<B>You are doing a forensics evaluation of a linux box that you know has been compromised. You find a binary on the system and assume it was used by the attackers to hide data on box that that was exfiltrated. You dissamble the file and find the x86 assembly shown below (from Ida) - this function was used for obfuscation. You also find a file obfuscated by this tool. Using the key you find in this encoder code what is the unobfuscated first line of the file which starts with</B><PRE>8%%>p2pzpzp8%%>pe8%%>pe(#$e(+9"</PRE>
<BR> HINT: The function was orginally defined as void convert_buf(unsigned char * buf, int len).
<BR>
<PRE>
.text:08048474 ; =============== S U B R O U T I N E =======================================
.text:08048474
.text:08048474 ; Attributes: bp-based frame
.text:08048474
.text:08048474 public convert_buf
.text:08048474 convert_buf proc near ; CODE XREF: main+B2p