2011-12-15-0750Z


There probably exists a bindiff program like this, but I felt like making one. It took me a while wading through the Bash manpage till I found out the magic incantations to fetch the last two positional parameters. There's probably a far more elegant way but this is working:

#!/bin/sh
# compare two binary files
if [ "$#" -lt 2 ]; then
 echo Usage: $0 [DIFFOPTIONS] FILE1 FILE2 >&2
 exit 1
fi
switches=${@:1:$(($#-2))}
file1=${@:$(($#-1)):1}; file2=${@:$(($#)):1}
binfile1=$(mktemp); binfile2=$(mktemp)
if [ -f $file1 -a -r $file1 -a -f $file2 -a -r $file2 ]; then
 xxd $file1 $binfile1; xxd $file2 $binfile2
 diff $switches $binfile1 $binfile2
else
 echo Both files must exist and be readable >&2
 exit 1
fi

Using it, I found that the trashed USB key had overwritten almost perfectly; only the first block had been hopelessly ruined, and the trailing zeros in the last block had been overwritten by 0xcc. At this point I could try to figure out where it got the bogus data, or I could just keep working on debugging the code. Mañana.

Back to blog or home page

last updated 2012-01-11 20:41:16. served from tektonic.jcomeau.com