1
I have a database file ending in .dat, which says nothing to me. Given that it uses a file per database, I assumed that it had to be some sort of sqlite, so tried to open with sqlite3 and has not been recognized as a database. Due to licensing issues, I'm unsure of how much information I can share about this, so I won't be able to upload the file. I know that it's not an encrypted file, and if I cat the file it looks like this:
<FE>^_(^@SR<89>^@^@^F^@^@^@Z^@^@^@XXX.Bin 6^RXXX.BankName s80^RXXX.CardType1 7^RXXX.CardType2 F^RXXX.Country Q^RXXX.BankPhone Q^R^T^F^D^C^C^X^@400094^R^@^@^@STAR_NETWORKS,_INCN/AN/AUNITED_STATES_OF_AMERICA^F^D^C^C^X^@400109^R^@^@^@EFUNDS_CORPORATIONN/AN/AUNITED_STATES_OF_AMERICA^F^D^C^C^X^@400110^P^@^@^@FIFTH_THIRD_BANKN/AN/AUNITED_STATES_OF_AMERICA^F^D^C^C^X^@
Any help on how I could export this to a sqlite database? If I only knew what type of database this is! I know that it's read by a program for windows and I'm trying to avoid making a script to read it character by character (there are no return lines) so any hints would be appreciated.
Oscar Wahltinez
Posted 2011-06-30T20:16:13.160
Reputation: 121
Do you know which programs use it? Can you include a "hex dump" of the first 15-20 characters? – Randolf Richardson – 2011-06-30T20:26:16.647
1the program that uses it is a standalone exe and I have no access to the source code – Oscar Wahltinez – 2011-06-30T20:33:26.607
Do you know which language the program was written in? In many cases this can help to narrow down which database technology is probably being used. – Randolf Richardson – 2011-06-30T20:34:52.463
I'm afraid that I don't, and the gui looks quite strange to me. Running strings on the binary doesn't return anything helpful and I can't post the hexdump of the binary because of the limit on the number of characters. I can tell, though, that it begins with a MZP – Oscar Wahltinez – 2011-06-30T20:40:32.597
Just the first 15-20 characters is all that's needed -- that will easily fit into a comment (up to 60 characters if you include spaces between the pairs of hexadecimal nybbles). – Randolf Richardson – 2011-06-30T20:41:45.063
0000000 5a4d 0050 0002 0000 0004 000f ffff 0000
0000010 00b8 0000 0000 0000 0040 001a 0000 0000
0000020 0000 0000 0000 0000 0000 0000 0000 0000
0000030 0000 0000 0000 0000 0000 0000 0100 0000
0000040 10ba 0e00 b41f cd09 b821 4c01 21cd 9090
0000050 6854 7369 7020 6f72 7267 6d61 6d20 7375
0000060 2074 6562 7220 6e75 7520 646e 7265 5720
0000070 6e69 3233 0a0d 3724 0000 0000 0000 0000
0000080 0000 0000 0000 0000 0000 0000 0000 0000 – Oscar Wahltinez – 2011-06-30T20:44:17.697
1@omtinez: could you post the name of the file and program and the language (e.g. English) of it? I used
xxd -r file > testfileto reconstruct the file from the hexdump (and verified the dump withxxd testfile), but unfortunatelyfile testfilestill says "data". Not really useful. – Lekensteyn – 2011-06-30T20:45:23.767When "5A 4D" is swapped around, it comes out as "MZ" which is typical of DLL and other executable files in Windows. This really is starting to look more like a program file, and I wonder if it might be a self-modifying DLL. It could also be a "Mountable Zip File." – Randolf Richardson – 2011-06-30T20:49:46.513
oh wait were you requesting the hezdump of the file, or the executable program that reads it? I gave you the hexdump of the executable, I will post the file in a second – Oscar Wahltinez – 2011-06-30T20:57:58.430
0000000 1ffe 0028 5253 0089 0600 0000 5a00 0000 0000010 5800 5858 422e 6e69 3620 5812 5858 422e 0000020 6e61 4e6b 6d61 2065 3873 1230 5858 2e58 0000030 6143 6472 7954 6570 2031 1237 5858 2e58 0000040 6143 6472 7954 6570 2032 1246 5858 2e58 0000050 6f43 6e75 7274 2079 1251 5858 2e58 6142 0000060 6b6e 6850 6e6f 2065 1251 0614 0304 1803 0000070 3400 3030 3930 1234 0000 5300 4154 5f52 0000080 454e 5754 524f 534b 5f2c 4e49 4e43 412f – Oscar Wahltinez – 2011-06-30T20:58:21.673
Still data:
printf '\xfe\x1f\x28\x00\x53\x52\x89\x00\x00\x06\x00\x00\x00\x5a\x00\x00\x00\x58\x58\x58\x2e\x42\x69\x6e\x20\x36\x12\x58\x58\x58\x2e\x42\x61\x6e\x6b\x4e\x61\x6d\x65\x20\x73\x38\x30\x12\x58\x58\x58\x2e\x43\x61\x72\x64\x54\x79\x70\x65\x31\x20\x37\x12\x58\x58\x58\x2e\x43\x61\x72\x64\x54\x79\x70\x65\x32\x20\x46\x12\x58\x58\x58\x2e\x43\x6f\x75\x6e\x74\x72\x79\x20\x51\x12\x58\x58\x58\x2e\x42\x61\x6e\x6b\x50\x68\x6f\x6e\x65\x20\x51\x12\x14\x06\x04\x03\x03\x18\x00\x34\x30\x30\x30\x39\x34\x12\x00\x00\x00\x53\x54\x41\x52\x5f\x4e\x45\x54\x57\x4f\x52\x4b\x53\x2c\x5f\x49\x4e\x43\x4e\x2f\x41'– Lekensteyn – 2011-06-30T21:08:47.710@omtinez: I thought you were asking about the database file that you were trying to alter -- I was definitely interested in the data file. Thanks for clarifying. I'm not seeing any indication of what type of file this is either. It could be a proprietary data file format for all we know. – Randolf Richardson – 2011-07-01T01:13:30.140
Presumably what you are really after is the data itself, the database being but a stepping stone to get there. If so, a last resort might be to reverse engineer the data format itself and write a program to extract the relevant information. – The Dag – 2012-05-12T14:49:29.047