Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

illigal byte count -- -6 #9

Open
hellotherehelpme opened this issue Sep 15, 2023 · 9 comments
Open

illigal byte count -- -6 #9

hellotherehelpme opened this issue Sep 15, 2023 · 9 comments

Comments

@hellotherehelpme
Copy link

I receive an "illigal byte count -- -6" error message when attempting to create the offline image for analysis. Anyone else have this issue?
@yunzheng
Copy link
Member

Hi, are you dumping over SSH? If so, this is most like that head or tail on your local (Linux) system does not support negative numbers.

In that case you can dump it without head or tail and remove 6 bytes from the beginning and end of the file manually.

@hellotherehelpme
Copy link
Author

I am actually using OpenSSH from a Windows 10 machine so that could easily the issue.

How would I, "remove 6 bytes from the beginning and end of the file manually?"

Is there a recommend version of Linux to use instead?

@yunzheng
Copy link
Member

On Ubuntu the head and tail command should work fine. You can try to run Ubuntu on Windows using WSL2.

@hellotherehelpme
Copy link
Author

Ubuntu worked to create the images, but now I am getting the: "Target not recognized as citrix-netscaler" error.

@yunzheng
Copy link
Member

please double check the first few bytes of your image, for example using:

hexdump -C disk.img | head

@hellotherehelpme
Copy link
Author

hellotherehelpme commented Sep 18, 2023
edited by yunzheng
Loading

hexdump -C /mnt/j/md0.img | head

00000000  67 3a 20 4f 6e 65 20 6f  72 20 6d 6f 72 65 20 52  |g: One or more R|
00000010  50 43 20 6e 6f 64 65 73  20 61 72 65 20 63 6f 6e  |PC nodes are con|
00000020  66 69 67 75 72 65 64 20  77 69 74 68 20 64 65 66  |figured with def|
00000030  61 75 6c 74 20 70 61 73  73 77 6f 72 64 73 2e 20  |ault passwords. |
00000040  46 6f 72 20 65 6e 68 61  6e 63 65 64 20 73 65 63  |For enhanced sec|
00000050  75 72 69 74 79 2c 20 79  6f 75 20 6d 75 73 74 20  |urity, you must |
00000060  63 68 61 6e 67 65 20 74  68 65 20 64 65 66 61 75  |change the defau|
00000070  6c 74 20 52 50 43 20 6e  6f 64 65 20 70 61 73 73  |lt RPC node pass|
00000080  77 6f 72 64 2e 0a 20 44  6f 6e 65 0a 00 00 00 00  |word.. Done.....|
00000090  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|

@yunzheng
Copy link
Member

@hellotherehelpme
Looks like the NetScaler outputted also an error/warning message to stdout, see also #2 (comment)

you can fix it by stripping the error message from the, for example:

cat md0.img | tail -c +141 > da0.img.fixed

@hellotherehelpme
Copy link
Author

I tried as in #2 comment. No luck. Same error. Where does the number +141 comes from? How do I calculate the "right" number.

@yunzheng
Copy link
Member

I tried as in #2 comment. No luck. Same error. Where does the number +141 comes from? How do I calculate the "right" number.

It was by counting the bytes to strip off the error message and the Done\n message.

Please check again with hexdump -C md0.fixed and paste the output.

Can you also try target-shell md0.img.fixed and do a ls to see if you can do a dir listing?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yunzheng @hellotherehelpme