===========================================
Assignment #05 - viewing a memory dump in hexadecimal
===========================================
- Ian! D. Allen - idallen@idallen.ca - www.idallen.com

Available online: Monday October 10, 2011

Goal:
    Practice reading memory dumps in hexadecimal.
    Gain familiarity with different line-end characters.
    Awareness of security implications of hexadecimal obfuscation.

Deliverables:
    In-lab demo to your instructor during Week 6-7.
    There is nothing to hand in.

Read the whole lab specification before you begin.  Read *all* the words.

1.  Download (do not cut-and-paste!) the file text.bin from the
    Data Files section of the Course Notes.  Display the file in
    hexadecimal and show your instructor which line-end characters are
    used to end each of the five lines in that text file.

    Which lines would typically be found in text files on which Operating
    Systems?

    If you use Windows, you may use the DEBUG hex dump program in a
    DOS window, or you can download a free Windows hex editor program
    (e.g. XVI32 from www.chmaas.handshake.de or "hexedit" from
    www.physics.ohio-state.edu) and use it to identify the line-end
    characters.

    If you use Unix/Linux, see the built-in command-line "od" program
    or download the GUI "hexedit" package.

2.  Decode to ASCII the hexadecimal bytes from the 140_attack.txt file
    and both pages in the 145_textbook_secrets.txt file in the Class
    Notes area and show your instructor the decoded strings.

This lab is an in-lab demo.  There is nothing to hand in.  Show me.

References:
   130_big_picture.txt       The Big Picture on Bit Patterns
   140_attack.txt            Attack Script uses hexadecimal obfuscation
   145_textbook_secrets.txt  Manual containing secret messages in hexadecimal
   120_CharacterEncoding.html     Character Encoding / Line Ends
   200_DEBUGbasics.html           MS-DOS DEBUG Basics for Fixed-Format Files
   200_DEBUGhelp.txt              Using DOS DEBUG

Free Windows-based Hex editors (or find your own):

   http://www.chmaas.handshake.de/
   http://www.physics.ohio-state.edu/~prewett/hexedit/

-- 
| Ian! D. Allen  -  idallen@idallen.ca  -  Ottawa, Ontario, Canada
| Home Page: http://idallen.com/   Contact Improv: http://contactimprov.ca/
| College professor (Free/Libre GNU+Linux) at: http://teaching.idallen.com/
| Defend digital freedom:  http://eff.org/  and have fun:  http://fools.ca/