Updated ZIP signature to ignore OpenDocument formats

3154b001 · devttys0 · 45473685 · 3154b001
Commit 3154b001 authored Feb 01, 2021 by devttys0
Show whitespace changes
Inline Side-by-side

Showing with 10 additions and 0 deletions

archives src/binwalk/magic/archives +10 -0

No files found.
--- a/src/binwalk/magic/archives
+++ b/src/binwalk/magic/archives
@@ -37,6 +37,15 @@
 >>30    ubelong     !0x6d696d65     at least v2.0 to extract,
 >4      byte        0x2d
 >>30    ubelong     !0x6d696d65     at least v3.0 to extract,
+
+# From: https://github.com/threatstack/libmagic/blob/master/magic/Magdir/archive
+# Specialised zip formats which start with a member named 'mimetype'
+# (stored uncompressed, with no 'extra field') containing the file's MIME type.
+# Check for have 8-byte name, 0-byte extra field, name "mimetype", and
+# contents starting with "application/". These aren't normal ZIP files and they
+# don't extract properly; mark them as invalid.
+>26	string	    \x08\x00\x00\x00mimetypeapplication/    OpenDocument Text,{invalid}
+
 >18     lelong      !0
 >>18    lelong      x              compressed size: %d,
 >>18    ulelong	    !0xFFFFFFFF
@@ -48,6 +57,7 @@
 >26     leshort     x               {strlen:%d}
 >30     string      x               name: {string}%s

+
 # ZIP footer
 0       string      PK\x05\x06      End of Zip archive,
 >20	leshort+22  <1		    invalid{invalid}