Skip to main content
The 2024 Developer Survey results are live! See the results
Code Golf

Return to Answer

replaced http://stackoverflow.com/ with https://stackoverflow.com/
Source Link
Community Bot
Community Bot
  • 1

Dumps a random block of physical memory and looks at the contents. Going to need to be root for this. Only the first 1MB of memoryfirst 1MB of memory is available by default. dd default block size is 512 bytes, that can be changed with option ibs=bytes but keep in mind the other option skip=$offset which picks a block at random. Output from dd is sent through tr to remove non ASCII characters; only unique results 2 characters or longer are evaluated.

Dumps a random block of physical memory and looks at the contents. Going to need to be root for this. Only the first 1MB of memory is available by default. dd default block size is 512 bytes, that can be changed with option ibs=bytes but keep in mind the other option skip=$offset which picks a block at random. Output from dd is sent through tr to remove non ASCII characters; only unique results 2 characters or longer are evaluated.

Dumps a random block of physical memory and looks at the contents. Going to need to be root for this. Only the first 1MB of memory is available by default. dd default block size is 512 bytes, that can be changed with option ibs=bytes but keep in mind the other option skip=$offset which picks a block at random. Output from dd is sent through tr to remove non ASCII characters; only unique results 2 characters or longer are evaluated.

dd stderr warning
Source Link
user21677
user21677

Also, be aware that dd outputs stats on the operation performed to stderr, which is piped to /dev/null. If something were to go horribly wrong (you are accessing /dev/mem ...) the stderr output won't be visible.

Overall, not very useful, but I learned a bit about linux memory and writing this script turned out to be fun.

Overall, not very useful, but I learned a bit about linux memory and writing this script turned out to be fun.

Also, be aware that dd outputs stats on the operation performed to stderr, which is piped to /dev/null. If something were to go horribly wrong (you are accessing /dev/mem ...) the stderr output won't be visible.

Overall, not very useful, but I learned a bit about linux memory and writing this script turned out to be fun.

Source Link
user21677
user21677

Bash

Dumps a random block of physical memory and looks at the contents. Going to need to be root for this. Only the first 1MB of memory is available by default. dd default block size is 512 bytes, that can be changed with option ibs=bytes but keep in mind the other option skip=$offset which picks a block at random. Output from dd is sent through tr to remove non ASCII characters; only unique results 2 characters or longer are evaluated.

Each string found is compared to a dictionary. If no matches are found, it attempts to decode as base64. Finally, all the strings evaluated are returned.

There are several other platform dependent options to be aware of, such as location of dictionary file (/usr/share/dict/words), whether sleep accepts floating point inputs, and if base64 is available.

Overall, not very useful, but I learned a bit about linux memory and writing this script turned out to be fun.

#!/bin/bash

offset=`expr $RANDOM % 512`
mem=`dd if=/dev/mem skip=$offset count=1 2>/dev/null| tr '[\000-\040]' '\n' | tr '[\177-\377'] '\n' | sort -u | grep '.\{2,\}'`

results=""

for line in $mem
do
    echo "Evaluating $line"
    greps=`grep "^$line" /usr/share/dict/words | head`

    if [ -n "$greps" ]
    then
        echo "Found matches."
        echo $greps
    else
        #echo "No matches in dictionary. Attempting to decode."
        decode=`echo "$line" | base64 -d 2>/dev/null`
        if [ $? -ne 1 ]
        then
            echo "Decode is good: $decode"
        #else
            #echo "Not a valid base64 encoded string."
        fi
    fi

    results+=" $line"

    # make it look like this takes a while to process
    sleep 0.5

done 

if (( ${#results} > 1 ))
then
    echo "Done processing input at block $offset: $results"
fi

Sometimes there's no interesting output (all zeroes). Sometimes there are only a few strings:

codegolf/work# ./s 
Evaluating @~
Evaluating 0~
Evaluating ne
Found matches.
ne nea neal neallotype neanic neanthropic neap neaped nearable nearabout
Done processing input at block 319:  @~ 0~ ne

Sometimes there is actually something human readable in memory (before I was logging block offset):

codegolf/work# ./s 
Evaluating grub_memset
Evaluating grub_millisleep
Evaluating grub_mm_base
Evaluating grub_modbase
Evaluating grub_named_list_find
Evaluating grub_net_open
Evaluating grub_net_poll_cards_idle
Evaluating grub_parser_cmdline_state
Evaluating grub_parser_split_cmdline
Evaluating grub_partition_get_name
Evaluating grub_partition_iterate
Evaluating grub_partition_map_list
Evaluating grub_partition_probe
Evaluating grub_pc_net_config
Evaluating grub_pit_wait
Evaluating grub_print_error
Evaluating grub_printf
Evaluating grub_printf_
Evaluating grub_puts_
Evaluating grub_pxe_call
Evaluating grub_real_dprintf
Evaluating grub_realidt
Evaluating grub_realloc
Evaluating grub_refresh
Evaluating grub_register_command_prio
Evaluating grub_register_variable_hook
Evaluating grub_snprintf
Evaluating grub_st
Evaluating grub_strchr
Evaluating _memmove
Done processing input:  grub_memset grub_millisleep grub_mm_base 
    grub_modbase grub_named_list_find grub_net_open grub_net_poll_cards_idle
    grub_parser_cmdline_state grub_parser_split_cmdline 
    grub_partition_get_name grub_partition_iterate grub_partition_map_list 
    grub_partition_probe grub_pc_net_config grub_pit_wait grub_print_error 
    grub_printf grub_printf_ grub_puts_ grub_pxe_call grub_real_dprintf 
    grub_realidt grub_realloc grub_refresh grub_register_command_prio 
    grub_register_variable_hook grub_snprintf grub_st grub_strchr _memmove

And one last sample run showing malformed grep input, dictionary hits, and a successful base64 decode (before logging block offset again):

codegolf/work# ./s 
Evaluating <!
Evaluating !(
Evaluating @)
Evaluating @@
Evaluating $;
Evaluating '0@
Evaluating `1
Evaluating 1P$#4
Evaluating )$2
Evaluating -3
Evaluating 3HA
Evaluating 3N
Evaluating @@9
Evaluating 9@
Evaluating 9Jh
Evaluating \9UK
grep: Invalid back reference
Evaluating a#
Evaluating CX
Evaluating ?F
Evaluating !H(
Evaluating +%I
Evaluating Io
Found matches.
Io Iodamoeba Ione Ioni Ionian Ionic Ionicism Ionicization Ionicize Ionidium
Evaluating Kj
Found matches.
Kjeldahl
Evaluating l#
Evaluating L6qh
Decode is good: /��
Evaluating O%
Evaluating OX
Evaluating PR
Evaluating .Q
Evaluating Q4!
Evaluating qQ
Evaluating )u
Evaluating Ua
Found matches.
Uaraycu Uarekena Uaupe
Evaluating $v
Evaluating )V
Evaluating V8
Evaluating V,B~
Evaluating wIH
Evaluating xU
Evaluating y@
Evaluating @z
Evaluating Z0
Evaluating zI
Evaluating Z@!QK
Done processing input:  <! !( @) @@ $; '0@ `1 1P$#4 )$2 -3 3HA 3N
    @@9 9@ 9Jh \9UK a# CX ?F !H( +%I Io Kj l# L6qh O% OX PR .Q Q4!
    qQ )u Ua $v )V V8 V,B~ wIH xU y@ @z Z0 zI Z@!QK