Thread replies: 21
Thread images: 1
Thread images: 1
File: altered_file.png (433KB, 1920x1080px) Image search:
[Google]
433KB, 1920x1080px
Is it possible to detect file type without magic number?
>>
>>60386672
30 years I use computers, and I never need that. We have invented extensions anon.
Or are you doing forensics?
>>
What do you mean without magic number?
>>
>>60386672
Nice PNG image you are trying to hide
>>
>>60386672
You aren't shilling some tool are you?
>>
>>60386672
Maybe some kind of automated tool exists (to find hidden footers and every combination of replacing them with headers to carve out files if that is what you are looking for.
Is finding magic numbers really that much of a pain? just use a scientific calculator if I remember correctly.
>>
>>60386672
Heuristically...this is how humans figure things out.
Get disassembling son.
>>60386735
For you dumb ass.
https://stackoverflow.com/questions/3841533/why-do-file-formats-have-magic-numbers
>>
>Is it possible to detect file type without magic number?
yes
>>
>>60386748
What I'm saying is if some one change magic number of a porn
into all 0s, how can I get the real file type?
>>
>>60386672
https://en.m.wikipedia.org/wiki/File_(command)
>>
>>60386672
Why do you honestly need that though?
If you want to hide a file then just encrypt it.
Anyways to answer your question, yes, it is possible, and some files give off more information than others, not to mention information left by the editor.
For example, if you edit a jpg in paint you get jpg's magic number which you can delete, but paint leaves this "Paint Tool -SAI- JPEG Encoder v1.00" in the file. So effectively you know it's a jpg.
>>
>>60386822
So If I understand correctly they simply replace the magic number with all 0s and it stays the same length? Then all you have to do is search for magic numbers with that length, and maybe use some info left by editors in the file and stuff like that, if that's not enough.
>>
>>60386672
run file and binwalk on this
>>
>>60386824
Here's your answer, good luck anon.
>>
>>60386672
>output.png
>>
>>60386672
Anon, what's on pic? I really need it. Is it GDB? How can i enable that kind of output? I often need to disassemble some shit to get some signature from memory but with gdb's "x" it's so painful.
>>
>>60387520
Looks like xxd
>>
>>60387629
Oh, yes, it is. Thank you. Seems like it can read files dumped from gdb so it's fine for my purpose.
>>
>>60387712
It can read any file that can be read(3), so pretty much any file.
For disassembly i'd use objdump(1), for firmware disassembly I'd use binwalk.
Use strings(1) when what you want is to extract all readable strings from a file.
>>
>>60386672
install libmagic
>>
I usually look at the end of the file. If it says .jpg, then it means you can probably open it with Windows Paint. Hope this helped.
Thread posts: 21
Thread images: 1
Thread images: 1