I am wondering if people here can show what the real Mt. Gox transactions looked like, or if we can work that out ourselves.
Actually I have three outgoing transactions that I know to have been from Mt. Gox. I have looked at the script data. It is kind of interesting.
The first two on 23rd and 24th of january actually have negative R and S value of the signature, this means that they have one leading 0 byte and the highest bit set (as they should for negative values). This is a non-canonical signature but valid. The third transaction on the 31st of january has positive R and S values, so would be canonical. The IP addresses that transmitted them were involved in a lot of other transmits but they all stopped transmitting on the 4th of february (or blockchain has dropped collecting them?). They are three distinct ip-addresses.
What were the true Mt. Gox transactions, the non canonical ones or the canonical one? Is the canonical one really a mutated transaction, or did Mt. Gox use the standard client for it?