[File] [PATCH] of Magdir/tplink for misidentified DBT
Jörg Jenderek
joerg.jen.der.ek at gmx.net
Fri Mar 27 21:08:07 UTC 2020
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
some days ago i run file command version 5.38 on dBase Memo files
(*.dbt). These are sometimes misidentified by Magdir/tplink as
openwrt firmware. This looks with good examples like:
gluon-ffhat-0.9.2-tp-link-tl-wr741n-nd-v1-sysupgrade.bin:
firmware 741 v1 OpenWrt r49389, 3932160 bytes or less,
at 0x200 1290680 bytes gzip compressed data, max compression,
from Unix, original size modulo 2^32 3737169374
gzip compressed data, reserved method,
from FAT filesystem (MS-DOS, OS/2, NT),
original size modulo 2^32 3737169374, at 0x0
gluon-ffrefugee-0.9.2-tp-link-tl-wr941n-nd-v6-sysupgrade.bin:
firmware 941 v6 OpenWrt r49389, 3932160 bytes or less,
at 0x200 1282804 bytes , at 0x100000 2233070 bytes
openwrt-ar71xx-generic-tl-wr1043nd-v1-squashfs-sysupgrade.bin:
firmware 1043 v1 OpenWrt r36088, 8126464 bytes or less,
at 0x200 965120 bytes gzip compressed data, max compression,
from Unix, original size modulo 2^32 3737169374
gzip compressed data, reserved method,
from FAT filesystem (MS-DOS, OS/2, NT),
original size modulo 2^32 3737169374, at 0x0
stop.dbt:
firmware 0 v0 (revision 0)
.dbt s/new07942.fsdbf,
0 bytes or less, at 0x0 0 bytes , at 0x0 0 bytes
user.dbt:
firmware 0 v0 (revision 0)
e/catfood/webkit/example s/new00694.dbt,
0 bytes or less, at 0x0 0 bytes , at 0x0 0 bytes
Unfortunately tp-link firmware files have no real good magic
pattern, but luckily the displaying part is encapsulated in side
the sub routine firmware-tplink. So only the lines testing for
firmware characteristics must be changed.
In Magdir/tplink with 4 lines test for valid firmware header
version 1 or 2 and for header padding with nulls was done like
0 ulelong <3
>0 ulelong !0
>>0x100 long 0
Then skipped bad example like NCCLEAN.INI by looking for a valid
(ASCII printable) vendor name like "OpenWrt" by line like
>>>4 ubelong >0x1F000000
And then afterwards subroutine to display information for
firmware binaries was called by
>>>>0 use firmware-tplink
Before calling sub routine i now also look for positive hardware id
by additional fifth test line which now looks like:
>>>>0x40 ubeshort >0
>>>>>0 use firmware-tplink
After applying the above mentioned modifications by patch
file-5.35-tplink-dbt.diff then all bad inspected DBT examples are
skipped and good samples are still described correctly.
I hope my diff file can be applied in future version of file utility.
With best wishes
Jörg Jenderek
- --
Jörg Jenderek
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iF0EARECAB0WIQS5/qNWKD4ASGOJGL+v8rHJQhrU1gUCXn5rIAAKCRCv8rHJQhrU
1o7PAJ4nObmALDfEEErhqxOryUzC7OMI2ACgro0dMZlTjEaEITudrDiA/rNPi2A=
=USoB
-----END PGP SIGNATURE-----
-------------- next part --------------
--- file-5.38/magic/Magdir/tplink.old 2019-04-19 01:42:27 +0000
+++ file-5.38/magic/Magdir/tplink 2020-03-27 16:29:50 +0000
@@ -14,5 +14,7 @@
# skip Norton Commander Cleanup Utility NCCLEAN.INI by looking for valid vendor
>>>4 ubelong >0x1F000000
->>>>0 use firmware-tplink
+# skip user.dbt by looking for positive hardware id
+>>>>0x40 ubeshort >0
+>>>>>0 use firmware-tplink
0 name firmware-tplink
-------------- next part --------------
A non-text attachment was scrubbed...
Name: file-5.38-tplink-dbt.diff.sig
Type: application/octet-stream
Size: 95 bytes
Desc: not available
URL: <https://mailman.astron.com/pipermail/file/attachments/20200327/b7a81b23/attachment.obj>
More information about the File
mailing list