08-14-2015, 11:37 AM
(This post was last modified: 08-14-2015, 12:26 PM by DarkGrievous7145.
Edit Reason: UGH...MADE AN ERROR...THOUGHT I WAS MAKING A NEW POST, AND I'VE RUINED THIS ONE INSTEAD
)
analysis of first hex-named file:
91 00 00 10 48
‘...H
145,0,0,16,72
offsets 3-7
09
.
9
offset b
10
.
16
offset 0e
34 2E 36 2E 34 66 31 00 0D
4.6.4f1..
(this is probably a version number or something)
offsets 14-1c
01
.
1
offset 28
01
.
1
offset 2c
48
H
72
offset 34
FF FF FF FF 72
ÿÿÿÿr
255,255,255,255,114
offsets 38-3c
02
.
2
offset 42
73 68 61 72 65 64 61 73 73 65 74 73 30 2E 61 73 73 65 74 73
sharedassets0.assets
(file reference)
offsets 59-6c
65 61 38 37 65 39 35 62 62 65 37 64 65 34 34 35 31 61 65 34 30 65 63 63 65 61 39 35 61 38 66 62
ea87e95bbe7de4451ae40eccea95a8fb
(file ref...)
offsets 83-a2
a LOT of 00's
(no data, this is probably free space)
0
offsets a3-1007
01 00 00 00 01
.....
1,0,0,0,1
offsets 1008 - 100c
FB 01 00 00 25 00 00 00 74 6B 32 64 5F
û...%...tk2d_
251,1,0,0,37,0,0,0,116,107,50,100,65
offsets 1010-101c
65 61 38 37 65 39 35 62 62 65 37 64 65 34 34 35 31 61 65 34 30 65 63 63 65 61 39 35 61 38 66 62
ea87e95bbe7de4451ae40eccea95a8fb
(file...)
offsets 101d-103c
02
.
2
offset 1040
file: 0a20ce05e01374d819fb19a14806a55a
edit-re-write:
have Ploaj make a utility built to these specs:
1- use attached files as a search lookup table
2- scan every file, especially the hex-named ones, byte by byte, if necessary
3- log matches and the offsets they're found at
4- log any non-zero bye as hex, dec, and ascii
I'm gonna go look at file 0a20ce05e01374d819fb19a14806a55a now...
It's got a lot more data than that first one
91 00 00 10 48
‘...H
145,0,0,16,72
offsets 3-7
09
.
9
offset b
10
.
16
offset 0e
34 2E 36 2E 34 66 31 00 0D
4.6.4f1..
(this is probably a version number or something)
offsets 14-1c
01
.
1
offset 28
01
.
1
offset 2c
48
H
72
offset 34
FF FF FF FF 72
ÿÿÿÿr
255,255,255,255,114
offsets 38-3c
02
.
2
offset 42
73 68 61 72 65 64 61 73 73 65 74 73 30 2E 61 73 73 65 74 73
sharedassets0.assets
(file reference)
offsets 59-6c
65 61 38 37 65 39 35 62 62 65 37 64 65 34 34 35 31 61 65 34 30 65 63 63 65 61 39 35 61 38 66 62
ea87e95bbe7de4451ae40eccea95a8fb
(file ref...)
offsets 83-a2
a LOT of 00's
(no data, this is probably free space)
0
offsets a3-1007
01 00 00 00 01
.....
1,0,0,0,1
offsets 1008 - 100c
FB 01 00 00 25 00 00 00 74 6B 32 64 5F
û...%...tk2d_
251,1,0,0,37,0,0,0,116,107,50,100,65
offsets 1010-101c
65 61 38 37 65 39 35 62 62 65 37 64 65 34 34 35 31 61 65 34 30 65 63 63 65 61 39 35 61 38 66 62
ea87e95bbe7de4451ae40eccea95a8fb
(file...)
offsets 101d-103c
02
.
2
offset 1040
file: 0a20ce05e01374d819fb19a14806a55a
edit-re-write:
have Ploaj make a utility built to these specs:
1- use attached files as a search lookup table
2- scan every file, especially the hex-named ones, byte by byte, if necessary
3- log matches and the offsets they're found at
4- log any non-zero bye as hex, dec, and ascii
I'm gonna go look at file 0a20ce05e01374d819fb19a14806a55a now...
It's got a lot more data than that first one