So, the other day, while on a walk, I found a 4 GB SD card lying around. Naturally, I immediately attempted to investigate its contents. Aside from 15,000 some images of Japanese pornography, I found an odd file labeled OldCat. Now, being the curious individual that I am, I spent the better part of several hours using a variety of methods to discern what the hell it was. The closest I came was in a seemingly successful ID of it as a Unix Executable File, but I don't make a habit of opening unknown executable files. In any case, I was hoping someone on DLP could help me out, either by suggesting another method to figure it out (I have tried TrID and DROID as well as the file command in unix) or in some other way. Here's the first few lines of the text, in case they're any help.

Code:

≈025i4Trier HD:Rest Of ORB:media:media:old:rogo:rogo01.jpgVA,0
ü†`#!,
 ôHôô
–¿
 ó⁄ 
 ï∞ÇHˇ—©p®
 ï≤DÄ}E˛
 ó⁄/!¥ 

 

You could try running it through the unix "strings" command and try to get a hint at what it does (though if "file" can't ID it, I wouldn't hold out a whole lot of hope at getting much that's useful).

 

Plugging in unknown media into your primary machine has been a bad idea since '99. Depending on the size of the file, it could be an encrypted file container for some less than legal pornography.

 

This actually reminds me of something I have wondered before. What exactly is the correct procedure were you to just happen upon some less than legal pornography on a card. Or if Schrodinger failed to follow TheSoundofSilence's sensible advice and this material ended up on his machine.

Contact the authorities? Delete, wipe, wipe again and burn?

 

Not to mention that this is exactly how bullshit like Stuxnet gets around. I'm well aware. Thus why I, of course, used the computer of a dorm-mate.\

As for the file-ize it's 17-some MB, which is rather considerable in text form. I'll try the Strings thing, pers.

 

Linux is only telling you it's an executable because it's an unrecognized binary file with no file extension.

I would try opening it with VLC (in case it's a video) and with various archive managers (in case it's a zip file / other kind of compressed archive). For security, I'd recommend doing this inside of a virtual machine, preferably a live CD with only the SD mounted as storage: That way if it's a virus, or something illegal as TheSoundOfSilence suggested, it won't be able to touch the rest of your PC.

If none of that works, you could try to run it as an executable inside your virtual machine. You may need to try different OS's to figure out what sort of executable it is.

It's an encrypted container, though, you're probably out of luck.

 

Contacting the authorities? Double edge sword. If you're lucky they'll thank you and investigate it.

Unlucky, get slapped with whatever the charge is because technically it was in your possession for a period of time.

No... probably better to delete. Wipe. wipe again. and then set it on fire. Bury it six feet underground off a little used roadway.

 

Strings gave me nothing, VLC can't play it, and none of my two archivers could do shit with it. For funsies, I ran it through a malware detector that gave me jackshit. Unfortunately, I don't hate my roomie enough to execute an unknown 17 MB file on his computer. It's not a disk image, or at least not any that I was able to recognize. I feel like it's some sort of corrupted thumbnail database, to be honest, since its text contains the letter 'jpg' nearly 5000 times: the file names correspond to images that are visible on the drive, so that seems pretty likely? But to be honest, I have no idea how I'd check that since as far as I know, there's no way to open Windows Thumb .db files anywhere but windows.

 

With any luck, it may be an Intersect 2.0 like in Chuck and you'll suddenly become a bad ass.

 

1. Anything you plug into USB can try to use bugs in the OS USB drivers to do nasty stuff to your computer. Don't connect untrusted USB devices to your hardware.

2. If a reasonably updated unix "file" utility doesn't yield an answer, google the first line of the output of "hexdump -C unknown_file" and see what comes up.

 

What a fun thread!

Several people hinted at it but I'll come right out and say it: if the file command doesn't outright say it's a linux executable, then it's almost certainly not. I remember playing with this some time ago, and the file command not only recognizes the custom ELF produced at the bottom as an executable, but it also recognizes that the header table is corrupt (which was deliberate). In the unlikely event it is an executable, though, you could always make a throwaway virtual machine with no network access and give it a shot.

Personally I think you're mostly right about the image database thing, but I think it's more likely an album file from whatever photo viewer the former owner used. It wouldn't make sense to rename an actual thumbs.db file since Windows wouldn't be able to find it.

Finally, I'd like to point out that rogo01.jpg is almost certainly Engrish for logo01.jpg, which made me laugh since I only realized that after Googling for it. Uh, for purely investigative purposes to help you out, of course.

 

Yep, that's a file.