From 07864cc0fd5fa4df026c8a9585f7a4986a65b7b2 Mon Sep 17 00:00:00 2001 From: Hyunjee Kim Date: Mon, 18 May 2020 14:15:41 +0900 Subject: [PATCH] Imported Upstream version 5.37 Change-Id: I447bb8875c45e98aa701193009f35a3fc07b1a23 Signed-off-by: Hyunjee Kim --- AUTHORS | 1 + COPYING | 29 + ChangeLog | 1825 ++++++++++++++++++ INSTALL | 365 ++++ MAINT | 44 + Makefile.am | 5 + NEWS | 1 + README | 154 ++ README.DEVELOPER | 40 + RELEASE-PROCEDURE | 29 + TODO | 49 + acinclude.m4 | 58 + configure.ac | 184 ++ doc/.cvsignore | 7 + doc/Makefile.am | 32 + doc/file.man | 717 +++++++ doc/libmagic.man | 413 ++++ doc/magic.man | 755 ++++++++ fuzz/Dockerfile | 21 + fuzz/build.sh | 29 + fuzz/magic_fuzzer.c | 75 + fuzz/project.yaml | 6 + m4/.cvsignore | 2 + magic/.cvsignore | 6 + magic/Header | 5 + magic/Localstuff | 7 + magic/Magdir/acorn | 102 + magic/Magdir/adi | 13 + magic/Magdir/adventure | 122 ++ magic/Magdir/algol68 | 19 + magic/Magdir/allegro | 9 + magic/Magdir/alliant | 18 + magic/Magdir/alpha | 32 + magic/Magdir/amanda | 12 + magic/Magdir/amigaos | 87 + magic/Magdir/android | 180 ++ magic/Magdir/animation | 1074 +++++++++++ magic/Magdir/aout | 46 + magic/Magdir/apache | 28 + magic/Magdir/apl | 7 + magic/Magdir/apple | 524 ++++++ magic/Magdir/application | 7 + magic/Magdir/applix | 13 + magic/Magdir/apt | 52 + magic/Magdir/archive | 1592 ++++++++++++++++ magic/Magdir/assembler | 18 + magic/Magdir/asterix | 18 + magic/Magdir/att3b | 41 + magic/Magdir/audio | 1113 +++++++++++ magic/Magdir/basis | 18 + magic/Magdir/beetle | 7 + magic/Magdir/ber | 65 + magic/Magdir/bflt | 14 + magic/Magdir/bhl | 10 + magic/Magdir/bioinformatics | 178 ++ magic/Magdir/biosig | 154 ++ magic/Magdir/blackberry | 8 + magic/Magdir/blcr | 25 + magic/Magdir/blender | 39 + magic/Magdir/blit | 20 + magic/Magdir/bout | 11 + magic/Magdir/bsdi | 33 + magic/Magdir/bsi | 9 + magic/Magdir/btsnoop | 13 + magic/Magdir/c-lang | 107 ++ magic/Magdir/c64 | 58 + magic/Magdir/cad | 190 ++ magic/Magdir/cafebabe | 72 + magic/Magdir/cbor | 21 + magic/Magdir/cddb | 12 + magic/Magdir/chord | 15 + magic/Magdir/cisco | 12 + magic/Magdir/citrus | 8 + magic/Magdir/clarion | 27 + magic/Magdir/claris | 48 + magic/Magdir/clipper | 65 + magic/Magdir/clojure | 30 + magic/Magdir/coff | 81 + magic/Magdir/commands | 118 ++ magic/Magdir/communications | 22 + magic/Magdir/compress | 394 ++++ magic/Magdir/console | 950 ++++++++++ magic/Magdir/convex | 69 + magic/Magdir/coverage | 91 + magic/Magdir/cracklib | 14 + magic/Magdir/ctags | 6 + magic/Magdir/ctf | 23 + magic/Magdir/cubemap | 8 + magic/Magdir/cups | 56 + magic/Magdir/dact | 11 + magic/Magdir/database | 646 +++++++ magic/Magdir/dataone | 47 + magic/Magdir/dbpf | 15 + magic/Magdir/der | 116 ++ magic/Magdir/diamond | 12 + magic/Magdir/diff | 40 + magic/Magdir/digital | 58 + magic/Magdir/dolby | 69 + magic/Magdir/dump | 96 + magic/Magdir/dyadic | 61 + magic/Magdir/ebml | 8 + magic/Magdir/edid | 11 + magic/Magdir/editors | 39 + magic/Magdir/efi | 15 + magic/Magdir/elf | 333 ++++ magic/Magdir/encore | 22 + magic/Magdir/epoc | 62 + magic/Magdir/erlang | 21 + magic/Magdir/espressif | 57 + magic/Magdir/esri | 28 + magic/Magdir/etf | 33 + magic/Magdir/fcs | 9 + magic/Magdir/filesystems | 2445 ++++++++++++++++++++++++ magic/Magdir/finger | 16 + magic/Magdir/flash | 62 + magic/Magdir/flif | 36 + magic/Magdir/fonts | 382 ++++ magic/Magdir/fortran | 9 + magic/Magdir/frame | 50 + magic/Magdir/freebsd | 144 ++ magic/Magdir/fsav | 128 ++ magic/Magdir/fusecompress | 12 + magic/Magdir/games | 301 +++ magic/Magdir/gcc | 17 + magic/Magdir/gconv | 10 + magic/Magdir/geo | 130 ++ magic/Magdir/geos | 20 + magic/Magdir/gimp | 47 + magic/Magdir/glibc | 21 + magic/Magdir/gnome | 59 + magic/Magdir/gnu | 178 ++ magic/Magdir/gnumeric | 8 + magic/Magdir/gpt | 240 +++ magic/Magdir/gpu | 28 + magic/Magdir/grace | 21 + magic/Magdir/graphviz | 12 + magic/Magdir/gringotts | 48 + magic/Magdir/guile | 13 + magic/Magdir/hardware | 12 + magic/Magdir/hitachi-sh | 30 + magic/Magdir/hp | 433 +++++ magic/Magdir/human68k | 26 + magic/Magdir/ibm370 | 48 + magic/Magdir/ibm6000 | 33 + magic/Magdir/icc | 214 +++ magic/Magdir/iff | 73 + magic/Magdir/images | 1962 +++++++++++++++++++ magic/Magdir/inform | 9 + magic/Magdir/intel | 69 + magic/Magdir/interleaf | 9 + magic/Magdir/island | 10 + magic/Magdir/ispell | 63 + magic/Magdir/isz | 15 + magic/Magdir/java | 45 + magic/Magdir/javascript | 17 + magic/Magdir/jpeg | 126 ++ magic/Magdir/karma | 9 + magic/Magdir/kde | 11 + magic/Magdir/keepass | 20 + magic/Magdir/kerberos | 45 + magic/Magdir/kicad | 69 + magic/Magdir/kml | 34 + magic/Magdir/lecter | 6 + magic/Magdir/lex | 12 + magic/Magdir/lif | 8 + magic/Magdir/linux | 496 +++++ magic/Magdir/lisp | 75 + magic/Magdir/llvm | 21 + magic/Magdir/lua | 22 + magic/Magdir/luks | 13 + magic/Magdir/m4 | 11 + magic/Magdir/mach | 251 +++ magic/Magdir/macintosh | 470 +++++ magic/Magdir/macos | 7 + magic/Magdir/magic | 10 + magic/Magdir/mail.news | 68 + magic/Magdir/make | 36 + magic/Magdir/map | 331 ++++ magic/Magdir/maple | 57 + magic/Magdir/marc21 | 30 + magic/Magdir/mathcad | 8 + magic/Magdir/mathematica | 81 + magic/Magdir/matroska | 17 + magic/Magdir/mcrypt | 38 + magic/Magdir/measure | 39 + magic/Magdir/mercurial | 13 + magic/Magdir/metastore | 8 + magic/Magdir/meteorological | 49 + magic/Magdir/microfocus | 21 + magic/Magdir/mime | 9 + magic/Magdir/mips | 120 ++ magic/Magdir/mirage | 8 + magic/Magdir/misctools | 65 + magic/Magdir/mkid | 11 + magic/Magdir/mlssa | 8 + magic/Magdir/mmdf | 6 + magic/Magdir/modem | 86 + magic/Magdir/motorola | 71 + magic/Magdir/mozilla | 37 + magic/Magdir/msdos | 1503 +++++++++++++++ magic/Magdir/msooxml | 45 + magic/Magdir/msvc | 69 + magic/Magdir/msx | 309 +++ magic/Magdir/mup | 24 + magic/Magdir/music | 17 + magic/Magdir/nasa | 7 + magic/Magdir/natinst | 24 + magic/Magdir/ncr | 49 + magic/Magdir/neko | 12 + magic/Magdir/netbsd | 251 +++ magic/Magdir/netscape | 26 + magic/Magdir/netware | 7 + magic/Magdir/news | 13 + magic/Magdir/nitpicker | 14 + magic/Magdir/numpy | 9 + magic/Magdir/oasis | 12 + magic/Magdir/ocaml | 14 + magic/Magdir/octave | 6 + magic/Magdir/ole2compounddocs | 33 + magic/Magdir/olf | 98 + magic/Magdir/os2 | 49 + magic/Magdir/os400 | 39 + magic/Magdir/os9 | 80 + magic/Magdir/osf1 | 10 + magic/Magdir/palm | 155 ++ magic/Magdir/parix | 13 + magic/Magdir/parrot | 22 + magic/Magdir/pascal | 10 + magic/Magdir/pbf | 11 + magic/Magdir/pbm | 8 + magic/Magdir/pc88 | 24 + magic/Magdir/pc98 | 77 + magic/Magdir/pdf | 31 + magic/Magdir/pdp | 42 + magic/Magdir/perl | 100 + magic/Magdir/pgf | 52 + magic/Magdir/pgp | 561 ++++++ magic/Magdir/pkgadd | 7 + magic/Magdir/plan9 | 18 + magic/Magdir/plus5 | 18 + magic/Magdir/polyml | 23 + magic/Magdir/printer | 150 ++ magic/Magdir/project | 10 + magic/Magdir/psdbms | 14 + magic/Magdir/psl | 14 + magic/Magdir/pulsar | 13 + magic/Magdir/pwsafe | 14 + magic/Magdir/pyramid | 12 + magic/Magdir/python | 101 + magic/Magdir/qt | 19 + magic/Magdir/revision | 66 + magic/Magdir/riff | 332 ++++ magic/Magdir/rinex | 44 + magic/Magdir/rpi | 15 + magic/Magdir/rpm | 45 + magic/Magdir/rpmsg | 7 + magic/Magdir/rtf | 16 + magic/Magdir/ruby | 55 + magic/Magdir/sc | 7 + magic/Magdir/sccs | 22 + magic/Magdir/scientific | 111 ++ magic/Magdir/securitycerts | 6 + magic/Magdir/selinux | 24 + magic/Magdir/sendmail | 37 + magic/Magdir/sequent | 42 + magic/Magdir/sereal | 35 + magic/Magdir/sgi | 138 ++ magic/Magdir/sgml | 145 ++ magic/Magdir/sharc | 23 + magic/Magdir/sinclair | 38 + magic/Magdir/sisu | 18 + magic/Magdir/sketch | 6 + magic/Magdir/smalltalk | 25 + magic/Magdir/smile | 34 + magic/Magdir/sniffer | 357 ++++ magic/Magdir/softquad | 37 + magic/Magdir/spec | 21 + magic/Magdir/spectrum | 80 + magic/Magdir/sql | 141 ++ magic/Magdir/ssh | 13 + magic/Magdir/ssl | 20 + magic/Magdir/sun | 141 ++ magic/Magdir/symbos | 42 + magic/Magdir/sysex | 320 ++++ magic/Magdir/tcl | 29 + magic/Magdir/teapot | 6 + magic/Magdir/terminfo | 62 + magic/Magdir/tex | 139 ++ magic/Magdir/tgif | 7 + magic/Magdir/ti-8x | 239 +++ magic/Magdir/timezone | 32 + magic/Magdir/tplink | 86 + magic/Magdir/troff | 38 + magic/Magdir/tuxedo | 8 + magic/Magdir/typeset | 8 + magic/Magdir/unicode | 15 + magic/Magdir/unknown | 34 + magic/Magdir/uterus | 16 + magic/Magdir/uuencode | 31 + magic/Magdir/vacuum-cleaner | 54 + magic/Magdir/varied.out | 46 + magic/Magdir/varied.script | 51 + magic/Magdir/vax | 27 + magic/Magdir/vicar | 17 + magic/Magdir/virtual | 307 +++ magic/Magdir/virtutech | 12 + magic/Magdir/visx | 32 + magic/Magdir/vms | 30 + magic/Magdir/vmware | 6 + magic/Magdir/vorbis | 155 ++ magic/Magdir/vxl | 14 + magic/Magdir/warc | 16 + magic/Magdir/weak | 16 + magic/Magdir/webassembly | 15 + magic/Magdir/windows | 881 +++++++++ magic/Magdir/wireless | 7 + magic/Magdir/wordprocessors | 262 +++ magic/Magdir/wsdl | 23 + magic/Magdir/x68000 | 25 + magic/Magdir/xdelta | 13 + magic/Magdir/xenix | 92 + magic/Magdir/xilinx | 40 + magic/Magdir/xo65 | 30 + magic/Magdir/xwindows | 35 + magic/Magdir/yara | 17 + magic/Magdir/zfs | 96 + magic/Magdir/zilog | 12 + magic/Magdir/zip | 63 + magic/Magdir/zyxel | 17 + magic/Makefile.am | 342 ++++ magic/scripts/create_filemagic_flac | 71 + python/.cvsignore | 7 + python/CHANGELOG.md | 16 + python/LICENSE | 25 + python/Makefile.am | 4 + python/README.md | 31 + python/example.py | 17 + python/file_magic/__init__.py | 1 + python/magic.py | 288 +++ python/setup.py | 27 + python/tests.py | 32 + src/.cvsignore | 15 + src/BNF | 151 ++ src/Makefile.am | 30 + src/Makefile.std | 167 ++ src/apprentice.c | 3456 ++++++++++++++++++++++++++++++++++ src/apptype.c | 169 ++ src/ascmagic.c | 390 ++++ src/asctime_r.c | 19 + src/asprintf.c | 45 + src/buffer.c | 87 + src/cdf.c | 1642 ++++++++++++++++ src/cdf.h | 352 ++++ src/cdf.mk | 3 + src/cdf_time.c | 198 ++ src/compress.c | 833 ++++++++ src/ctime_r.c | 19 + src/der.c | 409 ++++ src/der.h | 28 + src/dprintf.c | 58 + src/elfclass.h | 82 + src/encoding.c | 596 ++++++ src/file.c | 728 +++++++ src/file.h | 652 +++++++ src/file_opts.h | 61 + src/fmtcheck.c | 251 +++ src/fsmagic.c | 429 +++++ src/funcs.c | 652 +++++++ src/getline.c | 104 + src/getopt_long.c | 498 +++++ src/gmtime_r.c | 19 + src/is_json.c | 462 +++++ src/is_tar.c | 166 ++ src/localtime_r.c | 19 + src/magic.c | 655 +++++++ src/magic.h.in | 158 ++ src/mygetopt.h | 68 + src/patchlevel.h | 361 ++++ src/pread.c | 23 + src/print.c | 264 +++ src/readcdf.c | 676 +++++++ src/readelf.c | 1810 ++++++++++++++++++ src/readelf.h | 545 ++++++ src/seccomp.c | 254 +++ src/softmagic.c | 2326 +++++++++++++++++++++++ src/strcasestr.c | 84 + src/strlcat.c | 58 + src/strlcpy.c | 54 + src/tar.h | 73 + src/teststrchr.c | 20 + src/vasprintf.c | 653 +++++++ tests/.cvsignore | 5 + tests/CVE-2014-1943.result | 1 + tests/CVE-2014-1943.testfile | Bin 0 -> 5 bytes tests/JW07022A.mp3.result | 1 + tests/JW07022A.mp3.testfile | Bin 0 -> 15887 bytes tests/Makefile.am | 88 + tests/README | 14 + tests/escapevel.result | 1 + tests/escapevel.testfile | Bin 0 -> 8813 bytes tests/fit-map-data.result | 1 + tests/fit-map-data.testfile | Bin 0 -> 16001 bytes tests/gedcom.result | 1 + tests/gedcom.testfile | 8 + tests/hddrawcopytool.result | 1 + tests/hddrawcopytool.testfile | Bin 0 -> 1280 bytes tests/issue311docx.result | 1 + tests/issue311docx.testfile | Bin 0 -> 3770 bytes tests/issue359xlsx.result | 1 + tests/issue359xlsx.testfile | Bin 0 -> 4483 bytes tests/json1.result | 1 + tests/json1.testfile | 14 + tests/json2.result | 1 + tests/json2.testfile | 22 + tests/json3.result | 1 + tests/json3.testfile | 13 + tests/regex-eol.magic | 6 + tests/regex-eol.result | 1 + tests/regex-eol.testfile | 24 + tests/test.c | 115 ++ tests/zstd-3-skippable-frames.result | 1 + tests/zstd-dictionary-0.result | 1 + tests/zstd-dictionary-1.result | 1 + tests/zstd-dictionary-2.result | 1 + tests/zstd-skippable-frame-0.result | 1 + tests/zstd-skippable-frame-4.result | 1 + tests/zstd-skippable-frame-8.result | 1 + tests/zstd-skippable-frame-C.result | 1 + tests/zstd-v0.2-FF.result | 1 + tests/zstd-v0.2-FF.testfile | 1 + tests/zstd-v0.3-FF.result | 1 + tests/zstd-v0.3-FF.testfile | 1 + tests/zstd-v0.4-FF.result | 1 + tests/zstd-v0.4-FF.testfile | 1 + tests/zstd-v0.5-FF.result | 1 + tests/zstd-v0.5-FF.testfile | 1 + tests/zstd-v0.6-FF.result | 1 + tests/zstd-v0.6-FF.testfile | 1 + tests/zstd-v0.7-00.result | 1 + tests/zstd-v0.7-21.result | 1 + tests/zstd-v0.7-21.testfile | 1 + tests/zstd-v0.7-22.result | 1 + tests/zstd-v0.7-22.testfile | 1 + tests/zstd-v0.8-00.result | 1 + tests/zstd-v0.8-01.result | 1 + tests/zstd-v0.8-01.testfile | 1 + tests/zstd-v0.8-02.result | 1 + tests/zstd-v0.8-02.testfile | 1 + tests/zstd-v0.8-03.result | 1 + tests/zstd-v0.8-03.testfile | 1 + tests/zstd-v0.8-16.result | 1 + tests/zstd-v0.8-16.testfile | 1 + tests/zstd-v0.8-20.result | 1 + tests/zstd-v0.8-20.testfile | 1 + tests/zstd-v0.8-21.result | 1 + tests/zstd-v0.8-21.testfile | 1 + tests/zstd-v0.8-22.result | 1 + tests/zstd-v0.8-22.testfile | 1 + tests/zstd-v0.8-23.result | 1 + tests/zstd-v0.8-23.testfile | 1 + tests/zstd-v0.8-F4.result | 1 + tests/zstd-v0.8-F4.testfile | 1 + tests/zstd-v0.8-FF.result | 1 + tests/zstd-v0.8-FF.testfile | 1 + visibility.m4 | 77 + 465 files changed, 57372 insertions(+) create mode 100644 AUTHORS create mode 100644 COPYING create mode 100644 ChangeLog create mode 100644 INSTALL create mode 100644 MAINT create mode 100644 Makefile.am create mode 100644 NEWS create mode 100644 README create mode 100644 README.DEVELOPER create mode 100644 RELEASE-PROCEDURE create mode 100644 TODO create mode 100644 acinclude.m4 create mode 100644 configure.ac create mode 100644 doc/.cvsignore create mode 100644 doc/Makefile.am create mode 100644 doc/file.man create mode 100644 doc/libmagic.man create mode 100644 doc/magic.man create mode 100644 fuzz/Dockerfile create mode 100755 fuzz/build.sh create mode 100644 fuzz/magic_fuzzer.c create mode 100644 fuzz/project.yaml create mode 100644 m4/.cvsignore create mode 100644 magic/.cvsignore create mode 100644 magic/Header create mode 100644 magic/Localstuff create mode 100644 magic/Magdir/acorn create mode 100644 magic/Magdir/adi create mode 100644 magic/Magdir/adventure create mode 100644 magic/Magdir/algol68 create mode 100644 magic/Magdir/allegro create mode 100644 magic/Magdir/alliant create mode 100644 magic/Magdir/alpha create mode 100644 magic/Magdir/amanda create mode 100644 magic/Magdir/amigaos create mode 100644 magic/Magdir/android create mode 100644 magic/Magdir/animation create mode 100644 magic/Magdir/aout create mode 100755 magic/Magdir/apache create mode 100644 magic/Magdir/apl create mode 100644 magic/Magdir/apple create mode 100644 magic/Magdir/application create mode 100644 magic/Magdir/applix create mode 100644 magic/Magdir/apt create mode 100644 magic/Magdir/archive create mode 100644 magic/Magdir/assembler create mode 100644 magic/Magdir/asterix create mode 100644 magic/Magdir/att3b create mode 100644 magic/Magdir/audio create mode 100644 magic/Magdir/basis create mode 100644 magic/Magdir/beetle create mode 100644 magic/Magdir/ber create mode 100644 magic/Magdir/bflt create mode 100644 magic/Magdir/bhl create mode 100644 magic/Magdir/bioinformatics create mode 100644 magic/Magdir/biosig create mode 100644 magic/Magdir/blackberry create mode 100644 magic/Magdir/blcr create mode 100644 magic/Magdir/blender create mode 100644 magic/Magdir/blit create mode 100644 magic/Magdir/bout create mode 100644 magic/Magdir/bsdi create mode 100644 magic/Magdir/bsi create mode 100644 magic/Magdir/btsnoop create mode 100644 magic/Magdir/c-lang create mode 100644 magic/Magdir/c64 create mode 100644 magic/Magdir/cad create mode 100644 magic/Magdir/cafebabe create mode 100644 magic/Magdir/cbor create mode 100644 magic/Magdir/cddb create mode 100644 magic/Magdir/chord create mode 100644 magic/Magdir/cisco create mode 100644 magic/Magdir/citrus create mode 100644 magic/Magdir/clarion create mode 100644 magic/Magdir/claris create mode 100644 magic/Magdir/clipper create mode 100644 magic/Magdir/clojure create mode 100644 magic/Magdir/coff create mode 100644 magic/Magdir/commands create mode 100644 magic/Magdir/communications create mode 100644 magic/Magdir/compress create mode 100644 magic/Magdir/console create mode 100644 magic/Magdir/convex create mode 100644 magic/Magdir/coverage create mode 100644 magic/Magdir/cracklib create mode 100644 magic/Magdir/ctags create mode 100644 magic/Magdir/ctf create mode 100644 magic/Magdir/cubemap create mode 100644 magic/Magdir/cups create mode 100644 magic/Magdir/dact create mode 100644 magic/Magdir/database create mode 100644 magic/Magdir/dataone create mode 100644 magic/Magdir/dbpf create mode 100644 magic/Magdir/der create mode 100644 magic/Magdir/diamond create mode 100644 magic/Magdir/diff create mode 100644 magic/Magdir/digital create mode 100644 magic/Magdir/dolby create mode 100644 magic/Magdir/dump create mode 100644 magic/Magdir/dyadic create mode 100644 magic/Magdir/ebml create mode 100644 magic/Magdir/edid create mode 100644 magic/Magdir/editors create mode 100644 magic/Magdir/efi create mode 100644 magic/Magdir/elf create mode 100644 magic/Magdir/encore create mode 100644 magic/Magdir/epoc create mode 100644 magic/Magdir/erlang create mode 100644 magic/Magdir/espressif create mode 100644 magic/Magdir/esri create mode 100644 magic/Magdir/etf create mode 100644 magic/Magdir/fcs create mode 100644 magic/Magdir/filesystems create mode 100644 magic/Magdir/finger create mode 100644 magic/Magdir/flash create mode 100644 magic/Magdir/flif create mode 100644 magic/Magdir/fonts create mode 100644 magic/Magdir/fortran create mode 100644 magic/Magdir/frame create mode 100644 magic/Magdir/freebsd create mode 100644 magic/Magdir/fsav create mode 100644 magic/Magdir/fusecompress create mode 100644 magic/Magdir/games create mode 100644 magic/Magdir/gcc create mode 100644 magic/Magdir/gconv create mode 100644 magic/Magdir/geo create mode 100644 magic/Magdir/geos create mode 100644 magic/Magdir/gimp create mode 100644 magic/Magdir/glibc create mode 100644 magic/Magdir/gnome create mode 100644 magic/Magdir/gnu create mode 100644 magic/Magdir/gnumeric create mode 100644 magic/Magdir/gpt create mode 100644 magic/Magdir/gpu create mode 100644 magic/Magdir/grace create mode 100644 magic/Magdir/graphviz create mode 100644 magic/Magdir/gringotts create mode 100644 magic/Magdir/guile create mode 100644 magic/Magdir/hardware create mode 100644 magic/Magdir/hitachi-sh create mode 100644 magic/Magdir/hp create mode 100644 magic/Magdir/human68k create mode 100644 magic/Magdir/ibm370 create mode 100644 magic/Magdir/ibm6000 create mode 100644 magic/Magdir/icc create mode 100644 magic/Magdir/iff create mode 100644 magic/Magdir/images create mode 100644 magic/Magdir/inform create mode 100644 magic/Magdir/intel create mode 100644 magic/Magdir/interleaf create mode 100644 magic/Magdir/island create mode 100644 magic/Magdir/ispell create mode 100644 magic/Magdir/isz create mode 100644 magic/Magdir/java create mode 100644 magic/Magdir/javascript create mode 100644 magic/Magdir/jpeg create mode 100644 magic/Magdir/karma create mode 100644 magic/Magdir/kde create mode 100644 magic/Magdir/keepass create mode 100644 magic/Magdir/kerberos create mode 100644 magic/Magdir/kicad create mode 100644 magic/Magdir/kml create mode 100644 magic/Magdir/lecter create mode 100644 magic/Magdir/lex create mode 100644 magic/Magdir/lif create mode 100644 magic/Magdir/linux create mode 100644 magic/Magdir/lisp create mode 100644 magic/Magdir/llvm create mode 100644 magic/Magdir/lua create mode 100644 magic/Magdir/luks create mode 100644 magic/Magdir/m4 create mode 100644 magic/Magdir/mach create mode 100644 magic/Magdir/macintosh create mode 100644 magic/Magdir/macos create mode 100644 magic/Magdir/magic create mode 100644 magic/Magdir/mail.news create mode 100644 magic/Magdir/make create mode 100644 magic/Magdir/map create mode 100644 magic/Magdir/maple create mode 100644 magic/Magdir/marc21 create mode 100644 magic/Magdir/mathcad create mode 100644 magic/Magdir/mathematica create mode 100644 magic/Magdir/matroska create mode 100644 magic/Magdir/mcrypt create mode 100644 magic/Magdir/measure create mode 100644 magic/Magdir/mercurial create mode 100644 magic/Magdir/metastore create mode 100644 magic/Magdir/meteorological create mode 100644 magic/Magdir/microfocus create mode 100644 magic/Magdir/mime create mode 100644 magic/Magdir/mips create mode 100644 magic/Magdir/mirage create mode 100644 magic/Magdir/misctools create mode 100644 magic/Magdir/mkid create mode 100644 magic/Magdir/mlssa create mode 100644 magic/Magdir/mmdf create mode 100644 magic/Magdir/modem create mode 100644 magic/Magdir/motorola create mode 100644 magic/Magdir/mozilla create mode 100644 magic/Magdir/msdos create mode 100644 magic/Magdir/msooxml create mode 100644 magic/Magdir/msvc create mode 100644 magic/Magdir/msx create mode 100644 magic/Magdir/mup create mode 100644 magic/Magdir/music create mode 100644 magic/Magdir/nasa create mode 100644 magic/Magdir/natinst create mode 100644 magic/Magdir/ncr create mode 100644 magic/Magdir/neko create mode 100644 magic/Magdir/netbsd create mode 100644 magic/Magdir/netscape create mode 100644 magic/Magdir/netware create mode 100644 magic/Magdir/news create mode 100644 magic/Magdir/nitpicker create mode 100644 magic/Magdir/numpy create mode 100644 magic/Magdir/oasis create mode 100644 magic/Magdir/ocaml create mode 100644 magic/Magdir/octave create mode 100644 magic/Magdir/ole2compounddocs create mode 100644 magic/Magdir/olf create mode 100644 magic/Magdir/os2 create mode 100644 magic/Magdir/os400 create mode 100644 magic/Magdir/os9 create mode 100644 magic/Magdir/osf1 create mode 100644 magic/Magdir/palm create mode 100644 magic/Magdir/parix create mode 100644 magic/Magdir/parrot create mode 100644 magic/Magdir/pascal create mode 100644 magic/Magdir/pbf create mode 100644 magic/Magdir/pbm create mode 100644 magic/Magdir/pc88 create mode 100644 magic/Magdir/pc98 create mode 100644 magic/Magdir/pdf create mode 100644 magic/Magdir/pdp create mode 100644 magic/Magdir/perl create mode 100644 magic/Magdir/pgf create mode 100644 magic/Magdir/pgp create mode 100644 magic/Magdir/pkgadd create mode 100644 magic/Magdir/plan9 create mode 100644 magic/Magdir/plus5 create mode 100644 magic/Magdir/polyml create mode 100644 magic/Magdir/printer create mode 100644 magic/Magdir/project create mode 100644 magic/Magdir/psdbms create mode 100644 magic/Magdir/psl create mode 100644 magic/Magdir/pulsar create mode 100644 magic/Magdir/pwsafe create mode 100644 magic/Magdir/pyramid create mode 100644 magic/Magdir/python create mode 100644 magic/Magdir/qt create mode 100644 magic/Magdir/revision create mode 100644 magic/Magdir/riff create mode 100644 magic/Magdir/rinex create mode 100644 magic/Magdir/rpi create mode 100644 magic/Magdir/rpm create mode 100644 magic/Magdir/rpmsg create mode 100644 magic/Magdir/rtf create mode 100644 magic/Magdir/ruby create mode 100644 magic/Magdir/sc create mode 100644 magic/Magdir/sccs create mode 100644 magic/Magdir/scientific create mode 100644 magic/Magdir/securitycerts create mode 100644 magic/Magdir/selinux create mode 100644 magic/Magdir/sendmail create mode 100644 magic/Magdir/sequent create mode 100644 magic/Magdir/sereal create mode 100644 magic/Magdir/sgi create mode 100644 magic/Magdir/sgml create mode 100644 magic/Magdir/sharc create mode 100644 magic/Magdir/sinclair create mode 100644 magic/Magdir/sisu create mode 100644 magic/Magdir/sketch create mode 100644 magic/Magdir/smalltalk create mode 100644 magic/Magdir/smile create mode 100644 magic/Magdir/sniffer create mode 100644 magic/Magdir/softquad create mode 100644 magic/Magdir/spec create mode 100644 magic/Magdir/spectrum create mode 100644 magic/Magdir/sql create mode 100644 magic/Magdir/ssh create mode 100644 magic/Magdir/ssl create mode 100644 magic/Magdir/sun create mode 100644 magic/Magdir/symbos create mode 100644 magic/Magdir/sysex create mode 100644 magic/Magdir/tcl create mode 100644 magic/Magdir/teapot create mode 100644 magic/Magdir/terminfo create mode 100644 magic/Magdir/tex create mode 100644 magic/Magdir/tgif create mode 100644 magic/Magdir/ti-8x create mode 100644 magic/Magdir/timezone create mode 100644 magic/Magdir/tplink create mode 100644 magic/Magdir/troff create mode 100644 magic/Magdir/tuxedo create mode 100644 magic/Magdir/typeset create mode 100644 magic/Magdir/unicode create mode 100644 magic/Magdir/unknown create mode 100644 magic/Magdir/uterus create mode 100644 magic/Magdir/uuencode create mode 100644 magic/Magdir/vacuum-cleaner create mode 100644 magic/Magdir/varied.out create mode 100644 magic/Magdir/varied.script create mode 100644 magic/Magdir/vax create mode 100644 magic/Magdir/vicar create mode 100644 magic/Magdir/virtual create mode 100644 magic/Magdir/virtutech create mode 100644 magic/Magdir/visx create mode 100644 magic/Magdir/vms create mode 100644 magic/Magdir/vmware create mode 100644 magic/Magdir/vorbis create mode 100644 magic/Magdir/vxl create mode 100644 magic/Magdir/warc create mode 100644 magic/Magdir/weak create mode 100644 magic/Magdir/webassembly create mode 100644 magic/Magdir/windows create mode 100644 magic/Magdir/wireless create mode 100644 magic/Magdir/wordprocessors create mode 100644 magic/Magdir/wsdl create mode 100644 magic/Magdir/x68000 create mode 100644 magic/Magdir/xdelta create mode 100644 magic/Magdir/xenix create mode 100644 magic/Magdir/xilinx create mode 100644 magic/Magdir/xo65 create mode 100644 magic/Magdir/xwindows create mode 100644 magic/Magdir/yara create mode 100644 magic/Magdir/zfs create mode 100644 magic/Magdir/zilog create mode 100644 magic/Magdir/zip create mode 100644 magic/Magdir/zyxel create mode 100644 magic/Makefile.am create mode 100755 magic/scripts/create_filemagic_flac create mode 100644 python/.cvsignore create mode 100644 python/CHANGELOG.md create mode 100644 python/LICENSE create mode 100644 python/Makefile.am create mode 100644 python/README.md create mode 100644 python/example.py create mode 100644 python/file_magic/__init__.py create mode 100644 python/magic.py create mode 100644 python/setup.py create mode 100644 python/tests.py create mode 100644 src/.cvsignore create mode 100644 src/BNF create mode 100644 src/Makefile.am create mode 100644 src/Makefile.std create mode 100644 src/apprentice.c create mode 100644 src/apptype.c create mode 100644 src/ascmagic.c create mode 100644 src/asctime_r.c create mode 100644 src/asprintf.c create mode 100644 src/buffer.c create mode 100644 src/cdf.c create mode 100644 src/cdf.h create mode 100644 src/cdf.mk create mode 100644 src/cdf_time.c create mode 100644 src/compress.c create mode 100644 src/ctime_r.c create mode 100644 src/der.c create mode 100644 src/der.h create mode 100644 src/dprintf.c create mode 100644 src/elfclass.h create mode 100644 src/encoding.c create mode 100644 src/file.c create mode 100644 src/file.h create mode 100644 src/file_opts.h create mode 100644 src/fmtcheck.c create mode 100644 src/fsmagic.c create mode 100644 src/funcs.c create mode 100644 src/getline.c create mode 100644 src/getopt_long.c create mode 100644 src/gmtime_r.c create mode 100644 src/is_json.c create mode 100644 src/is_tar.c create mode 100644 src/localtime_r.c create mode 100644 src/magic.c create mode 100644 src/magic.h.in create mode 100644 src/mygetopt.h create mode 100644 src/patchlevel.h create mode 100644 src/pread.c create mode 100644 src/print.c create mode 100644 src/readcdf.c create mode 100644 src/readelf.c create mode 100644 src/readelf.h create mode 100644 src/seccomp.c create mode 100644 src/softmagic.c create mode 100644 src/strcasestr.c create mode 100644 src/strlcat.c create mode 100644 src/strlcpy.c create mode 100644 src/tar.h create mode 100644 src/teststrchr.c create mode 100644 src/vasprintf.c create mode 100644 tests/.cvsignore create mode 100644 tests/CVE-2014-1943.result create mode 100644 tests/CVE-2014-1943.testfile create mode 100644 tests/JW07022A.mp3.result create mode 100644 tests/JW07022A.mp3.testfile create mode 100644 tests/Makefile.am create mode 100644 tests/README create mode 100644 tests/escapevel.result create mode 100644 tests/escapevel.testfile create mode 100644 tests/fit-map-data.result create mode 100644 tests/fit-map-data.testfile create mode 100644 tests/gedcom.result create mode 100644 tests/gedcom.testfile create mode 100644 tests/hddrawcopytool.result create mode 100644 tests/hddrawcopytool.testfile create mode 100644 tests/issue311docx.result create mode 100644 tests/issue311docx.testfile create mode 100644 tests/issue359xlsx.result create mode 100644 tests/issue359xlsx.testfile create mode 100644 tests/json1.result create mode 100644 tests/json1.testfile create mode 100644 tests/json2.result create mode 100644 tests/json2.testfile create mode 100644 tests/json3.result create mode 100644 tests/json3.testfile create mode 100644 tests/regex-eol.magic create mode 100644 tests/regex-eol.result create mode 100644 tests/regex-eol.testfile create mode 100644 tests/test.c create mode 100644 tests/zstd-3-skippable-frames.result create mode 100644 tests/zstd-dictionary-0.result create mode 100644 tests/zstd-dictionary-1.result create mode 100644 tests/zstd-dictionary-2.result create mode 100644 tests/zstd-skippable-frame-0.result create mode 100644 tests/zstd-skippable-frame-4.result create mode 100644 tests/zstd-skippable-frame-8.result create mode 100644 tests/zstd-skippable-frame-C.result create mode 100644 tests/zstd-v0.2-FF.result create mode 100644 tests/zstd-v0.2-FF.testfile create mode 100644 tests/zstd-v0.3-FF.result create mode 100644 tests/zstd-v0.3-FF.testfile create mode 100644 tests/zstd-v0.4-FF.result create mode 100644 tests/zstd-v0.4-FF.testfile create mode 100644 tests/zstd-v0.5-FF.result create mode 100644 tests/zstd-v0.5-FF.testfile create mode 100644 tests/zstd-v0.6-FF.result create mode 100644 tests/zstd-v0.6-FF.testfile create mode 100644 tests/zstd-v0.7-00.result create mode 100644 tests/zstd-v0.7-21.result create mode 100644 tests/zstd-v0.7-21.testfile create mode 100644 tests/zstd-v0.7-22.result create mode 100644 tests/zstd-v0.7-22.testfile create mode 100644 tests/zstd-v0.8-00.result create mode 100644 tests/zstd-v0.8-01.result create mode 100644 tests/zstd-v0.8-01.testfile create mode 100644 tests/zstd-v0.8-02.result create mode 100644 tests/zstd-v0.8-02.testfile create mode 100644 tests/zstd-v0.8-03.result create mode 100644 tests/zstd-v0.8-03.testfile create mode 100644 tests/zstd-v0.8-16.result create mode 100644 tests/zstd-v0.8-16.testfile create mode 100644 tests/zstd-v0.8-20.result create mode 100644 tests/zstd-v0.8-20.testfile create mode 100644 tests/zstd-v0.8-21.result create mode 100644 tests/zstd-v0.8-21.testfile create mode 100644 tests/zstd-v0.8-22.result create mode 100644 tests/zstd-v0.8-22.testfile create mode 100644 tests/zstd-v0.8-23.result create mode 100644 tests/zstd-v0.8-23.testfile create mode 100644 tests/zstd-v0.8-F4.result create mode 100644 tests/zstd-v0.8-F4.testfile create mode 100644 tests/zstd-v0.8-FF.result create mode 100644 tests/zstd-v0.8-FF.testfile create mode 100644 visibility.m4 diff --git a/AUTHORS b/AUTHORS new file mode 100644 index 0000000..bac5d5b --- /dev/null +++ b/AUTHORS @@ -0,0 +1 @@ +See COPYING. diff --git a/COPYING b/COPYING new file mode 100644 index 0000000..16410a1 --- /dev/null +++ b/COPYING @@ -0,0 +1,29 @@ +$File: COPYING,v 1.2 2018/09/09 20:33:28 christos Exp $ +Copyright (c) Ian F. Darwin 1986, 1987, 1989, 1990, 1991, 1992, 1994, 1995. +Software written by Ian F. Darwin and others; +maintained 1994- Christos Zoulas. + +This software is not subject to any export provision of the United States +Department of Commerce, and may be exported to any country or planet. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice immediately at the beginning of the file, without modification, + this list of conditions, and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR +ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 0000000..482a5f7 --- /dev/null +++ b/ChangeLog @@ -0,0 +1,1825 @@ +2019-05-14 22:26 Christos Zoulas + + * release 5.37 + +2019-05-09 22:27 Christos Zoulas + + * Make sure that continuation separators are printed + with -k within softmagic + +2019-05-06 22:27 Christos Zoulas + + * Change SIGPIPE saving and restoring during compression to use + sigaction(2) instead of signal(3) and cache it. (Denys Vlasenko) + * Cache stat(2) calls more to reduce number of calls (Denys Vlasenko) + +2019-05-06 17:25 Christos Zoulas + + * PR/77: Handle --mime-type and -k correctly. + +2019-05-03 15:26 Christos Zoulas + + * Switch decompression code to use vfork() because + tools like rpmdiff and rpmbuild call libmagic + with large process footprints (Denys Vlasenko) + +2019-04-07 14:05 Christos Zoulas + + * PR/75: --enable-zlib, did not work. + +2019-02-27 11:54 Christos Zoulas + + * Improve regex efficiency (Michael Schroeder) by: + 1. Prefixing regex searches with regular search + for keywords where possible + 2. Using memmem(3) where available + +2019-02-20 10:16 Christos Zoulas + + * release 5.36 + +2019-02-19 15:30 Christos Zoulas + + * Fix cast to use cast macros + * Add UCS-32 builtin detection (PR/61) reported by tmc + +2019-02-18 18:24 Christos Zoulas + + * Fix stack read (PR/62) and write (PR/64) stack overflows + reported by spinpx + +2018-10-18 19:32 Christos Zoulas + + * release 5.35 + +2018-09-10 20:38 Christos Zoulas + + * Add FreeBSD ELF core file support (John Baldwin) + +2018-08-20 18:40 Christos Zoulas + + * PR/30: Allow all parameter values to be set (don't treat 0 specially) + * handle default annotations on the softmagic match instead at the + end. + +2018-07-25 10:17 Christos Zoulas + + * PR/23: Recognize JSON files + +2018-07-25 10:17 Christos Zoulas + + * PR/18: file --mime-encoding should not print mime-type + +2018-07-25 8:50 Christos Zoulas + + * release 5.34 + +2018-06-22 16:38 Christos Zoulas + + * Add Quad indirect offsets + +2018-05-24 14:10 Christos Zoulas + + * Enable parsing of ELF dynamic sections to handle PIE better + +2018-04-15 14:52 Christos Zoulas + + * release 5.33 + +2018-02-24 14:50 Christos Zoulas + + * extend the support for ${x?:} expansions for magic descriptions + +2018-02-21 16:25 Christos Zoulas + + * add support for ${x?:} in mime types to handle + pie binaries. + +2017-11-03 9:23 Christos Zoulas + + * add support for negative offsets (offsets from the end of file) + +2017-09-26 8:22 Christos Zoulas + + * close the file on error when writing magic (Steve Grubb) + +2017-09-24 12:02 Christos Zoulas + + * seccomp support (Paul Moore) + +2017-09-02 11:53 Christos Zoulas + + * release 5.32 + +2017-08-28 16:37 Christos Zoulas + + * Always reset state in {file,buffer}_apprentice (Krzysztof Wilczynski) + +2017-08-27 03:55 Christos Zoulas + + * Fix always true condition (Thomas Jarosch) + +2017-05-24 17:30 Christos Zoulas + + * pickier parsing of numeric values in magic files. + +2017-05-23 17:55 Christos Zoulas + + * PR/615 add magic_getflags() + +2017-05-23 13:55 Christos Zoulas + + * release 5.31 + +2017-03-17 20:32 Christos Zoulas + + * remove trailing spaces from magic files + * refactor is_tar + * better bounds checks for cdf + +2017-02-10 12:24 Christos Zoulas + + * release 5.30 + +2017-02-07 23:27 Christos Zoulas + + * If we exceeded the offset in a search return no match + (Christoph Biedl) + * Be more lenient on corrupt CDF files (Christoph Biedl) + +2017-02-04 16:46 Christos Zoulas + + * pacify ubsan sign extension (oss-fuzz/524) + +2017-02-01 12:42 Christos Zoulas + + * off by one in cdf parsing (PR/593) + * report debugging sections in elf (PR/591) + +2016-11-06 10:52 Christos Zoulas + + * Allow @@@ in extensions + * Add missing overflow check in der magic (Jonas Wagner) + +2016-10-25 10:40 Christos Zoulas + + * release 5.29 + +2016-10-24 11:20 Christos Zoulas + + * der getlength overflow (Jonas Wagner) + * multiple magic file load failure (Christoph Biedl) + +2016-10-17 11:26 Christos Zoulas + + * CDF parsing improvements (Guy Helmer) + +2016-07-20 7:26 Christos Zoulas + + * Add support for signed indirect offsets + +2016-07-18 7:41 Christos Zoulas + + * cat /dev/null | file - should print empty (Christoph Biedl) + +2016-07-05 15:20 Christos Zoulas + + * Bump string size from 64 to 96. + +2016-06-13 20:20 Christos Zoulas + + * PR/556: Fix separators on annotations. + +2016-06-13 19:40 Christos Zoulas + + * release 5.28 + * fix leak on allocation failure + +2016-06-01 1:20 Christos Zoulas + + * PR/555: Avoid overflow for offset > nbytes + * PR/550: Segv on DER parsing: + - use the correct variable for length + - set offset to 0 on failure. + +2016-05-13 12:00 Christos Zoulas + + * release 5.27 + +2016-04-18 9:35 Christos Zoulas + + * Errors comparing DER entries or computing offsets + are just indications of malformed non-DER files. + Don't print them. + * Offset comparison was off-by-one. + * Fix compression code (Werner Fink) + * Put new bytes constant in the right file (not the generated one) + +2016-04-16 18:34 Christos Zoulas + + * release 5.26 + +2016-03-31 13:50 Christos Zoulas + + * make the number of bytes read from files configurable. + +2016-03-21 13:40 Christos Zoulas + + * Add bounds checks for DER code (discovered by Thomas Jarosch) + * Change indirect recursion limit to indirect use count and + bump from 15 to 50 to prevent abuse. + +2016-03-13 20:39 Christos Zoulas + + * Add -00 which prints filename\0description\0 + +2016-03-01 13:28 Christos Zoulas + + * Fix ID3 indirect parsing + +2016-01-19 10:18 Christos Zoulas + + * add DER parsing capability + +2015-11-13 10:35 Christos Zoulas + + * provide dprintf(3) for the OS's that don't have it. + +2015-11-11 16:25 Christos Zoulas + + * redo the compression code report decompression errors + +2015-11-10 23:25 Christos Zoulas + + * REG_STARTEND code is not working as expected, delete it. + +2015-11-09 16:05 Christos Zoulas + + * Add zlib support if we have it. + +2015-11-05 11:22 Christos Zoulas + + * PR/492: compression forking was broken with magic_buffer. + +2015-09-16 9:50 Christos Zoulas + + * release 5.25 + +2015-09-11 13:25 Christos Zoulas + + * add a limit to the length of regex searches + +2015-09-08 9:50 Christos Zoulas + + * fix problems with --parameter (Christoph Biedl) + +2015-07-11 10:35 Christos Zoulas + + * Windows fixes PR/466 (Jason Hood) + +2015-07-09 10:35 Christos Zoulas + + * release 5.24 + +2015-06-11 8:52 Christos Zoulas + + * redo long option encoding to fix off-by-one in 5.23 + +2015-06-10 13:50 Christos Zoulas + + * release 5.23 + +2015-06-09 16:10 Christos Zoulas + + * Fix issue with regex range for magic with offset + * Always return true from mget with USE (success to mget not match + indication). Fixes mime evaluation after USE magic + * PR/459: Don't insert magic entries to the list if there are parsing + errors for them. + +2015-06-03 16:00 Christos Zoulas + + * PR/455: Add utf-7 encoding + +2015-06-03 14:30 Christos Zoulas + + * PR/455: Implement -Z, look inside, but don't report on compression + * PR/454: Fix allocation error on bad magic. + +2015-05-29 10:30 Christos Zoulas + + * handle MAGIC_CONTINUE everywhere, not just in softmagic + +2015-05-21 14:30 Christos Zoulas + + * don't print descriptions for NAME types when mime. + +2015-04-09 15:59 Christos Zoulas + + * Add --extension to list the known extensions for this file type + Idea by Andrew J Roazen + +2015-02-14 12:23 Christos Zoulas + + * Bump file search buffer size to 1M. + +2015-01-09 14:35 Christos Zoulas + + * Fix multiple issues with date formats reported by Christoph Biedl: + - T_LOCAL meaning was reversed + - Arithmetic did not work + Also stop adjusting daylight savings for gmt printing. + +2015-01-05 13:00 Christos Zoulas + + * PR/411: Fix memory corruption from corrupt cdf file. + +2015-01-02 15:15 Christos Zoulas + + * release 5.22 + +2015-01-01 12:01 Christos Zoulas + + * add indirect relative for TIFF/Exif + +2014-12-16 18:10 Christos Zoulas + + * restructure elf note printing to avoid repeated messages + * add note limit, suggested by Alexander Cherepanov + +2014-12-16 16:53 Christos Zoulas + + * Bail out on partial pread()'s (Alexander Cherepanov) + * Fix incorrect bounds check in file_printable (Alexander Cherepanov) + +2014-12-11 20:01 Christos Zoulas + + * PR/405: ignore SIGPIPE from uncompress programs + * change printable -> file_printable and use it in + more places for safety + * in ELF, instead of "(uses dynamic libraries)" when PT_INTERP + is present print the interpreter name. + +2014-12-10 20:01 Christos Zoulas + + * release 5.21 + +2014-11-27 18:40 Christos Zoulas + + * Allow setting more parameters from the command line. + * Split name/use and indirect magic recursion limits. + +2014-11-27 11:12 Christos Zoulas + + * Adjust ELF parameters and the default recursion + level. + * Allow setting the recursion level dynamically. + +2014-11-24 8:55 Christos Zoulas + + * The following fixes resulted from Thomas Jarosch's fuzzing + tests that revealed severe performance issues on pathological + input: + - limit number of elf program and sections processing + - abort elf note processing quickly + - reduce the number of recursion levels from 20 to 10 + - preserve error messages in indirect magic handling + + This is tracked as CVE-2014-8116 and CVE-2014-8117 + +2014-11-12 10:30 Christos Zoulas + + * fix bogus free in the user buffer case. + +2014-11-11 12:35 Christos Zoulas + + * fix out of bounds read for pascal strings + * fix memory leak (not freeing the head of each mlist) + +2014-11-07 10:25 Christos Zoulas + + * When printing strings from a file, convert them to printable + on a byte by byte basis, so that we don't get issues with + locale's trying to interpret random byte streams as UTF-8 and + having printf error out with EILSEQ. + +2014-10-17 11:48 Christos Zoulas + + * fix bounds in note reading (Francisco Alonso / Red Hat) + +2014-10-11 15:02 Christos Zoulas + + * fix autoconf glue for setlocale and locale_t; some OS's + have locale_t in xlocale.h + +2014-10-10 15:01 Christos Zoulas + + * release 5.20 + +2014-08-17 10:01 Christos Zoulas + + * recognize encrypted CDF documents + +2014-08-04 9:18 Christos Zoulas + + * add magic_load_buffers from Brooks Davis + +2014-07-24 16:40 Christos Zoulas + + * add thumbs.db support + +2014-06-12 12:28 Christos Zoulas + + * release 5.19 + +2014-06-09 9:04 Christos Zoulas + + * Misc buffer overruns and missing buffer size tests in cdf parsing + (Francisco Alonso, Jan Kaluza) + +2014-06-02 14:50 Christos Zoulas + + * Enforce limit of 8K on regex searches that have no limits + * Allow the l modifier for regex to mean line count. Default + to byte count. If line count is specified, assume a max + of 80 characters per line to limit the byte count. + * Don't allow conversions to be used for dates, allowing + the mask field to be used as an offset. + +2014-05-30 12:51 Christos Zoulas + + * Make the range operator limit the length of the + regex search. + +2014-05-14 19:23 Christos Zoulas + + * PR/347: Windows fixes + * PR/352: Hangul word processor recognition + * PR/354: Encoding irregularities in text files + +2014-05-06 6:12 Christos Zoulas + + * Fix uninitialized title in CDF files (Jan Kaluza) + +2014-05-04 14:55 Christos Zoulas + + * PR/351: Fix compilation of empty files + +2014-04-30 17:39 Christos Zoulas + + * Fix integer formats: We don't specify 'l' or + 'h' and 'hh' specifiers anymore, only 'll' for + quads and nothing for the rest. This is so that + magic writing is simpler. + +2014-04-01 15:25 Christos Zoulas + + * PR/341: Jan Kaluza, fix memory leak + * PR/342: Jan Kaluza, fix out of bounds read + +2014-03-28 15:25 Christos Zoulas + + * Fix issue with long formats not matching fmtcheck + +2014-03-26 11:25 Christos Zoulas + + * release 5.18 + +2014-03-15 17:45 Christos Zoulas + + * add fmtcheck(3) for those who don't have it + +2014-03-14 15:12 Christos Zoulas + + * prevent mime entries from being attached to magic + entries with no descriptions + + * adjust magic strength for regex type + + * remove superfluous ascmagic with encoding test + +2014-03-06 12:01 Christos Zoulas + + * fix regression fix echo -ne "\012\013\014" | file -i - + which printed "binary" instead of "application/octet-stream" + + * add size_t overflow check for magic file size + +2014-02-27 16:01 Christos Zoulas + + * experimental support for matching with CFD CLSID + +2014-02-18 13:04 Kimmo Suominen (kimmo@suominen.com) + + * Cache old LC_CTYPE locale before setting it to "C", so + we can use it to restore LC_CTYPE instead of asking + setlocale() to scan the environment variables. + +2014-02-12 18:21 Christos Zoulas + + * Count recursion levels through indirect magic + +2014-02-11 10:40 Christos Zoulas + + * Prevent infinite recursion on files with indirect offsets of 0 + +2014-01-30 21:00 Christos Zoulas + + * Add -E flag that makes file print filesystem errors to stderr + and exit. + +2014-01-08 17:20 Christos Zoulas + + * mime printing could print results from multiple magic entries + if there were multiple matches. + * in some cases overflow was not detected when computing offsets + in softmagic. + +2013-12-05 12:00 Christos Zoulas + + * use strcasestr() to for cdf strings + * reset to the "C" locale while doing regex operations, or case + insensitive comparisons; this is provisional + +2013-11-19 20:10 Christos Zoulas + + * always leave magic file loaded, don't unload for magic_check, etc. + * fix default encoding to binary instead of unknown which broke recently + * handle empty and one byte files, less specially so that + --mime-encoding does not break completely. + ` +2013-11-06 14:40 Christos Zoulas + + * fix erroneous non-zero exit code from non-existent file and message + +2013-10-29 14:25 Christos Zoulas + + * add CDF MSI file detection (Guy Helmer) + +2013-09-03 11:56 Christos Zoulas + + * Don't mix errors and regular output if there was an error + * in magic_descriptor() don't close the file and try to restore + its position + +2013-05-30 17:25 Christos Zoulas + + * Don't treat magic as an error if offset was past EOF (Christoph Biedl) + +2013-05-28 17:25 Christos Zoulas + + * Fix spacing issues in softmagic and elf (Jan Kaluza) + +2013-05-02 18:00 Christos Zoulas + + * Fix segmentation fault with multiple magic_load commands. + +2013-04-22 11:20 Christos Zoulas + + * The way "default" was implemented was not very useful + because the "if something was printed at that level" + was not easily controlled by the user, and the format + was bound to a string which is too restrictive. Add + a "clear" for that level keyword and make "default" + void. This way one can do: + + >>13 clear x + >>13 lelong 1 foo + >>13 lelong 2 bar + >>13 default x + >>>13 lelong x unknown %x + +2013-03-25 13:20 Christos Zoulas + + * disallow strength setting in "name" entries + +2013-03-06 21:24 Christos Zoulas + + * fix recursive magic separator printing + +2013-02-26 19:28 Christos Zoulas + + * limit recursion level for mget + * fix pread() related breakage in cdf + * handle offsets properly in recursive "use" + +2013-02-18 10:39 Christos Zoulas + + * add elf reading of debug info to determine if file is stripped + (Jan Kaluza) + * use pread() + +2013-01-25 18:05 Christos Zoulas + + * change mime description size from 64 to 80 to accommodate OOXML. + +2013-01-11 14:50 Christos Zoulas + + * Warn about inconsistent continuation levels. + * Change fsmagic to add a space after it prints. + +2013-01-10 21:00 Christos Zoulas + + * Make getline public so that file can link against it. + Perhaps it is better to rename it, or hide it differently. + Fixes builds on platforms that do not provide it. + +2013-01-07 16:30 Christos Zoulas + + * Add SuS d{,1,2,4,8}, u{,1,2,4,8} and document + what long, int, short, etc is (Guy Harris) + +2013-01-06 11:20 Christos Zoulas + + * add magic_version function and constant + * Redo memory allocation and de-allocation. + (prevents double frees on non mmap platforms) + * Fix bug with name/use having to do with passing + found state from the parent to the child and back. + +2012-12-19 8:47 Christos Zoulas + + * Only print elf capabilities for archs we know (Jan Kaluza) + +2012-10-30 19:14 Christos Zoulas + + * Add "name" and "use" file types in order to look + inside mach-o files. + +2012-09-06 10:40 Christos Zoulas + + * make --version exit 0 (Matthew Schultz) + * add string/T (Jan Kaluza) + +2012-08-09 2:15 Christos Zoulas + + * add z and t modifiers for our own vasprintf + * search for $HOME/.magic.mgc if it is there first + * fix reads from a pipe, and preserve errno + +2012-05-15 13:12 Christos Zoulas + + * use ctime_r, asctime_r + +2012-04-06 17:18 Christos Zoulas + + * Fixes for indirect offsets to handle apple disk formats + +2012-04-03 18:26 Christos Zoulas + + * Add windows date field types + * More info for windows shortcuts (incomplete) + +2012-02-20 17:33 Christos Zoulas + + * Fix CDF parsing issues found by CERT's fuzzing tool (Will Dormann) + +2011-12-15 12:17 Chris Metcalf + + * Support Tilera architectures (tile64, tilepro, tilegx). + +2011-12-16 16:33 Reuben Thomas + + * Add magic for /usr/bin/env Perl scripts + * Weaken generic script magic to avoid clashing with + language-specific magic. + +2011-12-08 13:37 Reuben Thomas + + * Simplify if (p) free(p) to free(p). + +2011-12-08 13:07 Reuben Thomas + + * Remove hardwired token finding (names.h), turning it into soft + magic. Patterns are either anchored regexs or search/8192. English + language detection and PL/1 detection have been removed as they + were too fragile. -e tokens is still accepted for backwards + compatibility. + * Move 3ds patterns (which are commented out anyway) into autodesk + (they were, oddly, in c-lang). + +2011-12-06 00:16 Reuben Thomas + + * Tweak strength of generic hash-bang detectors to be less than + specific ones. + * Make an inconsistent description of Python scripts consistent. + +2011-12-05 23:58 Reuben Thomas + + * Fix minor error in file(1). + +2011-11-05 00:00 Reuben Thomas + + * Fix issue #150 (I hope). + +2011-09-22 12:57 Christos Zoulas + + * Python3 binding fixes from Kelly Anderson + +2011-09-20 11:32 Christos Zoulas + + * If a string type magic entry is marked as text or binary + only match text files against text entries and binary + files against binary entries. + +2011-09-01 12:12 Christos Zoulas + + * Don't wait for any subprocess, just the one we forked. + +2011-08-26 16:40 Christos Zoulas + + * If the application name is not set in a cdf file, try to see + if it has a directory with the application name on it. + +2011-08-17 14:32 Christos Zoulas + + * Fix ELF lseek(2) madness. Inspired by PR/134 by Jan Kaluza + +2011-08-14 09:03 Christos Zoulas + + * Don't use variable string formats. + +2011-07-12 12:32 Reuben Thomas + + * Fix detection of Zip files (Mantis #128). + * Make some minor improvements to file(1). + * Rename MIME types for filesystem objects for consistency with + xdg-utils. Typically this means that application/x-foo becomes + inode/foo, but some names also change slightly, e.g. + application/x-character-device becomes inode/chardevice. + +2011-05-10 20:57 Christos Zoulas + + * fix mingw compilation (Abradoks) + +2011-05-10 20:57 Christos Zoulas + + * remove patchlevel.h + * Fix read past allocated memory caused by double-incrementing + a pointer in a loop (reported by Roberto Maar) + +2011-03-30 15:45 Christos Zoulas + + * Fix cdf string buffer setting (Sven Anders) + +2011-03-20 16:35 Christos Zoulas + + * Eliminate MAXPATHLEN and use dynamic allocation for + path and file buffers. + +2011-03-15 18:15 Christos Zoulas + + * binary tests on magic entries with masks could spuriously + get converted to ascii. + +2011-03-12 18:06 Reuben Thomas + + * Improve file.man (remove BUGS, present email addresses consistently). + +2011-03-07 19:38 Christos Zoulas + + * add lrzip support (from Ville Skytta) + +2011-02-10 16:36 Christos Zoulas + + * fix CDF bounds checking (Guy Helmer) + +2011-02-10 12:03 Christos Zoulas + + * add cdf_ctime() that prints a meaningful error when time cannot + be converted. + +2011-02-02 20:40 Christos Zoulas + + * help and version output to stdout. + + * When matching softmagic for ascii files, don't just print + the softmagic classification, keep going and print the + text classification too. This fixes broken troff files when + we moved them from keyword recognition to softmagic + (they stopped printing "with CRLF" etc.) + Reported by Doug McIlroy. + +2011-01-16 19:31 Reuben Thomas + + * Fix two potential buffer overruns in apprentice_list. + +2011-01-14 22:33 Reuben Thomas + + * New Python binding in pure Python. + * Update libmagic(3). + +2011-01-06 21:40 Reuben Thomas + + * Fix Python bindings (including recent Python 3 compatibility + update). + +2011-01-04 18:43 Reuben Thomas + + * magic/Makefile.am: make it easier to recover from magic build failures. + * Fix pstring length specifier parsing to avoid generating invalid + magic files. + * Add pstring length "J" (for "JPEG") to specify that the length + include itself. + * Fix JPEG comment parsing at last using pstring/HJ! + * Ignore section 5 man pages in doc/.cvsignore. + +2010-12-22 13:12 Christos Zoulas + + * Add pstring/BHhLl to specify the type of the length of pascal + strings. + +2010-11-26 18:39 Reuben Thomas + + * Fix "-e soft": it was ignored when softmagic was called + during asciimagic. + * Improve comments and use "unsigned char" in tar.h/is_tar.c. + +2010-11-05 17:26 Reuben Thomas + + * Make bug reporting addresses more visible. + +2010-11-01 18:35 Reuben Thomas + + * Add tcl magic from Gustaf Neumann + +2010-10-24 10:42 Christos Zoulas + + * Fix the whitespace comparing code (Christopher Chittleborough) + +2010-10-06 21:05 Christos Zoulas + + * allow string/t to work (Jan Kaluza) + +2010-09-20 22:11 Reuben Thomas + + * Apply some patches from Ubuntu and Fedora. + +2010-09-20 21:16 Reuben Thomas + + * Apply all patches from Debian package 5.04-6 which have not + already been applied and are not Debian-specific. + +2010-09-20 15:24 Reuben Thomas + + * Minor security fix to softmagic.c (don't use untrusted + string as printf format). + +2010-07-21 12:20 Christos Zoulas + + * MINGW32 portability from LRN + + * Don't warn about escaping magic regex chars when we are in a regex. + +2010-07-19 10:55 Christos Zoulas + + * Only try to print prpsinfo for core files. (Jan Kaluza) + +2010-04-22 12:55 Christos Zoulas + + * Try more elf offsets for Debian core files. (Arnaud Giersch) + +2010-02-20 15:18 Reuben Thomas + + * Clarify which sort of CDF we mean. + +2010-02-14 22:58 Reuben Thomas + + * Re-jig Zip file type magic so that unsupported special + Zip types (those with "mimetype" at offset 30) can be + recognized. + +2010-02-02 21:50 Reuben Thomas + + * Add support for OCF (EPUB) files (application/epub+zip) + +2010-01-28 18:25 Christos Zoulas + + * Fix core-dump from unbound loop: + https://bugzilla.redhat.com/show_bug.cgi?id=533245 + +2010-01-22 15:45 Christos Zoulas + + * print proper mime for crystal reports file + + * print the last summary information of a cdf document, not the + first so that nested documents print the right info + +2010-01-16 18:42 Charles Longeau + + * bring back some fixes from OpenBSD: + - make gcc2 builds file + - fix typos in a magic file comment + +2009-11-17 18:35 Christos Zoulas + + * ctime/asctime can return NULL on some OS's although + they should not (Toshit Antani) + +2009-09-14 13:49 Christos Zoulas + + * Centralize magic path handling routines and remove the + special-casing from file.c so that the python module for + example comes up with the same magic path (Fixes ~/.magic + handling) (from Gab) + +2009-09-11 23:38 Reuben Thomas + + * When magic argument is a directory, read the files in + strcmp-sorted order (fixes Debian bug #488562 and our own FIXME). + +2009-09-11 13:11 Reuben Thomas + + * Combine overlapping epoc and psion magic files into one (epoc). + + * Add some more EPOC MIME types. + +2009-08-19 15:55 Christos Zoulas + + * Fix 3 bugs (From Ian Darwin): + - file_showstr could move one past the end of the array + - parse_apple did not nul terminate the string in the overflow case + - parse_mime truncated the wrong string in the overflow case + +2009-08-12 12:28 Robert Byrnes + + * Include Localstuff when compiling magic. + +2009-07-15 10:05 Christos Zoulas + + * Fix logic for including mygetopts.h + + * Make cdf.c compile again with debugging + + * Add the necessary field handling for crystal reports files to work + +2009-06-23 01:34 Reuben Thomas + + * Stop "(if" identifying Lisp files, that's plain dumb! + +2009-06-09 22:13 Reuben Thomas + + * Add a couple of missing MP3 MIME types. + +2009-05-27 23:00 Reuben Thomas + + * Add full range of hash-bang tests for Python and Ruby. + + * Add MIME types for Python and Ruby scripts. + +2009-05-13 10:44 Christos Zoulas + + * off by one in parsing hw capabilities in elf + (Cheng Renquan) + +2009-05-08 13:40 Christos Zoulas + + * lint fixes and more from NetBSD + +2009-05-06 10:25 Christos Zoulas + + * Avoid null dereference in cdf code (Drew Yao) + + * More cdf bounds checks and overflow checks + +2009-05-01 18:37 Christos Zoulas + + * Buffer overflow fixes from Drew Yao + +2009-04-30 17:10 Christos Zoulas + + * Fix more cdf lossage. All the documents I have + right now print the correct information. + +2009-03-27 18:43 Christos Zoulas + + * don't print \012- separators in the same magic entry + if it consists of multiple magic printing lines. + +2009-03-23 10:20 Christos Zoulas + + * Avoid file descriptor leak in compress code from + (Daniel Novotny) + +2009-03-18 16:50 Christos Zoulas + + * Allow escaping of relation characters, so that we can say \^[A-Z] + and the ^ is not eaten as a relation char. + + * Fix troff and fortran to their previous glory using + regex. This was broken since their removel from ascmagic. + +2009-03-10 16:50 Christos Zoulas + + * don't use strlen in strndup() (Toby Peterson) + +2009-03-10 7:45 Christos Zoulas + + * avoid c99 syntax. + +2009-02-23 15:45 Christos Zoulas + + * make the cdf code use the buffer first if available, + and then the fd code. + +2009-02-13 13:45 Christos Zoulas + + * look for struct option to determine if getopt.h is usable for IRIX. + + * sanitize cdf document strings + +2009-02-04 13:25 Christos Zoulas + + * fix OS/2 warnings. + +2008-12-12 15:50 Christos Zoulas + + * fix initial offset calculation for non 4K sector files + + * add loop limits to avoid DoS attacks by constructing + looping sector references. + +2008-12-03 13:05 Christos Zoulas + + * fix memory botches on cdf file parsing. + + * exit with non-zero value for any error, not just for the last + file processed. + +2008-11-09 20:42 Charles Longeau + + * Replace all str{cpy,cat} functions with strl{cpy,cat} + * Ensure that strl{cpy,cat} are included in libmagic, + as needed. + +2008-11-06 18:18 Christos Zoulas + + * Handle ID3 format files. + +2008-11-06 23:00 Reuben Thomas + + * Fix --mime, --mime-type and --mime-encoding under new scheme. + + * Rename "ascii" to "text" and add "encoding" test. + + * Return a precise ("utf-16le" or "utf-16be") MIME charset for + UTF-16. + + * Fix error in comment caused by automatic indentation adding + words! + +2008-11-06 10:35 Christos Zoulas + + * use memchr instead of strchr because the string + might not be NUL terminated (Scott MacVicar) + +2008-11-03 07:31 Reuben Thomas + + * Fix a printf with a non-literal format string. + + * Fix formatting and punctuation of help for "--apple". + +2008-10-30 11:00 Reuben Thomas + + * Correct words counts in comments of struct magic. + + * Fix handle_annotation to allow both Apple and MIME types to be + printed, and to return correct code if MIME type is + printed (1, not 0) or if there's an error (-1 not 1). + + * Fix output of charset for MIME type (precede with semi-colon; + fixes Debian bug #501460). + + * Fix potential attacks via conversion specifications in magic + strings. + + * Add a FIXME for Debian bug #488562 (magic files should be + read in a defined order, by sorting the names). + +2008-10-18 16:45 Christos Zoulas + + * Added APPLE file creator/type + +2008-10-12 10:20 Christos Zoulas + + * Added CDF parsing + +2008-10-09 16:40 Christos Zoulas + + * filesystem and msdos patches (Joerg Jenderek) + +2008-10-09 13:20 Christos Zoulas + + * correct --exclude documentation issues: remove troff and fortran + and rename "token" to "tokens". (Randy McMurchy) + +2008-10-01 10:30 Christos Zoulas + + * Read ~/.magic in addition to the default magic file not instead + of, as documented in the man page. + +2008-09-10 21:30 Reuben Thomas + + * Comment out graphviz patterns, as they match too many files. + +2008-08-30 12:54 Christos Zoulas + + * Don't eat trailing \n in magic enties. + + * Cast defines to allow compilation using a c++ compiler. + +2008-08-25 23:56 Reuben Thomas + + * Add text/x-lua MIME type for Lua scripts. + + * Escape { in regex in graphviz patterns. + +2008-07-26 00:59 Reuben Thomas + + * Add MIME types for special files. + + * Use access to give more accurate information for files that + can't be opened. + + * Add a TODO list. + +2008-07-02 11:15 Christos Zoulas + + * add !:strength op to adjust magic strength (experimental) + +2008-06-16 21:41 Reuben Thomas + + * Fix automake error in configure.ac. + + * Add MIME type for Psion Sketch files. + +2008-06-05 08:59 Christos Zoulas + + * Don't print warnings about bad namesize in stripped + binaries with PT_NOTE is still there, and the actual + note is gone (Jakub Jelinek) + +2008-05-28 15:12 Robert Byrnes + + * magic/Magdir/elf: + Note invalid byte order for little-endian SPARC32PLUS. + Add SPARC V9 vendor extensions and memory model. + + * src/elfclass.h: + Pass target machine to doshn (for Solaris hardware capabilities). + + * src/readelf.c (doshn): + Add support for Solaris hardware/software capabilities. + + * src/readelf.h: + Ditto. + + * src/vasprintf.c (dispatch): + Add support for ll modifier. + +2008-05-16 10:25 Christos Zoulas + + * Fix compiler warnings. + + * remove stray printf, and fix a vprintf bug. (Martin Dorey) + +2008-05-06 00:13 Robert Byrnes + + * src/Makefile.am: + Ensure that getopt_long and [v]asprintf are included in libmagic, + as needed. + + Remove unnecessary EXTRA_DIST. + + * src/Makefile.in: + Rerun automake. + + * src/vasprintf.c (dispatch): + Fix variable precision bug: be sure to step past '*'. + + * src/vasprintf.c (core): + Remove unreachable code. + + * src/apprentice.c (set_test_type): + Add cast to avoid compiler warning. + +2008-04-22 23:45 Christos Zoulas + + * Add magic submission guidelines (Abel Cheung) + + * split msdos and windows magic (Abel Cheung) + +2008-04-04 11:00 Christos Zoulas + + * >= <= is not supported, so fix the magic and warn about it. + reported by: Thien-Thi Nguyen + +2008-03-27 16:16 Robert Byrnes + + * src/readelf.c (donote): + ELF core file command name/line bug fixes and enhancements: + + Try larger offsets first to avoid false matches + from earlier data that happen to look like strings; + this primarily affected SunOS 5.x 32-bit Intel core files. + + Add support for command line (instead of just short name) + for SunOS 5.x. + + Add information about NT_PSINFO for SunOS 5.x. + + Only trim whitespace from end of command line. + +2007-02-11 01:36 Reuben Thomas + + * Change strength of ! from MULT to 0, as it matches almost + anything (Reuben Thomas) + + * Debian fixes (Reuben Thomas) + +2007-02-11 00:17 Reuben Thomas + + * Clarify UTF-8 BOM message (Reuben Thomas) + + * Add HTML comment to token list in names.h + +2007-02-04 15:50 Christos Zoulas + + * Debian fixes (Reuben Thomas) + +2007-02-04 11:31 Christos Zoulas + + * !:mime annotations in magic files (Reuben Thomas) + +2007-01-29 15:35 Christos Zoulas + + * zero out utime/utimes structs (Gavin Atkinson) + +2007-01-26 13:45 Christos Zoulas + + * reduce writable data from Diego "Flameeyes" Petten + +2007-12-28 15:06 Christos Zoulas + + * strtof detection + + * remove bogus regex magic that could cause a DoS + + * better mismatch version message + +2007-12-27 11:35 Christos Zoulas + + * bring back some fixes from OpenBSD + + * treat ELF dynamic objects as executables + + * fix gcc warnings + +2007-12-01 19:55 Christos Zoulas + + * make sure we have zlib.h and libz to compile the builtin + decompress code + +2007-10-28 20:48 Christos Zoulas + + * float and double magic support (Behan Webster) + +2007-10-28 20:48 Christos Zoulas + + * Convert fortran to a soft test (Reuben Thomas) + +2007-10-23 5:25 Christos Zoulas + + * Add --with-filename, and --no-filename (Reuben Thomas) + +2007-10-23 3:59 Christos Zoulas + + * Rest of the mime split (Reuben Thomas) + + * Make usage message generated from the flags so that + they stay consistent (Reuben Thomas) + +2007-10-20 3:06 Christos Zoulas + + * typo in comment, missing ifdef QUICK, remove unneeded code + (Charles Longeau) + +2007-10-17 3:33 Christos Zoulas + + * Fix problem printing -\012 in some entries + + * Separate magic type and encoding flags (Reuben Thomas) + +2007-10-09 3:55 Christos Zoulas + + * configure fix for int64 and strndup (Reuben Thomas) + +2007-09-26 4:45 Christos Zoulas + + * Add magic_descriptor() function. + + * Fix regression in elf reading code where the core name was + not being printed. + + * Don't convert NUL's to spaces in {l,b}estring16 (Daniel Dawson) + +2007-08-19 6:30 Christos Zoulas + + * Make mime format consistent so that it can + be easily parsed: + mimetype [charset=character-set] [encoding=encoding-mime-type] + + Remove spurious extra text from some MIME type printouts + (mostly in is_tar). + + Fix one case where -i produced nothing at all (for a 1-byte file, + which is now classed as application/octet-stream). + + Remove 7/8bit classifications, since they were arbitrary + and not based on the file data. + + This work was done by Reuben Thomas + +2007-05-24 10:00 Christos Zoulas + + * Fix another integer overflow (Colin Percival) + +2007-03-26 13:58 Christos Zoulas + + * make sure that all of struct magic_set is initialized appropriately + (Brett) + +2007-03-25 17:44 Christos Zoulas + + * reset left bytes in the buffer (Dmitry V. Levin) + + * compilation failed with COMPILE_ONLY and ENABLE_CONDITIONALS + (Peter Avalos) + +2007-03-15 10:51 Christos Zoulas + + * fix fortran and nroff reversed tests (Dmitry V. Levin) + + * fix exclude option (Dmitry V. Levin) + +2007-02-08 17:30 Christos Zoulas + + * fix integer underflow in file_printf which can lead to + to exploitable heap overflow (Jean-Sebastien Guay-Lero) + +2007-02-05 11:35 Christos Zoulas + + * make socket/pipe reading more robust + +2007-01-25 16:01 Christos Zoulas + + * Centralize all the tests in file_buffer. + + * Add exclude flag. + +2007-01-18 05:29 Anon Ymous + + * Move the "type" detection code from parse() into its own table + driven routine. This avoids maintaining multiple lists in + file.h. + + * Add an optional conditional field (ust before the type field). + This code is wrapped in "#ifdef ENABLE_CONDITIONALS" as it is + likely to go away. + +2007-01-16 23:24 Anon Ymous + + * Fix an initialization bug in check_mem(). + +2007-01-16 14:58 Anon Ymous + + * Add a "default" type to print a message if nothing previously + matched at that level or since the last default at that + level. This is useful for setting up switch-like statements. + It can also be used to do if/else constructions without a + redundant second test. + + * Fix the "x" special case test so that one can test for that + string with "=x". + + * Allow "search" to search the entire buffer if the "/N" + search count is missing. + + * Make "regex" work! It now starts its search at the + specified offset and takes an (optional) "/N" line count to + specify the search range; otherwise it searches to the end + of the file. The match is now grabbed correctly for format + strings and the offset set to the end of the match. + + * Add a "/s" flag to "regex" and "search" to set the offset to + the start of the match. By default the offset is set to the + end of the match, as it is with other tests. This is mostly + useful for "regex". + + * Make "search", "string" and "pstring" use the same + file_strncmp() routine so that they support the same flags; + "bestring16" and "lestring16" call the same routine, but + with flags = 0. Also add a "/C" flag (in analogy to "/c") + to ignore the case on uppercase (lowercase) characters in + the test string. + + * Strict adherence to C style string escapes. A warnings are + printed when compiling. Note: previously "\a" was + incorrectly translated to 'a' instead of an (i.e., + BELL, typically 0x07). + + * Make this compile with "-Wall -Wextra" and all the warning + flags used with WARNS=4 in the NetBSD source. Also make it + pass lint. + + * Many "cleanups" and hopefully not too many new bugs! + +2007-01-16 14:56 Anon Ymous + + * make several more files compile with gcc warnings + on and also make them pass lint. + +2007-01-16 14:54 Anon Ymous + + * fix a puts()/putc() usage goof in file.c + + * make file.c compile with gcc warnings and pass lint + +2006-12-11 16:49 Christos Zoulas + + * fix byteswapping issue + + * report the number of bytes we tried to + allocate when allocation fails + + * add a few missed cases in the strength routine + +2006-12-08 16:32 Christos Zoulas + + * store and print the line number of the magic + entry for debugging. + + * if the magic entry did not print anything, + don't treat it as a match + + * change the magic strength algorithm to take + into account the relationship op. + + * fix a bug in search where we could accidentally + return a match. + + * propagate the error return from match to + file_softmagic. + +2006-11-25 13:35 Christos Zoulas + + * Don't store the current offset in the magic + struct, because it needs to be restored and + it was not done properly all the time. Bug + found by: Arkadiusz Miskiewicz + + * Fix problem in the '\0' separator; and don't + print it as an additional separator; print + it as the only separator. + +2006-11-17 10:51 Christos Zoulas + + * Added a -0 option to print a '\0' separator + Etienne Buira + +2006-10-31 15:14 Christos Zoulas + + * Check offset before copying (Mike Frysinger) + + * merge duplicated code + + * add quad date support + + * make sure that we nul terminate desc (Ryoji Kanai) + + * don't process elf notes multiple times + + * allow -z to report empty compressed files + + * use calloc to initialize the ascii buffers (Jos van den Oever) + +2006-06-08 11:11 Christos Zoulas + + * QNX fixes (Mike Gorchak) + + * Add quad support. + + * FIFO checks (Dr. Werner Fink) + + * Linux ELF fixes (Dr. Werner Fink) + + * Magic format checks (Dr. Werner Fink) + + * Magic format function improvent (Karl Chen) + +2006-05-03 11:11 Christos Zoulas + + * Pick up some elf changes and some constant fixes from SUSE + + * Identify gnu tar vs. posix tar + + * When keep going, don't print spurious newlines (Radek Vokal) + +2006-04-01 12:02 Christos Zoulas + + * Use calloc instead of malloc (Mike Frysinger) + + * Fix configure script to detect wctypes.h (Mike Frysinger) + +2006-03-02 16:06 Christos Zoulas + + * Print empty if the file is (Mike Frysinger) + + * Don't try to read past the end of the buffer (Mike Frysinger) + + * Sort magic entries by strength [experimental] + +2005-11-29 13:26 Christos Zoulas + + * Use iswprint() to convert the output string. + (Bastien Nocera) + +2005-10-31 8:54 Christos Zoulas + + * Fix regression where the core info was not completely processed + (Radek Vokal) + +2005-10-20 11:15 Christos Zoulas + + * Middle Endian magic (Diomidis Spinellis) + +2005-10-17 11:15 Christos Zoulas + + * Open with O_BINARY for CYGWIN (Corinna Vinschen) + + * Don't close stdin (Arkadiusz Miskiewicz) + + * Look for note sections in non executables. + +2005-09-20 13:33 Christos Zoulas + + * Don't print SVR4 Style in core files multiple times + (Radek Vokal) + +2005-08-27 04:09 Christos Zoulas + + * Cygwin changes Corinna Vinschen + +2005-08-18 09:53 Christos Zoulas + + * Remove erroreous mention of /etc/magic in the file man page + This is gentoo bug 101639. (Mike Frysinger) + + * Cross-compile support and detection (Mike Frysinger) + +2005-08-12 10:17 Christos Zoulas + + * Add -h flag and dereference symlinks if POSIXLY_CORRECT + is set. + +2005-07-29 13:57 Christos Zoulas + + * Avoid search and regex buffer overflows (Kelledin) + +2005-07-12 11:48 Christos Zoulas + + * Provide stub implementations for {v,}nsprintf() for older + OS's that don't have them. + * Change mbstate_t autoconf detection macro from AC_MBSTATE_T + to AC_TYPE_MBSTATE_T. + +2005-06-25 11:48 Christos Zoulas + + * Dynamically allocate the string buffers and make the + default read size 256K. + +2005-06-01 00:00 Joerg Sonnenberger + + * Dragonfly ELF note support + +2005-03-14 00:00 Giuliano Bertoletti + + * Avoid NULL pointer dereference in time conversion. + +2005-03-06 00:00 Joerg Walter + + * Add indirect magic offset support, and search mode. + +2005-01-12 00:00 Stepan Kasal + + * src/ascmagic.c (file_ascmagic): Fix three bugs about text files: + If a CRLF text file happens to have CR at offset HOWMANY - 1 + (currently 0xffff), it should not be counted as CR line + terminator. + If a line has length exactly MAXLINELEN, it should not yet be + treated as a ``very long line'', as MAXLINELEN is ``longest sane + line length''. + With CRLF, the line length was not computed correctly, and even + lines of length MAXLINELEN - 1 were treated as ``very long''. + +2004-12-07 14:15 Christos Zoulas + + * bzip2 needs a lot of input buffer space on some files + before it can begin uncompressing. This makes file -z + fail on some bz2 files. Fix it by giving it a copy of + the file descriptor to read as much as it wants if we + have access to it. + +2004-11-24 12:39 Christos Zoulas + + * Stack smash fix, and ELF more conservative reading. + Jakub Bogusz + +2004-11-20 18:50 Christos Zoulas + + * New FreeBSD version parsing code: + Jon Noack + + * Hackish support for ucs16 strings + +2004-11-13 03:07 Christos Zoulas + + * print the file name and line number in syntax errors. + +2004 10-12 10:50 Christos Zoulas + + * Fix stack overwriting on 0 length strings: Tim Waugh + Ned Ludd + +2004-09-27 11:30 Christos Zoulas + + * Remove 3rd and 4th copyright clause; approved by Ian Darwin. + + * Fix small memory leaks; caught by: Tamas Sarlos + + +2004-07-24 16:33 Christos Zoulas + + * magic.mime update Danny Milosavljevic + + * FreeBSD version update Oliver Eikemeier + + * utime/utimes detection Ian Lance Taylor + + * errors reading elf magic Jakub Bogusz + +2004-04-12 10:55 Christos Zoulas + + * make sure that magic formats match magic types during compilation + + * fix broken sgi magic file + +2004-04-06 20:36 Christos Zoulas + + * detect present of mbstate_t Petter Reinholdtsen + + * magic fixes + +2004-03-22 15:25 Christos Zoulas + + * Lots of mime fixes + (Joerg Ostertag) + + * FreeBSD ELF version handling + (Edwin Groothuis) + + * correct cleanup in all cases; don't just close the file. + (Christos Zoulas) + + * add gettext message catalogue support + (Michael Piefel) + + * better printout for unreadable files + (Michael Piefel) + + * compensate for missing MAXPATHLEN + (Michael Piefel) + + * add wide character string length computation + (Michael Piefel) + + * Avoid infinite loops caused by bad elf alignments + or name and description note sizes. Reported by + (Mikael Magnusson) + +2004-03-09 13:55 Christos Zoulas + + * Fix possible memory leak on error and add missing regfree + (Dmitry V. Levin) + +2003-12-23 12:12 Christos Zoulas + + * fix -k flag (Maciej W. Rozycki) + +2003-11-18 14:10 Christos Zoulas + + * Try to give us much info as possible on corrupt elf files. + (Willy Tarreau) + * Updated python bindings (Brett Funderburg) + + +2003-11-11 15:03 Christos Zoulas + + * Include file.h first, because it includes config.h + breaks largefile test macros otherwise. + (Paul Eggert via + Lars Hecking ) + +2003-10-14 21:39 Christos Zoulas + + * Python bindings (Brett Funderburg) + * Don't lookup past the end of the buffer + (Chad Hanson) + * Add MAGIC_ERROR and api on magic_errno() + +2003-10-08 12:40 Christos Zoulas + + * handle error conditions from compile as fatal + (Antti Kantee) + * handle magic filename parsing sanely + * more magic fixes. + * fix a memory leak (Illes Marton) + * describe magic file handling + (Bryan Henderson) + +2003-09-12 15:09 Christos Zoulas + + * update magic files. + * remove largefile support from file.h; it breaks things on most OS's + +2003-08-10 10:25 Christos Zoulas + + * fix unmapping'ing of mmaped files. + +2003-07-10 12:03 Christos Zoulas + + * don't exit with -1 on error; always exit 1 (Marty Leisner) + * restore utimes code. + +2003-06-10 17:03 Christos Zoulas + + * make sure we don't access uninitialized memory. + * pass lint + * #ifdef __cplusplus in magic.h + +2003-05-25 19:23 Christos Zoulas + + * rename cvs magic file to revision to deal with + case insensitive filesystems. + +2003-05-23 17:03 Christos Zoulas + + * documentation fixes from Michael Piefel + * magic fixes (various) + * revert basename magic in .mgc name determination + * buffer protection in uncompress, + signness issues, + close files + Maciej W. Rozycki + + * fix zsh magic + +2003-04-04 16:59 Christos Zoulas + + * fix operand sort order in string. + +2003-04-02 17:30 Christos Zoulas + + * cleanup namespace in magic.h + +2003-04-02 13:50 Christos Zoulas + + * Magic additions (Alex Ott) + * Fix bug that broke VPATH compilation (Peter Breitenlohner) + +2003-03-28 16:03 Christos Zoulas + + * remove packed attribute from magic struct. + * make the magic struct properly aligned. + * bump version number of compiled files to 2. + +2003-03-27 13:10 Christos Zoulas + + * separate tar detection and run it before softmagic. + * fix reversed symlink test. + * fix version printing. + * make separator a string instead of a char. + * update manual page and sort options. + +2003-03-26 11:00 Christos Zoulas + + * Pass lint + * make NULL in magic_file mean stdin + * Fix "-" argument to file to pass NULL to magic_file + * avoid pointer casts by using memcpy + * rename magic_buf -> magic_buffer + * keep only the first error + * manual page: new sentence, new line + * fix typo in api function (magic_buf -> magic_buffer) diff --git a/INSTALL b/INSTALL new file mode 100644 index 0000000..7d1c323 --- /dev/null +++ b/INSTALL @@ -0,0 +1,365 @@ +Installation Instructions +************************* + +Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005, +2006, 2007, 2008, 2009 Free Software Foundation, Inc. + + Copying and distribution of this file, with or without modification, +are permitted in any medium without royalty provided the copyright +notice and this notice are preserved. This file is offered as-is, +without warranty of any kind. + +Basic Installation +================== + + Briefly, the shell commands `./configure; make; make install' should +configure, build, and install this package. The following +more-detailed instructions are generic; see the `README' file for +instructions specific to this package. Some packages provide this +`INSTALL' file but do not implement all of the features documented +below. The lack of an optional feature in a given package is not +necessarily a bug. More recommendations for GNU packages can be found +in *note Makefile Conventions: (standards)Makefile Conventions. + + The `configure' shell script attempts to guess correct values for +various system-dependent variables used during compilation. It uses +those values to create a `Makefile' in each directory of the package. +It may also create one or more `.h' files containing system-dependent +definitions. Finally, it creates a shell script `config.status' that +you can run in the future to recreate the current configuration, and a +file `config.log' containing compiler output (useful mainly for +debugging `configure'). + + It can also use an optional file (typically called `config.cache' +and enabled with `--cache-file=config.cache' or simply `-C') that saves +the results of its tests to speed up reconfiguring. Caching is +disabled by default to prevent problems with accidental use of stale +cache files. + + If you need to do unusual things to compile the package, please try +to figure out how `configure' could check whether to do them, and mail +diffs or instructions to the address given in the `README' so they can +be considered for the next release. If you are using the cache, and at +some point `config.cache' contains results you don't want to keep, you +may remove or edit it. + + The file `configure.ac' (or `configure.in') is used to create +`configure' by a program called `autoconf'. You need `configure.ac' if +you want to change it or regenerate `configure' using a newer version +of `autoconf'. + + The simplest way to compile this package is: + + 1. `cd' to the directory containing the package's source code and type + `./configure' to configure the package for your system. + + Running `configure' might take a while. While running, it prints + some messages telling which features it is checking for. + + 2. Type `make' to compile the package. + + 3. Optionally, type `make check' to run any self-tests that come with + the package, generally using the just-built uninstalled binaries. + + 4. Type `make install' to install the programs and any data files and + documentation. When installing into a prefix owned by root, it is + recommended that the package be configured and built as a regular + user, and only the `make install' phase executed with root + privileges. + + 5. Optionally, type `make installcheck' to repeat any self-tests, but + this time using the binaries in their final installed location. + This target does not install anything. Running this target as a + regular user, particularly if the prior `make install' required + root privileges, verifies that the installation completed + correctly. + + 6. You can remove the program binaries and object files from the + source code directory by typing `make clean'. To also remove the + files that `configure' created (so you can compile the package for + a different kind of computer), type `make distclean'. There is + also a `make maintainer-clean' target, but that is intended mainly + for the package's developers. If you use it, you may have to get + all sorts of other programs in order to regenerate files that came + with the distribution. + + 7. Often, you can also type `make uninstall' to remove the installed + files again. In practice, not all packages have tested that + uninstallation works correctly, even though it is required by the + GNU Coding Standards. + + 8. Some packages, particularly those that use Automake, provide `make + distcheck', which can by used by developers to test that all other + targets like `make install' and `make uninstall' work correctly. + This target is generally not run by end users. + +Compilers and Options +===================== + + Some systems require unusual options for compilation or linking that +the `configure' script does not know about. Run `./configure --help' +for details on some of the pertinent environment variables. + + You can give `configure' initial values for configuration parameters +by setting variables in the command line or in the environment. Here +is an example: + + ./configure CC=c99 CFLAGS=-g LIBS=-lposix + + *Note Defining Variables::, for more details. + +Compiling For Multiple Architectures +==================================== + + You can compile the package for more than one kind of computer at the +same time, by placing the object files for each architecture in their +own directory. To do this, you can use GNU `make'. `cd' to the +directory where you want the object files and executables to go and run +the `configure' script. `configure' automatically checks for the +source code in the directory that `configure' is in and in `..'. This +is known as a "VPATH" build. + + With a non-GNU `make', it is safer to compile the package for one +architecture at a time in the source code directory. After you have +installed the package for one architecture, use `make distclean' before +reconfiguring for another architecture. + + On MacOS X 10.5 and later systems, you can create libraries and +executables that work on multiple system types--known as "fat" or +"universal" binaries--by specifying multiple `-arch' options to the +compiler but only a single `-arch' option to the preprocessor. Like +this: + + ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ + CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ + CPP="gcc -E" CXXCPP="g++ -E" + + This is not guaranteed to produce working output in all cases, you +may have to build one architecture at a time and combine the results +using the `lipo' tool if you have problems. + +Installation Names +================== + + By default, `make install' installs the package's commands under +`/usr/local/bin', include files under `/usr/local/include', etc. You +can specify an installation prefix other than `/usr/local' by giving +`configure' the option `--prefix=PREFIX', where PREFIX must be an +absolute file name. + + You can specify separate installation prefixes for +architecture-specific files and architecture-independent files. If you +pass the option `--exec-prefix=PREFIX' to `configure', the package uses +PREFIX as the prefix for installing programs and libraries. +Documentation and other data files still use the regular prefix. + + In addition, if you use an unusual directory layout you can give +options like `--bindir=DIR' to specify different values for particular +kinds of files. Run `configure --help' for a list of the directories +you can set and what kinds of files go in them. In general, the +default for these options is expressed in terms of `${prefix}', so that +specifying just `--prefix' will affect all of the other directory +specifications that were not explicitly provided. + + The most portable way to affect installation locations is to pass the +correct locations to `configure'; however, many packages provide one or +both of the following shortcuts of passing variable assignments to the +`make install' command line to change installation locations without +having to reconfigure or recompile. + + The first method involves providing an override variable for each +affected directory. For example, `make install +prefix=/alternate/directory' will choose an alternate location for all +directory configuration variables that were expressed in terms of +`${prefix}'. Any directories that were specified during `configure', +but not in terms of `${prefix}', must each be overridden at install +time for the entire installation to be relocated. The approach of +makefile variable overrides for each directory variable is required by +the GNU Coding Standards, and ideally causes no recompilation. +However, some platforms have known limitations with the semantics of +shared libraries that end up requiring recompilation when using this +method, particularly noticeable in packages that use GNU Libtool. + + The second method involves providing the `DESTDIR' variable. For +example, `make install DESTDIR=/alternate/directory' will prepend +`/alternate/directory' before all installation names. The approach of +`DESTDIR' overrides is not required by the GNU Coding Standards, and +does not work on platforms that have drive letters. On the other hand, +it does better at avoiding recompilation issues, and works well even +when some directory options were not specified in terms of `${prefix}' +at `configure' time. + +Optional Features +================= + + If the package supports it, you can cause programs to be installed +with an extra prefix or suffix on their names by giving `configure' the +option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. + + Some packages pay attention to `--enable-FEATURE' options to +`configure', where FEATURE indicates an optional part of the package. +They may also pay attention to `--with-PACKAGE' options, where PACKAGE +is something like `gnu-as' or `x' (for the X Window System). The +`README' should mention any `--enable-' and `--with-' options that the +package recognizes. + + For packages that use the X Window System, `configure' can usually +find the X include and library files automatically, but if it doesn't, +you can use the `configure' options `--x-includes=DIR' and +`--x-libraries=DIR' to specify their locations. + + Some packages offer the ability to configure how verbose the +execution of `make' will be. For these packages, running `./configure +--enable-silent-rules' sets the default to minimal output, which can be +overridden with `make V=1'; while running `./configure +--disable-silent-rules' sets the default to verbose, which can be +overridden with `make V=0'. + +Particular systems +================== + + On HP-UX, the default C compiler is not ANSI C compatible. If GNU +CC is not installed, it is recommended to use the following options in +order to use an ANSI C compiler: + + ./configure CC="cc -Ae -D_XOPEN_SOURCE=500" + +and if that doesn't work, install pre-built binaries of GCC for HP-UX. + + On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot +parse its `' header file. The option `-nodtk' can be used as +a workaround. If GNU CC is not installed, it is therefore recommended +to try + + ./configure CC="cc" + +and if that doesn't work, try + + ./configure CC="cc -nodtk" + + On Solaris, don't put `/usr/ucb' early in your `PATH'. This +directory contains several dysfunctional programs; working variants of +these programs are available in `/usr/bin'. So, if you need `/usr/ucb' +in your `PATH', put it _after_ `/usr/bin'. + + On Haiku, software installed for all users goes in `/boot/common', +not `/usr/local'. It is recommended to use the following options: + + ./configure --prefix=/boot/common + +Specifying the System Type +========================== + + There may be some features `configure' cannot figure out +automatically, but needs to determine by the type of machine the package +will run on. Usually, assuming the package is built to be run on the +_same_ architectures, `configure' can figure that out, but if it prints +a message saying it cannot guess the machine type, give it the +`--build=TYPE' option. TYPE can either be a short name for the system +type, such as `sun4', or a canonical name which has the form: + + CPU-COMPANY-SYSTEM + +where SYSTEM can have one of these forms: + + OS + KERNEL-OS + + See the file `config.sub' for the possible values of each field. If +`config.sub' isn't included in this package, then this package doesn't +need to know the machine type. + + If you are _building_ compiler tools for cross-compiling, you should +use the option `--target=TYPE' to select the type of system they will +produce code for. + + If you want to _use_ a cross compiler, that generates code for a +platform different from the build platform, you should specify the +"host" platform (i.e., that on which the generated programs will +eventually be run) with `--host=TYPE'. + +Sharing Defaults +================ + + If you want to set default values for `configure' scripts to share, +you can create a site shell script called `config.site' that gives +default values for variables like `CC', `cache_file', and `prefix'. +`configure' looks for `PREFIX/share/config.site' if it exists, then +`PREFIX/etc/config.site' if it exists. Or, you can set the +`CONFIG_SITE' environment variable to the location of the site script. +A warning: not all `configure' scripts look for a site script. + +Defining Variables +================== + + Variables not defined in a site shell script can be set in the +environment passed to `configure'. However, some packages may run +configure again during the build, and the customized values of these +variables may be lost. In order to avoid this problem, you should set +them in the `configure' command line, using `VAR=value'. For example: + + ./configure CC=/usr/local2/bin/gcc + +causes the specified `gcc' to be used as the C compiler (unless it is +overridden in the site shell script). + +Unfortunately, this technique does not work for `CONFIG_SHELL' due to +an Autoconf bug. Until the bug is fixed you can use this workaround: + + CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash + +`configure' Invocation +====================== + + `configure' recognizes the following options to control how it +operates. + +`--help' +`-h' + Print a summary of all of the options to `configure', and exit. + +`--help=short' +`--help=recursive' + Print a summary of the options unique to this package's + `configure', and exit. The `short' variant lists options used + only in the top level, while the `recursive' variant lists options + also present in any nested packages. + +`--version' +`-V' + Print the version of Autoconf used to generate the `configure' + script, and exit. + +`--cache-file=FILE' + Enable the cache: use and save the results of the tests in FILE, + traditionally `config.cache'. FILE defaults to `/dev/null' to + disable caching. + +`--config-cache' +`-C' + Alias for `--cache-file=config.cache'. + +`--quiet' +`--silent' +`-q' + Do not print messages saying which checks are being made. To + suppress all normal output, redirect it to `/dev/null' (any error + messages will still be shown). + +`--srcdir=DIR' + Look for the package's source code in directory DIR. Usually + `configure' can determine that directory automatically. + +`--prefix=DIR' + Use DIR as the installation prefix. *note Installation Names:: + for more details, including other options available for fine-tuning + the installation locations. + +`--no-create' +`-n' + Run the configure checks, but stop before creating any output + files. + +`configure' also accepts some other, not widely useful, options. Run +`configure --help' for more details. + diff --git a/MAINT b/MAINT new file mode 100644 index 0000000..6820306 --- /dev/null +++ b/MAINT @@ -0,0 +1,44 @@ +$File: MAINT,v 1.9 2007/01/19 21:15:27 christos Exp $ + +Maintenance notes: + +I am continuing to maintain the file command. I welcome your help, +but to make my life easier I'd like to request the following: + +- Do not distribute changed versions. + +People trying to be helpful occasionally put up their hacked versions +of the file command for anonymous FTP, and people all over the +world get copies of the hacked versions. Within a day or two I am +getting email from around the world asking me why "my" file command +won't compile!!! Needless to say this detracts from the limited +time I have available to work on the actual software. Therefore I +ask you again to please NOT distribute your changed version. If +you need to make changes, please add a patch file next to the +distribution tar, and a README file that clearly explains what you +are trying to fix. + +Thank you for your assistance and cooperation. + +Code Overview + +This is a rough idea of the control flow from the main program: + +file.c main() +file.c process (called for each file) + printf file name +magic.c magic_file() +fsmagic.c file_fsmagic() + (handles statbuf modes for DEV) + (handles statbuf modes for executable &c. + reads data from file. +funcs.c: file_buffer() +compress.c file_zmagic() +is_tar.c file_is_tar() +softmagic.c file_softmagic() + match() - looks for match against main magic database +ascmagic.c file_ascmagic() +readelf.c file_tryelf() + "unknown" + +Christos Zoulas (see README for email address) diff --git a/Makefile.am b/Makefile.am new file mode 100644 index 0000000..8bd927d --- /dev/null +++ b/Makefile.am @@ -0,0 +1,5 @@ +ACLOCAL_AMFLAGS = -I m4 + +EXTRA_DIST = MAINT + +SUBDIRS = src magic tests doc python diff --git a/NEWS b/NEWS new file mode 100644 index 0000000..898a3da --- /dev/null +++ b/NEWS @@ -0,0 +1 @@ +See ChangeLog. diff --git a/README b/README new file mode 100644 index 0000000..bb29a46 --- /dev/null +++ b/README @@ -0,0 +1,154 @@ +## README for file(1) Command and the libmagic(3) library ## + + @(#) $File: README,v 1.57 2019/02/06 00:20:56 christos Exp $ + +Mailing List: file@astron.com +Mailing List archives: http://mailman.astron.com/pipermail/file/ +Bug tracker: http://bugs.astron.com/ +E-mail: christos@astron.com +Build Status: https://travis-ci.org/file/file + +Phone: Do not even think of telephoning me about this program. Send cash first! + +This is Release 5.x of Ian Darwin's (copyright but distributable) +file(1) command, an implementation of the Unix File(1) command. +It knows the 'magic number' of several thousands of file types. +This version is the standard "file" command for Linux, +*BSD, and other systems. (See "patchlevel.h" for the exact release number). + +You can download the latest version of the original sources for file from: + + ftp://ftp.astron.com/pub/file/ + +A public read-only git repository of the same sources is available at: + + https://github.com/file/file + +The major changes for 5.x are CDF file parsing, indirect magic, name/use +(recursion) and overhaul in mime and ascii encoding handling. + +The major feature of 4.x is the refactoring of the code into a library, +and the re-write of the file command in terms of that library. The library +itself, libmagic can be used by 3rd party programs that wish to identify +file types without having to fork() and exec() file. The prime contributor +for 4.0 was Mans Rullgard. + +UNIX is a trademark of UNIX System Laboratories. + +The prime contributor to Release 3.8 was Guy Harris, who put in megachanges +including byte-order independence. + +The prime contributor to Release 3.0 was Christos Zoulas, who put +in hundreds of lines of source code changes, including his own +ANSIfication of the code (I liked my own ANSIfication better, but +his (__P()) is the "Berkeley standard" way of doing it, and I wanted UCB +to include the code...), his HP-like "indirection" (a feature of +the HP file command, I think), and his mods that finally got the +uncompress (-z) mode finished and working. + +This release has compiled in numerous environments; see PORTING +for a list and problems. + +This fine freeware file(1) follows the USG (System V) model of the file +command, rather than the Research (V7) version or the V7-derived 4.[23] +Berkeley one. That is, the file /etc/magic contains much of the ritual +information that is the source of this program's power. My version +knows a little more magic (including tar archives) than System V; the +/etc/magic parsing seems to be compatible with the (poorly documented) +System V /etc/magic format (with one exception; see the man page). + +In addition, the /etc/magic file is built from a subdirectory +for easier(?) maintenance. I will act as a clearinghouse for +magic numbers assigned to all sorts of data files that +are in reasonable circulation. Send your magic numbers, +in magic(5) format please, to the maintainer, Christos Zoulas. + +COPYING - read this first. +README - read this second (you are currently reading this file). +INSTALL - read on how to install +src/apprentice.c - parses /etc/magic to learn magic +src/apptype.c - used for OS/2 specific application type magic +src/ascmagic.c - third & last set of tests, based on hardwired assumptions. +src/asctime_r.c - replacement for OS's that don't have it. +src/asprintf.c - replacement for OS's that don't have it. +src/asctime_r.c - replacement for OS's that don't have it. +src/asprintf.c - replacement for OS's that don't have it. +src/buffer.c - buffer handling functions. +src/cdf.[ch] - parser for Microsoft Compound Document Files +src/cdf_time.c - time converter for CDF. +src/compress.c - handles decompressing files to look inside. +src/ctime_r.c - replacement for OS's that don't have it. +src/der.[ch] - parser for Distinguished Encoding Rules +src/dprintf.c - replacement for OS's that don't have it. +src/elfclass.h - common code for elf 32/64. +src/encoding.c - handles unicode encodings +src/file.c - the main program +src/file.h - header file +src/file_opts.h - list of options +src/fmtcheck.c - replacement for OS's that don't have it. +src/fsmagic.c - first set of tests the program runs, based on filesystem info +src/funcs.c - utilility functions +src/getline.c - replacement for OS's that don't have it. +src/getopt_long.c - replacement for OS's that don't have it. +src/gmtime_r.c - replacement for OS's that don't have it. +src/is_json.c - knows about JavaScript Object Notation format (RFC 8259). +src/is_tar.c, tar.h - knows about Tape ARchive format (courtesy John Gilmore). +src/localtime_r.c - replacement for OS's that don't have it. +src/magic.h.in - source file for magic.h +src/mygetopt.h - replacement for OS's that don't have it. +src/magic.c - the libmagic api +src/names.h - header file for ascmagic.c +src/pread.c - replacement for OS's that don't have it. +src/print.c - print results, errors, warnings. +src/readcdf.c - CDF wrapper. +src/readelf.[ch] - Stand-alone elf parsing code. +src/softmagic.c - 2nd set of tests, based on /etc/magic +src/mygetopt.h - replacement for OS's that don't have it. +src/strcasestr.c - replacement for OS's that don't have it. +src/strlcat.c - replacement for OS's that don't have it. +src/strlcpy.c - replacement for OS's that don't have it. +src/strndup.c - replacement for OS's that don't have it. +src/tar.h - tar file definitions +src/vasprintf.c - for systems that don't have it. +doc/file.man - man page for the command +doc/magic.man - man page for the magic file, courtesy Guy Harris. + Install as magic.4 on USG and magic.5 on V7 or Berkeley; cf Makefile. + +Magdir - directory of /etc/magic pieces +------------------------------------------------------------------------------ + +If you submit a new magic entry please make sure you read the following +guidelines: + +- Initial match is preferably at least 32 bits long, and is a _unique_ match +- If this is not feasible, use additional check +- Match of <= 16 bits are not accepted +- Delay printing string as much as possible, don't print output too early +- Avoid printf arbitrary byte as string, which can be a source of + crash and buffer overflow + +- Provide complete information with entry: + * One line short summary + * Optional long description + * File extension, if applicable + * Full name and contact method (for discussion when entry has problem) + * Further reference, such as documentation of format + +------------------------------------------------------------------------------ + +gpg for dummies: + +$ gpg --verify file-X.YY.tar.gz.asc file-X.YY.tar.gz +gpg: assuming signed data in `file-X.YY.tar.gz' +gpg: Signature made WWW MMM DD HH:MM:SS YYYY ZZZ using DSA key ID KKKKKKKK + +To download the key: + +$ gpg --keyserver hkp://keys.gnupg.net --recv-keys KKKKKKKK + +------------------------------------------------------------------------------ + + +Parts of this software were developed at SoftQuad Inc., developers +of SGML/HTML/XML publishing software, in Toronto, Canada. +SoftQuad was swallowed up by Corel in 2002 and does not exist any longer. diff --git a/README.DEVELOPER b/README.DEVELOPER new file mode 100644 index 0000000..9b23b46 --- /dev/null +++ b/README.DEVELOPER @@ -0,0 +1,40 @@ +# How to get started developing + +@(#) $File: README.DEVELOPER,v 1.5 2014/03/10 12:38:08 kim Exp $ + +## Auto files + +After checking out the source, run the following: + + autoreconf -f -i + ./configure --disable-silent-rules + make -j4 + make -C tests check + +If you see errors, make sure you have the latest libtool and autoconf +This has been tested with autoconf-2.69 and libtool-2.4.2 + +## Installing dependencies + +If your platform doesn't have the above tools, install the following +packages first. + +### Debian + + apt-get install \ + automake \ + gcc \ + libtool \ + make \ + python \ + zlib1g-dev \ + +See also `.travis.yml`. + +### Mac OS X (MacPorts) + + port install \ + autoconf \ + automake \ + libtool \ + diff --git a/RELEASE-PROCEDURE b/RELEASE-PROCEDURE new file mode 100644 index 0000000..c2c0855 --- /dev/null +++ b/RELEASE-PROCEDURE @@ -0,0 +1,29 @@ +# HOW TO RELEASE FILE + +@(#) $File: RELEASE-PROCEDURE,v 1.6 2018/07/25 06:17:15 christos Exp $ + +1) Update version number in configure.ac +2) Note the new version in ChangeLog +3) Update README if applicable +4) Commit changes into CVS +5) Rebuild and run tests (see README.DEVELOPER) +6) Tag the release with FILEx_yy +7) Create the source tarball: make distcheck +7a) Sign the source tarball. + gpg --armor --detach-sign mysoftware-0.4.tar.gz +8) Make the source tarball available on ftp +9) Add the new version to bugs.astron.com: + - Click: Manage > Manage Projects > file + - Scroll down to "Versions" + - Click on "Edit" next to the HEAD version + - Change the "Version" from HEAD to the newly released version + - Change the "Date Order" to the current time + - Check the "Released" box + - Click on "Update Version" + - Type HEAD into the box at the bottom of the version list and + click on "Add and Edit Version" + - Set the "Date Order" to 2030-01-01 (i.e. far in the future) + - Click on "Update Version" +10) Mail an announcement to file@astron.com containing a summary of the + ChangeLog changes. Historically we don't mention magic changes in the + ChangeLog or the mail message, only source changes. diff --git a/TODO b/TODO new file mode 100644 index 0000000..836d6b5 --- /dev/null +++ b/TODO @@ -0,0 +1,49 @@ +Most TODOs live in the TODO section of doc/file.man (i.e. file(1)). +They are more visible there, so please add any further TODOs to that +file, not here. More speculative material can live here. + +(This change was made when Reuben Thomas noticed that all the bugs +listed in the BUGS section of the man page had been fixed!) + +--- +It would be nice to simplify file considerably. For example, +reimplement the apprentice and non-pattern magic methods in Python, +and compile the magic patterns to a giant regex (or something similar; +maybe using Ragel (http://www.complang.org/ragel/)) so that only a +small amount of C is needed (because fast execution is typically only +required for soft magic, not the more detailed information given by +hard-wired routines). In this regard, note that hplip, which is +BSD-licensed, has a magic reimplementation in Python. +--- +Read the kerberos magic entry for more ideas. +--- +Write a string merger to make magic entry sizes dynamic. +Strings will be converted to offsets from the string table. +--- +Programming language support, we can introduce the concept of a group +of rules where n rules need to match before the rule is positive. This +could require structural changes to the matching code :-( + +0 group 2 # require 2 matches +# rule 1 +>0 .... +... +# rule 2 +>0 .... +... +--- +- Merge the stat code dance in one place and keep it in one place + (perhaps struct buffer). +- Enable seeking around if offset > nbytes if possible (the fd + is seekable). +- We could use file_pipe2file more (for EOF offsets, CDF documents), + but that is expensive; perhaps we should provide a way to disable it +- The implementation of struct buffer needs re-thinking and more work. + For example we don't always pass the fd in the child. This is not + important yet as we don't have yet cases where use/indirect magic + needs negative offsets. +- Really the whole thing just needs here's an (offset, buffer, size) + you have (filebuffer, filebuffersize &&|| fd), fill the buffer with + data from offset. The buffer API should be changed to just do that. + +christos diff --git a/acinclude.m4 b/acinclude.m4 new file mode 100644 index 0000000..dcbf92f --- /dev/null +++ b/acinclude.m4 @@ -0,0 +1,58 @@ +dnl from autoconf 2.13 acspecific.m4, with changes to check for daylight + +AC_DEFUN([AC_STRUCT_TIMEZONE_DAYLIGHT], +[AC_REQUIRE([AC_STRUCT_TM])dnl +AC_CACHE_CHECK([for tm_zone in struct tm], ac_cv_struct_tm_zone, +[AC_TRY_COMPILE([#include +#include <$ac_cv_struct_tm>], [struct tm tm; tm.tm_zone;], + ac_cv_struct_tm_zone=yes, ac_cv_struct_tm_zone=no)]) +if test "$ac_cv_struct_tm_zone" = yes; then + AC_DEFINE(HAVE_TM_ZONE,1,[HAVE_TM_ZONE]) +fi + +# On SGI, apparently tzname is a #define, but that's ok, AC_CHECK_DECL will +# consider it declared and we won't give our own extern. +AC_CHECK_DECLS([tzname], , , [#include ]) +AC_CACHE_CHECK(for tzname, ac_cv_var_tzname, +[AC_TRY_LINK( +[#include +#if !HAVE_DECL_TZNAME +extern char *tzname[]; +#endif], +[return tzname[0][0];], [ac_cv_var_tzname=yes], [ac_cv_var_tzname=no])]) + if test $ac_cv_var_tzname = yes; then + AC_DEFINE(HAVE_TZNAME,1,[HAVE_TZNAME]) + fi + +AC_CACHE_CHECK([for tm_isdst in struct tm], ac_cv_struct_tm_isdst, +[AC_TRY_COMPILE([#include +#include <$ac_cv_struct_tm>], [struct tm tm; tm.tm_isdst;], + ac_cv_struct_tm_isdst=yes, ac_cv_struct_tm_isdst=no)]) +if test "$ac_cv_struct_tm_isdst" = yes; then + AC_DEFINE(HAVE_TM_ISDST,1,[HAVE_TM_ISDST]) +fi + + +AC_CHECK_DECLS([daylight], , , [#include ]) +AC_CACHE_CHECK(for daylight, ac_cv_var_daylight, +[AC_TRY_LINK( +changequote(<<, >>)dnl +<<#include +#if !HAVE_DECL_DAYLIGHT +extern int daylight; +#endif>>, +changequote([, ])dnl +[atoi(daylight);], ac_cv_var_daylight=yes, ac_cv_var_daylight=no)]) + if test $ac_cv_var_daylight = yes; then + AC_DEFINE(HAVE_DAYLIGHT,1,[HAVE_DAYLIGHT]) + fi +]) + +AC_DEFUN([AC_STRUCT_OPTION_GETOPT_H], +[AC_CACHE_CHECK([for struct option in getopt], ac_cv_struct_option_getopt_h, +[AC_TRY_COMPILE([#include ], [struct option op; op.name;], + ac_cv_struct_option_getopt_h=yes, ac_cv_struct_option_getopt_h=no)]) +if test "$ac_cv_struct_option_getopt_h" = yes; then + AC_DEFINE(HAVE_STRUCT_OPTION,1,[HAVE_STRUCT_OPTION]) +fi +]) diff --git a/configure.ac b/configure.ac new file mode 100644 index 0000000..7da62aa --- /dev/null +++ b/configure.ac @@ -0,0 +1,184 @@ +dnl Process this file with autoconf to produce a configure script. +AC_INIT([file],[5.37],[christos@astron.com]) +AM_INIT_AUTOMAKE([subdir-objects foreign]) +m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) + +AC_CONFIG_HEADERS([config.h]) +AC_CONFIG_MACRO_DIR([m4]) + +AC_MSG_CHECKING(for builtin ELF support) +AC_ARG_ENABLE(elf, +[ --disable-elf disable builtin ELF support], +[if test "${enableval}" = yes; then + AC_MSG_RESULT(yes) + AC_DEFINE([BUILTIN_ELF], 1, [Define if built-in ELF support is used]) +else + AC_MSG_RESULT(no) +fi], [ + # enable by default + AC_MSG_RESULT(yes) + AC_DEFINE([BUILTIN_ELF], 1, [Define in built-in ELF support is used]) +]) + +AC_MSG_CHECKING(for ELF core file support) +AC_ARG_ENABLE(elf-core, +[ --disable-elf-core disable ELF core file support], +[if test "${enableval}" = yes; then + AC_MSG_RESULT(yes) + AC_DEFINE([ELFCORE], 1, [Define for ELF core file support]) +else + AC_MSG_RESULT(no) +fi], [ + # enable by default + AC_MSG_RESULT(yes) + AC_DEFINE([ELFCORE], 1, [Define for ELF core file support]) +]) + +AC_MSG_CHECKING(for zlib support) +AC_ARG_ENABLE([zlib], +[AS_HELP_STRING([--disable-zlib], [disable zlib compression support @<:@default=auto@:>@])]) +AC_MSG_RESULT($enable_zlib) + +AC_MSG_CHECKING(for libseccomp support) +AC_ARG_ENABLE([libseccomp], +[AS_HELP_STRING([--disable-libseccomp], [disable libseccomp sandboxing @<:@default=auto@:>@])]) +AC_MSG_RESULT($enable_libseccomp) + +AC_MSG_CHECKING(for file formats in man section 5) +AC_ARG_ENABLE(fsect-man5, +[ --enable-fsect-man5 enable file formats in man section 5], +[if test "${enableval}" = yes; then + AC_MSG_RESULT(yes) + fsect=5 +else + AC_MSG_RESULT(no) + fsect=4 +fi], [ + # disable by default + AC_MSG_RESULT(no) + fsect=4 +]) + +AC_CANONICAL_HOST +case "$host_os" in + mingw32*) + MINGW=1 + ;; + *) + MINGW=0 + ;; +esac +AC_SUBST(MINGW) +AM_CONDITIONAL(MINGW, test "$MINGW" = 1) + +AC_SUBST([pkgdatadir], ['$(datadir)/misc']) +AC_SUBST(fsect) +AM_CONDITIONAL(FSECT5, test x$fsect = x5) + +AC_SUBST(WARNINGS) + +dnl Checks for programs. +AC_PROG_CC_STDC +AC_USE_SYSTEM_EXTENSIONS +AM_PROG_CC_C_O +AC_C_BIGENDIAN +AC_PROG_INSTALL +AC_PROG_LN_S +LT_INIT([disable-static pic-only]) +gl_VISIBILITY +dnl Checks for headers +AC_HEADER_STDC +AC_HEADER_MAJOR +AC_HEADER_SYS_WAIT +AC_CHECK_HEADERS(stdint.h fcntl.h inttypes.h unistd.h) +AC_CHECK_HEADERS(utime.h wchar.h wctype.h) +AC_CHECK_HEADERS(getopt.h err.h xlocale.h) +AC_CHECK_HEADERS(sys/mman.h sys/stat.h sys/types.h sys/utime.h sys/time.h sys/sysmacros.h) +if test "$enable_zlib" != "no"; then + AC_CHECK_HEADERS(zlib.h) +fi +AC_CHECK_TYPE([sig_t],[AC_DEFINE([HAVE_SIG_T],1,[Have sig_t type])],,[#include ]) + +dnl Checks for typedefs, structures, and compiler characteristics. +AC_C_CONST +AC_TYPE_OFF_T +AC_TYPE_SIZE_T +AC_CHECK_MEMBERS([struct stat.st_rdev]) + +AC_CHECK_MEMBERS([struct tm.tm_gmtoff],,,[#include ]) +AC_STRUCT_TIMEZONE +AC_STRUCT_TIMEZONE_DAYLIGHT +AC_SYS_LARGEFILE +AC_FUNC_FSEEKO +AC_TYPE_MBSTATE_T + +AC_STRUCT_OPTION_GETOPT_H +AC_TYPE_PID_T +AC_TYPE_UINT8_T +AC_TYPE_UINT16_T +AC_TYPE_UINT32_T +AC_TYPE_INT32_T +AC_TYPE_UINT64_T +AC_TYPE_INT64_T +AC_TYPE_INTPTR_T +AC_TYPE_UINTPTR_T +AC_FUNC_MMAP +AC_FUNC_FORK +AC_FUNC_MBRTOWC + +AC_MSG_CHECKING(for gcc compiler warnings) +AC_ARG_ENABLE(warnings, +[ --disable-warnings disable compiler warnings], +[if test "${enableval}" = no -o "$GCC" = no; then + AC_MSG_RESULT(no) + WARNINGS= +else + AC_MSG_RESULT(yes) + WARNINGS="-Wall -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith \ + -Wmissing-declarations -Wredundant-decls -Wnested-externs \ + -Wsign-compare -Wreturn-type -Wswitch -Wshadow \ + -Wcast-qual -Wwrite-strings -Wextra -Wunused-parameter -Wformat=2" +fi], [ +if test "$GCC" = yes; then + AC_MSG_RESULT(yes) + WARNINGS="-Wall -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith \ + -Wmissing-declarations -Wredundant-decls -Wnested-externs \ + -Wsign-compare -Wreturn-type -Wswitch -Wshadow \ + -Wcast-qual -Wwrite-strings -Wextra -Wunused-parameter -Wformat=2" +else + WARNINGS= + AC_MSG_RESULT(no) +fi]) + +dnl Checks for functions +AC_CHECK_FUNCS(strndup mkstemp mkostemp utimes utime wcwidth strtof newlocale uselocale freelocale memmem) + +dnl Provide implementation of some required functions if necessary +AC_REPLACE_FUNCS(getopt_long asprintf vasprintf strlcpy strlcat getline ctime_r asctime_r localtime_r gmtime_r pread strcasestr fmtcheck dprintf) + +dnl Checks for libraries +if test "$enable_zlib" != "no"; then + AC_CHECK_LIB(z, gzopen) +fi +if test "$enable_libseccomp" != "no"; then + AC_CHECK_LIB(seccomp, seccomp_init) +fi +if test "$MINGW" = 1; then + AC_CHECK_LIB(gnurx,regexec,,AC_MSG_ERROR([libgnurx is required to build file(1) with MinGW])) +fi + +dnl See if we are cross-compiling +AM_CONDITIONAL(IS_CROSS_COMPILE, test "$cross_compiling" = yes) + +dnl Final sanity checks +if test "$enable_zlib" = "yes"; then + if test "$ac_cv_header_zlib_h$ac_cv_lib_z_gzopen" != "yesyes"; then + AC_MSG_ERROR([zlib support requested but not found]) + fi +fi +if test "$ac_cv_header_zlib_h$ac_cv_lib_z_gzopen" = "yesyes"; then + AC_DEFINE([ZLIBSUPPORT], 1, [Enable zlib compression support]) +fi + +AC_CONFIG_FILES([Makefile src/Makefile magic/Makefile tests/Makefile doc/Makefile python/Makefile]) +AC_OUTPUT diff --git a/doc/.cvsignore b/doc/.cvsignore new file mode 100644 index 0000000..d3f8107 --- /dev/null +++ b/doc/.cvsignore @@ -0,0 +1,7 @@ +Makefile +Makefile.in +*.1 +*.3 +*.4 +*.5 +.gitignore diff --git a/doc/Makefile.am b/doc/Makefile.am new file mode 100644 index 0000000..4a78589 --- /dev/null +++ b/doc/Makefile.am @@ -0,0 +1,32 @@ +MAGIC = $(pkgdatadir)/magic +if FSECT5 +man_MAGIC = magic.5 +else +man_MAGIC = magic.4 +endif +fsect = @fsect@ +man_MANS = file.1 $(man_MAGIC) libmagic.3 + +EXTRA_DIST = file.man magic.man libmagic.man +CLEANFILES = $(man_MANS) + +file.1: Makefile file.man + @rm -f $@ + sed -e s@__CSECTION__@1@g \ + -e s@__FSECTION__@${fsect}@g \ + -e s@__VERSION__@${VERSION}@g \ + -e s@__MAGIC__@${MAGIC}@g $(srcdir)/file.man > $@ + +magic.${fsect}: Makefile magic.man + @rm -f $@ + sed -e s@__CSECTION__@1@g \ + -e s@__FSECTION__@${fsect}@g \ + -e s@__VERSION__@${VERSION}@g \ + -e s@__MAGIC__@${MAGIC}@g $(srcdir)/magic.man > $@ + +libmagic.3: Makefile libmagic.man + @rm -f $@ + sed -e s@__CSECTION__@1@g \ + -e s@__FSECTION__@${fsect}@g \ + -e s@__VERSION__@${VERSION}@g \ + -e s@__MAGIC__@${MAGIC}@g $(srcdir)/libmagic.man > $@ diff --git a/doc/file.man b/doc/file.man new file mode 100644 index 0000000..63e95f1 --- /dev/null +++ b/doc/file.man @@ -0,0 +1,717 @@ +.\" $File: file.man,v 1.135 2019/03/03 02:32:40 christos Exp $ +.Dd February 18, 2019 +.Dt FILE __CSECTION__ +.Os +.Sh NAME +.Nm file +.Nd determine file type +.Sh SYNOPSIS +.Nm +.Bk -words +.Op Fl bcdEhiklLNnprsSvzZ0 +.Op Fl Fl apple +.Op Fl Fl extension +.Op Fl Fl mime-encoding +.Op Fl Fl mime-type +.Op Fl e Ar testname +.Op Fl F Ar separator +.Op Fl f Ar namefile +.Op Fl m Ar magicfiles +.Op Fl P Ar name=value +.Ar +.Ek +.Nm +.Fl C +.Op Fl m Ar magicfiles +.Nm +.Op Fl Fl help +.Sh DESCRIPTION +This manual page documents version __VERSION__ of the +.Nm +command. +.Pp +.Nm +tests each argument in an attempt to classify it. +There are three sets of tests, performed in this order: +filesystem tests, magic tests, and language tests. +The +.Em first +test that succeeds causes the file type to be printed. +.Pp +The type printed will usually contain one of the words +.Em text +(the file contains only +printing characters and a few common control +characters and is probably safe to read on an +.Dv ASCII +terminal), +.Em executable +(the file contains the result of compiling a program +in a form understandable to some +.Tn UNIX +kernel or another), +or +.Em data +meaning anything else (data is usually +.Dq binary +or non-printable). +Exceptions are well-known file formats (core files, tar archives) +that are known to contain binary data. +When modifying magic files or the program itself, make sure to +.Em "preserve these keywords" . +Users depend on knowing that all the readable files in a directory +have the word +.Dq text +printed. +Don't do as Berkeley did and change +.Dq shell commands text +to +.Dq shell script . +.Pp +The filesystem tests are based on examining the return from a +.Xr stat 2 +system call. +The program checks to see if the file is empty, +or if it's some sort of special file. +Any known file types appropriate to the system you are running on +(sockets, symbolic links, or named pipes (FIFOs) on those systems that +implement them) +are intuited if they are defined in the system header file +.In sys/stat.h . +.Pp +The magic tests are used to check for files with data in +particular fixed formats. +The canonical example of this is a binary executable (compiled program) +.Dv a.out +file, whose format is defined in +.In elf.h , +.In a.out.h +and possibly +.In exec.h +in the standard include directory. +These files have a +.Dq "magic number" +stored in a particular place +near the beginning of the file that tells the +.Tn UNIX +operating system +that the file is a binary executable, and which of several types thereof. +The concept of a +.Dq "magic" +has been applied by extension to data files. +Any file with some invariant identifier at a small fixed +offset into the file can usually be described in this way. +The information identifying these files is read from the compiled +magic file +.Pa __MAGIC__.mgc , +or the files in the directory +.Pa __MAGIC__ +if the compiled file does not exist. +In addition, if +.Pa $HOME/.magic.mgc +or +.Pa $HOME/.magic +exists, it will be used in preference to the system magic files. +.Pp +If a file does not match any of the entries in the magic file, +it is examined to see if it seems to be a text file. +ASCII, ISO-8859-x, non-ISO 8-bit extended-ASCII character sets +(such as those used on Macintosh and IBM PC systems), +UTF-8-encoded Unicode, UTF-16-encoded Unicode, and EBCDIC +character sets can be distinguished by the different +ranges and sequences of bytes that constitute printable text +in each set. +If a file passes any of these tests, its character set is reported. +ASCII, ISO-8859-x, UTF-8, and extended-ASCII files are identified +as +.Dq text +because they will be mostly readable on nearly any terminal; +UTF-16 and EBCDIC are only +.Dq character data +because, while +they contain text, it is text that will require translation +before it can be read. +In addition, +.Nm +will attempt to determine other characteristics of text-type files. +If the lines of a file are terminated by CR, CRLF, or NEL, instead +of the Unix-standard LF, this will be reported. +Files that contain embedded escape sequences or overstriking +will also be identified. +.Pp +Once +.Nm +has determined the character set used in a text-type file, +it will +attempt to determine in what language the file is written. +The language tests look for particular strings (cf. +.In names.h ) +that can appear anywhere in the first few blocks of a file. +For example, the keyword +.Em .br +indicates that the file is most likely a +.Xr troff 1 +input file, just as the keyword +.Em struct +indicates a C program. +These tests are less reliable than the previous +two groups, so they are performed last. +The language test routines also test for some miscellany +(such as +.Xr tar 1 +archives, JSON files). +.Pp +Any file that cannot be identified as having been written +in any of the character sets listed above is simply said to be +.Dq data . +.Sh OPTIONS +.Bl -tag -width indent +.It Fl Fl apple +Causes the file command to output the file type and creator code as +used by older MacOS versions. +The code consists of eight letters, +the first describing the file type, the latter the creator. +This option works properly only for file formats that have the +apple-style output defined. +.It Fl b , Fl Fl brief +Do not prepend filenames to output lines (brief mode). +.It Fl C , Fl Fl compile +Write a +.Pa magic.mgc +output file that contains a pre-parsed version of the magic file or directory. +.It Fl c , Fl Fl checking-printout +Cause a checking printout of the parsed form of the magic file. +This is usually used in conjunction with the +.Fl m +flag to debug a new magic file before installing it. +.It Fl d +Prints internal debugging information to stderr. +.It Fl E +On filesystem errors (file not found etc), instead of handling the error +as regular output as POSIX mandates and keep going, issue an error message +and exit. +.It Fl e , Fl Fl exclude Ar testname +Exclude the test named in +.Ar testname +from the list of tests made to determine the file type. +Valid test names are: +.Bl -tag -width compress +.It apptype +.Dv EMX +application type (only on EMX). +.It ascii +Various types of text files (this test will try to guess the text +encoding, irrespective of the setting of the +.Sq encoding +option). +.It encoding +Different text encodings for soft magic tests. +.It tokens +Ignored for backwards compatibility. +.It cdf +Prints details of Compound Document Files. +.It compress +Checks for, and looks inside, compressed files. +.It elf +Prints ELF file details, provided soft magic tests are enabled and the +elf magic is found. +.It json +Examines JSON (RFC-7159) files by parsing them for compliance. +.It soft +Consults magic files. +.It tar +Examines tar files by verifying the checksum of the 512 byte tar header. +Excluding this test can provide more detailed content description by using +the soft magic method. +.It text +A synonym for +.Sq ascii . +.El +.It Fl Fl extension +Print a slash-separated list of valid extensions for the file type found. +.It Fl F , Fl Fl separator Ar separator +Use the specified string as the separator between the filename and the +file result returned. +Defaults to +.Sq \&: . +.It Fl f , Fl Fl files-from Ar namefile +Read the names of the files to be examined from +.Ar namefile +(one per line) +before the argument list. +Either +.Ar namefile +or at least one filename argument must be present; +to test the standard input, use +.Sq - +as a filename argument. +Please note that +.Ar namefile +is unwrapped and the enclosed filenames are processed when this option is +encountered and before any further options processing is done. +This allows one to process multiple lists of files with different command line +arguments on the same +.Nm +invocation. +Thus if you want to set the delimiter, you need to do it before you specify +the list of files, like: +.Dq Fl F Ar @ Fl f Ar namefile , +instead of: +.Dq Fl f Ar namefile Fl F Ar @ . +.It Fl h , Fl Fl no-dereference +option causes symlinks not to be followed +(on systems that support symbolic links). +This is the default if the environment variable +.Dv POSIXLY_CORRECT +is not defined. +.It Fl i , Fl Fl mime +Causes the file command to output mime type strings rather than the more +traditional human readable ones. +Thus it may say +.Sq text/plain; charset=us-ascii +rather than +.Dq ASCII text . +.It Fl Fl mime-type , Fl Fl mime-encoding +Like +.Fl i , +but print only the specified element(s). +.It Fl k , Fl Fl keep-going +Don't stop at the first match, keep going. +Subsequent matches will be +have the string +.Sq "\[rs]012\- " +prepended. +(If you want a newline, see the +.Fl r +option.) +The magic pattern with the highest strength (see the +.Fl l +option) comes first. +.It Fl l , Fl Fl list +Shows a list of patterns and their strength sorted descending by +.Xr magic 4 +strength +which is used for the matching (see also the +.Fl k +option). +.It Fl L , Fl Fl dereference +option causes symlinks to be followed, as the like-named option in +.Xr ls 1 +(on systems that support symbolic links). +This is the default if the environment variable +.Ev POSIXLY_CORRECT +is defined. +.It Fl m , Fl Fl magic-file Ar magicfiles +Specify an alternate list of files and directories containing magic. +This can be a single item, or a colon-separated list. +If a compiled magic file is found alongside a file or directory, +it will be used instead. +.It Fl N , Fl Fl no-pad +Don't pad filenames so that they align in the output. +.It Fl n , Fl Fl no-buffer +Force stdout to be flushed after checking each file. +This is only useful if checking a list of files. +It is intended to be used by programs that want filetype output from a pipe. +.It Fl p , Fl Fl preserve-date +On systems that support +.Xr utime 3 +or +.Xr utimes 2 , +attempt to preserve the access time of files analyzed, to pretend that +.Nm +never read them. +.It Fl P , Fl Fl parameter Ar name=value +Set various parameter limits. +.Bl -column "elf_phnum" "Default" "XXXXXXXXXXXXXXXXXXXXXXXXXXX" -offset indent +.It Sy "Name" Ta Sy "Default" Ta Sy "Explanation" +.It Li indir Ta 15 Ta recursion limit for indirect magic +.It Li name Ta 30 Ta use count limit for name/use magic +.It Li elf_notes Ta 256 Ta max ELF notes processed +.It Li elf_phnum Ta 128 Ta max ELF program sections processed +.It Li elf_shnum Ta 32768 Ta max ELF sections processed +.It Li regex Ta 8192 Ta length limit for regex searches +.It Li bytes Ta 1048576 Ta max number of bytes to read from file +.El +.It Fl r , Fl Fl raw +Don't translate unprintable characters to \eooo. +Normally +.Nm +translates unprintable characters to their octal representation. +.It Fl s , Fl Fl special-files +Normally, +.Nm +only attempts to read and determine the type of argument files which +.Xr stat 2 +reports are ordinary files. +This prevents problems, because reading special files may have peculiar +consequences. +Specifying the +.Fl s +option causes +.Nm +to also read argument files which are block or character special files. +This is useful for determining the filesystem types of the data in raw +disk partitions, which are block special files. +This option also causes +.Nm +to disregard the file size as reported by +.Xr stat 2 +since on some systems it reports a zero size for raw disk partitions. +.It Fl S , Fl Fl no-sandbox +On systems where libseccomp +.Pa ( https://github.com/seccomp/libseccomp ) +is available, the +.Fl S +flag disables sandboxing which is enabled by default. +This option is needed for file to execute external descompressing programs, +i.e. when the +.Fl z +flag is specified and the built-in decompressors are not available. +.It Fl v , Fl Fl version +Print the version of the program and exit. +.It Fl z , Fl Fl uncompress +Try to look inside compressed files. +.It Fl Z , Fl Fl uncompress-noreport +Try to look inside compressed files, but report information about the contents +only not the compression. +.It Fl 0 , Fl Fl print0 +Output a null character +.Sq \e0 +after the end of the filename. +Nice to +.Xr cut 1 +the output. +This does not affect the separator, which is still printed. +.Pp +If this option is repeated more than once, then +.Nm +prints just the filename followed by a NUL followed by the description +(or ERROR: text) followed by a second NUL for each entry. +.It Fl -help +Print a help message and exit. +.El +.Sh ENVIRONMENT +The environment variable +.Ev MAGIC +can be used to set the default magic file name. +If that variable is set, then +.Nm +will not attempt to open +.Pa $HOME/.magic . +.Nm +adds +.Dq Pa .mgc +to the value of this variable as appropriate. +The environment variable +.Ev POSIXLY_CORRECT +controls (on systems that support symbolic links), whether +.Nm +will attempt to follow symlinks or not. +If set, then +.Nm +follows symlink, otherwise it does not. +This is also controlled by the +.Fl L +and +.Fl h +options. +.Sh FILES +.Bl -tag -width __MAGIC__.mgc -compact +.It Pa __MAGIC__.mgc +Default compiled list of magic. +.It Pa __MAGIC__ +Directory containing default magic files. +.El +.Sh EXIT STATUS +.Nm +will exit with +.Dv 0 +if the operation was successful or +.Dv >0 +if an error was encountered. +The following errors cause diagnostic messages, but don't affect the program +exit code (as POSIX requires), unless +.Fl E +is specified: +.Bl -bullet -compact -offset indent +.It +A file cannot be found +.It +There is no permission to read a file +.It +The file type cannot be determined +.El +.Sh EXAMPLES +.Bd -literal -offset indent +$ file file.c file /dev/{wd0a,hda} +file.c: C program text +file: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), + dynamically linked (uses shared libs), stripped +/dev/wd0a: block special (0/0) +/dev/hda: block special (3/0) + +$ file -s /dev/wd0{b,d} +/dev/wd0b: data +/dev/wd0d: x86 boot sector + +$ file -s /dev/hda{,1,2,3,4,5,6,7,8,9,10} +/dev/hda: x86 boot sector +/dev/hda1: Linux/i386 ext2 filesystem +/dev/hda2: x86 boot sector +/dev/hda3: x86 boot sector, extended partition table +/dev/hda4: Linux/i386 ext2 filesystem +/dev/hda5: Linux/i386 swap file +/dev/hda6: Linux/i386 swap file +/dev/hda7: Linux/i386 swap file +/dev/hda8: Linux/i386 swap file +/dev/hda9: empty +/dev/hda10: empty + +$ file -i file.c file /dev/{wd0a,hda} +file.c: text/x-c +file: application/x-executable +/dev/hda: application/x-not-regular-file +/dev/wd0a: application/x-not-regular-file + +.Ed +.Sh SEE ALSO +.Xr hexdump 1 , +.Xr od 1 , +.Xr strings 1 , +.Xr magic __FSECTION__ +.Sh STANDARDS CONFORMANCE +This program is believed to exceed the System V Interface Definition +of FILE(CMD), as near as one can determine from the vague language +contained therein. +Its behavior is mostly compatible with the System V program of the same name. +This version knows more magic, however, so it will produce +different (albeit more accurate) output in many cases. +.\" URL: http://www.opengroup.org/onlinepubs/009695399/utilities/file.html +.Pp +The one significant difference +between this version and System V +is that this version treats any white space +as a delimiter, so that spaces in pattern strings must be escaped. +For example, +.Bd -literal -offset indent +\*[Gt]10 string language impress\ (imPRESS data) +.Ed +.Pp +in an existing magic file would have to be changed to +.Bd -literal -offset indent +\*[Gt]10 string language\e impress (imPRESS data) +.Ed +.Pp +In addition, in this version, if a pattern string contains a backslash, +it must be escaped. +For example +.Bd -literal -offset indent +0 string \ebegindata Andrew Toolkit document +.Ed +.Pp +in an existing magic file would have to be changed to +.Bd -literal -offset indent +0 string \e\ebegindata Andrew Toolkit document +.Ed +.Pp +SunOS releases 3.2 and later from Sun Microsystems include a +.Nm +command derived from the System V one, but with some extensions. +This version differs from Sun's only in minor ways. +It includes the extension of the +.Sq \*[Am] +operator, used as, +for example, +.Bd -literal -offset indent +\*[Gt]16 long\*[Am]0x7fffffff \*[Gt]0 not stripped +.Ed +.Sh SECURITY +On systems where libseccomp +.Pa ( https://github.com/seccomp/libseccomp ) +is available, +.Nm +is enforces limiting system calls to only the ones necessary for the +operation of the program. +This enforcement does not provide any security benefit when +.Nm +is asked to decompress input files running external programs with +the +.Fl z +option. +To enable execution of external decompressors, one needs to disable +sandboxing using the +.Fl S +flag. +.Sh MAGIC DIRECTORY +The magic file entries have been collected from various sources, +mainly USENET, and contributed by various authors. +Christos Zoulas (address below) will collect additional +or corrected magic file entries. +A consolidation of magic file entries +will be distributed periodically. +.Pp +The order of entries in the magic file is significant. +Depending on what system you are using, the order that +they are put together may be incorrect. +If your old +.Nm +command uses a magic file, +keep the old magic file around for comparison purposes +(rename it to +.Pa __MAGIC__.orig ) . +.Sh HISTORY +There has been a +.Nm +command in every +.Dv UNIX since at least Research Version 4 +(man page dated November, 1973). +The System V version introduced one significant major change: +the external list of magic types. +This slowed the program down slightly but made it a lot more flexible. +.Pp +This program, based on the System V version, +was written by Ian Darwin +.Aq ian@darwinsys.com +without looking at anybody else's source code. +.Pp +John Gilmore revised the code extensively, making it better than +the first version. +Geoff Collyer found several inadequacies +and provided some magic file entries. +Contributions of the +.Sq \*[Am] +operator by Rob McMahon, +.Aq cudcv@warwick.ac.uk , +1989. +.Pp +Guy Harris, +.Aq guy@netapp.com , +made many changes from 1993 to the present. +.Pp +Primary development and maintenance from 1990 to the present by +Christos Zoulas +.Aq christos@astron.com . +.Pp +Altered by Chris Lowth +.Aq chris@lowth.com , +2000: handle the +.Fl i +option to output mime type strings, using an alternative +magic file and internal logic. +.Pp +Altered by Eric Fischer +.Aq enf@pobox.com , +July, 2000, +to identify character codes and attempt to identify the languages +of non-ASCII files. +.Pp +Altered by Reuben Thomas +.Aq rrt@sc3d.org , +2007-2011, to improve MIME support, merge MIME and non-MIME magic, +support directories as well as files of magic, apply many bug fixes, +update and fix a lot of magic, improve the build system, improve the +documentation, and rewrite the Python bindings in pure Python. +.Pp +The list of contributors to the +.Sq magic +directory (magic files) +is too long to include here. +You know who you are; thank you. +Many contributors are listed in the source files. +.Sh LEGAL NOTICE +Copyright (c) Ian F. Darwin, Toronto, Canada, 1986-1999. +Covered by the standard Berkeley Software Distribution copyright; see the file +COPYING in the source distribution. +.Pp +The files +.Pa tar.h +and +.Pa is_tar.c +were written by John Gilmore from his public-domain +.Xr tar 1 +program, and are not covered by the above license. +.Sh BUGS +Please report bugs and send patches to the bug tracker at +.Pa https://bugs.astron.com/ +or the mailing list at +.Aq file@astron.com +(visit +.Pa https://mailman.astron.com/mailman/listinfo/file +first to subscribe). +.Sh TODO +Fix output so that tests for MIME and APPLE flags are not needed all +over the place, and actual output is only done in one place. +This needs a design. +Suggestion: push possible outputs on to a list, then pick the +last-pushed (most specific, one hopes) value at the end, or +use a default if the list is empty. +This should not slow down evaluation. +.Pp +The handling of +.Dv MAGIC_CONTINUE +and printing \e012- between entries is clumsy and complicated; refactor +and centralize. +.Pp +Some of the encoding logic is hard-coded in encoding.c and can be moved +to the magic files if we had a !:charset annotation +.Pp +Continue to squash all magic bugs. +See Debian BTS for a good source. +.Pp +Store arbitrarily long strings, for example for %s patterns, so that +they can be printed out. +Fixes Debian bug #271672. +This can be done by allocating strings in a string pool, storing the +string pool at the end of the magic file and converting all the string +pointers to relative offsets from the string pool. +.Pp +Add syntax for relative offsets after current level (Debian bug #466037). +.Pp +Make file -ki work, i.e. give multiple MIME types. +.Pp +Add a zip library so we can peek inside Office2007 documents to +print more details about their contents. +.Pp +Add an option to print URLs for the sources of the file descriptions. +.Pp +Combine script searches and add a way to map executable names to MIME +types (e.g. have a magic value for !:mime which causes the resulting +string to be looked up in a table). +This would avoid adding the same magic repeatedly for each new +hash-bang interpreter. +.Pp +When a file descriptor is available, we can skip and adjust the buffer +instead of the hacky buffer management we do now. +.Pp +Fix +.Dq name +and +.Dq use +to check for consistency at compile time (duplicate +.Dq name , +.Dq use +pointing to undefined +.Dq name +). +Make +.Dq name +/ +.Dq use +more efficient by keeping a sorted list of names. +Special-case ^ to flip endianness in the parser so that it does not +have to be escaped, and document it. +.Pp +If the offsets specified internally in the file exceed the buffer size +( +.Dv HOWMANY +variable in file.h), then we don't seek to that offset, but we give up. +It would be better if buffer managements was done when the file descriptor +is available so move around the file. +One must be careful though because this has performance (and thus security +considerations). +.Sh AVAILABILITY +You can obtain the original author's latest version by anonymous FTP +on +.Pa ftp.astron.com +in the directory +.Pa /pub/file/file-X.YZ.tar.gz . diff --git a/doc/libmagic.man b/doc/libmagic.man new file mode 100644 index 0000000..086f065 --- /dev/null +++ b/doc/libmagic.man @@ -0,0 +1,413 @@ +.\" $File: libmagic.man,v 1.44 2018/09/09 20:33:28 christos Exp $ +.\" +.\" Copyright (c) Christos Zoulas 2003, 2018. +.\" All Rights Reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice immediately at the beginning of the file, without modification, +.\" this list of conditions, and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR +.\" ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd August 18, 2018 +.Dt LIBMAGIC 3 +.Os +.Sh NAME +.Nm magic_open , +.Nm magic_close , +.Nm magic_error , +.Nm magic_errno , +.Nm magic_descriptor , +.Nm magic_buffer , +.Nm magic_getflags , +.Nm magic_setflags , +.Nm magic_check , +.Nm magic_compile , +.Nm magic_list , +.Nm magic_load , +.Nm magic_load_buffers , +.Nm magic_setparam , +.Nm magic_getparam , +.Nm magic_version +.Nd Magic number recognition library +.Sh LIBRARY +.Lb libmagic +.Sh SYNOPSIS +.In magic.h +.Ft magic_t +.Fn magic_open "int flags" +.Ft void +.Fn magic_close "magic_t cookie" +.Ft const char * +.Fn magic_error "magic_t cookie" +.Ft int +.Fn magic_errno "magic_t cookie" +.Ft const char * +.Fn magic_descriptor "magic_t cookie" "int fd" +.Ft const char * +.Fn magic_file "magic_t cookie" "const char *filename" +.Ft const char * +.Fn magic_buffer "magic_t cookie" "const void *buffer" "size_t length" +.Ft int +.Fn magic_getflags "magic_t cookie" +.Ft int +.Fn magic_setflags "magic_t cookie" "int flags" +.Ft int +.Fn magic_check "magic_t cookie" "const char *filename" +.Ft int +.Fn magic_compile "magic_t cookie" "const char *filename" +.Ft int +.Fn magic_list "magic_t cookie" "const char *filename" +.Ft int +.Fn magic_load "magic_t cookie" "const char *filename" +.Ft int +.Fn magic_load_buffers "magic_t cookie" "void **buffers" "size_t *sizes" "size_t nbuffers" +.Ft int +.Fn magic_getparam "magic_t cookie" "int param" "void *value" +.Ft int +.Fn magic_setparam "magic_t cookie" "int param" "const void *value" +.Ft int +.Fn magic_version "void" +.Sh DESCRIPTION +These functions +operate on the magic database file +which is described +in +.Xr magic __FSECTION__ . +.Pp +The function +.Fn magic_open +creates a magic cookie pointer and returns it. +It returns +.Dv NULL +if there was an error allocating the magic cookie. +The +.Ar flags +argument specifies how the other magic functions should behave: +.Bl -tag -width MAGIC_COMPRESS +.It Dv MAGIC_NONE +No special handling. +.It Dv MAGIC_DEBUG +Print debugging messages to stderr. +.It Dv MAGIC_SYMLINK +If the file queried is a symlink, follow it. +.It Dv MAGIC_COMPRESS +If the file is compressed, unpack it and look at the contents. +.It Dv MAGIC_DEVICES +If the file is a block or character special device, then open the device +and try to look in its contents. +.It Dv MAGIC_MIME_TYPE +Return a MIME type string, instead of a textual description. +.It Dv MAGIC_MIME_ENCODING +Return a MIME encoding, instead of a textual description. +.It Dv MAGIC_MIME +A shorthand for MAGIC_MIME_TYPE | MAGIC_MIME_ENCODING. +.It Dv MAGIC_CONTINUE +Return all matches, not just the first. +.It Dv MAGIC_CHECK +Check the magic database for consistency and print warnings to stderr. +.It Dv MAGIC_PRESERVE_ATIME +On systems that support +.Xr utime 3 +or +.Xr utimes 2 , +attempt to preserve the access time of files analysed. +.It Dv MAGIC_RAW +Don't translate unprintable characters to a \eooo octal representation. +.It Dv MAGIC_ERROR +Treat operating system errors while trying to open files and follow symlinks +as real errors, instead of printing them in the magic buffer. +.It Dv MAGIC_APPLE +Return the Apple creator and type. +.It Dv MAGIC_EXTENSION +Return a slash-separated list of extensions for this file type. +.It Dv MAGIC_COMPRESS_TRANSP +Don't report on compression, only report about the uncompressed data. +.It Dv MAGIC_NO_CHECK_APPTYPE +Don't check for +.Dv EMX +application type (only on EMX). +.It Dv MAGIC_NO_CHECK_CDF +Don't get extra information on MS Composite Document Files. +.It Dv MAGIC_NO_CHECK_COMPRESS +Don't look inside compressed files. +.It Dv MAGIC_NO_CHECK_ELF +Don't print ELF details. +.It Dv MAGIC_NO_CHECK_ENCODING +Don't check text encodings. +.It Dv MAGIC_NO_CHECK_SOFT +Don't consult magic files. +.It Dv MAGIC_NO_CHECK_TAR +Don't examine tar files. +.It Dv MAGIC_NO_CHECK_TEXT +Don't check for various types of text files. +.It Dv MAGIC_NO_CHECK_TOKENS +Don't look for known tokens inside ascii files. +.It Dv MAGIC_NO_CHECK_JSON +Don't example JSON files. +.El +.Pp +The +.Fn magic_close +function closes the +.Xr magic __FSECTION__ +database and deallocates any resources used. +.Pp +The +.Fn magic_error +function returns a textual explanation of the last error, or +.Dv NULL +if there was no error. +.Pp +The +.Fn magic_errno +function returns the last operating system error number +.Pq Xr errno 2 +that was encountered by a system call. +.Pp +The +.Fn magic_file +function returns a textual description of the contents of the +.Ar filename +argument, or +.Dv NULL +if an error occurred. +If the +.Ar filename +is +.Dv NULL , +then stdin is used. +.Pp +The +.Fn magic_descriptor +function returns a textual description of the contents of the +.Ar fd +argument, or +.Dv NULL +if an error occurred. +.Pp +The +.Fn magic_buffer +function returns a textual description of the contents of the +.Ar buffer +argument with +.Ar length +bytes size. +.Pp +The +.Fn magic_getflags +functions returns a value representing current +.Ar flags +set. +.Pp +The +.Fn magic_setflags +function sets the +.Ar flags +described above. +Note that using both MIME flags together can also +return extra information on the charset. +.Pp +The +.Fn magic_check +function can be used to check the validity of entries in the colon +separated database files passed in as +.Ar filename , +or +.Dv NULL +for the default database. +It returns 0 on success and \-1 on failure. +.Pp +The +.Fn magic_compile +function can be used to compile the colon +separated list of database files passed in as +.Ar filename , +or +.Dv NULL +for the default database. +It returns 0 on success and \-1 on failure. +The compiled files created are named from the +.Xr basename 1 +of each file argument with +.Dq .mgc +appended to it. +.Pp +The +.Fn magic_list +function dumps all magic entries in a human readable format, +dumping first the entries that are matched against binary files and then the +ones that match text files. +It takes and optional +.Fa filename +argument which is a colon separated list of database files, or +.Dv NULL +for the default database. +.Pp +The +.Fn magic_load +function must be used to load the colon +separated list of database files passed in as +.Ar filename , +or +.Dv NULL +for the default database file before any magic queries can performed. +.Pp +The default database file is named by the MAGIC environment variable. +If that variable is not set, the default database file name is __MAGIC__. +.Fn magic_load +adds +.Dq .mgc +to the database filename as appropriate. +.Pp +The +.Fn magic_load_buffers +function takes an array of size +.Fa nbuffers +of +.Fa buffers +with a respective size for each in the array of +.Fa sizes +loaded with the contents of the magic databases from the filesystem. +This function can be used in environment where the magic library does +not have direct access to the filesystem, but can access the magic +database via shared memory or other IPC means. +.Pp +The +.Fn magic_getparam +and +.Fn magic_setparam +allow getting and setting various limits related to the magic +library. +.Bl -column "MAGIC_PARAM_ELF_PHNUM_MAX" "size_t" "Default" -offset indent +.It Sy "Parameter" Ta Sy "Type" Ta Sy "Default" +.It Li MAGIC_PARAM_INDIR_MAX Ta size_t Ta 15 +.It Li MAGIC_PARAM_NAME_MAX Ta size_t Ta 30 +.It Li MAGIC_PARAM_ELF_NOTES_MAX Ta size_t Ta 256 +.It Li MAGIC_PARAM_ELF_PHNUM_MAX Ta size_t Ta 128 +.It Li MAGIC_PARAM_ELF_SHNUM_MAX Ta size_t Ta 32768 +.It Li MAGIC_PARAM_REGEX_MAX Ta size_t Ta 8192 +.It Li MAGIC_PARAM_BYTES_MAX Ta size_t Ta 1048576 +.El +.Pp +The +.Dv MAGIC_PARAM_INDIR_RECURSION +parameter controls how many levels of recursion will be followed for +indirect magic entries. +.Pp +The +.Dv MAGIC_PARAM_NAME_RECURSION +parameter controls how many levels of recursion will be followed for +for name/use calls. +.Pp +The +.Dv MAGIC_PARAM_NAME_MAX +parameter controls the maximum number of calls for name/use. +.Pp +The +.Dv MAGIC_PARAM_NOTES_MAX +parameter controls how many ELF notes will be processed. +.Pp +The +.Dv MAGIC_PARAM_PHNUM_MAX +parameter controls how many ELF program sections will be processed. +.Pp +The +.Dv MAGIC_PARAM_SHNUM_MAX +parameter controls how many ELF sections will be processed. +.Pp +The +.Fn magic_version +command returns the version number of this library which is compiled into +the shared library using the constant +.Dv MAGIC_VERSION +from +.In magic.h . +This can be used by client programs to verify that the version they compile +against is the same as the version that they run against. +.Sh RETURN VALUES +The function +.Fn magic_open +returns a magic cookie on success and +.Dv NULL +on failure setting errno to an appropriate value. +It will set errno to +.Er EINVAL +if an unsupported value for flags was given. +The +.Fn magic_list , +.Fn magic_load , +.Fn magic_compile , +and +.Fn magic_check +functions return 0 on success and \-1 on failure. +The +.Fn magic_buffer , +.Fn magic_getpath , +and +.Fn magic_file , +functions return a string on success and +.Dv NULL +on failure. +The +.Fn magic_error +function returns a textual description of the errors of the above +functions, or +.Dv NULL +if there was no error. +The +.Fn magic_version +always returns the version number of the library. +Finally, +.Fn magic_setflags +returns \-1 on systems that don't support +.Xr utime 3 , +or +.Xr utimes 2 +when +.Dv MAGIC_PRESERVE_ATIME +is set. +.Sh FILES +.Bl -tag -width __MAGIC__.mgc -compact +.It Pa __MAGIC__ +The non-compiled default magic database. +.It Pa __MAGIC__.mgc +The compiled default magic database. +.El +.Sh SEE ALSO +.Xr file __CSECTION__ , +.Xr magic __FSECTION__ +.Sh BUGS +The results from +.Fn magic_buffer +and +.Fn magic_file +where the buffer and the file contain the same data +can produce different results, because in the +.Fn magic_file +case, the program can +.Xr lseek 2 +and +.Xr stat 2 +the file descriptor. +.Sh AUTHORS +.An M\(oans Rullg\(oard +Initial libmagic implementation, and configuration. +.An Christos Zoulas +API cleanup, error code and allocation handling. diff --git a/doc/magic.man b/doc/magic.man new file mode 100644 index 0000000..bc69604 --- /dev/null +++ b/doc/magic.man @@ -0,0 +1,755 @@ +.\" $File: magic.man,v 1.96 2019/01/21 14:56:53 christos Exp $ +.Dd January 21, 2019 +.Dt MAGIC __FSECTION__ +.Os +.\" install as magic.4 on USG, magic.5 on V7, Berkeley and Linux systems. +.Sh NAME +.Nm magic +.Nd file command's magic pattern file +.Sh DESCRIPTION +This manual page documents the format of magic files as +used by the +.Xr file __CSECTION__ +command, version __VERSION__. +The +.Xr file __CSECTION__ +command identifies the type of a file using, +among other tests, +a test for whether the file contains certain +.Dq "magic patterns" . +The database of these +.Dq "magic patterns" +is usually located in a binary file in +.Pa __MAGIC__.mgc +or a directory of source text magic pattern fragment files in +.Pa __MAGIC__ . +The database specifies what patterns are to be tested for, what message or +MIME type to print if a particular pattern is found, +and additional information to extract from the file. +.Pp +The format of the source fragment files that are used to build this database +is as follows: +Each line of a fragment file specifies a test to be performed. +A test compares the data starting at a particular offset +in the file with a byte value, a string or a numeric value. +If the test succeeds, a message is printed. +The line consists of the following fields: +.Bl -tag -width ".Dv message" +.It Dv offset +A number specifying the offset (in bytes) into the file of the data +which is to be tested. +This offset can be a negative number if it is: +.Bl -bullet -compact +.It +The first direct offset of the magic entry (at continuation level 0), +in which case it is interpreted an offset from end end of the file +going backwards. +This works only when a file descriptor to the file is a available and it +is a regular file. +.It +A continuation offset relative to the end of the last up-level field +.Dv ( \*[Am] ) . +.El +.It Dv type +The type of the data to be tested. +The possible values are: +.Bl -tag -width ".Dv lestring16" +.It Dv byte +A one-byte value. +.It Dv short +A two-byte value in this machine's native byte order. +.It Dv long +A four-byte value in this machine's native byte order. +.It Dv quad +An eight-byte value in this machine's native byte order. +.It Dv float +A 32-bit single precision IEEE floating point number in this machine's native byte order. +.It Dv double +A 64-bit double precision IEEE floating point number in this machine's native byte order. +.It Dv string +A string of bytes. +The string type specification can be optionally followed +by /[WwcCtbT]*. +The +.Dq W +flag compacts whitespace in the target, which must +contain at least one whitespace character. +If the magic has +.Dv n +consecutive blanks, the target needs at least +.Dv n +consecutive blanks to match. +The +.Dq w +flag treats every blank in the magic as an optional blank. +The +.Dq c +flag specifies case insensitive matching: lower case +characters in the magic match both lower and upper case characters in the +target, whereas upper case characters in the magic only match upper case +characters in the target. +The +.Dq C +flag specifies case insensitive matching: upper case +characters in the magic match both lower and upper case characters in the +target, whereas lower case characters in the magic only match upper case +characters in the target. +To do a complete case insensitive match, specify both +.Dq c +and +.Dq C . +The +.Dq t +flag forces the test to be done for text files, while the +.Dq b +flag forces the test to be done for binary files. +The +.Dq T +flag causes the string to be trimmed, i.e. leading and trailing whitespace +is deleted before the string is printed. +.It Dv pstring +A Pascal-style string where the first byte/short/int is interpreted as the +unsigned length. +The length defaults to byte and can be specified as a modifier. +The following modifiers are supported: +.Bl -tag -compact -width B +.It B +A byte length (default). +.It H +A 2 byte big endian length. +.It h +A 2 byte little endian length. +.It L +A 4 byte big endian length. +.It l +A 4 byte little endian length. +.It J +The length includes itself in its count. +.El +The string is not NUL terminated. +.Dq J +is used rather than the more +valuable +.Dq I +because this type of length is a feature of the JPEG +format. +.It Dv date +A four-byte value interpreted as a UNIX date. +.It Dv qdate +A eight-byte value interpreted as a UNIX date. +.It Dv ldate +A four-byte value interpreted as a UNIX-style date, but interpreted as +local time rather than UTC. +.It Dv qldate +An eight-byte value interpreted as a UNIX-style date, but interpreted as +local time rather than UTC. +.It Dv qwdate +An eight-byte value interpreted as a Windows-style date. +.It Dv beid3 +A 32-bit ID3 length in big-endian byte order. +.It Dv beshort +A two-byte value in big-endian byte order. +.It Dv belong +A four-byte value in big-endian byte order. +.It Dv bequad +An eight-byte value in big-endian byte order. +.It Dv befloat +A 32-bit single precision IEEE floating point number in big-endian byte order. +.It Dv bedouble +A 64-bit double precision IEEE floating point number in big-endian byte order. +.It Dv bedate +A four-byte value in big-endian byte order, +interpreted as a Unix date. +.It Dv beqdate +An eight-byte value in big-endian byte order, +interpreted as a Unix date. +.It Dv beldate +A four-byte value in big-endian byte order, +interpreted as a UNIX-style date, but interpreted as local time rather +than UTC. +.It Dv beqldate +An eight-byte value in big-endian byte order, +interpreted as a UNIX-style date, but interpreted as local time rather +than UTC. +.It Dv beqwdate +An eight-byte value in big-endian byte order, +interpreted as a Windows-style date. +.It Dv bestring16 +A two-byte unicode (UCS16) string in big-endian byte order. +.It Dv leid3 +A 32-bit ID3 length in little-endian byte order. +.It Dv leshort +A two-byte value in little-endian byte order. +.It Dv lelong +A four-byte value in little-endian byte order. +.It Dv lequad +An eight-byte value in little-endian byte order. +.It Dv lefloat +A 32-bit single precision IEEE floating point number in little-endian byte order. +.It Dv ledouble +A 64-bit double precision IEEE floating point number in little-endian byte order. +.It Dv ledate +A four-byte value in little-endian byte order, +interpreted as a UNIX date. +.It Dv leqdate +An eight-byte value in little-endian byte order, +interpreted as a UNIX date. +.It Dv leldate +A four-byte value in little-endian byte order, +interpreted as a UNIX-style date, but interpreted as local time rather +than UTC. +.It Dv leqldate +An eight-byte value in little-endian byte order, +interpreted as a UNIX-style date, but interpreted as local time rather +than UTC. +.It Dv leqwdate +An eight-byte value in little-endian byte order, +interpreted as a Windows-style date. +.It Dv lestring16 +A two-byte unicode (UCS16) string in little-endian byte order. +.It Dv melong +A four-byte value in middle-endian (PDP-11) byte order. +.It Dv medate +A four-byte value in middle-endian (PDP-11) byte order, +interpreted as a UNIX date. +.It Dv meldate +A four-byte value in middle-endian (PDP-11) byte order, +interpreted as a UNIX-style date, but interpreted as local time rather +than UTC. +.It Dv indirect +Starting at the given offset, consult the magic database again. +The offset of the +.Dv indirect +magic is by default absolute in the file, but one can specify +.Dv /r +to indicate that the offset is relative from the beginning of the entry. +.It Dv name +Define a +.Dq named +magic instance that can be called from another +.Dv use +magic entry, like a subroutine call. +Named instance direct magic offsets are relative to the offset of the +previous matched entry, but indirect offsets are relative to the beginning +of the file as usual. +Named magic entries always match. +.It Dv use +Recursively call the named magic starting from the current offset. +If the name of the referenced begins with a +.Dv ^ +then the endianness of the magic is switched; if the magic mentioned +.Dv leshort +for example, +it is treated as +.Dv beshort +and vice versa. +This is useful to avoid duplicating the rules for different endianness. +.It Dv regex +A regular expression match in extended POSIX regular expression syntax +(like egrep). +Regular expressions can take exponential time to process, and their +performance is hard to predict, so their use is discouraged. +When used in production environments, their performance +should be carefully checked. +The size of the string to search should also be limited by specifying +.Dv / , +to avoid performance issues scanning long files. +The type specification can also be optionally followed by +.Dv /[c][s][l] . +The +.Dq c +flag makes the match case insensitive, while the +.Dq s +flag update the offset to the start offset of the match, rather than the end. +The +.Dq l +modifier, changes the limit of length to mean number of lines instead of a +byte count. +Lines are delimited by the platforms native line delimiter. +When a line count is specified, an implicit byte count also computed assuming +each line is 80 characters long. +If neither a byte or line count is specified, the search is limited automatically +to 8KiB. +.Dv ^ +and +.Dv $ +match the beginning and end of individual lines, respectively, +not beginning and end of file. +.It Dv search +A literal string search starting at the given offset. +The same modifier flags can be used as for string patterns. +The search expression must contain the range in the form +.Dv /number, +that is the number of positions at which the match will be +attempted, starting from the start offset. +This is suitable for +searching larger binary expressions with variable offsets, using +.Dv \e +escapes for special characters. +The order of modifier and number is not relevant. +.It Dv default +This is intended to be used with the test +.Em x +(which is always true) and it has no type. +It matches when no other test at that continuation level has matched before. +Clearing that matched tests for a continuation level, can be done using the +.Dv clear +test. +.It Dv clear +This test is always true and clears the match flag for that continuation level. +It is intended to be used with the +.Dv default +test. +.El +.Pp +For compatibility with the Single +.Ux +Standard, the type specifiers +.Dv dC +and +.Dv d1 +are equivalent to +.Dv byte , +the type specifiers +.Dv uC +and +.Dv u1 +are equivalent to +.Dv ubyte , +the type specifiers +.Dv dS +and +.Dv d2 +are equivalent to +.Dv short , +the type specifiers +.Dv uS +and +.Dv u2 +are equivalent to +.Dv ushort , +the type specifiers +.Dv dI , +.Dv dL , +and +.Dv d4 +are equivalent to +.Dv long , +the type specifiers +.Dv uI , +.Dv uL , +and +.Dv u4 +are equivalent to +.Dv ulong , +the type specifier +.Dv d8 +is equivalent to +.Dv quad , +the type specifier +.Dv u8 +is equivalent to +.Dv uquad , +and the type specifier +.Dv s +is equivalent to +.Dv string . +In addition, the type specifier +.Dv dQ +is equivalent to +.Dv quad +and the type specifier +.Dv uQ +is equivalent to +.Dv uquad . +.Pp +Each top-level magic pattern (see below for an explanation of levels) +is classified as text or binary according to the types used. +Types +.Dq regex +and +.Dq search +are classified as text tests, unless non-printable characters are used +in the pattern. +All other tests are classified as binary. +A top-level +pattern is considered to be a test text when all its patterns are text +patterns; otherwise, it is considered to be a binary pattern. +When +matching a file, binary patterns are tried first; if no match is +found, and the file looks like text, then its encoding is determined +and the text patterns are tried. +.Pp +The numeric types may optionally be followed by +.Dv \*[Am] +and a numeric value, +to specify that the value is to be AND'ed with the +numeric value before any comparisons are done. +Prepending a +.Dv u +to the type indicates that ordered comparisons should be unsigned. +.It Dv test +The value to be compared with the value from the file. +If the type is +numeric, this value +is specified in C form; if it is a string, it is specified as a C string +with the usual escapes permitted (e.g. \en for new-line). +.Pp +Numeric values +may be preceded by a character indicating the operation to be performed. +It may be +.Dv = , +to specify that the value from the file must equal the specified value, +.Dv \*[Lt] , +to specify that the value from the file must be less than the specified +value, +.Dv \*[Gt] , +to specify that the value from the file must be greater than the specified +value, +.Dv \*[Am] , +to specify that the value from the file must have set all of the bits +that are set in the specified value, +.Dv ^ , +to specify that the value from the file must have clear any of the bits +that are set in the specified value, or +.Dv ~ , +the value specified after is negated before tested. +.Dv x , +to specify that any value will match. +If the character is omitted, it is assumed to be +.Dv = . +Operators +.Dv \*[Am] , +.Dv ^ , +and +.Dv ~ +don't work with floats and doubles. +The operator +.Dv !\& +specifies that the line matches if the test does +.Em not +succeed. +.Pp +Numeric values are specified in C form; e.g. +.Dv 13 +is decimal, +.Dv 013 +is octal, and +.Dv 0x13 +is hexadecimal. +.Pp +Numeric operations are not performed on date types, instead the numeric +value is interpreted as an offset. +.Pp +For string values, the string from the +file must match the specified string. +The operators +.Dv = , +.Dv \*[Lt] +and +.Dv \*[Gt] +(but not +.Dv \*[Am] ) +can be applied to strings. +The length used for matching is that of the string argument +in the magic file. +This means that a line can match any non-empty string (usually used to +then print the string), with +.Em \*[Gt]\e0 +(because all non-empty strings are greater than the empty string). +.Pp +Dates are treated as numerical values in the respective internal +representation. +.Pp +The special test +.Em x +always evaluates to true. +.It Dv message +The message to be printed if the comparison succeeds. +If the string contains a +.Xr printf 3 +format specification, the value from the file (with any specified masking +performed) is printed using the message as the format string. +If the string begins with +.Dq \eb , +the message printed is the remainder of the string with no whitespace +added before it: multiple matches are normally separated by a single +space. +.El +.Pp +An APPLE 4+4 character APPLE creator and type can be specified as: +.Bd -literal -offset indent +!:apple CREATYPE +.Ed +.Pp +A MIME type is given on a separate line, which must be the next +non-blank or comment line after the magic line that identifies the +file type, and has the following format: +.Bd -literal -offset indent +!:mime MIMETYPE +.Ed +.Pp +i.e. the literal string +.Dq !:mime +followed by the MIME type. +.Pp +An optional strength can be supplied on a separate line which refers to +the current magic description using the following format: +.Bd -literal -offset indent +!:strength OP VALUE +.Ed +.Pp +The operand +.Dv OP +can be: +.Dv + , +.Dv - , +.Dv * , +or +.Dv / +and +.Dv VALUE +is a constant between 0 and 255. +This constant is applied using the specified operand +to the currently computed default magic strength. +.Pp +Some file formats contain additional information which is to be printed +along with the file type or need additional tests to determine the true +file type. +These additional tests are introduced by one or more +.Em \*[Gt] +characters preceding the offset. +The number of +.Em \*[Gt] +on the line indicates the level of the test; a line with no +.Em \*[Gt] +at the beginning is considered to be at level 0. +Tests are arranged in a tree-like hierarchy: +if the test on a line at level +.Em n +succeeds, all following tests at level +.Em n+1 +are performed, and the messages printed if the tests succeed, until a line +with level +.Em n +(or less) appears. +For more complex files, one can use empty messages to get just the +"if/then" effect, in the following way: +.Bd -literal -offset indent +0 string MZ +\*[Gt]0x18 leshort \*[Lt]0x40 MS-DOS executable +\*[Gt]0x18 leshort \*[Gt]0x3f extended PC executable (e.g., MS Windows) +.Ed +.Pp +Offsets do not need to be constant, but can also be read from the file +being examined. +If the first character following the last +.Em \*[Gt] +is a +.Em \&( +then the string after the parenthesis is interpreted as an indirect offset. +That means that the number after the parenthesis is used as an offset in +the file. +The value at that offset is read, and is used again as an offset +in the file. +Indirect offsets are of the form: +.Em (( x [[.,][bBcCeEfFgGhHiIlmsSqQ]][+\-][ y ]) . +The value of +.Em x +is used as an offset in the file. +A byte, id3 length, short or long is read at that offset depending on the +.Em [bBcCeEfFgGhHiIlmsSqQ] +type specifier. +The value is treated as signed if +.Dq , +is specified or unsigned if +.Dq . +is specified. +The capitalized types interpret the number as a big endian +value, whereas the small letter versions interpret the number as a little +endian value; +the +.Em m +type interprets the number as a middle endian (PDP-11) value. +To that number the value of +.Em y +is added and the result is used as an offset in the file. +The default type if one is not specified is long. +The following types are recognized: +.Bl -column -offset indent "Type" "Half/Short" "Little" "Size" +.It Sy Type Sy Mnemonic Sy Endian Sy Size +.It bcBc Byte/Char N/A 1 +.It efg Double Little 8 +.It EFG Double Big 8 +.It hs Half/Short Little 2 +.It HS Half/Short Big 2 +.It i ID3 Little 4 +.It I ID3 Big 4 +.It m Middle Middle 4 +.It q Quad Little 8 +.It Q Quad Big 8 +.El +.Pp +That way variable length structures can be examined: +.Bd -literal -offset indent +# MS Windows executables are also valid MS-DOS executables +0 string MZ +\*[Gt]0x18 leshort \*[Lt]0x40 MZ executable (MS-DOS) +# skip the whole block below if it is not an extended executable +\*[Gt]0x18 leshort \*[Gt]0x3f +\*[Gt]\*[Gt](0x3c.l) string PE\e0\e0 PE executable (MS-Windows) +\*[Gt]\*[Gt](0x3c.l) string LX\e0\e0 LX executable (OS/2) +.Ed +.Pp +This strategy of examining has a drawback: you must make sure that you +eventually print something, or users may get empty output (such as when +there is neither PE\e0\e0 nor LE\e0\e0 in the above example). +.Pp +If this indirect offset cannot be used directly, simple calculations are +possible: appending +.Em [+-*/%\*[Am]|^]number +inside parentheses allows one to modify +the value read from the file before it is used as an offset: +.Bd -literal -offset indent +# MS Windows executables are also valid MS-DOS executables +0 string MZ +# sometimes, the value at 0x18 is less that 0x40 but there's still an +# extended executable, simply appended to the file +\*[Gt]0x18 leshort \*[Lt]0x40 +\*[Gt]\*[Gt](4.s*512) leshort 0x014c COFF executable (MS-DOS, DJGPP) +\*[Gt]\*[Gt](4.s*512) leshort !0x014c MZ executable (MS-DOS) +.Ed +.Pp +Sometimes you do not know the exact offset as this depends on the length or +position (when indirection was used before) of preceding fields. +You can specify an offset relative to the end of the last up-level +field using +.Sq \*[Am] +as a prefix to the offset: +.Bd -literal -offset indent +0 string MZ +\*[Gt]0x18 leshort \*[Gt]0x3f +\*[Gt]\*[Gt](0x3c.l) string PE\e0\e0 PE executable (MS-Windows) +# immediately following the PE signature is the CPU type +\*[Gt]\*[Gt]\*[Gt]\*[Am]0 leshort 0x14c for Intel 80386 +\*[Gt]\*[Gt]\*[Gt]\*[Am]0 leshort 0x184 for DEC Alpha +.Ed +.Pp +Indirect and relative offsets can be combined: +.Bd -literal -offset indent +0 string MZ +\*[Gt]0x18 leshort \*[Lt]0x40 +\*[Gt]\*[Gt](4.s*512) leshort !0x014c MZ executable (MS-DOS) +# if it's not COFF, go back 512 bytes and add the offset taken +# from byte 2/3, which is yet another way of finding the start +# of the extended executable +\*[Gt]\*[Gt]\*[Gt]\*[Am](2.s-514) string LE LE executable (MS Windows VxD driver) +.Ed +.Pp +Or the other way around: +.Bd -literal -offset indent +0 string MZ +\*[Gt]0x18 leshort \*[Gt]0x3f +\*[Gt]\*[Gt](0x3c.l) string LE\e0\e0 LE executable (MS-Windows) +# at offset 0x80 (-4, since relative offsets start at the end +# of the up-level match) inside the LE header, we find the absolute +# offset to the code area, where we look for a specific signature +\*[Gt]\*[Gt]\*[Gt](\*[Am]0x7c.l+0x26) string UPX \eb, UPX compressed +.Ed +.Pp +Or even both! +.Bd -literal -offset indent +0 string MZ +\*[Gt]0x18 leshort \*[Gt]0x3f +\*[Gt]\*[Gt](0x3c.l) string LE\e0\e0 LE executable (MS-Windows) +# at offset 0x58 inside the LE header, we find the relative offset +# to a data area where we look for a specific signature +\*[Gt]\*[Gt]\*[Gt]\*[Am](\*[Am]0x54.l-3) string UNACE \eb, ACE self-extracting archive +.Ed +.Pp +If you have to deal with offset/length pairs in your file, even the +second value in a parenthesized expression can be taken from the file itself, +using another set of parentheses. +Note that this additional indirect offset is always relative to the +start of the main indirect offset. +.Bd -literal -offset indent +0 string MZ +\*[Gt]0x18 leshort \*[Gt]0x3f +\*[Gt]\*[Gt](0x3c.l) string PE\e0\e0 PE executable (MS-Windows) +# search for the PE section called ".idata"... +\*[Gt]\*[Gt]\*[Gt]\*[Am]0xf4 search/0x140 .idata +# ...and go to the end of it, calculated from start+length; +# these are located 14 and 10 bytes after the section name +\*[Gt]\*[Gt]\*[Gt]\*[Gt](\*[Am]0xe.l+(-4)) string PK\e3\e4 \eb, ZIP self-extracting archive +.Ed +.Pp +If you have a list of known values at a particular continuation level, +and you want to provide a switch-like default case: +.Bd -literal -offset indent +# clear that continuation level match +\*[Gt]18 clear +\*[Gt]18 lelong 1 one +\*[Gt]18 lelong 2 two +\*[Gt]18 default x +# print default match +\*[Gt]\*[Gt]18 lelong x unmatched 0x%x +.Ed +.Sh SEE ALSO +.Xr file __CSECTION__ +\- the command that reads this file. +.Sh BUGS +The formats +.Dv long , +.Dv belong , +.Dv lelong , +.Dv melong , +.Dv short , +.Dv beshort , +and +.Dv leshort +do not depend on the length of the C data types +.Dv short +and +.Dv long +on the platform, even though the Single +.Ux +Specification implies that they do. However, as OS X Mountain Lion has +passed the Single +.Ux +Specification validation suite, and supplies a version of +.Xr file __CSECTION__ +in which they do not depend on the sizes of the C data types and that is +built for a 64-bit environment in which +.Dv long +is 8 bytes rather than 4 bytes, presumably the validation suite does not +test whether, for example +.Dv long +refers to an item with the same size as the C data type +.Dv long . +There should probably be +.Dv type +names +.Dv int8 , +.Dv uint8 , +.Dv int16 , +.Dv uint16 , +.Dv int32 , +.Dv uint32 , +.Dv int64 , +and +.Dv uint64 , +and specified-byte-order variants of them, +to make it clearer that those types have specified widths. +.\" +.\" From: guy@sun.uucp (Guy Harris) +.\" Newsgroups: net.bugs.usg +.\" Subject: /etc/magic's format isn't well documented +.\" Message-ID: <2752@sun.uucp> +.\" Date: 3 Sep 85 08:19:07 GMT +.\" Organization: Sun Microsystems, Inc. +.\" Lines: 136 +.\" +.\" Here's a manual page for the format accepted by the "file" made by adding +.\" the changes I posted to the S5R2 version. +.\" +.\" Modified for Ian Darwin's version of the file command. diff --git a/fuzz/Dockerfile b/fuzz/Dockerfile new file mode 100644 index 0000000..c965aab --- /dev/null +++ b/fuzz/Dockerfile @@ -0,0 +1,21 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder +MAINTAINER mike.aizatsky@gmail.com +RUN apt-get install -y make autoconf automake libtool shtool +RUN git clone --depth 1 https://github.com/file/file.git +WORKDIR file/fuzz diff --git a/fuzz/build.sh b/fuzz/build.sh new file mode 100755 index 0000000..6f23fcd --- /dev/null +++ b/fuzz/build.sh @@ -0,0 +1,29 @@ +#!/bin/bash -eu +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +: ${SRC:=.} +: ${OUT:=.} +: ${CC:=cc} +: ${CFLAGS:=-O -DHAVE_CONFIG_H -Wall} + +#(cd .. && autoreconf -i && ./configure --enable-static && make V=1 all) + +"$CC" $CFLAGS -I../src/ -I.. \ + "$SRC/magic_fuzzer.c" -o "$OUT/magic_fuzzer" \ + -lFuzzingEngine ../src/.libs/libmagic.a + +cp ../magic/magic.mgc "$OUT/magic.mgc" diff --git a/fuzz/magic_fuzzer.c b/fuzz/magic_fuzzer.c new file mode 100644 index 0000000..9a11162 --- /dev/null +++ b/fuzz/magic_fuzzer.c @@ -0,0 +1,75 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice immediately at the beginning of the file, without modification, + * this list of conditions, and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ +/* + * LLVM fuzzing integration. + */ + +#include "file.h" + +#ifndef lint +FILE_RCSID("@(#)$File: magic_fuzzer.c,v 1.1 2017/04/24 19:41:34 christos Exp $") +#endif /* lint */ + +#include "magic.h" +#include +#include +#include + +int LLVMFuzzerInitialize(int *, char ***); +int LLVMFuzzerTestOneInput(const uint8_t *, size_t); + +static magic_t magic; + +int +LLVMFuzzerInitialize(int *argc, char ***argv) +{ + char dfile[MAXPATHLEN], mfile[MAXPATHLEN]; + + magic = magic_open(MAGIC_NONE); + if (magic == NULL) { + warn("magic_open"); + return -1; + } + + // Poor man's strlcpy(3), to avoid potentially destructive dirname(3) + snprintf(dfile, sizeof(dfile), "%s", (*argv)[0]); + snprintf(mfile, sizeof(mfile), "%s/magic", dirname(dfile)); + + if (magic_load(magic, mfile) == -1) { + warnx("magic_load: %s", magic_error(magic)); + return -1; + } + + return 0; +} + +int +LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + if (size == 0) + return 0; + + magic_buffer(magic, data, size); + return 0; +} diff --git a/fuzz/project.yaml b/fuzz/project.yaml new file mode 100644 index 0000000..1a8eda7 --- /dev/null +++ b/fuzz/project.yaml @@ -0,0 +1,6 @@ +homepage: "http://www.darwinsys.com/file/" +primary_contact: "zoulasc@gmail.com" +sanitizers: + - address + - memory + - undefined diff --git a/m4/.cvsignore b/m4/.cvsignore new file mode 100644 index 0000000..56c190a --- /dev/null +++ b/m4/.cvsignore @@ -0,0 +1,2 @@ +*.m4 +.cvsignore diff --git a/magic/.cvsignore b/magic/.cvsignore new file mode 100644 index 0000000..cbb1b4f --- /dev/null +++ b/magic/.cvsignore @@ -0,0 +1,6 @@ +Makefile +Makefile.in +magic +*.mgc +Localstuff +.gitignore diff --git a/magic/Header b/magic/Header new file mode 100644 index 0000000..345a50f --- /dev/null +++ b/magic/Header @@ -0,0 +1,5 @@ +# Magic data for file(1) command. +# Format is described in magic(files), where: +# files is 5 on V7 and BSD, 4 on SV, and ?? on SVID. +# Don't edit this file, edit /etc/magic or send your magic improvements +# to the maintainers, at file@astron.com diff --git a/magic/Localstuff b/magic/Localstuff new file mode 100644 index 0000000..419855f --- /dev/null +++ b/magic/Localstuff @@ -0,0 +1,7 @@ + +#------------------------------------------------------------------------------ +# Localstuff: file(1) magic for locally observed files +# +# $File: Localstuff,v 1.4 2003/03/23 04:17:27 christos Exp $ +# Add any locally observed files here. Remember: +# text if readable, executable if runnable binary, data if unreadable. diff --git a/magic/Magdir/acorn b/magic/Magdir/acorn new file mode 100644 index 0000000..4aa3455 --- /dev/null +++ b/magic/Magdir/acorn @@ -0,0 +1,102 @@ + +#------------------------------------------------------------------------------ +# $File: acorn,v 1.7 2019/04/19 00:42:27 christos Exp $ +# acorn: file(1) magic for files found on Acorn systems +# + +# RISC OS Chunk File Format +# From RISC OS Programmer's Reference Manual, Appendix D +# We guess the file type from the type of the first chunk. +0 lelong 0xc3cbc6c5 RISC OS Chunk data +>12 string OBJ_ \b, AOF object +>12 string LIB_ \b, ALF library + +# RISC OS AIF, contains "SWI OS_Exit" at offset 16. +16 lelong 0xef000011 RISC OS AIF executable + +# RISC OS Draw files +# From RISC OS Programmer's Reference Manual, Appendix E +0 string Draw RISC OS Draw file data + +# RISC OS new format font files +# From RISC OS Programmer's Reference Manual, Appendix E +0 string FONT\0 RISC OS outline font data, +>5 byte x version %d +0 string FONT\1 RISC OS 1bpp font data, +>5 byte x version %d +0 string FONT\4 RISC OS 4bpp font data +>5 byte x version %d + +# RISC OS Music files +# From RISC OS Programmer's Reference Manual, Appendix E +0 string Maestro\r RISC OS music file +>8 byte x version %d + +>8 byte x type %d + +# Digital Symphony data files +# From: Bernard Jungen (bern8817@euphonynet.be) +0 string \x02\x01\x13\x13\x13\x01\x0d\x10 Digital Symphony sound sample (RISC OS), +>8 byte x version %d, +>9 pstring x named "%s", +>(9.b+19) byte =0 8-bit logarithmic +>(9.b+19) byte =1 LZW-compressed linear +>(9.b+19) byte =2 8-bit linear signed +>(9.b+19) byte =3 16-bit linear signed +>(9.b+19) byte =4 SigmaDelta-compressed linear +>(9.b+19) byte =5 SigmaDelta-compressed logarithmic +>(9.b+19) byte >5 unknown format + +0 string \x02\x01\x13\x13\x14\x12\x01\x0b Digital Symphony song (RISC OS), +>8 byte x version %d, +>9 byte =1 1 voice, +>9 byte !1 %d voices, +>10 leshort =1 1 track, +>10 leshort !1 %d tracks, +>12 leshort =1 1 pattern +>12 leshort !1 %d patterns + +0 string \x02\x01\x13\x13\x10\x14\x12\x0e +>9 byte =0 Digital Symphony sequence (RISC OS), +>>8 byte x version %d, +>>10 byte =1 1 line, +>>10 byte !1 %d lines, +>>11 leshort =1 1 position +>>11 leshort !1 %d positions +>9 byte =1 Digital Symphony pattern data (RISC OS), +>>8 byte x version %d, +>>10 leshort =1 1 pattern +>>10 leshort !1 %d patterns + +# From: Joerg Jenderek +# URL: https://www.kyzer.me.uk/pack/xad/#PackDir +# reference: https://www.kyzer.me.uk/pack/xad/xad_PackDir.lha/PackDir.c +# GRR: line below is too general as it matches also "Git pack" in ./revision +0 string PACK\0 +# check for valid compression method 0-4 +>5 ulelong <5 +# https://www.riscosopen.org/wiki/documentation/show/Introduction%20To%20Filing%20Systems +# To skip "Git pack" version 0 test for root directory object like +# ADFS::RPC.$.websitezip.FONTFIX +>>9 string >ADFS\ PackDir archive (RISC OS) +# TrID labels above as "Acorn PackDir compressed Archive" +# compression mode y (0 - 4) for GIF LZW with a maximum n bits +# (y~n,0~12,1~13,2~14,3~15,4~16) +>>>5 ulelong+12 x \b, LZW %u-bits compression +# https://www.filebase.org.uk/filetypes +# !Packdir compressed archive has three hexadecimal digits code 68E +!:mime application/x-acorn-68E +!:ext pkd/bin +# null terminated root directory object like IDEFS::IDE-4.$.Apps.GRAPHICS.!XFMPdemo +>>>9 string x \b, root "%s" +# load address 0xFFFtttdd, ttt is the object filetype and dddddddddd is time +>>>>&1 ulelong x \b, load address 0x%x +# execution address 0xdddddddd dddddddddd is 40 bit unsigned centiseconds since 1.1.1900 UTC +>>>>&5 ulelong x \b, exec address 0x%x +# attributes (bits: 0~owner read,1~owner write,3~no delete,4~public read,5~public write) +>>>>&9 ulelong x \b, attributes 0x%x +# number of entries in this directory. for root dir 0 +#>>>&13 ulelong x \b, entries 0x%x +# the entries start here with object name +>>>>&17 string x \b, 1st object "%s" + diff --git a/magic/Magdir/adi b/magic/Magdir/adi new file mode 100644 index 0000000..f35a447 --- /dev/null +++ b/magic/Magdir/adi @@ -0,0 +1,13 @@ + +#------------------------------------------------------------------------------ +# $File$ +# adi: file(1) magic for ADi's objects +# From Gregory McGarry +# +0 leshort 0x521c COFF DSP21k +>18 lelong &02 executable, +>18 lelong ^02 +>>18 lelong &01 static object, +>>18 lelong ^01 relocatable object, +>18 lelong &010 stripped +>18 lelong ^010 not stripped diff --git a/magic/Magdir/adventure b/magic/Magdir/adventure new file mode 100644 index 0000000..bd7f863 --- /dev/null +++ b/magic/Magdir/adventure @@ -0,0 +1,122 @@ + +#------------------------------------------------------------------------------ +# $File: adventure,v 1.18 2019/04/19 00:42:27 christos Exp $ +# adventure: file(1) magic for Adventure game files +# +# from Allen Garvin +# Edited by Dave Chapeskie Jun 28, 1998 +# Edited by Chris Chittleborough , March 2002 +# +# ALAN +# I assume there are other, lower versions, but these are the only ones I +# saw in the archive. +0 beshort 0x0206 ALAN game data +>2 byte <10 version 2.6%d + + +# Infocom (see z-machine) +#------------------------------------------------------------------------------ +# Z-machine: file(1) magic for Z-machine binaries. +# Sanity checks by David Griffith +# Updated by Adam Buchbinder +# +#http://www.gnelson.demon.co.uk/zspec/sect11.html +#https://www.jczorkmid.net/~jpenney/ZSpec11-latest.txt +#https://en.wikipedia.org/wiki/Z-machine +# The first byte is the Z-machine revision; it is always between 1 and 8. We +# had false matches (for instance, inbig5.ocp from the Omega TeX extension as +# well as an occasional MP3 file), so we sanity-check the version number. +# +# It might be possible to sanity-check the release number as well, as it seems +# (at least in classic Infocom games) to always be a relatively small number, +# always under 150 or so, but as this isn't rigorous, we'll wait on that until +# it becomes clear that it's needed. +# +0 ubyte >0 +>0 ubyte <9 +>>16 belong&0xfe00f0f0 0x3030 +>>>0 ubyte < 10 +>>>>2 ubeshort x +>>>>>18 regex [0-9][0-9][0-9][0-9][0-9][0-9] +>>>>>>0 ubyte < 10 Infocom (Z-machine %d +>>>>>>>2 ubeshort x \b, Release %d +>>>>>>>>18 string >\0 \b, Serial %.6s +>>>>>>>>18 string x \b) +!:strength + 40 +!:mime application/x-zmachine + +#------------------------------------------------------------------------------ +# Glulx: file(1) magic for Glulx binaries. +# +# David Griffith +# I haven't checked for false matches yet. +# +0 string Glul Glulx game data +>4 beshort x (Version %d +>>6 byte x \b.%d +>>8 byte x \b.%d) +>36 string Info Compiled by Inform +!:mime application/x-glulx + + +# For Quetzal and blorb magic see iff + + +# TADS (Text Adventure Development System) version 2 +# All files are machine-independent (games compile to byte-code) and are tagged +# with a version string of the form "V2..\0". +# Game files start with "TADS2 bin\n\r\032\0" then the compiler version. +0 string TADS2\ bin TADS +>9 belong !0x0A0D1A00 game data, CORRUPTED +>9 belong 0x0A0D1A00 +>>13 string >\0 %s game data +!:mime application/x-tads +# Resource files start with "TADS2 rsc\n\r\032\0" then the compiler version. +0 string TADS2\ rsc TADS +>9 belong !0x0A0D1A00 resource data, CORRUPTED +>9 belong 0x0A0D1A00 +>>13 string >\0 %s resource data +!:mime application/x-tads +# Some saved game files start with "TADS2 save/g\n\r\032\0", a little-endian +# 2-byte length N, the N-char name of the game file *without* a NUL (darn!), +# "TADS2 save\n\r\032\0" and the interpreter version. +0 string TADS2\ save/g TADS +>12 belong !0x0A0D1A00 saved game data, CORRUPTED +>12 belong 0x0A0D1A00 +>>(16.s+32) string >\0 %s saved game data +!:mime application/x-tads +# Other saved game files start with "TADS2 save\n\r\032\0" and the interpreter +# version. +0 string TADS2\ save TADS +>10 belong !0x0A0D1A00 saved game data, CORRUPTED +>10 belong 0x0A0D1A00 +>>14 string >\0 %s saved game data +!:mime application/x-tads + +# TADS (Text Adventure Development System) version 3 +# Game files start with "T3-image\015\012\032" +0 string T3-image\015\012\032 +>11 leshort x TADS 3 game data (format version %d) +# Saved game files start with "T3-state-v####\015\012\032" +# where #### is a format version number +0 string T3-state-v +>14 string \015\012\032 TADS 3 saved game data (format version +>>10 byte x %c +>>11 byte x \b%c +>>12 byte x \b%c +>>13 byte x \b%c) +!:mime application/x-t3vm-image + +# edited by David Griffith +# Danny Milosavljevic +# These are ADRIFT (adventure game standard) game files, extension .taf +# Checked from source at (http://www.adrift.co/) and various taf files +# found at the Interactive Fiction Archive (https://ifarchive.org/) +0 belong 0x3C423FC9 +>4 belong 0x6A87C2CF Adrift game file version +>>8 belong 0x94453661 3.80 +>>8 belong 0x94453761 3.90 +>>8 belong 0x93453E61 4.0 +>>8 belong 0x92453E61 5.0 +>>8 default x unknown +!:mime application/x-adrift diff --git a/magic/Magdir/algol68 b/magic/Magdir/algol68 new file mode 100644 index 0000000..3675b84 --- /dev/null +++ b/magic/Magdir/algol68 @@ -0,0 +1,19 @@ + +#------------------------------------------------------------------------------ +# $File: algol68,v 1.3 2018/10/19 01:04:21 christos Exp $ +# algol68: file(1) magic for Algol 68 source +# +0 search/8192 (input, Algol 68 source text +!:mime text/x-Algol68 +0 regex/1024 \^PROC Algol 68 source text +!:mime text/x-Algol68 +0 regex/1024 \bMODE[\t\ ] Algol 68 source text +!:mime text/x-Algol68 +0 regex/1024 \bREF[\t\ ] Algol 68 source text +!:mime text/x-Algol68 +0 regex/1024 \bFLEX[\t\ ]\*\\[ Algol 68 source text +!:mime text/x-Algol68 +#0 regex [\t\ ]OD Algol 68 source text +#!:mime text/x-Algol68 +#0 regex [\t\ ]FI Algol 68 source text +#!:mime text/x-Algol68 diff --git a/magic/Magdir/allegro b/magic/Magdir/allegro new file mode 100644 index 0000000..e829510 --- /dev/null +++ b/magic/Magdir/allegro @@ -0,0 +1,9 @@ + +#------------------------------------------------------------------------------ +# $File$ +# allegro: file(1) magic for Allegro datafiles +# Toby Deshane +# +0 belong 0x736C6821 Allegro datafile (packed) +0 belong 0x736C682E Allegro datafile (not packed/autodetect) +0 belong 0x736C682B Allegro datafile (appended exe data) diff --git a/magic/Magdir/alliant b/magic/Magdir/alliant new file mode 100644 index 0000000..dc0f7d5 --- /dev/null +++ b/magic/Magdir/alliant @@ -0,0 +1,18 @@ + +#------------------------------------------------------------------------------ +# $File$ +# alliant: file(1) magic for Alliant FX series a.out files +# +# If the FX series is the one that had a processor with a 68K-derived +# instruction set, the "short" should probably become "beshort" and the +# "long" should probably become "belong". +# If it's the i860-based one, they should probably become either the +# big-endian or little-endian versions, depending on the mode they ran +# the 860 in.... +# +0 short 0420 0420 Alliant virtual executable +>2 short &0x0020 common library +>16 long >0 not stripped +0 short 0421 0421 Alliant compact executable +>2 short &0x0020 common library +>16 long >0 not stripped diff --git a/magic/Magdir/alpha b/magic/Magdir/alpha new file mode 100644 index 0000000..ea0b04b --- /dev/null +++ b/magic/Magdir/alpha @@ -0,0 +1,32 @@ + +#------------------------------------------------------------------------------ +# $File$ +# alpha architecture description +# + +0 leshort 0603 COFF format alpha +>22 leshort&030000 !020000 executable +>24 leshort 0410 pure +>24 leshort 0413 paged +>22 leshort&020000 !0 dynamically linked +>16 lelong !0 not stripped +>16 lelong 0 stripped +>22 leshort&030000 020000 shared library +>24 leshort 0407 object +>27 byte x - version %d +>26 byte x .%d +>28 byte x -%d + +# Basic recognition of Digital UNIX core dumps - Mike Bremford +# +# The actual magic number is just "Core", followed by a 2-byte version +# number; however, treating any file that begins with "Core" as a Digital +# UNIX core dump file may produce too many false hits, so we include one +# byte of the version number as well; DU 5.0 appears only to be up to +# version 2. +# +0 string Core\001 Alpha COFF format core dump (Digital UNIX) +>24 string >\0 \b, from '%s' +0 string Core\002 Alpha COFF format core dump (Digital UNIX) +>24 string >\0 \b, from '%s' + diff --git a/magic/Magdir/amanda b/magic/Magdir/amanda new file mode 100644 index 0000000..e7fa539 --- /dev/null +++ b/magic/Magdir/amanda @@ -0,0 +1,12 @@ + +#------------------------------------------------------------------------------ +# $File: amanda,v 1.6 2017/03/17 21:35:28 christos Exp $ +# amanda: file(1) magic for amanda file format +# +0 string AMANDA:\ AMANDA +>8 string TAPESTART\ DATE tape header file, +>>23 string X +>>>25 string >\ Unused %s +>>23 string >\ DATE %s +>8 string FILE\ dump file, +>>13 string >\ DATE %s diff --git a/magic/Magdir/amigaos b/magic/Magdir/amigaos new file mode 100644 index 0000000..e719921 --- /dev/null +++ b/magic/Magdir/amigaos @@ -0,0 +1,87 @@ + +#------------------------------------------------------------------------------ +# $File: amigaos,v 1.17 2018/10/16 18:57:19 christos Exp $ +# amigaos: file(1) magic for AmigaOS binary formats: + +# +# From ignatios@cs.uni-bonn.de (Ignatios Souvatzis) +# +0 belong 0x000003fa AmigaOS shared library +0 belong 0x000003f3 AmigaOS loadseg()ble executable/binary +0 belong 0x000003e7 AmigaOS object/library data +# +0 beshort 0xe310 Amiga Workbench +>2 beshort 1 +>>48 byte 1 disk icon +>>48 byte 2 drawer icon +>>48 byte 3 tool icon +>>48 byte 4 project icon +>>48 byte 5 garbage icon +>>48 byte 6 device icon +>>48 byte 7 kickstart icon +>>48 byte 8 workbench application icon +>2 beshort >1 icon, vers. %d +# +# various sound formats from the Amiga +# G=F6tz Waschk +# +0 string FC14 Future Composer 1.4 Module sound file +0 string SMOD Future Composer 1.3 Module sound file +0 string AON4artofnoise Art Of Noise Module sound file +1 string MUGICIAN/SOFTEYES Mugician Module sound file +58 string SIDMON\ II\ -\ THE Sidmon 2.0 Module sound file +0 string Synth4.0 Synthesis Module sound file +0 string ARP. The Holy Noise Module sound file +0 string BeEp\0 JamCracker Module sound file +0 string COSO\0 Hippel-COSO Module sound file +# Too simple (short, pure ASCII, deep), MPi +#26 string V.3 Brian Postma's Soundmon Module sound file v3 +#26 string BPSM Brian Postma's Soundmon Module sound file v3 +#26 string V.2 Brian Postma's Soundmon Module sound file v2 + +# The following are from: "Stefan A. Haubenthal" +0 beshort 0x0f00 AmigaOS bitmap font +0 beshort 0x0f03 AmigaOS outline font +0 belong 0x80001001 AmigaOS outline tag +0 string ##\ version catalog translation +0 string EMOD\0 Amiga E module +8 string ECXM\0 ECX module +0 string/c @database AmigaGuide file + +# Amiga disk types +# +0 string RDSK Rigid Disk Block +>160 string x on %.24s +0 string DOS\0 Amiga DOS disk +0 string DOS\1 Amiga FFS disk +0 string DOS\2 Amiga Inter DOS disk +0 string DOS\3 Amiga Inter FFS disk +0 string DOS\4 Amiga Fastdir DOS disk +0 string DOS\5 Amiga Fastdir FFS disk +0 string KICK Kickstart disk + +# From: Alex Beregszaszi +0 string LZX LZX compressed archive (Amiga) + +# From: Przemek Kramarczyk +0 string .KEY AmigaDOS script +0 string .key AmigaDOS script + +# AMOS Basic file formats +# https://www.exotica.org.uk/wiki/AMOS_file_formats +0 string AMOS\040Basic\040 AMOS Basic source code +>11 byte =0x56 \b, tested +>11 byte =0x76 \b, untested +0 string AMOS\040Pro AMOS Basic source code +>11 byte =0x56 \b, tested +>11 byte =0x76 \b, untested +0 string AmSp AMOS Basic sprite bank +>4 beshort x \b, %d sprites +0 string AmIc AMOS Basic icon bank +>4 beshort x \b, %d icons +0 string AmBk AMOS Basic memory bank +>4 beshort x \b, bank number %d +>8 belong&0xFFFFFFF x \b, length %d +>12 regex .{8} \b, type %s +0 string AmBs AMOS Basic memory banks +>4 beshort x \b, %d banks diff --git a/magic/Magdir/android b/magic/Magdir/android new file mode 100644 index 0000000..a9cfb35 --- /dev/null +++ b/magic/Magdir/android @@ -0,0 +1,180 @@ + +#------------------------------------------------------------ +# $File: android,v 1.12 2019/04/19 00:42:27 christos Exp $ +# Various android related magic entries +#------------------------------------------------------------ + +# Dalvik .dex format. http://retrodev.com/android/dexformat.html +# From "Mike Fleming" +# Fixed to avoid regexec 17 errors on some dex files +# From "Tim Strazzere" +0 string dex\n +>0 regex dex\n[0-9]{2}\0 Dalvik dex file +>4 string >000 version %s +0 string dey\n +>0 regex dey\n[0-9]{2}\0 Dalvik dex file (optimized for host) +>4 string >000 version %s + +# Android bootimg format +# From https://android.googlesource.com/\ +# platform/system/core/+/master/mkbootimg/bootimg.h +0 string ANDROID! Android bootimg +>1024 string LOKI\01 \b, LOKI'd +>8 lelong >0 \b, kernel +>>12 lelong >0 \b (0x%x) +>16 lelong >0 \b, ramdisk +>>20 lelong >0 \b (0x%x) +>24 lelong >0 \b, second stage +>>28 lelong >0 \b (0x%x) +>36 lelong >0 \b, page size: %d +>38 string >0 \b, name: %s +>64 string >0 \b, cmdline (%s) + +# Android Backup archive +# From: Ariel Shkedi +# Update: Joerg Jenderek +# URL: https://github.com/android/platform_frameworks_base/blob/\ +# 0bacfd2ba68d21a68a3df345b830bc2a1e515b5a/services/java/com/\ +# android/server/BackupManagerService.java#L2367 +# Reference: https://sourceforge.net/projects/adbextractor/ +# android-backup-extractor/perl/backupencrypt.pl +# Note: only unix line feeds "\n" found +# After the header comes a tar file +# If compressed, the entire tar file is compressed with JAVA deflate +# +# Include the version number hardcoded with the magic string to avoid +# false positives +0 string/b ANDROID\ BACKUP\n Android Backup +# maybe look for some more characteristics like linefeed '\n' or version +#>16 string \n +# No mime-type defined offically +!:mime application/x-google-ab +!:ext ab +# on 2nd line version (often 1, 2 on kitkat 4.4.3+, 4 on 7.1.2) +>15 string >\0 \b, version %s +# "1" on 3rd line means compressed +>17 string 0\n \b, Not-Compressed +>17 string 1\n \b, Compressed +# The 4th line is encryption "none" or "AES-256" +# any string as long as it's not the word none (which is matched below) +>19 string none\n \b, Not-Encrypted +# look for backup content after line with encryption info +#>>19 search/7 \n +# data part after header for not encrypted Android Backup +#>>>&0 ubequad x \b, content 0x%16.16llx... +# look for zlib compressed by ./compress after message with 1 space at end +#>>>&0 indirect x \b; contains +# look for tar archive block by ./archive for package name manifest +>>288 string ustar \b; contains +>>>31 use tar-file +# look for zip/jar archive by ./archive ./zip after message with 1 space at end +#>>2079 search/1025/s PK\003\004 \b; contains +#>>>&0 indirect x +>19 string !none +>>19 regex/1l \^([^n\n]|n[^o]|no[^n]|non[^e]|none.+).* \b, Encrypted (%s) +# Commented out because they don't seem useful to print +# (but they are part of the header - the tar file comes after them): +# The 5th line is User Password Salt (128 Hex) +# string length too high with standard src configuration +#>>>&1 string >\0 \b, PASSWORD salt: "%-128.128s" +#>>>&1 regex/1l .* \b, Password salt: %s +# The 6th line is Master Key Checksum Salt (128 Hex) +#>>>>&1 regex/1l .* \b, Master salt: %s +# The 7th line is Number of PBDKF2 Rounds (10000) +#>>>>>&1 regex/1l .* \b, PBKDF2 rounds: %s +# The 8th line is User key Initialization Vector (IV) (32 Hex) +#>>>>>>&1 regex/1l .* \b, IV: %s +#>>>>>>&1 regex/1l .* \b, IV: %s +# The 9th line is Master IV+Key+Checksum (192 Hex) +#>>>>>>>&1 regex/1l .* \b, Key: %s +# look for new line separator char after line number 9 +#>>>0x204 ubyte 0x0a NL found +#>>>>&1 ubequad x \b, Content magic %16.16llx + +# *.pit files by Joerg Jenderek +# https://forum.xda-developers.com/showthread.php?p=9122369 +# https://forum.xda-developers.com/showthread.php?t=816449 +# Partition Information Table for Samsung's smartphone with Android +# used by flash software Odin +0 ulelong 0x12349876 +# 1st pit entry marker +>0x01C ulequad&0xFFFFFFFCFFFFFFFC =0x0000000000000000 +# minimal 13 and maximal 18 PIT entries found +>>4 ulelong <128 Partition Information Table for Samsung smartphone +>>>4 ulelong x \b, %d entries +# 1. pit entry +>>>4 ulelong >0 \b; #1 +>>>0x01C use PIT-entry +>>>4 ulelong >1 \b; #2 +>>>0x0A0 use PIT-entry +>>>4 ulelong >2 \b; #3 +>>>0x124 use PIT-entry +>>>4 ulelong >3 \b; #4 +>>>0x1A8 use PIT-entry +>>>4 ulelong >4 \b; #5 +>>>0x22C use PIT-entry +>>>4 ulelong >5 \b; #6 +>>>0x2B0 use PIT-entry +>>>4 ulelong >6 \b; #7 +>>>0x334 use PIT-entry +>>>4 ulelong >7 \b; #8 +>>>0x3B8 use PIT-entry +>>>4 ulelong >8 \b; #9 +>>>0x43C use PIT-entry +>>>4 ulelong >9 \b; #10 +>>>0x4C0 use PIT-entry +>>>4 ulelong >10 \b; #11 +>>>0x544 use PIT-entry +>>>4 ulelong >11 \b; #12 +>>>0x5C8 use PIT-entry +>>>4 ulelong >12 \b; #13 +>>>>0x64C use PIT-entry +# 14. pit entry +>>>4 ulelong >13 \b; #14 +>>>>0x6D0 use PIT-entry +>>>4 ulelong >14 \b; #15 +>>>0x754 use PIT-entry +>>>4 ulelong >15 \b; #16 +>>>0x7D8 use PIT-entry +>>>4 ulelong >16 \b; #17 +>>>0x85C use PIT-entry +# 18. pit entry +>>>4 ulelong >17 \b; #18 +>>>0x8E0 use PIT-entry + +0 name PIT-entry +# garbage value implies end of pit entries +>0x00 ulequad&0xFFFFFFFCFFFFFFFC =0x0000000000000000 +# skip empty partition name +>>0x24 ubyte !0 +# partition name +>>>0x24 string >\0 %-.32s +# flags +>>>0x0C ulelong&0x00000002 2 \b+RW +# partition ID: +# 0~IPL,MOVINAND,GANG;1~PIT,GPT;2~HIDDEN;3~SBL,HIDDEN;4~SBL2,HIDDEN;5~BOOT;6~KENREl,RECOVER,misc;7~RECOVER +# ;11~MODEM;20~efs;21~PARAM;22~FACTORY,SYSTEM;23~DBDATAFS,USERDATA;24~CACHE;80~BOOTLOADER;81~TZSW +>>>0x08 ulelong x (0x%x) +# filename +>>>0x44 string >\0 "%-.64s" +#>>>0x18 ulelong >0 +# blocksize in 512 byte units ? +#>>>>0x18 ulelong x \b, %db +# partition size in blocks ? +#>>>>0x22 ulelong x \b*%d + +# Android sparse img format +# From https://android.googlesource.com/\ +# platform/system/core/+/master/libsparse/sparse_format.h +0 lelong 0xed26ff3a Android sparse image +>4 leshort x \b, version: %d +>6 leshort x \b.%d +>16 lelong x \b, Total of %d +>12 lelong x \b %d-byte output blocks in +>20 lelong x \b %d input chunks. + +# Android binary XML magic +# In include/androidfw/ResourceTypes.h: +# RES_XML_TYPE = 0x0003 followed by the size of the header (ResXMLTree_header), +# which is 8 bytes (2 bytes type + 2 bytes header size + 4 bytes size). +0 lelong 0x00080003 Android binary XML diff --git a/magic/Magdir/animation b/magic/Magdir/animation new file mode 100644 index 0000000..aaf32dd --- /dev/null +++ b/magic/Magdir/animation @@ -0,0 +1,1074 @@ + +#------------------------------------------------------------------------------ +# $File: animation,v 1.71 2019/04/19 00:42:27 christos Exp $ +# animation: file(1) magic for animation/movie formats +# +# animation formats +# MPEG, FLI, DL originally from vax@ccwf.cc.utexas.edu (VaX#n8) +# FLC, SGI, Apple originally from Daniel Quinlan (quinlan@yggdrasil.com) + +# SGI and Apple formats +0 string MOVI Silicon Graphics movie file +!:mime video/x-sgi-movie +4 string moov Apple QuickTime +!:mime video/quicktime +>12 string mvhd \b movie (fast start) +>12 string mdra \b URL +>12 string cmov \b movie (fast start, compressed header) +>12 string rmra \b multiple URLs +4 string mdat Apple QuickTime movie (unoptimized) +!:mime video/quicktime +#4 string wide Apple QuickTime movie (unoptimized) +#!:mime video/quicktime +#4 string skip Apple QuickTime movie (modified) +#!:mime video/quicktime +#4 string free Apple QuickTime movie (modified) +#!:mime video/quicktime +4 string idsc Apple QuickTime image (fast start) +!:mime image/x-quicktime +#4 string idat Apple QuickTime image (unoptimized) +#!:mime image/x-quicktime +4 string pckg Apple QuickTime compressed archive +!:mime application/x-quicktime-player +4 string/W jP JPEG 2000 image +!:mime image/jp2 +# https://www.ftyps.com/ with local additions +4 string ftyp ISO Media +# https://aeroquartet.com/wordpress/2016/03/05/3-xavc-s/ +>8 string XAVC \b, MPEG v4 system, Sony XAVC Codec +>>96 string x \b, Audio "%.4s" +>>118 beshort x at %dHz +>>140 string x \b, Video "%.4s" +>>168 beshort x %d +>>170 beshort x \bx%d +>8 string 3g2 \b, MPEG v4 system, 3GPP2 +!:mime video/3gpp2 +>>11 byte 4 \b v4 (H.263/AMR GSM 6.10) +>>11 byte 5 \b v5 (H.263/AMR GSM 6.10) +>>11 byte 6 \b v6 (ITU H.264/AMR GSM 6.10) +# https://www.3gpp2.org/Public_html/Specs/C.S0050-B_v1.0_070521.pdf +# Section 8.1.1, corresponds to a, b, c +>>11 byte 0x61 \b C.S0050-0 V1.0 +>>11 byte 0x62 \b C.S0050-0-A V1.0.0 +>>11 byte 0x63 \b C.S0050-0-B V1.0 +>8 string 3ge \b, MPEG v4 system, 3GPP +!:mime video/3gpp +>>11 byte 6 \b, Release 6 MBMS Extended Presentations +>>11 byte 7 \b, Release 7 MBMS Extended Presentations +>8 string 3gg \b, MPEG v4 system, 3GPP +!:mime video/3gpp +>>11 byte 6 \b, Release 6 General Profile +>8 string 3gp \b, MPEG v4 system, 3GPP +!:mime video/3gpp +>>11 byte 1 \b, Release %d (non existent) +>>11 byte 2 \b, Release %d (non existent) +>>11 byte 3 \b, Release %d (non existent) +>>11 byte 4 \b, Release %d +>>11 byte 5 \b, Release %d +>>11 byte 6 \b, Release %d +>>11 byte 7 \b, Release %d Streaming Servers +>8 string 3gs \b, MPEG v4 system, 3GPP +!:mime video/3gpp +>>11 byte 7 \b, Release %d Streaming Servers +>8 string avc1 \b, MPEG v4 system, 3GPP JVT AVC [ISO 14496-12:2005] +!:mime video/mp4 +>8 string/W qt \b, Apple QuickTime movie +!:mime video/quicktime +>8 string CAEP \b, Canon Digital Camera +>8 string caqv \b, Casio Digital Camera +>8 string CDes \b, Convergent Design +>8 string da0a \b, DMB MAF w/ MPEG Layer II aud, MOT slides, DLS, JPG/PNG/MNG +>8 string da0b \b, DMB MAF, ext DA0A, with 3GPP timed text, DID, TVA, REL, IPMP +>8 string da1a \b, DMB MAF audio with ER-BSAC audio, JPG/PNG/MNG images +>8 string da1b \b, DMB MAF, ext da1a, with 3GPP timed text, DID, TVA, REL, IPMP +>8 string da2a \b, DMB MAF aud w/ HE-AAC v2 aud, MOT slides, DLS, JPG/PNG/MNG +>8 string da2b \b, DMB MAF, ext da2a, with 3GPP timed text, DID, TVA, REL, IPMP +>8 string da3a \b, DMB MAF aud with HE-AAC aud, JPG/PNG/MNG images +>8 string da3b \b, DMB MAF, ext da3a w/ BIFS, 3GPP, DID, TVA, REL, IPMP +>8 string dash \b, MPEG v4 system, Dynamic Adaptive Streaming over HTTP +!:mime video/mp4 +>8 string dmb1 \b, DMB MAF supporting all the components defined in the spec +>8 string dmpf \b, Digital Media Project +>8 string drc1 \b, Dirac (wavelet compression), encap in ISO base media (MP4) +>8 string dv1a \b, DMB MAF vid w/ AVC vid, ER-BSAC aud, BIFS, JPG/PNG/MNG, TS +>8 string dv1b \b, DMB MAF, ext dv1a, with 3GPP timed text, DID, TVA, REL, IPMP +>8 string dv2a \b, DMB MAF vid w/ AVC vid, HE-AAC v2 aud, BIFS, JPG/PNG/MNG, TS +>8 string dv2b \b, DMB MAF, ext dv2a, with 3GPP timed text, DID, TVA, REL, IPMP +>8 string dv3a \b, DMB MAF vid w/ AVC vid, HE-AAC aud, BIFS, JPG/PNG/MNG, TS +>8 string dv3b \b, DMB MAF, ext dv3a, with 3GPP timed text, DID, TVA, REL, IPMP +>8 string dvr1 \b, DVB (.DVB) over RTP +!:mime video/vnd.dvb.file +>8 string dvt1 \b, DVB (.DVB) over MPEG-2 Transport Stream +!:mime video/vnd.dvb.file +>8 string F4V \b, Video for Adobe Flash Player 9+ (.F4V) +!:mime video/mp4 +>8 string F4P \b, Protected Video for Adobe Flash Player 9+ (.F4P) +!:mime video/mp4 +>8 string F4A \b, Audio for Adobe Flash Player 9+ (.F4A) +!:mime audio/mp4 +>8 string F4B \b, Audio Book for Adobe Flash Player 9+ (.F4B) +!:mime audio/mp4 +>8 string isc2 \b, ISMACryp 2.0 Encrypted File +# ?/enc-isoff-generic +>8 string iso2 \b, MP4 Base Media v2 [ISO 14496-12:2005] +!:mime video/mp4 +>8 string isom \b, MP4 Base Media v1 [IS0 14496-12:2003] +!:mime video/mp4 +>8 string/W jp2 \b, JPEG 2000 +!:mime image/jp2 +>8 string JP2 \b, JPEG 2000 Image (.JP2) [ISO 15444-1 ?] +!:mime image/jp2 +>8 string JP20 \b, Unknown, from GPAC samples (prob non-existent) +>8 string jpm \b, JPEG 2000 Compound Image (.JPM) [ISO 15444-6] +!:mime image/jpm +>8 string jpx \b, JPEG 2000 w/ extensions (.JPX) [ISO 15444-2] +!:mime image/jpx +>8 string KDDI \b, 3GPP2 EZmovie for KDDI 3G cellphones +!:mime video/3gpp2 +>8 string M4A \b, Apple iTunes ALAC/AAC-LC (.M4A) Audio +!:mime audio/x-m4a +>8 string M4B \b, Apple iTunes ALAC/AAC-LC (.M4B) Audio Book +!:mime audio/mp4 +>8 string M4P \b, Apple iTunes ALAC/AAC-LC (.M4P) AES Protected Audio +!:mime video/mp4 +>8 string M4V \b, Apple iTunes Video (.M4V) Video +!:mime video/x-m4v +>8 string M4VH \b, Apple TV (.M4V) +!:mime video/x-m4v +>8 string M4VP \b, Apple iPhone (.M4V) +!:mime video/x-m4v +>8 string mj2s \b, Motion JPEG 2000 [ISO 15444-3] Simple Profile +!:mime video/mj2 +>8 string mjp2 \b, Motion JPEG 2000 [ISO 15444-3] General Profile +!:mime video/mj2 +>8 string mmp4 \b, MPEG-4/3GPP Mobile Profile (.MP4 / .3GP) (for NTT) +!:mime video/mp4 +>8 string mobi \b, MPEG-4, MOBI format +!:mime video/mp4 +>8 string mp21 \b, MPEG-21 [ISO/IEC 21000-9] +>8 string mp41 \b, MP4 v1 [ISO 14496-1:ch13] +!:mime video/mp4 +>8 string mp42 \b, MP4 v2 [ISO 14496-14] +!:mime video/mp4 +>8 string mp71 \b, MP4 w/ MPEG-7 Metadata [per ISO 14496-12] +>8 string mp7t \b, MPEG v4 system, MPEG v7 XML +>8 string mp7b \b, MPEG v4 system, MPEG v7 binary XML +>8 string mmp4 \b, MPEG v4 system, 3GPP Mobile +!:mime video/mp4 +>8 string MPPI \b, Photo Player, MAF [ISO/IEC 23000-3] +>8 string mqt \b, Sony / Mobile QuickTime (.MQV) US Pat 7,477,830 +!:mime video/quicktime +>8 string MSNV \b, MPEG-4 (.MP4) for SonyPSP +!:mime audio/mp4 +>8 string NDAS \b, MP4 v2 [ISO 14496-14] Nero Digital AAC Audio +!:mime audio/mp4 +>8 string NDSC \b, MPEG-4 (.MP4) Nero Cinema Profile +!:mime video/mp4 +>8 string NDSH \b, MPEG-4 (.MP4) Nero HDTV Profile +!:mime video/mp4 +>8 string NDSM \b, MPEG-4 (.MP4) Nero Mobile Profile +!:mime video/mp4 +>8 string NDSP \b, MPEG-4 (.MP4) Nero Portable Profile +!:mime video/mp4 +>8 string NDSS \b, MPEG-4 (.MP4) Nero Standard Profile +!:mime video/mp4 +>8 string NDXC \b, H.264/MPEG-4 AVC (.MP4) Nero Cinema Profile +!:mime video/mp4 +>8 string NDXH \b, H.264/MPEG-4 AVC (.MP4) Nero HDTV Profile +!:mime video/mp4 +>8 string NDXM \b, H.264/MPEG-4 AVC (.MP4) Nero Mobile Profile +!:mime video/mp4 +>8 string NDXP \b, H.264/MPEG-4 AVC (.MP4) Nero Portable Profile +!:mime video/mp4 +>8 string NDXS \b, H.264/MPEG-4 AVC (.MP4) Nero Standard Profile +!:mime video/mp4 +>8 string odcf \b, OMA DCF DRM Format 2.0 (OMA-TS-DRM-DCF-V2_0-20060303-A) +>8 string opf2 \b, OMA PDCF DRM Format 2.1 (OMA-TS-DRM-DCF-V2_1-20070724-C) +>8 string opx2 \b, OMA PDCF DRM + XBS ext (OMA-TS-DRM_XBS-V1_0-20070529-C) +>8 string pana \b, Panasonic Digital Camera +>8 string qt \b, Apple QuickTime (.MOV/QT) +!:mime video/quicktime +# HEIF image format +# see https://nokiatech.github.io/heif/technical.html +>8 string mif1 \b, HEIF Image +!:mime image/heif +>8 string msf1 \b, HEIF Image Sequence +!:mime image/heif-sequence +>8 string heic \b, HEIF Image HEVC Main or Main Still Picture Profile +!:mime image/heic +>8 string heix \b, HEIF Image HEVC Main 10 Profile +!:mime image/heic +>8 string hevc \b, HEIF Image Sequenz HEVC Main or Main Still Picture Profile +!:mime image/heic-sequence +>8 string hevx \b, HEIF Image Sequence HEVC Main 10 Profile +!:mime image/heic-sequence +# following HEIF brands are not mentioned in the heif technical info currently (Oct 2017) +# but used in the reference implementation: +# https://github.com/nokiatech/heif/blob/d5e9a21c8ba8df712bdf643021dd9f6518134776/Srcs/reader/hevcimagefilereader.cpp +>8 string heim \b, HEIF Image L-HEVC +!:mime image/heif +>8 string heis \b, HEIF Image L-HEVC +!:mime image/heif +>8 string avic \b, HEIF Image AVC +!:mime image/heif +>8 string hevm \b, HEIF Image Sequence L-HEVC +!:mime image/heif-sequence +>8 string hevs \b, HEIF Image Sequence L-HEVC +!:mime image/heif-sequence +>8 string avcs \b, HEIF Image Sequence AVC +!:mime image/heif-sequence + +>8 string ROSS \b, Ross Video +>8 string sdv \b, SD Memory Card Video +>8 string ssc1 \b, Samsung stereo, single stream (patent pending) +>8 string ssc2 \b, Samsung stereo, dual stream (patent pending) + +# MPEG sequences +# Scans for all common MPEG header start codes +0 belong 0x00000001 +>4 byte&0x1F 0x07 JVT NAL sequence, H.264 video +>>5 byte 66 \b, baseline +>>5 byte 77 \b, main +>>5 byte 88 \b, extended +>>7 byte x \b @ L %u +0 belong&0xFFFFFF00 0x00000100 +>3 byte 0xBA MPEG sequence +!:mime video/mpeg +>>4 byte &0x40 \b, v2, program multiplex +>>4 byte ^0x40 \b, v1, system multiplex +>3 byte 0xBB MPEG sequence, v1/2, multiplex (missing pack header) +>3 byte&0x1F 0x07 MPEG sequence, H.264 video +>>4 byte 66 \b, baseline +>>4 byte 77 \b, main +>>4 byte 88 \b, extended +>>6 byte x \b @ L %u +# GRR too general as it catches also FoxPro Memo example NG.FPT +>3 byte 0xB0 MPEG sequence, v4 +# TODO: maybe this extra line exclude FoxPro Memo example NG.FPT starting with 000001b0 00000100 00000000 +#>>4 byte !0 MPEG sequence, v4 +!:mime video/mpeg4-generic +>>5 belong 0x000001B5 +>>>9 byte &0x80 +>>>>10 byte&0xF0 16 \b, video +>>>>10 byte&0xF0 32 \b, still texture +>>>>10 byte&0xF0 48 \b, mesh +>>>>10 byte&0xF0 64 \b, face +>>>9 byte&0xF8 8 \b, video +>>>9 byte&0xF8 16 \b, still texture +>>>9 byte&0xF8 24 \b, mesh +>>>9 byte&0xF8 32 \b, face +>>4 byte 1 \b, simple @ L1 +>>4 byte 2 \b, simple @ L2 +>>4 byte 3 \b, simple @ L3 +>>4 byte 4 \b, simple @ L0 +>>4 byte 17 \b, simple scalable @ L1 +>>4 byte 18 \b, simple scalable @ L2 +>>4 byte 33 \b, core @ L1 +>>4 byte 34 \b, core @ L2 +>>4 byte 50 \b, main @ L2 +>>4 byte 51 \b, main @ L3 +>>4 byte 53 \b, main @ L4 +>>4 byte 66 \b, n-bit @ L2 +>>4 byte 81 \b, scalable texture @ L1 +>>4 byte 97 \b, simple face animation @ L1 +>>4 byte 98 \b, simple face animation @ L2 +>>4 byte 99 \b, simple face basic animation @ L1 +>>4 byte 100 \b, simple face basic animation @ L2 +>>4 byte 113 \b, basic animation text @ L1 +>>4 byte 114 \b, basic animation text @ L2 +>>4 byte 129 \b, hybrid @ L1 +>>4 byte 130 \b, hybrid @ L2 +>>4 byte 145 \b, advanced RT simple @ L! +>>4 byte 146 \b, advanced RT simple @ L2 +>>4 byte 147 \b, advanced RT simple @ L3 +>>4 byte 148 \b, advanced RT simple @ L4 +>>4 byte 161 \b, core scalable @ L1 +>>4 byte 162 \b, core scalable @ L2 +>>4 byte 163 \b, core scalable @ L3 +>>4 byte 177 \b, advanced coding efficiency @ L1 +>>4 byte 178 \b, advanced coding efficiency @ L2 +>>4 byte 179 \b, advanced coding efficiency @ L3 +>>4 byte 180 \b, advanced coding efficiency @ L4 +>>4 byte 193 \b, advanced core @ L1 +>>4 byte 194 \b, advanced core @ L2 +>>4 byte 209 \b, advanced scalable texture @ L1 +>>4 byte 210 \b, advanced scalable texture @ L2 +>>4 byte 211 \b, advanced scalable texture @ L3 +>>4 byte 225 \b, simple studio @ L1 +>>4 byte 226 \b, simple studio @ L2 +>>4 byte 227 \b, simple studio @ L3 +>>4 byte 228 \b, simple studio @ L4 +>>4 byte 229 \b, core studio @ L1 +>>4 byte 230 \b, core studio @ L2 +>>4 byte 231 \b, core studio @ L3 +>>4 byte 232 \b, core studio @ L4 +>>4 byte 240 \b, advanced simple @ L0 +>>4 byte 241 \b, advanced simple @ L1 +>>4 byte 242 \b, advanced simple @ L2 +>>4 byte 243 \b, advanced simple @ L3 +>>4 byte 244 \b, advanced simple @ L4 +>>4 byte 245 \b, advanced simple @ L5 +>>4 byte 247 \b, advanced simple @ L3b +>>4 byte 248 \b, FGS @ L0 +>>4 byte 249 \b, FGS @ L1 +>>4 byte 250 \b, FGS @ L2 +>>4 byte 251 \b, FGS @ L3 +>>4 byte 252 \b, FGS @ L4 +>>4 byte 253 \b, FGS @ L5 +>3 byte 0xB5 MPEG sequence, v4 +!:mime video/mpeg4-generic +>>4 byte &0x80 +>>>5 byte&0xF0 16 \b, video (missing profile header) +>>>5 byte&0xF0 32 \b, still texture (missing profile header) +>>>5 byte&0xF0 48 \b, mesh (missing profile header) +>>>5 byte&0xF0 64 \b, face (missing profile header) +>>4 byte&0xF8 8 \b, video (missing profile header) +>>4 byte&0xF8 16 \b, still texture (missing profile header) +>>4 byte&0xF8 24 \b, mesh (missing profile header) +>>4 byte&0xF8 32 \b, face (missing profile header) +>3 byte 0xB3 MPEG sequence +!:mime video/mpeg +>>12 belong 0x000001B8 \b, v1, progressive Y'CbCr 4:2:0 video +>>12 belong 0x000001B2 \b, v1, progressive Y'CbCr 4:2:0 video +>>12 belong 0x000001B5 \b, v2, +>>>16 byte&0x0F 1 \b HP +>>>16 byte&0x0F 2 \b Spt +>>>16 byte&0x0F 3 \b SNR +>>>16 byte&0x0F 4 \b MP +>>>16 byte&0x0F 5 \b SP +>>>17 byte&0xF0 64 \b@HL +>>>17 byte&0xF0 96 \b@H-14 +>>>17 byte&0xF0 128 \b@ML +>>>17 byte&0xF0 160 \b@LL +>>>17 byte &0x08 \b progressive +>>>17 byte ^0x08 \b interlaced +>>>17 byte&0x06 2 \b Y'CbCr 4:2:0 video +>>>17 byte&0x06 4 \b Y'CbCr 4:2:2 video +>>>17 byte&0x06 6 \b Y'CbCr 4:4:4 video +>>11 byte &0x02 +>>>75 byte &0x01 +>>>>140 belong 0x000001B8 \b, v1, progressive Y'CbCr 4:2:0 video +>>>>140 belong 0x000001B2 \b, v1, progressive Y'CbCr 4:2:0 video +>>>>140 belong 0x000001B5 \b, v2, +>>>>>144 byte&0x0F 1 \b HP +>>>>>144 byte&0x0F 2 \b Spt +>>>>>144 byte&0x0F 3 \b SNR +>>>>>144 byte&0x0F 4 \b MP +>>>>>144 byte&0x0F 5 \b SP +>>>>>145 byte&0xF0 64 \b@HL +>>>>>145 byte&0xF0 96 \b@H-14 +>>>>>145 byte&0xF0 128 \b@ML +>>>>>145 byte&0xF0 160 \b@LL +>>>>>145 byte &0x08 \b progressive +>>>>>145 byte ^0x08 \b interlaced +>>>>>145 byte&0x06 2 \b Y'CbCr 4:2:0 video +>>>>>145 byte&0x06 4 \b Y'CbCr 4:2:2 video +>>>>>145 byte&0x06 6 \b Y'CbCr 4:4:4 video +>>76 belong 0x000001B8 \b, v1, progressive Y'CbCr 4:2:0 video +>>76 belong 0x000001B2 \b, v1, progressive Y'CbCr 4:2:0 video +>>76 belong 0x000001B5 \b, v2, +>>>80 byte&0x0F 1 \b HP +>>>80 byte&0x0F 2 \b Spt +>>>80 byte&0x0F 3 \b SNR +>>>80 byte&0x0F 4 \b MP +>>>80 byte&0x0F 5 \b SP +>>>81 byte&0xF0 64 \b@HL +>>>81 byte&0xF0 96 \b@H-14 +>>>81 byte&0xF0 128 \b@ML +>>>81 byte&0xF0 160 \b@LL +>>>81 byte &0x08 \b progressive +>>>81 byte ^0x08 \b interlaced +>>>81 byte&0x06 2 \b Y'CbCr 4:2:0 video +>>>81 byte&0x06 4 \b Y'CbCr 4:2:2 video +>>>81 byte&0x06 6 \b Y'CbCr 4:4:4 video +>>4 belong&0xFFFFFF00 0x78043800 \b, HD-TV 1920P +>>>7 byte&0xF0 0x10 \b, 16:9 +>>4 belong&0xFFFFFF00 0x50002D00 \b, SD-TV 1280I +>>>7 byte&0xF0 0x10 \b, 16:9 +>>4 belong&0xFFFFFF00 0x30024000 \b, PAL Capture +>>>7 byte&0xF0 0x10 \b, 4:3 +>>4 beshort&0xFFF0 0x2C00 \b, 4CIF +>>>5 beshort&0x0FFF 0x01E0 \b NTSC +>>>5 beshort&0x0FFF 0x0240 \b PAL +>>>7 byte&0xF0 0x20 \b, 4:3 +>>>7 byte&0xF0 0x30 \b, 16:9 +>>>7 byte&0xF0 0x40 \b, 11:5 +>>>7 byte&0xF0 0x80 \b, PAL 4:3 +>>>7 byte&0xF0 0xC0 \b, NTSC 4:3 +>>4 belong&0xFFFFFF00 0x2801E000 \b, LD-TV 640P +>>>7 byte&0xF0 0x10 \b, 4:3 +>>4 belong&0xFFFFFF00 0x1400F000 \b, 320x240 +>>>7 byte&0xF0 0x10 \b, 4:3 +>>4 belong&0xFFFFFF00 0x0F00A000 \b, 240x160 +>>>7 byte&0xF0 0x10 \b, 4:3 +>>4 belong&0xFFFFFF00 0x0A007800 \b, 160x120 +>>>7 byte&0xF0 0x10 \b, 4:3 +>>4 beshort&0xFFF0 0x1600 \b, CIF +>>>5 beshort&0x0FFF 0x00F0 \b NTSC +>>>5 beshort&0x0FFF 0x0120 \b PAL +>>>7 byte&0xF0 0x20 \b, 4:3 +>>>7 byte&0xF0 0x30 \b, 16:9 +>>>7 byte&0xF0 0x40 \b, 11:5 +>>>7 byte&0xF0 0x80 \b, PAL 4:3 +>>>7 byte&0xF0 0xC0 \b, NTSC 4:3 +>>>5 beshort&0x0FFF 0x0240 \b PAL 625 +>>>>7 byte&0xF0 0x20 \b, 4:3 +>>>>7 byte&0xF0 0x30 \b, 16:9 +>>>>7 byte&0xF0 0x40 \b, 11:5 +>>4 beshort&0xFFF0 0x2D00 \b, CCIR/ITU +>>>5 beshort&0x0FFF 0x01E0 \b NTSC 525 +>>>5 beshort&0x0FFF 0x0240 \b PAL 625 +>>>7 byte&0xF0 0x20 \b, 4:3 +>>>7 byte&0xF0 0x30 \b, 16:9 +>>>7 byte&0xF0 0x40 \b, 11:5 +>>4 beshort&0xFFF0 0x1E00 \b, SVCD +>>>5 beshort&0x0FFF 0x01E0 \b NTSC 525 +>>>5 beshort&0x0FFF 0x0240 \b PAL 625 +>>>7 byte&0xF0 0x20 \b, 4:3 +>>>7 byte&0xF0 0x30 \b, 16:9 +>>>7 byte&0xF0 0x40 \b, 11:5 +>>7 byte&0x0F 1 \b, 23.976 fps +>>7 byte&0x0F 2 \b, 24 fps +>>7 byte&0x0F 3 \b, 25 fps +>>7 byte&0x0F 4 \b, 29.97 fps +>>7 byte&0x0F 5 \b, 30 fps +>>7 byte&0x0F 6 \b, 50 fps +>>7 byte&0x0F 7 \b, 59.94 fps +>>7 byte&0x0F 8 \b, 60 fps +>>11 byte &0x04 \b, Constrained + +# MPEG ADTS Audio (*.mpx/mxa/aac) +# from dreesen@math.fu-berlin.de +# modified to fully support MPEG ADTS + +# MP3, M1A +# modified by Joerg Jenderek +# GRR the original test are too common for many DOS files +# so don't accept as MP3 until we've tested the rate +0 beshort&0xFFFE 0xFFFA +# rates +>2 byte&0xF0 0x10 MPEG ADTS, layer III, v1, 32 kbps +!:mime audio/mpeg +>2 byte&0xF0 0x20 MPEG ADTS, layer III, v1, 40 kbps +!:mime audio/mpeg +>2 byte&0xF0 0x30 MPEG ADTS, layer III, v1, 48 kbps +!:mime audio/mpeg +>2 byte&0xF0 0x40 MPEG ADTS, layer III, v1, 56 kbps +!:mime audio/mpeg +>2 byte&0xF0 0x50 MPEG ADTS, layer III, v1, 64 kbps +!:mime audio/mpeg +>2 byte&0xF0 0x60 MPEG ADTS, layer III, v1, 80 kbps +!:mime audio/mpeg +>2 byte&0xF0 0x70 MPEG ADTS, layer III, v1, 96 kbps +!:mime audio/mpeg +>2 byte&0xF0 0x80 MPEG ADTS, layer III, v1, 112 kbps +!:mime audio/mpeg +>2 byte&0xF0 0x90 MPEG ADTS, layer III, v1, 128 kbps +!:mime audio/mpeg +>2 byte&0xF0 0xA0 MPEG ADTS, layer III, v1, 160 kbps +!:mime audio/mpeg +>2 byte&0xF0 0xB0 MPEG ADTS, layer III, v1, 192 kbps +!:mime audio/mpeg +>2 byte&0xF0 0xC0 MPEG ADTS, layer III, v1, 224 kbps +!:mime audio/mpeg +>2 byte&0xF0 0xD0 MPEG ADTS, layer III, v1, 256 kbps +!:mime audio/mpeg +>2 byte&0xF0 0xE0 MPEG ADTS, layer III, v1, 320 kbps +!:mime audio/mpeg +# timing +>2 byte&0x0C 0x00 \b, 44.1 kHz +>2 byte&0x0C 0x04 \b, 48 kHz +>2 byte&0x0C 0x08 \b, 32 kHz +# channels/options +>3 byte&0xC0 0x00 \b, Stereo +>3 byte&0xC0 0x40 \b, JntStereo +>3 byte&0xC0 0x80 \b, 2x Monaural +>3 byte&0xC0 0xC0 \b, Monaural +#>1 byte ^0x01 \b, Data Verify +#>2 byte &0x02 \b, Packet Pad +#>2 byte &0x01 \b, Custom Flag +#>3 byte &0x08 \b, Copyrighted +#>3 byte &0x04 \b, Original Source +#>3 byte&0x03 1 \b, NR: 50/15 ms +#>3 byte&0x03 3 \b, NR: CCIT J.17 + +# MP2, M1A +0 beshort&0xFFFE 0xFFFC MPEG ADTS, layer II, v1 +!:mime audio/mpeg +# rates +>2 byte&0xF0 0x10 \b, 32 kbps +>2 byte&0xF0 0x20 \b, 48 kbps +>2 byte&0xF0 0x30 \b, 56 kbps +>2 byte&0xF0 0x40 \b, 64 kbps +>2 byte&0xF0 0x50 \b, 80 kbps +>2 byte&0xF0 0x60 \b, 96 kbps +>2 byte&0xF0 0x70 \b, 112 kbps +>2 byte&0xF0 0x80 \b, 128 kbps +>2 byte&0xF0 0x90 \b, 160 kbps +>2 byte&0xF0 0xA0 \b, 192 kbps +>2 byte&0xF0 0xB0 \b, 224 kbps +>2 byte&0xF0 0xC0 \b, 256 kbps +>2 byte&0xF0 0xD0 \b, 320 kbps +>2 byte&0xF0 0xE0 \b, 384 kbps +# timing +>2 byte&0x0C 0x00 \b, 44.1 kHz +>2 byte&0x0C 0x04 \b, 48 kHz +>2 byte&0x0C 0x08 \b, 32 kHz +# channels/options +>3 byte&0xC0 0x00 \b, Stereo +>3 byte&0xC0 0x40 \b, JntStereo +>3 byte&0xC0 0x80 \b, 2x Monaural +>3 byte&0xC0 0xC0 \b, Monaural +#>1 byte ^0x01 \b, Data Verify +#>2 byte &0x02 \b, Packet Pad +#>2 byte &0x01 \b, Custom Flag +#>3 byte &0x08 \b, Copyrighted +#>3 byte &0x04 \b, Original Source +#>3 byte&0x03 1 \b, NR: 50/15 ms +#>3 byte&0x03 3 \b, NR: CCIT J.17 + +# MPA, M1A +# updated by Joerg Jenderek +# GRR the original test are too common for many DOS files, so test 32 <= kbits <= 448 +# GRR this test is still too general as it catches a BOM of UTF-16 files (0xFFFE) +# FIXME: Almost all little endian UTF-16 text with BOM are clobbered by these entries +#0 beshort&0xFFFE 0xFFFE +#>2 ubyte&0xF0 >0x0F +#>>2 ubyte&0xF0 <0xE1 MPEG ADTS, layer I, v1 +## rate +#>>>2 byte&0xF0 0x10 \b, 32 kbps +#>>>2 byte&0xF0 0x20 \b, 64 kbps +#>>>2 byte&0xF0 0x30 \b, 96 kbps +#>>>2 byte&0xF0 0x40 \b, 128 kbps +#>>>2 byte&0xF0 0x50 \b, 160 kbps +#>>>2 byte&0xF0 0x60 \b, 192 kbps +#>>>2 byte&0xF0 0x70 \b, 224 kbps +#>>>2 byte&0xF0 0x80 \b, 256 kbps +#>>>2 byte&0xF0 0x90 \b, 288 kbps +#>>>2 byte&0xF0 0xA0 \b, 320 kbps +#>>>2 byte&0xF0 0xB0 \b, 352 kbps +#>>>2 byte&0xF0 0xC0 \b, 384 kbps +#>>>2 byte&0xF0 0xD0 \b, 416 kbps +#>>>2 byte&0xF0 0xE0 \b, 448 kbps +## timing +#>>>2 byte&0x0C 0x00 \b, 44.1 kHz +#>>>2 byte&0x0C 0x04 \b, 48 kHz +#>>>2 byte&0x0C 0x08 \b, 32 kHz +## channels/options +#>>>3 byte&0xC0 0x00 \b, Stereo +#>>>3 byte&0xC0 0x40 \b, JntStereo +#>>>3 byte&0xC0 0x80 \b, 2x Monaural +#>>>3 byte&0xC0 0xC0 \b, Monaural +##>1 byte ^0x01 \b, Data Verify +##>2 byte &0x02 \b, Packet Pad +##>2 byte &0x01 \b, Custom Flag +##>3 byte &0x08 \b, Copyrighted +##>3 byte &0x04 \b, Original Source +##>3 byte&0x03 1 \b, NR: 50/15 ms +##>3 byte&0x03 3 \b, NR: CCIT J.17 + +# MP3, M2A +0 beshort&0xFFFE 0xFFF2 MPEG ADTS, layer III, v2 +!:mime audio/mpeg +# rate +>2 byte&0xF0 0x10 \b, 8 kbps +>2 byte&0xF0 0x20 \b, 16 kbps +>2 byte&0xF0 0x30 \b, 24 kbps +>2 byte&0xF0 0x40 \b, 32 kbps +>2 byte&0xF0 0x50 \b, 40 kbps +>2 byte&0xF0 0x60 \b, 48 kbps +>2 byte&0xF0 0x70 \b, 56 kbps +>2 byte&0xF0 0x80 \b, 64 kbps +>2 byte&0xF0 0x90 \b, 80 kbps +>2 byte&0xF0 0xA0 \b, 96 kbps +>2 byte&0xF0 0xB0 \b, 112 kbps +>2 byte&0xF0 0xC0 \b, 128 kbps +>2 byte&0xF0 0xD0 \b, 144 kbps +>2 byte&0xF0 0xE0 \b, 160 kbps +# timing +>2 byte&0x0C 0x00 \b, 22.05 kHz +>2 byte&0x0C 0x04 \b, 24 kHz +>2 byte&0x0C 0x08 \b, 16 kHz +# channels/options +>3 byte&0xC0 0x00 \b, Stereo +>3 byte&0xC0 0x40 \b, JntStereo +>3 byte&0xC0 0x80 \b, 2x Monaural +>3 byte&0xC0 0xC0 \b, Monaural +#>1 byte ^0x01 \b, Data Verify +#>2 byte &0x02 \b, Packet Pad +#>2 byte &0x01 \b, Custom Flag +#>3 byte &0x08 \b, Copyrighted +#>3 byte &0x04 \b, Original Source +#>3 byte&0x03 1 \b, NR: 50/15 ms +#>3 byte&0x03 3 \b, NR: CCIT J.17 + +# MP2, M2A +0 beshort&0xFFFE 0xFFF4 MPEG ADTS, layer II, v2 +!:mime audio/mpeg +# rate +>2 byte&0xF0 0x10 \b, 8 kbps +>2 byte&0xF0 0x20 \b, 16 kbps +>2 byte&0xF0 0x30 \b, 24 kbps +>2 byte&0xF0 0x40 \b, 32 kbps +>2 byte&0xF0 0x50 \b, 40 kbps +>2 byte&0xF0 0x60 \b, 48 kbps +>2 byte&0xF0 0x70 \b, 56 kbps +>2 byte&0xF0 0x80 \b, 64 kbps +>2 byte&0xF0 0x90 \b, 80 kbps +>2 byte&0xF0 0xA0 \b, 96 kbps +>2 byte&0xF0 0xB0 \b, 112 kbps +>2 byte&0xF0 0xC0 \b, 128 kbps +>2 byte&0xF0 0xD0 \b, 144 kbps +>2 byte&0xF0 0xE0 \b, 160 kbps +# timing +>2 byte&0x0C 0x00 \b, 22.05 kHz +>2 byte&0x0C 0x04 \b, 24 kHz +>2 byte&0x0C 0x08 \b, 16 kHz +# channels/options +>3 byte&0xC0 0x00 \b, Stereo +>3 byte&0xC0 0x40 \b, JntStereo +>3 byte&0xC0 0x80 \b, 2x Monaural +>3 byte&0xC0 0xC0 \b, Monaural +#>1 byte ^0x01 \b, Data Verify +#>2 byte &0x02 \b, Packet Pad +#>2 byte &0x01 \b, Custom Flag +#>3 byte &0x08 \b, Copyrighted +#>3 byte &0x04 \b, Original Source +#>3 byte&0x03 1 \b, NR: 50/15 ms +#>3 byte&0x03 3 \b, NR: CCIT J.17 + +# MPA, M2A +0 beshort&0xFFFE 0xFFF6 MPEG ADTS, layer I, v2 +!:mime audio/mpeg +# rate +>2 byte&0xF0 0x10 \b, 32 kbps +>2 byte&0xF0 0x20 \b, 48 kbps +>2 byte&0xF0 0x30 \b, 56 kbps +>2 byte&0xF0 0x40 \b, 64 kbps +>2 byte&0xF0 0x50 \b, 80 kbps +>2 byte&0xF0 0x60 \b, 96 kbps +>2 byte&0xF0 0x70 \b, 112 kbps +>2 byte&0xF0 0x80 \b, 128 kbps +>2 byte&0xF0 0x90 \b, 144 kbps +>2 byte&0xF0 0xA0 \b, 160 kbps +>2 byte&0xF0 0xB0 \b, 176 kbps +>2 byte&0xF0 0xC0 \b, 192 kbps +>2 byte&0xF0 0xD0 \b, 224 kbps +>2 byte&0xF0 0xE0 \b, 256 kbps +# timing +>2 byte&0x0C 0x00 \b, 22.05 kHz +>2 byte&0x0C 0x04 \b, 24 kHz +>2 byte&0x0C 0x08 \b, 16 kHz +# channels/options +>3 byte&0xC0 0x00 \b, Stereo +>3 byte&0xC0 0x40 \b, JntStereo +>3 byte&0xC0 0x80 \b, 2x Monaural +>3 byte&0xC0 0xC0 \b, Monaural +#>1 byte ^0x01 \b, Data Verify +#>2 byte &0x02 \b, Packet Pad +#>2 byte &0x01 \b, Custom Flag +#>3 byte &0x08 \b, Copyrighted +#>3 byte &0x04 \b, Original Source +#>3 byte&0x03 1 \b, NR: 50/15 ms +#>3 byte&0x03 3 \b, NR: CCIT J.17 + +# MP3, M25A +0 beshort&0xFFFE 0xFFE2 MPEG ADTS, layer III, v2.5 +!:mime audio/mpeg +# rate +>2 byte&0xF0 0x10 \b, 8 kbps +>2 byte&0xF0 0x20 \b, 16 kbps +>2 byte&0xF0 0x30 \b, 24 kbps +>2 byte&0xF0 0x40 \b, 32 kbps +>2 byte&0xF0 0x50 \b, 40 kbps +>2 byte&0xF0 0x60 \b, 48 kbps +>2 byte&0xF0 0x70 \b, 56 kbps +>2 byte&0xF0 0x80 \b, 64 kbps +>2 byte&0xF0 0x90 \b, 80 kbps +>2 byte&0xF0 0xA0 \b, 96 kbps +>2 byte&0xF0 0xB0 \b, 112 kbps +>2 byte&0xF0 0xC0 \b, 128 kbps +>2 byte&0xF0 0xD0 \b, 144 kbps +>2 byte&0xF0 0xE0 \b, 160 kbps +# timing +>2 byte&0x0C 0x00 \b, 11.025 kHz +>2 byte&0x0C 0x04 \b, 12 kHz +>2 byte&0x0C 0x08 \b, 8 kHz +# channels/options +>3 byte&0xC0 0x00 \b, Stereo +>3 byte&0xC0 0x40 \b, JntStereo +>3 byte&0xC0 0x80 \b, 2x Monaural +>3 byte&0xC0 0xC0 \b, Monaural +#>1 byte ^0x01 \b, Data Verify +#>2 byte &0x02 \b, Packet Pad +#>2 byte &0x01 \b, Custom Flag +#>3 byte &0x08 \b, Copyrighted +#>3 byte &0x04 \b, Original Source +#>3 byte&0x03 1 \b, NR: 50/15 ms +#>3 byte&0x03 3 \b, NR: CCIT J.17 + +# AAC (aka MPEG-2 NBC audio) and MPEG-4 audio + +# Stored AAC streams (instead of the MP4 format) +0 string ADIF MPEG ADIF, AAC +!:mime audio/x-hx-aac-adif +>4 byte &0x80 +>>13 byte &0x10 \b, VBR +>>13 byte ^0x10 \b, CBR +>>16 byte&0x1E 0x02 \b, single stream +>>16 byte&0x1E 0x04 \b, 2 streams +>>16 byte&0x1E 0x06 \b, 3 streams +>>16 byte &0x08 \b, 4 or more streams +>>16 byte &0x10 \b, 8 or more streams +>>4 byte &0x80 \b, Copyrighted +>>13 byte &0x40 \b, Original Source +>>13 byte &0x20 \b, Home Flag +>4 byte ^0x80 +>>4 byte &0x10 \b, VBR +>>4 byte ^0x10 \b, CBR +>>7 byte&0x1E 0x02 \b, single stream +>>7 byte&0x1E 0x04 \b, 2 streams +>>7 byte&0x1E 0x06 \b, 3 streams +>>7 byte &0x08 \b, 4 or more streams +>>7 byte &0x10 \b, 8 or more streams +>>4 byte &0x40 \b, Original Stream(s) +>>4 byte &0x20 \b, Home Source + +# Live or stored single AAC stream (used with MPEG-2 systems) +0 beshort&0xFFF6 0xFFF0 MPEG ADTS, AAC +!:mime audio/x-hx-aac-adts +>1 byte &0x08 \b, v2 +>1 byte ^0x08 \b, v4 +# profile +>>2 byte &0xC0 \b LTP +>2 byte&0xc0 0x00 \b Main +>2 byte&0xc0 0x40 \b LC +>2 byte&0xc0 0x80 \b SSR +# timing +>2 byte&0x3c 0x00 \b, 96 kHz +>2 byte&0x3c 0x04 \b, 88.2 kHz +>2 byte&0x3c 0x08 \b, 64 kHz +>2 byte&0x3c 0x0c \b, 48 kHz +>2 byte&0x3c 0x10 \b, 44.1 kHz +>2 byte&0x3c 0x14 \b, 32 kHz +>2 byte&0x3c 0x18 \b, 24 kHz +>2 byte&0x3c 0x1c \b, 22.05 kHz +>2 byte&0x3c 0x20 \b, 16 kHz +>2 byte&0x3c 0x24 \b, 12 kHz +>2 byte&0x3c 0x28 \b, 11.025 kHz +>2 byte&0x3c 0x2c \b, 8 kHz +# channels +>2 beshort&0x01c0 0x0040 \b, monaural +>2 beshort&0x01c0 0x0080 \b, stereo +>2 beshort&0x01c0 0x00c0 \b, stereo + center +>2 beshort&0x01c0 0x0100 \b, stereo+center+LFE +>2 beshort&0x01c0 0x0140 \b, surround +>2 beshort&0x01c0 0x0180 \b, surround + LFE +>2 beshort &0x01C0 \b, surround + side +#>1 byte ^0x01 \b, Data Verify +#>2 byte &0x02 \b, Custom Flag +#>3 byte &0x20 \b, Original Stream +#>3 byte &0x10 \b, Home Source +#>3 byte &0x08 \b, Copyrighted + +# Live MPEG-4 audio streams (instead of RTP FlexMux) +0 beshort&0xFFE0 0x56E0 MPEG-4 LOAS +!:mime audio/x-mp4a-latm +#>1 beshort&0x1FFF x \b, %hu byte packet +>3 byte&0xE0 0x40 +>>4 byte&0x3C 0x04 \b, single stream +>>4 byte&0x3C 0x08 \b, 2 streams +>>4 byte&0x3C 0x0C \b, 3 streams +>>4 byte &0x08 \b, 4 or more streams +>>4 byte &0x20 \b, 8 or more streams +>3 byte&0xC0 0 +>>4 byte&0x78 0x08 \b, single stream +>>4 byte&0x78 0x10 \b, 2 streams +>>4 byte&0x78 0x18 \b, 3 streams +>>4 byte &0x20 \b, 4 or more streams +>>4 byte &0x40 \b, 8 or more streams +# This magic isn't strong enough (matches plausible ISO-8859-1 text) +#0 beshort 0x4DE1 MPEG-4 LO-EP audio stream +#!:mime audio/x-mp4a-latm + +# Summary: FLI animation format +# Created by: Daniel Quinlan +# Modified by (1): Abel Cheung (avoid over-generic detection) +4 leshort 0xAF11 +# standard FLI always has 320x200 resolution and 8 bit color +>8 leshort 320 +>>10 leshort 200 +>>>12 leshort 8 FLI animation, 320x200x8 +!:mime video/x-fli +>>>>6 leshort x \b, %d frames +# frame speed is multiple of 1/70s +>>>>16 leshort x \b, %d/70s per frame + +# Summary: FLC animation format +# Created by: Daniel Quinlan +# Modified by (1): Abel Cheung (avoid over-generic detection) +4 leshort 0xAF12 +# standard FLC always use 8 bit color +>12 leshort 8 FLC animation +!:mime video/x-flc +>>8 leshort x \b, %d +>>10 leshort x \bx%dx8 +>>6 uleshort x \b, %d frames +>>16 uleshort x \b, %dms per frame + +# DL animation format +# XXX - collision with most `mips' magic +# +# I couldn't find a real magic number for these, however, this +# -appears- to work. Note that it might catch other files, too, so be +# careful! +# +# Note that title and author appear in the two 20-byte chunks +# at decimal offsets 2 and 22, respectively, but they are XOR'ed with +# 255 (hex FF)! The DL format is really bad. +# +#0 byte 1 DL version 1, medium format (160x100, 4 images/screen) +#!:mime video/x-unknown +#>42 byte x - %d screens, +#>43 byte x %d commands +#0 byte 2 DL version 2 +#!:mime video/x-unknown +#>1 byte 1 - large format (320x200,1 image/screen), +#>1 byte 2 - medium format (160x100,4 images/screen), +#>1 byte >2 - unknown format, +#>42 byte x %d screens, +#>43 byte x %d commands +# Based on empirical evidence, DL version 3 have several nulls following the +# \003. Most of them start with non-null values at hex offset 0x34 or so. +#0 string \3\0\0\0\0\0\0\0\0\0\0\0 DL version 3 + +# iso 13818 transport stream +# +# from Oskar Schirmer Feb 3, 2001 (ISO 13818.1) +# syncbyte 8 bit 0x47 +# error_ind 1 bit - +# payload_start 1 bit 1 +# priority 1 bit - +# PID 13 bit 0x0000 +# scrambling 2 bit - +# adaptfld_ctrl 2 bit 1 or 3 +# conti_count 4 bit - +0 belong&0xFF5FFF10 0x47400010 +>188 byte 0x47 MPEG transport stream data +!:mime video/MP2T + +# DIF digital video file format +0 belong&0xffffff00 0x1f070000 DIF +>4 byte &0x01 (DVCPRO) movie file +>4 byte ^0x01 (DV) movie file +>3 byte &0x80 (PAL) +>3 byte ^0x80 (NTSC) + +# Microsoft Advanced Streaming Format (ASF) +0 belong 0x3026b275 Microsoft ASF +!:mime video/x-ms-asf + +# MNG Video Format, +0 string \x8aMNG MNG video data, +!:mime video/x-mng +>4 belong !0x0d0a1a0a CORRUPTED, +>4 belong 0x0d0a1a0a +>>16 belong x %d x +>>20 belong x %d + +# JNG Video Format, +0 string \x8bJNG JNG video data, +!:mime video/x-jng +>4 belong !0x0d0a1a0a CORRUPTED, +>4 belong 0x0d0a1a0a +>>16 belong x %d x +>>20 belong x %d + +# Vivo video (Wolfram Kleff) +3 string \x0D\x0AVersion:Vivo Vivo video data + +# VRML (Virtual Reality Modelling Language) +0 string/w #VRML\ V1.0\ ascii VRML 1 file +!:mime model/vrml +0 string/w #VRML\ V2.0\ utf8 ISO/IEC 14772 VRML 97 file +!:mime model/vrml + +# X3D (Extensible 3D) [https://www.web3d.org/specifications/x3d-3.0.dtd] +# From Michel Briand +# mimetype from https://www.iana.org/assignments/media-types/model/x3d+xml +# Example https://www.web3d.org/x3d/content/examples/Basic/course/CreateX3DFromStringRandomSpheres.x3d +0 string/w \20 search/1000/w \, 2002-10-03 +# +0 string HVQM4 %s +>6 string >\0 v%s +>0 byte x GameCube movie, +>0x34 ubeshort x %d x +>0x36 ubeshort x %d, +>0x26 ubeshort x %dus, +>0x42 ubeshort 0 no audio +>0x42 ubeshort >0 %dHz audio + +# From: "Stefan A. Haubenthal" +0 string DVDVIDEO-VTS Video title set, +>0x21 byte x v%x +0 string DVDVIDEO-VMG Video manager, +>0x21 byte x v%x + +# From: Behan Webster +# NuppelVideo used by Mythtv (*.nuv) +# Note: there are two identical stanzas here differing only in the +# initial string matched. It used to be done with a regex, but we're +# trying to get rid of those. +0 string NuppelVideo MythTV NuppelVideo +>12 string x v%s +>20 lelong x (%d +>24 lelong x \bx%d), +>36 string P \bprogressive, +>36 string I \binterlaced, +>40 ledouble x \baspect:%.2f, +>48 ledouble x \bfps:%.2f +0 string MythTV MythTV NuppelVideo +>12 string x v%s +>20 lelong x (%d +>24 lelong x \bx%d), +>36 string P \bprogressive, +>36 string I \binterlaced, +>40 ledouble x \baspect:%.2f, +>48 ledouble x \bfps:%.2f + +# MPEG file +# MPEG sequences +# FIXME: This section is from the old magic.mime file and needs +# integrating with the rest +#0 belong 0x000001BA +#>4 byte &0x40 +#!:mime video/mp2p +#>4 byte ^0x40 +#!:mime video/mpeg +#0 belong 0x000001BB +#!:mime video/mpeg +#0 belong 0x000001B0 +#!:mime video/mp4v-es +#0 belong 0x000001B5 +#!:mime video/mp4v-es +#0 belong 0x000001B3 +#!:mime video/mpv +#0 belong&0xFF5FFF10 0x47400010 +#!:mime video/mp2t +#0 belong 0x00000001 +#>4 byte&0x1F 0x07 +#!:mime video/h264 + +# Type: Bink Video +# Extension: .bik +# URL: https://wiki.multimedia.cx/index.php?title=Bink_Container +# From: 2008-07-18 +0 string BIK Bink Video +>3 regex =[a-z] rev.%s +#>4 ulelong x size %d +>20 ulelong x \b, %d +>24 ulelong x \bx%d +>8 ulelong x \b, %d frames +>32 ulelong x at rate %d/ +>28 ulelong >1 \b%d +>40 ulelong =0 \b, no audio +>40 ulelong !0 \b, %d audio track +>>40 ulelong !1 \bs +# follow properties of the first audio track only +>>48 uleshort x %dHz +>>51 byte&0x20 0 mono +>>51 byte&0x20 !0 stereo +#>>51 byte&0x10 0 FFT +#>>51 byte&0x10 !0 DCT + +# Type: NUT Container +# URL: https://wiki.multimedia.cx/index.php?title=NUT +# From: Adam Buchbinder +0 string nut/multimedia\ container\0 NUT multimedia container + +# Type: Nullsoft Video (NSV) +# URL: https://wiki.multimedia.cx/index.php?title=Nullsoft_Video +# From: Mike Melanson +0 string NSVf Nullsoft Video + +# Type: REDCode Video +# URL: https://www.red.com/ ; https://wiki.multimedia.cx/index.php?title=REDCode +# From: Mike Melanson +4 string RED1 REDCode Video + +# Type: MTV Multimedia File +# URL: https://wiki.multimedia.cx/index.php?title=MTV +# From: Mike Melanson +0 string AMVS MTV Multimedia File + +# Type: ARMovie +# URL: https://wiki.multimedia.cx/index.php?title=ARMovie +# From: Mike Melanson +0 string ARMovie\012 ARMovie + +# Type: Interplay MVE Movie +# URL: https://wiki.multimedia.cx/index.php?title=Interplay_MVE +# From: Mike Melanson +0 string Interplay\040MVE\040File\032 Interplay MVE Movie + +# Type: Windows Television DVR File +# URL: https://wiki.multimedia.cx/index.php?title=WTV +# From: Mike Melanson +# This takes the form of a Windows-style GUID +0 bequad 0xB7D800203749DA11 +>8 bequad 0xA64E0007E95EAD8D Windows Television DVR Media + +# Type: Sega FILM/CPK Multimedia +# URL: https://wiki.multimedia.cx/index.php?title=Sega_FILM +# From: Mike Melanson +0 string FILM Sega FILM/CPK Multimedia, +>32 belong x %d x +>28 belong x %d + +# Type: Nintendo THP Multimedia +# URL: https://wiki.multimedia.cx/index.php?title=THP +# From: Mike Melanson +0 string THP\0 Nintendo THP Multimedia + +# Type: BBC Dirac Video +# URL: https://wiki.multimedia.cx/index.php?title=Dirac +# From: Mike Melanson +0 string BBCD BBC Dirac Video + +# Type: RAD Game Tools Smacker Multimedia +# URL: https://wiki.multimedia.cx/index.php?title=Smacker +# From: Mike Melanson +0 string SMK RAD Game Tools Smacker Multimedia +>3 byte x version %c, +>4 lelong x %d x +>8 lelong x %d, +>12 lelong x %d frames + +# Material Exchange Format +# More information: +# https://en.wikipedia.org/wiki/Material_Exchange_Format +# http://www.freemxf.org/ +0 string \x06\x0e\x2b\x34\x02\x05\x01\x01\x0d\x01\x02\x01\x01\x02 Material exchange container format +!:ext mxf +!:mime application/mxf + +# Recognize LucasArts Smush video files (cf. +# https://wiki.multimedia.cx/index.php/Smush) +0 string ANIM +>8 string AHDR LucasArts Smush Animation Format (SAN) video +0 string SANM +>8 string SHDR LucasArts Smush v2 (SANM) video + +# Type: Scaleform video +# Extension: .usm +# URL: https://wiki.multimedia.cx/index.php/USM +# From: David Korth +0 string CRID +>32 string @UTF Scaleform video diff --git a/magic/Magdir/aout b/magic/Magdir/aout new file mode 100644 index 0000000..ba9630a --- /dev/null +++ b/magic/Magdir/aout @@ -0,0 +1,46 @@ + +#------------------------------------------------------------------------------ +# $File$ +# aout: file(1) magic for a.out executable/object/etc entries that +# handle executables on multiple platforms. +# + +# +# Little-endian 32-bit-int a.out, merged from bsdi (for BSD/OS, from +# BSDI), netbsd, and vax (for UNIX/32V and BSD) +# +# XXX - is there anything we can look at to distinguish BSD/OS 386 from +# NetBSD 386 from various VAX binaries? The BSD/OS shared library flag +# works only for binaries using shared libraries. Grabbing the entry +# point from the a.out header, using it to find the first code executed +# in the program, and looking at that might help. +# +0 lelong 0407 a.out little-endian 32-bit executable +>16 lelong >0 not stripped +>32 byte 0x6a (uses BSD/OS shared libs) + +0 lelong 0410 a.out little-endian 32-bit pure executable +>16 lelong >0 not stripped +>32 byte 0x6a (uses BSD/OS shared libs) + +0 lelong 0413 a.out little-endian 32-bit demand paged pure executable +>16 lelong >0 not stripped +>32 byte 0x6a (uses BSD/OS shared libs) + +# +# Big-endian 32-bit-int a.out, merged from sun (for old 68010 SunOS a.out), +# mips (for old 68020(!) SGI a.out), and netbsd (for old big-endian a.out). +# +# XXX - is there anything we can look at to distinguish old SunOS 68010 +# from old 68020 IRIX from old NetBSD? Again, I guess we could look at +# the first instruction or instructions in the program. +# +0 belong 0407 a.out big-endian 32-bit executable +>16 belong >0 not stripped + +0 belong 0410 a.out big-endian 32-bit pure executable +>16 belong >0 not stripped + +0 belong 0413 a.out big-endian 32-bit demand paged executable +>16 belong >0 not stripped + diff --git a/magic/Magdir/apache b/magic/Magdir/apache new file mode 100755 index 0000000..d896b50 --- /dev/null +++ b/magic/Magdir/apache @@ -0,0 +1,28 @@ + +#------------------------------------------------------------------------------ +# $File: apache,v 1.1 2017/04/11 14:52:15 christos Exp $ +# apache: file(1) magic for Apache Big Data formats + +# Avro files +0 string Obj Apache Avro +>3 byte x version %d + +# ORC files +# Important information is in file footer, which we can't index to :( +0 string ORC Apache ORC + +# Parquet files +0 string PAR1 Apache Parquet + +# Hive RC files +0 string RCF Apache Hive RC file +>3 byte x version %d + +# Sequence files (and the careless first version of RC file) + +0 string SEQ +>3 byte <6 Apache Hadoop Sequence file version %d +>3 byte >6 Apache Hadoop Sequence file version %d +>3 byte =6 +>>5 string org.apache.hadoop.hive.ql.io.RCFile$KeyBuffer Apache Hive RC file version 0 +>>3 default x Apache Hadoop Sequence file version 6 diff --git a/magic/Magdir/apl b/magic/Magdir/apl new file mode 100644 index 0000000..cb2b3ff --- /dev/null +++ b/magic/Magdir/apl @@ -0,0 +1,7 @@ + +#------------------------------------------------------------------------------ +# $File$ +# apl: file(1) magic for APL (see also "pdp" and "vax" for other APL +# workspaces) +# +0 long 0100554 APL workspace (Ken's original?) diff --git a/magic/Magdir/apple b/magic/Magdir/apple new file mode 100644 index 0000000..4ac10fc --- /dev/null +++ b/magic/Magdir/apple @@ -0,0 +1,524 @@ + +#------------------------------------------------------------------------------ +# $File: apple,v 1.43 2019/04/19 00:42:27 christos Exp $ +# apple: file(1) magic for Apple file formats +# +0 search/1/t FiLeStArTfIlEsTaRt binscii (apple ][) text +0 string \x0aGL Binary II (apple ][) data +0 string \x76\xff Squeezed (apple ][) data +0 string NuFile NuFile archive (apple ][) data +0 string N\xf5F\xe9l\xe5 NuFile archive (apple ][) data +0 belong 0x00051600 AppleSingle encoded Macintosh file +0 belong 0x00051607 AppleDouble encoded Macintosh file + +# Type: Apple Emulator WOZ format +# From: Greg Wildman +# Ref: https://applesaucefdc.com/woz/reference/ +# Ref: https://applesaucefdc.com/woz/reference2/ +# +# Note: The following test are mostly identical. I would rather not +# use a regex to identify the WOZ format number. +0 string WOZ1 +>4 string \xFF\x0A\x0D\x0A Apple ][ WOZ 1.0 Disk Image +>12 string INFO +>>21 byte 01 \b, 5.25 inch +>>21 byte 02 \b, 3.5 inch +>>22 byte 01 \b, write protected +>>23 byte 01 \b, cross track synchronized +>>25 string/T x \b, %.32s +0 string WOZ2 +>4 string \xFF\x0A\x0D\x0A Apple ][ WOZ 2.0 Disk Image +>12 string INFO +>>21 byte 01 \b, 5.25 inch +>>21 byte 02 \b, 3.5 inch +>>22 byte 01 \b, write protected +>>23 byte 01 \b, cross track synchronized +>>25 string/T x \b, %.32s + +# Type: Apple Emulator disk images +# From: Greg Wildman +# ProDOS boot loader? +0 string \x01\x38\xB0\x03\x4C Apple ProDOS Image +# Detect Volume Directory block ($02) +>0x400 string \x00\x00\x03\x00 +>>0x404 byte &0xF0 +>>>0x405 string x \b, Volume /%s +>>>0x429 leshort x \b, %u Blocks +# ProDOS ordered ? +>0xb00 string \x00\x00\x03\x00 +>>0xb04 byte &0xF0 +>>>0xb05 string x \b, Volume /%s +>>>0xb29 leshort x \b, %u Blocks +# +# DOS3.3 boot loader? +0 string \x01\xA5\x27\xC9\x09\xD0\x18\xA5\x2B +>0x11001 string \x11\x0F\x03 Apple DOS 3.3 Image +>>0x11006 byte x \b, Volume %u +>>0x11034 byte x \b, %u Tracks +>>0x11035 byte x \b, %u Sectors +>>0x11036 leshort x \b, %u bytes per sector +# DOS3.2 ? +>0x11001 string \x11\x0C\x02 Apple DOS 3.2 Image +>>0x11006 byte x \b, Volume %u +>>0x11034 byte x \b, %u Tracks +>>0x11035 byte x \b, %u Sectors +>>0x11036 leshort x \b, %u bytes per sector +# DOS3.1 ? +>0x11001 string \x11\x0C\x01 +>>0x11c00 string \x00\x11\x0B Apple DOS 3.1 Image +# +# Pascal boot loader? +0 string \x01\xE0\x60\xF0\x03\x4C\xE3\x08\xAD +>0xd6 pstring SYSTEM.APPLE +>>0xb00 leshort 0x0000 +>>>0xb04 leshort 0x0000 Apple Pascal Image +>>>>0xb06 pstring x \b, Volume %s: +>>>>0xb0e leshort x \b, %u Blocks +>>>>0xb10 leshort x \b, %u Files + +# Type: Apple Emulator 2IMG format +# From: Radek Vokal +# Update: Greg Wildman +0 string 2IMG Apple ][ 2IMG Disk Image +>4 clear x +>4 string XGS! \b, XGS +>4 string CTKG \b, Catakig +>4 string ShIm \b, Sheppy's ImageMaker +>4 string SHEP \b, Sheppy's ImageMaker +>4 string WOOF \b, Sweet 16 +>4 string B2TR \b, Bernie ][ the Rescue +>4 string \!nfc \b, ASIMOV2 +>4 string \>BD\< \b, Brutal Deluxe's Cadius +>4 string CdrP \b, CiderPress +>4 string Vi][ \b, Virtual ][ +>4 string PRFS \b, ProFUSE +>4 string FISH \b, FishWings +>4 string RVLW \b, Revival for Windows +>4 default x +>>4 string x \b, Creator tag "%-4.4s" +>0xc byte 00 \b, DOS 3.3 sector order +>>0x10 byte 00 \b, Volume 254 +>>0x10 byte&0x7f x \b, Volume %u +>0xc byte 01 \b, ProDOS sector order +>>0x14 short x \b, %u Blocks +>0xc byte 02 \b, NIB data + +# magic for Newton PDA package formats +# from Ruda Moura +0 string package0 Newton package, NOS 1.x, +>12 belong &0x80000000 AutoRemove, +>12 belong &0x40000000 CopyProtect, +>12 belong &0x10000000 NoCompression, +>12 belong &0x04000000 Relocation, +>12 belong &0x02000000 UseFasterCompression, +>16 belong x version %d + +0 string package1 Newton package, NOS 2.x, +>12 belong &0x80000000 AutoRemove, +>12 belong &0x40000000 CopyProtect, +>12 belong &0x10000000 NoCompression, +>12 belong &0x04000000 Relocation, +>12 belong &0x02000000 UseFasterCompression, +>16 belong x version %d + +0 string package4 Newton package, +>8 byte 8 NOS 1.x, +>8 byte 9 NOS 2.x, +>12 belong &0x80000000 AutoRemove, +>12 belong &0x40000000 CopyProtect, +>12 belong &0x10000000 NoCompression, + +# The following entries for the Apple II are for files that have +# been transferred as raw binary data from an Apple, without having +# been encapsulated by any of the above archivers. +# +# In general, Apple II formats are hard to identify because Apple DOS +# and especially Apple ProDOS have strong typing in the file system and +# therefore programmers never felt much need to include type information +# in the files themselves. +# +# Eric Fischer + +# AppleWorks word processor: +# URL: https://en.wikipedia.org/wiki/AppleWorks +# Reference: http://www.gno.org/pub/apple2/doc/apple/filetypes/ftn.1a.xxxx +# Update: Joerg Jenderek +# NOTE: +# The "O" is really the magic number, but that's so common that it's +# necessary to check the tab stops that follow it to avoid false positives. +# and/or look for unused bits of booleans bytes like zoom, paginated, mail merge +# the newer AppleWorks is from claris with extension CWK +4 string O +# test for unused bits of zoom- , paginated-boolean bytes +>84 ubequad ^0x00Fe00000000Fe00 +# look for tabstop definitions "=" no tab, "|" no tab +# "<" left tab,"^" center tab,">" right tab, "." decimal tab, +# unofficial "!" other , "\x8a" other +# official only if SFMinVers is nonzero +>>5 regex/s [=.<>|!^\x8a]{79} AppleWorks Word Processor +# AppleWorks Word Processor File (Apple II) +# ./apple (version 5.25) labeled the entry as "AppleWorks word processor data" +# application/x-appleworks is mime type for claris version with cwk extension +!:mime application/x-appleworks3 +# http://home.earthlink.net/~hughhood/appleiiworksenvoy/ +# ('p' + 1-byte ProDOS File Type + 2-byte ProDOS Aux Type') +# $70 $1A $F8 $FF is this the apple type ? +#:apple pdosp^Z\xf8\xff +!:ext awp +# minimum version needed to read this files. SFMinVers (0 , 30~3.0 ) +>>>183 ubyte 30 3.0 +>>>183 ubyte !30 +>>>>183 ubyte !0 0x%x +# usual tabstop start sequence "=====<" +>>>5 string x \b, tabstop ruler "%6.6s" +# tabstop ruler +#>>>5 string >\0 \b, tabstops "%-79s" +# zoom switch +>>>85 byte&0x01 >0 \b, zoomed +# whether paginated +>>>90 byte&0x01 >0 \b, paginated +# contains any mail-merge commands +>>>92 byte&0x01 >0 \b, with mail merge +# left margin in 1/10 inches ( normally 0 or 10 ) +>>>91 ubyte >0 +>>>>91 ubyte x \b, %d/10 inch left margin + +# AppleWorks database: +# +# This isn't really a magic number, but it's the closest thing to one +# that I could find. The 1 and 2 really mean "order in which you defined +# categories" and "left to right, top to bottom," respectively; the D and R +# mean that the cursor should move either down or right when you press Return. + +#30 string \x01D AppleWorks database data +#30 string \x02D AppleWorks database data +#30 string \x01R AppleWorks database data +#30 string \x02R AppleWorks database data + +# AppleWorks spreadsheet: +# +# Likewise, this isn't really meant as a magic number. The R or C means +# row- or column-order recalculation; the A or M means automatic or manual +# recalculation. + +#131 string RA AppleWorks spreadsheet data +#131 string RM AppleWorks spreadsheet data +#131 string CA AppleWorks spreadsheet data +#131 string CM AppleWorks spreadsheet data + +# Applesoft BASIC: +# +# This is incredibly sloppy, but will be true if the program was +# written at its usual memory location of 2048 and its first line +# number is less than 256. Yuck. +# update by Joerg Jenderek at Feb 2013 + +# GRR: this test is still too general as it catches also Gujin BOOT144.SYS (0xfa080000) +#0 belong&0xff00ff 0x80000 Applesoft BASIC program data +0 belong&0x00ff00ff 0x00080000 +# assuming that line number must be positive +>2 leshort >0 Applesoft BASIC program data, first line number %d +#>2 leshort x \b, first line number %d + +# ORCA/EZ assembler: +# +# This will not identify ORCA/M source files, since those have +# some sort of date code instead of the two zero bytes at 6 and 7 +# XXX Conflicts with ELF +#4 belong&0xff00ffff 0x01000000 ORCA/EZ assembler source data +#>5 byte x \b, build number %d + +# Broderbund Fantavision +# +# I don't know what these values really mean, but they seem to recur. +# Will they cause too many conflicts? + +# Probably :-) +#2 belong&0xFF00FF 0x040008 Fantavision movie data + +# Some attempts at images. +# +# These are actually just bit-for-bit dumps of the frame buffer, so +# there's really no reasonably way to distinguish them except for their +# address (if preserved) -- 8192 or 16384 -- and their length -- 8192 +# or, occasionally, 8184. +# +# Nevertheless this will manage to catch a lot of images that happen +# to have a solid-colored line at the bottom of the screen. + +# GRR: Magic too weak +#8144 string \x7F\x7F\x7F\x7F\x7F\x7F\x7F\x7F Apple II image with white background +#8144 string \x55\x2A\x55\x2A\x55\x2A\x55\x2A Apple II image with purple background +#8144 string \x2A\x55\x2A\x55\x2A\x55\x2A\x55 Apple II image with green background +#8144 string \xD5\xAA\xD5\xAA\xD5\xAA\xD5\xAA Apple II image with blue background +#8144 string \xAA\xD5\xAA\xD5\xAA\xD5\xAA\xD5 Apple II image with orange background + +# Beagle Bros. Apple Mechanic fonts + +0 belong&0xFF00FFFF 0x6400D000 Apple Mechanic font + +# Apple Universal Disk Image Format (UDIF) - dmg files. +# From Johan Gade. +# These entries are disabled for now until we fix the following issues. +# +# Note there might be some problems with the "VAX COFF executable" +# entry. Note this entry should be placed before the mac filesystem section, +# particularly the "Apple Partition data" entry. +# +# The intended meaning of these tests is, that the file is only of the +# specified type if both of the lines are correct - i.e. if the first +# line matches and the second doesn't then it is not of that type. +# +#0 long 0x7801730d +#>4 long 0x62626060 UDIF read-only zlib-compressed image (UDZO) +# +# Note that this entry is recognized correctly by the "Apple Partition +# data" entry - however since this entry is more specific - this +# information seems to be more useful. +#0 long 0x45520200 +#>0x410 string disk\ image UDIF read/write image (UDRW) + +# From: Toby Peterson +0 string bplist00 Apple binary property list + +# Apple binary property list (bplist) +# Assumes version bytes are hex. +# Provides content hints for version 0 files. Assumes that the root +# object is the first object (true for CoreFoundation implementation). +# From: David Remahl +0 string bplist +>6 byte x \bCoreFoundation binary property list data, version 0x%c +>>7 byte x \b%c +>6 string 00 \b +>>8 byte&0xF0 0x00 \b +>>>8 byte&0x0F 0x00 \b, root type: null +>>>8 byte&0x0F 0x08 \b, root type: false boolean +>>>8 byte&0x0F 0x09 \b, root type: true boolean +>>8 byte&0xF0 0x10 \b, root type: integer +>>8 byte&0xF0 0x20 \b, root type: real +>>8 byte&0xF0 0x30 \b, root type: date +>>8 byte&0xF0 0x40 \b, root type: data +>>8 byte&0xF0 0x50 \b, root type: ascii string +>>8 byte&0xF0 0x60 \b, root type: unicode string +>>8 byte&0xF0 0x80 \b, root type: uid (CORRUPT) +>>8 byte&0xF0 0xa0 \b, root type: array +>>8 byte&0xF0 0xd0 \b, root type: dictionary + +# Apple/NeXT typedstream data +# Serialization format used by NeXT and Apple for various +# purposes in YellowStep/Cocoa, including some nib files. +# From: David Remahl +2 string typedstream NeXT/Apple typedstream data, big endian +>0 byte x \b, version %d +>0 byte <5 \b +>>13 byte 0x81 \b +>>>14 ubeshort x \b, system %d +2 string streamtyped NeXT/Apple typedstream data, little endian +>0 byte x \b, version %d +>0 byte <5 \b +>>13 byte 0x81 \b +>>>14 uleshort x \b, system %d + +#------------------------------------------------------------------------------ +# CAF: Apple CoreAudio File Format +# +# Container format for high-end audio purposes. +# From: David Remahl +# +0 string caff CoreAudio Format audio file +>4 beshort <10 version %d +>6 beshort x + + +#------------------------------------------------------------------------------ +# Keychain database files +0 string kych Mac OS X Keychain File + +#------------------------------------------------------------------------------ +# Code Signing related file types +0 belong 0xfade0c00 Mac OS X Code Requirement +>8 belong 1 (opExpr) +>4 belong x - %d bytes + +0 belong 0xfade0c01 Mac OS X Code Requirement Set +>8 belong >1 containing %d items +>4 belong x - %d bytes + +0 belong 0xfade0c02 Mac OS X Code Directory +>8 belong x version %x +>12 belong >0 flags 0x%x +>4 belong x - %d bytes + +0 belong 0xfade0cc0 Mac OS X Detached Code Signature (non-executable) +>4 belong x - %d bytes + +0 belong 0xfade0cc1 Mac OS X Detached Code Signature +>8 belong >1 (%d elements) +>4 belong x - %d bytes + +# From: "Nelson A. de Oliveira" +# .vdi +4 string innotek\ VirtualBox\ Disk\ Image %s + +# Apple disk partition stuff +# URL: https://en.wikipedia.org/wiki/Apple_Partition_Map +# Reference: https://ftp.netbsd.org/pub/NetBSD/NetBSD-current/src/sys/sys/bootblock.h +# Update: Joerg Jenderek +# "ER" is APPLE_DRVR_MAP_MAGIC signature +0 beshort 0x4552 +# display Apple Driver Map (strength=50) after Syslinux bootloader (71) +#!:strength +0 +# strengthen the magic by looking for used blocksizes 512 2048 +>2 ubeshort&0xf1FF 0 Apple Driver Map +# last 6 bytes for padding found are 0 or end with 55AAh marker for MBR hybrid +#>>504 ubequad&0x0000FFffFFff0000 0 +!:mime application/x-apple-diskimage +!:apple ????devr +# https://en.wikipedia.org/wiki/Apple_Disk_Image +!:ext dmg/iso +# sbBlkSize for driver descriptor map 512 2048 +>>2 beshort x \b, blocksize %d +# sbBlkCount sometimes garbish like +# 0xb0200000 for unzlibed install_flash_player_19.0.0.245_osx.dmg +# 0xf2720100 for bunziped Firefox 48.0-2.dmg +# 0xeb02ffff for super_grub2_disk_hybrid_2.02s3.iso +# 0x00009090 by syslinux-6.03/utils/isohybrid.c +>>4 ubelong x \b, blockcount %u +# following device/driver information not very useful +# device type 0 1 (37008 garbage for super_grub2_disk_hybrid_2.02s3.iso) +>>8 ubeshort x \b, devtype %u +# device id 0 1 (37008 garbage for super_grub2_disk_hybrid_2.02s3.iso) +>>10 ubeshort x \b, devid %u +# driver data 0 (2425393296 garbage for super_grub2_disk_hybrid_2.02s3.iso) +>>12 ubelong >0 +>>>12 ubelong x \b, driver data %u +# number of driver descriptors sbDrvrCount <= 61 +# (37008 garbage for super_grub2_disk_hybrid_2.02s3.iso) +>>16 ubeshort x \b, driver count %u +# 61 * apple_drvr_descriptor[8]. information not very useful or same as in partition map +# >>18 use apple-driver-map +# >>26 use apple-driver-map +# # ... +# >>500 use apple-driver-map +# number of partitions is always same in every partition (map block count) +#>>0x0204 ubelong x \b, %u partitions +>>0x0204 ubelong >0 \b, contains[@0x200]: +>>>0x0200 use apple-apm +>>0x0204 ubelong >1 \b, contains[@0x400]: +>>>0x0400 use apple-apm +>>0x0204 ubelong >2 \b, contains[@0x600]: +>>>0x0600 use apple-apm +>>0x0204 ubelong >3 \b, contains[@0x800]: +>>>0x0800 use apple-apm +>>0x0204 ubelong >4 \b, contains[@0xA00]: +>>>0x0A00 use apple-apm +>>0x0204 ubelong >5 \b, contains[@0xC00]: +>>>0x0C00 use apple-apm +>>0x0204 ubelong >6 \b, contains[@0xE00]: +>>>0x0E00 use apple-apm +>>0x0204 ubelong >7 \b, contains[@0x1000]: +>>>0x1000 use apple-apm +# display apple driver descriptor map (start-block, # blocks in sbBlkSize sizes, type) +0 name apple-driver-map +>0 ubequad !0 +# descBlock first block of driver +>>0 ubelong x \b, driver start block %u +# descSize driver size in blocks +>>4 ubeshort x \b, size %u +# descType driver system type 1 701h F8FFh FFFFh +>>6 ubeshort x \b, type 0x%x + +# URL: https://en.wikipedia.org/wiki/Apple_Partition_Map +# Reference: https://opensource.apple.com/source/IOStorageFamily/IOStorageFamily-116/IOApplePartitionScheme.h +# Update: Joerg Jenderek +# Yes, the 3rd and 4th bytes pmSigPad are reserved, but we use them to make the +# magic stronger. +# for apple partition map stored as a single file +0 belong 0x504d0000 +# to display Apple Partition Map (strength=70) after Syslinux bootloader (71) +#!:strength +0 +>0 use apple-apm +# magic/Magdir/apple14.test, 365: Warning: Current entry does not yet have a description for adding a EXTENSION type +# file: could not find any valid magic files! +#!:ext bin +# display apple partition map. Normally called after Apple driver map +0 name apple-apm +>0 belong 0x504d0000 Apple Partition Map +# number of partitions +>>4 ubelong x \b, map block count %u +# logical block (512 bytes) start of partition +>>8 ubelong x \b, start block %u +>>12 ubelong x \b, block count %u +>>16 string >0 \b, name %s +>>48 string >0 \b, type %s +# processor type dpme_process_id[16] e.g. "68000" "68020" +>>120 string >0 \b, processor %s +# A/UX boot arguments BootArgs[128] +>>136 string >0 \b, boot arguments %s +# status of partition dpme_flags +>>88 belong & 1 \b, valid +>>88 belong & 2 \b, allocated +>>88 belong & 4 \b, in use +>>88 belong & 8 \b, has boot info +>>88 belong & 16 \b, readable +>>88 belong & 32 \b, writable +>>88 belong & 64 \b, pic boot code +>>88 belong & 128 \b, chain compatible driver +>>88 belong & 256 \b, real driver +>>88 belong & 512 \b, chain driver +# mount automatically at startup APPLE_PS_AUTO_MOUNT +>>88 ubelong &0x40000000 \b, mount at startup +# is the startup partition APPLE_PS_STARTUP +>>88 ubelong &0x80000000 \b, is the startup partition + +#https://wiki.mozilla.org/DS_Store_File_Format +#https://en.wikipedia.org/wiki/.DS_Store +0 string \0\0\0\1Bud1\0 Apple Desktop Services Store + +# HFS/HFS+ Resource fork files (andrew.roazen@nau.edu Apr 13 2015) +# Usually not in separate files, but have either filename rsrc with +# no extension, or a filename corresponding to another file, with +# extensions rsr/rsrc +0 string \000\000\001\000 +>4 leshort 0 +>>16 lelong 0 Apple HFS/HFS+ resource fork + +#https://en.wikipedia.org/wiki/AppleScript +0 string FasdUAS AppleScript compiled + +# AppleWorks/ClarisWorks +# https://github.com/joshenders/appleworks_format +# http://fileformats.archiveteam.org/wiki/AppleWorks +0 name appleworks +>0 belong&0x00ffffff 0x07e100 AppleWorks CWK Document +>0 belong&0x00ffffff 0x008803 ClarisWorks CWK Document +>0 default x +>>0 belong x AppleWorks/ClarisWorks CWK Document +>0 byte x \b, version %d +>30 beshort x \b, %d +>32 beshort x \bx%d +!:ext cwk + +4 string BOBO +>0 byte >4 +>>12 belong 0 +>>>26 belong 0 +>>>>0 use appleworks +>0 belong 0x0481ad00 +>>0 use appleworks + +# magic for Apple File System (APFS) +# from Alex Myczko +32 string NXSB Apple File System (APFS) +>36 ulelong x \b, blocksize %u + +# iTunes cover art (versions 1 and 2) +4 string itch +>24 string artw +>>0x1e8 string data iTunes cover art +>>>0x1ed string PNG (PNG) +>>>0x1ec beshort 0xffd8 (JPEG) + +# MacPaint image +65 string PNTGMPNT MacPaint image data +#0 belong 2 MacPaint image data diff --git a/magic/Magdir/application b/magic/Magdir/application new file mode 100644 index 0000000..ea30347 --- /dev/null +++ b/magic/Magdir/application @@ -0,0 +1,7 @@ + +#------------------------------------------------------------------------------ +# $File: apple,v 1.35 2016/08/17 09:45:13 christos Exp $ +# application: file(1) magic for applications on small devices +# +# Pebble Application +0 string PBLAPP\000\000 Pebble application diff --git a/magic/Magdir/applix b/magic/Magdir/applix new file mode 100644 index 0000000..ea69830 --- /dev/null +++ b/magic/Magdir/applix @@ -0,0 +1,13 @@ + +#------------------------------------------------------------------------------ +# $File$ +# applix: file(1) magic for Applixware +# From: Peter Soos +# +0 string *BEGIN Applixware +>7 string WORDS Words Document +>7 string GRAPHICS Graphic +>7 string RASTER Bitmap +>7 string SPREADSHEETS Spreadsheet +>7 string MACRO Macro +>7 string BUILDER Builder Object diff --git a/magic/Magdir/apt b/magic/Magdir/apt new file mode 100644 index 0000000..26fb3bd --- /dev/null +++ b/magic/Magdir/apt @@ -0,0 +1,52 @@ + +#------------------------------------------------------------------------------ +# $File: apple,v 1.35 2016/08/17 09:45:13 christos Exp $ +# apt: file(1) magic for APT Cache files +# +# + +# before version 10 ("old format"), data was in arch-specific long/short + +# old format 64 bit +0 name apt-cache-64bit-be +>12 beshort 1 \b, dirty +>40 bequad x \b, %llu packages +>48 bequad x \b, %llu versions + +# old format 32 bit +0 name apt-cache-32bit-be +>8 beshort 1 \b, dirty +>40 belong x \b, %u packages +>44 belong x \b, %u versions + +# new format +0 name apt-cache-be +>6 byte 1 \b, dirty +>24 belong x \b, %u packages +>28 belong x \b, %u versions + +0 bequad 0x98FE76DC +>8 ubeshort <10 APT cache data, version %u +>>10 beshort x \b.%u, 64 bit big-endian +>>0 use apt-cache-64bit-be + +0 lequad 0x98FE76DC +>8 uleshort <10 APT cache data, version %u +>>10 leshort x \b.%u, 64 bit little-endian +>>0 use \^apt-cache-64bit-be + +0 belong 0x98FE76DC +>4 ubeshort <10 APT cache data, version %u +>>6 ubeshort x \b.%u, 32 bit big-endian +>>0 use apt-cache-32bit-be +>4 ubyte >9 APT cache data, version %u +>>5 ubyte x \b.%u, big-endian +>>0 use apt-cache-be + +0 lelong 0x98FE76DC +>4 uleshort <10 APT cache data, version %u +>>6 uleshort x \b.%u, 32 bit little-endian +>>0 use \^apt-cache-32bit-be +>4 ubyte >9 APT cache data, version %u +>>5 ubyte x \b.%u, little-endian +>>0 use \^apt-cache-be diff --git a/magic/Magdir/archive b/magic/Magdir/archive new file mode 100644 index 0000000..cd0213f --- /dev/null +++ b/magic/Magdir/archive @@ -0,0 +1,1592 @@ +#------------------------------------------------------------------------------ +# $File: archive,v 1.129 2019/05/09 18:58:02 christos Exp $ +# archive: file(1) magic for archive formats (see also "msdos" for self- +# extracting compressed archives) +# +# cpio, ar, arc, arj, hpack, lha/lharc, rar, squish, uc2, zip, zoo, etc. +# pre-POSIX "tar" archives are also handled in the C code ../../src/is_tar.c. + +# POSIX tar archives +# URL: https://en.wikipedia.org/wiki/Tar_(computing) +# Reference: https://www.freebsd.org/cgi/man.cgi?query=tar&sektion=5&manpath=FreeBSD+8-current +# header mainly padded with nul bytes +500 quad 0 +!:strength /2 +# filename or extended attribute printable strings in range space null til umlaut ue +>0 ubeshort >0x1F00 +>>0 ubeshort <0xFCFD +# last 4 header bytes often null but tar\0 in gtarfail2.tar gtarfail.tar-bad +# at https://sourceforge.net/projects/s-tar/files/testscripts/ +>>>508 ubelong&0x8B9E8DFF 0 +# nul, space or ascii digit 0-7 at start of mode +>>>>100 ubyte&0xC8 =0 +>>>>>101 ubyte&0xC8 =0 +# nul, space at end of check sum +>>>>>>155 ubyte&0xDF =0 +# space or ascii digit 0 at start of check sum +>>>>>>>148 ubyte&0xEF =0x20 +>>>>>>>>0 use tar-file +# minimal check and then display tar archive information which can also be +# embedded inside others like Android Backup, Clam AntiVirus database +0 name tar-file +>257 string !ustar +# header padded with nuls +>>257 ulong =0 +# GNU tar version 1.29 with non pax format option without refusing +# creates misleading V7 header for Long path, Multi-volume, Volume type +>>>156 ubyte 0x4c GNU tar archive +!:mime application/x-gtar +!:ext tar/gtar +>>>156 ubyte 0x4d GNU tar archive +!:mime application/x-gtar +!:ext tar/gtar +>>>156 ubyte 0x56 GNU tar archive +!:mime application/x-gtar +!:ext tar/gtar +>>>156 default x tar archive (V7) +!:mime application/x-tar +!:ext tar +# other stuff in padding +# some implementations add new fields to the blank area at the end of the header record +# created for example by DOS TAR 3.20g 1994 Tim V.Shapore with -j option +>>257 ulong !0 tar archive (old) +!:mime application/x-tar +!:ext tar +# magic in newer, GNU, posix variants +>257 string =ustar +# 2 last char of magic and UStar version because string expression does not work +# 2 space characters followed by a null for GNU variant +>>261 ubelong =0x72202000 POSIX tar archive (GNU) +!:mime application/x-gtar +!:ext tar/gtar +# UStar version with ASCII "00" +>>261 ubelong 0x72003030 POSIX +# gLOBAL and ExTENSION type only found in POSIX.1-2001 format +>>>156 ubyte 0x67 \b.1-2001 +>>>156 ubyte 0x78 \b.1-2001 +>>>156 ubyte x tar archive +!:mime application/x-ustar +!:ext tar/ustar +# version with 2 binary nuls embedded in Android Backup like com.android.settings.ab +>>261 ubelong 0x72000000 tar archive (ustar) +!:mime application/x-ustar +!:ext tar/ustar +# not seen ustar variant with garbish version +>>261 default x tar archive (unknown ustar) +!:mime application/x-ustar +!:ext tar/ustar +# type flag of 1st tar archive member +#>156 ubyte x \b, %c-type +>156 ubyte x +>>156 ubyte 0 \b, file +>>156 ubyte 0x30 \b, file +>>156 ubyte 0x31 \b, hard link +>>156 ubyte 0x32 \b, symlink +>>156 ubyte 0x33 \b, char device +>>156 ubyte 0x34 \b, block device +>>156 ubyte 0x35 \b, directory +>>156 ubyte 0x36 \b, fifo +>>156 ubyte 0x37 \b, reserved +>>156 ubyte 0x4c \b, long path +>>156 ubyte 0x4d \b, multi volume +>>156 ubyte 0x56 \b, volume +>>156 ubyte 0x67 \b, global +>>156 ubyte 0x78 \b, extension +>>156 default x \b, type +>>>156 ubyte x '%c' +# name[100] +>0 string >\0 %-.60s +# mode mainly stored as an octal number in ASCII null or space terminated +>100 string >\0 \b, mode %-.7s +# user id mainly as octal numbers in ASCII null or space terminated +>108 string >\0 \b, uid %-.7s +# group id mainly as octal numbers in ASCII null or space terminated +>116 string >\0 \b, gid %-.7s +# size mainly as octal number in ASCII +>124 ubyte <0x38 +>>124 string >\0 \b, size %-.12s +# coding indicated by setting the high-order bit of the leftmost byte +>124 ubyte >0xEF \b, size 0x +>>124 ubyte !0xff \b%2.2x +>>125 ubyte !0xff \b%2.2x +>>126 ubyte !0xff \b%2.2x +>>127 ubyte !0xff \b%2.2x +>>128 ubyte !0xff \b%2.2x +>>129 ubyte !0xff \b%2.2x +>>130 ubyte !0xff \b%2.2x +>>131 ubyte !0xff \b%2.2x +>>132 ubyte !0xff \b%2.2x +>>133 ubyte !0xff \b%2.2x +>>134 ubyte !0xff \b%2.2x +>>135 ubyte !0xff \b%2.2x +# seconds since 0:0:0 1 jan 1970 UTC as octal number mainly in ASCII null or space terminated +>136 string >\0 \b, seconds %-.11s +# header checksum stored as an octal number in ASCII null or space terminated +#>148 string x \b, cksum %.7s +# linkname[100] +>157 string >\0 \b, linkname %-.40s +# additional fields for ustar +>257 string =ustar +# owner user name null terminated +>>265 string >\0 \b, user %-.32s +# group name null terminated +>>297 string >\0 \b, group %-.32s +# device major minor if not zero +>>329 ubequad&0xCFCFCFCFcFcFcFdf !0 +>>>329 string x \b, devmaj %-.7s +>>337 ubequad&0xCFCFCFCFcFcFcFdf !0 +>>>337 string x \b, devmin %-.7s +# prefix[155] +>>345 string >\0 \b, prefix %-.155s +# old non ustar/POSIX tar +>257 string !ustar +>>508 string =tar\0 +# padding[255] in old star +>>>257 string >\0 \b, padding: %-.40s +>>508 default x +# padding[255] in old tar sometimes comment field +>>>257 string >\0 \b, comment: %-.40s + +# Incremental snapshot gnu-tar format from: +# https://www.gnu.org/software/tar/manual/html_node/Snapshot-Files.html +0 string GNU\ tar- GNU tar incremental snapshot data +>&0 regex [0-9]\.[0-9]+-[0-9]+ version %s + +# cpio archives +# +# Yes, the top two "cpio archive" formats *are* supposed to just be "short". +# The idea is to indicate archives produced on machines with the same +# byte order as the machine running "file" with "cpio archive", and +# to indicate archives produced on machines with the opposite byte order +# from the machine running "file" with "byte-swapped cpio archive". +# +# The SVR4 "cpio(4)" hints that there are additional formats, but they +# are defined as "short"s; I think all the new formats are +# character-header formats and thus are strings, not numbers. +0 short 070707 cpio archive +!:mime application/x-cpio +0 short 0143561 byte-swapped cpio archive +!:mime application/x-cpio # encoding: swapped +0 string 070707 ASCII cpio archive (pre-SVR4 or odc) +0 string 070701 ASCII cpio archive (SVR4 with no CRC) +0 string 070702 ASCII cpio archive (SVR4 with CRC) + +# +# Various archive formats used by various versions of the "ar" +# command. +# + +# +# Original UNIX archive formats. +# They were written with binary values in host byte order, and +# the magic number was a host "int", which might have been 16 bits +# or 32 bits. We don't say "PDP-11" or "VAX", as there might have +# been ports to little-endian 16-bit-int or 32-bit-int platforms +# (x86?) using some of those formats; if none existed, feel free +# to use "PDP-11" for little-endian 16-bit and "VAX" for little-endian +# 32-bit. There might have been big-endian ports of that sort as +# well. +# +0 leshort 0177555 very old 16-bit-int little-endian archive +0 beshort 0177555 very old 16-bit-int big-endian archive +0 lelong 0177555 very old 32-bit-int little-endian archive +0 belong 0177555 very old 32-bit-int big-endian archive + +0 leshort 0177545 old 16-bit-int little-endian archive +>2 string __.SYMDEF random library +0 beshort 0177545 old 16-bit-int big-endian archive +>2 string __.SYMDEF random library +0 lelong 0177545 old 32-bit-int little-endian archive +>4 string __.SYMDEF random library +0 belong 0177545 old 32-bit-int big-endian archive +>4 string __.SYMDEF random library + +# +# From "pdp" (but why a 4-byte quantity?) +# +0 lelong 0x39bed PDP-11 old archive +0 lelong 0x39bee PDP-11 4.0 archive + +# +# XXX - what flavor of APL used this, and was it a variant of +# some ar archive format? It's similar to, but not the same +# as, the APL workspace magic numbers in pdp. +# +0 long 0100554 apl workspace + +# +# System V Release 1 portable(?) archive format. +# +0 string = System V Release 1 ar archive +!:mime application/x-archive + +# +# Debian package; it's in the portable archive format, and needs to go +# before the entry for regular portable archives, as it's recognized as +# a portable archive whose first member has a name beginning with +# "debian". +# +# Update: Joerg Jenderek +# URL: https://en.wikipedia.org/wiki/Deb_(file_format) +0 string =!\ndebian +# https://manpages.debian.org/testing/dpkg/dpkg-split.1.en.html +>14 string -split part of multipart Debian package +!:mime application/vnd.debian.binary-package +# udeb is used for stripped down deb file +!:ext deb/udeb +>14 string -binary Debian binary package +!:mime application/vnd.debian.binary-package +!:ext deb/udeb +# This should not happen +>14 default x Unknown Debian package +# NL terminated version; for most Debian cases this is 2.0 or 2.1 for splitted +>68 string >\0 (format %s) +#>68 string !2.0\n +#>>68 string x (format %.3s) +>68 string =2.0\n +# 2nd archive name=control archive name like control.tar.gz or control.tar.xz +>>72 string >\0 \b, with %.14s +# look for 3rd archive name=data archive name like data.tar.{gz,xz,bz2,lzma} +>>0 search/0x93e4f data.tar. \b, data compression +# the above line only works if FILE_BYTES_MAX in ../../src/file.h is raised +# for example like libreoffice-dev-doc_1%3a5.2.7-1+rpi1+deb9u3_all.deb +>>>&0 string x %.4s +# splitted debian package case +>68 string =2.1\n +# dpkg-1.18.25/dpkg-split/info.c +# NL terminated ASCII package name like ckermit +>>&0 string x \b, %s +# NL terminated package version like 302-5.3 +>>>&1 string x %s +# NL terminated MD5 checksum +>>>>&1 string x \b, MD5 %s +# NL terminated original package length +>>>>>&1 string x \b, unsplitted size %s +# NL terminated part length +>>>>>>&1 string x \b, part lenght %s +# NL terminated package part like n/m +>>>>>>>&1 string x \b, part %s +# NL terminated package architecture like armhf since dpkg 1.16.1 or later +>>>>>>>>&1 string x \b, %s + +# +# MIPS archive; they're in the portable archive format, and need to go +# before the entry for regular portable archives, as it's recognized as +# a portable archive whose first member has a name beginning with +# "__________E". +# +0 string =!\n__________E MIPS archive +!:mime application/x-archive +>20 string U with MIPS Ucode members +>21 string L with MIPSEL members +>21 string B with MIPSEB members +>19 string L and an EL hash table +>19 string B and an EB hash table +>22 string X -- out of date + +# +# BSD/SVR2-and-later portable archive formats. +# +# Update: Joerg Jenderek +# URL: http://fileformats.archiveteam.org/wiki/AR +# Reference: https://www.unix.com/man-page/opensolaris/3HEAD/ar.h/ +# Note: Mach-O universal binary in ./cafebabe is dependent +# TODO: unify current ar archive, MIPS archive, Debian package +# distinguish BSD, SVR; 32, 64 bit; HP from other 32-bit SVR; +# *.ar packages from *.a libraries. handle empty archive +0 string =!\n current ar archive +# print first and possibly second ar_name[16] for debugging purpose +#>8 string x \b, 1st "%.16s" +#>68 string x \b, 2nd "%.16s" +!:mime application/x-archive +# a in most case for libraries; lib for Microsoft libraries; ar else cases +!:ext a/lib/ar +>8 string __.SYMDEF random library +# first member with long marked name __.SYMDEF SORTED implies BSD library +>68 string __.SYMDEF\ SORTED random library +# Reference: https://parisc.wiki.kernel.org/images-parisc/b/b2/Rad_11_0_32.pdf +# "archive file" entry moved from ./hp +# LST header system_id 0210h~PA-RISC 1.1,... identifies the target architecture +# LST header a_magic 0619h~relocatable library +>68 belong 0x020b0619 - PA-RISC1.0 relocatable library +>68 belong 0x02100619 - PA-RISC1.1 relocatable library +>68 belong 0x02110619 - PA-RISC1.2 relocatable library +>68 belong 0x02140619 - PA-RISC2.0 relocatable library +#EOF for common ar archives + +# +# "Thin" archive, as can be produced by GNU ar. +# +0 string =!\n thin archive with +>68 belong 0 no symbol entries +>68 belong 1 %d symbol entry +>68 belong >1 %d symbol entries + +0 search/1 -h- Software Tools format archive text + +# ARC archiver, from Daniel Quinlan (quinlan@yggdrasil.com) +# +# The first byte is the magic (0x1a), byte 2 is the compression type for +# the first file (0x01 through 0x09), and bytes 3 to 15 are the MS-DOS +# filename of the first file (null terminated). Since some types collide +# we only test some types on basis of frequency: 0x08 (83%), 0x09 (5%), +# 0x02 (5%), 0x03 (3%), 0x04 (2%), 0x06 (2%). 0x01 collides with terminfo. +0 lelong&0x8080ffff 0x0000081a ARC archive data, dynamic LZW +!:mime application/x-arc +0 lelong&0x8080ffff 0x0000091a ARC archive data, squashed +!:mime application/x-arc +0 lelong&0x8080ffff 0x0000021a ARC archive data, uncompressed +!:mime application/x-arc +0 lelong&0x8080ffff 0x0000031a ARC archive data, packed +!:mime application/x-arc +0 lelong&0x8080ffff 0x0000041a ARC archive data, squeezed +!:mime application/x-arc +0 lelong&0x8080ffff 0x0000061a ARC archive data, crunched +!:mime application/x-arc +# [JW] stuff taken from idarc, obviously ARC successors: +0 lelong&0x8080ffff 0x00000a1a PAK archive data +!:mime application/x-arc +0 lelong&0x8080ffff 0x0000141a ARC+ archive data +!:mime application/x-arc +0 lelong&0x8080ffff 0x0000481a HYP archive data +!:mime application/x-arc + +# Acorn archive formats (Disaster prone simpleton, m91dps@ecs.ox.ac.uk) +# I can't create either SPARK or ArcFS archives so I have not tested this stuff +# [GRR: the original entries collide with ARC, above; replaced with combined +# version (not tested)] +#0 byte 0x1a RISC OS archive (spark format) +0 string \032archive RISC OS archive (ArcFS format) +0 string Archive\000 RISC OS archive (ArcFS format) + +# All these were taken from idarc, many could not be verified. Unfortunately, +# there were many low-quality sigs, i.e. easy to trigger false positives. +# Please notify me of any real-world fishy/ambiguous signatures and I'll try +# to get my hands on the actual archiver and see if I find something better. [JW] +# probably many can be enhanced by finding some 0-byte or control char near the start + +# idarc calls this Crush/Uncompressed... *shrug* +0 string CRUSH Crush archive data +# Squeeze It (.sqz) +0 string HLSQZ Squeeze It archive data +# SQWEZ +0 string SQWEZ SQWEZ archive data +# HPack (.hpk) +0 string HPAK HPack archive data +# HAP +0 string \x91\x33HF HAP archive data +# MD/MDCD +0 string MDmd MDCD archive data +# LIM +0 string LIM\x1a LIM archive data +# SAR +3 string LH5 SAR archive data +# BSArc/BS2 +0 string \212\3SB\020\0 BSArc/BS2 archive data +# Bethesda Softworks Archive (Oblivion) +0 string BSA\0 BSArc archive data +>4 lelong x version %d +# MAR +2 string =-ah MAR archive data +# ACB +#0 belong&0x00f800ff 0x00800000 ACB archive data +# CPZ +# TODO, this is what idarc says: 0 string \0\0\0 CPZ archive data +# JRC +0 string JRchive JRC archive data +# Quantum +0 string DS\0 Quantum archive data +# ReSOF +0 string PK\3\6 ReSOF archive data +# QuArk +0 string 7\4 QuArk archive data +# YAC +14 string YC YAC archive data +# X1 +0 string X1 X1 archive data +0 string XhDr X1 archive data +# CDC Codec (.dqt) +0 belong&0xffffe000 0x76ff2000 CDC Codec archive data +# AMGC +0 string \xad6" AMGC archive data +# NuLIB +0 string N\xc3\xb5F\xc3\xa9lx\xc3\xa5 NuLIB archive data +# PakLeo +0 string LEOLZW PAKLeo archive data +# ChArc +0 string SChF ChArc archive data +# PSA +0 string PSA PSA archive data +# CrossePAC +0 string DSIGDCC CrossePAC archive data +# Freeze +0 string \x1f\x9f\x4a\x10\x0a Freeze archive data +# KBoom +0 string \xc2\xa8MP\xc2\xa8 KBoom archive data +# NSQ, must go after CDC Codec +0 string \x76\xff NSQ archive data +# DPA +0 string Dirk\ Paehl DPA archive data +# BA +# TODO: idarc says "bytes 0-2 == bytes 3-5" +# TTComp +# URL: http://fileformats.archiveteam.org/wiki/TTComp_archive +# Update: Joerg Jenderek +# GRR: line below is too general as it matches also Panorama database "TCDB 2003-10 demo.pan", others +0 string \0\6 +# look for first keyword of Panorama database *.pan +>12 search/261 DESIGN +# skip keyword with low entropy +>12 default x TTComp archive, binary, 4K dictionary +# (version 5.25) labeled the above entry as "TTComp archive data" +# ESP, could this conflict with Easy Software Products' (e.g.ESP ghostscript) documentation? +0 string ESP ESP archive data +# ZPack +0 string \1ZPK\1 ZPack archive data +# Sky +0 string \xbc\x40 Sky archive data +# UFA +0 string UFA UFA archive data +# Dry +0 string =-H2O DRY archive data +# FoxSQZ +0 string FOXSQZ FoxSQZ archive data +# AR7 +0 string ,AR7 AR7 archive data +# PPMZ +0 string PPMZ PPMZ archive data +# MS Compress +# Update: Joerg Jenderek +# URL: http://fileformats.archiveteam.org/wiki/MS-DOS_installation_compression +# Reference: https://hwiegman.home.xs4all.nl/fileformats/compress/szdd_kwaj_format.html +# Note: use correct version of extracting tool like EXPAND, UNPACK, DECOMP or 7Z +4 string \x88\xf0\x27 +# KWAJ variant +>0 string KWAJ MS Compress archive data, KWAJ variant +!:mime application/x-ms-compress-kwaj +# extension not working in version 5.32 +# magic/Magdir/archive, 284: Warning: EXTENSION type ` ??_' has bad char '?' +# file: line 284: Bad magic entry ' ??_' +!:ext ??_ +# compression method (0-4) +>>8 uleshort x \b, %u method +# offset of compressed data +>>10 uleshort x \b, 0x%x offset +#>>(10.s) uleshort x +#>>>&-6 string x \b, TEST extension %-.3s +# header flags to mark header extensions +>>12 uleshort >0 \b, 0x%x flags +# 4 bytes: decompressed length of file +>>12 uleshort &0x01 +>>>14 ulelong x \b, original size: %u bytes +# 2 bytes: unknown purpose +# 2 bytes: length of unknown data + mentioned bytes +# 1-9 bytes: null-terminated file name +# 1-4 bytes: null-terminated file extension +>>12 uleshort &0x08 +>>>12 uleshort ^0x01 +>>>>12 uleshort ^0x02 +>>>>>12 uleshort ^0x04 +>>>>>>12 uleshort ^0x10 +>>>>>>>14 string x \b, %-.8s +>>>>>>12 uleshort &0x10 +>>>>>>>14 string x \b, %-.8s +>>>>>>>>&1 string x \b.%-.3s +>>>>>12 uleshort &0x04 +>>>>>>12 uleshort ^0x10 +>>>>>>>(14.s) uleshort x +>>>>>>>>&14 string x \b, %-.8s +>>>>>>12 uleshort &0x10 +>>>>>>>(14.s) uleshort x +>>>>>>>>&14 string x \b, %-.8s +>>>>>>>>>&1 string x \b.%-.3s +>>>>12 uleshort &0x02 +>>>>>12 uleshort ^0x04 +>>>>>>12 uleshort ^0x10 +>>>>>>>16 string x \b, %-.8s +>>>>>>12 uleshort &0x10 +>>>>>>>16 string x \b, %-.8s +>>>>>>>>&1 string x \b.%-.3s +>>>>>12 uleshort &0x04 +>>>>>>12 uleshort ^0x10 +>>>>>>>(16.s) uleshort x +>>>>>>>>&16 string x \b, %-.8s +>>>>>>12 uleshort &0x10 +>>>>>>>(16.s) uleshort x +>>>>>>>&16 string x %-.8s +>>>>>>>>&1 string x \b.%-.3s +>>>12 uleshort &0x01 +>>>>12 uleshort ^0x02 +>>>>>12 uleshort ^0x04 +>>>>>>12 uleshort ^0x10 +>>>>>>>18 string x \b, %-.8s +>>>>>>12 uleshort &0x10 +>>>>>>>18 string x \b, %-.8s +>>>>>>>>&1 string x \b.%-.3s +>>>>>12 uleshort &0x04 +>>>>>>12 uleshort ^0x10 +>>>>>>>(18.s) uleshort x +>>>>>>>>&18 string x \b, %-.8s +>>>>>>12 uleshort &0x10 +>>>>>>>(18.s) uleshort x +>>>>>>>>&18 string x \b, %-.8s +>>>>>>>>>&1 string x \b.%-.3s +>>>>12 uleshort &0x02 +>>>>>12 uleshort ^0x04 +>>>>>>12 uleshort ^0x10 +>>>>>>>20 string x \b, %-.8s +>>>>>>12 uleshort &0x10 +>>>>>>>20 string x \b, %-.8s +>>>>>>>>&1 string x \b.%-.3s +>>>>>12 uleshort &0x04 +>>>>>>12 uleshort ^0x10 +>>>>>>>(20.s) uleshort x +>>>>>>>>&20 string x \b, %-.8s +>>>>>>12 uleshort &0x10 +>>>>>>>(20.s) uleshort x +>>>>>>>>&20 string x \b, %-.8s +>>>>>>>>>&1 string x \b.%-.3s +# 2 bytes: length of data + mentioned bytes +# +# SZDD variant Haruhiko Okumura's LZSS or 7z type MsLZ +>0 string SZDD MS Compress archive data, SZDD variant +!:mime application/x-ms-compress-szdd +!:ext ??_ +# The character missing from the end of the filename (0=unknown) +>>9 string >\0 \b, %-.1s is last character of original name +# https://www.betaarchive.com/forum/viewtopic.php?t=26161 +# Compression mode: "A" (0x41) found but sometimes "B" in Windows 3.1 builds 026 and 034e +>>8 string !A \b, %-.1s method +>>10 ulelong >0 \b, original size: %u bytes +# QBasic SZDD variant +3 string \x88\xf0\x27 +>0 string SZ\x20 MS Compress archive data, QBasic variant +!:mime application/x-ms-compress-sz +!:ext ??$ +>>8 ulelong >0 \b, original size: %u bytes + +# MP3 (archiver, not lossy audio compression) +0 string MP3\x1a MP3-Archiver archive data +# ZET +0 string OZ\xc3\x9d ZET archive data +# TSComp +0 string \x65\x5d\x13\x8c\x08\x01\x03\x00 TSComp archive data +# ARQ +0 string gW\4\1 ARQ archive data +# Squash +3 string OctSqu Squash archive data +# Terse +0 string \5\1\1\0 Terse archive data +# PUCrunch +0 string \x01\x08\x0b\x08\xef\x00\x9e\x32\x30\x36\x31 PUCrunch archive data +# UHarc +0 string UHA UHarc archive data +# ABComp +0 string \2AB ABComp archive data +0 string \3AB2 ABComp archive data +# CMP +0 string CO\0 CMP archive data +# Splint +0 string \x93\xb9\x06 Splint archive data +# InstallShield +0 string \x13\x5d\x65\x8c InstallShield Z archive Data +# Gather +1 string GTH Gather archive data +# BOA +0 string BOA BOA archive data +# RAX +0 string ULEB\xa RAX archive data +# Xtreme +0 string ULEB\0 Xtreme archive data +# Pack Magic +0 string @\xc3\xa2\1\0 Pack Magic archive data +# BTS +0 belong&0xfeffffff 0x1a034465 BTS archive data +# ELI 5750 +0 string Ora\ ELI 5750 archive data +# QFC +0 string \x1aFC\x1a QFC archive data +0 string \x1aQF\x1a QFC archive data +# PRO-PACK +0 string RNC PRO-PACK archive data +# 777 +0 string 777 777 archive data +# LZS221 +0 string sTaC LZS221 archive data +# HPA +0 string HPA HPA archive data +# Arhangel +0 string LG Arhangel archive data +# EXP1, uses bzip2 +0 string 0123456789012345BZh EXP1 archive data +# IMP +0 string IMP\xa IMP archive data +# NRV +0 string \x00\x9E\x6E\x72\x76\xFF NRV archive data +# Squish +0 string \x73\xb2\x90\xf4 Squish archive data +# Par +0 string PHILIPP Par archive data +0 string PAR Par archive data +# HIT +0 string UB HIT archive data +# SBX +0 belong&0xfffff000 0x53423000 SBX archive data +# NaShrink +0 string NSK NaShrink archive data +# SAPCAR +0 string #\ CAR\ archive\ header SAPCAR archive data +0 string CAR\ 2.00RG SAPCAR archive data +# Disintegrator +0 string DST Disintegrator archive data +# ASD +0 string ASD ASD archive data +# InstallShield CAB +0 string ISc( InstallShield CAB +# TOP4 +0 string T4\x1a TOP4 archive data +# BatComp left out: sig looks like COM executable +# so TODO: get real 4dos batcomp file and find sig +# BlakHole +0 string BH\5\7 BlakHole archive data +# BIX +0 string BIX0 BIX archive data +# ChiefLZA +0 string ChfLZ ChiefLZA archive data +# Blink +0 string Blink Blink archive data +# Logitech Compress +0 string \xda\xfa Logitech Compress archive data +# ARS-Sfx (FIXME: really a SFX? then goto COM/EXE) +1 string (C)\ STEPANYUK ARS-Sfx archive data +# AKT/AKT32 +0 string AKT32 AKT32 archive data +0 string AKT AKT archive data +# NPack +0 string MSTSM NPack archive data +# PFT +0 string \0\x50\0\x14 PFT archive data +# SemOne +0 string SEM SemOne archive data +# PPMD +0 string \x8f\xaf\xac\x84 PPMD archive data +# FIZ +0 string FIZ FIZ archive data +# MSXiE +0 belong&0xfffff0f0 0x4d530000 MSXiE archive data +# DeepFreezer +0 belong&0xfffffff0 0x797a3030 DeepFreezer archive data +# DC +0 string =2 string \x2\x4 Xpack DiskImage archive data +#!:ext xdi +# XPack Data +# *.xpa updated by Joerg Jenderek Sep 2015 +# ftp://ftp.elf.stuba.sk/pub/pc/pack/ +0 string xpa XPA +!:ext xpa +# XPA32 +# ftp://ftp.elf.stuba.sk/pub/pc/pack/xpa32.zip +# created by XPA32.EXE version 1.0.2 for Windows +>0 string xpa\0\1 \b32 archive data +# created by XPACK.COM version 1.67m or 1.67r with short 0x1800 +>3 ubeshort !0x0001 \bck archive data +# XPack Single Data +# changed by Joerg Jenderek Sep 2015 back to like in version 5.12 +# letter 'I'+ acute accent is equivalent to \xcd +0 string \xcd\ jm Xpack single archive data +#!:mime application/x-xpa-compressed +!:ext xpa + +# TODO: missing due to unknown magic/magic at end of file: +#DWC +#ARG +#ZAR +#PC/3270 +#InstallIt +#RKive +#RK +#XPack Diskimage + +# These were inspired by idarc, but actually verified +# Dzip archiver (.dz) +# Update: Joerg Jenderek +# URL: http://speeddemosarchive.com/dzip/ +# reference: http://speeddemosarchive.com/dzip/dz29src.zip/main.c +# GRR: line below is too general as it matches also ASCII texts like Doszip commander help dz.txt +0 string DZ +# latest version is 2.9 dated 7 may 2003 +>2 byte <4 Dzip archive data +!:mime application/x-dzip +!:ext dz +>>2 byte x \b, version %i +>>3 byte x \b.%i +>>4 ulelong x \b, offset 0x%x +>>8 ulelong x \b, %u files +# ZZip archiver (.zz) +0 string ZZ\ \0\0 ZZip archive data +0 string ZZ0 ZZip archive data +# PAQ archiver (.paq) +0 string \xaa\x40\x5f\x77\x1f\xe5\x82\x0d PAQ archive data +0 string PAQ PAQ archive data +>3 byte&0xf0 0x30 +>>3 byte x (v%c) +# JAR archiver (.j), this is the successor to ARJ, not Java's JAR (which is essentially ZIP) +0xe string \x1aJar\x1b JAR (ARJ Software, Inc.) archive data +0 string JARCS JAR (ARJ Software, Inc.) archive data + +# ARJ archiver (jason@jarthur.Claremont.EDU) +0 leshort 0xea60 ARJ archive data +!:mime application/x-arj +>5 byte x \b, v%d, +>8 byte &0x04 multi-volume, +>8 byte &0x10 slash-switched, +>8 byte &0x20 backup, +>34 string x original name: %s, +>7 byte 0 os: MS-DOS +>7 byte 1 os: PRIMOS +>7 byte 2 os: Unix +>7 byte 3 os: Amiga +>7 byte 4 os: Macintosh +>7 byte 5 os: OS/2 +>7 byte 6 os: Apple ][ GS +>7 byte 7 os: Atari ST +>7 byte 8 os: NeXT +>7 byte 9 os: VAX/VMS +>3 byte >0 %d] +# [JW] idarc says this is also possible +2 leshort 0xea60 ARJ archive data + +# HA archiver (Greg Roelofs, newt@uchicago.edu) +# This is a really bad format. A file containing HAWAII will match this... +#0 string HA HA archive data, +#>2 leshort =1 1 file, +#>2 leshort >1 %hu files, +#>4 byte&0x0f =0 first is type CPY +#>4 byte&0x0f =1 first is type ASC +#>4 byte&0x0f =2 first is type HSC +#>4 byte&0x0f =0x0e first is type DIR +#>4 byte&0x0f =0x0f first is type SPECIAL +# suggestion: at least identify small archives (<1024 files) +0 belong&0xffff00fc 0x48410000 HA archive data +>2 leshort =1 1 file, +>2 leshort >1 %u files, +>4 byte&0x0f =0 first is type CPY +>4 byte&0x0f =1 first is type ASC +>4 byte&0x0f =2 first is type HSC +>4 byte&0x0f =0x0e first is type DIR +>4 byte&0x0f =0x0f first is type SPECIAL + +# HPACK archiver (Peter Gutmann, pgut1@cs.aukuni.ac.nz) +0 string HPAK HPACK archive data + +# JAM Archive volume format, by Dmitry.Kohmanyuk@UA.net +0 string \351,\001JAM\ JAM archive, +>7 string >\0 version %.4s +>0x26 byte =0x27 - +>>0x2b string >\0 label %.11s, +>>0x27 lelong x serial %08x, +>>0x36 string >\0 fstype %.8s + +# LHARC/LHA archiver (Greg Roelofs, newt@uchicago.edu) +# Update: Joerg Jenderek +# URL: https://en.wikipedia.org/wiki/LHA_(file_format) +# Reference: https://web.archive.org/web/20021005080911/http://www.osirusoft.com/joejared/lzhformat.html +# +# check and display information of lharc (LHa,PMarc) file +0 name lharc-file +# check 1st character of method id like -lz4- -lh5- or -pm2- +>2 string - +# check 5th character of method id +>>6 string - +# check header level 0 1 2 3 +>>>20 ubyte <4 +# check 2nd, 3th and 4th character of method id +>>>>3 regex \^(lh[0-9a-ex]|lz[s2-8]|pm[012]|pc1) \b +!:mime application/x-lzh-compressed +# creator type "LHA " +!:apple ????LHA +# display archive type name like "LHa/LZS archive data" or "LArc archive" +>>>>>2 string -lz \b +!:ext lzs +# already known -lzs- -lz4- -lz5- with old names +>>>>>>2 string -lzs LHa/LZS archive data +>>>>>>3 regex \^lz[45] LHarc 1.x archive data +# missing -lz?- with wikipedia names +>>>>>>3 regex \^lz[2378] LArc archive +# display archive type name like "LHa (2.x) archive data" +>>>>>2 string -lh \b +# already known -lh0- -lh1- -lh2- -lh3- -lh4- -lh5- -lh6- -lh7- -lhd- variants with old names +>>>>>>3 regex \^lh[01] LHarc 1.x/ARX archive data +# LHice archiver use ".ICE" as name extension instead usual one ".lzh" +# FOOBAR archiver use ".foo" as name extension instead usual one +# "Florain Orjanov's and Olga Bachetska's ARchiver" not found at the moment +>>>>>>>2 string -lh1 \b +!:ext lha/lzh/ice +>>>>>>3 regex \^lh[23d] LHa 2.x? archive data +>>>>>>3 regex \^lh[7] LHa (2.x)/LHark archive data +>>>>>>3 regex \^lh[456] LHa (2.x) archive data +>>>>>>>2 string -lh5 \b +# https://en.wikipedia.org/wiki/BIOS +# Some mainboard BIOS like Award use LHa compression. So archives with unusal extension are found like +# bios.rom , kd7_v14.bin, 1010.004, ... +!:ext lha/lzh/rom/bin +# missing -lh?- variants (Joe Jared) +>>>>>>3 regex \^lh[89a-ce] LHa (Joe Jared) archive +# UNLHA32 2.67a +>>>>>>2 string -lhx LHa (UNLHA32) archive +# lha archives with standard file name extensions ".lha" ".lzh" +>>>>>>3 regex !\^(lh1|lh5) \b +!:ext lha/lzh +# this should not happen if all -lh variants are described +>>>>>>2 default x LHa (unknown) archive +#!:ext lha +# PMarc +>>>>>3 regex \^pm[012] PMarc archive data +!:ext pma +# append method id without leading and trailing minus character +>>>>>3 string x [%3.3s] +>>>>>>0 use lharc-header +# +# check and display information of lharc header +0 name lharc-header +# header size 0x4 , 0x1b-0x61 +>0 ubyte x +# compressed data size != compressed file size +#>7 ulelong x \b, data size %d +# attribute: 0x2~?? 0x10~symlink|target 0x20~normal +#>19 ubyte x \b, 19_0x%x +# level identifier 0 1 2 3 +#>20 ubyte x \b, level %d +# time stamp +#>15 ubelong x DATE 0x%8.8x +# OS ID for level 1 +>20 ubyte 1 +# 0x20 types find for *.rom files +>>(21.b+24) ubyte <0x21 \b, 0x%x OS +# ascii type like M for MSDOS +>>(21.b+24) ubyte >0x20 \b, '%c' OS +# OS ID for level 2 +>20 ubyte 2 +#>>23 ubyte x \b, OS ID 0x%x +>>23 ubyte <0x21 \b, 0x%x OS +>>23 ubyte >0x20 \b, '%c' OS +# filename only for level 0 and 1 +>20 ubyte <2 +# length of filename +>>21 ubyte >0 \b, with +# filename +>>>21 pstring x "%s" +# +#2 string -lh0- LHarc 1.x/ARX archive data [lh0] +#!:mime application/x-lharc +2 string -lh0- +>0 use lharc-file +#2 string -lh1- LHarc 1.x/ARX archive data [lh1] +#!:mime application/x-lharc +2 string -lh1- +>0 use lharc-file +# NEW -lz2- ... -lz8- +2 string -lz2- +>0 use lharc-file +2 string -lz3- +>0 use lharc-file +2 string -lz4- +>0 use lharc-file +2 string -lz5- +>0 use lharc-file +2 string -lz7- +>0 use lharc-file +2 string -lz8- +>0 use lharc-file +# [never seen any but the last; -lh4- reported in comp.compression:] +#2 string -lzs- LHa/LZS archive data [lzs] +2 string -lzs- +>0 use lharc-file +# According to wikipedia and others such a version does not exist +#2 string -lh\40- LHa 2.x? archive data [lh ] +#2 string -lhd- LHa 2.x? archive data [lhd] +2 string -lhd- +>0 use lharc-file +#2 string -lh2- LHa 2.x? archive data [lh2] +2 string -lh2- +>0 use lharc-file +#2 string -lh3- LHa 2.x? archive data [lh3] +2 string -lh3- +>0 use lharc-file +#2 string -lh4- LHa (2.x) archive data [lh4] +2 string -lh4- +>0 use lharc-file +#2 string -lh5- LHa (2.x) archive data [lh5] +2 string -lh5- +>0 use lharc-file +#2 string -lh6- LHa (2.x) archive data [lh6] +2 string -lh6- +>0 use lharc-file +#2 string -lh7- LHa (2.x)/LHark archive data [lh7] +2 string -lh7- +# !:mime application/x-lha +# >20 byte x - header level %d +>0 use lharc-file +# NEW -lh8- ... -lhe- , -lhx- +2 string -lh8- +>0 use lharc-file +2 string -lh9- +>0 use lharc-file +2 string -lha- +>0 use lharc-file +2 string -lhb- +>0 use lharc-file +2 string -lhc- +>0 use lharc-file +2 string -lhe- +>0 use lharc-file +2 string -lhx- +>0 use lharc-file +# taken from idarc [JW] +2 string -lZ PUT archive data +# already done by LHarc magics +# this should never happen if all sub types of LZS archive are identified +#2 string -lz LZS archive data +2 string -sw1- Swag archive data + +0 name rar-file-header +>24 byte 15 \b, v1.5 +>24 byte 20 \b, v2.0 +>24 byte 29 \b, v4 +>15 byte 0 \b, os: MS-DOS +>15 byte 1 \b, os: OS/2 +>15 byte 2 \b, os: Win32 +>15 byte 3 \b, os: Unix +>15 byte 4 \b, os: Mac OS +>15 byte 5 \b, os: BeOS + +0 name rar-archive-header +>3 leshort&0x1ff >0 \b, flags: +>>3 leshort &0x01 ArchiveVolume +>>3 leshort &0x02 Commented +>>3 leshort &0x04 Locked +>>3 leshort &0x10 NewVolumeNaming +>>3 leshort &0x08 Solid +>>3 leshort &0x20 Authenticated +>>3 leshort &0x40 RecoveryRecordPresent +>>3 leshort &0x80 EncryptedBlockHeader +>>3 leshort &0x100 FirstVolume + +# RAR (Roshal Archive) archive +0 string Rar!\x1a\7\0 RAR archive data +!:mime application/x-rar +!:ext rar/cbr +# file header +>(0xc.l+9) byte 0x74 +>>(0xc.l+7) use rar-file-header +# subblock seems to share information with file header +>(0xc.l+9) byte 0x7a +>>(0xc.l+7) use rar-file-header +>9 byte 0x73 +>>7 use rar-archive-header + +0 string Rar!\x1a\7\1\0 RAR archive data, v5 +!:mime application/x-rar +!:ext rar + +# Very old RAR archive +# https://jasonblanks.com/wp-includes/images/papers/KnowyourarchiveRAR.pdf +0 string RE\x7e\x5e RAR archive data (26 string \x8\0\0\0mimetypeapplication/ + +# KOffice / OpenOffice & StarOffice / OpenDocument formats +# From: Abel Cheung + +# KOffice (1.2 or above) formats +# (mimetype contains "application/vnd.kde.") +>>50 string vnd.kde. KOffice (>=1.2) +>>>58 string karbon Karbon document +>>>58 string kchart KChart document +>>>58 string kformula KFormula document +>>>58 string kivio Kivio document +>>>58 string kontour Kontour document +>>>58 string kpresenter KPresenter document +>>>58 string kspread KSpread document +>>>58 string kword KWord document + +# OpenOffice formats (for OpenOffice 1.x / StarOffice 6/7) +# (mimetype contains "application/vnd.sun.xml.") +>>50 string vnd.sun.xml. OpenOffice.org 1.x +>>>62 string writer Writer +>>>>68 byte !0x2e document +>>>>68 string .template template +>>>>68 string .global global document +>>>62 string calc Calc +>>>>66 byte !0x2e spreadsheet +>>>>66 string .template template +>>>62 string draw Draw +>>>>66 byte !0x2e document +>>>>66 string .template template +>>>62 string impress Impress +>>>>69 byte !0x2e presentation +>>>>69 string .template template +>>>62 string math Math document +>>>62 string base Database file + +# OpenDocument formats (for OpenOffice 2.x / StarOffice >= 8) +# https://lists.oasis-open.org/archives/office/200505/msg00006.html +# (mimetype contains "application/vnd.oasis.opendocument.") +>>50 string vnd.oasis.opendocument. OpenDocument +>>>73 string text +>>>>77 byte !0x2d Text +!:mime application/vnd.oasis.opendocument.text +>>>>77 string -template Text Template +!:mime application/vnd.oasis.opendocument.text-template +>>>>77 string -web HTML Document Template +!:mime application/vnd.oasis.opendocument.text-web +>>>>77 string -master Master Document +!:mime application/vnd.oasis.opendocument.text-master +>>>73 string graphics +>>>>81 byte !0x2d Drawing +!:mime application/vnd.oasis.opendocument.graphics +>>>>81 string -template Template +!:mime application/vnd.oasis.opendocument.graphics-template +>>>73 string presentation +>>>>85 byte !0x2d Presentation +!:mime application/vnd.oasis.opendocument.presentation +>>>>85 string -template Template +!:mime application/vnd.oasis.opendocument.presentation-template +>>>73 string spreadsheet +>>>>84 byte !0x2d Spreadsheet +!:mime application/vnd.oasis.opendocument.spreadsheet +>>>>84 string -template Template +!:mime application/vnd.oasis.opendocument.spreadsheet-template +>>>73 string chart +>>>>78 byte !0x2d Chart +!:mime application/vnd.oasis.opendocument.chart +>>>>78 string -template Template +!:mime application/vnd.oasis.opendocument.chart-template +>>>73 string formula +>>>>80 byte !0x2d Formula +!:mime application/vnd.oasis.opendocument.formula +>>>>80 string -template Template +!:mime application/vnd.oasis.opendocument.formula-template +>>>73 string database Database +!:mime application/vnd.oasis.opendocument.database +# Valid for LibreOffice Base 6.0.1.1 at least +>>>73 string base Database +!:mime application/vnd.oasis.opendocument.base +>>>73 string image +>>>>78 byte !0x2d Image +!:mime application/vnd.oasis.opendocument.image +>>>>78 string -template Template +!:mime application/vnd.oasis.opendocument.image-template + +# EPUB (OEBPS) books using OCF (OEBPS Container Format) +# https://www.idpf.org/ocf/ocf1.0/download/ocf10.htm, section 4. +# From: Ralf Brown +>>50 string epub+zip EPUB document +!:mime application/epub+zip + +# Catch other ZIP-with-mimetype formats +# In a ZIP file, the bytes immediately after a member's contents are +# always "PK". The 2 regex rules here print the "mimetype" member's +# contents up to the first 'P'. Luckily, most MIME types don't contain +# any capital 'P's. This is a kludge. +# (mimetype contains "application/") +>>50 string !epub+zip +>>>50 string !vnd.oasis.opendocument. +>>>>50 string !vnd.sun.xml. +>>>>>50 string !vnd.kde. +>>>>>>38 regex [!-OQ-~]+ Zip data (MIME type "%s"?) +!:mime application/zip +# (mimetype contents other than "application/*") +>26 string \x8\0\0\0mimetype +>>38 string !application/ +>>>38 regex [!-OQ-~]+ Zip data (MIME type "%s"?) +!:mime application/zip + +# Java Jar files +>(26.s+30) leshort 0xcafe Java archive data (JAR) +!:mime application/java-archive + +# iOS App +>(26.s+30) leshort !0xcafe +>>26 string !\x8\0\0\0mimetype +>>>30 string Payload/ +>>>>38 search/64 .app/ iOS App +!:mime application/x-ios-app + + +# Generic zip archives (Greg Roelofs, c/o zip-bugs@wkuvx1.wku.edu) +# Next line excludes specialized formats: +>(26.s+30) leshort !0xcafe +>>26 string !\x8\0\0\0mimetype Zip archive data +!:mime application/zip +>>>4 beshort x \b, at least +>>>4 use zipversion +>>>4 beshort x to extract +>>>0x161 string WINZIP \b, WinZIP self-extracting + +# StarView Metafile +# From Pierre Ducroquet +0 string VCLMTF StarView MetaFile +>6 beshort x \b, version %d +>8 belong x \b, size %d + +# Zoo archiver +20 lelong 0xfdc4a7dc Zoo archive data +!:mime application/x-zoo +>4 byte >48 \b, v%c. +>>6 byte >47 \b%c +>>>7 byte >47 \b%c +>32 byte >0 \b, modify: v%d +>>33 byte x \b.%d+ +>42 lelong 0xfdc4a7dc \b, +>>70 byte >0 extract: v%d +>>>71 byte x \b.%d+ + +# Shell archives +10 string #\ This\ is\ a\ shell\ archive shell archive text +!:mime application/octet-stream + +# +# LBR. NB: May conflict with the questionable +# "binary Computer Graphics Metafile" format. +# +0 string \0\ \ \ \ \ \ \ \ \ \ \ \0\0 LBR archive data +# +# PMA (CP/M derivative of LHA) +# Update: Joerg Jenderek +# URL: https://en.wikipedia.org/wiki/LHA_(file_format) +# +#2 string -pm0- PMarc archive data [pm0] +2 string -pm0- +>0 use lharc-file +#2 string -pm1- PMarc archive data [pm1] +2 string -pm1- +>0 use lharc-file +#2 string -pm2- PMarc archive data [pm2] +2 string -pm2- +>0 use lharc-file +2 string -pms- PMarc SFX archive (CP/M, DOS) +#!:mime application/x-foobar-exec +!:ext com +5 string -pc1- PopCom compressed executable (CP/M) +#!:mime application/x- +#!:ext com + +# From Rafael Laboissiere +# The Project Revision Control System (see +# http://prcs.sourceforge.net) generates a packaged project +# file which is recognized by the following entry: +0 leshort 0xeb81 PRCS packaged project + +# Microsoft cabinets +# by David Necas (Yeti) +#0 string MSCF\0\0\0\0 Microsoft cabinet file data, +#>25 byte x v%d +#>24 byte x \b.%d +# MPi: All CABs have version 1.3, so this is pointless. +# Better magic in debian-additions. + +# GTKtalog catalogs +# by David Necas (Yeti) +4 string gtktalog\ GTKtalog catalog data, +>13 string 3 version 3 +>>14 beshort 0x677a (gzipped) +>>14 beshort !0x677a (not gzipped) +>13 string >3 version %s + +############################################################################ +# Parity archive reconstruction file, the 'par' file format now used on Usenet. +0 string PAR\0 PARity archive data +>48 leshort =0 - Index file +>48 leshort >0 - file number %d + +# Felix von Leitner +0 string d8:announce BitTorrent file +!:mime application/x-bittorrent +# Durval Menezes, +0 string d13:announce-list BitTorrent file +!:mime application/x-bittorrent + +# Atari MSA archive - Teemu Hukkanen +0 beshort 0x0e0f Atari MSA archive data +>2 beshort x \b, %d sectors per track +>4 beshort 0 \b, 1 sided +>4 beshort 1 \b, 2 sided +>6 beshort x \b, starting track: %d +>8 beshort x \b, ending track: %d + +# Alternate ZIP string (amc@arwen.cs.berkeley.edu) +0 string PK00PK\003\004 Zip archive data +!:mime application/zip +!:ext zip/cbz + +# ACE archive (from http://www.wotsit.org/download.asp?f=ace) +# by Stefan `Sec` Zehl +7 string **ACE** ACE archive data +>15 byte >0 version %d +>16 byte =0x00 \b, from MS-DOS +>16 byte =0x01 \b, from OS/2 +>16 byte =0x02 \b, from Win/32 +>16 byte =0x03 \b, from Unix +>16 byte =0x04 \b, from MacOS +>16 byte =0x05 \b, from WinNT +>16 byte =0x06 \b, from Primos +>16 byte =0x07 \b, from AppleGS +>16 byte =0x08 \b, from Atari +>16 byte =0x09 \b, from Vax/VMS +>16 byte =0x0A \b, from Amiga +>16 byte =0x0B \b, from Next +>14 byte x \b, version %d to extract +>5 leshort &0x0080 \b, multiple volumes, +>>17 byte x \b (part %d), +>5 leshort &0x0002 \b, contains comment +>5 leshort &0x0200 \b, sfx +>5 leshort &0x0400 \b, small dictionary +>5 leshort &0x0800 \b, multi-volume +>5 leshort &0x1000 \b, contains AV-String +>>30 string \x16*UNREGISTERED\x20VERSION* (unregistered) +>5 leshort &0x2000 \b, with recovery record +>5 leshort &0x4000 \b, locked +>5 leshort &0x8000 \b, solid +# Date in MS-DOS format (whatever that is) +#>18 lelong x Created on + +# sfArk : compression program for Soundfonts (sf2) by Dirk Jagdmann +# +0x1A string sfArk sfArk compressed Soundfont +>0x15 string 2 +>>0x1 string >\0 Version %s +>>0x2A string >\0 : %s + +# DR-DOS 7.03 Packed File *.??_ +0 string Packed\ File\ Personal NetWare Packed File +>12 string x \b, was "%.12s" + +# EET archive +# From: Tilman Sauerbeck +0 belong 0x1ee7ff00 EET archive +!:mime application/x-eet + +# rzip archives +0 string RZIP rzip compressed data +>4 byte x - version %d +>5 byte x \b.%d +>6 belong x (%d bytes) + +# From: Joerg Jenderek +# URL: https://help.foxitsoftware.com/kb/install-fzip-file.php +# reference: http://mark0.net/download/triddefs_xml.7z/ +# defs/f/fzip.trid.xml +# Note: unknown compression; No "PK" zip magic; normally in directory like +# "%APPDATA%\Foxit Software\Addon\Foxit Reader\Install" +0 ubequad 0x2506781901010000 Foxit add-on/update +!:mime application/x-fzip +!:ext fzip + +# From: "Robert Dale" +0 belong 123 dar archive, +>4 belong x label "%.8x +>>8 belong x %.8x +>>>12 beshort x %.4x" +>14 byte 0x54 end slice +>14 beshort 0x4e4e multi-part +>14 beshort 0x4e53 multi-part, with -S + +# Symbian installation files +# https://www.thouky.co.uk/software/psifs/sis.html +# http://developer.symbian.com/main/downloads/papers/SymbianOSv91/softwareinstallsis.pdf +8 lelong 0x10000419 Symbian installation file +!:mime application/vnd.symbian.install +>4 lelong 0x1000006D (EPOC release 3/4/5) +>4 lelong 0x10003A12 (EPOC release 6) +0 lelong 0x10201A7A Symbian installation file (Symbian OS 9.x) +!:mime x-epoc/x-sisx-app + +# From "Nelson A. de Oliveira" +0 string MPQ\032 MoPaQ (MPQ) archive + +# From: "Nelson A. de Oliveira" +# .kgb +0 string KGB_arch KGB Archiver file +>10 string x with compression level %.1s + +# xar (eXtensible ARchiver) archive +# URL: https://en.wikipedia.org/wiki/Xar_(archiver) +# xar archive format: https://code.google.com/p/xar/ +# From: "David Remahl" +# Update: Joerg Jenderek +# TODO: lzma compression; X509Data for pkg and xip +# Note: verified by `xar --dump-header -f FullBundleUpdate.xar` or +# 7z t -txar Xcode_10.2_beta_4.xip` +0 string xar! xar archive +!:mime application/x-xar +# pkg for Mac OSX installer package like FullBundleUpdate.pkg +# xip for signed Apple software like Xcode_10.2_beta_4.xip +!:ext xar/pkg/xip +# always 28 in older archives +>4 ubeshort >28 \b, header size %u +# currently there exit only version 1 since about 2014 +>6 ubeshort >1 version %u, +>8 ubequad x compressed TOC: %llu, +#>16 ubequad x uncompressed TOC: %llu, +# cksum_alg 0-2 in older and also 3-4 in newer +>24 belong 0 no checksum +>24 belong 1 SHA-1 checksum +>24 belong 2 MD5 checksum +>24 belong 3 SHA-256 checksum +>24 belong 4 SHA-512 checksum +>24 belong >4 unknown 0x%x checksum +#>24 belong >4 checksum +# For no compression jump 0 bytes +>24 belong 0 +>>0 ubyte x +# jump more bytes forward by header size +>>>&(4.S) ubyte x +# jump more bytes forward by compressed table of contents size +#>>>>&(8.Q) ubequad x \b, heap data 0x%llx +>>>>&(8.Q) ubyte x +# look for data by ./compress after message with 1 space at end +>>>>>&-3 indirect x \b, contains +# For SHA-1 jump 20 minus 2 bytes +>24 belong 1 +>>18 ubyte x +# jump more bytes forward by header size +>>>&(4.S) ubyte x +# jump more bytes forward by compressed table of contents size +>>>>&(8.Q) ubyte x +# data compressed by gzip, bzip, lzma or none +>>>>>&-1 indirect x \b, contains +# For SHA-256 jump 32 minus 2 bytes +>24 belong 3 +>>30 ubyte x +# jump more bytes forward by header size +>>>&(4.S) ubyte x +# jump more bytes forward by compressed table of contents size +>>>>&(8.Q) ubyte x +>>>>>&-1 indirect x \b, contains +# For SHA-512 jump 64 minus 2 bytes +>24 belong 4 +>>62 ubyte x +# jump more bytes forward by header size +>>>&(4.S) ubyte x +# jump more bytes forward by compressed table of contents size +>>>>&(8.Q) ubyte x +>>>>>&-1 indirect x \b, contains + +# Type: Parity Archive +# From: Daniel van Eeden +0 string PAR2 Parity Archive Volume Set + +# Bacula volume format. (Volumes always start with a block header.) +# URL: https://bacula.org/3.0.x-manuals/en/developers/developers/Block_Header.html +# From: Adam Buchbinder +12 string BB02 Bacula volume +>20 bedate x \b, started %s + +# ePub is XHTML + XML inside a ZIP archive. The first member of the +# archive must be an uncompressed file called 'mimetype' with contents +# 'application/epub+zip' + + +# From: "Michael Gorny" +# ZPAQ: http://mattmahoney.net/dc/zpaq.html +0 string zPQ ZPAQ stream +>3 byte x \b, level %d +# From: Barry Carter +# https://encode.ru/threads/456-zpaq-updates/page32 +0 string 7kSt ZPAQ file + +# BBeB ebook, unencrypted (LRF format) +# URL: https://www.sven.de/librie/Librie/LrfFormat +# From: Adam Buchbinder +0 string L\0R\0F\0\0\0 BBeB ebook data, unencrypted +>8 beshort x \b, version %d +>36 byte 1 \b, front-to-back +>36 byte 16 \b, back-to-front +>42 beshort x \b, (%dx, +>44 beshort x %d) + +# Symantec GHOST image by Joerg Jenderek at May 2014 +# https://us.norton.com/ghost/ +# https://www.garykessler.net/library/file_sigs.html +0 ubelong&0xFFFFf7f0 0xFEEF0100 Norton GHost image +# *.GHO +>2 ubyte&0x08 0x00 \b, first file +# *.GHS or *.[0-9] with cns program option +>2 ubyte&0x08 0x08 \b, split file +# part of split index interesting for *.ghs +>>4 ubyte x id=0x%x +# compression tag minus one equals numeric compression command line switch z[1-9] +>3 ubyte 0 \b, no compression +>3 ubyte 2 \b, fast compression (Z1) +>3 ubyte 3 \b, medium compression (Z2) +>3 ubyte >3 +>>3 ubyte <11 \b, compression (Z%d-1) +>2 ubyte&0x08 0x00 +# ~ 30 byte password field only for *.gho +>>12 ubequad !0 \b, password protected +>>44 ubyte !1 +# 1~Image All, sector-by-sector only for *.gho +>>>10 ubyte 1 \b, sector copy +# 1~Image Boot track only for *.gho +>>>43 ubyte 1 \b, boot track +# 1~Image Disc only for *.gho implies Image Boot track and sector copy +>>44 ubyte 1 \b, disc sector copy +# optional image description only *.gho +>>0xff string >\0 "%-.254s" +# look for DOS sector end sequence +>0xE08 search/7776 \x55\xAA +>>&-512 indirect x \b; contains + +# Google Chrome extensions +# https://developer.chrome.com/extensions/crx +# https://developer.chrome.com/extensions/hosting +0 string Cr24 Google Chrome extension +!:mime application/x-chrome-extension +>4 ulong x \b, version %u + +# SeqBox - Sequenced container +# ext: sbx, seqbox +# Marco Pontello marcopon@gmail.com +# reference: https://github.com/MarcoPon/SeqBox +0 string SBx SeqBox, +>3 byte x version %d + +# LyNX archive +56 string USE\040LYNX\040TO\040DISSOLVE\040THIS\040FILE LyNX archive + +# From: Joerg Jenderek +# URL: https://www.acronis.com/ +# Reference: https://en.wikipedia.org/wiki/TIB_(file_format) +# Note: only tested with True Image 2013 Build 5962 and 2019 Build 14110 +0 ubequad 0xce24b9a220000000 Acronis True Image backup +!:mime application/x-acronis-tib +!:ext tib +# 01000000 +#>20 ubelong x \b, at 20 0x%x +# 20000000 +#>28 ubelong x \b, at 28 0x%x +# strings like "Generic- SD/MMC 1.00" "Unknown Disk" "Msft Virtual Disk 1.0" +# ??? +# strings like "\Device\0000011e" "\Device\0000015a" +#>0 search/0x6852300/cs \\Device\\ +#>>&-1 pstring x \b, %s +# "\Device\HarddiskVolume30" "\Device\HarddiskVolume39" +#>>>&1 search/180/cs \\Device\\ +#>>>>&-1 pstring x \b, %s +#>>>>>&0 search/29/cs \0\0\xc8\0 +# disk label +#>>>>>>&10 lestring16 x \b, disk label %11.11s +#>>>>>>&9 plestring16 x \b, disk label "%11.11s" +#>>>>>>&10 ubequad x %16.16llx + + +# Gentoo XPAK binary package +# by Michal Gorny +# https://gitweb.gentoo.org/proj/portage.git/tree/man/xpak.5 +-4 string STOP +>-16 string XPAKSTOP Gentoo binary package (XPAK) + +# From: Joerg Jenderek +# URL: https://kodi.wiki/view/TexturePacker +# Reference: https://mirrors.kodi.tv/releases/source/17.3-Krypton.tar.gz +# /xbmc-Krypton/xbmc/guilib/XBTF.h +# /xbmc-Krypton/xbmc/guilib/XBTF.cpp +0 string XBTF +# skip ASCII text by looking for terminating \0 of path +>264 ubyte 0 XBMC texture package +!:mime application/x-xbmc-xbt +!:ext xbt +# XBTF_VERSION 2 +>>4 string !2 \b, version %-.1s +# nofFiles /xbmc-Krypton/xbmc/guilib/XBTFReader.cpp +>>5 ulelong x \b, %u file +# plural s +>>5 ulelong >1 \bs +# path[CXBTFFile[MaximumPathLength=256] +>>9 string x \b, 1st %s + diff --git a/magic/Magdir/assembler b/magic/Magdir/assembler new file mode 100644 index 0000000..efa8e19 --- /dev/null +++ b/magic/Magdir/assembler @@ -0,0 +1,18 @@ +#------------------------------------------------------------------------------ +# $File: assembler,v 1.5 2013/09/17 17:33:36 christos Exp $ +# make: file(1) magic for assembler source +# +0 regex \^[\040\t]{0,50}\\.asciiz assembler source text +!:mime text/x-asm +0 regex \^[\040\t]{0,50}\\.byte assembler source text +!:mime text/x-asm +0 regex \^[\040\t]{0,50}\\.even assembler source text +!:mime text/x-asm +0 regex \^[\040\t]{0,50}\\.globl assembler source text +!:mime text/x-asm +0 regex \^[\040\t]{0,50}\\.text assembler source text +!:mime text/x-asm +0 regex \^[\040\t]{0,50}\\.file assembler source text +!:mime text/x-asm +0 regex \^[\040\t]{0,50}\\.type assembler source text +!:mime text/x-asm diff --git a/magic/Magdir/asterix b/magic/Magdir/asterix new file mode 100644 index 0000000..45e0e09 --- /dev/null +++ b/magic/Magdir/asterix @@ -0,0 +1,18 @@ + +#------------------------------------------------------------------------------ +# $File$ +# asterix: file(1) magic for Aster*x; SunOS 5.5.1 gave the 4-character +# strings as "long" - we assume they're just strings: +# From: guy@netapp.com (Guy Harris) +# +0 string *STA Aster*x +>7 string WORD Words Document +>7 string GRAP Graphic +>7 string SPRE Spreadsheet +>7 string MACR Macro +0 string 2278 Aster*x Version 2 +>29 byte 0x36 Words Document +>29 byte 0x35 Graphic +>29 byte 0x32 Spreadsheet +>29 byte 0x38 Macro + diff --git a/magic/Magdir/att3b b/magic/Magdir/att3b new file mode 100644 index 0000000..b83ae2e --- /dev/null +++ b/magic/Magdir/att3b @@ -0,0 +1,41 @@ + +#------------------------------------------------------------------------------ +# $File: att3b,v 1.10 2017/03/17 21:35:28 christos Exp $ +# att3b: file(1) magic for AT&T 3B machines +# +# The `versions' should be un-commented if they work for you. +# (Was the problem just one of endianness?) +# +# 3B20 +# +# The 3B20 conflicts with SCCS. +#0 beshort 0550 3b20 COFF executable +#>12 belong >0 not stripped +#>22 beshort >0 - version %d +#0 beshort 0551 3b20 COFF executable (TV) +#>12 belong >0 not stripped +#>22 beshort >0 - version %d +# +# WE32K +# +0 beshort 0560 WE32000 COFF +>18 beshort ^00000020 object +>18 beshort &00000020 executable +>12 belong >0 not stripped +>18 beshort ^00010000 N/A on 3b2/300 w/paging +>18 beshort &00020000 32100 required +>18 beshort &00040000 and MAU hardware required +>20 beshort 0407 (impure) +>20 beshort 0410 (pure) +>20 beshort 0413 (demand paged) +>20 beshort 0443 (target shared library) +>22 beshort >0 - version %d +0 beshort 0561 WE32000 COFF executable (TV) +>12 belong >0 not stripped +#>18 beshort &00020000 - 32100 required +#>18 beshort &00040000 and MAU hardware required +#>22 beshort >0 - version %d +# +# core file for 3b2 +0 string \000\004\036\212\200 3b2 core file +>364 string >\0 of '%s' diff --git a/magic/Magdir/audio b/magic/Magdir/audio new file mode 100644 index 0000000..5492635 --- /dev/null +++ b/magic/Magdir/audio @@ -0,0 +1,1113 @@ + +#------------------------------------------------------------------------------ +# $File: audio,v 1.111 2019/05/08 18:02:45 christos Exp $ +# audio: file(1) magic for sound formats (see also "iff") +# +# Jan Nicolai Langfeldt (janl@ifi.uio.no), Dan Quinlan (quinlan@yggdrasil.com), +# and others +# + +# Sun/NeXT audio data +0 string .snd Sun/NeXT audio data: +>12 belong 1 8-bit ISDN mu-law, +!:mime audio/basic +>12 belong 2 8-bit linear PCM [REF-PCM], +!:mime audio/basic +>12 belong 3 16-bit linear PCM, +!:mime audio/basic +>12 belong 4 24-bit linear PCM, +!:mime audio/basic +>12 belong 5 32-bit linear PCM, +!:mime audio/basic +>12 belong 6 32-bit IEEE floating point, +!:mime audio/basic +>12 belong 7 64-bit IEEE floating point, +!:mime audio/basic +>12 belong 8 Fragmented sample data, +>12 belong 10 DSP program, +>12 belong 11 8-bit fixed point, +>12 belong 12 16-bit fixed point, +>12 belong 13 24-bit fixed point, +>12 belong 14 32-bit fixed point, +>12 belong 18 16-bit linear with emphasis, +>12 belong 19 16-bit linear compressed, +>12 belong 20 16-bit linear with emphasis and compression, +>12 belong 21 Music kit DSP commands, +>12 belong 23 8-bit ISDN mu-law compressed (CCITT G.721 ADPCM voice enc.), +!:mime audio/x-adpcm +>12 belong 24 compressed (8-bit CCITT G.722 ADPCM) +>12 belong 25 compressed (3-bit CCITT G.723.3 ADPCM), +>12 belong 26 compressed (5-bit CCITT G.723.5 ADPCM), +>12 belong 27 8-bit A-law (CCITT G.711), +>20 belong 1 mono, +>20 belong 2 stereo, +>20 belong 4 quad, +>16 belong >0 %d Hz + +# DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format +# that uses little-endian encoding and has a different magic number +0 lelong 0x0064732E DEC audio data: +>12 lelong 1 8-bit ISDN mu-law, +!:mime audio/x-dec-basic +>12 lelong 2 8-bit linear PCM [REF-PCM], +!:mime audio/x-dec-basic +>12 lelong 3 16-bit linear PCM, +!:mime audio/x-dec-basic +>12 lelong 4 24-bit linear PCM, +!:mime audio/x-dec-basic +>12 lelong 5 32-bit linear PCM, +!:mime audio/x-dec-basic +>12 lelong 6 32-bit IEEE floating point, +!:mime audio/x-dec-basic +>12 lelong 7 64-bit IEEE floating point, +!:mime audio/x-dec-basic +>12 belong 8 Fragmented sample data, +>12 belong 10 DSP program, +>12 belong 11 8-bit fixed point, +>12 belong 12 16-bit fixed point, +>12 belong 13 24-bit fixed point, +>12 belong 14 32-bit fixed point, +>12 belong 18 16-bit linear with emphasis, +>12 belong 19 16-bit linear compressed, +>12 belong 20 16-bit linear with emphasis and compression, +>12 belong 21 Music kit DSP commands, +>12 lelong 23 8-bit ISDN mu-law compressed (CCITT G.721 ADPCM voice enc.), +!:mime audio/x-dec-basic +>12 belong 24 compressed (8-bit CCITT G.722 ADPCM) +>12 belong 25 compressed (3-bit CCITT G.723.3 ADPCM), +>12 belong 26 compressed (5-bit CCITT G.723.5 ADPCM), +>12 belong 27 8-bit A-law (CCITT G.711), +>20 lelong 1 mono, +>20 lelong 2 stereo, +>20 lelong 4 quad, +>16 lelong >0 %d Hz + +# Creative Labs AUDIO stuff +0 string MThd Standard MIDI data +!:mime audio/midi +>8 beshort x (format %d) +>10 beshort x using %d track +>10 beshort >1 \bs +>12 beshort&0x7fff x at 1/%d +>12 beshort&0x8000 >0 SMPTE + +0 string CTMF Creative Music (CMF) data +!:mime audio/x-unknown +0 string SBI SoundBlaster instrument data +!:mime audio/x-unknown +0 string Creative\ Voice\ File Creative Labs voice data +!:mime audio/x-unknown +# is this next line right? it came this way... +>19 byte 0x1A +>23 byte >0 - version %d +>22 byte >0 \b.%d + +# first entry is also the string "NTRK" +0 belong 0x4e54524b MultiTrack sound data +>4 belong x - version %d + +# Extended MOD format (*.emd) (Greg Roelofs, newt@uchicago.edu); NOT TESTED +# [based on posting 940824 by "Dirk/Elastik", husberg@lehtori.cc.tut.fi] +0 string EMOD Extended MOD sound data, +>4 byte&0xf0 x version %d +>4 byte&0x0f x \b.%d, +>45 byte x %d instruments +>83 byte 0 (module) +>83 byte 1 (song) + +# Real Audio (Magic .ra\0375) +0 belong 0x2e7261fd RealAudio sound file +!:mime audio/x-pn-realaudio +0 string .RMF\0\0\0 RealMedia file +!:mime application/vnd.rn-realmedia +#video/x-pn-realvideo +#video/vnd.rn-realvideo +#application/vnd.rn-realmedia +# sigh, there are many mimes for that but the above are the most common. + +# MTM/669/FAR/S3M/ULT/XM format checking [Aaron Eppert, aeppert@dialin.ind.net] +# Oct 31, 1995 +# fixed by 2003-06-24 +# Too short... +#0 string MTM MultiTracker Module sound file +#0 string if Composer 669 Module sound data +#0 string JN Composer 669 Module sound data (extended format) +0 string MAS_U ULT(imate) Module sound data + +#0 string FAR Module sound data +#>4 string >\15 Title: "%s" + +0x2c string SCRM ScreamTracker III Module sound data +>0 string >\0 Title: "%s" + +# Gravis UltraSound patches +# From + +0 string GF1PATCH110\0ID#000002\0 GUS patch +0 string GF1PATCH100\0ID#000002\0 Old GUS patch + +# mime types according to http://www.geocities.com/nevilo/mod.htm: +# audio/it .it +# audio/x-zipped-it .itz +# audio/xm fasttracker modules +# audio/x-s3m screamtracker modules +# audio/s3m screamtracker modules +# audio/x-zipped-mod mdz +# audio/mod mod +# audio/x-mod All modules (mod, s3m, 669, mtm, med, xm, it, mdz, stm, itz, xmz, s3z) + +# +# Taken from loader code from mikmod version 2.14 +# by Steve McIntyre (stevem@chiark.greenend.org.uk) +# added title printing on 2003-06-24 +0 string MAS_UTrack_V00 +>14 string >/0 ultratracker V1.%.1s module sound data +!:mime audio/x-mod +#audio/x-tracker-module + +0 string UN05 MikMod UNI format module sound data + +0 string Extended\ Module: Fasttracker II module sound data +!:mime audio/x-mod +#audio/x-tracker-module +>17 string >\0 Title: "%s" + +21 string/c =!SCREAM! Screamtracker 2 module sound data +!:mime audio/x-mod +#audio/x-screamtracker-module +21 string BMOD2STM Screamtracker 2 module sound data +!:mime audio/x-mod +#audio/x-screamtracker-module +1080 string M.K. 4-channel Protracker module sound data +!:mime audio/x-mod +#audio/x-protracker-module +>0 string >\0 Title: "%s" +1080 string M!K! 4-channel Protracker module sound data +!:mime audio/x-mod +#audio/x-protracker-module +>0 string >\0 Title: "%s" +1080 string FLT4 4-channel Startracker module sound data +!:mime audio/x-mod +#audio/x-startracker-module +>0 string >\0 Title: "%s" +1080 string FLT8 8-channel Startracker module sound data +!:mime audio/x-mod +#audio/x-startracker-module +>0 string >\0 Title: "%s" +1080 string 4CHN 4-channel Fasttracker module sound data +!:mime audio/x-mod +#audio/x-fasttracker-module +>0 string >\0 Title: "%s" +1080 string 6CHN 6-channel Fasttracker module sound data +!:mime audio/x-mod +#audio/x-fasttracker-module +>0 string >\0 Title: "%s" +1080 string 8CHN 8-channel Fasttracker module sound data +!:mime audio/x-mod +#audio/x-fasttracker-module +>0 string >\0 Title: "%s" +1080 string CD81 8-channel Octalyser module sound data +!:mime audio/x-mod +#audio/x-octalysertracker-module +>0 string >\0 Title: "%s" +1080 string OKTA 8-channel Octalyzer module sound data +!:mime audio/x-mod +#audio/x-octalysertracker-module +>0 string >\0 Title: "%s" +# Not good enough. +#1082 string CH +#>1080 string >/0 %.2s-channel Fasttracker "oktalyzer" module sound data +1080 string 16CN 16-channel Taketracker module sound data +!:mime audio/x-mod +#audio/x-taketracker-module +>0 string >\0 Title: "%s" +1080 string 32CN 32-channel Taketracker module sound data +!:mime audio/x-mod +#audio/x-taketracker-module +>0 string >\0 Title: "%s" + +# TOC sound files -Trevor Johnson +# +0 string TOC TOC sound file + +# sidfiles +# added name,author,(c) and new RSID type by 2003-06-24 +0 string SIDPLAY\ INFOFILE Sidplay info file + +0 string PSID PlaySID v2.2+ (AMIGA) sidtune +>4 beshort >0 w/ header v%d, +>14 beshort =1 single song, +>14 beshort >1 %d songs, +>16 beshort >0 default song: %d +>0x16 string >\0 name: "%s" +>0x36 string >\0 author: "%s" +>0x56 string >\0 copyright: "%s" + +0 string RSID RSID sidtune PlaySID compatible +>4 beshort >0 w/ header v%d, +>14 beshort =1 single song, +>14 beshort >1 %d songs, +>16 beshort >0 default song: %d +>0x16 string >\0 name: "%s" +>0x36 string >\0 author: "%s" +>0x56 string >\0 copyright: "%s" + +# IRCAM sound files - Michael Pruett +# http://www-mmsp.ece.mcgill.ca/documents/AudioFormats/IRCAM/IRCAM.html +0 belong 0x64a30100 IRCAM file (VAX little-endian) +0 belong 0x0001a364 IRCAM file (VAX big-endian) +0 belong 0x64a30200 IRCAM file (Sun big-endian) +0 belong 0x0002a364 IRCAM file (Sun little-endian) +0 belong 0x64a30300 IRCAM file (MIPS little-endian) +0 belong 0x0003a364 IRCAM file (MIPS big-endian) +0 belong 0x64a30400 IRCAM file (NeXT big-endian) +0 belong 0x64a30400 IRCAM file (NeXT big-endian) +0 belong 0x0004a364 IRCAM file (NeXT little-endian) + +# NIST SPHERE +0 string NIST_1A\n\ \ \ 1024\n NIST SPHERE file + +# Sample Vision +0 string SOUND\ SAMPLE\ DATA\ Sample Vision file + +# Audio Visual Research +0 string 2BIT Audio Visual Research file, +>12 beshort =0 mono, +>12 beshort =-1 stereo, +>14 beshort x %d bits +>16 beshort =0 unsigned, +>16 beshort =-1 signed, +>22 belong&0x00ffffff x %d Hz, +>18 beshort =0 no loop, +>18 beshort =-1 loop, +>21 ubyte <128 note %d, +>22 byte =0 replay 5.485 KHz +>22 byte =1 replay 8.084 KHz +>22 byte =2 replay 10.971 KHz +>22 byte =3 replay 16.168 KHz +>22 byte =4 replay 21.942 KHz +>22 byte =5 replay 32.336 KHz +>22 byte =6 replay 43.885 KHz +>22 byte =7 replay 47.261 KHz + +# SGI SoundTrack +0 string _SGI_SoundTrack SGI SoundTrack project file +# ID3 version 2 tags +0 string ID3 Audio file with ID3 version 2 +>3 byte x \b.%d +>4 byte x \b.%d +>>5 byte &0x80 \b, unsynchronized frames +>>5 byte &0x40 \b, extended header +>>5 byte &0x20 \b, experimental +>>5 byte &0x10 \b, footer present +>(6.I+10) indirect x \b, contains: + +# NSF (NES sound file) magic +0 string NESM\x1a NES Sound File +>14 string >\0 ("%s" by +>46 string >\0 %s, copyright +>78 string >\0 %s), +>5 byte x version %d, +>6 byte x %d tracks, +>122 byte&0x2 =1 dual PAL/NTSC +>122 byte&0x1 =1 PAL +>122 byte&0x1 =0 NTSC + +# NSFE (Extended NES sound file) magic +# http://slickproductions.org/docs/NSF/nsfespec.txt +# From: David Pflug +0 string NSFE Extended NES Sound File +>48 search/0x1000 auth +>>&0 string >\0 ("%s" +>>>&1 string >\0 by %s +>>>>&1 string >\0 \b, copyright %s +>>>>>&1 string >\0 \b, ripped by %s +>20 byte x \b), %d tracks, +>18 byte&0x2 =1 dual PAL/NTSC +>18 byte&0x2 =0 +>>18 byte&0x1 =1 PAL +>>18 byte&0x1 =0 NTSC + +# Type: SNES SPC700 sound files +# From: Josh Triplett +0 string SNES-SPC700\ Sound\ File\ Data\ v SNES SPC700 sound file +>&0 string 0.30 \b, version %s +>>0x23 byte 0x1B \b, without ID666 tag +>>0x23 byte 0x1A \b, with ID666 tag +>>>0x2E string >\0 \b, song "%.32s" +>>>0x4E string >\0 \b, game "%.32s" + +# Impulse tracker module (audio/x-it) +0 string IMPM Impulse Tracker module sound data - +!:mime audio/x-mod +>4 string >\0 "%s" +>40 leshort !0 compatible w/ITv%x +>42 leshort !0 created w/ITv%x + +# Imago Orpheus module (audio/x-imf) +60 string IM10 Imago Orpheus module sound data - +>0 string >\0 "%s" + +# From +# These are the /etc/magic entries to decode modules, instruments, and +# samples in Impulse Tracker's native format. + +0 string IMPS Impulse Tracker Sample +>18 byte &2 16 bit +>18 byte ^2 8 bit +>18 byte &4 stereo +>18 byte ^4 mono +0 string IMPI Impulse Tracker Instrument +>28 leshort !0 ITv%x +>30 byte !0 %d samples + +# Yamaha TX Wave: file(1) magic for Yamaha TX Wave audio files +# From +0 string LM8953 Yamaha TX Wave +>22 byte 0x49 looped +>22 byte 0xC9 non-looped +>23 byte 1 33kHz +>23 byte 2 50kHz +>23 byte 3 16kHz + +# scream tracker: file(1) magic for Scream Tracker sample files +# +# From +76 string SCRS Scream Tracker Sample +>0 byte 1 sample +>0 byte 2 adlib melody +>0 byte >2 adlib drum +>31 byte &2 stereo +>31 byte ^2 mono +>31 byte &4 16bit little endian +>31 byte ^4 8bit +>30 byte 0 unpacked +>30 byte 1 packed + +# audio +# From: Cory Dikkers +0 string MMD0 MED music file, version 0 +0 string MMD1 OctaMED Pro music file, version 1 +0 string MMD3 OctaMED Soundstudio music file, version 3 +0 string OctaMEDCmpr OctaMED Soundstudio compressed file +0 string MED MED_Song +0 string SymM Symphonie SymMOD music file +# +# Track Length (TRL), Tracks (TRK), Samples (SMP), Subsongs (SS) +# http://lclevy.free.fr/exotica/ahx/ahxformat.txt +0 string THX AHX version +>3 byte =0 1 module data +>3 byte =1 2 module data +>10 byte x TRL: %u +>11 byte x TRK: %u +>12 byte x SMP: %u +>13 byte x SS: %u +# +0 string OKTASONG Oktalyzer module data +# +0 string DIGI\ Booster\ module\0 %s +>20 byte >0 %c +>>21 byte >0 \b%c +>>>22 byte >0 \b%c +>>>>23 byte >0 \b%c +>610 string >\0 \b, "%s" +# +0 string DBM0 DIGI Booster Pro Module +>4 byte >0 V%X. +>>5 byte x \b%02X +>16 string >\0 \b, "%s" +# +0 string FTMN FaceTheMusic module +>16 string >\0d \b, "%s" + +# From: 2003-06-24 +0 string AMShdr\32 Velvet Studio AMS Module v2.2 +0 string Extreme Extreme Tracker AMS Module v1.3 +0 string DDMF Xtracker DMF Module +>4 byte x v%i +>0xD string >\0 Title: "%s" +>0x2B string >\0 Composer: "%s" +0 string DSM\32 Dynamic Studio Module DSM +0 string SONG DigiTrekker DTM Module +0 string DMDL DigiTrakker MDL Module +0 string PSM\32 Protracker Studio PSM Module +44 string PTMF Poly Tracker PTM Module +>0 string >\32 Title: "%s" +0 string MT20 MadTracker 2.0 Module MT2 +0 string RAD\40by\40REALiTY!! RAD Adlib Tracker Module RAD +0 string RTMM RTM Module +0x426 string MaDoKaN96 XMS Adlib Module +>0 string >\0 Composer: "%s" +0 string AMF AMF Module +>4 string >\0 Title: "%s" +0 string MODINFO1 Open Cubic Player Module Inforation MDZ +0 string Extended\40Instrument: Fast Tracker II Instrument + +# From: Takeshi Hamasaki +# NOA Nancy Codec file +0 string \210NOA\015\012\032 NOA Nancy Codec Movie file +# Yamaha SMAF format +0 string MMMD Yamaha SMAF file +# Sharp Jisaku Melody format for PDC +0 string \001Sharp\040JisakuMelody SHARP Cell-Phone ringing Melody +>20 string Ver01.00 Ver. 1.00 +>>32 byte x , %d tracks + +# Free lossless audio codec +# From: Przemyslaw Augustyniak +0 string fLaC FLAC audio bitstream data +!:mime audio/flac +>4 byte&0x7f >0 \b, unknown version +>4 byte&0x7f 0 \b +# some common bits/sample values +>>20 beshort&0x1f0 0x030 \b, 4 bit +>>20 beshort&0x1f0 0x050 \b, 6 bit +>>20 beshort&0x1f0 0x070 \b, 8 bit +>>20 beshort&0x1f0 0x0b0 \b, 12 bit +>>20 beshort&0x1f0 0x0f0 \b, 16 bit +>>20 beshort&0x1f0 0x170 \b, 24 bit +>>20 byte&0xe 0x0 \b, mono +>>20 byte&0xe 0x2 \b, stereo +>>20 byte&0xe 0x4 \b, 3 channels +>>20 byte&0xe 0x6 \b, 4 channels +>>20 byte&0xe 0x8 \b, 5 channels +>>20 byte&0xe 0xa \b, 6 channels +>>20 byte&0xe 0xc \b, 7 channels +>>20 byte&0xe 0xe \b, 8 channels +# sample rates derived from known oscillator frequencies; +# 24.576 MHz (video/fs=48kHz), 22.5792 (audio/fs=44.1kHz) and +# 16.384 (other/fs=32kHz). +>>17 belong&0xfffff0 0x02b110 \b, 11.025 kHz +>>17 belong&0xfffff0 0x03e800 \b, 16 kHz +>>17 belong&0xfffff0 0x056220 \b, 22.05 kHz +>>17 belong&0xfffff0 0x05dc00 \b, 24 kHz +>>17 belong&0xfffff0 0x07d000 \b, 32 kHz +>>17 belong&0xfffff0 0x0ac440 \b, 44.1 kHz +>>17 belong&0xfffff0 0x0bb800 \b, 48 kHz +>>17 belong&0xfffff0 0x0fa000 \b, 64 kHz +>>17 belong&0xfffff0 0x158880 \b, 88.2 kHz +>>17 belong&0xfffff0 0x177000 \b, 96 kHz +>>17 belong&0xfffff0 0x1f4000 \b, 128 kHz +>>17 belong&0xfffff0 0x2b1100 \b, 176.4 kHz +>>17 belong&0xfffff0 0x2ee000 \b, 192 kHz +>>17 belong&0xfffff0 0x3e8000 \b, 256 kHz +>>17 belong&0xfffff0 0x562200 \b, 352.8 kHz +>>17 belong&0xfffff0 0x5dc000 \b, 384 kHz +>>21 byte&0xf >0 \b, >4G samples +>>21 byte&0xf 0 \b +>>>22 belong >0 \b, %u samples +>>>22 belong 0 \b, length unknown + +# (ISDN) VBOX voice message file (Wolfram Kleff) +0 string VBOX VBOX voice message data + +# ReBorn Song Files (.rbs) +# David J. Singer +8 string RB40 RBS Song file +>29 string ReBorn created by ReBorn +>37 string Propellerhead created by ReBirth + +# Synthesizer Generator and Kimwitu share their file format +0 string A#S#C#S#S#L#V#3 Synthesizer Generator or Kimwitu data +# Kimwitu++ uses a slightly different magic +0 string A#S#C#S#S#L#HUB Kimwitu++ data + +# From "Simon Hosie +0 string TFMX-SONG TFMX module sound data + +# Monkey's Audio compressed audio format (.ape) +# From danny.milo@gmx.net (Danny Milosavljevic) +# New version from Abel Cheung +0 string MAC\040 Monkey's Audio compressed format +!:mime audio/x-ape +>4 uleshort >0x0F8B version %d +>>(0x08.l) uleshort =1000 with fast compression +>>(0x08.l) uleshort =2000 with normal compression +>>(0x08.l) uleshort =3000 with high compression +>>(0x08.l) uleshort =4000 with extra high compression +>>(0x08.l) uleshort =5000 with insane compression +>>(0x08.l+18) uleshort =1 \b, mono +>>(0x08.l+18) uleshort =2 \b, stereo +>>(0x08.l+20) ulelong x \b, sample rate %d +>4 uleshort <0x0F8C version %d +>>6 uleshort =1000 with fast compression +>>6 uleshort =2000 with normal compression +>>6 uleshort =3000 with high compression +>>6 uleshort =4000 with extra high compression +>>6 uleshort =5000 with insane compression +>>10 uleshort =1 \b, mono +>>10 uleshort =2 \b, stereo +>>12 ulelong x \b, sample rate %d + +# adlib sound files +# From: Alex Myczko + +# https://github.com/rerrahkr/BambooTracker +0 string BambooTrackerMod BambooTracker module +>22 byte x \b, version %u +>21 byte x \b.%u +>20 byte x \b.%u + +0 string BambooTrackerIst BambooTracker instrument +>22 byte x \b, version %u +>21 byte x \b.%u +>20 byte x \b.%u + +0 string RAWADATA RdosPlay RAW + +1068 string RoR AMUSIC Adlib Tracker + +0 string JCH EdLib + +0 string mpu401tr MPU-401 Trakker + +0 string SAdT Surprise! Adlib Tracker +>4 byte x Version %d + +0 string XAD! eXotic ADlib + +0 string ofTAZ! eXtra Simple Music + +0 string FMK! FM Kingtracker Song + +0 string DFM DFM Song + +0 string \ CFF Song + +0 string _A2module A2M Song + +# Spectrum 128 tunes (.ay files). +# From: Emanuel Haupt +0 string ZXAYEMUL Spectrum 128 tune + +0 string \0BONK BONK, +#>5 byte x version %d +>14 byte x %d channel(s), +>15 byte =1 lossless, +>15 byte =0 lossy, +>16 byte x mid-side + +384 string LockStream LockStream Embedded file (mostly MP3 on old Nokia phones) + +# format VQF (proprietary codec for sound) +# some infos on the header file available at : +# http://www.twinvq.org/english/technology_format.html +0 string TWIN97012000 VQF data +>27 short 0 \b, Mono +>27 short 1 \b, Stereo +>31 short >0 \b, %d kbit/s +>35 short >0 \b, %d kHz + +# Nelson A. de Oliveira (naoliv@gmail.com) +# .eqf +0 string Winamp\ EQ\ library\ file %s +# it will match only versions like v. +# Since I saw only eqf files with version v1.1 I think that it's OK +>23 string x \b%.4s +# .preset +0 string [Equalizer\ preset] XMMS equalizer preset +# .m3u +0 search/1 #EXTM3U M3U playlist text +# .pls +0 search/1 [playlist] PLS playlist text +# licq.conf +1 string [licq] LICQ configuration file + +# Atari ST audio files by Dirk Jagdmann +0 string ICE! SNDH Atari ST music +0 string SC68\ Music-file\ /\ (c)\ (BeN)jami sc68 Atari ST music + +# musepak support From: "Jiri Pejchal" +0 string MP+ Musepack audio (MP+) +!:mime audio/x-musepack +>3 byte 255 \b, SV pre8 +>3 byte&0xF 0x6 \b, SV 6 +>3 byte&0xF 0x8 \b, SV 8 +>3 byte&0xF 0x7 \b, SV 7 +>>3 byte&0xF0 0x0 \b.0 +>>3 byte&0xF0 0x10 \b.1 +>>3 byte&0xF0 240 \b.15 +>>10 byte&0xF0 0x0 \b, no profile +>>10 byte&0xF0 0x10 \b, profile 'Unstable/Experimental' +>>10 byte&0xF0 0x50 \b, quality 0 +>>10 byte&0xF0 0x60 \b, quality 1 +>>10 byte&0xF0 0x70 \b, quality 2 (Telephone) +>>10 byte&0xF0 0x80 \b, quality 3 (Thumb) +>>10 byte&0xF0 0x90 \b, quality 4 (Radio) +>>10 byte&0xF0 0xA0 \b, quality 5 (Standard) +>>10 byte&0xF0 0xB0 \b, quality 6 (Xtreme) +>>10 byte&0xF0 0xC0 \b, quality 7 (Insane) +>>10 byte&0xF0 0xD0 \b, quality 8 (BrainDead) +>>10 byte&0xF0 0xE0 \b, quality 9 +>>10 byte&0xF0 0xF0 \b, quality 10 +>>27 byte 0x0 \b, Buschmann 1.7.0-9, Klemm 0.90-1.05 +>>27 byte 102 \b, Beta 1.02 +>>27 byte 104 \b, Beta 1.04 +>>27 byte 105 \b, Alpha 1.05 +>>27 byte 106 \b, Beta 1.06 +>>27 byte 110 \b, Release 1.1 +>>27 byte 111 \b, Alpha 1.11 +>>27 byte 112 \b, Beta 1.12 +>>27 byte 113 \b, Alpha 1.13 +>>27 byte 114 \b, Beta 1.14 +>>27 byte 115 \b, Alpha 1.15 + +0 string MPCK Musepack audio (MPCK) +!:mime audio/x-musepack + +# IMY +# from http://filext.com/detaillist.php?extdetail=IMY +# https://cellphones.about.com/od/cellularfaqs/f/rf_imelody.htm +# http://download.ncl.ie/doc/api/ie/ncl/media/music/IMelody.html +# http://www.wx800.com/msg/download/irda/iMelody.pdf +0 string BEGIN:IMELODY iMelody Ringtone Format + +# From: "Mateus Caruccio" +# guitar pro v3,4,5 from http://filext.com/file-extension/gp3 +0 string \030FICHIER\ GUITAR\ PRO\ v3. Guitar Pro Ver. 3 Tablature + +# From: "Leslie P. Polzer" +60 string SONG SoundFX Module sound file + +# Type: Adaptive Multi-Rate Codec +# URL: http://filext.com/detaillist.php?extdetail=AMR +# From: Russell Coker +0 string #!AMR Adaptive Multi-Rate Codec (GSM telephony) +!:mime audio/amr +!:ext amr + +# Type: SuperCollider 3 Synth Definition File Format +# From: Mario Lang +0 string SCgf SuperCollider3 Synth Definition file, +>4 belong x version %d + +# Type: True Audio Lossless Audio +# URL: https://wiki.multimedia.cx/index.php?title=True_Audio +# From: Mike Melanson +0 string TTA1 True Audio Lossless Audio + +# Type: WavPack Lossless Audio +# URL: https://wiki.multimedia.cx/index.php?title=WavPack +# From: Mike Melanson +0 string wvpk WavPack Lossless Audio + +# From Fabio R. Schmidlin +# VGM music file +0 string Vgm\040 +>9 ubyte >0 VGM Video Game Music dump v +!:mime audio/x-vgm +!:ext vgm +>>9 ubyte/16 >0 \b%d +>>9 ubyte&0x0F x \b%d +>>8 ubyte/16 x \b.%d +>>8 ubyte&0x0F >0 \b%d +#Get soundchips +>>8 ubyte x \b, soundchip(s)= +>>0x0C ulelong >0 SN76489, +>>0x10 ulelong >0 YM2413, +>>0x2C ulelong >0 YM2612, +>>0x30 ulelong >0 YM2151, +>>0x38 ulelong >0 Sega PCM, +>>0x34 ulelong >0xC +>>>0x40 ulelong >0 RF5C68, +>>0x34 ulelong >0x10 +>>>0x44 ulelong >0 YM2203, +>>0x34 ulelong >0x14 +>>>0x48 ulelong >0 YM2608, +>>0x34 ulelong >0x18 +>>>0x4C lelong >0 YM2610, +>>>0x4C lelong <0 YM2610B, +>>0x34 ulelong >0x1C +>>>0x50 ulelong >0 YM3812, +>>0x34 ulelong >0x20 +>>>0x54 ulelong >0 YM3526, +>>0x34 ulelong >0x24 +>>>0x58 ulelong >0 Y8950, +>>0x34 ulelong >0x28 +>>>0x5C ulelong >0 YMF262, +>>0x34 ulelong >0x2C +>>>0x60 ulelong >0 YMF278B, +>>0x34 ulelong >0x30 +>>>0x64 ulelong >0 YMF271, +>>0x34 ulelong >0x34 +>>>0x68 ulelong >0 YMZ280B, +>>0x34 ulelong >0x38 +>>>0x6C ulelong >0 RF5C164, +>>0x34 ulelong >0x3C +>>>0x70 ulelong >0 PWM, +>>0x34 ulelong >0x40 +>>>0x74 ulelong >0 +>>>>0x78 ubyte 0x00 AY-3-8910, +>>>>0x78 ubyte 0x01 AY-3-8912, +>>>>0x78 ubyte 0x02 AY-3-8913, +>>>>0x78 ubyte 0x03 AY-3-8930, +>>>>0x78 ubyte 0x10 YM2149, +>>>>0x78 ubyte 0x11 YM3439, +# VGM 1.61 +>>0x34 ulelong >0x4C +>>>0x80 ulelong >0 DMG, +>>0x34 ulelong >0x50 +>>>0x84 lelong >0 NES APU, +>>>0x84 lelong <0 NES APU with FDS, +>>0x34 ulelong >0x54 +>>>0x88 ulelong >0 MultiPCM, +>>0x34 ulelong >0x58 +>>>0x8C ulelong >0 uPD7759, +>>0x34 ulelong >0x5C +>>>0x90 ulelong >0 OKIM6258, +>>0x34 ulelong >0x64 +>>>0x98 ulelong >0 OKIM6295, +>>0x34 ulelong >0x68 +>>>0x9C ulelong >0 K051649, +>>0x34 ulelong >0x6C +>>>0xA0 ulelong >0 K054539, +>>0x34 ulelong >0x70 +>>>0xA4 ulelong >0 HuC6280, +>>0x34 ulelong >0x74 +>>>0xA8 ulelong >0 C140, +>>0x34 ulelong >0x78 +>>>0xAC ulelong >0 K053260, +>>0x34 ulelong >0x7C +>>>0xB0 ulelong >0 Pokey, +>>0x34 ulelong >0x80 +>>>0xB4 ulelong >0 QSound, +# VGM 1.71 +>>0x34 ulelong >0x84 +>>>0xB8 ulelong >0 SCSP, +>>0x34 ulelong >0x8C +>>>0xC0 ulelong >0 WonderSwan, +>>0x34 ulelong >0x90 +>>>0xC4 ulelong >0 VSU, +>>0x34 ulelong >0x94 +>>>0xC8 ulelong >0 SAA1099, +>>0x34 ulelong >0x98 +>>>0xCC ulelong >0 ES5503, +>>0x34 ulelong >0x9C +>>>0xD0 lelong >0 ES5505, +>>>0xD0 lelong <0 ES5506, +>>0x34 ulelong >0xA4 +>>>0xD8 ulelong >0 X1-010, +>>0x34 ulelong >0xA8 +>>>0xDC ulelong >0 C352, +>>0x34 ulelong >0xAC +>>>0xE0 ulelong >0 GA20, + +# GVOX Encore file format +# Since this is a proprietary file format and there is no publicly available +# format specification, this is just based on induction +# +0 string SCOW +>4 byte 0xc4 GVOX Encore music, version 5.0 or above +>4 byte 0xc2 GVOX Encore music, version < 5.0 + +0 string ZBOT +>4 byte 0xc5 GVOX Encore music, version < 5.0 + +# Summary: Garmin Voice Processing Module (WAVE audios) +# From: Joerg Jenderek +# URL: https://www.garmin.com/ +# Reference: http://www.poi-factory.com/node/19580 +# NOTE: there exist 2 other Garmin VPM formats +0 string AUDIMG +# skip text files starting with string "AUDIMG" +>13 ubyte <13 Garmin Voice Processing Module +!:mime audio/x-vpm-wav-garmin +!:ext vpm +# 3 bytes indicating the voice version (200,220) +>>6 string x \b, version %3.3s +# day of release (01-31) +>>12 ubyte x \b, %.2d +# month of release (01-12) +>>13 ubyte x \b.%.2d +# year of release (like 2006, 2007, 2008) +>>14 uleshort x \b.%.4d +# hour of release (0-23) +>>11 ubyte x %.2d +# minute of release (0-59) +>>10 ubyte x \b:%.2d +# second of release (0-59) +>>9 ubyte x \b:%.2d +# if you select a language like german on your garmin device +# you can only select voice modules with corresponding language byte ID like 1 +>>18 ubyte x \b, language ID %d +# structure for phrases/sentences? +# number of voice sample in the 1st phrase? +#>>19 uleshort x \b, 0x%x samples +#>>>21 uleshort >0 \b, at 0x%4.4x +#>>>(21.s) ubequad x 0x%llx +# 2nd phrase? +#>>23 uleshort x \b, 0x%x samples +#>>>25 uleshort >0 \b, at 0x%4.4x +#>>>(25.s) ubequad x 0x%llx +# pointer to 1st audio WAV sample +>>16 uleshort >0 +>>>(16.s) ulelong >0 \b, at 0x%x +# WAV length +# 1 space char after "bytes" to get phrase "bytes RIFF" +>>>>(16.s+4) ulelong >0 %u bytes +# look for magic +>>>>>(&-8.l) string RIFF +# determine type by ./riff +>>>>>>&-4 indirect x +# 2 - ~ 131 WAV samples following same way +# +# Summary: encrypted Garmin Voice Processing Module +# From: Joerg Jenderek +# URL: https://www.garmin.com/us/products/ontheroad/voicestudio +# NOTE: Encrypted variant used in voices like DrNightmare, Elfred, Yeti. +# There exist 2 other Garmin VPM formats +0 ubequad 0xa141190fecc8ced6 Garmin Voice Processing Module (encrypted) +!:mime audio/x-vpm-garmin +!:ext vpm + +# From Martin Mueller Skarbiniks Pedersen +0 string GDM +>0x3 byte 0xFE General Digital Music. +>0x4 string >\0 title: "%s" +>0x24 string >\0 musician: "%s" +>>0x44 beshort 0x0D0A +>>>0x46 byte 0x1A +>>>>0x47 string GMFS Version +>>>>0x4B byte x %d. +>>>>0x4C byte x \b%02d +>>>>0x4D beshort 0x000 (2GDM v +>>>>0x4F byte x \b%d. +>>>>>0x50 byte x \b%d) + +0 string MTM Multitracker +>0x3 byte/16 x Version %d. +>0x3 byte&0x0F x \b%02d +>>0x4 string >\0 title: "%s" + +0 string HVL +>3 byte <2 Hively Tracker Song +>3 byte 0 1 module data +>3 byte 1 2 module data + +0 string MO3 +>3 ubyte <6 MOdule with MP3 +>>3 byte 0 Version 0 (With MP3 and lossless) +>>3 byte 1 Version 1 (With ogg and lossless) +>>3 byte 3 Version 2.2 +>>3 byte 4 (With no LAME header) +>>3 byte 5 Version 2.4 + +0 string ADRVPACK AProSys module + +# ftp://ftp.modland.com/pub/documents/format_documentation/\ +# Art%20Of%20Noise%20(.aon).txt +0 string AON +>4 string "ArtOfNoise by Bastian Spiegel(twice/lego)" +>0x2e string NAME Art of Noise Tracker Song +>3 string <9 +>3 string 4 (4 voices) +>3 string 8 (8 voices) +>>0x36 string >\0 Title: "%s" + +0 string FAR +>0x2c byte 0x0d +>0x2d byte 0x0a +>0x2e byte 0x1a +>>0x3 byte 0xFE Farandole Tracker Song +>>>0x31 byte/16 x Version %d. +>>>0x31 byte&0x0F x \b%02d +>>>>0x4 string >\0 \b, title: "%s" + +# magic for Klystrack, https://kometbomb.github.io/klystrack/ +# from Alex Myczko +0 string cyd!song Klystrack song +>8 byte >0 \b, version %u +>8 byte >26 +#>>9 byte x \b, channels %u +#>>10 leshort x \b, time signature %u +#>>12 leshort x \b, sequence step %u +#>>14 byte x \b, instruments %u +#>>15 leshort x \b, patterns %u +#>>17 leshort x \b, sequences %u +#>>19 leshort x \b, length %u +#>>21 leshort x \b, loop point %u +#>>23 byte x \b, master volume %u +#>>24 byte x \b, song speed %u +#>>25 byte x \b, song speed2 %u +#>>26 byte x \b, song rate %u +#>>27 belong x \b, flags %#x +#>>31 byte x \b, multiplex period %u +#>>32 byte x \b, pitch inaccuracy %u +>>149 pstring x \b, title %s + +0 string cyd!inst Klystrack instrument + +# magic for WOPL instrument files, https://github.com/Wohlstand/OPL3BankEditor +# see Specifications/WOPL-and-OPLI-Specification.txt + +0 string WOPL3-INST\0 WOPL instrument +>11 leshort x \b, version %u +0 string WOPL3-BANK\0 WOPL instrument bank +>11 leshort x \b, version %u + +# AdLib/OPL instrument files. Format specifications on +# http://www.shikadi.net/moddingwiki +0 string Junglevision\ Patch\ File Junglevision instrument data +0 string #OPL_II# DMX OP2 instrument data +0 string IBK\x1a IBK instrument data +0 string 2OP\x1a IBK instrument data, 2 operators +0 string 4OP\x1a IBK instrument data, 4 operators +2 string ADLIB- AdLib instrument data +>0 byte x \b, version %u +>1 byte x \b.%u + +# CRI ADX ADPCM audio +# Used by various Sega games. +# https://en.wikipedia.org/wiki/ADX_(file_format) +# https://wiki.multimedia.cx/index.php/CRI_ADX_file +# Added by David Korth +0x00 beshort 0x8000 +>(2.S-2) string (c)CRI CRI ADX ADPCM audio +!:ext adx +!:mime audio/x-adx +!:strength +50 +>>0x12 byte x v%u +>>0x04 byte 0x02 \b, pre-set prediction coefficients +>>0x04 byte 0x03 \b, standard ADX +>>0x04 byte 0x04 \b, exponential scale +>>0x04 byte 0x10 \b, AHX (Dreamcast) +>>0x04 byte 0x11 \b, AHX +>>0x08 belong x \b, %u Hz +>>0x12 byte 0x03 +>>>0x02 beshort >0x2B +>>>>0x18 belong !0 \b, looping +>>0x12 byte 0x04 +>>>0x02 beshort >0x37 +>>>>0x24 belong !0 \b, looping +>>0x13 byte&0x08 0x08 \b, encrypted + +# Lossless audio (.la) (http://www.lossless-audio.com/) +0 string LA +>2 string 03 Lossless audio version 0.3 +>2 string 04 Lossless audio version 0.4 + +# Sony PlayStation Audio (.xa) +0 leshort 0x4158 Sony PlayStation Audio + +# Portable Sound Format +# Used for audio rips for various consoles. +# http://fileformats.archiveteam.org/wiki/Portable_Sound_Format +# Added by David Korth +0 string PSF Portable Sound Format +!:mime audio/x-psf +>3 byte 0x01 (Sony PlayStation) +>3 byte 0x02 (Sony PlayStation 2) +>3 byte 0x11 (Sega Saturn) +>3 byte 0x12 (Sega Dreamcast) +>3 byte 0x13 (Sega Mega Drive) +>3 byte 0x21 (Nintendo 64) +>3 byte 0x22 (Game Boy Advance) +>3 byte 0x23 (Super NES) +>3 byte 0x41 (Capcom QSound) + +# Atari 8-bit SAP audio format +# http://asap.sourceforge.net/sap-format.html +# Added by David Korth +0 string SAP\r\n Atari 8-bit SAP audio file +!:mime audio/x-sap +!:ext sap +>5 search/1024 NAME +>>&1 string x \b: %s +>>5 search/1024 AUTHOR +>>>&1 string x by %s + +# Nintendo Wii BRSTM audio format (fields) +# NOTE: Assuming HEAD starts at 0x40. +# FIXME: Replace 0x48 with HEAD offset plus 8. +0 name nintendo-wii-brstm-fields +>(0x10.L) string HEAD \b: +>>(0x10.L+0x0C) belong x +>>>(&-4.L+0x48) belong x +>>>>&-4 byte 0 PCM, signed 8-bit, +>>>>&-4 byte 1 PCM, signed 16-bit, +>>>>&-4 byte 2 THP ADPCM, +>>>>&-3 byte !0 looping, +>>>>&-2 byte 1 mono +>>>>&-2 byte 2 stereo +>>>>&-2 byte 3 3 channels +>>>>&-2 byte 4 quad +>>>>&-2 byte >4 %u channels +>>>>&0 beshort !0 %u Hz + +# Nintendo Wii BRSTM audio format +# https://wiibrew.org/wiki/BRSTM_file +# Added by David Korth +0 string RSTM Nintendo Wii BRSTM audio file +!:mime audio/x-brstm +!:ext brstm +# Wii is big-endian, so default to BE. +>4 beshort 0xFEFF +>>0 use nintendo-wii-brstm-fields +>4 leshort 0xFEFF +>>0 use \^nintendo-wii-brstm-fields + +# Nintendo 3DS BCSTM audio format (fields) +0 name nintendo-3ds-bcstm-fields +>(0x18.l) string INFO \b: +# INFO block: Stream information starts at 0x20 (minus 4 for the 'INFO' magic) +>>&0x1C byte 0 PCM, signed 8-bit, +>>&0x1C byte 1 PCM, signed 16-bit, +>>&0x1C byte 2 DSP ADPCM, +>>&0x1C byte 3 IMA ADPCM, +>>&0x1D byte !0 looping, +>>&0x1E byte 1 mono +>>&0x1E byte 2 stereo +>>&0x1E byte 3 3 channels +>>&0x1E byte 4 quad +>>&0x1E byte >4 %u channels +>>&0x20 lelong !0 %u Hz + +# Nintendo 3DS BCSTM audio format +# https://www.3dbrew.org/wiki/BCSTM +# Added by David Korth +0 string CSTM Nintendo 3DS BCSTM audio file +!:mime audio/x-bcstm +!:ext bcstm +# 3DS is little-endian, so default to LE. +>4 leshort 0xFEFF +>>0 use nintendo-3ds-bcstm-fields +>4 beshort 0xFEFF +>>0 use \^nintendo-3ds-bcstm-fields + +# Nintendo Wii U BFSTM audio format +# http://mk8.tockdom.com/wiki/BFSTM_(File_Format) +# NOTE: This format is very similar to BCSTM. +# Added by David Korth +0 string FSTM Nintendo Wii U BFSTM audio file +!:mime audio/x-bfstm +!:ext bfstm +# BFSTM is used on both Wii U (BE) and Switch (LE), +# so default to LE. +>4 leshort 0xFEFF +>>0 use nintendo-3ds-bcstm-fields +>4 beshort 0xFEFF +>>0 use \^nintendo-3ds-bcstm-fields + +# Nintendo 3DS BCSTM audio format (fields) +0 name nintendo-3ds-bcwav-fields +>(0x18.l) string INFO \b: +# INFO block (minus 4 for INFO magic) +>>&0x4 byte 0 PCM, signed 8-bit, +>>&0x4 byte 1 PCM, signed 16-bit, +>>&0x4 byte 2 DSP ADPCM, +>>&0x4 byte 3 IMA ADPCM, +>>&0x5 byte !0 looping, +>>&0x8 lelong x stereo +>>&0x8 lelong !0 %u Hz + +# Nintendo 3DS BCWAV audio format +# https://www.3dbrew.org/wiki/BCWAV +# Added by David Korth +0 string CWAV Nintendo 3DS BCWAV audio file +!:mime audio/x-bcwav +!:ext bcwav +# 3DS is little-endian, so default to LE. +>4 leshort 0xFEFF +>>0 use nintendo-3ds-bcwav-fields +>4 beshort 0xFEFF +>>0 use \^nintendo-3ds-bcwav-fields diff --git a/magic/Magdir/basis b/magic/Magdir/basis new file mode 100644 index 0000000..19dd463 --- /dev/null +++ b/magic/Magdir/basis @@ -0,0 +1,18 @@ + +#---------------------------------------------------------------- +# $File: basis,v 1.5 2019/04/19 00:42:27 christos Exp $ +# basis: file(1) magic for BBx/Pro5-files +# Oliver Dammer 2005/11/07 +# https://www.basis.com business-basic-files. +# +0 string \074\074bbx\076\076 BBx +>7 string \000 indexed file +>7 string \001 serial file +>7 string \002 keyed file +>>13 short 0 (sort) +>7 string \004 program +>>18 byte x (LEVEL %d) +>>>23 string >\000 psaved +>7 string \006 mkeyed file +>>13 short 0 (sort) +>>8 string \000 (mkey) diff --git a/magic/Magdir/beetle b/magic/Magdir/beetle new file mode 100644 index 0000000..94a835c --- /dev/null +++ b/magic/Magdir/beetle @@ -0,0 +1,7 @@ +#------------------------------------------------------------------------------ +# $File: beetle,v 1.2 2018/02/05 23:42:17 rrt Exp $ +# beetle: file(1) magic for Beetle VM object files +# https://github.com/rrthomas/beetle/ + +# Beetle object module +0 string BEETLE\000 Beetle VM object file diff --git a/magic/Magdir/ber b/magic/Magdir/ber new file mode 100644 index 0000000..15288c6 --- /dev/null +++ b/magic/Magdir/ber @@ -0,0 +1,65 @@ + +#------------------------------------------------------------------------------ +# $File: ber,v 1.2 2019/04/19 00:42:27 christos Exp $ +# ber: file(1) magic for several BER formats used in the mobile +# telecommunications industry (Georg Sauthoff) + +# The file formats are standardized by the GSMA (GSM association). +# They are specified via ASN.1 schemas and some prose. Basic encoding +# rules (BER) is the used encoding. The formats are used for exchanging +# call data records (CDRs) between mobile operators and associated +# parties for roaming clearing purposes and fraud detection. + +# The magic file covers: + +# - TAP files (TD.57) - CDR batches and notifications +# - RAP files (TD.32) - return batches and acknowledgements +# - NRT files (TD.35) - CDR batches for 'near real time' processing + +# +# TAP 3 Files +# TAP -> Transferred Account Procedure +# cf. https://www.gsma.com/newsroom/wp-content/uploads/TD.57-v32.31.pdf +# TransferBatch short tag +0 byte 0x61 +# BatchControlInfo short tag +>&1 search/b5 \x64 +# Sender long tag #TAP 3.x (BER encoded) +>>&1 search/b8 \x5f\x81\x44 +# 3 block +>>>&64 search/b64 \x5f\x81\x49\x01\x03\x5f\x81\x3d\x01 +>>>>&0 byte x TAP 3.%d Batch (TD.57, Transferred Account) + +# Notification short tag +0 byte 0x62 +# Sender long tag +>2 search/b8 \x5f\x81\x44 +# 3 block +>>&64 search/b64 \x5f\x81\x49\x01\x03\x5f\x81\x3d\x01 +>>>&0 byte x TAP 3.%d Notification (TD.57, Transferred Account) + + +# NRT Files +# NRT a.k.a. NRTRDE +0 byte 0x61 +# 2 block +>&1 search/b8 \x5f\x29\x01\x02\x5f\x25\x01 +>>&0 byte x NRT 2.%d (TD.35, Near Real Time Roaming Data Exchange) + +# RAP Files +# cf. https://www.gsma.com/newsroom/wp-content/uploads/TD.32-v6.11.pdf +# Long ReturnBatch tag +0 string \x7f\x84\x16 +# Long RapBatchControlInfo tag +>&1 search/b8 \x7f\x84\x19 +# 3 block +>>&64 search/b64 \x5f\x81\x49\x01\x03\x5f\x81\x3d\x01 +# 1 block +>>>&1 string/b \x5f\x84\x20\x01\x01\x5f\x84\x1f\x01 +>>>>&0 byte x RAP 1.%d Batch (TD.32, Returned Account Procedure), +>>>&0 byte x TAP 3.%d + +# Long Acknowledgement tag +0 string \x7f\x84\x17 +# Long Sender tag +>&1 search/b5 \x5f\x81\x44 RAP Acknowledgement (TD.32, Returned Account Procedure) diff --git a/magic/Magdir/bflt b/magic/Magdir/bflt new file mode 100644 index 0000000..07cc0a7 --- /dev/null +++ b/magic/Magdir/bflt @@ -0,0 +1,14 @@ + +#------------------------------------------------------------------------------ +# $File: bflt,v 1.4 2009/09/19 16:28:08 christos Exp $ +# bFLT: file(1) magic for BFLT uclinux binary files +# +# From Philippe De Muyter +# +0 string bFLT BFLT executable +>4 belong x - version %d +>4 belong 4 +>>36 belong&0x1 0x1 ram +>>36 belong&0x2 0x2 gotpic +>>36 belong&0x4 0x4 gzip +>>36 belong&0x8 0x8 gzdata diff --git a/magic/Magdir/bhl b/magic/Magdir/bhl new file mode 100644 index 0000000..6f57f03 --- /dev/null +++ b/magic/Magdir/bhl @@ -0,0 +1,10 @@ + +#------------------------------------------------------------------------------ +# $File: bhl,v 1.1 2017/06/11 22:20:02 christos Exp $ +# BlockHashLoc +# ext: bhl +# Marco Pontello marcopon@gmail.com +# reference: https://github.com/MarcoPon/BlockHashLoc +0 string BlockHashLoc\x1a BlockHashLoc recovery info, +>13 byte x version %d +!:ext bhl diff --git a/magic/Magdir/bioinformatics b/magic/Magdir/bioinformatics new file mode 100644 index 0000000..2966fa6 --- /dev/null +++ b/magic/Magdir/bioinformatics @@ -0,0 +1,178 @@ + +#------------------------------------------------------------------------------ +# $File: bioinformatics,v 1.5 2019/04/19 00:42:27 christos Exp $ +# bioinfomatics: file(1) magic for Bioinfomatics file formats + +############################################################################### +# BGZF (Blocked GNU Zip Format) - gzip compatible, but also indexable +# used by SAMtools bgzip/tabix (http://samtools.sourceforge.net/tabix.shtml) +############################################################################### +0 string \037\213 +>3 byte &0x04 +>>12 string BC +>>>14 leshort &0x02 Blocked GNU Zip Format (BGZF; gzip compatible) +>>>>16 leshort x \b, block length %d +!:mime application/x-gzip + + +############################################################################### +# Tabix index file +# used by SAMtools bgzip/tabix (http://samtools.sourceforge.net/tabix.shtml) +############################################################################### +0 string TBI\1 SAMtools TBI (Tabix index format) +>0x04 lelong =1 \b, with %d reference sequence +>0x04 lelong >1 \b, with %d reference sequences +>0x08 lelong &0x10000 \b, using half-closed-half-open coordinates (BED style) +>0x08 lelong ^0x10000 +>>0x08 lelong =0 \b, using closed and one based coordinates (GFF style) +>>0x08 lelong =1 \b, using SAM format +>>0x08 lelong =2 \b, using VCF format +>0x0c lelong x \b, sequence name column: %d +>0x10 lelong x \b, region start column: %d +>0x08 lelong =0 +>>0x14 lelong x \b, region end column: %d +>0x18 byte x \b, comment character: %c +>0x1c lelong x \b, skip line count: %d + + +############################################################################### +# BAM (Binary Sequence Alignment/Map format) +# used by SAMtools (http://samtools.sourceforge.net/SAM1.pdf) +# data is normally present only within compressed BGZF blocks (CDATA), so use file -z to examine it +############################################################################### +0 string BAM\1 SAMtools BAM (Binary Sequence Alignment/Map) +>0x04 lelong >0 +>>&0x00 regex =^[@]HD\t.*VN: \b, with SAM header +>>>&0 regex =[0-9.]+ \b version %s +>>&(0x04) lelong >0 \b, with %d reference sequences + + +############################################################################### +# BAI (BAM indexing format) +# used by SAMtools (http://samtools.sourceforge.net/SAM1.pdf) +############################################################################### +0 string BAI\1 SAMtools BAI (BAM indexing format) +>0x04 lelong >0 \b, with %d reference sequences + + +############################################################################### +# CRAM (Binary Sequence Alignment/Map format) +############################################################################### +0 string CRAM CRAM +>0x04 byte >-1 version %d. +>0x05 byte >-1 \b%d +>0x06 string >\0 (identified as %s) + + +############################################################################### +# BCF (Binary Call Format), version 1 +# used by SAMtools & VCFtools (http://vcftools.sourceforge.net/bcf.pdf) +# data is normally present only within compressed BGZF blocks (CDATA), so use file -z to examine it +############################################################################### +0 string BCF\4 +# length of seqnm data in bytes is positive +>&0x00 lelong >0 +# length of smpl data in bytes is positive +>>&(&-0x04) lelong >0 SAMtools BCF (Binary Call Format) +# length of meta in bytes +>>>&(&-0x04) lelong >0 +# have meta text string +>>>>&0x00 search ##samtoolsVersion= +>>>>>&0x00 string x \b, generated by SAMtools version %s + + +############################################################################### +# BCF (Binary Call Format), version 2.1 +# used by SAMtools (https://samtools.github.io/hts-specs/BCFv2_qref.pdf) +# data is normally present only within compressed BGZF blocks (CDATA), so use file -z to examine it +############################################################################### +0 string BCF\2\1 Binary Call Format (BCF) version 2.1 +# length of header text +>&0x00 lelong >0 +# have header string +>>&0x00 search ##samtoolsVersion= +>>>&0x00 string x \b, generated by SAMtools version %s + + +############################################################################### +# BCF (Binary Call Format), version 2.2 +# used by SAMtools (https://samtools.github.io/hts-specs/BCFv2_qref.pdf) +# data is normally present only within compressed BGZF blocks (CDATA), so use file -z to examine it +############################################################################### +0 string BCF\2\2 Binary Call Format (BCF) version 2.2 +# length of header text +>&0x00 lelong >0 +# have header string +>>&0x00 search ##samtoolsVersion= +>>>&0x00 string x \b, generated by SAMtools version %s + +############################################################################### +# VCF (Variant Call Format) +# used by VCFtools (http://vcftools.sourceforge.net/) +############################################################################### +0 search ##fileformat=VCFv Variant Call Format (VCF) +>&0 string x \b version %s + +############################################################################### +# FASTQ +# used by MAQ (http://maq.sourceforge.net/fastq.shtml) +############################################################################### +# XXX Broken? +# @ +#0 regex =^@[A-Za-z0-9_.:-]+\?\n +# +#>&1 regex =^[A-Za-z\n.~]++ +# +[] +#>>&1 regex =^[A-Za-z0-9_.:-]*\?\n +# +#>>>&1 regex =^[!-~\n]+\n FASTQ + +############################################################################### +# FASTA +# used by FASTA (https://fasta.bioch.virginia.edu/fasta_www2/fasta_guide.pdf) +############################################################################### +#0 byte 0x3e +# q>0 regex =^[>][!-~\t\ ]+$ +# Amino Acid codes: [A-IK-Z*-]+ +#>>1 regex !=[!-'Jj;:=?@^`|~\\] FASTA +# IUPAC codes/gaps: [ACGTURYKMSWBDHVNX-]+ +# not in IUPAC codes/gaps: [EFIJLOPQZ] +#>>>1 regex !=[EFIJLOPQZefijlopqz] \b, with IUPAC nucleotide codes +#>>>1 regex =^[EFIJLOPQZefijlopqz]+$ \b, with Amino Acid codes + +############################################################################### +# SAM (Sequence Alignment/Map format) +# used by SAMtools (http://samtools.sourceforge.net/SAM1.pdf) +############################################################################### +# Short-cut version to recognise SAM files with (optional) header at beginning +############################################################################### +0 string @HD\t +>4 search VN: Sequence Alignment/Map (SAM), with header +>>&0 regex [0-9.]+ \b version %s +############################################################################### +# Longer version to recognise SAM alignment lines using (many) regexes +############################################################################### +# SAM Alignment QNAME +0 regex =^[!-?A-~]{1,255}(\t[^\t]+){11} +# SAM Alignment FLAG +>0 regex =^([^\t]+\t){1}[0-9]{1,5}\t +# SAM Alignment RNAME +>>0 regex =^([^\t]+\t){2}\\*|[^*=]*\t +# SAM Alignment POS +>>>0 regex =^([^\t]+\t){3}[0-9]{1,9}\t +# SAM Alignment MAPQ +>>>>0 regex =^([^\t]+\t){4}[0-9]{1,3}\t +# SAM Alignment CIGAR +>>>>>0 regex =\t(\\*|([0-9]+[MIDNSHPX=])+)\t +# SAM Alignment RNEXT +>>>>>>0 regex =\t(\\*|=|[!-()+->?-~][!-~]*)\t +# SAM Alignment PNEXT +>>>>>>>0 regex =^([^\t]+\t){7}[0-9]{1,9}\t +# SAM Alignment TLEN +>>>>>>>>0 regex =\t[+-]{0,1}[0-9]{1,9}\t.*\t +# SAM Alignment SEQ +>>>>>>>>>0 regex =^([^\t]+\t){9}(\\*|[A-Za-z=.]+)\t +# SAM Alignment QUAL +>>>>>>>>>>0 regex =^([^\t]+\t){10}[!-~]+ Sequence Alignment/Map (SAM) +>>>>>>>>>>>0 regex =^[@]HD\t.*VN: \b, with header +>>>>>>>>>>>>&0 regex =[0-9.]+ \b version %s diff --git a/magic/Magdir/biosig b/magic/Magdir/biosig new file mode 100644 index 0000000..e490f6c --- /dev/null +++ b/magic/Magdir/biosig @@ -0,0 +1,154 @@ + +############################################################################## +# +# Magic ids for biomedical signal file formats +# Copyright (C) 2018 Alois Schloegl +# +# The list has been derived from biosig projects +# http://biosig.sourceforge.net +# https://pub.ist.ac.at/~schloegl/matlab/eeg/ +# https://pub.ist.ac.at/~schloegl/biosig/TESTED +# +############################################################################## +# +0 string ABF\x20 Biosig/Axon Binary format +!:mime biosig/abf2 +0 string ABF2\0\0 Biosig/Axon Binary format +!:mime biosig/abf2 +# +0 string ATES\x20MEDICA\x20SOFT.\x20EEG\x20for\x20Windows Biosig/ATES MEDICA SOFT. EEG for Windows +!:mime biosig/ates +# +0 string ATF\x09 Biosig/Axon Text fomrat +!:mime biosig/atf +# +0 string ADU1 Biosig/Axona file format +!:mime biosig/axona +0 string ADU2 Biosig/Axona file format +!:mime biosig/axona +# +0 string ALPHA-TRACE-MEDICAL Biosig/alpha trace +!:mime biosig/alpha +# +0 string AxGr Biosig/AXG +0 string axgx Biosig/AXG +!:mime biosig/axg +# +0 string HeaderLen= Biosig/BCI2000 +0 string BCI2000V Biosig/BCI2000 +!:mime biosig/bci2000 +# +### Specification: https://www.biosemi.com/faq/file_format.htm +0 string \xffBIOSEMI Biosig/Biosemi data format +!:mime biosig/bdf +# +0 string Brain\x20Vision\x20Data\x20Exchange\x20Header\x20File Biosig/Brainvision data file +0 string Brain\x20Vision\x20V-Amp\x20Data\x20Header\x20File\x20Version Biosig/Brainvision V-Amp file +0 string Brain\x20Vision\x20Data\x20Exchange\x20Marker\x20File,\x20Version Biosig/Brainvision Marker file +!:mime biosig/brainvision +# +0 string CEDFILE Biosig/CFS: Cambridge Electronic devices File format +!:mime biosig/ced +# +### Specification: https://www.edfplus.info/specs/index.html +0 string 0\x20\x20\x20\x20\x20\x20\x20 Biosig/EDF: European Data format +!:mime biosig/edf +# +### Specifications: https://arxiv.org/abs/cs/0608052 +0 string GDF Biosig/GDF: General data format for biosignals +!:mime biosig/gdf +# +0 string DATA\0\0\0\0 Biosig/Heka Patchmaster +0 string DAT1\0\0\0\0 Biosig/Heka Patchmaster +0 string DAT2\0\0\0\0 Biosig/Heka Patchmaster +!:mime biosig/heka +# +0 string (C)\x20CED\x2087 Biosig/CED SMR +!:mime biosig/ced-smr +# +0 string CFWB\1\0\0\0 Biosig/CFWB +!:mime biosig/cfwb +# +0 string DEMG Biosig/DEMG +!:mime biosig/demg +# +0 string EBS\x94\x0a\x13\x1a\x0d Biosig/EBS +!:mime biosig/ebs +# +0 string Embla\x20data\x20file Biosig/Embla +!:mime biosig/embla +# +0 string Header\r\nFile Version Biosig/ETG4000 +!:mime biosig/etg4000 +# +0 string GALILEO\x20EEG\x20TRACE\x20FILE Biosig/Galileo +!:mime biosig/galileo +# +0 string IGOR Biosig/IgorPro ITX file +!:mime biosig/igorpro +# +# Specification: http://www.ampsmedical.com/uploads/2017-12-7/The_ISHNE_Format.pdf +0 string ISHNE1.0 Biosig/ISHNE +!:mime biosig/ishne +# +# CEN/ISO 11073/22077 series, http://www.mfer.org/en/document.htm +0 string @\x20\x20MFER\x20 Biosig/MFER +0 string @\x20MFR\x20 Biosig/MFER +!:mime biosig/mfer +# +0 string NEURALEV Biosig/NEV +0 string N.EV.\0 Biosig/NEV +!:mime biosig/nev +# +0 string NEX1 Biosig/NEX +!:mime biosig/nex1 +# +0 string PLEX Biosig/Plexon v1.0 +10 string PLEXON Biosig/Plexon v2.0 +!:mime biosig/plexon +# +0 string \x02\x27\x91\xC6 Biosig/RHD2000: Intan RHD2000 format +# +# Specification: CEN 1064:2005/ISO 11073:91064 +16 string SCPECG\0\0 Biosig/SCP-ECG format CEN 1064:2005/ISO 11073:91064 +!:mime biosig/scpecg +# +0 string IAvSFo Biosig/SIGIF +!:mime biosig/sigif +# +0 string POLY\x20SAMPLE\x20FILEversion\x20 Biosig/TMS32 +!:mime biosig/tms32 +# +0 string FileId=TMSi\x20PortiLab\x20sample\x20log\x20file\x0a\x0dVersion= Biosig/TMSiLOG +!:mime biosig/tmsilog +# +4 string Synergy\0\48\49\50\46\48\48\51\46\48\48\48\46\48\48\48\0\28\0\0\0\2\0\0\0 +>63 string CRawDataElement +>>85 string CRawDataBuffer Biosig/SYNERGY +!:mime biosig/synergy +# +4 string \40\0\4\1\44\1\102\2\146\3\44\0\190\3 Biosig/UNIPRO +!:mime biosig/unipro +# +0 string VER=9\r\nCTIME= Biosig/WCP +!:mime biosig/wcp +# +0 string \xAF\xFE\xDA\xDA Biosig/Walter Graphtek +0 string \xDA\xDA\xFE\xAF Biosig/Walter Graphtek +0 string \x55\x55\xFE\xAF Biosig/Walter Graphtek +!:mime biosig/walter-graphtek +# +0 string V3.0\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20 +>32 string [PatInfo] Biosig/Sigma +!:mime biosig/sigma +# +0 string \067\069\078\013\010\0x1a\04\0x84 Biosig/File exchange format (FEF) +!:mime biosig/fef +0 string \67\69\78\0x13\0x10\0x1a\4\0x84 Biosig/File exchange format (FEF) +!:mime biosig/fef +# +0 string \0\0\0\x64\0\0\0\x1f\0\0\0\x14\0\0\0\0\0\1 +>36 string \0\0\0\x65\0\0\0\3\0\0\0\4\0\0 +>>56 string \0\0\0\x6a\0\0\0\3\0\0\0\4\0\0\0\0\xff\xff\xff\xff\0\0 Biosig/FIFF +!:mime biosig/fiff +# diff --git a/magic/Magdir/blackberry b/magic/Magdir/blackberry new file mode 100644 index 0000000..2e38a54 --- /dev/null +++ b/magic/Magdir/blackberry @@ -0,0 +1,8 @@ + +#------------------------------------------------------------------------------ +# $File: blackberry,v 1.2 2017/03/17 21:35:28 christos Exp $ +# blackberry: file(1) magic for BlackBerry file formats +# +5 belong 0 +>8 belong 010010010 BlackBerry RIM ETP file +>>22 string x \b for %s diff --git a/magic/Magdir/blcr b/magic/Magdir/blcr new file mode 100644 index 0000000..d2f901a --- /dev/null +++ b/magic/Magdir/blcr @@ -0,0 +1,25 @@ +# Berkeley Lab Checkpoint Restart (BLCR) checkpoint context files +# https://ftg.lbl.gov/checkpoint +0 string C\0\0\0R\0\0\0 BLCR +>16 lelong 1 x86 +>16 lelong 3 alpha +>16 lelong 5 x86-64 +>16 lelong 7 ARM +>8 lelong x context data (little endian, version %d) +# Uncomment the following only of your "file" program supports "search" +#>0 search/1024 VMA\06 for kernel +#>>&1 byte x %d. +#>>&2 byte x %d. +#>>&3 byte x %d +0 string \0\0\0C\0\0\0R BLCR +>16 belong 2 SPARC +>16 belong 4 ppc +>16 belong 6 ppc64 +>16 belong 7 ARMEB +>16 belong 8 SPARC64 +>8 belong x context data (big endian, version %d) +# Uncomment the following only of your "file" program supports "search" +#>0 search/1024 VMA\06 for kernel +#>>&1 byte x %d. +#>>&2 byte x \b%d. +#>>&3 byte x \b%d diff --git a/magic/Magdir/blender b/magic/Magdir/blender new file mode 100644 index 0000000..276242e --- /dev/null +++ b/magic/Magdir/blender @@ -0,0 +1,39 @@ + +#------------------------------------------------------------------------------ +# $File: blender,v 1.8 2019/04/19 00:42:27 christos Exp $ +# blender: file(1) magic for Blender 3D related files +# +# Native format rule v1.2. For questions use the developers list +# https://lists.blender.org/mailman/listinfo/bf-committers +# GLOB chunk was moved near start and provides subversion info since 2.42 + +0 string =BLENDER Blender3D, +>7 string =_ saved as 32-bits +>>8 string =v little endian +>>>9 byte x with version %c. +>>>10 byte x \b%c +>>>11 byte x \b%c +>>>0x40 string =GLOB \b. +>>>>0x58 leshort x \b%.4d +>>8 string =V big endian +>>>9 byte x with version %c. +>>>10 byte x \b%c +>>>11 byte x \b%c +>>>0x40 string =GLOB \b. +>>>>0x58 beshort x \b%.4d +>7 string =- saved as 64-bits +>>8 string =v little endian +>>9 byte x with version %c. +>>10 byte x \b%c +>>11 byte x \b%c +>>0x44 string =GLOB \b. +>>>0x60 leshort x \b%.4d +>>8 string =V big endian +>>>9 byte x with version %c. +>>>10 byte x \b%c +>>>11 byte x \b%c +>>>0x44 string =GLOB \b. +>>>>0x60 beshort x \b%.4d + +# Scripts that run in the embedded Python interpreter +0 string #!BPY Blender3D BPython script diff --git a/magic/Magdir/blit b/magic/Magdir/blit new file mode 100644 index 0000000..c78c7ef --- /dev/null +++ b/magic/Magdir/blit @@ -0,0 +1,20 @@ + +#------------------------------------------------------------------------------ +# $File$ +# blit: file(1) magic for 68K Blit stuff as seen from 680x0 machine +# +# Note that this 0407 conflicts with several other a.out formats... +# +# XXX - should this be redone with "be" and "le", so that it works on +# little-endian machines as well? If so, what's the deal with +# "VAX-order" and "VAX-order2"? +# +#0 long 0407 68K Blit (standalone) executable +#0 short 0407 VAX-order2 68K Blit (standalone) executable +0 short 03401 VAX-order 68K Blit (standalone) executable +0 long 0406 68k Blit mpx/mux executable +0 short 0406 VAX-order2 68k Blit mpx/mux executable +0 short 03001 VAX-order 68k Blit mpx/mux executable +# Need more values for WE32 DMD executables. +# Note that 0520 is the same as COFF +#0 short 0520 tty630 layers executable diff --git a/magic/Magdir/bout b/magic/Magdir/bout new file mode 100644 index 0000000..a8b2190 --- /dev/null +++ b/magic/Magdir/bout @@ -0,0 +1,11 @@ + +#------------------------------------------------------------------------------ +# $File$ +# i80960 b.out objects and archives +# +0 long 0x10d i960 b.out relocatable object +>16 long >0 not stripped +# +# b.out archive (hp-rt on i960) +0 string =! b.out archive +>8 string __.SYMDEF random library diff --git a/magic/Magdir/bsdi b/magic/Magdir/bsdi new file mode 100644 index 0000000..5109445 --- /dev/null +++ b/magic/Magdir/bsdi @@ -0,0 +1,33 @@ + +#------------------------------------------------------------------------------ +# $File: bsdi,v 1.6 2013/01/09 22:37:24 christos Exp $ +# bsdi: file(1) magic for BSD/OS (from BSDI) objects +# Some object/executable formats use the same magic numbers as are used +# in other OSes; those are handled by entries in aout. +# + +0 lelong 0314 386 compact demand paged pure executable +>16 lelong >0 not stripped +>32 byte 0x6a (uses shared libs) + +# same as in SunOS 4.x, except for static shared libraries +0 belong&077777777 0600413 SPARC demand paged +>0 byte &0x80 +>>20 belong <4096 shared library +>>20 belong =4096 dynamically linked executable +>>20 belong >4096 dynamically linked executable +>0 byte ^0x80 executable +>16 belong >0 not stripped +>36 belong 0xb4100001 (uses shared libs) + +0 belong&077777777 0600410 SPARC pure +>0 byte &0x80 dynamically linked executable +>0 byte ^0x80 executable +>16 belong >0 not stripped +>36 belong 0xb4100001 (uses shared libs) + +0 belong&077777777 0600407 SPARC +>0 byte &0x80 dynamically linked executable +>0 byte ^0x80 executable +>16 belong >0 not stripped +>36 belong 0xb4100001 (uses shared libs) diff --git a/magic/Magdir/bsi b/magic/Magdir/bsi new file mode 100644 index 0000000..51a6289 --- /dev/null +++ b/magic/Magdir/bsi @@ -0,0 +1,9 @@ +# Chiasmus is a encryption standard developed by the German Federal +# Office for Information Security (Bundesamt fuer Sicherheit in der +# Informationstechnik). + +# Extension: .xia +0 string XIA1 Chiasmus encrypted data + +# Extension: .xis +0 string XIS Chiasmus key diff --git a/magic/Magdir/btsnoop b/magic/Magdir/btsnoop new file mode 100644 index 0000000..a77f7d1 --- /dev/null +++ b/magic/Magdir/btsnoop @@ -0,0 +1,13 @@ + +#------------------------------------------------------------------------------ +# $File$ +# BTSnoop: file(1) magic for BTSnoop files +# +# From +0 string btsnoop\0 BTSnoop +>8 belong x version %d, +>12 belong 1001 Unencapsulated HCI +>12 belong 1002 HCI UART (H4) +>12 belong 1003 HCI BCSP +>12 belong 1004 HCI Serial (H5) +>>12 belong x type %d diff --git a/magic/Magdir/c-lang b/magic/Magdir/c-lang new file mode 100644 index 0000000..becf6b0 --- /dev/null +++ b/magic/Magdir/c-lang @@ -0,0 +1,107 @@ +#------------------------------------------------------------------------------ +# $File: c-lang,v 1.27 2019/02/27 16:46:23 christos Exp $ +# c-lang: file(1) magic for C and related languages programs +# +# The strength is to beat standard HTML + +# BCPL +0 search/8192 "libhdr" BCPL source text +!:mime text/x-bcpl +0 search/8192 "LIBHDR" BCPL source text +!:mime text/x-bcpl + +# C +# Check for class if include is found, otherwise class is beaten by include becouse of lowered strength +0 search/8192 #include +>0 regex \^#include C +>>0 regex \^class[[:space:]]+ +>>>&0 regex \\{[\.\*]\\}(;)?$ \b++ +>>&0 clear x source text +!:strength + 13 +!:mime text/x-c +0 search/8192 pragma +>0 regex \^#[[:space:]]*pragma C source text +!:mime text/x-c +0 search/8192 endif +>0 regex \^#[[:space:]]*(if\|ifn)def +>>&0 regex \^#[[:space:]]*endif$ C source text +!:mime text/x-c +0 search/8192 define +>0 regex \^#[[:space:]]*(if\|ifn)def +>>&0 regex \^#[[:space:]]*define C source text +!:mime text/x-c +0 search/8192 char +>0 regex \^[[:space:]]*char(\ \\*|\\*)(.+)(=.*)?;[[:space:]]*$ C source text +!:mime text/x-c +0 search/8192 double +>0 regex \^[[:space:]]*double(\ \\*|\\*)(.+)(=.*)?;[[:space:]]*$ C source text +!:mime text/x-c +0 search/8192 extern +>0 regex \^[[:space:]]*extern[[:space:]]+ C source text +!:mime text/x-c +0 search/8192 float +>0 regex \^[[:space:]]*float(\ \\*|\\*)(.+)(=.*)?;[[:space:]]*$ C source text +!:mime text/x-c +0 search/8192 struct +>0 regex \^struct[[:space:]]+ C source text +!:mime text/x-c +0 search/8192 union +>0 regex \^union[[:space:]]+ C source text +!:mime text/x-c +0 search/8192 main( +>&0 regex \\)[[:space:]]*\\{ C source text +!:mime text/x-c + +# C++ +# The strength of these rules is increased so they beat the C rules above +0 search/8192 namespace +>0 regex \^namespace[[:space:]]+[_[:alpha:]]{1,30}[[:space:]]*\\{ C++ source text +!:strength + 30 +!:mime text/x-c++ +# using namespace [namespace] or using std::[lib] +0 search/8192 using +>0 regex \^using[[:space:]]+(namespace\ )?std(::)?[[:alpha:]]*[[:space:]]*; C++ source text +!:strength + 30 +!:mime text/x-c++ +0 search/8192 template +>0 regex \^[[:space:]]*template[[:space:]]*<.*>[[:space:]]*$ C++ source text +!:strength + 30 +!:mime text/x-c++ +0 search/8192 virtual +>0 regex \^[[:space:]]*virtual[[:space:]]+.*[};][[:space:]]*$ C++ source text +!:strength + 30 +!:mime text/x-c++ +# But class alone is reduced to avoid beating php (Jens Schleusener) +0 search/8192 class +>0 regex \^[[:space:]]*class[[:space:]]+[[:digit:][:alpha:]:_]+[[:space:]]*\\{(.*[\n]*)*\\}(;)?$ C++ source text +!:strength + 13 +!:mime text/x-c++ +0 search/8192 public +>0 regex \^[[:space:]]*public: C++ source text +!:strength + 30 +!:mime text/x-c++ +0 search/8192 private +>0 regex \^[[:space:]]*private: C++ source text +!:strength + 30 +!:mime text/x-c++ +0 search/8192 protected +>0 regex \^[[:space:]]*protected: C++ source text +!:strength + 30 +!:mime text/x-c++ + +# Objective-C +0 search/8192 #import +>0 regex \^#import Objective-C source text +!:strength + 25 +!:mime text/x-objective-c + +# From: Mikhail Teterin +0 string cscope cscope reference data +>7 string x version %.2s +# We skip the path here, because it is often long (so file will +# truncate it) and mostly redundant. +# The inverted index functionality was added some time between +# versions 11 and 15, so look for -q if version is above 14: +>7 string >14 +>>10 search/100 \ -q\ with inverted index +>10 search/100 \ -c\ text (non-compressed) diff --git a/magic/Magdir/c64 b/magic/Magdir/c64 new file mode 100644 index 0000000..ff4e933 --- /dev/null +++ b/magic/Magdir/c64 @@ -0,0 +1,58 @@ + +#------------------------------------------------------------------------------ +# $File: c64,v 1.7 2017/11/15 12:19:06 christos Exp $ +# c64: file(1) magic for various commodore 64 related files +# +# From: Dirk Jagdmann + +0x16500 belong 0x12014100 D64 Image +0x16500 belong 0x12014180 D71 Image +0x61800 belong 0x28034400 D81 Image +0 string C64\40CARTRIDGE CCS C64 Emultar Cartridge Image +0 belong 0x43154164 X64 Image + +0 string GCR-1541 GCR Image +>8 byte x version: %i +>9 byte x tracks: %i + +9 string PSUR ARC archive (c64) +2 string -LH1- LHA archive (c64) + +0 string C64File PC64 Emulator file +>8 string >\0 "%s" +0 string C64Image PC64 Freezer Image + +0 beshort 0x38CD C64 PCLink Image +0 string CBM\144\0\0 Power 64 C64 Emulator Snapshot + +0 belong 0xFF424CFF WRAptor packer (c64) + +0 string C64S\x20tape\x20file T64 tape Image +>32 leshort x Version:0x%x +>36 leshort !0 Entries:%i +>40 string x Name:%.24s + +0 string C64\x20tape\x20image\x20file\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0 T64 tape Image +>32 leshort x Version:0x%x +>36 leshort !0 Entries:%i +>40 string x Name:%.24s + +0 string C64S\x20tape\x20image\x20file\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0 T64 tape Image +>32 leshort x Version:0x%x +>36 leshort !0 Entries:%i +>40 string x Name:%.24s + +# Raw tape file format (.tap files) +# Esa Hyyti +0 string C64-TAPE-RAW C64 Raw Tape File (.tap), +>0x0c byte x Version:%u, +>0x10 lelong x Length:%u cycles + +# magic for Goattracker2, http://covertbitops.c64.org/ +# from Alex Myczko +0 string GTS5 GoatTracker 2 song +>4 string >\0 \b, "%s" +>36 string >\0 \b by %s +>68 string >\0 \b (C) %s +>100 byte >0 \b, %u subsong(s) + diff --git a/magic/Magdir/cad b/magic/Magdir/cad new file mode 100644 index 0000000..48a76d1 --- /dev/null +++ b/magic/Magdir/cad @@ -0,0 +1,190 @@ + +#------------------------------------------------------------------------------ +# $File: cad,v 1.19 2019/04/19 00:42:27 christos Exp $ +# autocad: file(1) magic for cad files +# + +# Microstation DGN/CIT Files (www.bentley.com) +# Last updated July 29, 2005 by Lester Hightower +# DGN is the default file extension of Microstation/Intergraph CAD files. +# CIT is the proprietary raster format (similar to TIFF) used to attach +# raster underlays to Microstation DGN (vector) drawings. +# +# http://www.wotsit.org/search.asp +# https://filext.com/detaillist.php?extdetail=DGN +# https://filext.com/detaillist.php?extdetail=CIT +# +# https://www.bentley.com/products/default.cfm?objectid=97F351F5-9C35-4E5E-89C2 +# 3F86C928&method=display&p_objectid=97F351F5-9C35-4E5E-89C280A93F86C928 +# https://www.bentley.com/products/default.cfm?objectid=A5C2FD43-3AC9-4C71-B682 +# 721C479F&method=display&p_objectid=A5C2FD43-3AC9-4C71-B682C7BE721C479F +0 string \010\011\376 Microstation +>3 string \002 +>>30 string \026\105 DGNFile +>>30 string \034\105 DGNFile +>>30 string \073\107 DGNFile +>>30 string \073\110 DGNFile +>>30 string \106\107 DGNFile +>>30 string \110\103 DGNFile +>>30 string \120\104 DGNFile +>>30 string \172\104 DGNFile +>>30 string \172\105 DGNFile +>>30 string \172\106 DGNFile +>>30 string \234\106 DGNFile +>>30 string \273\105 DGNFile +>>30 string \306\106 DGNFile +>>30 string \310\104 DGNFile +>>30 string \341\104 DGNFile +>>30 string \372\103 DGNFile +>>30 string \372\104 DGNFile +>>30 string \372\106 DGNFile +>>30 string \376\103 DGNFile +>4 string \030\000\000 CITFile +>4 string \030\000\003 CITFile + +# AutoCAD +# Merge of the different contributions and updates from https://en.wikipedia.org/wiki/Dwg +# and https://www.iana.org/assignments/media-types/image/vnd.dwg +0 string MC0.0 DWG AutoDesk AutoCAD Release 1.0 +!:mime image/vnd.dwg +0 string AC1.2 DWG AutoDesk AutoCAD Release 1.2 +!:mime image/vnd.dwg +0 string AC1.3 DWG AutoDesk AutoCAD Release 1.3 +!:mime image/vnd.dwg +0 string AC1.40 DWG AutoDesk AutoCAD Release 1.40 +!:mime image/vnd.dwg +0 string AC1.50 DWG AutoDesk AutoCAD Release 2.05 +!:mime image/vnd.dwg +0 string AC2.10 DWG AutoDesk AutoCAD Release 2.10 +!:mime image/vnd.dwg +0 string AC2.21 DWG AutoDesk AutoCAD Release 2.21 +!:mime image/vnd.dwg +0 string AC2.22 DWG AutoDesk AutoCAD Release 2.22 +!:mime image/vnd.dwg +0 string AC1001 DWG AutoDesk AutoCAD Release 2.22 +!:mime image/vnd.dwg +0 string AC1002 DWG AutoDesk AutoCAD Release 2.50 +!:mime image/vnd.dwg +0 string AC1003 DWG AutoDesk AutoCAD Release 2.60 +!:mime image/vnd.dwg +0 string AC1004 DWG AutoDesk AutoCAD Release 9 +!:mime image/vnd.dwg +0 string AC1006 DWG AutoDesk AutoCAD Release 10 +!:mime image/vnd.dwg +0 string AC1009 DWG AutoDesk AutoCAD Release 11/12 +!:mime image/vnd.dwg +# AutoCAD DWG versions R13/R14 (www.autodesk.com) +# Written December 01, 2003 by Lester Hightower +# Based on the DWG File Format Specifications at http://www.opendwg.org/ +# AutoCad, from Nahuel Greco +# AutoCAD DWG versions R12/R13/R14 (www.autodesk.com) +0 string AC1012 DWG AutoDesk AutoCAD Release 13 +!:mime image/vnd.dwg +0 string AC1014 DWG AutoDesk AutoCAD Release 14 +!:mime image/vnd.dwg +0 string AC1015 DWG AutoDesk AutoCAD 2000/2002 +!:mime image/vnd.dwg + +# A new version of AutoCAD DWG +# Sergey Zaykov (mail_of_sergey@mail.ru, sergey_zaikov@rambler.ru, +# ICQ 358572321) +# From various sources like: +# https://autodesk.blogs.com/between_the_lines/autocad-release-history.html +0 string AC1018 DWG AutoDesk AutoCAD 2004/2005/2006 +!:mime image/vnd.dwg +0 string AC1021 DWG AutoDesk AutoCAD 2007/2008/2009 +!:mime image/vnd.dwg +0 string AC1024 DWG AutoDesk AutoCAD 2010/2011/2012 +!:mime image/vnd.dwg +0 string AC1027 DWG AutoDesk AutoCAD 2013/2014 +!:mime image/vnd.dwg + +# KOMPAS 2D drawing from ASCON +# This is KOMPAS 2D drawing or fragment of drawing but is not detailed nor +# gathered nor specification +# ASCON https://ascon.net/main/ in English, +# https://ascon.ru/ main site in Russian +# Extension is CDW for drawing and FRW for fragment of drawing +# Sergey Zaykov (mail_of_sergey@mail.ru, sergey_zaikov@rambler.ru, +# ICQ 358572321, https://vkontakte.ru/id16076543) +# From: +# https://sd.ascon.ru/otrs/customer.pl?Action=CustomerFAQ&CategoryID=4&ItemID=292 +# (in russian) and my experiments +0 string KF +>2 belong 0x4E00000C Kompas drawing 12.0 SP1 +>2 belong 0x4D00000C Kompas drawing 12.0 +>2 belong 0x3200000B Kompas drawing 11.0 SP1 +>2 belong 0x3100000B Kompas drawing 11.0 +>2 belong 0x2310000A Kompas drawing 10.0 SP1 +>2 belong 0x2110000A Kompas drawing 10.0 +>2 belong 0x08000009 Kompas drawing 9.0 SP1 +>2 belong 0x05000009 Kompas drawing 9.0 +>2 belong 0x33010008 Kompas drawing 8+ +>2 belong 0x1A000008 Kompas drawing 8.0 +>2 belong 0x2C010107 Kompas drawing 7+ +>2 belong 0x05000007 Kompas drawing 7.0 +>2 belong 0x32000006 Kompas drawing 6+ +>2 belong 0x09000006 Kompas drawing 6.0 +>2 belong 0x5C009005 Kompas drawing 5.11R03 +>2 belong 0x54009005 Kompas drawing 5.11R02 +>2 belong 0x51009005 Kompas drawing 5.11R01 +>2 belong 0x22009005 Kompas drawing 5.10R03 +>2 belong 0x22009005 Kompas drawing 5.10R02 mar +>2 belong 0x21009005 Kompas drawing 5.10R02 febr +>2 belong 0x19009005 Kompas drawing 5.10R01 +>2 belong 0xF4008005 Kompas drawing 5.9R01.003 +>2 belong 0x1C008005 Kompas drawing 5.9R01.002 +>2 belong 0x11008005 Kompas drawing 5.8R01.003 + +# CAD: file(1) magic for computer aided design files +# Phillip Griffith +# AutoCAD magic taken from the Open Design Alliance's OpenDWG specifications. +# +0 belong 0x08051700 Bentley/Intergraph MicroStation DGN cell library +0 belong 0x0809fe02 Bentley/Intergraph MicroStation DGN vector CAD +0 belong 0xc809fe02 Bentley/Intergraph MicroStation DGN vector CAD +0 beshort 0x0809 Bentley/Intergraph MicroStation +>0x02 byte 0xfe +>>0x04 beshort 0x1800 CIT raster CAD + +# 3DS (3d Studio files) +0 leshort 0x4d4d +>6 leshort 0x2 +>>8 lelong 0xa +>>>16 leshort 0x3d3d 3D Studio model +!:mime image/x-3ds +!:ext 3ds + +# MegaCAD 2D/3D drawing (.prt) +# https://megacad.de/ +# From: Markus Heidelberg +0 string MegaCad23\0 MegaCAD 2D/3D drawing + +# Hoops CAD files +# https://docs.techsoft3d.com/visualize/3df/latest/build/general/hsf/\ +# HSF_architecture.html +# Stephane Charette +0 string ;;\020HSF\020V OpenHSF (Hoops Stream Format) +>7 regex/9 V[.0-9]{4,5}\020 %s +!:ext hsf + +# AutoCAD Drawing Exchange Format +0 regex \^[\ \t]*0\r?\000$ +>1 regex \^[\ \t]*SECTION\r?$ +>>2 regex \^[\ \t]*2\r?$ +>>>3 regex \^[\ \t]*HEADER\r?$ AutoCAD Drawing Exchange Format +!:mime application/x-dxf +!:ext dxf +>>>>&1 search/8192 AC1006 \b, R10 +>>>>&1 search/8192 AC1009 \b, R11/R12 +>>>>&1 search/8192 AC1012 \b, R13 +>>>>&1 search/8192 AC1014 \b, R14 +>>>>&1 search/8192 AC1015 \b, version 2000 +>>>>&1 search/8192 AC1018 \b, version 2004 +>>>>&1 search/8192 AC1021 \b, version 2007 +>>>>&1 search/8192 AC1024 \b, version 2010 + +# The Sketchup 3D model format https://www.sketchup.com/ +0 string \xff\xfe\xff\x0e\x53\x00\x6b\x00\x65\x00\x74\x00\x63\x00\x68\x00\x55\x00\x70\x00\x20\x00\x4d\x00\x6f\x00\x64\x00\x65\x00\x6c\x00 SketchUp Model +!:mime application/vnd.sketchup.skp +!:ext skp diff --git a/magic/Magdir/cafebabe b/magic/Magdir/cafebabe new file mode 100644 index 0000000..18dd1a2 --- /dev/null +++ b/magic/Magdir/cafebabe @@ -0,0 +1,72 @@ + +#------------------------------------------------------------------------------ +# $File: cafebabe,v 1.24 2018/10/01 23:33:15 christos Exp $ +# Cafe Babes unite! +# +# Since Java bytecode and Mach-O universal binaries have the same magic number, +# the test must be performed in the same "magic" sequence to get both right. +# The long at offset 4 in a Mach-O universal binary tells the number of +# architectures; the short at offset 4 in a Java bytecode file is the JVM minor +# version and the short at offset 6 is the JVM major version. Since there are only +# only 18 labeled Mach-O architectures at current, and the first released +# Java class format was version 43.0, we can safely choose any number +# between 18 and 39 to test the number of architectures against +# (and use as a hack). Let's not use 18, because the Mach-O people +# might add another one or two as time goes by... +# +### JAVA START ### +0 belong 0xcafebabe +>4 belong >30 compiled Java class data, +!:mime application/x-java-applet +>>6 beshort x version %d. +>>4 beshort x \b%d +# Which is which? +#>>4 belong 0x032d (Java 1.0) +#>>4 belong 0x032d (Java 1.1) +>>4 belong 0x002e (Java 1.2) +>>4 belong 0x002f (Java 1.3) +>>4 belong 0x0030 (Java 1.4) +>>4 belong 0x0031 (Java 1.5) +>>4 belong 0x0032 (Java 1.6) +>>4 belong 0x0033 (Java 1.7) +>>4 belong 0x0034 (Java 1.8) + +0 belong 0xcafed00d JAR compressed with pack200, +>5 byte x version %d. +>4 byte x \b%d +!:mime application/x-java-pack200 + + +0 belong 0xcafed00d JAR compressed with pack200, +>5 byte x version %d. +>4 byte x \b%d +!:mime application/x-java-pack200 + +### JAVA END ### +### MACH-O START ### + +0 name mach-o \b [ +>0 use mach-o-cpu \b +>(8.L) indirect x \b: +>0 belong x \b] + +0 belong 0xcafebabe +>4 belong 1 Mach-O universal binary with 1 architecture: +!:mime application/x-mach-binary +>>8 use mach-o \b +>4 belong >1 +>>4 belong <20 Mach-O universal binary with %d architectures: +!:mime application/x-mach-binary +>>>8 use mach-o \b +>>4 belong >1 +>>>28 use mach-o \b +>>4 belong >2 +>>>48 use mach-o \b +>>4 belong >3 +>>>68 use mach-o \b +>>4 belong >4 +>>>88 use mach-o \b +>>4 belong >5 +>>>108 use mach-o \b + +### MACH-O END ### diff --git a/magic/Magdir/cbor b/magic/Magdir/cbor new file mode 100644 index 0000000..6bfd160 --- /dev/null +++ b/magic/Magdir/cbor @@ -0,0 +1,21 @@ + +#------------------------------------------------------------------------------ +# $File: elf,v 1.68 2014/09/19 19:05:57 christos Exp $ +# cbor: file(1) magic for CBOR files as defined in RFC 7049 + +0 string \xd9\xd9\xf7 Concise Binary Object Representation (CBOR) container +!:mime application/cbor +>3 ubyte <0x20 (positive integer) +>3 ubyte <0x40 +>>3 ubyte >0x1f (negative integer) +>3 ubyte <0x60 +>>3 ubyte >0x3f (byte string) +>3 ubyte <0x80 +>>3 ubyte >0x5f (text string) +>3 ubyte <0xa0 +>3 ubyte >0x7f (array) +>3 ubyte <0xc0 +>>3 ubyte >0x9f (map) +>3 ubyte <0xe0 +>>3 ubyte >0xbf (tagged) +>3 ubyte >0xdf (other) diff --git a/magic/Magdir/cddb b/magic/Magdir/cddb new file mode 100644 index 0000000..e793569 --- /dev/null +++ b/magic/Magdir/cddb @@ -0,0 +1,12 @@ + +#------------------------------------------------------------------------------ +# $File$ +# CDDB: file(1) magic for CDDB(tm) format CD text data files +# +# From +# +# This is the /etc/magic entry to decode datafiles as used by +# CDDB-enabled CD player applications. +# + +0 search/1/w #\040xmcd CDDB(tm) format CD text data diff --git a/magic/Magdir/chord b/magic/Magdir/chord new file mode 100644 index 0000000..6968829 --- /dev/null +++ b/magic/Magdir/chord @@ -0,0 +1,15 @@ + +#------------------------------------------------------------------------------ +# $File: chord,v 1.4 2009/09/19 16:28:08 christos Exp $ +# chord: file(1) magic for Chord music sheet typesetting utility input files +# +# From Philippe De Muyter +# File format is actually free, but many distributed files begin with `{title' +# +0 string {title Chord text file + +# Type: PowerTab file format +# URL: http://www.power-tab.net/ +# From: Jelmer Vernooij +0 string ptab\003\000 Power-Tab v3 Tablature File +0 string ptab\004\000 Power-Tab v4 Tablature File diff --git a/magic/Magdir/cisco b/magic/Magdir/cisco new file mode 100644 index 0000000..c9fdd4a --- /dev/null +++ b/magic/Magdir/cisco @@ -0,0 +1,12 @@ + +#------------------------------------------------------------------------------ +# $File$ +# cisco: file(1) magic for cisco Systems routers +# +# Most cisco file-formats are covered by the generic elf code +# +# Microcode files are non-ELF, 0x8501 conflicts with NetBSD/alpha. +0 belong&0xffffff00 0x85011400 cisco IOS microcode +>7 string >\0 for '%s' +0 belong&0xffffff00 0x8501cb00 cisco IOS experimental microcode +>7 string >\0 for '%s' diff --git a/magic/Magdir/citrus b/magic/Magdir/citrus new file mode 100644 index 0000000..41ad884 --- /dev/null +++ b/magic/Magdir/citrus @@ -0,0 +1,8 @@ + +#------------------------------------------------------------------------------ +# $File$ +# citrus locale declaration +# + +0 string RuneCT Citrus locale declaration for LC_CTYPE + diff --git a/magic/Magdir/clarion b/magic/Magdir/clarion new file mode 100644 index 0000000..220caec --- /dev/null +++ b/magic/Magdir/clarion @@ -0,0 +1,27 @@ + +#------------------------------------------------------------------------------ +# $File: clarion,v 1.4 2009/09/19 16:28:08 christos Exp $ +# clarion: file(1) magic for # Clarion Personal/Professional Developer +# (v2 and above) +# From: Julien Blache + +# Database files +# signature +0 leshort 0x3343 Clarion Developer (v2 and above) data file +# attributes +>2 leshort &0x0001 \b, locked +>2 leshort &0x0004 \b, encrypted +>2 leshort &0x0008 \b, memo file exists +>2 leshort &0x0010 \b, compressed +>2 leshort &0x0040 \b, read only +# number of records +>5 lelong x \b, %d records + +# Memo files +0 leshort 0x334d Clarion Developer (v2 and above) memo data + +# Key/Index files +# No magic? :( + +# Help files +0 leshort 0x49e0 Clarion Developer (v2 and above) help data diff --git a/magic/Magdir/claris b/magic/Magdir/claris new file mode 100644 index 0000000..771190f --- /dev/null +++ b/magic/Magdir/claris @@ -0,0 +1,48 @@ + +#------------------------------------------------------------------------------ +# $File: claris,v 1.7 2014/06/03 19:17:27 christos Exp $ +# claris: file(1) magic for claris +# "H. Nanosecond" +# Claris Works a word processor, etc. +# Version 3.0 + +# .pct claris works clip art files +#0000000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 +#* +#0001000 #010 250 377 377 377 377 000 213 000 230 000 021 002 377 014 000 +#null to byte 1000 octal +514 string \377\377\377\377\000 +>0 string \0\0\0\0\0\0\0\0\0\0\0\0\0 Claris clip art +514 string \377\377\377\377\001 +>0 string \0\0\0\0\0\0\0\0\0\0\0\0\0 Claris clip art + +# Claris works files +# .cwk +# Moved to Apple AppleWorks document +#0 string \002\000\210\003\102\117\102\117\000\001\206 Claris works document +# .plt +0 string \020\341\000\000\010\010 Claris Works palette files .plt + +# .msp a dictionary file I am not sure about this I have only one .msp file +0 string \002\271\262\000\040\002\000\164 Claris works dictionary + +# .usp are user dictionary bits +# I am not sure about a magic header: +#0000000 001 123 160 146 070 125 104 040 136 123 015 012 160 157 144 151 +# soh S p f 8 U D sp ^ S cr nl p o d i +#0000020 141 164 162 151 163 164 040 136 123 015 012 144 151 166 040 043 +# a t r i s t sp ^ S cr nl d i v sp # + +# .mth Thesaurus +# starts with \0 but no magic header + +# .chy Hyphenation file +# I am not sure: 000 210 034 000 000 + +# other claris files +#./windows/claris/useng.ndx: data +#./windows/claris/xtndtran.l32: data +#./windows/claris/xtndtran.lst: data +#./windows/claris/clworks.lbl: data +#./windows/claris/clworks.prf: data +#./windows/claris/userd.spl: data diff --git a/magic/Magdir/clipper b/magic/Magdir/clipper new file mode 100644 index 0000000..2768b3a --- /dev/null +++ b/magic/Magdir/clipper @@ -0,0 +1,65 @@ + +#------------------------------------------------------------------------------ +# $File: clipper,v 1.8 2017/03/17 21:35:28 christos Exp $ +# clipper: file(1) magic for Intergraph (formerly Fairchild) Clipper. +# +# XXX - what byte order does the Clipper use? +# +# XXX - what's the "!" stuff: +# +# >18 short !074000,000000 C1 R1 +# >18 short !074000,004000 C2 R1 +# >18 short !074000,010000 C3 R1 +# >18 short !074000,074000 TEST +# +# I shall assume it's ANDing the field with the first value and +# comparing it with the second, and rewrite it as: +# +# >18 short&074000 000000 C1 R1 +# >18 short&074000 004000 C2 R1 +# >18 short&074000 010000 C3 R1 +# >18 short&074000 074000 TEST +# +# as SVR3.1's "file" doesn't support anything of the "!074000,000000" +# sort, nor does SunOS 4.x, so either it's something Intergraph added +# in CLIX, or something AT&T added in SVR3.2 or later, or something +# somebody else thought was a good idea; it's not documented in the +# man page for this version of "magic", nor does it appear to be +# implemented (at least not after I blew off the bogus code to turn +# old-style "&"s into new-style "&"s, which just didn't work at all). +# +0 short 0575 CLIPPER COFF executable (VAX #) +>20 short 0407 (impure) +>20 short 0410 (5.2 compatible) +>20 short 0411 (pure) +>20 short 0413 (demand paged) +>20 short 0443 (target shared library) +>12 long >0 not stripped +>22 short >0 - version %d +0 short 0577 CLIPPER COFF executable +>18 short&074000 000000 C1 R1 +>18 short&074000 004000 C2 R1 +>18 short&074000 010000 C3 R1 +>18 short&074000 074000 TEST +>20 short 0407 (impure) +>20 short 0410 (pure) +>20 short 0411 (separate I&D) +>20 short 0413 (paged) +>20 short 0443 (target shared library) +>12 long >0 not stripped +>22 short >0 - version %d +>48 long&01 01 alignment trap enabled +>52 byte 1 -Ctnc +>52 byte 2 -Ctsw +>52 byte 3 -Ctpw +>52 byte 4 -Ctcb +>53 byte 1 -Cdnc +>53 byte 2 -Cdsw +>53 byte 3 -Cdpw +>53 byte 4 -Cdcb +>54 byte 1 -Csnc +>54 byte 2 -Cssw +>54 byte 3 -Cspw +>54 byte 4 -Cscb +4 string pipe CLIPPER instruction trace +4 string prof CLIPPER instruction profile diff --git a/magic/Magdir/clojure b/magic/Magdir/clojure new file mode 100644 index 0000000..1f1cddf --- /dev/null +++ b/magic/Magdir/clojure @@ -0,0 +1,30 @@ +#------------------------------------------------------------------------------ +# file: file(1) magic for Clojure +# URL: https://clojure.org/ +# From: Jason Felice + +0 string/w #!\ /usr/bin/clj Clojure script text executable +!:mime text/x-clojure +0 string/w #!\ /usr/local/bin/clj Clojure script text executable +!:mime text/x-clojure +0 string/w #!\ /usr/bin/clojure Clojure script text executable +!:mime text/x-clojure +0 string/w #!\ /usr/local/bin/clojure Clojure script text executable +!:mime text/x-clojure +0 string/W #!/usr/bin/env\ clj Clojure script text executable +!:mime text/x-clojure +0 string/W #!/usr/bin/env\ clojure Clojure script text executable +!:mime text/x-clojure +0 string/W #!\ /usr/bin/env\ clj Clojure script text executable +!:mime text/x-clojure +0 string/W #!\ /usr/bin/env\ clojure Clojure script text executable +!:mime text/x-clojure + +0 regex \^\\\(ns[[:space:]]+[a-z] Clojure module source text +!:mime text/x-clojure + +0 regex \^\\\(ns[[:space:]]+\\\^\\{: Clojure module source text +!:mime text/x-clojure + +0 regex \^\\\(defn-?[[:space:]] Clojure module source text +!:mime text/x-clojure diff --git a/magic/Magdir/coff b/magic/Magdir/coff new file mode 100644 index 0000000..31b47e7 --- /dev/null +++ b/magic/Magdir/coff @@ -0,0 +1,81 @@ + +#------------------------------------------------------------------------------ +# $File: coff,v 1.3 2018/08/01 10:34:03 christos Exp $ +# coff: file(1) magic for Common Object Files not specific to known cpu types or manufactures +# +# COFF +# +# by Joerg Jenderek at Oct 2015 +# https://en.wikipedia.org/wiki/COFF +# https://de.wikipedia.org/wiki/Common_Object_File_Format +# http://www.delorie.com/djgpp/doc/coff/filhdr.html + +# display name+variables+flags of Common Object Files Format (32bit) +# Maybe used also in adi,att3b,clipper,hitachi-sh,hp,ibm6000,intel, +# mips,motorola,msdos,osf1,sharc,varied.out,vax +0 name display-coff +# test for unused flag bits (0x8000,0x0800,0x0400,0x0200,x0080) in f_flags +>18 uleshort&0x8E80 0 +>>0 clear x +# f_magic - magic number +# DJGPP, 80386 COFF executable, MS Windows COFF Intel 80386 object file (./intel) +>>0 uleshort 0x014C Intel 80386 +# Hitachi SH big-endian COFF (./hitachi-sh) +>>0 uleshort 0x0500 Hitachi SH big-endian +# Hitachi SH little-endian COFF (./hitachi-sh) +>>0 uleshort 0x0550 Hitachi SH little-endian +# executable (RISC System/6000 V3.1) or obj module (./ibm6000) +#>>0 uleshort 0x01DF +# MS Windows COFF Intel Itanium, AMD64 +# https://msdn.microsoft.com/en-us/library/windows/desktop/ms680313(v=vs.85).aspx +>>0 uleshort 0x0200 Intel ia64 +>>0 uleshort 0x8664 Intel amd64 +# TODO for other COFFs +#>>0 uleshort 0xABCD COFF_TEMPLATE +>>0 default x +>>>0 uleshort x type 0x%04x +>>0 uleshort x COFF +# F_EXEC flag bit +>>18 leshort ^0x0002 object file +#!:mime application/x-coff +#!:ext cof/o/obj/lib +>>18 leshort &0x0002 executable +#!:mime application/x-coffexec +# F_RELFLG flag bit,static object +>>18 leshort &0x0001 \b, no relocation info +# F_LNNO flag bit +>>18 leshort &0x0004 \b, no line number info +# F_LSYMS flag bit +>>18 leshort &0x0008 \b, stripped +>>18 leshort ^0x0008 \b, not stripped +# flags in other COFF versions +#0x0010 F_FDPR_PROF +#0x0020 F_FDPR_OPTI +#0x0040 F_DSA +# F_AR32WR flag bit +#>>>18 leshort &0x0100 \b, 32 bit little endian +#0x1000 F_DYNLOAD +#0x2000 F_SHROBJ +#0x4000 F_LOADONLY +# f_nscns - number of sections +>>2 uleshort <2 \b, %d section +>>2 uleshort >1 \b, %d sections +# f_timdat - file time & date stamp only for little endian +#>>4 date x \b, %s +# f_symptr - symbol table pointer, only for not stripped +>>8 ulelong >0 \b, symbol offset=0x%x +# f_nsyms - number of symbols, only for not stripped +>>12 ulelong >0 \b, %d symbols +# f_opthdr - optional header size +>>16 uleshort >0 \b, optional header size %d +# at offset 20 can be optional header, extra bytes FILHSZ-20 because +# do not rely on sizeof(FILHDR) to give the correct size for header. +# or first section header +# additional variables for other COFF files +# >20 beshort 0407 (impure) +# >20 beshort 0410 (pure) +# >20 beshort 0413 (demand paged) +# >20 beshort 0421 (standalone) +# >22 leshort >0 - version %d +# >168 string .lowmem Apple toolbox + diff --git a/magic/Magdir/commands b/magic/Magdir/commands new file mode 100644 index 0000000..1120c7d --- /dev/null +++ b/magic/Magdir/commands @@ -0,0 +1,118 @@ + +#------------------------------------------------------------------------------ +# $File: commands,v 1.60 2019/04/19 00:42:27 christos Exp $ +# commands: file(1) magic for various shells and interpreters +# +#0 string/w : shell archive or script for antique kernel text +0 string/wt #!\ /bin/sh POSIX shell script text executable +!:mime text/x-shellscript +0 string/wb #!\ /bin/sh POSIX shell script executable (binary data) +!:mime text/x-shellscript + +0 string/wt #!\ /bin/csh C shell script text executable +!:mime text/x-shellscript + +# korn shell magic, sent by George Wu, gwu@clyde.att.com +0 string/wt #!\ /bin/ksh Korn shell script text executable +!:mime text/x-shellscript +0 string/wb #!\ /bin/ksh Korn shell script executable (binary data) +!:mime text/x-shellscript + +0 string/wt #!\ /bin/tcsh Tenex C shell script text executable +!:mime text/x-shellscript +0 string/wt #!\ /usr/bin/tcsh Tenex C shell script text executable +!:mime text/x-shellscript +0 string/wt #!\ /usr/local/tcsh Tenex C shell script text executable +!:mime text/x-shellscript +0 string/wt #!\ /usr/local/bin/tcsh Tenex C shell script text executable +!:mime text/x-shellscript + +# +# zsh/ash/ae/nawk/gawk magic from cameron@cs.unsw.oz.au (Cameron Simpson) +0 string/wt #!\ /bin/zsh Paul Falstad's zsh script text executable +!:mime text/x-shellscript +0 string/wt #!\ /usr/bin/zsh Paul Falstad's zsh script text executable +!:mime text/x-shellscript +0 string/wt #!\ /usr/local/bin/zsh Paul Falstad's zsh script text executable +!:mime text/x-shellscript +0 string/wt #!\ /usr/local/bin/ash Neil Brown's ash script text executable +!:mime text/x-shellscript +0 string/wt #!\ /usr/local/bin/ae Neil Brown's ae script text executable +!:mime text/x-shellscript +0 string/wt #!\ /bin/nawk new awk script text executable +!:mime text/x-nawk +0 string/wt #!\ /usr/bin/nawk new awk script text executable +!:mime text/x-nawk +0 string/wt #!\ /usr/local/bin/nawk new awk script text executable +!:mime text/x-nawk +0 string/wt #!\ /bin/gawk GNU awk script text executable +!:mime text/x-gawk +0 string/wt #!\ /usr/bin/gawk GNU awk script text executable +!:mime text/x-gawk +0 string/wt #!\ /usr/local/bin/gawk GNU awk script text executable +!:mime text/x-gawk +# +0 string/wt #!\ /bin/awk awk script text executable +!:mime text/x-awk +0 string/wt #!\ /usr/bin/awk awk script text executable +!:mime text/x-awk +0 regex/4096 =^[\040\t\f\r\n]{0,100}BEGIN[\040\t\f\r\n]{0,100}[{] awk or perl script text + +# AT&T Bell Labs' Plan 9 shell +0 string/wt #!\ /bin/rc Plan 9 rc shell script text executable + +# bash shell magic, from Peter Tobias (tobias@server.et-inf.fho-emden.de) +0 string/wt #!\ /bin/bash Bourne-Again shell script text executable +!:mime text/x-shellscript +0 string/wb #!\ /bin/bash Bourne-Again shell script executable (binary data) +!:mime text/x-shellscript +0 string/wt #!\ /usr/bin/bash Bourne-Again shell script text executable +!:mime text/x-shellscript +0 string/wb #!\ /usr/bin/bash Bourne-Again shell script executable (binary data) +!:mime text/x-shellscript +0 string/wt #!\ /usr/local/bash Bourne-Again shell script text executable +!:mime text/x-shellscript +0 string/wb #!\ /usr/local/bash Bourne-Again shell script executable (binary data) +!:mime text/x-shellscript +0 string/wt #!\ /usr/local/bin/bash Bourne-Again shell script text executable +!:mime text/x-shellscript +0 string/wb #!\ /usr/local/bin/bash Bourne-Again shell script executable (binary data) +!:mime text/x-shellscript +0 string/wt #!\ /usr/bin/env\ bash Bourne-Again shell script text executable +!:mime text/x-shellscript + +# PHP scripts +# Ulf Harnhammar +0 search/1/c = +0 string =5 regex [\ \n] +>>6 string /*\ Smarty\ version Smarty compiled template +>>>24 regex [0-9.]+ \b, version %s +!:mime text/x-php + +0 string Zend\x00 PHP script Zend Optimizer data + +0 string/t $! DCL command file + +# Type: Pdmenu +# URL: https://packages.debian.org/pdmenu +# From: Edward Betts +0 string #!/usr/bin/pdmenu Pdmenu configuration file text + +# From Danny Weldon +0 string \x0b\x13\x08\x00 +>0x04 uleshort <4 ksh byte-code version %d diff --git a/magic/Magdir/communications b/magic/Magdir/communications new file mode 100644 index 0000000..938e174 --- /dev/null +++ b/magic/Magdir/communications @@ -0,0 +1,22 @@ + +#---------------------------------------------------------------------------- +# $File$ +# communication + +# TTCN is the Tree and Tabular Combined Notation described in ISO 9646-3. +# It is used for conformance testing of communication protocols. +# Added by W. Borgert . +0 string $Suite TTCN Abstract Test Suite +>&1 string $SuiteId +>>&1 string >\n %s +>&2 string $SuiteId +>>&1 string >\n %s +>&3 string $SuiteId +>>&1 string >\n %s + +# MSC (message sequence charts) are a formal description technique, +# described in ITU-T Z.120, mainly used for communication protocols. +# Added by W. Borgert . +0 string mscdocument Message Sequence Chart (document) +0 string msc Message Sequence Chart (chart) +0 string submsc Message Sequence Chart (subchart) diff --git a/magic/Magdir/compress b/magic/Magdir/compress new file mode 100644 index 0000000..7520eb4 --- /dev/null +++ b/magic/Magdir/compress @@ -0,0 +1,394 @@ +#------------------------------------------------------------------------------ +# $File: compress,v 1.75 2019/04/19 00:42:27 christos Exp $ +# compress: file(1) magic for pure-compression formats (no archives) +# +# compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, etc. +# +# Formats for various forms of compressed data +# Formats for "compress" proper have been moved into "compress.c", +# because it tries to uncompress it to figure out what's inside. + +# standard unix compress +0 string \037\235 compress'd data +!:mime application/x-compress +!:apple LZIVZIVU +>2 byte&0x80 >0 block compressed +>2 byte&0x1f x %d bits + +# gzip (GNU zip, not to be confused with Info-ZIP or PKWARE zip archiver) +# URL: https://en.wikipedia.org/wiki/Gzip +# Reference: https://tools.ietf.org/html/rfc1952 +# Update: Joerg Jenderek, Apr 2019 +# Edited by Chris Chittleborough , March 2002 +# * Original filename is only at offset 10 if "extra field" absent +# * Produce shorter output - notably, only report compression methods +# other than 8 ("deflate", the only method defined in RFC 1952). +# Note: find defs -iname '*.trid.xml' -exec grep -q '1F8B08' {} \; -ls +# TODO: +# FBR Blueberry FlashBack screen Record https://www.flashbackrecorder.com/ +# KPR KOffice/Calligra KPresenter application/x-kpresenter +# KPT KOffice/Calligra KPresenter template? application/x-kpresenter +# SAV Diggles Saved Game File http://www.innonics.com +# SAV FarCry (demo) saved game http://www.farcry-thegame.com +# DAT ZOAGZIP game data format http://en.wikipedia.org/wiki/SD_Gundam_Capsule_Fighter +0 string \037\213 +# to display gzip compressed (strength=100=2*50) before other (strength=50)? +#!:strength * 2 +# no FNAME and FCOMMENT bit implies no file name/comment. That means only binary +>3 byte&0x18 =0 +# For binary gzipped no ASCII text should occur +# mcd-monu-cad.trid.xml +>>10 string MCD Monu-Cad Drawing, Component or Font +#>>36 string Created\ with\ MONU-CAD +#!:mime application/octet-stream +# http://fileformats.archiveteam.org/wiki/Monu-CAD +# http://www.monucad.com/downloads/FullDemo-2005.EXE +# /HANDS96.MCC Component +# /DEMO_DD01.MCD Drawing +# /MCALF020.FNT Font +!:ext mcc/mcd/fnt +# http://www.generalcadd.com +>>10 string GXD General CADD, Drawing or Component +#!:mime application/octet-stream +# /gxc/BUILDINGEDGE.gxc Component +# /gxd/HOCKETT-STPAUL-WRHSE.gxd Drawing +# /gxd/POWERLAND-MILL-ADD-11.gxd Drawing v9.1.06 +!:ext gxc/gxd +#>>>13 ubyte 0 \b, version 0 +>>>13 string 09 \b, version 9 +# other gzipped binary like gzipped tar, VirtualBox extension package,... +>>10 default x gzip compressed data +>>>0 use gzip-info +# size of the original (uncompressed) input data modulo 2^32 +>>>-4 ulelong x \b, original size modulo 2^32 %u +# gzipped TAR or VirtualBox extension package +!:mime application/gzip +#!:mime application/x-compressed-tar +#!:mime application/x-virtualbox-vbox-extpack +# https://www.w3.org/TR/SVG/mimereg.html +#!:mime image/image/svg+xml-compressed +# zlib.3.gz +# microcode-20180312.tgz +# tpz same as tgz +# lua-md5_1.2-1_i386_i486.ipk https://en.wikipedia.org/wiki/Opkg +# Oracle_VM_VirtualBox_Extension_Pack-5.0.12-104815.vbox-extpack +!:ext gz/tgz/tpz/ipk/vbox-extpack/svgz +# FNAME/FCOMMENT bit implies file name/comment as iso-8859-1 text +>3 byte&0x18 >0 gzip compressed data +!:mime application/gzip +# gzipped tar, gzipped Abiword document +#!:mime application/x-compressed-tar +#!:mime application/x-abiword-compressed +#!:mime image/image/svg+xml-compressed +# kleopatra_splashscreen.svgz gzipped .svg +!:ext gz/tgz/tpz/zabw/svgz +>>0 use gzip-info +# size of the original (uncompressed) input data modulo 2^32 +>>-4 ulelong x \b, original size modulo 2^32 %u +# display information of gzip compressed files +0 name gzip-info +#>2 byte x THIS iS GZIP +>2 byte <8 \b, reserved method +>2 byte >8 \b, unknown method +>3 byte &0x01 \b, ASCII +>3 byte &0x02 \b, has CRC +>3 byte &0x04 \b, extra field +>3 byte&0xC =0x08 +>>10 string x \b, was "%s" +>3 byte &0x10 \b, has comment +>3 byte &0x20 \b, encrypted +>4 ledate >0 \b, last modified: %s +>8 byte 2 \b, max compression +>8 byte 4 \b, max speed +>9 byte =0x00 \b, from FAT filesystem (MS-DOS, OS/2, NT) +>9 byte =0x01 \b, from Amiga +>9 byte =0x02 \b, from VMS +>9 byte =0x03 \b, from Unix +>9 byte =0x04 \b, from VM/CMS +>9 byte =0x05 \b, from Atari +>9 byte =0x06 \b, from HPFS filesystem (OS/2, NT) +>9 byte =0x07 \b, from MacOS +>9 byte =0x08 \b, from Z-System +>9 byte =0x09 \b, from CP/M +>9 byte =0x0A \b, from TOPS/20 +>9 byte =0x0B \b, from NTFS filesystem (NT) +>9 byte =0x0C \b, from QDOS +>9 byte =0x0D \b, from Acorn RISCOS +# size of the original (uncompressed) input data modulo 2^32 +#>-4 ulelong x \b, original size modulo 2^32 %u +#ERROR: line 114: non zero offset 1048572 at level 1 + +# packed data, Huffman (minimum redundancy) codes on a byte-by-byte basis +0 string \037\036 packed data +!:mime application/octet-stream +>2 belong >1 \b, %d characters originally +>2 belong =1 \b, %d character originally +# +# This magic number is byte-order-independent. +0 short 0x1f1f old packed data +!:mime application/octet-stream + +# XXX - why *two* entries for "compacted data", one of which is +# byte-order independent, and one of which is byte-order dependent? +# +0 short 0x1fff compacted data +!:mime application/octet-stream +# This string is valid for SunOS (BE) and a matching "short" is listed +# in the Ultrix (LE) magic file. +0 string \377\037 compacted data +!:mime application/octet-stream +0 short 0145405 huf output +!:mime application/octet-stream + +# bzip2 +0 string BZh bzip2 compressed data +!:mime application/x-bzip2 +>3 byte >47 \b, block size = %c00k + +# bzip a block-sorting file compressor +# by Julian Seward and others +0 string BZ0 bzip compressed data +!:mime application/x-bzip +>3 byte >47 \b, block size = %c00k + +# lzip +0 string LZIP lzip compressed data +!:mime application/x-lzip +>4 byte x \b, version: %d + +# squeeze and crunch +# Michael Haardt +0 beshort 0x76FF squeezed data, +>4 string x original name %s +0 beshort 0x76FE crunched data, +>2 string x original name %s +0 beshort 0x76FD LZH compressed data, +>2 string x original name %s + +# Freeze +0 string \037\237 frozen file 2.1 +0 string \037\236 frozen file 1.0 (or gzip 0.5) + +# SCO compress -H (LZH) +0 string \037\240 SCO compress -H (LZH) data + +# European GSM 06.10 is a provisional standard for full-rate speech +# transcoding, prI-ETS 300 036, which uses RPE/LTP (residual pulse +# excitation/long term prediction) coding at 13 kbit/s. +# +# There's only a magic nibble (4 bits); that nibble repeats every 33 +# bytes. This isn't suited for use, but maybe we can use it someday. +# +# This will cause very short GSM files to be declared as data and +# mismatches to be declared as data too! +#0 byte&0xF0 0xd0 data +#>33 byte&0xF0 0xd0 +#>66 byte&0xF0 0xd0 +#>99 byte&0xF0 0xd0 +#>132 byte&0xF0 0xd0 GSM 06.10 compressed audio + +# lzop from +0 string \x89\x4c\x5a\x4f\x00\x0d\x0a\x1a\x0a lzop compressed data +>9 beshort <0x0940 +>>9 byte&0xf0 =0x00 - version 0. +>>9 beshort&0x0fff x \b%03x, +>>13 byte 1 LZO1X-1, +>>13 byte 2 LZO1X-1(15), +>>13 byte 3 LZO1X-999, +## >>22 bedate >0 last modified: %s, +>>14 byte =0x00 os: MS-DOS +>>14 byte =0x01 os: Amiga +>>14 byte =0x02 os: VMS +>>14 byte =0x03 os: Unix +>>14 byte =0x05 os: Atari +>>14 byte =0x06 os: OS/2 +>>14 byte =0x07 os: MacOS +>>14 byte =0x0A os: Tops/20 +>>14 byte =0x0B os: WinNT +>>14 byte =0x0E os: Win32 +>9 beshort >0x0939 +>>9 byte&0xf0 =0x00 - version 0. +>>9 byte&0xf0 =0x10 - version 1. +>>9 byte&0xf0 =0x20 - version 2. +>>9 beshort&0x0fff x \b%03x, +>>15 byte 1 LZO1X-1, +>>15 byte 2 LZO1X-1(15), +>>15 byte 3 LZO1X-999, +## >>25 bedate >0 last modified: %s, +>>17 byte =0x00 os: MS-DOS +>>17 byte =0x01 os: Amiga +>>17 byte =0x02 os: VMS +>>17 byte =0x03 os: Unix +>>17 byte =0x05 os: Atari +>>17 byte =0x06 os: OS/2 +>>17 byte =0x07 os: MacOS +>>17 byte =0x0A os: Tops/20 +>>17 byte =0x0B os: WinNT +>>17 byte =0x0E os: Win32 + +# 4.3BSD-Quasijarus Strong Compression +# https://minnie.tuhs.org/Quasijarus/compress.html +0 string \037\241 Quasijarus strong compressed data + +# From: Cory Dikkers +0 string XPKF Amiga xpkf.library compressed data +0 string PP11 Power Packer 1.1 compressed data +0 string PP20 Power Packer 2.0 compressed data, +>4 belong 0x09090909 fast compression +>4 belong 0x090A0A0A mediocre compression +>4 belong 0x090A0B0B good compression +>4 belong 0x090A0C0C very good compression +>4 belong 0x090A0C0D best compression + +# 7-zip archiver, from Thomas Klausner (wiz@danbala.tuwien.ac.at) +# https://www.7-zip.org or DOC/7zFormat.txt +# +0 string 7z\274\257\047\034 7-zip archive data, +>6 byte x version %d +>7 byte x \b.%d +!:mime application/x-7z-compressed +!:ext 7z/cb7 + +# Type: LZMA +0 lelong&0xffffff =0x5d +>12 leshort 0xff LZMA compressed data, +!:mime application/x-lzma +>>5 lequad =0xffffffffffffffff streamed +>>5 lequad !0xffffffffffffffff non-streamed, size %lld +>12 leshort 0 LZMA compressed data, +>>5 lequad =0xffffffffffffffff streamed +>>5 lequad !0xffffffffffffffff non-streamed, size %lld + +# http://tukaani.org/xz/xz-file-format.txt +0 ustring \xFD7zXZ\x00 XZ compressed data +!:strength * 2 +!:mime application/x-xz + +# https://github.com/ckolivas/lrzip/blob/master/doc/magic.header.txt +0 string LRZI LRZIP compressed data +>4 byte x - version %d +>5 byte x \b.%d +!:mime application/x-lrzip + +# https://fastcompression.blogspot.fi/2013/04/lz4-streaming-format-final.html +0 lelong 0x184d2204 LZ4 compressed data (v1.4+) +!:mime application/x-lz4 +# Added by osm0sis@xda-developers.com +0 lelong 0x184c2103 LZ4 compressed data (v1.0-v1.3) +!:mime application/x-lz4 +0 lelong 0x184c2102 LZ4 compressed data (v0.1-v0.9) +!:mime application/x-lz4 + +# Zstandard/LZ4 skippable frames +# https://github.com/facebook/zstd/blob/dev/zstd_compression_format.md +0 lelong&0xFFFFFFF0 0x184D2A50 +>(4.l+8) indirect x + +# Zstandard Dictionary ID subroutine +0 name zstd-dictionary-id +# Single Segment = True +>0 byte &0x20 \b, Dictionary ID: +>>0 byte&0x03 0 None +>>0 byte&0x03 1 +>>>1 byte x %u +>>0 byte&0x03 2 +>>>1 leshort x %u +>>0 byte&0x03 3 +>>>1 lelong x %u +# Single Segment = False +>0 byte ^0x20 \b, Dictionary ID: +>>0 byte&0x03 0 None +>>0 byte&0x03 1 +>>>2 byte x %u +>>0 byte&0x03 2 +>>>2 leshort x %u +>>0 byte&0x03 3 +>>>2 lelong x %u + +# Zstandard compressed data +# https://github.com/facebook/zstd/blob/dev/zstd_compression_format.md +0 lelong 0xFD2FB522 Zstandard compressed data (v0.2) +!:mime application/x-zstd +0 lelong 0xFD2FB523 Zstandard compressed data (v0.3) +!:mime application/x-zstd +0 lelong 0xFD2FB524 Zstandard compressed data (v0.4) +!:mime application/x-zstd +0 lelong 0xFD2FB525 Zstandard compressed data (v0.5) +!:mime application/x-zstd +0 lelong 0xFD2FB526 Zstandard compressed data (v0.6) +!:mime application/x-zstd +0 lelong 0xFD2FB527 Zstandard compressed data (v0.7) +!:mime application/x-zstd +>4 use zstd-dictionary-id +0 lelong 0xFD2FB528 Zstandard compressed data (v0.8+) +!:mime application/x-zstd +>4 use zstd-dictionary-id + +# https://github.com/facebook/zstd/blob/dev/zstd_compression_format.md +0 lelong 0xEC30A437 Zstandard dictionary +!:mime application/x-zstd-dictionary +>4 lelong x (ID %u) + +# AFX compressed files (Wolfram Kleff) +2 string -afx- AFX compressed file data + +# Supplementary magic data for the file(1) command to support +# rzip(1). The format is described in magic(5). +# +# Copyright (C) 2003 by Andrew Tridgell. You may do whatever you want with +# this file. +# +0 string RZIP rzip compressed data +>4 byte x - version %d +>5 byte x \b.%d +>6 belong x (%d bytes) + +0 string ArC\x01 FreeArc archive + +# Type: DACT compressed files +0 long 0x444354C3 DACT compressed data +>4 byte >-1 (version %i. +>5 byte >-1 %i. +>6 byte >-1 %i) +>7 long >0 , original size: %i bytes +>15 long >30 , block size: %i bytes + +# Valve Pack (VPK) files +0 lelong 0x55aa1234 Valve Pak file +>0x4 lelong x \b, version %u +>0x8 lelong x \b, %u entries + +# Snappy framing format +# https://code.google.com/p/snappy/source/browse/trunk/framing_format.txt +0 string \377\006\0\0sNaPpY snappy framed data +!:mime application/x-snappy-framed + +# qpress, https://www.quicklz.com/ +0 string qpress10 qpress compressed data +!:mime application/x-qpress + +# Zlib https://www.ietf.org/rfc/rfc6713.txt +0 string/b x +>0 beshort%31 =0 +>>0 byte&0xf =8 +>>>0 byte&0x80 =0 zlib compressed data +!:mime application/zlib + +# BWC compression +0 string BWC +>3 byte 0 BWC compressed data + +# UCL compression +0 bequad 0x00e955434cff011a UCL compressed data + +# Softlib archive +0 string SLIB Softlib archive +>4 leshort x \b, version %d +>6 leshort x (contains %d files) + +# URL: https://github.com/lzfse/lzfse/blob/master/src/lzfse_internal.h#L276 +# From: Eric Hall +0 string bvx- lzfse encoded, no compression +0 string bvx1 lzfse compressed, uncompressed tables +0 string bvx2 lzfse compressed, compressed tables +0 string bvxn lzfse encoded, lzvn compressed diff --git a/magic/Magdir/console b/magic/Magdir/console new file mode 100644 index 0000000..5e5e581 --- /dev/null +++ b/magic/Magdir/console @@ -0,0 +1,950 @@ + +#------------------------------------------------------------------------------ +# $File: console,v 1.45 2019/04/19 00:42:27 christos Exp $ +# Console game magic +# Toby Deshane + +# ines: file(1) magic for Marat's iNES Nintendo Entertainment System ROM dump format +# Updated by David Korth +# References: +# - https://wiki.nesdev.com/w/index.php/INES +# - https://wiki.nesdev.com/w/index.php/NES_2.0 + +# Common header for iNES, NES 2.0, and Wii U iNES. +0 name nes-rom-image-ines +>7 byte&0x0C =0x8 (NES 2.0) +>4 byte x \b: %ux16k PRG +>5 byte x \b, %ux8k CHR +>6 byte&0x08 =0x8 [4-Scr] +>6 byte&0x09 =0x0 [H-mirror] +>6 byte&0x09 =0x1 [V-mirror] +>6 byte&0x02 =0x2 [SRAM] +>6 byte&0x04 =0x4 [Trainer] +>7 byte&0x03 =0x2 [PC10] +>7 byte&0x03 =0x1 [VS] +>>7 byte&0x0C =0x8 +# NES 2.0: VS PPU +>>>13 byte&0x0F =0x0 \b, RP2C03B +>>>13 byte&0x0F =0x1 \b, RP2C03G +>>>13 byte&0x0F =0x2 \b, RP2C04-0001 +>>>13 byte&0x0F =0x3 \b, RP2C04-0002 +>>>13 byte&0x0F =0x4 \b, RP2C04-0003 +>>>13 byte&0x0F =0x5 \b, RP2C04-0004 +>>>13 byte&0x0F =0x6 \b, RP2C03B +>>>13 byte&0x0F =0x7 \b, RP2C03C +>>>13 byte&0x0F =0x8 \b, RP2C05-01 +>>>13 byte&0x0F =0x9 \b, RP2C05-02 +>>>13 byte&0x0F =0xA \b, RP2C05-03 +>>>13 byte&0x0F =0xB \b, RP2C05-04 +>>>13 byte&0x0F =0xC \b, RP2C05-05 +# TODO: VS protection hardware? +>>7 byte x \b] +# NES 2.0-specific flags. +>7 byte&0x0C =0x8 +>>12 byte&0x03 =0x0 [NTSC] +>>12 byte&0x03 =0x1 [PAL] +>>12 byte&0x02 =0x2 [NTSC+PAL] + +# Standard iNES ROM header. +0 string NES\x1A NES ROM image (iNES) +!:mime application/x-nes-rom +>0 use nes-rom-image-ines + +# Wii U Virtual Console iNES ROM header. +0 belong 0x4E455300 NES ROM image (Wii U Virtual Console) +!:mime application/x-nes-rom +>0 use nes-rom-image-ines + +#------------------------------------------------------------------------------ +# unif: file(1) magic for UNIF-format Nintendo Entertainment System ROM images +# Reference: https://wiki.nesdev.com/w/index.php/UNIF +# From: David Korth +# +# NOTE: The UNIF format uses chunks instead of a fixed header, +# so most of the data isn't easily parseable. +# +0 string UNIF +>4 lelong <16 NES ROM image (UNIF v%d format) +!:mime application/x-nes-rom + +#------------------------------------------------------------------------------ +# fds: file(1) magic for Famciom Disk System disk images +# Reference: https://wiki.nesdev.com/w/index.php/Family_Computer_Disk_System#.FDS_format +# From: David Korth +# TODO: Check "Disk info block" and get info from that in addition to the optional header. + +# Disk info block. (block 1) +0 name nintendo-fds-disk-info-block +>23 byte !1 FMC- +>23 byte 1 FSC- +>16 string x \b%.3s +>15 byte x \b, mfr %02X +>20 byte x (Rev.%02u) + +# Headered version. +0 string FDS\x1A +>0x11 string *NINTENDO-HVC* Famicom Disk System disk image: +!:mime application/x-fds-disk +>>0x10 use nintendo-fds-disk-info-block +>4 byte 1 (%u side) +>4 byte !1 (%u sides) + +# Unheadered version. +1 string *NINTENDO-HVC* Famicom Disk System disk image: +!:mime application/x-fds-disk +>0 use nintendo-fds-disk-info-block + +#------------------------------------------------------------------------------ +# tnes: file(1) magic for TNES-format Nintendo Entertainment System ROM images +# Used by Nintendo 3DS NES Virtual Console games. +# From: David Korth +# +0 string TNES NES ROM image (Nintendo 3DS Virtual Console) +!:mime application/x-nes-rom +>4 byte 100 \b: FDS, +>>0x2010 use nintendo-fds-disk-info-block +>4 byte !100 \b: TNES mapper %u +>>5 byte x \b, %ux8k PRG +>>6 byte x \b, %ux8k CHR +>>7 byte&0x08 =1 [WRAM] +>>8 byte&0x09 =1 [H-mirror] +>>8 byte&0x09 =2 [V-mirror] +>>8 byte&0x02 =3 [VRAM] + +#------------------------------------------------------------------------------ +# gameboy: file(1) magic for the Nintendo (Color) Gameboy raw ROM format +# Reference: http://gbdev.gg8.se/wiki/articles/The_Cartridge_Header +# +0x104 bequad 0xCEED6666CC0D000B Game Boy ROM image +# TODO: application/x-gameboy-color-rom for GBC. +!:mime application/x-gameboy-rom +>0x143 byte&0x80 0x80 +>>0x134 string >\0 \b: "%.15s" +>0x143 byte&0x80 !0x80 +>>0x134 string >\0 \b: "%.16s" +>0x14c byte x (Rev.%02u) + +# Machine type. (SGB, CGB, SGB+CGB) +>0x14b byte 0x33 +>>0x146 byte 0x03 +>>>0x143 byte&0x80 0x80 [SGB+CGB] +>>>0x143 byte&0x80 !0x80 [SGB] +>>0x146 byte !0x03 +>>>0x143 byte&0xC0 0x80 [CGB] +>>>0x143 byte&0xC0 0xC0 [CGB ONLY] +>0x14b byte !0x33 + +# Mapper. +>0x147 byte 0x00 [ROM ONLY] +>0x147 byte 0x01 [MBC1] +>0x147 byte 0x02 [MBC1+RAM] +>0x147 byte 0x03 [MBC1+RAM+BATT] +>0x147 byte 0x05 [MBC2] +>0x147 byte 0x06 [MBC2+BATTERY] +>0x147 byte 0x08 [ROM+RAM] +>0x147 byte 0x09 [ROM+RAM+BATTERY] +>0x147 byte 0x0B [MMM01] +>0x147 byte 0x0C [MMM01+SRAM] +>0x147 byte 0x0D [MMM01+SRAM+BATT] +>0x147 byte 0x0F [MBC3+TIMER+BATT] +>0x147 byte 0x10 [MBC3+TIMER+RAM+BATT] +>0x147 byte 0x11 [MBC3] +>0x147 byte 0x12 [MBC3+RAM] +>0x147 byte 0x13 [MBC3+RAM+BATT] +>0x147 byte 0x19 [MBC5] +>0x147 byte 0x1A [MBC5+RAM] +>0x147 byte 0x1B [MBC5+RAM+BATT] +>0x147 byte 0x1C [MBC5+RUMBLE] +>0x147 byte 0x1D [MBC5+RUMBLE+SRAM] +>0x147 byte 0x1E [MBC5+RUMBLE+SRAM+BATT] +>0x147 byte 0xFC [Pocket Camera] +>0x147 byte 0xFD [Bandai TAMA5] +>0x147 byte 0xFE [Hudson HuC-3] +>0x147 byte 0xFF [Hudson HuC-1] + +# ROM size. +>0x148 byte 0 \b, ROM: 256Kbit +>0x148 byte 1 \b, ROM: 512Kbit +>0x148 byte 2 \b, ROM: 1Mbit +>0x148 byte 3 \b, ROM: 2Mbit +>0x148 byte 4 \b, ROM: 4Mbit +>0x148 byte 5 \b, ROM: 8Mbit +>0x148 byte 6 \b, ROM: 16Mbit +>0x148 byte 7 \b, ROM: 32Mbit +>0x148 byte 0x52 \b, ROM: 9Mbit +>0x148 byte 0x53 \b, ROM: 10Mbit +>0x148 byte 0x54 \b, ROM: 12Mbit + +# RAM size. +>0x149 byte 1 \b, RAM: 16Kbit +>0x149 byte 2 \b, RAM: 64Kbit +>0x149 byte 3 \b, RAM: 128Kbit +>0x149 byte 4 \b, RAM: 1Mbit +>0x149 byte 5 \b, RAM: 512Kbit + +#------------------------------------------------------------------------------ +# genesis: file(1) magic for various Sega Mega Drive / Genesis ROM image and disc formats +# Updated by David Korth +# References: +# - https://www.retrodev.com/segacd.html +# - http://devster.monkeeh.com/sega/32xguide1.txt +# + +# Common Sega Mega Drive header format. +# FIXME: Name fields are 48 bytes, but have spaces for padding instead of 00s. +0 name sega-mega-drive-header +# ROM title. (Use domestic if present; if not, use international.) +>0x120 byte >0x20 +>>0x120 string >\0 \b: "%.16s" +>0x120 byte <0x21 +>>0x150 string >\0 \b: "%.16s" +# Other information. +>0x180 string >\0 (%.14s +>>0x110 string >\0 \b, %.16s +>0x180 byte 0 +>>0x110 string >\0 (%.16s +>0 byte x \b) + +# TODO: Check for 32X CD? +# Sega Mega CD disc images: 2048-byte sectors. +0 string SEGADISCSYSTEM\ \ Sega Mega CD disc image +!:mime application/x-sega-cd-rom +>0 use sega-mega-drive-header +>0 byte x \b, 2048-byte sectors +0 string SEGABOOTDISC\ \ \ \ Sega Mega CD disc image +!:mime application/x-sega-cd-rom +>0 use sega-mega-drive-header +>0 byte x \b, 2048-byte sectors +# Sega Mega CD disc images: 2352-byte sectors. +0x10 string SEGADISCSYSTEM\ \ Sega Mega CD disc image +!:mime application/x-sega-cd-rom +>0x10 use sega-mega-drive-header +>0 byte x \b, 2352-byte sectors +0x10 string SEGABOOTDISC\ \ \ \ Sega Mega CD disc image +!:mime application/x-sega-cd-rom +>0x10 use sega-mega-drive-header +>0 byte x \b, 2352-byte sectors + +# Sega Mega Drive, 32X, Pico, and Mega CD Boot ROM images. +0x100 string SEGA +>0x3C0 bequad 0x4D41525320434845 Sega 32X ROM image +!:mime application/x-genesis-32x-rom +>>0 use sega-mega-drive-header +>0x3C0 bequad !0x4D41525320434845 +>>0x105 belong 0x5049434F Sega Pico ROM image +!:mime application/x-sega-pico-rom +>>>0 use sega-mega-drive-header +>>0x105 belong !0x5049434F +>>>0x180 beshort 0x4252 Sega Mega CD Boot ROM image +!:mime application/x-genesis-rom +>>>0x180 beshort !0x4252 Sega Mega Drive / Genesis ROM image +!:mime application/x-genesis-rom +>>>0 use sega-mega-drive-header + +#------------------------------------------------------------------------------ +# genesis: file(1) magic for the Super MegaDrive ROM dump format +# + +# NOTE: Due to interleaving, we can't display anything +# other than the copier header information. +0 name sega-genesis-smd-header +>0 byte x %dx16k blocks +>2 byte 0 \b, last in series or standalone +>2 byte >0 \b, split ROM + +# "Sega Genesis" header. +0x280 string EAGN +>8 beshort 0xAABB Sega Mega Drive / Genesis ROM image (SMD format): +!:mime application/x-genesis-rom +>>0 use sega-genesis-smd-header + +# "Sega Mega Drive" header. +0x280 string EAMG +>8 beshort 0xAABB Sega Mega Drive / Genesis ROM image (SMD format): +!:mime application/x-genesis-rom +>>0 use sega-genesis-smd-header + +#------------------------------------------------------------------------------ +# smsgg: file(1) magic for Sega Master System and Game Gear ROM images +# Detects all Game Gear and export Sega Master System ROM images, +# and some Japanese Sega Master System ROM images. +# From: David Korth +# Reference: https://www.smspower.org/Development/ROMHeader +# + +# General SMS header rule. +# The SMS boot ROM checks the header at three locations. +0 name sega-master-system-rom-header +# Machine type. +>0x0F byte&0xF0 0x30 Sega Master System +!:mime application/x-sms-rom +>0x0F byte&0xF0 0x40 Sega Master System +!:mime application/x-sms-rom +>0x0F byte&0xF0 0x50 Sega Game Gear +!:mime application/x-gamegear-rom +>0x0F byte&0xF0 0x60 Sega Game Gear +!:mime application/x-gamegear-rom +>0x0F byte&0xF0 0x70 Sega Game Gear +!:mime application/x-gamegear-rom +>0x0F default x Sega Master System / Game Gear +!:mime application/x-sms-rom +>0 byte x ROM image: +# Product code. +>0x0E byte&0xF0 0x10 1 +>0x0E byte&0xF0 0x20 2 +>0x0E byte&0xF0 0x30 3 +>0x0E byte&0xF0 0x40 4 +>0x0E byte&0xF0 0x50 5 +>0x0E byte&0xF0 0x60 6 +>0x0E byte&0xF0 0x70 7 +>0x0E byte&0xF0 0x80 8 +>0x0E byte&0xF0 0x90 9 +>0x0E byte&0xF0 0xA0 10 +>0x0E byte&0xF0 0xB0 11 +>0x0E byte&0xF0 0xC0 12 +>0x0E byte&0xF0 0xD0 13 +>0x0E byte&0xF0 0xE0 14 +>0x0E byte&0xF0 0xF0 15 +# If the product code is 5 digits, we'll need to backspace here. +>0x0E byte&0xF0 !0 +>>0x0C leshort x \b%04x +>0x0E byte&0xF0 0 +>>0x0C leshort x %04x +# Revision. +>0x0E byte&0x0F x (Rev.%02d) +# ROM size. (Used for the boot ROM checksum routine.) +>0x0F byte&0x0F 0x0A (8 KB) +>0x0F byte&0x0F 0x0B (16 KB) +>0x0F byte&0x0F 0x0C (32 KB) +>0x0F byte&0x0F 0x0D (48 KB) +>0x0F byte&0x0F 0x0E (64 KB) +>0x0F byte&0x0F 0x0F (128 KB) +>0x0F byte&0x0F 0x00 (256 KB) +>0x0F byte&0x0F 0x01 (512 KB) +>0x0F byte&0x0F 0x02 (1 MB) + +# SMS/GG header locations. +0x7FF0 string TMR\ SEGA +>0x7FF0 use sega-master-system-rom-header +0x3FF0 string TMR\ SEGA +>0x3FF0 use sega-master-system-rom-header +0x1FF0 string TMR\ SEGA +>0x1FF0 use sega-master-system-rom-header + +#------------------------------------------------------------------------------ +# saturn: file(1) magic for the Sega Saturn disc image format. +# From: David Korth +# + +# Common Sega Saturn disc header format. +# NOTE: Title is 112 bytes, but we're only showing 32 due to space padding. +# TODO: Release date, device information, region code, others? +0 name sega-saturn-disc-header +>0x60 string >\0 \b: "%.32s" +>0x20 string >\0 (%.10s +>>0x2A string >\0 \b, %.6s) +>>0x2A byte 0 \b) + +# 2048-byte sector version. +0 string SEGA\ SEGASATURN\ Sega Saturn disc image +!:mime application/x-saturn-rom +>0 use sega-saturn-disc-header +>0 byte x (2048-byte sectors) +# 2352-byte sector version. +0x10 string SEGA\ SEGASATURN\ Sega Saturn disc image +!:mime application/x-saturn-rom +>0x10 use sega-saturn-disc-header +>0 byte x (2352-byte sectors) + +#------------------------------------------------------------------------------ +# dreamcast: file(1) magic for the Sega Dreamcast disc image format. +# From: David Korth +# Reference: https://mc.pp.se/dc/ip0000.bin.html +# + +# Common Sega Dreamcast disc header format. +# NOTE: Title is 128 bytes, but we're only showing 32 due to space padding. +# TODO: Release date, device information, region code, others? +0 name sega-dreamcast-disc-header +>0x80 string >\0 \b: "%.32s" +>0x40 string >\0 (%.10s +>>0x4A string >\0 \b, %.6s) +>>0x4A byte 0 \b) + +# 2048-byte sector version. +0 string SEGA\ SEGAKATANA\ Sega Dreamcast disc image +!:mime application/x-dc-rom +>0 use sega-dreamcast-disc-header +>0 byte x (2048-byte sectors) +# 2352-byte sector version. +0x10 string SEGA\ SEGAKATANA\ Sega Dreamcast disc image +!:mime application/x-dc-rom +>0x10 use sega-dreamcast-disc-header +>0 byte x (2352-byte sectors) + +#------------------------------------------------------------------------------ +# dreamcast: file(1) uncertain magic for the Sega Dreamcast VMU image format +# +0 belong 0x21068028 Sega Dreamcast VMU game image +0 string LCDi Dream Animator file + +#------------------------------------------------------------------------------ +# z64: file(1) magic for the Z64 format N64 ROM dumps +# Reference: http://forum.pj64-emu.com/showthread.php?t=2239 +# From: David Korth +# +0 bequad 0x803712400000000F Nintendo 64 ROM image +!:mime application/x-n64-rom +>0x20 string >\0 \b: "%.20s" +>0x3B string x (%.4s +>0x3F byte x \b, Rev.%02u) + +#------------------------------------------------------------------------------ +# v64: file(1) magic for the V64 format N64 ROM dumps +# Same as z64 format, but with 16-bit byteswapping. +# +0 bequad 0x3780401200000F00 Nintendo 64 ROM image (V64) +!:mime application/x-n64-rom + +#------------------------------------------------------------------------------ +# n64-swap2: file(1) magic for the swap2 format N64 ROM dumps +# Same as z64 format, but with swapped 16-bit words. +# +0 bequad 0x12408037000F0000 Nintendo 64 ROM image (wordswapped) +!:mime application/x-n64-rom + +#------------------------------------------------------------------------------ +# n64-le32: file(1) magic for the 32-bit byteswapped format N64 ROM dumps +# Same as z64 format, but with 32-bit byteswapping. +# +0 bequad 0x401237800F000000 Nintendo 64 ROM image (32-bit byteswapped) +!:mime application/x-n64-rom + +#------------------------------------------------------------------------------ +# gba: file(1) magic for the Nintendo Game Boy Advance raw ROM format +# Reference: https://problemkaputt.de/gbatek.htm#gbacartridgeheader +# +# Original version from: "Nelson A. de Oliveira" +# Updated version from: David Korth +# +4 bequad 0x24FFAE51699AA221 Game Boy Advance ROM image +!:mime application/x-gba-rom +>0xA0 string >\0 \b: "%.12s" +>0xAC string x (%.6s +>0xBC byte x \b, Rev.%02u) + +#------------------------------------------------------------------------------ +# nds: file(1) magic for the Nintendo DS(i) raw ROM format +# Reference: https://problemkaputt.de/gbatek.htm#dscartridgeheader +# +# Original version from: "Nelson A. de Oliveira" +# Updated version from: David Korth +# +0xC0 bequad 0x24FFAE51699AA221 Nintendo DS ROM image +!:mime application/x-nintendo-ds-rom +>0x00 string >\0 \b: "%.12s" +>0x0C string x (%.6s +>0x1E byte x \b, Rev.%02u) +>0x12 byte 2 (DSi enhanced) +>0x12 byte 3 (DSi only) +# Secure Area check. +>0x20 lelong <0x4000 (homebrew) +>0x20 lelong >0x3FFF +>>0x4000 lequad 0x0000000000000000 (multiboot) +>>0x4000 lequad !0x0000000000000000 +>>>0x4000 lequad 0xE7FFDEFFE7FFDEFF (decrypted) +>>>0x4000 lequad !0xE7FFDEFFE7FFDEFF +>>>>0x1000 lequad 0x0000000000000000 (encrypted) +>>>>0x1000 lequad !0x0000000000000000 (mask ROM) + +#------------------------------------------------------------------------------ +# nds_passme: file(1) magic for Nintendo DS ROM images for GBA cartridge boot. +# This is also used for loading .nds files using the MSET exploit on 3DS. +# Reference: https://github.com/devkitPro/ndstool/blob/master/source/ndscreate.cpp +0xC0 bequad 0xC8604FE201708FE2 Nintendo DS Slot-2 ROM image (PassMe) +!:mime application/x-nintendo-ds-rom + +#------------------------------------------------------------------------------ +# ngp: file(1) magic for the Neo Geo Pocket (Color) raw ROM format. +# From: David Korth +# References: +# - https://neogpc.googlecode.com/svn-history/r10/trunk/src/core/neogpc.cpp +# - https://www.devrs.com/ngp/files/ngpctech.txt +# +0x0A string BY\ SNK\ CORPORATION Neo Geo Pocket +!:mime application/x-neo-geo-pocket-rom +>0x23 byte 0x10 Color +>0 byte x ROM image +>0x24 string >\0 \b: "%.12s" +>0x1F byte 0xFF (debug mode enabled) + +#------------------------------------------------------------------------------ +# msx: file(1) magic for MSX game cartridge dumps +# Too simple - MPi +#0 beshort 0x4142 MSX game cartridge dump + +#------------------------------------------------------------------------------ +# Sony Playstation executables (Adam Sjoegren ) : +0 string PS-X\ EXE Sony Playstation executable +>16 lelong x PC=0x%08x, +>20 lelong !0 GP=0x%08x, +>24 lelong !0 .text=[0x%08x, +>>28 lelong x \b0x%x], +>32 lelong !0 .data=[0x%08x, +>>36 lelong x \b0x%x], +>40 lelong !0 .bss=[0x%08x, +>>44 lelong x \b0x%x], +>48 lelong !0 Stack=0x%08x, +>48 lelong =0 No Stack!, +>52 lelong !0 StackSize=0x%x, +#>76 string >\0 (%s) +# Area: +>113 string x (%s) + +# CPE executables +0 string CPE CPE executable +>3 byte x (version %d) + +#------------------------------------------------------------------------------ +# Microsoft Xbox executables .xbe (Esa Hyytia ) +0 string XBEH Microsoft Xbox executable +# expect base address of 0x10000 +>0x0104 ulelong =0x10000 +>>(0x0118.l-0x0FFF4) lestring16 x \b: "%.40s" +>>(0x0118.l-0x0FFF5) byte x (%c +>>(0x0118.l-0x0FFF6) byte x \b%c- +>>(0x0118.l-0x0FFF8) uleshort x \b%03u) +>>(0x0118.l-0x0FF60) ulelong&0x80000007 0x80000007 \b, all regions +>>(0x0118.l-0x0FF60) ulelong&0x80000007 !0x80000007 +>>>(0x0118.l-0x0FF60) ulelong >0 (regions: +>>>>(0x0118.l-0x0FF60) ulelong &0x00000001 NA +>>>>(0x0118.l-0x0FF60) ulelong &0x00000002 Japan +>>>>(0x0118.l-0x0FF60) ulelong &0x00000004 Rest_of_World +>>>>(0x0118.l-0x0FF60) ulelong &0x80000000 Manufacturer +>>>(0x0118.l-0x0FF60) ulelong >0 \b) +# probabilistic checks whether signed or not +>0x0004 ulelong =0x0 +>>&2 ulelong =0x0 +>>>&2 ulelong =0x0 \b, not signed +>0x0004 ulelong >0 +>>&2 ulelong >0 +>>>&2 ulelong >0 \b, signed + +# -------------------------------- +# Microsoft Xbox data file formats +0 string XIP0 XIP, Microsoft Xbox data +0 string XTF0 XTF, Microsoft Xbox data + +#------------------------------------------------------------------------------ +# Microsoft Xbox 360 executables (.xex) +# From: David Korth +# References: +# - https://free60project.github.io/wiki/XEX.html +# - https://github.com/xenia-project/xenia/blob/HEAD/src/xenia/kernel/util/xex2_info.h + +# Title ID (part of Execution ID section) +0 name xbox-360-xex-execution-id +>(0.L+0xC) byte x (%c +>(0.L+0xD) byte x \b%c +>(0.L+0xE) beshort x \b-%04u) + +0 string XEX2 Microsoft Xbox 360 executable +>0x18 search/0x100 \x00\x04\x00\x06 +>>&0 use xbox-360-xex-execution-id +>(0x010.L+0x178) ubelong 0xFFFFFFFF \b, all regions +>(0x010.L+0x178) ubelong !0xFFFFFFFF +>>(0x010.L+0x178) ubelong >0 (regions: +>>(0x010.L+0x178) ubelong&0x000000FF 0x000000FF USA +>>(0x010.L+0x178) ubelong&0x00000100 0x00000100 Japan +>>(0x010.L+0x178) ubelong&0x00000200 0x00000200 China +>>(0x010.L+0x178) ubelong&0x0000FC00 0x0000FC00 Asia +>>(0x010.L+0x178) ubelong&0x00FF0000 0x00FF0000 PAL +>>(0x010.L+0x178) ubelong&0x00FF0000 0x00FE0000 PAL [except AU/NZ] +>>(0x010.L+0x178) ubelong&0x00FF0000 0x00010000 AU/NZ +>>(0x010.L+0x178) ubelong&0xFF000000 0xFF000000 Other +>>(0x010.L+0x178) ubelong >0 \b) + + + +# Atari Lynx cartridge dump (EXE/BLL header) +# From: "Stefan A. Haubenthal" + +# Double-check that the image type matches too, 0x8008 conflicts with +# 8 character OMF-86 object file headers. +0 beshort 0x8008 +>6 string BS93 Lynx homebrew cartridge +!:mime application/x-atari-lynx-rom +>>2 beshort x \b, RAM start $%04x +>6 string LYNX Lynx cartridge +!:mime application/x-atari-lynx-rom +>>2 beshort x \b, RAM start $%04x + +# Opera file system that is used on the 3DO console +# From: Serge van den Boom +0 string \x01ZZZZZ\x01 3DO "Opera" file system + +# From: Alex Myczko +# From: David Pflug +# is the offset 12 or the offset 16 correct? +# GBS (Game Boy Sound) magic +# ftp://ftp.modland.com/pub/documents/format_documentation/\ +# Gameboy%20Sound%20System%20(.gbs).txt +0 string GBS Nintendo Gameboy Music/Audio Data +#12 string GameBoy\ Music\ Module Nintendo Gameboy Music Module +>16 string >\0 ("%.32s" by +>48 string >\0 %.32s, copyright +>80 string >\0 %.32s), +>3 byte x version %u, +>4 byte x %u tracks + +# IPS Patch Files from: From: Thomas Klausner +# see https://zerosoft.zophar.net/ips.php +0 string PATCH IPS patch file + +# Playstations Patch Files from: From: Thomas Klausner +0 string PPF30 Playstation Patch File version 3.0 +>5 byte 0 \b, PPF 1.0 patch +>5 byte 1 \b, PPF 2.0 patch +>5 byte 2 \b, PPF 3.0 patch +>>56 byte 0 \b, Imagetype BIN (any) +>>56 byte 1 \b, Imagetype GI (PrimoDVD) +>>57 byte 0 \b, Blockcheck disabled +>>57 byte 1 \b, Blockcheck enabled +>>58 byte 0 \b, Undo data not available +>>58 byte 1 \b, Undo data available +>6 string x \b, description: %s + +0 string PPF20 Playstation Patch File version 2.0 +>5 byte 0 \b, PPF 1.0 patch +>5 byte 1 \b, PPF 2.0 patch +>>56 lelong >0 \b, size of file to patch %d +>6 string x \b, description: %s + +0 string PPF10 Playstation Patch File version 1.0 +>5 byte 0 \b, Simple Encoding +>6 string x \b, description: %s + +# From: Daniel Dawson +# SNES9x .smv "movie" file format. +0 string SMV\x1A SNES9x input recording +>0x4 lelong x \b, version %d +# version 4 is latest so far +>0x4 lelong <5 +>>0x8 ledate x \b, recorded at %s +>>0xc lelong >0 \b, rerecorded %d times +>>0x10 lelong x \b, %d frames long +>>0x14 byte >0 \b, data for controller(s): +>>>0x14 byte &0x1 #1 +>>>0x14 byte &0x2 #2 +>>>0x14 byte &0x4 #3 +>>>0x14 byte &0x8 #4 +>>>0x14 byte &0x10 #5 +>>0x15 byte ^0x1 \b, begins from snapshot +>>0x15 byte &0x1 \b, begins from reset +>>0x15 byte ^0x2 \b, NTSC standard +>>0x15 byte &0x2 \b, PAL standard +>>0x17 byte &0x1 \b, settings: +# WIP1Timing not used as of version 4 +>>>0x4 lelong <4 +>>>>0x17 byte &0x2 WIP1Timing +>>>0x17 byte &0x4 Left+Right +>>>0x17 byte &0x8 VolumeEnvX +>>>0x17 byte &0x10 FakeMute +>>>0x17 byte &0x20 SyncSound +# New flag as of version 4 +>>>0x4 lelong >3 +>>>>0x17 byte &0x80 NoCPUShutdown +>>0x4 lelong <4 +>>>0x18 lelong >0x23 +>>>>0x20 leshort !0 +>>>>>0x20 lestring16 x \b, metadata: "%s" +>>0x4 lelong >3 +>>>0x24 byte >0 \b, port 1: +>>>>0x24 byte 1 joypad +>>>>0x24 byte 2 mouse +>>>>0x24 byte 3 SuperScope +>>>>0x24 byte 4 Justifier +>>>>0x24 byte 5 multitap +>>>0x24 byte >0 \b, port 2: +>>>>0x25 byte 1 joypad +>>>>0x25 byte 2 mouse +>>>>0x25 byte 3 SuperScope +>>>>0x25 byte 4 Justifier +>>>>0x25 byte 5 multitap +>>>0x18 lelong >0x43 +>>>>0x40 leshort !0 +>>>>>0x40 lestring16 x \b, metadata: "%s" +>>0x17 byte &0x40 \b, ROM: +>>>(0x18.l-26) lelong x CRC32 0x%08x +>>>(0x18.l-23) string x "%s" + +# Type: scummVM savegame files +# From: Sven Hartge +0 string SCVM ScummVM savegame +>12 string >\0 "%s" + +#------------------------------------------------------------------------------ +# Nintendo GameCube / Wii file formats. +# + +# Type: Nintendo GameCube/Wii common disc header data. +# From: David Korth +# Reference: https://wiibrew.org/wiki/Wii_Disc +0 name nintendo-gcn-disc-common +>0x20 string x "%.64s" +>0x00 string x (%.6s +>0x06 byte >0 +>>0x06 byte 1 \b, Disc 2 +>>0x06 byte 2 \b, Disc 3 +>>0x06 byte 3 \b, Disc 4 +>0x07 byte x \b, Rev.%02u) +>0x18 belong 0x5D1C9EA3 +>>0x60 beshort 0x0101 \b (Unencrypted) + +# Type: Nintendo GameCube disc image +# From: David Korth +# Reference: https://wiibrew.org/wiki/Wii_Disc +0x1C belong 0xC2339F3D Nintendo GameCube disc image: +!:mime application/x-gamecube-rom +>0 use nintendo-gcn-disc-common + +# Type: Nintendo GameCube embedded disc image +# Commonly found on demo discs. +# From: David Korth +# Reference: http://hitmen.c02.at/files/yagcd/yagcd/index.html#idx14.8 +0 belong 0xAE0F38A2 +>0x0C belong 0x00100000 +>>(8.L+0x1C) belong 0xC2339F3D Nintendo GameCube embedded disc image: +!:mime application/x-gamecube-rom +>>>(8.L) use nintendo-gcn-disc-common + +# Type: Nintendo Wii disc image +# From: David Korth +# Reference: https://wiibrew.org/wiki/Wii_Disc +0x18 belong 0x5D1C9EA3 Nintendo Wii disc image: +>0 use nintendo-gcn-disc-common + +# Type: Nintendo Wii disc image (WBFS format) +# From: David Korth +# Reference: https://wiibrew.org/wiki/Wii_Disc +0 string WBFS +>0x218 belong 0x5D1C9EA3 Nintendo Wii disc image (WBFS format): +!:mime application/x-wii-rom +>>0x200 use nintendo-gcn-disc-common + +# Type: Nintendo GameCube/Wii disc image (CISO format) +# NOTE: This is NOT the same as Compact ISO or PSP CISO, +# though it has the same magic number. +0 string CISO +# Other fields are used to determine what type of CISO this is: +# - 0x04 == 0x00200000: GameCube/Wii CISO (block_size) +# - 0x10 == 0x00000800: PSP CISO (ISO-9660 sector size) +# - None of the above: Compact ISO. +>4 lelong 0x200000 +>>8 byte 1 +>>>0x801C belong 0xC2339F3D Nintendo GameCube disc image (CISO format): +!:mime application/x-wii-rom +>>>>0x8000 use nintendo-gcn-disc-common +>>>0x8018 belong 0x5D1C9EA3 Nintendo Wii disc image (CISO format): +!:mime application/x-wii-rom +>>>>0x8000 use nintendo-gcn-disc-common + +# Type: Nintendo GameCube/Wii disc image (GCZ format) +# Due to zlib compression, we can't get the actual disc information. +0 lelong 0xB10BC001 +>4 lelong 0 Nintendo GameCube disc image (GCZ format) +!:mime application/x-gamecube-rom +>4 lelong 1 Nintendo Wii disc image (GCZ format) +!:mime application/x-wii-rom +>4 default x Nintendo GameCube/Wii disc image (GCZ format) + +# Type: Nintendo GameCube/Wii disc image (WDF format) +0 string WII\001DISC +>8 belong 1 +# WDFv1 +>>0x54 belong 0xC2339F3D Nintendo GameCube disc image (WDFv1 format): +!:mime application/x-gamecube-rom +>>>0x38 use nintendo-gcn-disc-common +>>0x58 belong 0x5D1C9EA3 Nintendo Wii disc image (WDFv1 format): +!:mime application/x-wii-rom +>>>0x38 use nintendo-gcn-disc-common +>8 belong 2 +# WDFv2 +>>(12.L+0x1C) belong 0xC2339F3D Nintendo GameCube disc image (WDFv2 format): +!:mime application/x-gamecube-rom +>>>(12.L) use nintendo-gcn-disc-common +>>(12.L+0x18) belong 0x5D1C9EA3 Nintendo Wii disc image (WDFv2 format): +!:mime application/x-wii-rom +>>>(12.L) use nintendo-gcn-disc-common + +# Type: Nintendo GameCube/Wii disc image (WIA format) +0 string WIA\001 Nintendo +>0x48 belong 1 GameCube +!:mime application/x-gamecube-rom +>0x48 belong 2 Wii +!:mime application/x-wii-rom +>0x48 default x GameCube/Wii +>0x48 belong x disc image (WIA format): +>>0x58 use nintendo-gcn-disc-common + +# Type: Nintendo GameCube/Wii disc image (with SDK header) +# From: David Korth +# Reference: https://wiibrew.org/wiki/Wii_Disc +0 belong 0xFFFF0000 +>0x18 belong 0x00000000 +>>0x1C belong 0x00000000 +>>>0x8018 belong 0x5D1C9EA3 Nintendo Wii SDK disc image: +!:mime application/x-wii-rom +>>>>0x8000 use nintendo-gcn-disc-common +>>>0x801C belong 0xC2339F3D Nintendo GameCube SDK disc image: +!:mime application/x-gamecube-rom +>>>>0x8000 use nintendo-gcn-disc-common + +#------------------------------------------------------------------------------ +# Nintendo 3DS file formats. +# + +# Type: Nintendo 3DS "NCSD" image. (game cards and eMMC) +# From: David Korth +# Reference: https://www.3dbrew.org/wiki/NCSD +0x100 string NCSD +>0x118 lequad 0 Nintendo 3DS Game Card image +# NCCH header for partition 0. (game data) +>>0x1150 string >\0 \b: "%.16s" +>>0x312 byte x (Rev.%02u) +>>0x118C byte 2 (New3DS only) +>>0x18D byte 0 (inner device) +>>0x18D byte 1 (Card1) +>>0x18D byte 2 (Card2) +>>0x18D byte 3 (extended device) +>0x118 bequad 0x0102020202000000 Nintendo 3DS eMMC dump (Old3DS) +>0x118 bequad 0x0102020203000000 Nintendo 3DS eMMC dump (New3DS) + +# Nintendo 3DS version code. +# Reference: https://www.3dbrew.org/wiki/Titles +# Format: leshort containing three fields: +# - 6-bit: Major +# - 6-bit: Minor +# - 4-bit: Revision +# NOTE: Only supporting major/minor versions from 0-15 right now. +# NOTE: Should be prefixed with "v". +0 name nintendo-3ds-version-code +# Raw version. +>0 leshort x \b%u, +# Major version. +>0 leshort&0xFC00 0x0000 0 +>0 leshort&0xFC00 0x0400 1 +>0 leshort&0xFC00 0x0800 2 +>0 leshort&0xFC00 0x0C00 3 +>0 leshort&0xFC00 0x1000 4 +>0 leshort&0xFC00 0x1400 5 +>0 leshort&0xFC00 0x1800 6 +>0 leshort&0xFC00 0x1C00 7 +>0 leshort&0xFC00 0x2000 8 +>0 leshort&0xFC00 0x2400 9 +>0 leshort&0xFC00 0x2800 10 +>0 leshort&0xFC00 0x2C00 11 +>0 leshort&0xFC00 0x3000 12 +>0 leshort&0xFC00 0x3400 13 +>0 leshort&0xFC00 0x3800 14 +>0 leshort&0xFC00 0x3C00 15 +# Minor version. +>0 leshort&0x03F0 0x0000 \b.0 +>0 leshort&0x03F0 0x0010 \b.1 +>0 leshort&0x03F0 0x0020 \b.2 +>0 leshort&0x03F0 0x0030 \b.3 +>0 leshort&0x03F0 0x0040 \b.4 +>0 leshort&0x03F0 0x0050 \b.5 +>0 leshort&0x03F0 0x0060 \b.6 +>0 leshort&0x03F0 0x0070 \b.7 +>0 leshort&0x03F0 0x0080 \b.8 +>0 leshort&0x03F0 0x0090 \b.9 +>0 leshort&0x03F0 0x00A0 \b.10 +>0 leshort&0x03F0 0x00B0 \b.11 +>0 leshort&0x03F0 0x00C0 \b.12 +>0 leshort&0x03F0 0x00D0 \b.13 +>0 leshort&0x03F0 0x00E0 \b.14 +>0 leshort&0x03F0 0x00F0 \b.15 +# Revision. +>0 leshort&0x000F x \b.%u + +# Type: Nintendo 3DS "NCCH" container. +# https://www.3dbrew.org/wiki/NCCH +0x100 string NCCH Nintendo 3DS +>0x18D byte&2 0 File Archive (CFA) +>0x18D byte&2 2 Executable Image (CXI) +>0x150 string >\0 \b: "%.16s" +>0x18D byte 0x05 +>>0x10E leshort x (Old3DS System Update v +>>0x10E use nintendo-3ds-version-code +>>0x10E leshort x \b) +>0x18D byte 0x15 +>>0x10E leshort x (New3DS System Update v +>>0x10E use nintendo-3ds-version-code +>>0x10E leshort x \b) +>0x18D byte !0x05 +>>0x18D byte !0x15 +>>>0x112 byte x (v +>>>0x112 use nintendo-3ds-version-code +>>>0x112 byte x \b) +>0x18C byte 2 (New3DS only) + +# Type: Nintendo 3DS "SMDH" file. (application description) +# From: David Korth +# Reference: https://3dbrew.org/wiki/SMDH +0 string SMDH Nintendo 3DS SMDH file +>0x208 leshort !0 +>>0x208 lestring16 x \b: "%.128s" +>>0x388 leshort !0 +>>>0x388 lestring16 x by %.128s +>0x208 leshort 0 +>>0x008 leshort !0 +>>>0x008 lestring16 x \b: "%.128s" +>>>0x188 leshort !0 +>>>>0x188 lestring16 x by %.128s + +# Type: Nintendo 3DS Homebrew Application. +# From: David Korth +# Reference: https://3dbrew.org/wiki/3DSX_Format +0 string 3DSX Nintendo 3DS Homebrew Application (3DSX) + +#------------------------------------------------------------------------------ +# a7800: file(1) magic for the Atari 7800 raw ROM format. +# From: David Korth +# Reference: https://sites.google.com/site/atari7800wiki/a78-header + +0 byte >0 +>0 byte <3 +>>1 string ATARI7800 Atari 7800 ROM image +!:mime application/x-atari-7800-rom +>>>0x11 string >\0 \b: "%.32s" +# Display type. +>>>0x39 byte 0 (NTSC) +>>>0x39 byte 1 (PAL) +>>>0x36 byte&1 1 (POKEY) + +#------------------------------------------------------------------------------ +# vectrex: file(1) magic for the GCE Vectrex raw ROM format. +# From: David Korth +# Reference: http://www.playvectrex.com/designit/chrissalo/hello1.htm +# +# NOTE: Title is terminated with 0x80, not 0. +# The header is terminated with a 0, so that will +# terminate the title as well. +# +0 string g\ GCE Vectrex ROM image +>0x11 string >\0 \b: "%.16s" + +#------------------------------------------------------------------------------ +# amiibo: file(1) magic for Nintendo amiibo NFC dumps. +# From: David Korth +# Reference: https://www.3dbrew.org/wiki/Amiibo +0x00 byte 0x04 +>0x0A beshort 0x0FE0 +>>0x0C belong 0xF110FFEE +>>>0x208 beshort 0x0100 +>>>>0x020A byte 0x0F +>>>>>0x020C bequad 0x000000045F000000 +>>>>>>0x5B byte 0x02 +>>>>>>>0x54 belong x Nintendo amiibo NFC dump - amiibo ID: %08X- +>>>>>>>0x58 belong x \b%08X diff --git a/magic/Magdir/convex b/magic/Magdir/convex new file mode 100644 index 0000000..4e096b9 --- /dev/null +++ b/magic/Magdir/convex @@ -0,0 +1,69 @@ + +#------------------------------------------------------------------------------ +# $File: convex,v 1.7 2009/09/19 16:28:08 christos Exp $ +# convex: file(1) magic for Convex boxes +# +# Convexes are big-endian. +# +# /*\ +# * Below are the magic numbers and tests added for Convex. +# * Added at beginning, because they are expected to be used most. +# \*/ +0 belong 0507 Convex old-style object +>16 belong >0 not stripped +0 belong 0513 Convex old-style demand paged executable +>16 belong >0 not stripped +0 belong 0515 Convex old-style pre-paged executable +>16 belong >0 not stripped +0 belong 0517 Convex old-style pre-paged, non-swapped executable +>16 belong >0 not stripped +0 belong 0x011257 Core file +# +# The following are a series of dump format magic numbers. Each one +# corresponds to a drastically different dump format. The first on is +# the original dump format on a 4.1 BSD or earlier file system. The +# second marks the change between the 4.1 file system and the 4.2 file +# system. The Third marks the changing of the block size from 1K +# to 2K to be compatible with an IDC file system. The fourth indicates +# a dump that is dependent on Convex Storage Manager, because data in +# secondary storage is not physically contained within the dump. +# The restore program uses these number to determine how the data is +# to be extracted. +# +24 belong =60013 dump format, 4.2 or 4.3 BSD (IDC compatible) +24 belong =60014 dump format, Convex Storage Manager by-reference dump +# +# what follows is a bunch of bit-mask checks on the flags field of the opthdr. +# If there is no `=' sign, assume just checking for whether the bit is set? +# +0 belong 0601 Convex SOFF +>88 belong&0x000f0000 =0x00000000 c1 +>88 belong &0x00010000 c2 +>88 belong &0x00020000 c2mp +>88 belong &0x00040000 parallel +>88 belong &0x00080000 intrinsic +>88 belong &0x00000001 demand paged +>88 belong &0x00000002 pre-paged +>88 belong &0x00000004 non-swapped +>88 belong &0x00000008 POSIX +# +>84 belong &0x80000000 executable +>84 belong &0x40000000 object +>84 belong&0x20000000 =0 not stripped +>84 belong&0x18000000 =0x00000000 native fpmode +>84 belong&0x18000000 =0x10000000 ieee fpmode +>84 belong&0x18000000 =0x18000000 undefined fpmode +# +0 belong 0605 Convex SOFF core +# +0 belong 0607 Convex SOFF checkpoint +>88 belong&0x000f0000 =0x00000000 c1 +>88 belong &0x00010000 c2 +>88 belong &0x00020000 c2mp +>88 belong &0x00040000 parallel +>88 belong &0x00080000 intrinsic +>88 belong &0x00000008 POSIX +# +>84 belong&0x18000000 =0x00000000 native fpmode +>84 belong&0x18000000 =0x10000000 ieee fpmode +>84 belong&0x18000000 =0x18000000 undefined fpmode diff --git a/magic/Magdir/coverage b/magic/Magdir/coverage new file mode 100644 index 0000000..69eab70 --- /dev/null +++ b/magic/Magdir/coverage @@ -0,0 +1,91 @@ + +#------------------------------------------------------------------------------ +# $File: coverage,v 1.2 2019/04/19 00:42:27 christos Exp $ +# xoverage: file(1) magic for test coverage data + +# File formats used to store test coverage data +# 2016-05-21, Georg Sauthoff + + +# - GCC gcno - written by GCC at compile time when compiling with +# gcc -ftest-coverage +# - GCC gcda - written by a program that was compiled with +# gcc -fprofile-arcs +# - LLVM raw profiles - generated by a program compiled with +# clang -fprofile-instr-generate -fcoverage-mapping ... +# - LLVM indexed profiles - generated by +# llvm-profdata +# - GCOV reports, i.e. the annotated source code +# - LCOV trace files, i.e. aggregated GCC profiles +# +# GCC coverage tracefiles +# .gcno file are created during compile time, +# while data collected during runtime is stored in .gcda files +# cf. gcov-io.h +# https://gcc.gnu.org/onlinedocs/gcc-5.3.0/gcc/Gcov-Data-Files.html +# Examples: +# Fedora 23/x86-64/gcc-5.3.1: 6f 6e 63 67 52 33 30 35 +# Debian 8 PPC64/gcc-4.9.2 : 67 63 6e 6f 34 30 39 2a +0 lelong 0x67636e6f GCC gcno coverage (-ftest-coverage), +>&3 byte x version %c. +>&1 byte x \b%c + +# big endian +0 belong 0x67636e6f GCC gcno coverage (-ftest-coverage), +>&0 byte x version %c. +>&2 byte x \b%c (big-endian) + +# Examples: +# Fedora 23/x86-64/gcc-5.3.1: 61 64 63 67 52 33 30 35 +# Debian 8 PPC64/gcc-4.9.2 : 67 63 64 61 34 30 39 2a +0 lelong 0x67636461 GCC gcda coverage (-fprofile-arcs), +>&3 byte x version %c. +>&1 byte x \b%c + +# big endian +0 belong 0x67636461 GCC gcda coverage (-fprofile-arcs), +>&0 byte x version %c. +>&2 byte x \b%c (big-endian) + + +# LCOV tracefiles +# cf. http://ltp.sourceforge.net/coverage/lcov/geninfo.1.php +0 string TN: +>&0 search/64 \nSF:/ LCOV coverage tracefile + + +# Coverage reports generated by gcov +# i.e. source code annoted with coverage information +0 string \x20\x20\x20\x20\x20\x20\x20\x20-:\x20\x20\x20\ 0:Source: +>&0 search/128 \x20\x20\x20\x20\x20\x20\x20\x20-:\x20\x20\x20\ 0:Graph: +>>&0 search/128 \x20\x20\x20\x20\x20\x20\x20\x20-:\x20\x20\x20\ 0:Data: GCOV coverage report + + +# LLVM coverage files + +# raw data after running a program compiled with: +# `clang -fprofile-instr-generate -fcoverage-mapping ...` +# default name: default.profraw +# magic is: \xFF lprofr \x81 +# cf. https://llvm.org/docs/doxygen/html/InstrProfData_8inc_source.html +0 lequad 0xff6c70726f667281 LLVM raw profile data, +>&0 byte x version %d + +# big endian +0 bequad 0xff6c70726f667281 LLVM raw profile data, +>&7 byte x version %d (big-endian) + + +# LLVM indexed instruction profile (as generated by llvm-profdata) +# magic is: reverse(\xFF lprofi \x81) +# cf. https://llvm.org/docs/CoverageMappingFormat.html +# https://llvm.org/docs/doxygen/html/namespacellvm_1_1IndexedInstrProf.html +# https://llvm.org/docs/CommandGuide/llvm-cov.html +# https://llvm.org/docs/CommandGuide/llvm-profdata.html +0 lequad 0x8169666f72706cff LLVM indexed profile data, +>&0 byte x version %d + +# big endian +0 bequad 0x8169666f72706cff LLVM indexed profile data, +>&7 byte x version %d (big-endian) + diff --git a/magic/Magdir/cracklib b/magic/Magdir/cracklib new file mode 100644 index 0000000..9ed7f65 --- /dev/null +++ b/magic/Magdir/cracklib @@ -0,0 +1,14 @@ + +#------------------------------------------------------------------------------ +# $File$ +# cracklib: file (1) magic for cracklib v2.7 + +0 lelong 0x70775631 Cracklib password index, little endian +>4 long >0 (%i words) +>4 long 0 ("64-bit") +>>8 long >-1 (%i words) +0 belong 0x70775631 Cracklib password index, big endian +>4 belong >-1 (%i words) +# really bellong 0x0000000070775631 +0 search/1 \0\0\0\0pwV1 Cracklib password index, big endian ("64-bit") +>12 belong >0 (%i words) diff --git a/magic/Magdir/ctags b/magic/Magdir/ctags new file mode 100644 index 0000000..5b67d79 --- /dev/null +++ b/magic/Magdir/ctags @@ -0,0 +1,6 @@ + +# ---------------------------------------------------------------------------- +# $File$ +# ctags: file (1) magic for Exuberant Ctags files +# From: Alexander Mai +0 search/1 =!_TAG Exuberant Ctags tag file text diff --git a/magic/Magdir/ctf b/magic/Magdir/ctf new file mode 100644 index 0000000..ebea8f3 --- /dev/null +++ b/magic/Magdir/ctf @@ -0,0 +1,23 @@ + +#-------------------------------------------------------------- +# ctf: file(1) magic for CTF (Common Trace Format) trace files +# +# Specs. available here: +#-------------------------------------------------------------- + +# CTF trace data +0 lelong 0xc1fc1fc1 Common Trace Format (CTF) trace data (LE) +0 belong 0xc1fc1fc1 Common Trace Format (CTF) trace data (BE) + +# CTF metadata (packetized) +0 lelong 0x75d11d57 Common Trace Format (CTF) packetized metadata (LE) +>35 byte x \b, v%d +>36 byte x \b.%d +0 belong 0x75d11d57 Common Trace Format (CTF) packetized metadata (BE) +>35 byte x \b, v%d +>36 byte x \b.%d + +# CTF metadata (plain text) +0 string /*\x20CTF\x20 Common Trace Format (CTF) plain text metadata +!:strength + 5 # this is to make sure we beat C +>&0 regex [0-9]+\.[0-9]+ \b, v%s diff --git a/magic/Magdir/cubemap b/magic/Magdir/cubemap new file mode 100644 index 0000000..50ab531 --- /dev/null +++ b/magic/Magdir/cubemap @@ -0,0 +1,8 @@ + +#------------------------------------------------------------------------------ +# $File: cubemaps,v 1.0 2011/12/22 09:01:05 christos Exp $ +# file(1) magic(5) data for cubemaps Martin Erik Werner +# +0 string ACMP Map file for the AssaultCube FPS game +0 string CUBE Map file for cube and cube2 engine games +0 string MAPZ) Map file for the Blood Frontier/Red Eclipse FPS games diff --git a/magic/Magdir/cups b/magic/Magdir/cups new file mode 100644 index 0000000..6dd14ac --- /dev/null +++ b/magic/Magdir/cups @@ -0,0 +1,56 @@ + +#------------------------------------------------------------------------------ +# $File: cups,v 1.6 2019/04/19 00:42:27 christos Exp $ +# Cups: file(1) magic for the cups raster file format +# From: Laurent Martelli +# https://www.cups.org/documentation.php/spec-raster.html +# + +0 name cups-le +>280 lelong x \b, %d +>284 lelong x \bx%d dpi +>376 lelong x \b, %dx +>380 lelong x \b%d pixels +>388 lelong x %d bits/color +>392 lelong x %d bits/pixel +>400 lelong 0 ColorOrder=Chunky +>400 lelong 1 ColorOrder=Banded +>400 lelong 2 ColorOrder=Planar +>404 lelong 0 ColorSpace=gray +>404 lelong 1 ColorSpace=RGB +>404 lelong 2 ColorSpace=RGBA +>404 lelong 3 ColorSpace=black +>404 lelong 4 ColorSpace=CMY +>404 lelong 5 ColorSpace=YMC +>404 lelong 6 ColorSpace=CMYK +>404 lelong 7 ColorSpace=YMCK +>404 lelong 8 ColorSpace=KCMY +>404 lelong 9 ColorSpace=KCMYcm +>404 lelong 10 ColorSpace=GMCK +>404 lelong 11 ColorSpace=GMCS +>404 lelong 12 ColorSpace=WHITE +>404 lelong 13 ColorSpace=GOLD +>404 lelong 14 ColorSpace=SILVER +>404 lelong 15 ColorSpace=CIE XYZ +>404 lelong 16 ColorSpace=CIE Lab +>404 lelong 17 ColorSpace=RGBW +>404 lelong 18 ColorSpace=sGray +>404 lelong 19 ColorSpace=sRGB +>404 lelong 20 ColorSpace=AdobeRGB + +# Cups Raster image format, Big Endian +0 string RaS +>3 string t Cups Raster version 1, Big Endian +>3 string 2 Cups Raster version 2, Big Endian +>3 string 3 Cups Raster version 3, Big Endian +!:mime application/vnd.cups-raster +>0 use \^cups-le + + +# Cups Raster image format, Little Endian +1 string SaR +>0 string t Cups Raster version 1, Little Endian +>0 string 2 Cups Raster version 2, Little Endian +>0 string 3 Cups Raster version 3, Little Endian +!:mime application/vnd.cups-raster +>0 use cups-le diff --git a/magic/Magdir/dact b/magic/Magdir/dact new file mode 100644 index 0000000..3c5a407 --- /dev/null +++ b/magic/Magdir/dact @@ -0,0 +1,11 @@ + +#------------------------------------------------------------------------------ +# $File$ +# dact: file(1) magic for DACT compressed files +# +0 long 0x444354C3 DACT compressed data +>4 byte >-1 (version %i. +>5 byte >-1 $BS%i. +>6 byte >-1 $BS%i) +>7 long >0 $BS, original size: %i bytes +>15 long >30 $BS, block size: %i bytes diff --git a/magic/Magdir/database b/magic/Magdir/database new file mode 100644 index 0000000..071a115 --- /dev/null +++ b/magic/Magdir/database @@ -0,0 +1,646 @@ + +#------------------------------------------------------------------------------ +# $File: database,v 1.55 2019/04/19 00:42:27 christos Exp $ +# database: file(1) magic for various databases +# +# extracted from header/code files by Graeme Wilford (eep2gw@ee.surrey.ac.uk) +# +# +# GDBM magic numbers +# Will be maintained as part of the GDBM distribution in the future. +# +0 belong 0x13579acd GNU dbm 1.x or ndbm database, big endian, 32-bit +!:mime application/x-gdbm +0 belong 0x13579ace GNU dbm 1.x or ndbm database, big endian, old +!:mime application/x-gdbm +0 belong 0x13579acf GNU dbm 1.x or ndbm database, big endian, 64-bit +!:mime application/x-gdbm +0 lelong 0x13579acd GNU dbm 1.x or ndbm database, little endian, 32-bit +!:mime application/x-gdbm +0 lelong 0x13579ace GNU dbm 1.x or ndbm database, little endian, old +!:mime application/x-gdbm +0 lelong 0x13579acf GNU dbm 1.x or ndbm database, little endian, 64-bit +!:mime application/x-gdbm +0 string GDBM GNU dbm 2.x database +!:mime application/x-gdbm +# +# Berkeley DB +# +# Ian Darwin's file /etc/magic files: big/little-endian version. +# +# Hash 1.85/1.86 databases store metadata in network byte order. +# Btree 1.85/1.86 databases store the metadata in host byte order. +# Hash and Btree 2.X and later databases store the metadata in host byte order. + +0 long 0x00061561 Berkeley DB +!:mime application/x-dbm +>8 belong 4321 +>>4 belong >2 1.86 +>>4 belong <3 1.85 +>>4 belong >0 (Hash, version %d, native byte-order) +>8 belong 1234 +>>4 belong >2 1.86 +>>4 belong <3 1.85 +>>4 belong >0 (Hash, version %d, little-endian) + +0 belong 0x00061561 Berkeley DB +>8 belong 4321 +>>4 belong >2 1.86 +>>4 belong <3 1.85 +>>4 belong >0 (Hash, version %d, big-endian) +>8 belong 1234 +>>4 belong >2 1.86 +>>4 belong <3 1.85 +>>4 belong >0 (Hash, version %d, native byte-order) + +0 long 0x00053162 Berkeley DB 1.85/1.86 +>4 long >0 (Btree, version %d, native byte-order) +0 belong 0x00053162 Berkeley DB 1.85/1.86 +>4 belong >0 (Btree, version %d, big-endian) +0 lelong 0x00053162 Berkeley DB 1.85/1.86 +>4 lelong >0 (Btree, version %d, little-endian) + +12 long 0x00061561 Berkeley DB +>16 long >0 (Hash, version %d, native byte-order) +12 belong 0x00061561 Berkeley DB +>16 belong >0 (Hash, version %d, big-endian) +12 lelong 0x00061561 Berkeley DB +>16 lelong >0 (Hash, version %d, little-endian) + +12 long 0x00053162 Berkeley DB +>16 long >0 (Btree, version %d, native byte-order) +12 belong 0x00053162 Berkeley DB +>16 belong >0 (Btree, version %d, big-endian) +12 lelong 0x00053162 Berkeley DB +>16 lelong >0 (Btree, version %d, little-endian) + +12 long 0x00042253 Berkeley DB +>16 long >0 (Queue, version %d, native byte-order) +12 belong 0x00042253 Berkeley DB +>16 belong >0 (Queue, version %d, big-endian) +12 lelong 0x00042253 Berkeley DB +>16 lelong >0 (Queue, version %d, little-endian) + +# From Max Bowsher. +12 long 0x00040988 Berkeley DB +>16 long >0 (Log, version %d, native byte-order) +12 belong 0x00040988 Berkeley DB +>16 belong >0 (Log, version %d, big-endian) +12 lelong 0x00040988 Berkeley DB +>16 lelong >0 (Log, version %d, little-endian) + +# +# +# Round Robin Database Tool by Tobias Oetiker +0 string/b RRD\0 RRDTool DB +>4 string/b x version %s + +>>10 short !0 16bit aligned +>>>10 bedouble 8.642135e+130 big-endian +>>>>18 short x 32bit long (m68k) + +>>10 short 0 +>>>12 long !0 32bit aligned +>>>>12 bedouble 8.642135e+130 big-endian +>>>>>20 long 0 64bit long +>>>>>20 long !0 32bit long +>>>>12 ledouble 8.642135e+130 little-endian +>>>>>24 long 0 64bit long +>>>>>24 long !0 32bit long (i386) +>>>>12 string \x43\x2b\x1f\x5b\x2f\x25\xc0\xc7 middle-endian +>>>>>24 short !0 32bit long (arm) + +>>8 quad 0 64bit aligned +>>>16 bedouble 8.642135e+130 big-endian +>>>>24 long 0 64bit long (s390x) +>>>>24 long !0 32bit long (hppa/mips/ppc/s390/SPARC) +>>>16 ledouble 8.642135e+130 little-endian +>>>>28 long 0 64bit long (alpha/amd64/ia64) +>>>>28 long !0 32bit long (armel/mipsel) + +#---------------------------------------------------------------------- +# ROOT: file(1) magic for ROOT databases +# +0 string root\0 ROOT file +>4 belong x Version %d +>33 belong x (Compression: %d) + +# XXX: Weak magic. +# Alex Ott +## Paradox file formats +#2 leshort 0x0800 Paradox +#>0x39 byte 3 v. 3.0 +#>0x39 byte 4 v. 3.5 +#>0x39 byte 9 v. 4.x +#>0x39 byte 10 v. 5.x +#>0x39 byte 11 v. 5.x +#>0x39 byte 12 v. 7.x +#>>0x04 byte 0 indexed .DB data file +#>>0x04 byte 1 primary index .PX file +#>>0x04 byte 2 non-indexed .DB data file +#>>0x04 byte 3 non-incrementing secondary index .Xnn file +#>>0x04 byte 4 secondary index .Ynn file +#>>0x04 byte 5 incrementing secondary index .Xnn file +#>>0x04 byte 6 non-incrementing secondary index .XGn file +#>>0x04 byte 7 secondary index .YGn file +#>>>0x04 byte 8 incrementing secondary index .XGn file + +## XBase database files +# updated by Joerg Jenderek at Feb 2013 +# https://www.dbase.com/Knowledgebase/INT/db7_file_fmt.htm +# https://www.clicketyclick.dk/databases/xbase/format/dbf.html +# http://home.f1.htw-berlin.de/scheibl/db/intern/dBase.htm +# inspect VVYYMMDD , where 1<= MM <= 12 and 1<= DD <= 31 +0 ubelong&0x0000FFFF <0x00000C20 +# skip Infocom game Z-machine +>2 ubyte >0 +# skip Androids *.xml +>>3 ubyte >0 +>>>3 ubyte <32 +# 1 < version VV +>>>>0 ubyte >1 +# skip HELP.CA3 by test for reserved byte ( NULL ) +>>>>>27 ubyte 0 +# reserved bytes not always 0 ; also found 0x3901 (T4.DBF) ,0x7101 (T5.DBF,T6.DBF) +#>>>>>30 ubeshort x 30NULL?%x +# possible production flag,tag numbers(<=0x30),tag length(<=0x20), reserved (NULL) +>>>>>>24 ubelong&0xffFFFFff >0x01302000 +# .DBF or .MDX +>>>>>>24 ubelong&0xffFFFFff <0x01302001 +# for Xbase Database file (*.DBF) reserved (NULL) for multi-user +>>>>>>>24 ubelong&0xffFFFFff =0 +# test for 2 reserved NULL bytes,transaction and encryption byte flag +>>>>>>>>12 ubelong&0xFFFFfEfE 0 +# test for MDX flag +>>>>>>>>>28 ubyte x +>>>>>>>>>28 ubyte&0xf8 0 +# header size >= 32 +>>>>>>>>>>8 uleshort >31 +# skip PIC15736.PCX by test for language driver name or field name +>>>>>>>>>>>32 ubyte >0 +#!:mime application/x-dbf; charset=unknown-8bit ?? +#!:mime application/x-dbase +>>>>>>>>>>>>0 use xbase-type +# database file +>>>>>>>>>>>>0 ubyte x \b DBF +>>>>>>>>>>>>4 lelong 0 \b, no records +>>>>>>>>>>>>4 lelong >0 \b, %d record +# plural s appended +>>>>>>>>>>>>>4 lelong >1 \bs +# https://www.clicketyclick.dk/databases/xbase/format/dbf_check.html#CHECK_DBF +# 1 <= record size <= 4000 (dBase 3,4) or 32 * KB (=0x8000) +>>>>>>>>>>>>10 uleshort x * %d +# file size = records * record size + header size +>>>>>>>>>>>>1 ubyte x \b, update-date +>>>>>>>>>>>>1 use xbase-date +# https://msdn.microsoft.com/de-de/library/cc483186(v=vs.71).aspx +#>>>>>>>>>>>>29 ubyte =0 \b, codepage ID=0x%x +# 2~cp850 , 3~cp1252 , 0x1b~?? ; what code page is 0x1b ? +>>>>>>>>>>>>29 ubyte >0 \b, codepage ID=0x%x +#>>>>>>>>>>>>28 ubyte&0x01 0 \b, no index file +>>>>>>>>>>>>28 ubyte&0x01 1 \b, with index file .MDX +>>>>>>>>>>>>28 ubyte&0x02 2 \b, with memo .FPT +>>>>>>>>>>>>28 ubyte&0x04 4 \b, DataBaseContainer +# 1st record offset + 1 = header size +>>>>>>>>>>>>8 uleshort >0 +>>>>>>>>>>>>(8.s+1) ubyte >0 +>>>>>>>>>>>>>8 uleshort >0 \b, at offset %d +>>>>>>>>>>>>>(8.s+1) ubyte >0 +>>>>>>>>>>>>>>&-1 string >\0 1st record "%s" +# for multiple index files (*.MDX) Production flag,tag numbers(<=0x30),tag length(<=0x20), reserved (NULL) +>>>>>>>24 ubelong&0x0133f7ff >0 +# test for reserved NULL byte +>>>>>>>>47 ubyte 0 +# test for valid TAG key format (0x10 or 0) +>>>>>>>>>559 ubyte&0xeF 0 +# test MM <= 12 +>>>>>>>>>>45 ubeshort <0x0C20 +>>>>>>>>>>>45 ubyte >0 +>>>>>>>>>>>>46 ubyte <32 +>>>>>>>>>>>>>46 ubyte >0 +#!:mime application/x-mdx +>>>>>>>>>>>>>>0 use xbase-type +>>>>>>>>>>>>>>0 ubyte x \b MDX +>>>>>>>>>>>>>>1 ubyte x \b, creation-date +>>>>>>>>>>>>>>1 use xbase-date +>>>>>>>>>>>>>>44 ubyte x \b, update-date +>>>>>>>>>>>>>>44 use xbase-date +# No.of tags in use (1,2,5,12) +>>>>>>>>>>>>>>28 uleshort x \b, %d +# No. of entries in tag (0x30) +>>>>>>>>>>>>>>25 ubyte x \b/%d tags +# Length of tag +>>>>>>>>>>>>>>26 ubyte x * %d +# 1st tag name_ +>>>>>>>>>>>>>548 string x \b, 1st tag "%.11s" +# 2nd tag name +#>>>>>>>>>>>>(26.b+548) string x \b, 2nd tag "%.11s" +# +# Print the xBase names of different version variants +0 name xbase-type +>0 ubyte <2 +# 1 < version +>0 ubyte >1 +>>0 ubyte 0x02 FoxBase +# FoxBase+/dBaseIII+, no memo +>>0 ubyte 0x03 FoxBase+/dBase III +!:mime application/x-dbf +# dBASE IV no memo file +>>0 ubyte 0x04 dBase IV +!:mime application/x-dbf +# dBASE V no memo file +>>0 ubyte 0x05 dBase V +!:mime application/x-dbf +>>0 ubyte 0x30 Visual FoxPro +!:mime application/x-dbf +>>0 ubyte 0x31 Visual FoxPro, autoincrement +!:mime application/x-dbf +# Visual FoxPro, with field type Varchar or Varbinary +>>0 ubyte 0x32 Visual FoxPro, with field type Varchar +!:mime application/x-dbf +# dBASE IV SQL, no memo;dbv memo var size (Flagship) +>>0 ubyte 0x43 dBase IV, with SQL table +!:mime application/x-dbf +# https://msdn.microsoft.com/en-US/library/st4a0s68(v=vs.80).aspx +#>>0 ubyte 0x62 dBase IV, with SQL table +#!:mime application/x-dbf +# dBASE IV, with memo!! +>>0 ubyte 0x7b dBase IV, with memo +!:mime application/x-dbf +# https://msdn.microsoft.com/en-US/library/st4a0s68(v=vs.80).aspx +#>>0 ubyte 0x82 dBase IV, with SQL system +#!:mime application/x-dbf +# FoxBase+/dBaseIII+ with memo .DBT! +>>0 ubyte 0x83 FoxBase+/dBase III, with memo .DBT +!:mime application/x-dbf +# VISUAL OBJECTS (first 1.0 versions) for the Dbase III files (NTX clipper driver); memo file +>>0 ubyte 0x87 VISUAL OBJECTS, with memo file +!:mime application/x-dbf +# https://msdn.microsoft.com/en-US/library/st4a0s68(v=vs.80).aspx +#>>0 ubyte 0x8A FoxBase+/dBase III, with memo .DBT +#!:mime application/x-dbf +# dBASE IV with memo! +>>0 ubyte 0x8B dBase IV, with memo .DBT +!:mime application/x-dbf +# dBase IV with SQL Table,no memo? +>>0 ubyte 0x8E dBase IV, with SQL table +!:mime application/x-dbf +# .dbv and .dbt memo (Flagship)? +>>0 ubyte 0xB3 Flagship +# https://msdn.microsoft.com/en-US/library/st4a0s68(v=vs.80).aspx +#>>0 ubyte 0xCA dBase IV with memo .DBT +#!:mime application/x-dbf +# dBASE IV with SQL table, with memo .DBT +>>0 ubyte 0xCB dBase IV with SQL table, with memo .DBT +!:mime application/x-dbf +# HiPer-Six format;Clipper SIX, with SMT memo file +>>0 ubyte 0xE5 Clipper SIX with memo +!:mime application/x-dbf +# https://msdn.microsoft.com/en-US/library/st4a0s68(v=vs.80).aspx +#>>0 ubyte 0xF4 dBase IV, with SQL table, with memo +#!:mime application/x-dbf +>>0 ubyte 0xF5 FoxPro with memo +!:mime application/x-dbf +# https://msdn.microsoft.com/en-US/library/st4a0s68(v=vs.80).aspx +#>>0 ubyte 0xFA FoxPro 2.x, with memo +#!:mime application/x-dbf +# unknown version (should not happen) +>>0 default x xBase +!:mime application/x-dbf +>>>0 ubyte x (0x%x) +# flags in version byte +# DBT flag (with dBASE III memo .DBT)!! +# >>0 ubyte&0x80 >0 DBT_FLAG=%x +# memo flag ?? +# >>0 ubyte&0x08 >0 MEMO_FLAG=%x +# SQL flag ?? +# >>0 ubyte&0x70 >0 SQL_FLAG=%x +# test and print the date of xBase .DBF .MDX +0 name xbase-date +# inspect YYMMDD , where 1<= MM <= 12 and 1<= DD <= 31 +>0 ubelong x +>1 ubyte <13 +>>1 ubyte >0 +>>>2 ubyte >0 +>>>>2 ubyte <32 +>>>>>0 ubyte x +# YY is interpreted as 20YY or 19YY +>>>>>>0 ubyte <100 \b %.2d +# YY is interpreted 1900+YY; TODO: display yy or 20yy instead 1YY +>>>>>>0 ubyte >99 \b %d +>>>>>1 ubyte x \b-%d +>>>>>2 ubyte x \b-%d + +# dBase memo files .DBT or .FPT +# https://msdn.microsoft.com/en-us/library/8599s21w(v=vs.80).aspx +16 ubyte <4 +>16 ubyte !2 +>>16 ubyte !1 +# next free block index is positive +>>>0 ulelong >0 +# skip many JPG. ZIP, BZ2 by test for reserved bytes NULL , 0|2 , 0|1 , low byte of block size +>>>>17 ubelong&0xFFfdFE00 0x00000000 +# skip many RAR by test for low byte 0 ,high byte 0|2|even of block size, 0|a|e|d7 , 0|64h +>>>>>20 ubelong&0xFF01209B 0x00000000 +# dBASE III +>>>>>>16 ubyte 3 +# dBASE III DBT +>>>>>>>0 use dbase3-memo-print +# dBASE III DBT without version, dBASE IV DBT , FoxPro FPT , or many ZIP , DBF garbage +>>>>>>16 ubyte 0 +# unusual dBASE III DBT like angest.dbt, dBASE IV DBT with block size 0 , FoxPro FPT , or garbage PCX DBF +>>>>>>>20 uleshort 0 +# FoxPro FPT , unusual dBASE III DBT like biblio.dbt or garbage +>>>>>>>>8 ulong =0 +>>>>>>>>>6 ubeshort >0 +# skip emacs.PIF +>>>>>>>>>>4 ushort 0 +>>>>>>>>>>>0 use foxpro-memo-print +# dBASE III DBT , garbage +>>>>>>>>>6 ubeshort 0 +# skip MM*DD*.bin by test for for reserved NULL byte +>>>>>>>>>>510 ubeshort 0 +# skip TK-DOS11.img image by looking for memo text +>>>>>>>>>>>512 ubelong <0xfeffff03 +# skip EFI executables by looking for memo text +>>>>>>>>>>>>512 ubelong >0x1F202020 +>>>>>>>>>>>>>513 ubyte >0 +# unusual dBASE III DBT like adressen.dbt +>>>>>>>>>>>>>>0 use dbase3-memo-print +# dBASE III DBT like angest.dbt, or garbage PCX DBF +>>>>>>>>8 ubelong !0 +# skip PCX and some DBF by test for for reserved NULL bytes +>>>>>>>>>510 ubeshort 0 +# skip some DBF by test of invalid version +>>>>>>>>>>0 ubyte >5 +>>>>>>>>>>>0 ubyte <48 +>>>>>>>>>>>>0 use dbase3-memo-print +# dBASE IV DBT with positive block size +>>>>>>>20 uleshort >0 +# dBASE IV DBT with valid block length like 512, 1024 +# multiple of 2 in between 16 and 16 K ,implies upper and lower bits are zero +>>>>>>>>20 uleshort&0x800f 0 +>>>>>>>>>0 use dbase4-memo-print + +# Print the information of dBase III DBT memo file +0 name dbase3-memo-print +>0 ubyte x dBase III DBT +# instead 3 as version number 0 for unusual examples like biblio.dbt +>16 ubyte !3 \b, version number %u +# Number of next available block for appending data +#>0 lelong =0 \b, next free block index %u +>0 lelong !0 \b, next free block index %u +# no positiv block length +#>20 uleshort =0 \b, block length %u +>20 uleshort !0 \b, block length %u +# dBase III memo field terminated by \032\032 +>512 string >\0 \b, 1st item "%s" +# Print the information of dBase IV DBT memo file +0 name dbase4-memo-print +>0 lelong x dBase IV DBT +!:mime application/x-dbt +!:ext dbt +# 8 character shorted main name of coresponding dBASE IV DBF file +>8 ubelong >0x20000000 +# skip unusual like for angest.dbt +>>20 uleshort >0 +>>>8 string >\0 \b of %-.8s.DBF +# value 0 implies 512 as size +#>4 ulelong =0 \b, blocks size %u +# size of blocks not reliable like 0x2020204C in angest.dbt +>4 ulelong !0 +>>4 ulelong&0x0000003f 0 \b, blocks size %u +# dBase IV DBT with positive block length (found 512 , 1024) +>20 uleshort >0 \b, block length %u +# next available block +#>0 lelong =0 \b, next free block index %u +>0 lelong !0 \b, next free block index %u +>20 uleshort >0 +>>(20.s) ubelong x +>>>&-4 use dbase4-memofield-print +# unusual dBase IV DBT without block length (implies 512 as length) +>20 uleshort =0 +>>512 ubelong x +>>>&-4 use dbase4-memofield-print +# Print the information of dBase IV memo field +0 name dbase4-memofield-print +# free dBase IV memo field +>0 ubelong !0xFFFF0800 +>>0 lelong x \b, next free block %u +>>4 lelong x \b, next used block %u +# used dBase IV memo field +>0 ubelong =0xFFFF0800 +# length of memo field +>>4 lelong x \b, field length %d +>>>8 string >\0 \b, 1st used item "%s" +# Print the information of FoxPro FPT memo file +0 name foxpro-memo-print +>0 belong x FoxPro FPT +# Size of blocks for FoxPro ( 64,256 ) +>6 ubeshort x \b, blocks size %u +# next available block +#>0 belong =0 \b, next free block index %u +>0 belong !0 \b, next free block index %u +# field type ( 0~picture, 1~memo, 2~object ) +>512 ubelong <3 \b, field type %u +# length of memo field +>512 ubelong 1 +>>516 belong >0 \b, field length %d +>>>520 string >\0 \b, 1st item "%s" + +# TODO: +# DBASE index file *.NDX +# DBASE Compound Index file *.CDX +# dBASE IV Printer Driver *.PRF +## End of XBase database stuff + +# MS Access database +4 string Standard\ Jet\ DB Microsoft Access Database +!:mime application/x-msaccess +4 string Standard\ ACE\ DB Microsoft Access Database +!:mime application/x-msaccess + +# From: Joerg Jenderek +# URL: http://fileformats.archiveteam.org/wiki/Extensible_Storage_Engine +# Reference: https://github.com/libyal/libesedb/archive/master.zip +# libesedb-master/documentation/ +# Extensible Storage Engine (ESE) Database File (EDB) format.asciidoc +# Note: also known as "JET Blue". Used by numerous Windows components such as +# Windows Search, Mail, Exchange and Active Directory. +4 ubelong 0xefcdab89 +# unknown1 +>132 ubelong 0 Extensible storage engine +!:mime application/x-ms-ese +# file_type 0~database 1~stream +>>12 ulelong 0 DataBase +# Security DataBase (sdb) +!:ext edb/sdb +>>12 ulelong 1 STreaMing +!:ext stm +# format_version 620h +>>8 uleshort x \b, version 0x%x +>>10 uleshort >0 revision 0x%4.4x +>>0 ubelong x \b, checksum 0x%8.8x +# Page size 4096 8192 32768 +>>236 ulequad x \b, page size %lld +# database_state +>>52 ulelong 1 \b, JustCreated +>>52 ulelong 2 \b, DirtyShutdown +#>>52 ulelong 3 \b, CleanShutdown +>>52 ulelong 4 \b, BeingConverted +>>52 ulelong 5 \b, ForceDetach +# Windows NT major version when the databases indexes were updated. +>>216 ulelong x \b, Windows version %d +# Windows NT minor version +>>220 ulelong x \b.%d + +# From: Joerg Jenderek +# URL: https://forensicswiki.org/wiki/Windows_Application_Compatibility +# Note: files contain application compatibility fixes, application compatibility modes and application help messages. +8 string sdbf +>7 ubyte 0 +# TAG_TYPE_LIST+TAG_INDEXES +>>12 uleshort 0x7802 Windows application compatibility Shim DataBase +# version? 2 3 +#>>>0 ulelong x \b, version %d +!:mime application/x-ms-sdb +!:ext sdb + +# TDB database from Samba et al - Martin Pool +0 string TDB\ file TDB database +>32 lelong 0x2601196D version 6, little-endian +>>36 lelong x hash size %d bytes + +# SE Linux policy database +0 lelong 0xf97cff8c SE Linux policy +>16 lelong x v%d +>20 lelong 1 MLS +>24 lelong x %d symbols +>28 lelong x %d ocons + +# ICE authority file data (Wolfram Kleff) +2 string ICE ICE authority data + +# X11 Xauthority file (Wolfram Kleff) +10 string MIT-MAGIC-COOKIE-1 X11 Xauthority data +11 string MIT-MAGIC-COOKIE-1 X11 Xauthority data +12 string MIT-MAGIC-COOKIE-1 X11 Xauthority data +13 string MIT-MAGIC-COOKIE-1 X11 Xauthority data +14 string MIT-MAGIC-COOKIE-1 X11 Xauthority data +15 string MIT-MAGIC-COOKIE-1 X11 Xauthority data +16 string MIT-MAGIC-COOKIE-1 X11 Xauthority data +17 string MIT-MAGIC-COOKIE-1 X11 Xauthority data +18 string MIT-MAGIC-COOKIE-1 X11 Xauthority data + +# From: Maxime Henrion +# PostgreSQL's custom dump format, Maxime Henrion +0 string PGDMP PostgreSQL custom database dump +>5 byte x - v%d +>6 byte x \b.%d +>5 beshort <0x101 \b-0 +>5 beshort >0x100 +>>7 byte x \b-%d + +# Type: Advanced Data Format (ADF) database +# URL: https://www.grc.nasa.gov/WWW/cgns/adf/ +# From: Nicolas Chauvat +0 string @(#)ADF\ Database CGNS Advanced Data Format + +# Tokyo Cabinet magic data +# http://tokyocabinet.sourceforge.net/index.html +0 string ToKyO\ CaBiNeT\n Tokyo Cabinet +>14 string x \b (%s) +>32 byte 0 \b, Hash +!:mime application/x-tokyocabinet-hash +>32 byte 1 \b, B+ tree +!:mime application/x-tokyocabinet-btree +>32 byte 2 \b, Fixed-length +!:mime application/x-tokyocabinet-fixed +>32 byte 3 \b, Table +!:mime application/x-tokyocabinet-table +>33 byte &1 \b, [open] +>33 byte &2 \b, [fatal] +>34 byte x \b, apow=%d +>35 byte x \b, fpow=%d +>36 byte &0x01 \b, [large] +>36 byte &0x02 \b, [deflate] +>36 byte &0x04 \b, [bzip] +>36 byte &0x08 \b, [tcbs] +>36 byte &0x10 \b, [excodec] +>40 lequad x \b, bnum=%lld +>48 lequad x \b, rnum=%lld +>56 lequad x \b, fsiz=%lld + +# Type: QDBM Quick Database Manager +# From: Benoit Sibaud +0 string \\[depot\\]\n\f Quick Database Manager, little endian +0 string \\[DEPOT\\]\n\f Quick Database Manager, big endian + +# Type: TokyoCabinet database +# URL: http://tokyocabinet.sourceforge.net/ +# From: Benoit Sibaud +0 string ToKyO\ CaBiNeT\n TokyoCabinet database +>14 string x (version %s) + +# From: Stephane Blondon https://www.yaal.fr +# Database file for Zope (done by FileStorage) +0 string FS21 Zope Object Database File Storage v3 (data) +0 string FS30 Zope Object Database File Storage v4 (data) + +# Cache file for the database of Zope (done by ClientStorage) +0 string ZEC3 Zope Object Database Client Cache File (data) + +# IDA (Interactive Disassembler) database +0 string IDA1 IDA (Interactive Disassembler) database + +# Hopper (reverse engineering tool) https://www.hopperapp.com/ +0 string hopperdb Hopper database + +# URL: https://en.wikipedia.org/wiki/Panorama_(database_engine) +# Reference: http://www.provue.com/Panorama/ +# From: Joerg Jenderek +# NOTE: test only versions 4 and 6.0 with Windows +# length of Panorama database name +5 ubyte >0 +# look after database name for "some" null bits +>(5.B+7) ubelong&0xF3ffF000 0 +# look for first keyword +>>&1 search/2 DESIGN Panorama database +#!:mime application/x-panorama-database +!:apple KASXZEPD +!:ext pan +# database name +>>>5 pstring x \b, "%s" + +# +# +# askSam Database by Stefan A. Haubenthal +0 string askw40\0 askSam DB + +# +# +# MUIbase Database Tool by Stefan A. Haubenthal +0 string MBSTV\040 MUIbase DB +>6 string x version %s + +# +# CDB database +0 string NBCDB\012 NetBSD Constant Database +>7 byte x \b, version %d +>8 string x \b, for '%s' +>24 lelong x \b, datasize %d +>28 lelong x \b, entries %d +>32 lelong x \b, index %d +>36 lelong x \b, seed %#x + +# +# Redis RDB - https://redis.io/topics/persistence +0 string REDIS Redis RDB file, +>5 regex [0-9][0-9][0-9][0-9] version %s + +# Mork database. +# Used by older versions of Mozilla Suite and Firefox, +# and current versions of Thunderbird. +# From: David Korth +0 string //\