• Next message: Jay Miller: "Okay, so I could be wrong.."
• Previous message: Jay Miller: "Re: Hmmmm...."
• Next in thread: Jay Miller: "Re: Building on Geoff's hypothesis..."
• Reply: Jay Miller: "Re: Building on Geoff's hypothesis..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

X-Mailer: Microsoft Outlook Express 5.60.2296.0000

Arbitrarily, I split this up (based on Geoff's analysis)

ónc*c²“W0ªd
ónc*c²“W6”d
Y\¥&Æ~ö77˜²
Ynb¾ÆXßKMز
ìŽ[_Ù¬-)Àd
ª*¢¾Æ²†AHÒd
ínjÌqUí*“­«Ö–•YÖV‹O™ª9«Ê³Ê²
ÃUÙýY[®šÆ[6½ÑÁ¯žÖ–ÁYr6«Oµ¶Y[VfƲ
֝Mã8V’Ï²
œKOJ6Yz^j_qp

Now, considering the problem suggests some error-handling hardware-type correction, we could presume that the first two 11-byte sequences are a handshake of some kind.  The 'd' and '²' values may be arbitrarily spaced, but they seem like as good a point as any to note as end-of-packets (for the sake of analysis).

I'm just talkin' out loud at this point.

Secondly, consider the 0xff terminator -- does this give us any help on what proto it may be using?  Can we compare that at all with the 0xf3 preamble?  Is that even a preamble?  Can we presume this is both sides of the communication, or that it's just one end?  (The source is not specific -- 'tapped off an unprotected modem connection' may mean full or half duplex.)

Just throwin' out ideas, still working on that actual thinking thing.

Matt


--
This is the mod-chal mailing list.  To unsubscribe, email
majordomo, cryptofreak dot org with message body 'unsubscribe mod-chal'.
Or, for more information, visit http://www.cryptofreak.org/.

• Next message: Jay Miller: "Okay, so I could be wrong.."
• Previous message: Jay Miller: "Re: Hmmmm...."
• Next in thread: Jay Miller: "Re: Building on Geoff's hypothesis..."
• Reply: Jay Miller: "Re: Building on Geoff's hypothesis..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : 2001.09.26 - 14.03 MDT