diff options
Diffstat (limited to '')
-rw-r--r-- | magic/Magdir/java | 52 | ||||
-rw-r--r-- | magic/Magdir/javascript | 171 |
2 files changed, 223 insertions, 0 deletions
diff --git a/magic/Magdir/java b/magic/Magdir/java new file mode 100644 index 0000000..d361275 --- /dev/null +++ b/magic/Magdir/java @@ -0,0 +1,52 @@ + +#------------------------------------------------------------ +# $File: java,v 1.22 2023/01/11 23:59:49 christos Exp $ +# Java ByteCode and Mach-O binaries (e.g., Mac OS X) use the +# same magic number, 0xcafebabe, so they are both handled +# in the entry called "cafebabe". +#------------------------------------------------------------ +# Java serialization +# From Martin Pool (m.pool@pharos.com.au) +0 beshort 0xaced Java serialization data +>2 beshort >0x0004 \b, version %d + +0 belong 0xfeedfeed Java KeyStore +!:mime application/x-java-keystore +0 belong 0xcececece Java JCE KeyStore +!:mime application/x-java-jce-keystore + +# Java source +0 regex \^import.*;$ Java source +!:mime text/x-java + +# Java HPROF dumps +# https://java.net/downloads/heap-snapshot/hprof-binary-format.html +0 string JAVA\x20PROFILE\x201.0. +>0x12 byte 0 +>>0x11 ubyte-0x31 <2 Java HPROF dump, +>>>0x17 beqdate/1000 x created %s + +# Java jmod module +# See https://hg.openjdk.java.net/jdk9/jdk9/jdk/file/tip/src/java.base/share/classes/jdk/internal/jmod/JmodFile.java +# Grr. 2 byte magic "JM", really? In 2019? +0 belong 0x4a4d0100 Java jmod module version 1.0 +!:mime application/x-java-jmod + +# Java jlinked image +# See https://hg.openjdk.java.net/jdk9/jdk9/jdk/file/tip/src/java.base/share/native/libjimage/imageFile.hpp +0 belong 0xcafedada Java module image (big endian) +>4 beshort >0x00 \b, version %d +>6 beshort x \b.%d +!:mime application/x-java-image + +0 lelong 0xcafedada Java module image (little endian) +>6 leshort >0x00 \b, version %d +>4 leshort x \b.%d +!:mime application/x-java-image + +# JAR Manifest & Signature File +# Reference: https://docs.oracle.com/javase/8/docs/technotes/guides/jar/jar.html +0 string/t Manifest-Version:\x201.0 JAR Manifest +!:ext MF +0 string/t Signature-Version:\x201.0 JAR Signature File +!:ext SF diff --git a/magic/Magdir/javascript b/magic/Magdir/javascript new file mode 100644 index 0000000..90a09cc --- /dev/null +++ b/magic/Magdir/javascript @@ -0,0 +1,171 @@ + +#------------------------------------------------------------------------------ +# $File: javascript,v 1.5 2023/01/12 00:02:16 christos Exp $ +# javascript: magic for javascript and node.js scripts. +# +0 string/tw #!/bin/node Node.js script executable +!:mime application/javascript +0 string/tw #!/usr/bin/node Node.js script executable +!:mime application/javascript +0 string/tw #!/bin/nodejs Node.js script executable +!:mime application/javascript +0 string/tw #!/usr/bin/nodejs Node.js script executable +!:mime application/javascript +0 string/t #!/usr/bin/env\ node Node.js script executable +!:mime application/javascript +0 string/t #!/usr/bin/env\ nodejs Node.js script executable +!:mime application/javascript + +# JavaScript +# The strength is increased to beat the C++ & HTML rules +0 search "use\x20strict" JavaScript source +!:strength +30 +!:mime application/javascript +!:ext js +0 search 'use\x20strict' JavaScript source +!:strength +30 +!:mime application/javascript +!:ext js +0 regex module(\\.|\\[["'])exports.*= JavaScript source +!:strength +30 +!:mime application/javascript +!:ext js +0 regex \^(const|var|let).*=.*require\\( JavaScript source +!:strength +30 +!:mime application/javascript +!:ext js +0 regex \^export\x20(function|class|default|const|var|let|async)\x20 JavaScript source +!:strength +30 +!:mime application/javascript +!:ext js +0 regex \\((async\x20)?function[(\x20] JavaScript source +!:strength +30 +!:mime application/javascript +!:ext js +0 regex \^(import|export).*\x20from\x20 JavaScript source +!:strength +30 +!:mime application/javascript +!:ext js +0 regex \^(import|export)\x20["']\\./ JavaScript source +!:strength +30 +!:mime application/javascript +!:ext js +0 regex \^require\\(["'] JavaScript source +!:strength +30 +!:mime application/javascript +!:ext js +0 regex typeof.*[!=]== JavaScript source +!:strength +30 +!:mime application/javascript +!:ext js + +# React Native minified JavaScript +0 search/128 __BUNDLE_START_TIME__= React Native minified JavaScript +!:strength +30 +!:mime application/javascript +!:ext bundle/jsbundle + +# Hermes by Facebook https://hermesengine.dev/ +# https://github.com/facebook/hermes/blob/master/include/hermes/\ +# BCGen/HBC/BytecodeFileFormat.h#L24 +0 lequad 0x1F1903C103BC1FC6 Hermes JavaScript bytecode +>8 lelong x \b, version %d + +# v8 JavaScript engine bytecode +# From: Alexandre Iooss <erdnaxe@crans.org> +# URL: https://v8.dev/docs/ignition +# Note: used in bytenode and NW.js protected source code +# V8 bytecode extraction was added in NodeJS v5.7.0 (V8 4.6.85.31). +# Version information is provided for some v8 versions found in NodeJS releases. +2 uleshort =0xC0DE +>0 ulelong^0xC0DE0000 >0 +# Reservation table starts at 40 +>>40 ulelong&0xFFFFFF00 =0x80000000 +# Stub keys present +>>>24 ulelong >0 +>>>>0 ulelong^0xC0DE0000 x v8 bytecode, external reference table size: %u bytes, +>>>>4 ulelong =0xEE4BF478 version 5.1.281.111, +>>>>4 ulelong =0xC4A0100C version 5.5.372.43, +>>>>8 ulelong x source size: %u bytes, +>>>>12 ulelong x cpu features: %#08X, +>>>>16 ulelong x flag hash: %#08X, +>>>>20 ulelong x %u reservations, +>>>>28 ulelong x payload size: %u bytes, +>>>>32 ulelong x checksum1: %#08X, +>>>>36 ulelong x checksum2: %#08X +# No stub keys +>>>24 ulelong =0 +>>>>0 ulelong^0xC0DE0000 x v8 bytecode, external reference table size: %u bytes, +>>>>4 ulelong =0x54F0AD81 version 6.2.414.46, +>>>>4 ulelong =0X7D1BF182 version 6.2.414.54, +>>>>4 ulelong =0x35BA122E version 6.2.414.77, +>>>>4 ulelong =0X9319F9C2 version 6.2.414.78, +>>>>4 ulelong =0xB1240060 version 6.6.346.32, +>>>>4 ulelong =0x2B757060 version 6.7.288.46, +>>>>4 ulelong =0x09D147AA version 6.7.288.49, +>>>>4 ulelong =0xF4D4F48A version 6.8.275.32, +>>>>4 ulelong =0xD3961326 version 7.0.276.38, +>>>>8 ulelong x source size: %u bytes, +>>>>12 ulelong x cpu features: %#08X, +>>>>16 ulelong x flag hash: %#08X, +>>>>20 ulelong x %u reservations, +>>>>28 ulelong x payload size: %u bytes, +>>>>32 ulelong x checksum1: %#08X, +>>>>36 ulelong x checksum2: %#08X +# Reservation table starts at 32 +>>32 ulelong&0xFFFFFF00 =0x80000000 +# Second checksum present +>>>28 ulelong >0 +>>>>0 ulelong^0xC0DE0000 x v8 bytecode, external reference table size: %u bytes, +>>>>4 ulelong =0x21DDF627 version 7.4.288.21, +>>>>4 ulelong =0x1FC9FE84 version 7.4.288.27, +>>>>4 ulelong =0x60A99E8B version 7.5.288.22, +>>>>4 ulelong =0x4F665E90 version 7.6.303.29, +>>>>4 ulelong =0xC7ACFCDE version 7.7.299.11, +>>>>4 ulelong =0x7F641D8F version 7.7.299.13, +>>>>4 ulelong =0xFD9A4F2E version 7.8.279.17, +>>>>4 ulelong =0x3A845324 version 7.8.279.23, +>>>>4 ulelong =0xFF52FEAF version 7.9.317.25, +>>>>8 ulelong x source size: %u bytes, +>>>>12 ulelong x flag hash: %#08X, +>>>>16 ulelong x %u reservations, +>>>>20 ulelong x payload size: %u bytes, +>>>>24 ulelong x checksum1: %#08X, +>>>>28 ulelong x checksum2: %#08X +# No second checksum +>>>28 ulelong =0 +>>>>0 ulelong^0xC0DE0000 x v8 bytecode, external reference table size: %u bytes, +>>>>4 ulelong =0x8725E0F8 version 8.1.307.30, +>>>>4 ulelong =0x09ED1289 version 8.1.307.31, +>>>>4 ulelong =0xA5728C87 version 8.3.110.9, +>>>>4 ulelong =0xB45C5D30 version 8.4.371.23, +>>>>4 ulelong =0xED9C278B version 8.4.371.19, +>>>>4 ulelong =0xD27BFF42 version 8.6.395.16, +>>>>8 ulelong x source size: %u bytes, +>>>>12 ulelong x flag hash: %#08X, +>>>>16 ulelong x %u reservations, +>>>>20 ulelong x payload size: %u bytes, +>>>>24 ulelong x payload checksum: %#08X +# No reservation table and code starts at 24 +>>32 ulelong =0 +>>>0 ulelong^0xC0DE0000 x v8 bytecode, external reference table size: %u bytes, +>>>4 ulelong =0x9A6F0B0F version 9.0.257.17, +>>>4 ulelong =0x271D5D1E version 9.0.257.24, +>>>4 ulelong =0x4EEA75DF version 9.0.257.25, +>>>4 ulelong =0x80809479 version 9.1.269.36, +>>>4 ulelong =0x55C46F65 version 9.1.269.38, +>>>4 ulelong =0x8A9C758A version 9.2.230.21, +>>>4 ulelong =0x9712F0E1 version 9.3.345.16, +>>>4 ulelong =0x29593715 version 9.4.146.19, +>>>4 ulelong =0xCD991825 version 9.4.146.24, +>>>4 ulelong =0xACDD64EE version 9.4.146.26, +>>>4 ulelong =0xC96B4CD5 version 9.5.172.21, +>>>4 ulelong =0xBCCE4578 version 9.5.172.25, +>>>4 ulelong =0xA2EEA077 version 9.6.180.15, +>>>4 ulelong =0xFD350011 version 10.1.124.8, +>>>4 ulelong =0xBEF4028F version 10.2.154.13, +>>>4 ulelong =0xAF632352 version 10.2.154.4, +>>>8 ulelong x source size: %u bytes, +>>>12 ulelong x flag hash: %#08X, +>>>16 ulelong x payload size: %u bytes, +>>>20 ulelong x payload checksum: %#08X |