Reverse Engineering Asked on September 30, 2021
I have this file here, that is supposed to be a wave audio file, but seems to have some obfuscation applied to it. The file header is here: https://pastebin.com/LD5aA1EG Any suggestions where else it would be appropriate to ask?
The file header once decoded shows that your wav file is over 320Mb. (the 4 bytes after "data")
The key changes every 512 bytes, so if they are set in advance you would need 625520 stored keys. This is of course very unlikely.
I think only the first key is frozen, the others can be just the XOR of the first 2 bytes of each group of 512 bytes.
To verify it would require a greater number of data, at least 1Mb, or better the complete zipped file.
Answered by Gordon Freeman on September 30, 2021
It looks like the file is xored by key 0xA7 0x23
. After xoring the very first bytes, the header looks like this:
52 49 46 46 0C E1 16 13 57 41 56 45 66 6D 74 20 RIFF.á..WAVEfmt
So mostly like correct wave header.
Answered by morsisko on September 30, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP