svn commit: samba r3999 - in branches/SAMBA_4_0/source:librpc/idl rpc_server/drsuapi

tridge at tridge at
Tue Nov 30 00:55:04 GMT 2004


 > >   7ffbff1fb78e758b6a809f4d840b0724412ee1df0402000000000000
 > >   7ffbff1f1b796f7e41acad489ffed5da29e26c4ef801000000000000
 > >
 > > It doesn't look like the values are completely random, but they are
 > > definately not a constant either.
 > Minus the first 2-4 bytes it looks pretty "random" to me.

nope, you're just looking at it the wrong way. It clearly has

For example, look at the two sequences "b78" and "b79". I really doubt
that is a coincidence. Instead, I expect to find that its some sort of
compression or encoding scheme, or some sort of really crappy

I expect that some sections of the data are truly random, but perhaps
the random sections are not at the same offset (such as happens with
some of the common ASN.1 encoding schemes).

Possible sources of commonality include:

  - hardware ethernet address (like a GUID uses in some schemes)
  - timestamps (both machines installed within a few weeks of
    each other)
  - OS version

I expect we'll eventually work out what the encoding is. Ways to
approach this include:

 - try generating random values, see what error codes we get
 - try sending minor varients on the w2k3 values, like flipping
   individual bits. See which bits change behaviour.
 - mark the packet as big-endian, to see if this involves any byte
   order dependent encoding (thats how you can prove that GUIDs have
   internal structure)

Cheers, Tridge

More information about the samba-technical mailing list