views:

35

answers:

0

Hi,

I am reversing some kind of protocol and it looks like it is using zlib compression, the current packet is :

170300002009254CBCE1DC7A5578D1588577EF63AE8DDCA721FFCA453775BCA7375CB65EE31703000090AA883A355CB9A7450EA7BA8D485C655EB5FCB71E22F274E9FF03F326296E7F2D5960AB7CFB2986C4985D6B7D33BE2C7348142D738B522C3B89AA3723A5CADB9C3DF124B3AB405E0513766384D3C0C6C11395D51E317F1DF342F3731D498C84EE0BE9172C130A89C7EE287560E64337E4A0D49A211E40F846DBAF019ADEF2F2F601A145C1F587C792CF3C2EE1CEE558031703000020259BAFBADABE5B22360C727D6E2494C41542FC3E14EEE3B5317C13F06044BB77170300005012E5BF7E631E9E3C5F0D133890808281A769C3AEC50ACF8BB0FBF39CAEC0E2EA75C09BAD7A3F22A15DC2B5C3751561DB3219164AB80E55A7DB141F5F6FAB4DE9189CC145C47E49D741075DDAA6EFD2A6

If we take a look at rfc1950 we see the specifications of the format, in my script (php) i extract the zlib related info for the above packet :

compression method : 1
compression info   : 7
------------------------------
flag check          : 0
flag dict           : 0
flag level          : 3

However I cannot find a way to uncompress the hex data, even if I convert it to a binary string with pack('H*',$data) it still gives an error about wrong data.

Is it possible to use a commandline program and feed it with the above hex data where the commandline utility returns the uncompressed string in HEX.