Re: you iso's may have been hacked

To: debian-user@lists.debian.org
Subject: Re: you iso's may have been hacked
From: "Thomas Schmitt" <scdbackup@gmx.net>
Date: Wed, 10 Aug 2016 18:13:19 +0200
Message-id: <[🔎] 59265881512031008709@scdbackup.webframe.org>
In-reply-to: <[🔎] _miQVrhU9ilLJjhIRLhtzYtVVaYnV_Hhn4LEj7dWvnX7rUgxa7aNOPLS4uvND3gQrvIgw0RKWc4_gVpzjtZxqmJC-XHdbpdZI6UIVDE30Tc=@protonmail.com>
References: <[🔎] _miQVrhU9ilLJjhIRLhtzYtVVaYnV_Hhn4LEj7dWvnX7rUgxa7aNOPLS4uvND3gQrvIgw0RKWc4_gVpzjtZxqmJC-XHdbpdZI6UIVDE30Tc=@protonmail.com>

Hi,

Andrew F Comly wrote:
> Am I supposed to edit the script and put something in for magic=' '?

No. Magic is what an ISO 9660 should bear at byte offset 32768:
A byte with ASCII value 1 and five bytes saying "CD001":

  $ dd if=debian-8.4.0-amd64-netinst.iso bs=1 skip=32768 count=6 | od -c
  ...
  0000000 001   C   D   0   0   1

Your file yielded two blanks on this shell command

  dd if="/dev/sdb" bs=2048 skip=16 count=1 |
  dd bs=1 count=6 | od -x | head -1 | \
  awk '{print $2 " " $3 " " $4}'

Wheras an ISO is supposed to yield (on little-endian machine):

  4301 3044 3130

I get two blanks as result when i apply the command to a file which does
not have 32768 bytes or to which i have no read permission.
Given the fact that you run cmp under sudo, i'd guess it is about read
permission.

To my experience, /dev/sr0 is readable for the desktop user. So one would
not experience this difficulty with optical media.


Have a nice day :)

Thomas

Reply to:

References:
- Re: 2 attempts failed: 1) cmp; 2) /home/a/scripts/check_debian_iso
  - From: Andrew F Comly 康大成 <andrew.comly@protonmail.com>

Prev by Date: Re: Limiting internet access by time
Next by Date: Re: The DISPLAY variable.
Previous by thread: Re: 2 attempts failed: 1) cmp; 2) /home/a/scripts/check_debian_iso
Next by thread: iso hacked suspicious: answers
Index(es):
- Date
- Thread