|
In diary entry "Recognizing ZLIB Compression", I mention my tool file-magic.py: it's mainly a wrapper for command file (libmagic). By default, command file has no definitions to detect ZLIB detection, but my tool file-magic.py uses an additional file with custom definitions:
Take for example a ZLIB compressed stream in a PDF document:
As you can see, the stream starts with 0x78, an indication that this is ZLIB compression. Piping this stream in my file-magic.py tool helps identifying the unfiltered stream content:
Of course, if you don't want to use this tool, you can just integrate these ZLIB definitions in your own definition files. Didier Stevens |
DidierStevens 449 Posts ISC Handler |
| Subscribe |
Aug 4th 2019 9 months ago |
Sign Up for Free or Log In to start participating in the conversation!
