Hacker News new | ask | show | jobs
by credulousperson 812 days ago
Opening bad-3-corrupt_lzma2.xz in an editor reveals it indeed has the string ####Hello####. I don't know enough about lzma compression streams to explain how this appears in the "compressed" version of the payload, but it does.
3 comments
loeg 812 days ago
I think part of it being a bad/corrupt test case means it doesn't have to be valid xz encoding. But I don't know if that even matters.
link
deanishe 811 days ago
> I don't know enough about lzma compression streams to explain how this appears in the "compressed" version of the payload, but it does.

From what I've read, the payload isn't stored in the archive, but rather the test file itself is a sandwich of xz data and payload: There are 1024 bytes of xz archive, N bytes of payload, another 1024 of xz, etc.

link
jijijijij 811 days ago
Thanks. The riddle has been solved :)

Do you have a (safe web view) version of those files? I would like to see what they look like to a casual observer. Judging by the 'tr' assembly command I would expect the bad-3-corrupt_ligma2.xz to be somewhat recognizable as script.

link