Message Area
Casually read the BBS message area using an easy to use interface. Messages are categorized exactly like they are on the BBS. You may post new messages or reply to existing messages!

You are not logged in. Login here for full access privileges.

Previous Message | Next Message | Back to [GNG] Gated, Filtered alt.comp.a...  <--  <--- Return to Home Page
   Networked Database  [GNG] Gated, Filtered alt.comp.a...   [646 / 759] RSS
 From   To   Subject   Date/Time 
Message   Sh    All   Re: Kaspersky Rescue Disk Report - can't see full paths   June 5, 2019
 3:06 PM *   

From: Shadow <Sh@dow.br>

On Thu, 6 Jun 2019 01:19:56 +0100, "Apd" <not@all.invalid> wrote:

>"Paul" wrote:
>> When you look at the klr.enc1 files, what's the first
>> thing you notice ? There's a couple of groups of 0xCF hex
>> bytes. "Real" encryption would have high entropy.
>> This smells funny...
>>
>>     CF CF CF CF CF CF CF CF CF CF CF CF
>
>It smells like spaces!
>
>XOR the base64 with 0xEF and you have plain text with a single
>linefeed terminating each line. It's an XML report. Here's a line from
>your second example, krdeicar.txt (wrapped for ease of reading):
>
><Event1 Action="Detect" Time="132042218823887019"
>
Object="@Filesystem[65ba0377-31a7-52e4-8e5b-5415b3a73f12]/Downloads/EICARAntiVi
rusTestFile.com"
> Info="EICAR-Test-File" />
>

	Thanks for that. You must dream in hex, as I did 2 decades
ago. Alas, all I dream about now is staying alive.
	Simple XORing. Who would have guessed?
	Too hard for me to figure out without your help. I will now
write a little program in free Pascal or maybe 16 bit assembler to
automate the process, unless you can recommend freeware (no online
datamining stuff) that does it automatically ?
	TIA
	[]'s

	PS TY too Paul
-- 
Don't be evil - Google 2004
We have a new policy  - Google 2012
--- NewsGate v1.0 gamma 2
 * Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)
  Show ANSI Codes | Hide BBCodes | Show Color Codes | Hide Encoding | Hide HTML Tags | Show Routing
Previous Message | Next Message | Back to [GNG] Gated, Filtered alt.comp.a...  <--  <--- Return to Home Page
VADV-PHP
Execution Time: 0.073 seconds

If you experience any problems with this website or need help, contact the webmaster.
VADV-PHP Copyright © 2002-2024 Steve Winn, Aspect Technologies. All Rights Reserved.
Virtual Advanced Copyright © 1995-1997 Roland De Graaf.
 v2.0.140505

Warning: Unknown: open(c:\Sessions\sess_srrv2gmebb6umrs78dm0hkm5p0, O_RDWR) failed: No such file or directory (2) in Unknown on line 0 Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (c:\Sessions) in Unknown on line 0 PHP Warning: session_start(): open(c:\Sessions\sess_srrv2gmebb6umrs78dm0hkm5p0, O_RDWR) failed: No such file or directory (2) in D:\wc5\http\public\VADV\include\common.inc.php on line 45 PHP Warning: Unknown: open(c:\Sessions\sess_srrv2gmebb6umrs78dm0hkm5p0, O_RDWR) failed: No such file or directory (2) in Unknown on line 0 PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (c:\Sessions) in Unknown on line 0