Removed common LZMA false positives

23497c18 · devttys0 · 30877f6f · 23497c18 · 23497c18 · 23497c18
Commit 23497c18 authored Jul 23, 2014 by devttys0
Hide whitespace changes
Inline Side-by-side

Showing with 403 additions and 403 deletions

binwalk src/binwalk/magic/binwalk +199 -199

lzma src/magic/lzma +199 -199

signature_scan.py src/scripts/examples/signature_scan.py +5 -5

No files found.
--- a/src/binwalk/magic/binwalk
+++ b/src/binwalk/magic/binwalk
@@ -2510,205 +2510,205 @@
 >16	beshort	!0x277B												invalid
 >14	beshort	x													exception vector table base address: 0x%.4X
 >18	beshort	x													\b%.4X
+#
-# ------------------------------------------------------------------
+## ------------------------------------------------------------------
-# Signature for LZMA compressed data with valid properties byte 0x40
+## Signature for LZMA compressed data with valid properties byte 0x40
-# ------------------------------------------------------------------
+## ------------------------------------------------------------------
-0		string	\x40\x00\x00	LZMA compressed data, properties: 0x40,
+#0		string	\x40\x00\x00	LZMA compressed data, properties: 0x40,
+#
-# These are all the valid dictionary sizes supported by LZMA utils.
+## These are all the valid dictionary sizes supported by LZMA utils.
->1		lelong	!65536	
+#>1		lelong	!65536	
->>1		lelong	!131072	
+#>>1		lelong	!131072	
->>>1		lelong	!262144	
+#>>>1		lelong	!262144	
->>>>1		lelong	!524288	
+#>>>>1		lelong	!524288	
->>>>>1		lelong	!1048576	
+#>>>>>1		lelong	!1048576	
->>>>>>1		lelong	!2097152	
+#>>>>>>1		lelong	!2097152	
->>>>>>>1	lelong	!4194304	
+#>>>>>>>1	lelong	!4194304	
->>>>>>>>1	lelong	!8388608	
+#>>>>>>>>1	lelong	!8388608	
->>>>>>>>>1	lelong	!16777216	
+#>>>>>>>>>1	lelong	!16777216	
->>>>>>>>>>1	lelong	!33554432	invalid
+#>>>>>>>>>>1	lelong	!33554432	invalid
->1		lelong	x		dictionary size: %d bytes,
+#>1		lelong	x		dictionary size: %d bytes,
+#
-# Assume that a valid size will be greater than 32 bytes and less than 1GB (a value of -1 IS valid).
+## Assume that a valid size will be greater than 32 bytes and less than 1GB (a value of -1 IS valid).
-# This could technically be valid, but is unlikely.
+## This could technically be valid, but is unlikely.
->5		lequad	!-1
+#>5		lequad	!-1
->>5		lequad	<32		invalid
+#>>5		lequad	<32		invalid
->>5		lequad	>0x40000000	invalid
+#>>5		lequad	>0x40000000	invalid
+#
-# These are not 100%. The uncompressed size could be exactly the same as the dicionary size, but it is unlikely.
+## These are not 100%. The uncompressed size could be exactly the same as the dicionary size, but it is unlikely.
-# Since most false positives are the result of repeating sequences of bytes (such as executable instructions),
+## Since most false positives are the result of repeating sequences of bytes (such as executable instructions),
-# marking matches with the same uncompressed and dictionary sizes as invalid eliminates much of these false positives.
+## marking matches with the same uncompressed and dictionary sizes as invalid eliminates much of these false positives.
->1		lelong	65536
+#>1		lelong	65536
->>5		lequad	65536		invalid
+#>>5		lequad	65536		invalid
->1		lelong	131072
+#>1		lelong	131072
->>5		lequad	131072		invalid
+#>>5		lequad	131072		invalid
->1		lelong	262144
+#>1		lelong	262144
->>5		lequad	262144		invalid
+#>>5		lequad	262144		invalid
->1		lelong	524288
+#>1		lelong	524288
->>5		lequad	524288		invalid
+#>>5		lequad	524288		invalid
->1		lelong	1048576
+#>1		lelong	1048576
->>5		lequad	1048576		invalid
+#>>5		lequad	1048576		invalid
->1		lelong	2097152
+#>1		lelong	2097152
->>5		lequad	2097152		invalid
+#>>5		lequad	2097152		invalid
->1		lelong	4194304
+#>1		lelong	4194304
->>5		lequad	4194304		invalid
+#>>5		lequad	4194304		invalid
->1		lelong	8388608
+#>1		lelong	8388608
->>5		lequad	8388608		invalid
+#>>5		lequad	8388608		invalid
->1		lelong	16777216
+#>1		lelong	16777216
->>5		lequad	16777216	invalid
+#>>5		lequad	16777216	invalid
->1		lelong	33554432
+#>1		lelong	33554432
->>5		lequad	33554432	invalid
+#>>5		lequad	33554432	invalid
->5		lequad	x		uncompressed size: %lld bytes
+#>5		lequad	x		uncompressed size: %lld bytes
+#
+#
-# ------------------------------------------------------------------
+## ------------------------------------------------------------------
-# Signature for LZMA compressed data with valid properties byte 0x41
+## Signature for LZMA compressed data with valid properties byte 0x41
-# ------------------------------------------------------------------
+## ------------------------------------------------------------------
-0		string	\x41\x00\x00	LZMA compressed data, properties: 0x41,
+#0		string	\x41\x00\x00	LZMA compressed data, properties: 0x41,
+#
-# These are all the valid dictionary sizes supported by LZMA utils.
+## These are all the valid dictionary sizes supported by LZMA utils.
->1		lelong	!65536	
+#>1		lelong	!65536	
->>1		lelong	!131072	
+#>>1		lelong	!131072	
->>>1		lelong	!262144	
+#>>>1		lelong	!262144	
->>>>1		lelong	!524288	
+#>>>>1		lelong	!524288	
->>>>>1		lelong	!1048576	
+#>>>>>1		lelong	!1048576	
->>>>>>1		lelong	!2097152	
+#>>>>>>1		lelong	!2097152	
->>>>>>>1	lelong	!4194304	
+#>>>>>>>1	lelong	!4194304	
->>>>>>>>1	lelong	!8388608	
+#>>>>>>>>1	lelong	!8388608	
->>>>>>>>>1	lelong	!16777216	
+#>>>>>>>>>1	lelong	!16777216	
->>>>>>>>>>1	lelong	!33554432	invalid
+#>>>>>>>>>>1	lelong	!33554432	invalid
->1		lelong	x		dictionary size: %d bytes,
+#>1		lelong	x		dictionary size: %d bytes,
+#
-# Assume that a valid size will be greater than 32 bytes and less than 1GB (a value of -1 IS valid).
+## Assume that a valid size will be greater than 32 bytes and less than 1GB (a value of -1 IS valid).
-# This could technically be valid, but is unlikely.
+## This could technically be valid, but is unlikely.
->5		lequad	!-1
+#>5		lequad	!-1
->>5		lequad	<32		invalid
+#>>5		lequad	<32		invalid
->>5		lequad	>0x40000000	invalid
+#>>5		lequad	>0x40000000	invalid
+#
-# These are not 100%. The uncompressed size could be exactly the same as the dicionary size, but it is unlikely.
+## These are not 100%. The uncompressed size could be exactly the same as the dicionary size, but it is unlikely.
-# Since most false positives are the result of repeating sequences of bytes (such as executable instructions),
+## Since most false positives are the result of repeating sequences of bytes (such as executable instructions),
-# marking matches with the same uncompressed and dictionary sizes as invalid eliminates much of these false positives.
+## marking matches with the same uncompressed and dictionary sizes as invalid eliminates much of these false positives.
->1		lelong	65536
+#>1		lelong	65536
->>5		lequad	65536		invalid
+#>>5		lequad	65536		invalid
->1		lelong	131072
+#>1		lelong	131072
->>5		lequad	131072		invalid
+#>>5		lequad	131072		invalid
->1		lelong	262144
+#>1		lelong	262144
->>5		lequad	262144		invalid
+#>>5		lequad	262144		invalid
->1		lelong	524288
+#>1		lelong	524288
->>5		lequad	524288		invalid
+#>>5		lequad	524288		invalid
->1		lelong	1048576
+#>1		lelong	1048576
->>5		lequad	1048576		invalid
+#>>5		lequad	1048576		invalid
->1		lelong	2097152
+#>1		lelong	2097152
->>5		lequad	2097152		invalid
+#>>5		lequad	2097152		invalid
->1		lelong	4194304
+#>1		lelong	4194304
->>5		lequad	4194304		invalid
+#>>5		lequad	4194304		invalid
->1		lelong	8388608
+#>1		lelong	8388608
->>5		lequad	8388608		invalid
+#>>5		lequad	8388608		invalid
->1		lelong	16777216
+#>1		lelong	16777216
->>5		lequad	16777216	invalid
+#>>5		lequad	16777216	invalid
->1		lelong	33554432
+#>1		lelong	33554432
->>5		lequad	33554432	invalid
+#>>5		lequad	33554432	invalid
->5		lequad	x		uncompressed size: %lld bytes
+#>5		lequad	x		uncompressed size: %lld bytes
+#
+#
-# ------------------------------------------------------------------
+## ------------------------------------------------------------------
-# Signature for LZMA compressed data with valid properties byte 0x48
+## Signature for LZMA compressed data with valid properties byte 0x48
-# ------------------------------------------------------------------
+## ------------------------------------------------------------------
-0		string	\x48\x00\x00	LZMA compressed data, properties: 0x48,
+#0		string	\x48\x00\x00	LZMA compressed data, properties: 0x48,
+#
-# These are all the valid dictionary sizes supported by LZMA utils.
+## These are all the valid dictionary sizes supported by LZMA utils.
->1		lelong	!65536	
+#>1		lelong	!65536	
->>1		lelong	!131072	
+#>>1		lelong	!131072	
->>>1		lelong	!262144	
+#>>>1		lelong	!262144	
->>>>1		lelong	!524288	
+#>>>>1		lelong	!524288	
->>>>>1		lelong	!1048576	
+#>>>>>1		lelong	!1048576	
->>>>>>1		lelong	!2097152	
+#>>>>>>1		lelong	!2097152	
->>>>>>>1	lelong	!4194304	
+#>>>>>>>1	lelong	!4194304	
->>>>>>>>1	lelong	!8388608	
+#>>>>>>>>1	lelong	!8388608	
->>>>>>>>>1	lelong	!16777216	
+#>>>>>>>>>1	lelong	!16777216	
->>>>>>>>>>1	lelong	!33554432	invalid
+#>>>>>>>>>>1	lelong	!33554432	invalid
->1		lelong	x		dictionary size: %d bytes,
+#>1		lelong	x		dictionary size: %d bytes,
+#
-# Assume that a valid size will be greater than 32 bytes and less than 1GB (a value of -1 IS valid).
+## Assume that a valid size will be greater than 32 bytes and less than 1GB (a value of -1 IS valid).
-# This could technically be valid, but is unlikely.
+## This could technically be valid, but is unlikely.
->5		lequad	!-1
+#>5		lequad	!-1
->>5		lequad	<32		invalid
+#>>5		lequad	<32		invalid
->>5		lequad	>0x40000000	invalid
+#>>5		lequad	>0x40000000	invalid
+#
-# These are not 100%. The uncompressed size could be exactly the same as the dicionary size, but it is unlikely.
+## These are not 100%. The uncompressed size could be exactly the same as the dicionary size, but it is unlikely.
-# Since most false positives are the result of repeating sequences of bytes (such as executable instructions),
+## Since most false positives are the result of repeating sequences of bytes (such as executable instructions),
-# marking matches with the same uncompressed and dictionary sizes as invalid eliminates much of these false positives.
+## marking matches with the same uncompressed and dictionary sizes as invalid eliminates much of these false positives.
->1		lelong	65536
+#>1		lelong	65536
->>5		lequad	65536		invalid
+#>>5		lequad	65536		invalid
->1		lelong	131072
+#>1		lelong	131072
->>5		lequad	131072		invalid
+#>>5		lequad	131072		invalid
->1		lelong	262144
+#>1		lelong	262144
->>5		lequad	262144		invalid
+#>>5		lequad	262144		invalid
->1		lelong	524288
+#>1		lelong	524288
->>5		lequad	524288		invalid
+#>>5		lequad	524288		invalid
->1		lelong	1048576
+#>1		lelong	1048576
->>5		lequad	1048576		invalid
+#>>5		lequad	1048576		invalid
->1		lelong	2097152
+#>1		lelong	2097152
->>5		lequad	2097152		invalid
+#>>5		lequad	2097152		invalid
->1		lelong	4194304
+#>1		lelong	4194304
->>5		lequad	4194304		invalid
+#>>5		lequad	4194304		invalid
->1		lelong	8388608
+#>1		lelong	8388608
->>5		lequad	8388608		invalid
+#>>5		lequad	8388608		invalid
->1		lelong	16777216
+#>1		lelong	16777216
->>5		lequad	16777216	invalid
+#>>5		lequad	16777216	invalid
->1		lelong	33554432
+#>1		lelong	33554432
->>5		lequad	33554432	invalid
+#>>5		lequad	33554432	invalid
->5		lequad	x		uncompressed size: %lld bytes
+#>5		lequad	x		uncompressed size: %lld bytes
+#
+#
-# ------------------------------------------------------------------
+## ------------------------------------------------------------------
-# Signature for LZMA compressed data with valid properties byte 0x49
+## Signature for LZMA compressed data with valid properties byte 0x49
-# ------------------------------------------------------------------
+## ------------------------------------------------------------------
-0		string	\x49\x00\x00	LZMA compressed data, properties: 0x49,
+#0		string	\x49\x00\x00	LZMA compressed data, properties: 0x49,
+#
-# These are all the valid dictionary sizes supported by LZMA utils.
+## These are all the valid dictionary sizes supported by LZMA utils.
->1		lelong	!65536	
+#>1		lelong	!65536	
->>1		lelong	!131072	
+#>>1		lelong	!131072	
->>>1		lelong	!262144	
+#>>>1		lelong	!262144	
->>>>1		lelong	!524288	
+#>>>>1		lelong	!524288	
->>>>>1		lelong	!1048576	
+#>>>>>1		lelong	!1048576	
->>>>>>1		lelong	!2097152	
+#>>>>>>1		lelong	!2097152	
->>>>>>>1	lelong	!4194304	
+#>>>>>>>1	lelong	!4194304	
->>>>>>>>1	lelong	!8388608	
+#>>>>>>>>1	lelong	!8388608	
->>>>>>>>>1	lelong	!16777216	
+#>>>>>>>>>1	lelong	!16777216	
->>>>>>>>>>1	lelong	!33554432	invalid
+#>>>>>>>>>>1	lelong	!33554432	invalid
->1		lelong	x		dictionary size: %d bytes,
+#>1		lelong	x		dictionary size: %d bytes,
+#
-# Assume that a valid size will be greater than 32 bytes and less than 1GB (a value of -1 IS valid).
+## Assume that a valid size will be greater than 32 bytes and less than 1GB (a value of -1 IS valid).
-# This could technically be valid, but is unlikely.
+## This could technically be valid, but is unlikely.
->5		lequad	!-1
+#>5		lequad	!-1
->>5		lequad	<32		invalid
+#>>5		lequad	<32		invalid
->>5		lequad	>0x40000000	invalid
+#>>5		lequad	>0x40000000	invalid
+#
-# These are not 100%. The uncompressed size could be exactly the same as the dicionary size, but it is unlikely.
+## These are not 100%. The uncompressed size could be exactly the same as the dicionary size, but it is unlikely.
-# Since most false positives are the result of repeating sequences of bytes (such as executable instructions),
+## Since most false positives are the result of repeating sequences of bytes (such as executable instructions),
-# marking matches with the same uncompressed and dictionary sizes as invalid eliminates much of these false positives.
+## marking matches with the same uncompressed and dictionary sizes as invalid eliminates much of these false positives.
->1		lelong	65536
+#>1		lelong	65536
->>5		lequad	65536		invalid
+#>>5		lequad	65536		invalid
->1		lelong	131072
+#>1		lelong	131072
->>5		lequad	131072		invalid
+#>>5		lequad	131072		invalid
->1		lelong	262144
+#>1		lelong	262144
->>5		lequad	262144		invalid
+#>>5		lequad	262144		invalid
->1		lelong	524288
+#>1		lelong	524288
->>5		lequad	524288		invalid
+#>>5		lequad	524288		invalid
->1		lelong	1048576
+#>1		lelong	1048576
->>5		lequad	1048576		invalid
+#>>5		lequad	1048576		invalid
->1		lelong	2097152
+#>1		lelong	2097152
->>5		lequad	2097152		invalid
+#>>5		lequad	2097152		invalid
->1		lelong	4194304
+#>1		lelong	4194304
->>5		lequad	4194304		invalid
+#>>5		lequad	4194304		invalid
->1		lelong	8388608
+#>1		lelong	8388608
->>5		lequad	8388608		invalid
+#>>5		lequad	8388608		invalid
->1		lelong	16777216
+#>1		lelong	16777216
->>5		lequad	16777216	invalid
+#>>5		lequad	16777216	invalid
->1		lelong	33554432
+#>1		lelong	33554432
->>5		lequad	33554432	invalid
+#>>5		lequad	33554432	invalid
->5		lequad	x		uncompressed size: %lld bytes
+#>5		lequad	x		uncompressed size: %lld bytes
 # ------------------------------------------------------------------

--- a/src/magic/lzma
+++ b/src/magic/lzma
+#
-# ------------------------------------------------------------------
+## ------------------------------------------------------------------
-# Signature for LZMA compressed data with valid properties byte 0x40
+## Signature for LZMA compressed data with valid properties byte 0x40
-# ------------------------------------------------------------------
+## ------------------------------------------------------------------
-0		string	\x40\x00\x00	LZMA compressed data, properties: 0x40,
+#0		string	\x40\x00\x00	LZMA compressed data, properties: 0x40,
+#
-# These are all the valid dictionary sizes supported by LZMA utils.
+## These are all the valid dictionary sizes supported by LZMA utils.
->1		lelong	!65536	
+#>1		lelong	!65536	
->>1		lelong	!131072	
+#>>1		lelong	!131072	
->>>1		lelong	!262144	
+#>>>1		lelong	!262144	
->>>>1		lelong	!524288	
+#>>>>1		lelong	!524288	
->>>>>1		lelong	!1048576	
+#>>>>>1		lelong	!1048576	
->>>>>>1		lelong	!2097152	
+#>>>>>>1		lelong	!2097152	
->>>>>>>1	lelong	!4194304	
+#>>>>>>>1	lelong	!4194304	
->>>>>>>>1	lelong	!8388608	
+#>>>>>>>>1	lelong	!8388608	
->>>>>>>>>1	lelong	!16777216	
+#>>>>>>>>>1	lelong	!16777216	
->>>>>>>>>>1	lelong	!33554432	invalid
+#>>>>>>>>>>1	lelong	!33554432	invalid
->1		lelong	x		dictionary size: %d bytes,
+#>1		lelong	x		dictionary size: %d bytes,
+#
-# Assume that a valid size will be greater than 32 bytes and less than 1GB (a value of -1 IS valid).
+## Assume that a valid size will be greater than 32 bytes and less than 1GB (a value of -1 IS valid).
-# This could technically be valid, but is unlikely.
+## This could technically be valid, but is unlikely.
->5		lequad	!-1
+#>5		lequad	!-1
->>5		lequad	<32		invalid
+#>>5		lequad	<32		invalid
->>5		lequad	>0x40000000	invalid
+#>>5		lequad	>0x40000000	invalid
+#
-# These are not 100%. The uncompressed size could be exactly the same as the dicionary size, but it is unlikely.
+## These are not 100%. The uncompressed size could be exactly the same as the dicionary size, but it is unlikely.
-# Since most false positives are the result of repeating sequences of bytes (such as executable instructions),
+## Since most false positives are the result of repeating sequences of bytes (such as executable instructions),
-# marking matches with the same uncompressed and dictionary sizes as invalid eliminates much of these false positives.
+## marking matches with the same uncompressed and dictionary sizes as invalid eliminates much of these false positives.
->1		lelong	65536
+#>1		lelong	65536
->>5		lequad	65536		invalid
+#>>5		lequad	65536		invalid
->1		lelong	131072
+#>1		lelong	131072
->>5		lequad	131072		invalid
+#>>5		lequad	131072		invalid
->1		lelong	262144
+#>1		lelong	262144
->>5		lequad	262144		invalid
+#>>5		lequad	262144		invalid
->1		lelong	524288
+#>1		lelong	524288
->>5		lequad	524288		invalid
+#>>5		lequad	524288		invalid
->1		lelong	1048576
+#>1		lelong	1048576
->>5		lequad	1048576		invalid
+#>>5		lequad	1048576		invalid
->1		lelong	2097152
+#>1		lelong	2097152
->>5		lequad	2097152		invalid
+#>>5		lequad	2097152		invalid
->1		lelong	4194304
+#>1		lelong	4194304
->>5		lequad	4194304		invalid
+#>>5		lequad	4194304		invalid
->1		lelong	8388608
+#>1		lelong	8388608
->>5		lequad	8388608		invalid
+#>>5		lequad	8388608		invalid
->1		lelong	16777216
+#>1		lelong	16777216
->>5		lequad	16777216	invalid
+#>>5		lequad	16777216	invalid
->1		lelong	33554432
+#>1		lelong	33554432
->>5		lequad	33554432	invalid
+#>>5		lequad	33554432	invalid
->5		lequad	x		uncompressed size: %lld bytes
+#>5		lequad	x		uncompressed size: %lld bytes
+#
+#
-# ------------------------------------------------------------------
+## ------------------------------------------------------------------
-# Signature for LZMA compressed data with valid properties byte 0x41
+## Signature for LZMA compressed data with valid properties byte 0x41
-# ------------------------------------------------------------------
+## ------------------------------------------------------------------
-0		string	\x41\x00\x00	LZMA compressed data, properties: 0x41,
+#0		string	\x41\x00\x00	LZMA compressed data, properties: 0x41,
+#
-# These are all the valid dictionary sizes supported by LZMA utils.
+## These are all the valid dictionary sizes supported by LZMA utils.
->1		lelong	!65536	
+#>1		lelong	!65536	
->>1		lelong	!131072	
+#>>1		lelong	!131072	
->>>1		lelong	!262144	
+#>>>1		lelong	!262144	
->>>>1		lelong	!524288	
+#>>>>1		lelong	!524288	
->>>>>1		lelong	!1048576	
+#>>>>>1		lelong	!1048576	
->>>>>>1		lelong	!2097152	
+#>>>>>>1		lelong	!2097152	
->>>>>>>1	lelong	!4194304	
+#>>>>>>>1	lelong	!4194304	
->>>>>>>>1	lelong	!8388608	
+#>>>>>>>>1	lelong	!8388608	
->>>>>>>>>1	lelong	!16777216	
+#>>>>>>>>>1	lelong	!16777216	
->>>>>>>>>>1	lelong	!33554432	invalid
+#>>>>>>>>>>1	lelong	!33554432	invalid
->1		lelong	x		dictionary size: %d bytes,
+#>1		lelong	x		dictionary size: %d bytes,
+#
-# Assume that a valid size will be greater than 32 bytes and less than 1GB (a value of -1 IS valid).
+## Assume that a valid size will be greater than 32 bytes and less than 1GB (a value of -1 IS valid).
-# This could technically be valid, but is unlikely.
+## This could technically be valid, but is unlikely.
->5		lequad	!-1
+#>5		lequad	!-1
->>5		lequad	<32		invalid
+#>>5		lequad	<32		invalid
->>5		lequad	>0x40000000	invalid
+#>>5		lequad	>0x40000000	invalid
+#
-# These are not 100%. The uncompressed size could be exactly the same as the dicionary size, but it is unlikely.
+## These are not 100%. The uncompressed size could be exactly the same as the dicionary size, but it is unlikely.
-# Since most false positives are the result of repeating sequences of bytes (such as executable instructions),
+## Since most false positives are the result of repeating sequences of bytes (such as executable instructions),
-# marking matches with the same uncompressed and dictionary sizes as invalid eliminates much of these false positives.
+## marking matches with the same uncompressed and dictionary sizes as invalid eliminates much of these false positives.
->1		lelong	65536
+#>1		lelong	65536
->>5		lequad	65536		invalid
+#>>5		lequad	65536		invalid
->1		lelong	131072
+#>1		lelong	131072
->>5		lequad	131072		invalid
+#>>5		lequad	131072		invalid
->1		lelong	262144
+#>1		lelong	262144
->>5		lequad	262144		invalid
+#>>5		lequad	262144		invalid
->1		lelong	524288
+#>1		lelong	524288
->>5		lequad	524288		invalid
+#>>5		lequad	524288		invalid
->1		lelong	1048576
+#>1		lelong	1048576
->>5		lequad	1048576		invalid
+#>>5		lequad	1048576		invalid
->1		lelong	2097152
+#>1		lelong	2097152
->>5		lequad	2097152		invalid
+#>>5		lequad	2097152		invalid
->1		lelong	4194304
+#>1		lelong	4194304
->>5		lequad	4194304		invalid
+#>>5		lequad	4194304		invalid
->1		lelong	8388608
+#>1		lelong	8388608
->>5		lequad	8388608		invalid
+#>>5		lequad	8388608		invalid
->1		lelong	16777216
+#>1		lelong	16777216
->>5		lequad	16777216	invalid
+#>>5		lequad	16777216	invalid
->1		lelong	33554432
+#>1		lelong	33554432
->>5		lequad	33554432	invalid
+#>>5		lequad	33554432	invalid
->5		lequad	x		uncompressed size: %lld bytes
+#>5		lequad	x		uncompressed size: %lld bytes
+#
+#
-# ------------------------------------------------------------------
+## ------------------------------------------------------------------
-# Signature for LZMA compressed data with valid properties byte 0x48
+## Signature for LZMA compressed data with valid properties byte 0x48
-# ------------------------------------------------------------------
+## ------------------------------------------------------------------
-0		string	\x48\x00\x00	LZMA compressed data, properties: 0x48,
+#0		string	\x48\x00\x00	LZMA compressed data, properties: 0x48,
+#
-# These are all the valid dictionary sizes supported by LZMA utils.
+## These are all the valid dictionary sizes supported by LZMA utils.
->1		lelong	!65536	
+#>1		lelong	!65536	
->>1		lelong	!131072	
+#>>1		lelong	!131072	
->>>1		lelong	!262144	
+#>>>1		lelong	!262144	
->>>>1		lelong	!524288	
+#>>>>1		lelong	!524288	
->>>>>1		lelong	!1048576	
+#>>>>>1		lelong	!1048576	
->>>>>>1		lelong	!2097152	
+#>>>>>>1		lelong	!2097152	
->>>>>>>1	lelong	!4194304	
+#>>>>>>>1	lelong	!4194304	
->>>>>>>>1	lelong	!8388608	
+#>>>>>>>>1	lelong	!8388608	
->>>>>>>>>1	lelong	!16777216	
+#>>>>>>>>>1	lelong	!16777216	
->>>>>>>>>>1	lelong	!33554432	invalid
+#>>>>>>>>>>1	lelong	!33554432	invalid
->1		lelong	x		dictionary size: %d bytes,
+#>1		lelong	x		dictionary size: %d bytes,
+#
-# Assume that a valid size will be greater than 32 bytes and less than 1GB (a value of -1 IS valid).
+## Assume that a valid size will be greater than 32 bytes and less than 1GB (a value of -1 IS valid).
-# This could technically be valid, but is unlikely.
+## This could technically be valid, but is unlikely.
->5		lequad	!-1
+#>5		lequad	!-1
->>5		lequad	<32		invalid
+#>>5		lequad	<32		invalid
->>5		lequad	>0x40000000	invalid
+#>>5		lequad	>0x40000000	invalid
+#
-# These are not 100%. The uncompressed size could be exactly the same as the dicionary size, but it is unlikely.
+## These are not 100%. The uncompressed size could be exactly the same as the dicionary size, but it is unlikely.
-# Since most false positives are the result of repeating sequences of bytes (such as executable instructions),
+## Since most false positives are the result of repeating sequences of bytes (such as executable instructions),
-# marking matches with the same uncompressed and dictionary sizes as invalid eliminates much of these false positives.
+## marking matches with the same uncompressed and dictionary sizes as invalid eliminates much of these false positives.
->1		lelong	65536
+#>1		lelong	65536
->>5		lequad	65536		invalid
+#>>5		lequad	65536		invalid
->1		lelong	131072
+#>1		lelong	131072
->>5		lequad	131072		invalid
+#>>5		lequad	131072		invalid
->1		lelong	262144
+#>1		lelong	262144
->>5		lequad	262144		invalid
+#>>5		lequad	262144		invalid
->1		lelong	524288
+#>1		lelong	524288
->>5		lequad	524288		invalid
+#>>5		lequad	524288		invalid
->1		lelong	1048576
+#>1		lelong	1048576
->>5		lequad	1048576		invalid
+#>>5		lequad	1048576		invalid
->1		lelong	2097152
+#>1		lelong	2097152
->>5		lequad	2097152		invalid
+#>>5		lequad	2097152		invalid
->1		lelong	4194304
+#>1		lelong	4194304
->>5		lequad	4194304		invalid
+#>>5		lequad	4194304		invalid
->1		lelong	8388608
+#>1		lelong	8388608
->>5		lequad	8388608		invalid
+#>>5		lequad	8388608		invalid
->1		lelong	16777216
+#>1		lelong	16777216
->>5		lequad	16777216	invalid
+#>>5		lequad	16777216	invalid
->1		lelong	33554432
+#>1		lelong	33554432
->>5		lequad	33554432	invalid
+#>>5		lequad	33554432	invalid
->5		lequad	x		uncompressed size: %lld bytes
+#>5		lequad	x		uncompressed size: %lld bytes
+#
+#
-# ------------------------------------------------------------------
+## ------------------------------------------------------------------
-# Signature for LZMA compressed data with valid properties byte 0x49
+## Signature for LZMA compressed data with valid properties byte 0x49
-# ------------------------------------------------------------------
+## ------------------------------------------------------------------
-0		string	\x49\x00\x00	LZMA compressed data, properties: 0x49,
+#0		string	\x49\x00\x00	LZMA compressed data, properties: 0x49,
+#
-# These are all the valid dictionary sizes supported by LZMA utils.
+## These are all the valid dictionary sizes supported by LZMA utils.
->1		lelong	!65536	
+#>1		lelong	!65536	
->>1		lelong	!131072	
+#>>1		lelong	!131072	
->>>1		lelong	!262144	
+#>>>1		lelong	!262144	
->>>>1		lelong	!524288	
+#>>>>1		lelong	!524288	
->>>>>1		lelong	!1048576	
+#>>>>>1		lelong	!1048576	
->>>>>>1		lelong	!2097152	
+#>>>>>>1		lelong	!2097152	
->>>>>>>1	lelong	!4194304	
+#>>>>>>>1	lelong	!4194304	
->>>>>>>>1	lelong	!8388608	
+#>>>>>>>>1	lelong	!8388608	
->>>>>>>>>1	lelong	!16777216	
+#>>>>>>>>>1	lelong	!16777216	
->>>>>>>>>>1	lelong	!33554432	invalid
+#>>>>>>>>>>1	lelong	!33554432	invalid
->1		lelong	x		dictionary size: %d bytes,
+#>1		lelong	x		dictionary size: %d bytes,
+#
-# Assume that a valid size will be greater than 32 bytes and less than 1GB (a value of -1 IS valid).
+## Assume that a valid size will be greater than 32 bytes and less than 1GB (a value of -1 IS valid).
-# This could technically be valid, but is unlikely.
+## This could technically be valid, but is unlikely.
->5		lequad	!-1
+#>5		lequad	!-1
->>5		lequad	<32		invalid
+#>>5		lequad	<32		invalid
->>5		lequad	>0x40000000	invalid
+#>>5		lequad	>0x40000000	invalid
+#
-# These are not 100%. The uncompressed size could be exactly the same as the dicionary size, but it is unlikely.
+## These are not 100%. The uncompressed size could be exactly the same as the dicionary size, but it is unlikely.
-# Since most false positives are the result of repeating sequences of bytes (such as executable instructions),
+## Since most false positives are the result of repeating sequences of bytes (such as executable instructions),
-# marking matches with the same uncompressed and dictionary sizes as invalid eliminates much of these false positives.
+## marking matches with the same uncompressed and dictionary sizes as invalid eliminates much of these false positives.
->1		lelong	65536
+#>1		lelong	65536
->>5		lequad	65536		invalid
+#>>5		lequad	65536		invalid
->1		lelong	131072
+#>1		lelong	131072
->>5		lequad	131072		invalid
+#>>5		lequad	131072		invalid
->1		lelong	262144
+#>1		lelong	262144
->>5		lequad	262144		invalid
+#>>5		lequad	262144		invalid
->1		lelong	524288
+#>1		lelong	524288
->>5		lequad	524288		invalid
+#>>5		lequad	524288		invalid
->1		lelong	1048576
+#>1		lelong	1048576
->>5		lequad	1048576		invalid
+#>>5		lequad	1048576		invalid
->1		lelong	2097152
+#>1		lelong	2097152
->>5		lequad	2097152		invalid
+#>>5		lequad	2097152		invalid
->1		lelong	4194304
+#>1		lelong	4194304
->>5		lequad	4194304		invalid
+#>>5		lequad	4194304		invalid
->1		lelong	8388608
+#>1		lelong	8388608
->>5		lequad	8388608		invalid
+#>>5		lequad	8388608		invalid
->1		lelong	16777216
+#>1		lelong	16777216
->>5		lequad	16777216	invalid
+#>>5		lequad	16777216	invalid
->1		lelong	33554432
+#>1		lelong	33554432
->>5		lequad	33554432	invalid
+#>>5		lequad	33554432	invalid
->5		lequad	x		uncompressed size: %lld bytes
+#>5		lequad	x		uncompressed size: %lld bytes
 # ------------------------------------------------------------------

--- a/src/scripts/examples/signature_scan.py
+++ b/src/scripts/examples/signature_scan.py
@@ -5,9 +5,9 @@ import binwalk
 try:
    # Perform a signature scan against the files specified on the command line and suppress the usual binwalk output.
-	for module in binwalk.Modules().execute(*sys.argv[1:], signature=True, quiet=True):
+    for module in binwalk.Modules().execute(*sys.argv[1:], signature=True, quiet=True):
-		print ("%s Results:" % module.name)
+        print ("%s Results:" % module.name)
-		for result in module.results:
+        for result in module.results:
-			print ("\t%s    0x%.8X    %s" % (result.file.name, result.offset, result.description))
+            print ("\t%s    0x%.8X    %s" % (result.file.name, result.offset, result.description))
 except binwalk.ModuleException as e:
-	pass
+    pass