[File] [PATCH] Magdir/archive Reduce TTComp false positives
A. IOOSS
erdnaxe at crans.org
Sat May 31 14:38:28 UTC 2025
Hello,
While working on improving ARM Cortex-M matching, I noticed that some
firmware images are detected as 'TTComp archive data, binary, 1K
dictionary' which is very wrong. This happens because the image starts
with '0004' which also match TTComp magic.
Looking a bit closer at TTComp magic, I noticed that J. Jenderek pointed
https://mark0.net/forum/index.php?topic=848 as a possible improvement to
reduce false positives (thanks!).
Attached you may find a patch that implements the matching on the last 2
bytes of TTComp files using this idea.
This patch was tested using samples linked on
http://fileformats.archiveteam.org/wiki/TTCOMP :
```
BRTSWFTE.TTC: TTComp archive data
CYBSWFTE.TTC: TTComp archive data
GCBSWFTE.TTC: TTComp archive data
GCISWFTE.TTC: TTComp archive data
GCNSWFTE.TTC: TTComp archive data
```
Thanks a lot,
-- A.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ttcomp-fix.patch
Type: text/x-patch
Size: 2266 bytes
Desc: not available
URL: <https://mailman.astron.com/pipermail/file/attachments/20250531/3b959e57/attachment.bin>
More information about the File
mailing list