Converting Binary Logs in Flasher Research

I have been playing around with the Advanced USB Port Monitor after reading Bram Mooij’s great article in DFI mag.

I was running into an issue though when I used the port monitor to sniff the traffic from an Octopus box – the monitor kept crashing when I tried to view the data that was transfered. I knew I used the method outlined by Bram correctly since the output of the port monitor was several megabytes larger than the output of the box, however I couldnt get to the hex dump since the program crashed.

The solution lay in converting the binary log file created by the monitor into a text file with just the transferred hex. This is accomplished by selecting “Tools -> Convert binary log file” from the upper menu. A dialog box will then appear.

Binary Log Conversion

Select the log you want to convert and the output directory. Now select “unlimited” in Bytes per dump, “if transfered data exists” under Process Data, and Output Hex data, Output ASCII data, Align and Transferred data only. The resulting output should look something similar to the below.

Convert Output

Binary Conversion Output

Adjust the output settings as you need. I hope this helps you in your forensic endeavors.

Advertisements

Let Me Know Whatcha Think....

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s