to capture that buffer and save it to the disk.

so you can modify your existing software to save all MPZ files as text files.

where is alot of tutorials on internet for both softICE and IDA

good luck
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:timtrolious
ID: 8215419
Ok, great, renaming the file allowed me to open it inside of Winzip.  But to my dismay, the archive is passworded!

Anyone know any good programs to either bypass or brute force the password ?  Right now I'm running something called "Passware" "Advanced Zip Password Recovery," with a brute force.  Even spreading it over 5 computers, it's taking days to brute force the pass (as expected, of course).  7 million passwords a second isn't too bad, but when you have trillions... lol

Anyone have any ideas on how to break the pass for PK zip archives, or is it a fair bet that I'm pretty much out of luck minus any luck I have with a brute force ?

Tim
0
 
LVL 3

Expert Comment

by:DRY_GIN
ID: 8215490
in softice it takes about 10 minutes to crack the code and find out the password, if you have software that uses this mpz files.

If you are lazy enouth not to learn SoftIce go to some crackers groups (on IRC for example) and ask someone to crack it for you. It will cost you few backs (like less than 100$) - i guess this will be a best option for you.
0
 

Author Comment

by:timtrolious
ID: 8223408
It's my understanding that a plaintext crack, which can avoid brute forcing, requires a file decompressed from the same archive you're trying to crack to perform some kind of bitwise comparison.

What would softice do for me ?  I believe I have the program somewhere in my archives, but what exactly what I be attempting to do with it ?
0
 
LVL 8

Accepted Solution

by:
fl0yd earned 225 total points
ID: 8223753
With SoftICE you can intercept system calls and debug the application, more accurately, step through it to see what key is fed when opening the mpz file. If you haven't used it before, you are in for a steep learning curve, though.

Anyway, with SoftICE you don't have to use a brute force attempt and can just extract the password from the code, once you have found the appropriate locations in code. If that doesn't work, you can still dump the contens of mpz file after it has been opened and unlocked to a file.

.f
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Computer science students often experience many of the same frustrations when going through their engineering courses. This article presents seven tips I found useful when completing a bachelors and masters degree in computing which I believe may he…
If you are a mobile app developer and especially develop hybrid mobile apps then these 4 mistakes you must avoid for hybrid app development to be the more genuine app developer.
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …
Introduction to Processes

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question