Is this a File Header / Magic Number?
Posted
by
Hammer Bro.
on Super User
See other posts from Super User
or by Hammer Bro.
Published on 2012-07-27T00:11:20Z
Indexed on
2012/08/31
9:41 UTC
Read the original article
Hit count: 401
file-types
|hexdump
I've got 120,000 files (way more, actually; this is just an arbitrary subset) of an unknown type. Linux file
does not identify them (not that they're necessarily Linux files), nor do any other methods I've tried. There are only two hints about them that I currently have. One is that I suspect some compression is employed -- I have metadata that claims the file sizes are always some amount larger than what I observe.
The other is that in 100,000 of these files, the first 16 bytes are always:
ff ee ee dd 00 00 00 00 01 00 00 00 00 00 00 00
That really looks like a file header/magic number to me, but I just can't place it. Does anyone know what kind of files this would indicate? Alternatively, can anyone convince me that these suspiciously common bytes certainly do not indicate a specific file type?
UPDATE
I don't know the exact reverse-engineering details, but most of the files in our case are zips after the first 29(? or so) bytes are ignored. So in practice the problem is solved (we know how to process the files) but in theory the question is still unanswered -- I don't know which application routinely prepends about 29 bytes to its zips. [I'm not sure if I should leave the question open or not at this point.]
© Super User or respective owner