Friday, May 8, 2009

Analysing a file (brute force method)

Recently I came across a page where someone was asking about finding the offset of a file system in a disk image. I am trying the following. Will update this post if I succeed.

for k in `count 0 1 100` ; do for d in `count ${k}000 1 `; do dd if=working.img of=ram/test.img skip=$d bs=1 count=512 &> /dev/null; file ram/test.img | grep ram/test.img | grep -v data; [ $? == "0" ] && echo $d;done ;done

count : this is a small program that I wrote. It take 2 or 3 parameters. "count 0 1 100" will print "0 1 2 3 4... 100". "count n 1" will print "n n+1 n+2.... n+1000"

The directory ram was mount point for a ram disk. It was created as follows

mkfs -t ext2 /dev/ram4
mount -o loop /dev/ram4 ram

Still its taking a lot of time and its eating a lot of cpu. Next, I will move the working.img also to ramdisk!