Skip to content

B
binwalk
Commit ef653b30 by devttys0
Options

Improved false positive detection for ELF, PNG and TRX signatures

parent 4508cec8
Showing with 13 additions and 6 deletions
src/magic/executables
...@@ -23,7 +23,10 @@ ...@@ -23,7 +23,10 @@
>>18 beshort 10 >>18 beshort 10
>>>36 belong &0x20 N32 >>>36 belong &0x20 N32
>4 byte 2 64-bit >4 byte 2 64-bit
>5 byte 0 invalid byte order >4 byte >2
>>4 byte x unknown ELF class: 0x%X
>5 byte !1
>>5 byte !2 invalid byte order
>5 byte 1 LSB >5 byte 1 LSB
# The official e_machine number for MIPS is now #8, regardless of endianness. # The official e_machine number for MIPS is now #8, regardless of endianness.
# The second number (#10) will be deprecated later. For now, we still # The second number (#10) will be deprecated later. For now, we still
...@@ -203,7 +206,7 @@ ...@@ -203,7 +206,7 @@
>>36 belong 1 MathCoPro/FPU/MAU Required >>36 belong 1 MathCoPro/FPU/MAU Required
# Up to now only 0, 1 and 2 are defined; I've seen a file with 0x83, it seemed # Up to now only 0, 1 and 2 are defined; I've seen a file with 0x83, it seemed
# like proper ELF, but extracting the string had bad results. # like proper ELF, but extracting the string had bad results.
>4 byte <0x80 >4 byte <0x80
>>8 string >\0 ("%s") >>8 string >\0 ("%s")
>8 string \0 >8 string \0
>>7 byte 0 (SYSV) >>7 byte 0 (SYSV)
......
src/magic/firmware
...@@ -90,18 +90,20 @@ ...@@ -90,18 +90,20 @@
>48 string x root device: "%s" >48 string x root device: "%s"
# trx image file # trx image file
0 string HDR0 TRX firmware header, little endian, header size: 28 bytes, 0 string HDR0 TRX firmware header, little endian, header size: 28 bytes,
>4 lelong <1 invalid >4 lelong <1 invalid
>4 lelong x image size: %d bytes, >4 lelong x image size: %d bytes,
>8 lelong x CRC32: 0x%X >8 lelong x CRC32: 0x%X
>12 leshort x flags: 0x%X, >12 leshort x flags: 0x%X,
>14 leshort >5 invalid
>14 leshort x version: %d >14 leshort x version: %d
0 string 0RDH TRX firmware header, big endian, header size: 28 bytes, 0 string 0RDH TRX firmware header, big endian, header size: 28 bytes,
>4 belong <1 invalid >4 belong <1 invalid
>4 belong x image size: %d bytes, >4 belong x image size: %d bytes,
>8 belong x CRC32: 0x%X >8 belong x CRC32: 0x%X
>12 beshort x flags: 0x%X, >12 beshort x flags: 0x%X,
>14 beshort >5 invalid
>14 beshort x version: %d >14 beshort x version: %d
......
src/magic/images
...@@ -11,8 +11,10 @@ ...@@ -11,8 +11,10 @@
# 137 P N G \r \n ^Z \n [4-byte length] H E A D [HEAD data] [HEAD crc] ... # 137 P N G \r \n ^Z \n [4-byte length] H E A D [HEAD data] [HEAD crc] ...
# #
0 string \x89PNG\x0d\x0a\x1a\x0a PNG image 0 string \x89PNG\x0d\x0a\x1a\x0a PNG image
>16 belong 0 invalid >16 belong <1 invalid
>20 belong 0 invalid >16 belong >10000 invalid
>20 belong <1 invalid
>20 belong >10000 invalid
>16 belong x \b, %ld x >16 belong x \b, %ld x
>20 belong x %ld, >20 belong x %ld,
>24 byte x %d-bit >24 byte x %d-bit
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment