• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

File headers + how they work

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Goto page 1, 2  Next
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Programming and More

View previous topic :: View next topic  
Author Message
b4rtm4n
Trusted SF Member
Trusted SF Member


Joined: 26 May 2002
Posts: 16777206
Location: Bi Mon Sci Fi Con

Offline

PostPosted: Tue Aug 20, 2002 7:55 pm    Post subject: File headers + how they work Reply with quote

Does anyone have a doc or link to a decent code level explanation of how file headers (ie the bit that defines the file type not the extension) work and how they can be amended.

Masquerading one file type as another.

Cheers
Back to top
View user's profile Send private message Send e-mail
Tom Bair
SF Boss
SF Boss


Joined: 10 Aug 2002
Posts: 16776955
Location: Portland, Oregon USA

Offline

PostPosted: Tue Aug 20, 2002 9:48 pm    Post subject: Reply with quote

Not sure this is what you're asking for, but:

The <!doctype> tag

--------------------------------------------------------------------------------

Definition and Usage
The <!doctype> declaration should be the very first thing in your HTML document, before any other element. This tag tells the browser which HTML specification the document uses.

In HTML 4.0 you can choose between 3 Document Type Definitions (DTD):


--------------------------------------------------------------------------------

Strict DTD
The Strict DTD excludes the presentation attributes and elements that W3C expects to move to a style sheet. If you need to include presentation attributes in your page you can use the Transitional DTD.

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">


--------------------------------------------------------------------------------

Transitional DTD
The Transitional DTD includes presentation attributes and elements that W3C expects to move to a style sheet.

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01
Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


--------------------------------------------------------------------------------

Frameset DTD
The Frameset DTD should be used for documents with frames. This DTD is identical to the Transitional DTD except for: in frameset documents, the frameset element replaces the body element.

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01
Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd">


--------------------------------------------------------------------------------

Attributes: NONE
Back to top
View user's profile Send private message Visit poster's website
b4rtm4n
Trusted SF Member
Trusted SF Member


Joined: 26 May 2002
Posts: 16777206
Location: Bi Mon Sci Fi Con

Offline

PostPosted: Tue Aug 20, 2002 10:25 pm    Post subject: Reply with quote

Nice try!

Was hoping more along the lines of how a binary avi using windows media codec distinguishes itselft from an avi using divx at a hex/bin level.

Not that video is what i'm concerned with.

More along the lines of circumventing content filters by recoding an .exe as a .doc and being able to convert the two content types back and forth. Twisted Evil

Purley an exercise Wink
Back to top
View user's profile Send private message Send e-mail
b4rtm4n
Trusted SF Member
Trusted SF Member


Joined: 26 May 2002
Posts: 16777206
Location: Bi Mon Sci Fi Con

Offline

PostPosted: Tue Aug 20, 2002 10:26 pm    Post subject: Reply with quote

MIME encoding as well!!
Back to top
View user's profile Send private message Send e-mail
Tom Bair
SF Boss
SF Boss


Joined: 10 Aug 2002
Posts: 16776955
Location: Portland, Oregon USA

Offline

PostPosted: Wed Aug 21, 2002 12:53 am    Post subject: Reply with quote

b4rtm4n wrote:
Nice try!

Was hoping more along the lines of how a binary avi using windows media codec distinguishes itselft from an avi using divx at a hex/bin level.

Not that video is what i'm concerned with.

More along the lines of circumventing content filters by recoding an .exe as a .doc and being able to convert the two content types back and forth. Twisted Evil

Purley an exercise Wink


Sorry b4rtm4n ... that stuff is way beyond my beginning experience. (I'd be willing to bet you a 16 oz. cola that I won't even understand the correct answer that some expert posts to you Embarassed Laughing )
Back to top
View user's profile Send private message Visit poster's website
b4rtm4n
Trusted SF Member
Trusted SF Member


Joined: 26 May 2002
Posts: 16777206
Location: Bi Mon Sci Fi Con

Offline

PostPosted: Thu Aug 22, 2002 10:38 am    Post subject: Reply with quote

Not to worry. I only grasp the basics.

Laughing
Back to top
View user's profile Send private message Send e-mail
pancho
Just Arrived
Just Arrived


Joined: 18 Oct 2002
Posts: 0


Offline

PostPosted: Sat Oct 19, 2002 2:50 am    Post subject: Reply with quote

Does the content filter go into the file to check the header? All you will probably have to do is doctor the extension, and advertise that after downloading it will have to be fixed.
Back to top
View user's profile Send private message
b4rtm4n
Trusted SF Member
Trusted SF Member


Joined: 26 May 2002
Posts: 16777206
Location: Bi Mon Sci Fi Con

Offline

PostPosted: Sat Oct 19, 2002 11:21 am    Post subject: Reply with quote

The content filter doesn't look at the extension. I think that would be a bit easy to get round. Very Happy

It currently looks at the MIME encoding type

eg application/ms-word, audio/mp3, etc

I was hoping someone knew/had a link to how this encoding works.

Also the file headers have a definition of the file type. You can change a .jpeg to a .xls but you can still view it in the browser, and Excel says it's an invalid workbook.

I'd like to expand the filter if possible to almost application level. But I think I need to know how the headers work first. Sad
Back to top
View user's profile Send private message Send e-mail
pancho
Just Arrived
Just Arrived


Joined: 18 Oct 2002
Posts: 0


Offline

PostPosted: Sat Oct 19, 2002 6:31 pm    Post subject: Reply with quote

Gotcha...

Here is a URL for you:

Format of Internet Message Bodies -
http://www.oac.uci.edu/indiv/ehood/MIME/2045/rfc2045.html

Is that what you looking for?

Pancho
Back to top
View user's profile Send private message
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Sat Oct 19, 2002 6:41 pm    Post subject: Reply with quote

I think he's more interested in what's inside the file, the first few lines that define it's type and how that effects anything..

Not sure really though, I'd be interested to know more about it though.
Back to top
View user's profile Send private message Visit poster's website
b4rtm4n
Trusted SF Member
Trusted SF Member


Joined: 26 May 2002
Posts: 16777206
Location: Bi Mon Sci Fi Con

Offline

PostPosted: Sat Oct 19, 2002 9:40 pm    Post subject: Reply with quote

Pretty much!

I'm trying to understand how the file headers work and how they compare/work with (probably not the correct words) with the MIME headers.
Back to top
View user's profile Send private message Send e-mail
pancho
Just Arrived
Just Arrived


Joined: 18 Oct 2002
Posts: 0


Offline

PostPosted: Sun Oct 20, 2002 1:18 am    Post subject: Reply with quote

OK - I realize that sometimes I'm a little slow... but I am trying to help Smile

One more...

"This website is dedicated to helping developers, gamers, and techno-enthusiasts find and use binary file formats, definitions, and specifications. " - http://www.filespecs.com/index.jsp

Eventually, I will get it right... or you'll get tired and tell me "Ok - that's EXACTLY what I am looking for" just to get me to shut up. Rolling Eyes

Pancho
Back to top
View user's profile Send private message
hads
Trusted SF Member
Trusted SF Member


Joined: 23 May 2002
Posts: 3
Location: New Zealand

Offline

PostPosted: Sun Oct 20, 2002 2:06 am    Post subject: Reply with quote

I'm quite interested aswell so I've been having a bit of search and discovered that I can't find anything about it Evil or Very Mad

About the only interesting thing I found was the *nix `file` command which I didn't know existed.
Back to top
View user's profile Send private message
b4rtm4n
Trusted SF Member
Trusted SF Member


Joined: 26 May 2002
Posts: 16777206
Location: Bi Mon Sci Fi Con

Offline

PostPosted: Mon Oct 21, 2002 11:04 am    Post subject: Reply with quote

Thats an interesting looking site. Cool Certainly has some of the info i think i need.

I spent ages on google trying to work out the correct question to ask.

The info must be in the public domain otherwise Linux wouldn't be able to understand file types.
Back to top
View user's profile Send private message Send e-mail
haydies
Just Arrived
Just Arrived


Joined: 19 Apr 2002
Posts: 0
Location: Hades

Offline

PostPosted: Tue Oct 22, 2002 9:49 pm    Post subject: Reply with quote

http://www.itee.uq.edu.au/~cristina/students/david/honoursThesis96/bff.htm

If you open an EXE in textpad then you can see the header. The MZ is what tells the os its an application. Differant file types differant numbers.

Do a google search for "exe binary header", there are lots of other things. Don't know if they are any use.
Back to top
View user's profile Send private message Visit poster's website
haydies
Just Arrived
Just Arrived


Joined: 19 Apr 2002
Posts: 0
Location: Hades

Offline

PostPosted: Tue Oct 22, 2002 9:51 pm    Post subject: Reply with quote

This ones better..

http://cs.southwesternadventist.edu/~durkin/csis360/notes/binary_file_formats.html
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Programming and More All times are GMT + 2 Hours
Goto page 1, 2  Next
Page 1 of 2


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Looking for more Windows Networking info?

Sign up to the WindowsNetworking.com Monthly Newsletter, written by Enterprise Security MVP Deb Shinder, containing news, the hottest tips, Networking links of the month and much more. Subscribe today and don't miss a thing!
View a sample newsletter.

Become a WindowsNetworking.com member!

Discuss your Windows Networking issues with thousands of other Windows Newtorking experts. Click here to join!

Community Area

Log in | Register

Readers' Choice

Which is your preferred data recovery solution?

Follow TechGenix on Twitter