unreadable attachment? Here’s how to recover it!

Di kr1zz | Commenti (0) | Trackback (0)

A friend forwarded me an email pretending it contained some exceptional photos. There was actually only a text file in attachment, whose content looked like this:

Return-Path:
Received: from [...]
Date: [...]
Message-Id:[...]
Subject: a very original subject
MIME-Version: 1.0
X-Sensitivity: 3
Content-Type: multipart/mixed; boundary=”_=__=_XaM3_.1215754998.2A.506953.42.25201.52.42.007.413123292″
From: [...]
To: [...]
X-XaM3-API-Version: 4.3 (R1) (B3pl25)
X-SenderIP: 79.24.125.30

--_=__=_XaM3_.1215754998.2A.506953.42.25201.52.42.007.413123292
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

--_=__=_XaM3_.1215754998.2A.506953.42.25201.52.42.007.413123292
Content-Type: application/vnd.ms-powerpoint;
name="=?iso-8859-1?Q?foto=5Fincredibili.pps?="
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="=?iso-8859-1?Q?foto=5Fincredibili.pps?="

0M8R4KGxGuEAAAAAAAAAAAAAAAAAAAAAPgADAP7/CQAGAAAAAAAAAAAAAAAIAAAA5gMAAAAA
AAAAEAAA6AMAAAEAAA
[...]
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///////////////wAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

--_=__=_XaM3_.1215754998.2A.506953.42.25201.52.42.007.413123292--

What does it mean? It’s an email message, containing headers, body and a binary attachment, all coded as text. In particular, the following section tells us more:

Content-Type: application/vnd.ms-powerpoint;
name="=?iso-8859-1?Q?foto=5Fincredibili.pps?="
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="=?iso-8859-1?Q?foto=5Fincredibili.pps?="

The original attachment was a powerpoint slide presentation whose name was foto incredibili.pps. The file was encoded with base64 and attached to the email.

To recover it, first of all I had to separate the relevant part from the rest, which meant editing the file (I used gedit but any text editor should do) and deleting headers and body and everything apart from

0M8R4KGxGuEAAAAAAAAAAAAAAAAAAAAAPgADAP7/CQAGAAAAAAAAAAAAAAAIAAAA5gMAAAAA
AAAAEAAA6AMAAAEAAA
[...]
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///////////////wAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

I saved the file as convert.me and the job was almost over. Last thing I had to do was to decode it, which on a Linux box means:

$ base64 -d convert.me > foto\ incredibili.pps

I suppose there are tools to manipulate MIME-base64 encoded file also on other operating systems but wikipedia suggests some online tools which can be useful.

Finally, here you can see the result :p

Ti è piaciuto questo articolo? Perché non lasci un commento sotto e continui la conversazione, o ti iscrivi al mio feed così gli articoli come questo saranno consegnati direttamente al tuo lettore di feed. Se non hai un lettore di feed puoi sempre ricevere gli articoli via email. clicca qui per iscriverti.

Tag: , , , ,
Topics: geek

Non c’è ancora nessun commento.

Lascia un commento

A capo e separazione tra i paragrafi automatici, l’indirizzo e-mail non è mai mostrato, codice HTML consentito: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>



I link nei commenti potrebbero essere liberi dal nofollow.