Hi,
I am reversing some kind of protocol and it looks like it is using zlib compression, the current packet is :
170300002009254CBCE1DC7A5578D1588577EF63AE8DDCA721FFCA453775BCA7375CB65EE31703000090AA883A355CB9A7450EA7BA8D485C655EB5FCB71E22F274E9FF03F326296E7F2D5960AB7CFB2986C4985D6B7D33BE2C7348142D738B522C3B89AA3723A5CADB9C3DF124B3AB405E0513766384D3C0C6C11395D51E317F1DF342F3731D498C84EE0BE9172C130A89C7EE287560E64337E4A0D49A211E40F846DBAF019ADEF2F2F601A145C1F587C792CF3C2EE1CEE558031703000020259BAFBADABE5B22360C727D6E2494C41542FC3E14EEE3B5317C13F06044BB77170300005012E5BF7E631E9E3C5F0D133890808281A769C3AEC50ACF8BB0FBF39CAEC0E2EA75C09BAD7A3F22A15DC2B5C3751561DB3219164AB80E55A7DB141F5F6FAB4DE9189CC145C47E49D741075DDAA6EFD2A6
If we take a look at rfc1950 we see the specifications of the format, in my script (php) i extract the zlib related info for the above packet :
compression method : 1 compression info : 7 ------------------------------ flag check : 0 flag dict : 0 flag level : 3
However I cannot find a way to uncompress the hex data, even if I convert it to a binary string with pack('H*',$data) it still gives an error about wrong data.
Is it possible to use a commandline program and feed it with the above hex data where the commandline utility returns the uncompressed string in HEX.