svn commit: samba r3999 - in
branches/SAMBA_4_0/source:librpc/idl rpc_server/drsuapi
tridge at samba.org
tridge at samba.org
Tue Nov 30 00:55:04 GMT 2004
Michael,
> > 7ffbff1fb78e758b6a809f4d840b0724412ee1df0402000000000000
> > 7ffbff1f1b796f7e41acad489ffed5da29e26c4ef801000000000000
> >
> > It doesn't look like the values are completely random, but they are
> > definately not a constant either.
>
> Minus the first 2-4 bytes it looks pretty "random" to me.
nope, you're just looking at it the wrong way. It clearly has
structure.
For example, look at the two sequences "b78" and "b79". I really doubt
that is a coincidence. Instead, I expect to find that its some sort of
compression or encoding scheme, or some sort of really crappy
encryption.
I expect that some sections of the data are truly random, but perhaps
the random sections are not at the same offset (such as happens with
some of the common ASN.1 encoding schemes).
Possible sources of commonality include:
- hardware ethernet address (like a GUID uses in some schemes)
- timestamps (both machines installed within a few weeks of
each other)
- OS version
I expect we'll eventually work out what the encoding is. Ways to
approach this include:
- try generating random values, see what error codes we get
- try sending minor varients on the w2k3 values, like flipping
individual bits. See which bits change behaviour.
- mark the packet as big-endian, to see if this involves any byte
order dependent encoding (thats how you can prove that GUIDs have
internal structure)
Cheers, Tridge
More information about the samba-technical
mailing list