Page 5 of 7

Re: Check it...

PostPosted: Fri May 31, 2002 4:27 am
by sparafina
Originally posted by blackwave
Sooo now we know we also store elevation in the NS1 format, perhaps that is also what is in the mystery chunk? :)


Elevation from a GPS, consumer and mapping grade receivers, is particularly useless, errors typically range + or - 30 to 100 meters. Also elevation shouldn't take up all 60 bytes, but its cool to know its there.

Re: Re: Check it...

PostPosted: Fri May 31, 2002 7:23 am
by blackwave
Originally posted by sparafina
Elevation from a GPS, consumer and mapping grade receivers, is particularly useless,


Tell me about it I was parked and looking at my Garmin eTrex Legend... and noticed with a full rack of birds on the grid my elevation was jumping up and down 30 meters... So I can see why it wouldn't be exported... but too much data isn't enough data... ;)

PostPosted: Fri May 31, 2002 8:20 am
by lincomatic
HAHAHAHAHA! ok, i was just being lazy yesterday. i cracked the date format now...he's just using standard windows FILETIME.
so the only thing left is that %$# 60 byte (optional) mystery chunk and a few weird flags here and there.

and still no sign of GPS elevation info

PostPosted: Fri May 31, 2002 1:31 pm
by 138
Originally posted by lincomatic
HAHAHAHAHA! ok, i was just being lazy yesterday. i cracked the date format now...he's just using standard windows FILETIME.
so the only thing left is that %$# 60 byte (optional) mystery chunk and a few weird flags here and there.

and still no sign of GPS elevation info



I wonder if it's for version control (number). Any ideas how many versions of NS there's been?

PostPosted: Fri May 31, 2002 1:55 pm
by blackwave
Originally posted by 138
Any ideas how many versions of NS there's been?


There appears to be no HISTORY in the provided archived readme.html nor on Marius' NS Homepage http://home.pacbell.net/mariusm/

In the future releases it would be nice to know what was pulled out and what was packed in :) But we all know that documentation takes more time than we would care to take in generating it.

PostPosted: Fri May 31, 2002 1:57 pm
by 138
Originally posted by lincomatic
HAHAHAHAHA! ok, i was just being lazy yesterday. i cracked the date format now...he's just using standard windows FILETIME.
so the only thing left is that %$# 60 byte (optional) mystery chunk and a few weird flags here and there.

and still no sign of GPS elevation info



Hmmm...valid values seem to be only between 00 00 00 00 and 07 00 00 00. Look at what happens when you change it:

HEX Channel FirstSeen LastSeen
07 0 7:12:51 PM 7:12:51 PM
06 6 7:12:51 PM 7:12:51 PM
05 0 7:12:51 PM 7:12:51 PM
04 0 2:31:28 AM 3:14:56 AM
03 0 2:31:28 AM 3:14:56 AM
02 0 2:31:28 AM 3:14:56 AM
01 0 2:31:28 AM 3:14:56 AM
00 0 2:31:28 AM 3:14:56 AM

WTF does that mean?

PostPosted: Fri May 31, 2002 2:04 pm
by lincomatic
what's weird about the 60byte field is that it's optional. meaning some AP's have it and some don't. i have several logs, and the 60byte field is only present when bit0 of the previous DWORD is set. anyway, i've attached my code below. i was holding off because i was embarassed at what a very messy hack it was (i wrote it in just a couple of hours), but what the heck, here it is. once we've decoded the 60byte block, we can go back and clean up the code and crack some of those flag bits i've left out.
does anyone care to take over? i'm really too swamped w/ my work to do any more.

BW: if you really want to slice & dice the NS1 files, my code contains enough info for you to do that since to cutting/merging the files doesn't really require understanding the contents of them...it requires only knowledge of the structure.

PostPosted: Fri May 31, 2002 2:06 pm
by lincomatic
Originally posted by 138



Hmmm...valid values seem to be only between 00 00 00 00 and 07 00 00 00. Look at what happens when you change it:

HEX Channel FirstSeen LastSeen
07 0 7:12:51 PM 7:12:51 PM
06 6 7:12:51 PM 7:12:51 PM
05 0 7:12:51 PM 7:12:51 PM
04 0 2:31:28 AM 3:14:56 AM
03 0 2:31:28 AM 3:14:56 AM
02 0 2:31:28 AM 3:14:56 AM
01 0 2:31:28 AM 3:14:56 AM
00 0 2:31:28 AM 3:14:56 AM

WTF does that mean?


which byte are you referring to?

PostPosted: Fri May 31, 2002 2:09 pm
by 138
Originally posted by lincomatic


which byte are you referring to?



My bad, I must have missed something. I thought we were talking about the bits immediately after the "NetS".

PostPosted: Fri May 31, 2002 2:11 pm
by blackwave
Originally posted by lincomatic

BW: if you really want to slice & dice the NS1 files, my code contains enough info for you to do that since to cutting/merging the files doesn't really require understanding the contents of them...it requires only knowledge of the structure. [/B]


Thanks for all your work and time lincomatic! I will open your work up and try it later this evening . I totally understand about being swamped, (believe it or not) ;) sometimes it feels like I can't even breathe...

<blackwave does the wave for lincomatic>

PostPosted: Fri May 31, 2002 2:45 pm
by lincomatic
Originally posted by 138



My bad, I must have missed something. I thought we were talking about the bits immediately after the "NetS".


so you've seen values other than 06 00 00 00 for the DWORD after NetS? hmm. my files all have the 06. i guess that just adds more the the mystery.

PostPosted: Fri May 31, 2002 2:57 pm
by lincomatic
Originally posted by blackwave

I totally understand about being swamped, (believe it or not) ;) sometimes it feels like I can't even breathe...


my brain is totally fried from lack of sleep...i am so behind on this project i'm doing for work. and i use this NS forum as a release but it just makes me more behind. at least the diversion helps me keep my sanity, though.

PostPosted: Fri May 31, 2002 3:05 pm
by blackwave
Originally posted by lincomatic
at least the diversion helps me keep my sanity, though.


little does lincomatic we switched his sanity for our brand named iNSaNiTy... let's sit back and see if he notices...


Audience Pauses here to watch lincomatic rocking back in forth in a rocking chair wearing a strait jacket, and a hannibal lecter(lektor) mask..


... that there is no board, or ever was a board, or even a netstumbler... yes folks, he lost it a long time ago....

PostPosted: Fri May 31, 2002 3:13 pm
by lincomatic
Originally posted by blackwave
... that there is no board, or ever was a board, or even a netstumbler... yes folks, he lost it a long time ago....


yes...that must be it...NS is just a figment of my imagination :eek:

btw if anyone gets any further w/ the NS1 file cracking, post the code here.

Share! Share! Share! to quote my kids ;)

PostPosted: Fri May 31, 2002 7:45 pm
by lincomatic
looks like someone else has already cracked the NS1 format:
http://www.blackhelo.com/ns/
tried their app but it times out every time, though.