How do you figure out how many bytes of an RPM is header? ----- Original Message ----- From: Neil Parker <[EMAIL PROTECTED]> To: EUGLUG <[EMAIL PROTECTED]> Sent: Saturday, August 18, 2001 11:02 PM Subject: [EUG-LUG:2360] Re: Sircam decoder? > > > On Fri, 17 Aug 2001, Rob Hudson wrote: > > Does anyone know the dd trick to strip the virus part of SirCam files > > off so you can read the documents? :) I remember seeing somewhere > > that someone used 'dd' to copy all but the first 123765 or so bytes, > > which was the virus. I can't seem to find that anywhere. I've got > > prizes in my inbox! > > I don't have the file offset, but the rest of the dd command goes like > this: > > dd if=(evil_input_file) of=(stripped_output_file) bs=(offset) skip=1 > > where, of course, you replace "(evil_input_file)", > "(stripped_output_file)", and "(offset)" with the appropriate names and > number. > > The same trick is useful for extracting RPM files, if you want to use > RPM-only software on a distribution that doesn't use RPMs (e.g. installing > Corel PhotoPaint 9 on Slackware, or Mandrake 8.0 (an RPM-based > distribution, but it doesn't like one of the PhotoPaint RPMs)). After > stripping off the header, an RPM is just a .cpio.gz archive. > > - Neil Parker, [EMAIL PROTECTED]
