Is it possible to detect file type without magic number?
Is it possible to detect file type without magic number?
Brandon Rivera
Other urls found in this thread:
stackoverflow.com
en.m.wikipedia.org
twitter.com
Justin Johnson
30 years I use computers, and I never need that. We have invented extensions user.
Or are you doing forensics?
Jayden Reed
What do you mean without magic number?
Oliver Richardson
Nice PNG image you are trying to hide
Liam Murphy
You aren't shilling some tool are you?
Dominic Smith
Maybe some kind of automated tool exists (to find hidden footers and every combination of replacing them with headers to carve out files if that is what you are looking for.
Is finding magic numbers really that much of a pain? just use a scientific calculator if I remember correctly.
Christian Nelson
Heuristically...this is how humans figure things out.
Get disassembling son.
For you dumb ass.
stackoverflow.com
Nicholas Bell
>Is it possible to detect file type without magic number?
yes
Jaxon Howard
What I'm saying is if some one change magic number of a porn
into all 0s, how can I get the real file type?
Jack Gomez
Christopher Howard
Why do you honestly need that though?
If you want to hide a file then just encrypt it.
Anyways to answer your question, yes, it is possible, and some files give off more information than others, not to mention information left by the editor.
For example, if you edit a jpg in paint you get jpg's magic number which you can delete, but paint leaves this "Paint Tool -SAI- JPEG Encoder v1.00" in the file. So effectively you know it's a jpg.
Henry Kelly
So If I understand correctly they simply replace the magic number with all 0s and it stays the same length? Then all you have to do is search for magic numbers with that length, and maybe use some info left by editors in the file and stuff like that, if that's not enough.
Joshua Parker
run file and binwalk on this
Gavin Allen
Here's your answer, good luck user.
James Lopez
>output.png
Matthew Morris
user, what's on pic? I really need it. Is it GDB? How can i enable that kind of output? I often need to disassemble some shit to get some signature from memory but with gdb's "x" it's so painful.
Grayson Foster
Looks like xxd
Adam Gomez
Oh, yes, it is. Thank you. Seems like it can read files dumped from gdb so it's fine for my purpose.
Thomas Scott
It can read any file that can be read(3), so pretty much any file.
For disassembly i'd use objdump(1), for firmware disassembly I'd use binwalk.
Use strings(1) when what you want is to extract all readable strings from a file.
Andrew Butler
install libmagic
Gabriel Wright
I usually look at the end of the file. If it says .jpg, then it means you can probably open it with Windows Paint. Hope this helped.