|
From: Matt Frazier (mfrazier, cryptofreak dot org) Date: 2001.03.08 - 19.09 MST
X-Mailer: Microsoft Outlook Express 5.60.2296.0000 Arbitrarily, I split this up (based on Geoff's analysis) ónc*c²“W0ªd ónc*c²“W6”d Y\¥&Æ~ö77˜² Ynb¾ÆXßKMز ìŽ[_Ù¬-)Àd ª*¢¾Æ²†AHÒd ínjÌqUí*“«Ö–•YÖV‹O™ª9«Ê³Ê² ÃUÙýY[®šÆ[6½ÑÁ¯žÖ–ÁYr6«Oµ¶Y[VfƲ ÖMã8V’ϲ œKOJ6Yz^j_qp Now, considering the problem suggests some error-handling hardware-type correction, we could presume that the first two 11-byte sequences are a handshake of some kind. The 'd' and '²' values may be arbitrarily spaced, but they seem like as good a point as any to note as end-of-packets (for the sake of analysis). I'm just talkin' out loud at this point. Secondly, consider the 0xff terminator -- does this give us any help on what proto it may be using? Can we compare that at all with the 0xf3 preamble? Is that even a preamble? Can we presume this is both sides of the communication, or that it's just one end? (The source is not specific -- 'tapped off an unprotected modem connection' may mean full or half duplex.) Just throwin' out ideas, still working on that actual thinking thing. Matt -- This is the mod-chal mailing list. To unsubscribe, email majordomo, cryptofreak dot org with message body 'unsubscribe mod-chal'. Or, for more information, visit http://www.cryptofreak.org/.
This archive was generated by hypermail 2b30 : 2001.09.26 - 14.03 MDT |