Entries For May 2007
A post to point out two new bits of site content:
A windows-only HTML Application that recovers the original files from
ADODB.Stream by decoding the data at the end of the file and using it to determine the start and end points of the original content, it then saves it alongside the
zix file with the original intended filename and extension.
Streaming Binary Files in Chunks
An example in Classic JScript ASP on how to stream large binary files from the server to the client without consuming large amounts of server resources. With appropriate headers set, the file to stream is read in smallish sequential chunks with each being dumped to client immediately without the usual need to load the entire contents of the file to server memory. Also includes a routine to support HTTP 304 caching to further save on server resources if the client already has the file but isn't sure if it has gone stale. It's nothing new, just something else for my general collection of scripts.
It was to happen eventually: Someone is sending spam emails pretending to be from fake users at this domain (“
andrewu.co.uk”). This is just a note to say that these aren't being sent by me and likely aren't being sent via my mailserver.
If you receive an email and the mail server it was sent from is
andrewu.co.uk, then it is probably fake as my email is actually sent from a different mail server.
If you receive an email and it was sent from an address ending in
@andrewu.co.uk then it may be genuine, but if and only if it passes SPF validation — ask your postmaster or network administrator to enable SPF validation on your incoming email.
Email that purports to be sent from a user at this domain, but that fails SPF validation will be spam sent by a third party.
If you've arrived here looking for a utility to recover the contents of zix files without installing WinZix, then you'll save yourself a couple of minutes of distraction if I just give you the link now: UnZixHTA (source code included). Note: UnZixHTA may not recover newer format version 2 zix files, at least not yet. The remaining information below has aged somewhat as the complexity of zix files found in the wild has increased, so manual zix file recovery with a hex editor is unlikely to be successful on more recent zix files.
You may have encountered the “
.zix” file type, it's increasingly found on downloaded files, often inside a “
.rar” file. After you unpack the
.rar file with something like 7-Zip you discover the file you wanted, but with the
.zix file extension. Packaged along with the
.zix file will often be a webpage with instructions on how to download a program from the Winzix website that will unpack the
.zix file into the usable file (or files) you were originally expecting.
You may also know that that program designed to the do the unpacking is alleged to contain spyware / adware — I don't know as I haven't installed it but search around the web for yourself and make up your own mind.
What Is a Zix File?
At the time of writing, a
.zix file is neither compressed nor encrypted and it's hard to see that the mechanism by which the files are obfuscated could be considered Digital Rights Management and thus fall foul of the DMCA.
Most binary files you encounter on a computer start with a few bytes designed to give an indication as to what type of file it is. For example a PNG image starts with "‰PNG" when viewed in a hex editor. A program attempting to open such a file can use this identifying label to understand how to actually parse the file.
zix file is simply a mis-identified file, it's the plain old original file you wanted but with the wrong label attached to it, although the old label is still there too. On simple zix files you can remove this bad label yourself with nothing more complicated than a hex editor, any hex editor should do, e.g.: XVI32 or you can download a windows-only HTML application I've written that will attempt to recover your file automatically and supports more complex zix files (i.e. zix files that contain more than one file).
I've only seen a few
.zix files so it's possible that the following won't work for all
Automatically Recover a Zix File (Use at Your Own Risk)
UnZixHTA — read the Notes and Security sections before downloading the UnZixHTA application. This windows-only HTML Application reads the zix data at the end of the file and uses it to determine the start and end points of the original files before recovering them file along with their original file names.
Manually Recover a Zix File (Use at Your Own Risk)Note that the following information won't work for zix files that contain multiple files, which these days seems to be most of them.
- Open the
.zixfile in your hex editor of choice.
- Delete the first eleven bytes, e.g.: “
5A 49 58 0B 68 E2 15 00 00 00 00” this may also appear in your hex editor as “
- Save the file with the file extension you were originally expecting, e.g. “
.avi” and that may be enough to recover the file depending on the file type — if not use the above application.
Zix files appear to be able to have different length headers so 11 bytes may be too many or too few so you may not recover the file correctly. To be sure check the data at the end of the Zix file and determine the number of header bytes that should be removed — the number of bytes can be found immediately after the ASCII string “5:starti”. The UnZixHTA application I wrote handles this automatically and also removes the zix data at the end of the file.
If you used XVI32 as your hex editor then replace step two with: Choose “Editor” from the “XVIscript” menu then in the “XVIscript interpreter” window that pops up type “
DEL 11” and then choose the “Execute” button. Proceed to step 3.
There's an entry on zix files over at Winzix (Wikipedia).