感谢您查看我的问题。真的把我的头撞在墙上。
我正在尝试从一堆.bin文件中提取日期。这些文件(可能)是由GFA Basic编写的程序创建的。我有一个标记序列的样本。
我认为我已将标题缩小到此序列,在此序列中,我认为日期时间戳必须是(我没有要标记的时间,但我只需要能够提取日期) 。
有人可以从这些十六进制序列中找出日期吗?我似乎无法在这里破译模式。
更新:如果这确实是用GFA Basic编写的对象,我发现以下信息:(来源:http://freddo.chez.com/GfaBasic/GFABASIC.TXT)
〜XBIOS(22,L:t%)
Sets date and time
t% Bits 0-4: seconds
5-19: minutes
11-15: hours
16-20: day
21-24: month
25-31: year - 1980
任何指针都很棒。再次感谢。
06/03/2017 70 00 F3 02 31 FF 00 00 BC 15 12 04 3C 00 00 00 00 00 04 00 0C 00 FB FF 00 00 00 00 00 00
06/03/2017 70 00 F3 02 31 FF 00 00 BA 15 12 04 3C 00 00 00 00 00 FC FF FA FF FC FF 00 00 00 00 00 00
20/05/2019 76 01 EF 02 FE FF 00 00 7F 52 11 04 8A 28 00 00 00 00 0D 00 10 00 02 00 00 00 00 00 00 00
20/05/2019 76 01 EF 02 FE FF 00 00 81 52 12 04 73 30 00 00 00 00 F9 FF E9 FF F1 D8 00 00 00 00 00 00
20/05/2019 76 01 EF 02 FE FF 00 00 7D 52 0D 04 58 00 00 00 00 00 F4 FF 05 00 03 00 00 00 00 00 00 00
20/05/2019 76 01 EF 02 FE FF 00 00 83 52 12 04 A0 33 00 00 00 00 F9 FF 0D 00 F2 FF 00 00 00 00 00 00
06/03/2020 11 02 9E 03 21 00 00 00 78 66 0C 04 28 08 00 00 00 00 09 00 05 00 FF FF 00 00 00 00 00 00
06/03/2020 11 02 9E 03 21 00 00 00 81 66 0F 04 98 20 00 00 00 00 19 00 0D 00 FA FF 00 00 00 00 00 00
06/03/2020 11 02 9E 03 21 00 00 00 80 66 0E 04 BA 1E 00 00 00 00 05 00 14 00 FC FF 00 00 00 00 00 00
06/03/2020 11 02 9E 03 21 00 00 00 7A 66 0C 04 DA 09 00 00 00 00 0B 00 FA FF 0A 00 00 00 00 00 00 00
06/03/2020 11 02 9E 03 21 00 00 00 7F 66 0E 04 6A 1E 00 00 00 00 09 00 EF FF FA FF 00 00 00 00 00 00
06/03/2020 11 02 9E 03 21 00 00 00 86 66 0F 04 0A 23 00 00 00 00 E2 FF F3 FF 10 00 00 00 00 00 00 00
06/03/2020 11 02 9E 03 21 00 00 00 7C 66 0D 04 6C 0B 00 00 00 00 0E 00 2A 00 43 00 00 00 00 00 00 00
06/03/2020 11 02 9E 03 21 00 00 00 88 66 10 04 D1 2A 00 00 00 00 F1 FF ED FF EF FF 00 00 00 00 00 00
06/03/2020 11 02 9E 03 21 00 00 00 76 66 0A 04 64 00 00 00 00 00 F1 D8 F1 D8 F1 D8 00 00 00 00 00 00
18/05/2020 11 02 9E 03 21 00 00 00 99 68 12 04 3C 12 00 00 00 00 F6 FF F8 FF 0A 00 00 00 00 00 00 00
18/05/2020 11 02 9E 03 21 00 00 00 95 68 12 04 66 0B 00 00 00 00 EB FF 09 00 0A 00 00 00 00 00 00 00
18/05/2020 11 02 9E 03 21 00 00 00 97 68 12 04 24 0E 00 00 00 00 EE FF F8 FF ED FF 00 00 00 00 00 00
18/05/2020 11 02 9E 03 21 00 00 00 92 68 11 04 E1 00 00 00 00 00 04 00 0A 00 0D 00 00 00 00 00 00 00
19/05/2020 11 02 9E 03 21 00 00 00 9E 68 0E 04 7C 0A 00 00 00 00 ED FF F7 FF EB FF 00 00 00 00 00 00
19/05/2020 11 02 9E 03 21 00 00 00 9B 68 0B 04 58 00 00 00 00 00 E8 FF 1C 00 E8 FF 00 00 00 00 00 00
19/05/2020 11 02 9E 03 21 00 00 00 A6 68 10 04 86 1C 00 00 00 00 F9 FF ED FF 0C 00 00 00 00 00 00 00
20/05/2020 11 02 9E 03 21 00 00 00 AA 68 0C 04 79 00 00 00 00 00 0A 00 10 FF E7 FF 00 00 00 00 00 00
20/05/2020 11 02 9E 03 21 00 00 00 BB 68 14 04 3C 00 00 00 00 00 FA FF E7 FF 06 00 00 00 00 00 00 00
20/05/2020 11 02 9E 03 21 00 00 00 B9 68 14 04 3C 00 00 00 00 00 0D 00 15 00 10 00 00 00 00 00 00 00
20/05/2020 11 02 9E 03 21 00 00 00 B7 68 13 04 17 4C 00 00 00 00 F2 FF E6 FF E8 FF 00 00 00 00 00 00
20/05/2020 11 02 9E 03 21 00 00 00 AC 68 0E 04 4E 04 00 00 00 00 FE FF F8 FF 0A 00 00 00 00 00 00 00
20/05/2020 11 02 9E 03 21 00 00 00 AE 68 0F 04 DA 08 00 00 00 00 07 00 EF FF F9 FF 00 00 00 00 00 00
20/05/2020 11 02 9E 03 21 00 00 00 B0 68 11 04 1A 14 00 00 00 00 F0 FF E4 FF 11 00 00 00 00 00 00 00
20/05/2020 11 02 9E 03 21 00 00 00 B3 68 13 04 0F 3D 00 00 00 00 C7 FF EF FF EB FF 00 00 00 00 00 00
没有容易可识别的模式。如果我们将十六进制转储转换为ASCII,则会产生一堆乱码。
临时文件具有上面的文本,这些操作会删除日期并将其传递给xxd以反转十六进制转储。
$ cat temp | cut -c12- | tr -d " " | xxd -r -p
p?1??<
???!xf??R?3???v???}Rv???R?(
???!?f????!zff?
?
??
?!fj ?????!?f
l?????!|f
*C?!?f?*???????!vf
d???????!?h<????
?!?hf
??
?!?h$???????!?h?
?!?h|
???????!?h
X?????!?h?????
?!?h
y
?!?hL???????!?hN????
?!?h?????!?h?????!?h=??????
如果这些字节表示日期,则可能需要根据写入它的编程语言来确定一种特殊的编码。也可以是程序特有的自定义编码,在这种情况下,将更难以解密。