?
Solved

Binary files

Posted on 2003-03-21
7
Medium Priority
?
478 Views
Last Modified: 2012-06-22
I just got ahold of a piece of software that has a tremendous amount of data archived in external binary files inside of individual folders in the application's directory.  When I try to view these files, which all share the extension of .mpz, I am greeted with data that looks like this:

-- Snip --

PK   «¢‹-Sk‡d  Ž     prtid107319801644.XMLˆxÖ²Œ ;È_ÅNª§Ê|»c"µžŽÓb(@p×MƒüYŽÖá#U[&ís»ˆGL÷òèsÂÅdW;bÈm}‰Ñ+r·?rÉcVÞ·ó¤>ƒ—Ú
Øàð°+ƒÎÕrk£ÄéüÉ"­Ì'‘0ĺPÌà0{×н lsÛ&ᵪI,O&µºä5Ôæºw”÷/z“~Mý 1?"YMΨÛ

-- Snip --

I'm not sure if the above data will be displayed properly after I submit this question or if it will be translated into another font type or encoding, but I am curious to know if there is a way to decrpyt this data into a readable form.  I've downloaded one program that converts binary files from binary to ascii, but I'm not sure if it knows what type of encoding to use to encode it from.

This application I'm using is heavily XML oriented.  The pages it uses to display the data appear to be written, in part, in XML, but the data it's searching through and pulling from is in an array of binary .MPZ files.  Does anyone have any insight on this ?

I'm not really sure if there is an answer to this question, as programmers can pretty much do whatever they want to data to store and retrieve it from flat files.  If the answer to its encoding lies within the code, what's a good program to decompile C++ programs ?

Thanks for any help you can give,
Tim
0
Comment
Question by:timtrolious
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 8

Expert Comment

by:fl0yd
ID: 8184616
From the header I would assume that it is a zipped archive. Change the extension to .zip and you should be able to view the file with winzip/pkzip or the like.

Decompiling c++ programs is impossible to do. All you can possibly hope to get is an assembly-code listing, which may not even be accurate. If the original developer has taken measures to scramble the code you are pretty much out of luck, unless you are willing to pour a tremendous amount of effort into descrambling it.

.f
0
 
LVL 3

Expert Comment

by:taisk
ID: 8184618
This binary file appears to be a ZIP file from the tell-tale "PK" at the start of the file.  Try unzipping the file and see what you get.

The application must have stored the file in the zipped format and unzip them when necessary.



0
 
LVL 3

Expert Comment

by:DRY_GIN
ID: 8184928
If renamin files to zip will not allow you to unzip them,
You can use SoftICE from numega in order to do low-level debugging - you will be able to see how files are pakced/uppacked.
plus you can use IDA from http://www.datarescue.com/ to decompile binary file into assembler, plus to simplify everythings by automatically mark all standart C functions.

Ussially in such situations people are looking for the buffer where packed data is temporally uncompressed and they create small program to capture that buffer and save it to the disk.

so you can modify your existing software to save all MPZ files as text files.

where is alot of tutorials on internet for both softICE and IDA

good luck
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 

Author Comment

by:timtrolious
ID: 8215419
Ok, great, renaming the file allowed me to open it inside of Winzip.  But to my dismay, the archive is passworded!

Anyone know any good programs to either bypass or brute force the password ?  Right now I'm running something called "Passware" "Advanced Zip Password Recovery," with a brute force.  Even spreading it over 5 computers, it's taking days to brute force the pass (as expected, of course).  7 million passwords a second isn't too bad, but when you have trillions... lol

Anyone have any ideas on how to break the pass for PK zip archives, or is it a fair bet that I'm pretty much out of luck minus any luck I have with a brute force ?

Tim
0
 
LVL 3

Expert Comment

by:DRY_GIN
ID: 8215490
in softice it takes about 10 minutes to crack the code and find out the password, if you have software that uses this mpz files.

If you are lazy enouth not to learn SoftIce go to some crackers groups (on IRC for example) and ask someone to crack it for you. It will cost you few backs (like less than 100$) - i guess this will be a best option for you.
0
 

Author Comment

by:timtrolious
ID: 8223408
It's my understanding that a plaintext crack, which can avoid brute forcing, requires a file decompressed from the same archive you're trying to crack to perform some kind of bitwise comparison.

What would softice do for me ?  I believe I have the program somewhere in my archives, but what exactly what I be attempting to do with it ?
0
 
LVL 8

Accepted Solution

by:
fl0yd earned 225 total points
ID: 8223753
With SoftICE you can intercept system calls and debug the application, more accurately, step through it to see what key is fed when opening the mpz file. If you haven't used it before, you are in for a steep learning curve, though.

Anyway, with SoftICE you don't have to use a brute force attempt and can just extract the password from the code, once you have found the appropriate locations in code. If that doesn't work, you can still dump the contens of mpz file after it has been opened and unlocked to a file.

.f
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Since upgrading to Office 2013 or higher installing the Smart Indenter addin will fail. This article will explain how to install it so it will work regardless of the Office version installed.
In this post we will learn how to connect and configure Android Device (Smartphone etc.) with Android Studio. After that we will run a simple Hello World Program.
An introduction to basic programming syntax in Java by creating a simple program. Viewers can follow the tutorial as they create their first class in Java. Definitions and explanations about each element are given to help prepare viewers for future …
Six Sigma Control Plans
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question