[File] [PATCH] of Magdir/tplink for misidentified DBT

Christos Zoulas christos at zoulas.com
Sat Mar 28 23:14:40 UTC 2020 

Committed, thanks!

christos

> On Mar 27, 2020, at 5:08 PM, Jörg Jenderek <joerg.jen.der.ek at gmx.net> wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hello,
> 
> some days ago i run file command version 5.38 on dBase Memo files
> (*.dbt). These are sometimes misidentified by Magdir/tplink as
> openwrt firmware. This looks with good examples like:
> 
> gluon-ffhat-0.9.2-tp-link-tl-wr741n-nd-v1-sysupgrade.bin:
> 	firmware 741 v1 OpenWrt r49389, 3932160 bytes or less,
> 	at 0x200 1290680 bytes gzip compressed data, max compression,
> 	from Unix, original size modulo 2^32 3737169374
> 	gzip compressed data, reserved method,
> 	from FAT filesystem (MS-DOS, OS/2, NT),
> 	original size modulo 2^32 3737169374, at 0x0
> gluon-ffrefugee-0.9.2-tp-link-tl-wr941n-nd-v6-sysupgrade.bin:
> 	firmware 941 v6 OpenWrt r49389, 3932160 bytes or less,
> 	at 0x200 1282804 bytes , at 0x100000 2233070 bytes
> openwrt-ar71xx-generic-tl-wr1043nd-v1-squashfs-sysupgrade.bin:
> 	firmware 1043 v1 OpenWrt r36088, 8126464 bytes or less,
> 	at 0x200 965120 bytes gzip compressed data, max compression,
> 	from Unix, original size modulo 2^32 3737169374
> 	gzip compressed data, reserved method,
> 	from FAT filesystem (MS-DOS, OS/2, NT),
> 	original size modulo 2^32 3737169374, at 0x0
> stop.dbt:
> 	firmware 0 v0 (revision 0)
> 	.dbt s/new07942.fsdbf,
> 	0 bytes or less, at 0x0 0 bytes , at 0x0 0 bytes
> user.dbt:
> 	firmware 0 v0 (revision 0)
> 	e/catfood/webkit/example s/new00694.dbt,
> 	0 bytes or less, at 0x0 0 bytes , at 0x0 0 bytes
> 
> Unfortunately tp-link firmware files have no real good magic
> pattern, but luckily the displaying part is encapsulated in side
> the sub routine firmware-tplink. So only the lines testing for
> firmware characteristics must be changed.
> 
> In Magdir/tplink with 4 lines test for valid firmware header
> version 1 or 2 and for header padding with nulls was done like
> 0		ulelong		<3
>> 0		ulelong		!0
>>> 0x100	long		0
> Then skipped bad example like NCCLEAN.INI by looking for a valid
> (ASCII printable) vendor name like "OpenWrt" by line like
>>>> 4		ubelong		>0x1F000000
> And then afterwards subroutine to display information for
> firmware binaries was called by
>>>>> 0		use		firmware-tplink
> 
> Before calling sub routine i now also look for positive hardware id
> by additional fifth test line which now looks like:
>>>>> 0x40	ubeshort	>0
>>>>>> 0		use		firmware-tplink
> 
> After applying the above mentioned modifications by patch
> file-5.35-tplink-dbt.diff then all bad inspected DBT examples are
> skipped and good samples are still described correctly.
> 
> I hope my diff file can be applied in future version of file utility.
> 
> With best wishes
> Jörg Jenderek
> - --
> Jörg Jenderek
> 
> -----BEGIN PGP SIGNATURE-----
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
> 
> iF0EARECAB0WIQS5/qNWKD4ASGOJGL+v8rHJQhrU1gUCXn5rIAAKCRCv8rHJQhrU
> 1o7PAJ4nObmALDfEEErhqxOryUzC7OMI2ACgro0dMZlTjEaEITudrDiA/rNPi2A=
> =USoB
> -----END PGP SIGNATURE-----
> <file-5_38-tplink-dbt_diff.DEFANGED-5301><file-5_38-tplink-dbt_diff_sig.DEFANGED-5302>--
> File mailing list
> File at astron.com
> https://mailman.astron.com/mailman/listinfo/file
> <sanitizer.log>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 235 bytes
Desc: Message signed with OpenPGP
URL: <https://mailman.astron.com/pipermail/file/attachments/20200328/33060095/attachment.asc>

More information about the File mailing list