From owner-freebsd-chat@FreeBSD.ORG Tue Feb 17 02:37:10 2015 Return-Path: Delivered-To: freebsd-chat@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0AB838A0 for ; Tue, 17 Feb 2015 02:37:10 +0000 (UTC) Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C9C368E2 for ; Tue, 17 Feb 2015 02:37:09 +0000 (UTC) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id D2702209A8 for ; Mon, 16 Feb 2015 21:37:07 -0500 (EST) Received: from web6 ([10.202.2.216]) by compute1.internal (MEProxy); Mon, 16 Feb 2015 21:37:08 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=fastmail.com; h= message-id:x-sasl-enc:from:to:mime-version :content-transfer-encoding:content-type:subject:date; s=mesmtp; bh=Kux6RrYwbjv1sgtMHZdaLrz/nkQ=; b=bvmjezONn0qYsci2ygdcQ3UljyBH f/lF+Qu4XoAevgywvxFi1Jrj0GFbjKdo9HsUU6VoHwyLTBEbMkwrC/kHlggrXqBu cp0vERzkXpOvoITusU5D3qiRBJe2Tbe3b+va3UbbK+FCAetMOLQMnbD2Fx/NiNDk VCKEdcbZlvym/0k= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:x-sasl-enc:from:to :mime-version:content-transfer-encoding:content-type:subject :date; s=smtpout; bh=Kux6RrYwbjv1sgtMHZdaLrz/nkQ=; b=twSffSzbUR6 cl7+l0YpAQLoBPrACe0o8ej7m6qAgl9yziUOYp+vUQeB6vei7pMOMeKSHReRwdzm dbx0FgGrN6vDzvjZTIL5fQbP7OAykLr2Rj65N72F9ir/BJwLvebnLlPjVUXiClEo Auqvm6WerLwkIXRsTl+9Q7iRpeY4XJGg= Received: by web6.nyi.internal (Postfix, from userid 99) id 225425E8C7; Mon, 16 Feb 2015 21:37:08 -0500 (EST) Message-Id: <1424140628.3400388.228383569.629B0401@webmail.messagingengine.com> X-Sasl-Enc: wLvWFuuSfv+0oJ2UqoQEMb4NAKj51i1m4Wwls6+BDu/e 1424140628 From: "Jason C. Wells" To: freebsd-chat@freebsd.org MIME-Version: 1.0 X-Mailer: MessagingEngine.com Webmail Interface - ajax-4ba7306c Subject: Analyze and Edit a Binary File Date: Mon, 16 Feb 2015 18:37:08 -0800 Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 X-BeenThere: freebsd-chat@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Non technical items related to the community List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Feb 2015 02:37:10 -0000 I use some engineering software called Catia. The files produced by Catia encode a software version number. If the version number is greater than the version of the installed software, Catia refuses to open the file. This is annoying in the extreme. Especially if you want to share files in the spirit of open source. If the files that I create are newer than the Catia version of my audience, then my audience can't use my files. My question to my more knowledgeable computer geek friends: How do I analyze and edit an arbitrary binary file? I know this is a bigger topic than a quick response on -chat might allow. So really what I am asking is, What tools, topics, and keywords do I need to google in order to understand this task. Thanks in advance, Jason C. Wells From owner-freebsd-chat@FreeBSD.ORG Tue Feb 17 03:27:36 2015 Return-Path: Delivered-To: freebsd-chat@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 72915520 for ; Tue, 17 Feb 2015 03:27:36 +0000 (UTC) Received: from siobud.com (siobud.com [104.236.58.159]) by mx1.freebsd.org (Postfix) with ESMTP id 4974AED7 for ; Tue, 17 Feb 2015 03:27:35 +0000 (UTC) Received: from 3006.local (c-73-8-76-141.hsd1.il.comcast.net [73.8.76.141]) by siobud.com (Postfix) with ESMTPSA id 77712EB692; Tue, 17 Feb 2015 03:21:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=siobud.com; s=mail; t=1424143284; bh=Fi3WJCfLFlcN8loecS0Z1OIzjf0ufMMT7SdnAOPRTDk=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=s77Ja/OvqG57f92gZZm8hQ+ANUsYBsGBXCtep8kdxtC2CoBYf3VR2SB17BmQ9DZur ynYirXIvK4SqSP/ta9ZxFSAFQeV61kkmpj50TLi6oAXWMFCea0ait7O9nlED2BIXvB J0YLKnp/9Gz9Jl7dXQowWkyFXo5JmjztwSbn+nqI= Date: Mon, 16 Feb 2015 21:21:23 -0600 From: Sean DuBois To: "Jason C. Wells" Subject: Re: Analyze and Edit a Binary File Message-ID: <20150217032123.GA87933@3006.local> References: <1424140628.3400388.228383569.629B0401@webmail.messagingengine.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1424140628.3400388.228383569.629B0401@webmail.messagingengine.com> User-Agent: Mutt/1.5.23 (2014-03-12) Cc: freebsd-chat@freebsd.org X-BeenThere: freebsd-chat@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Non technical items related to the community List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Feb 2015 03:27:36 -0000 Hey Jason, I would try opening the file in question with a hex editor. I use vim when working on FreeBSD, and Hex Fiend when on OSX, I imagine the version number will be in the first N bytes of the file OR at the very end. The file my also be made up of other things, just perhaps run it through binwalk as well? I am by no means an experienced reverser, so I bet even better advice will come from the list soon :) On Mon, Feb 16, 2015 at 06:37:08PM -0800, Jason C. Wells wrote: > > I use some engineering software called Catia. The files produced by > Catia encode a software version number. If the version number is > greater than the version of the installed software, Catia refuses to > open the file. This is annoying in the extreme. Especially if you want > to share files in the spirit of open source. If the files that I create > are newer than the Catia version of my audience, then my audience can't > use my files. > > My question to my more knowledgeable computer geek friends: How do I > analyze and edit an arbitrary binary file? I know this is a bigger topic > than a quick response on -chat might allow. So really what I am asking > is, What tools, topics, and keywords do I need to google in order to > understand this task. > > Thanks in advance, Jason C. Wells > _______________________________________________ > freebsd-chat@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-chat > To unsubscribe, send any mail to "freebsd-chat-unsubscribe@freebsd.org" From owner-freebsd-chat@FreeBSD.ORG Tue Feb 17 04:00:35 2015 Return-Path: Delivered-To: freebsd-chat@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 25C85798 for ; Tue, 17 Feb 2015 04:00:35 +0000 (UTC) Received: from www.lemis.com (www.lemis.com [208.86.226.86]) by mx1.freebsd.org (Postfix) with ESMTP id F01AD17A for ; Tue, 17 Feb 2015 04:00:34 +0000 (UTC) Received: from eureka.lemis.com (www.lemis.com [208.86.226.86]) by www.lemis.com (Postfix) with ESMTP id 311551B72848; Tue, 17 Feb 2015 04:00:28 +0000 (UTC) Received: by eureka.lemis.com (Postfix, from userid 1004) id 3EFA0F780F; Tue, 17 Feb 2015 15:00:26 +1100 (EST) Date: Tue, 17 Feb 2015 15:00:26 +1100 From: Greg 'groggy' Lehey To: "Jason C. Wells" Subject: Re: Analyze and Edit a Binary File Message-ID: <20150217040026.GA91708@eureka.lemis.com> References: <1424140628.3400388.228383569.629B0401@webmail.messagingengine.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="sdtB3X0nJg68CQEu" Content-Disposition: inline In-Reply-To: <1424140628.3400388.228383569.629B0401@webmail.messagingengine.com> User-Agent: Mutt/1.4.2.3i Organization: The FreeBSD Project Phone: +61-3-5346-1370 Mobile: None. Use the landline. WWW-Home-Page: http://www.FreeBSD.org/ X-PGP-Fingerprint: 9A1B 8202 BCCE B846 F92F 09AC 22E6 F290 507A 4223 Cc: freebsd-chat@freebsd.org X-BeenThere: freebsd-chat@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Non technical items related to the community List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Feb 2015 04:00:35 -0000 --sdtB3X0nJg68CQEu Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Monday, 16 February 2015 at 18:37:08 -0800, Jason C. Wells wrote: > > I use some engineering software called Catia. The files produced by > Catia encode a software version number. If the version number is > greater than the version of the installed software, Catia refuses to > open the file. This is annoying in the extreme. Especially if you want > to share files in the spirit of open source. If the files that I create > are newer than the Catia version of my audience, then my audience can't > use my files. > > My question to my more knowledgeable computer geek friends: How do I > analyze and edit an arbitrary binary file? Those are two different questions, of course. You know the version number; if it's relatively complicated (2.2.7.1, for example), it may be stored as character text. In that case, there will be relatively few false positives if you search for the text. If it's simple (2, for example), you'd need to run the software in a debugger and find where it does the comparison. That's much more difficult. As for editing: Emacs, of course :-) Seriously, it does work. I've used it on occasion, and at least one package I've seen asks you to edit binary files with Emacs as part of the build process. Just make very sure not to change the length of the file. Greg -- Sent from my desktop computer. Finger grog@FreeBSD.org for PGP public key. See complete headers for address and phone numbers. This message is digitally signed. If your Microsoft MUA reports problems, please read http://tinyurl.com/broken-mua --sdtB3X0nJg68CQEu Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlTivNkACgkQIubykFB6QiNtlwCfb3SOPNEWL2wWOtmd4vXFzXjs Cb8AoK4gf/8XKs5U4g7U/a7nC5JpDmGp =r5zb -----END PGP SIGNATURE----- --sdtB3X0nJg68CQEu-- From owner-freebsd-chat@FreeBSD.ORG Tue Feb 17 04:31:36 2015 Return-Path: Delivered-To: freebsd-chat@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 642E4AA1; Tue, 17 Feb 2015 04:31:36 +0000 (UTC) Received: from siobud.com (siobud.com [104.236.58.159]) by mx1.freebsd.org (Postfix) with ESMTP id 395A0690; Tue, 17 Feb 2015 04:31:35 +0000 (UTC) Received: from 3006.local (c-73-8-76-141.hsd1.il.comcast.net [73.8.76.141]) by siobud.com (Postfix) with ESMTPSA id 107D1EB670; Tue, 17 Feb 2015 04:31:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=siobud.com; s=mail; t=1424147494; bh=Zu6g37NL208eFUEmyi7BzaHvWdG7Bvb7L7Iul0PEy5M=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=NNKQOV2+adUlfDYSEbP3kCzCgxinfCCTAcEahK4etKuewIEalD8U+q8vCWAqr4Pml Xo6ZckLpKzDzftB38Fb65BtBf+DSh0tBKv7Tk4uiQ0AVa3pxpO9Mhj+EBIFPFSYVpL eAsLQbKwQvfDMQbDEomo1xMFChTZgjEHxgvuipEw= Date: Mon, 16 Feb 2015 22:31:32 -0600 From: Sean DuBois To: Greg 'groggy' Lehey Subject: Re: Analyze and Edit a Binary File Message-ID: <20150217043132.GA91832@3006.local> References: <1424140628.3400388.228383569.629B0401@webmail.messagingengine.com> <20150217040026.GA91708@eureka.lemis.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20150217040026.GA91708@eureka.lemis.com> User-Agent: Mutt/1.5.23 (2014-03-12) Cc: freebsd-chat@freebsd.org, "Jason C. Wells" X-BeenThere: freebsd-chat@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Non technical items related to the community List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Feb 2015 04:31:36 -0000 Oh also another idea. Try saving the same file in multiple versions of the program, and then diffing them. Another good trick would be to use LD_PRELOAD, and throw some debugging in places like strcmp etc.. And in the same vein as LD_PRELOAD try using strace I imagine Catia has all symbols stripped, so it will be sort of hard to analyze/debug. BUT you might get lucky, so worth checking :) On Tue, Feb 17, 2015 at 03:00:26PM +1100, Greg 'groggy' Lehey wrote: > On Monday, 16 February 2015 at 18:37:08 -0800, Jason C. Wells wrote: > > > > I use some engineering software called Catia. The files produced by > > Catia encode a software version number. If the version number is > > greater than the version of the installed software, Catia refuses to > > open the file. This is annoying in the extreme. Especially if you want > > to share files in the spirit of open source. If the files that I create > > are newer than the Catia version of my audience, then my audience can't > > use my files. > > > > My question to my more knowledgeable computer geek friends: How do I > > analyze and edit an arbitrary binary file? > > Those are two different questions, of course. You know the version > number; if it's relatively complicated (2.2.7.1, for example), it may > be stored as character text. In that case, there will be relatively > few false positives if you search for the text. If it's simple (2, > for example), you'd need to run the software in a debugger and find > where it does the comparison. That's much more difficult. > > As for editing: Emacs, of course :-) > > Seriously, it does work. I've used it on occasion, and at least one > package I've seen asks you to edit binary files with Emacs as part of > the build process. Just make very sure not to change the length of > the file. > > Greg > -- > Sent from my desktop computer. > Finger grog@FreeBSD.org for PGP public key. > See complete headers for address and phone numbers. > This message is digitally signed. If your Microsoft MUA reports > problems, please read http://tinyurl.com/broken-mua