A friend forwarded me an email pretending it contained some exceptional photos. There was actually only a text file in attachment, whose content looked like this:
Return-Path:
Received: from [...]
Date: [...]
Message-Id:[...]
Subject: a very original subject
MIME-Version: 1.0
X-Sensitivity: 3
Content-Type: multipart/mixed; boundary="_=__=_XaM3_.1215754998.2A.506953.42.25201.52.42.007.413123292"
From: [...]
To: [...]
X-XaM3-API-Version: 4.3 (R1) (B3pl25)
X-SenderIP: 79.24.125.30
--_=__=_XaM3_.1215754998.2A.506953.42.25201.52.42.007.413123292
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
--_=__=_XaM3_.1215754998.2A.506953.42.25201.52.42.007.413123292
Content-Type: application/vnd.ms-powerpoint;
name="=?iso-8859-1?Q?foto=5Fincredibili.pps?="
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="=?iso-8859-1?Q?foto=5Fincredibili.pps?="
0M8R4KGxGuEAAAAAAAAAAAAAAAAAAAAAPgADAP7/CQAGAAAAAAAAAAAAAAAIAAAA5gMAAAAA
AAAAEAAA6AMAAAEAAA
[...]
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///////////////wAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
--_=__=_XaM3_.1215754998.2A.506953.42.25201.52.42.007.413123292--
What does it mean? It’s an email message, containing headers, body and a binary attachment, all coded as text. In particular, the following section tells us more:
Content-Type: application/vnd.ms-powerpoint;
name="=?iso-8859-1?Q?foto=5Fincredibili.pps?="
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="=?iso-8859-1?Q?foto=5Fincredibili.pps?="
The original attachment was a powerpoint slide presentation whose name was foto incredibili.pps. The file was encoded with base64 and attached to the email.
To recover it, first of all I had to separate the relevant part from the rest, which meant editing the file (I used gedit but any text editor should do) and deleting headers and body and everything apart from
0M8R4KGxGuEAAAAAAAAAAAAAAAAAAAAAPgADAP7/CQAGAAAAAAAAAAAAAAAIAAAA5gMAAAAA
AAAAEAAA6AMAAAEAAA
[...]
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///////////////wAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
I saved the file as convert.me and the job was almost over. Last thing I had to do was to decode it, which on a Linux box means:
$ base64 -d convert.me > foto\ incredibili.pps
I suppose there are tools to manipulate MIME-base64 encoded file also on other operating systems but wikipedia suggests some online tools which can be useful.
Finally, here you can see the result :p
No related posts.
Tags: attachment, base64, email, Free Software, howto, LinkedIn
