summaryrefslogtreecommitdiffstats
path: root/magic/Magdir
diff options
context:
space:
mode:
Diffstat (limited to 'magic/Magdir')
-rw-r--r--magic/Magdir/acorn102
-rw-r--r--magic/Magdir/adi13
-rw-r--r--magic/Magdir/adventure122
-rw-r--r--magic/Magdir/aes29
-rw-r--r--magic/Magdir/algol6835
-rw-r--r--magic/Magdir/allegro9
-rw-r--r--magic/Magdir/alliant18
-rw-r--r--magic/Magdir/amanda12
-rw-r--r--magic/Magdir/amigaos218
-rw-r--r--magic/Magdir/android259
-rw-r--r--magic/Magdir/animation1206
-rw-r--r--magic/Magdir/aout46
-rwxr-xr-xmagic/Magdir/apache28
-rw-r--r--magic/Magdir/apl7
-rw-r--r--magic/Magdir/apple773
-rw-r--r--magic/Magdir/application7
-rw-r--r--magic/Magdir/applix13
-rw-r--r--magic/Magdir/apt52
-rw-r--r--magic/Magdir/archive2607
-rw-r--r--magic/Magdir/aria38
-rw-r--r--magic/Magdir/arm50
-rw-r--r--magic/Magdir/asf132
-rw-r--r--magic/Magdir/assembler18
-rw-r--r--magic/Magdir/asterix18
-rw-r--r--magic/Magdir/att3b41
-rw-r--r--magic/Magdir/audio1291
-rw-r--r--magic/Magdir/avm33
-rw-r--r--magic/Magdir/basis18
-rw-r--r--magic/Magdir/beetle7
-rw-r--r--magic/Magdir/ber65
-rw-r--r--magic/Magdir/bflt14
-rw-r--r--magic/Magdir/bhl10
-rw-r--r--magic/Magdir/bioinformatics178
-rw-r--r--magic/Magdir/biosig154
-rw-r--r--magic/Magdir/blackberry8
-rw-r--r--magic/Magdir/blcr25
-rw-r--r--magic/Magdir/blender50
-rw-r--r--magic/Magdir/blit24
-rw-r--r--magic/Magdir/bm10
-rw-r--r--magic/Magdir/bout11
-rw-r--r--magic/Magdir/bsdi33
-rw-r--r--magic/Magdir/bsi10
-rw-r--r--magic/Magdir/btsnoop13
-rw-r--r--magic/Magdir/burp7
-rw-r--r--magic/Magdir/bytecode41
-rw-r--r--magic/Magdir/c-lang110
-rw-r--r--magic/Magdir/c64549
-rw-r--r--magic/Magdir/cad437
-rw-r--r--magic/Magdir/cafebabe107
-rw-r--r--magic/Magdir/cbor21
-rw-r--r--magic/Magdir/ccf14
-rw-r--r--magic/Magdir/cddb12
-rw-r--r--magic/Magdir/chord15
-rw-r--r--magic/Magdir/cisco12
-rw-r--r--magic/Magdir/citrus12
-rw-r--r--magic/Magdir/clarion27
-rw-r--r--magic/Magdir/claris48
-rw-r--r--magic/Magdir/clipper65
-rw-r--r--magic/Magdir/clojure30
-rw-r--r--magic/Magdir/coff98
-rw-r--r--magic/Magdir/commands201
-rw-r--r--magic/Magdir/communications22
-rw-r--r--magic/Magdir/compress461
-rw-r--r--magic/Magdir/console1226
-rw-r--r--magic/Magdir/convex69
-rw-r--r--magic/Magdir/coverage91
-rw-r--r--magic/Magdir/cracklib14
-rw-r--r--magic/Magdir/crypto49
-rw-r--r--magic/Magdir/ctags6
-rw-r--r--magic/Magdir/ctf23
-rw-r--r--magic/Magdir/cubemap8
-rw-r--r--magic/Magdir/cups56
-rw-r--r--magic/Magdir/dact11
-rw-r--r--magic/Magdir/database886
-rw-r--r--magic/Magdir/dataone47
-rw-r--r--magic/Magdir/dbpf15
-rw-r--r--magic/Magdir/der146
-rw-r--r--magic/Magdir/diamond12
-rw-r--r--magic/Magdir/dif33
-rw-r--r--magic/Magdir/diff41
-rw-r--r--magic/Magdir/digital59
-rw-r--r--magic/Magdir/dolby69
-rw-r--r--magic/Magdir/dump96
-rw-r--r--magic/Magdir/dwarfs45
-rw-r--r--magic/Magdir/dyadic61
-rw-r--r--magic/Magdir/ebml8
-rw-r--r--magic/Magdir/edid11
-rw-r--r--magic/Magdir/editors43
-rw-r--r--magic/Magdir/efi15
-rw-r--r--magic/Magdir/elf379
-rw-r--r--magic/Magdir/encore22
-rw-r--r--magic/Magdir/epoc62
-rw-r--r--magic/Magdir/erlang21
-rw-r--r--magic/Magdir/espressif57
-rw-r--r--magic/Magdir/esri28
-rw-r--r--magic/Magdir/fcs9
-rw-r--r--magic/Magdir/filesystems2694
-rw-r--r--magic/Magdir/finger16
-rw-r--r--magic/Magdir/firmware133
-rw-r--r--magic/Magdir/flash62
-rw-r--r--magic/Magdir/flif36
-rw-r--r--magic/Magdir/fonts449
-rw-r--r--magic/Magdir/forth82
-rw-r--r--magic/Magdir/fortran9
-rw-r--r--magic/Magdir/frame62
-rw-r--r--magic/Magdir/freebsd164
-rw-r--r--magic/Magdir/fsav128
-rw-r--r--magic/Magdir/fusecompress12
-rw-r--r--magic/Magdir/games696
-rw-r--r--magic/Magdir/gcc17
-rw-r--r--magic/Magdir/gconv10
-rw-r--r--magic/Magdir/gentoo85
-rw-r--r--magic/Magdir/geo166
-rw-r--r--magic/Magdir/geos20
-rw-r--r--magic/Magdir/gimp77
-rw-r--r--magic/Magdir/git13
-rw-r--r--magic/Magdir/glibc21
-rw-r--r--magic/Magdir/gnome59
-rw-r--r--magic/Magdir/gnu173
-rw-r--r--magic/Magdir/gnumeric8
-rw-r--r--magic/Magdir/gpt240
-rw-r--r--magic/Magdir/gpu28
-rw-r--r--magic/Magdir/grace21
-rw-r--r--magic/Magdir/graphviz12
-rw-r--r--magic/Magdir/gringotts48
-rw-r--r--magic/Magdir/hardware12
-rw-r--r--magic/Magdir/hitachi-sh30
-rw-r--r--magic/Magdir/hp433
-rw-r--r--magic/Magdir/human68k26
-rw-r--r--magic/Magdir/ibm37052
-rw-r--r--magic/Magdir/ibm600035
-rw-r--r--magic/Magdir/icc214
-rw-r--r--magic/Magdir/iff80
-rw-r--r--magic/Magdir/images4219
-rw-r--r--magic/Magdir/inform9
-rw-r--r--magic/Magdir/intel310
-rw-r--r--magic/Magdir/interleaf9
-rw-r--r--magic/Magdir/island10
-rw-r--r--magic/Magdir/ispell63
-rw-r--r--magic/Magdir/isz15
-rw-r--r--magic/Magdir/java52
-rw-r--r--magic/Magdir/javascript171
-rw-r--r--magic/Magdir/jpeg252
-rw-r--r--magic/Magdir/karma9
-rw-r--r--magic/Magdir/kde11
-rw-r--r--magic/Magdir/keepass20
-rw-r--r--magic/Magdir/kerberos45
-rw-r--r--magic/Magdir/kicad85
-rw-r--r--magic/Magdir/kml34
-rw-r--r--magic/Magdir/lammps64
-rw-r--r--magic/Magdir/lecter6
-rw-r--r--magic/Magdir/lex12
-rw-r--r--magic/Magdir/lif50
-rw-r--r--magic/Magdir/linux627
-rw-r--r--magic/Magdir/lisp78
-rw-r--r--magic/Magdir/llvm22
-rw-r--r--magic/Magdir/locoscript12
-rw-r--r--magic/Magdir/lua31
-rw-r--r--magic/Magdir/luks126
-rw-r--r--magic/Magdir/m411
-rw-r--r--magic/Magdir/mach303
-rw-r--r--magic/Magdir/macintosh505
-rw-r--r--magic/Magdir/macos7
-rw-r--r--magic/Magdir/magic71
-rw-r--r--magic/Magdir/mail.news132
-rw-r--r--magic/Magdir/make21
-rw-r--r--magic/Magdir/map413
-rw-r--r--magic/Magdir/maple109
-rw-r--r--magic/Magdir/marc2130
-rw-r--r--magic/Magdir/mathcad8
-rw-r--r--magic/Magdir/mathematica192
-rw-r--r--magic/Magdir/matroska17
-rw-r--r--magic/Magdir/mcrypt52
-rw-r--r--magic/Magdir/measure44
-rw-r--r--magic/Magdir/mercurial13
-rw-r--r--magic/Magdir/metastore8
-rw-r--r--magic/Magdir/meteorological53
-rw-r--r--magic/Magdir/microfocus21
-rw-r--r--magic/Magdir/mime9
-rw-r--r--magic/Magdir/mips120
-rw-r--r--magic/Magdir/mirage8
-rw-r--r--magic/Magdir/misctools140
-rw-r--r--magic/Magdir/mkid11
-rw-r--r--magic/Magdir/mlssa8
-rw-r--r--magic/Magdir/mmdf6
-rw-r--r--magic/Magdir/modem92
-rw-r--r--magic/Magdir/modulefile9
-rw-r--r--magic/Magdir/motorola71
-rw-r--r--magic/Magdir/mozilla37
-rw-r--r--magic/Magdir/msdos2304
-rw-r--r--magic/Magdir/msooxml68
-rw-r--r--magic/Magdir/msvc222
-rw-r--r--magic/Magdir/msx309
-rw-r--r--magic/Magdir/mup24
-rw-r--r--magic/Magdir/music17
-rw-r--r--magic/Magdir/nasa7
-rw-r--r--magic/Magdir/natinst24
-rw-r--r--magic/Magdir/ncr49
-rw-r--r--magic/Magdir/netbsd251
-rw-r--r--magic/Magdir/netscape26
-rw-r--r--magic/Magdir/netware11
-rw-r--r--magic/Magdir/news13
-rw-r--r--magic/Magdir/nifty202
-rw-r--r--magic/Magdir/nim-lang29
-rw-r--r--magic/Magdir/nitpicker14
-rw-r--r--magic/Magdir/numpy9
-rw-r--r--magic/Magdir/oasis12
-rw-r--r--magic/Magdir/ocaml14
-rw-r--r--magic/Magdir/octave6
-rw-r--r--magic/Magdir/ole2compounddocs760
-rw-r--r--magic/Magdir/olf98
-rw-r--r--magic/Magdir/openfst17
-rw-r--r--magic/Magdir/opentimestamps16
-rw-r--r--magic/Magdir/oric16
-rw-r--r--magic/Magdir/os2186
-rw-r--r--magic/Magdir/os40039
-rw-r--r--magic/Magdir/os980
-rw-r--r--magic/Magdir/osf110
-rw-r--r--magic/Magdir/palm156
-rw-r--r--magic/Magdir/parix13
-rw-r--r--magic/Magdir/parrot22
-rw-r--r--magic/Magdir/pascal39
-rw-r--r--magic/Magdir/pbf11
-rw-r--r--magic/Magdir/pbm8
-rw-r--r--magic/Magdir/pc8824
-rw-r--r--magic/Magdir/pc9877
-rw-r--r--magic/Magdir/pci_ids116
-rw-r--r--magic/Magdir/pcjr8
-rw-r--r--magic/Magdir/pdf51
-rw-r--r--magic/Magdir/pdp42
-rw-r--r--magic/Magdir/perl100
-rw-r--r--magic/Magdir/pgf52
-rw-r--r--magic/Magdir/pgp581
-rw-r--r--magic/Magdir/pgp-binary-keys388
-rw-r--r--magic/Magdir/pkgadd7
-rw-r--r--magic/Magdir/plan925
-rw-r--r--magic/Magdir/playdate57
-rw-r--r--magic/Magdir/plus518
-rw-r--r--magic/Magdir/pmem46
-rw-r--r--magic/Magdir/polyml23
-rw-r--r--magic/Magdir/printer278
-rw-r--r--magic/Magdir/project10
-rw-r--r--magic/Magdir/psdbms14
-rw-r--r--magic/Magdir/psl14
-rw-r--r--magic/Magdir/pulsar13
-rw-r--r--magic/Magdir/puzzle17
-rw-r--r--magic/Magdir/pwsafe14
-rw-r--r--magic/Magdir/pyramid12
-rw-r--r--magic/Magdir/python305
-rw-r--r--magic/Magdir/qt30
-rw-r--r--magic/Magdir/revision66
-rw-r--r--magic/Magdir/riff840
-rw-r--r--magic/Magdir/ringdove45
-rw-r--r--magic/Magdir/rpi52
-rw-r--r--magic/Magdir/rpm45
-rw-r--r--magic/Magdir/rpmsg7
-rw-r--r--magic/Magdir/rst13
-rw-r--r--magic/Magdir/rtf94
-rw-r--r--magic/Magdir/ruby55
-rw-r--r--magic/Magdir/rust21
-rw-r--r--magic/Magdir/sc7
-rw-r--r--magic/Magdir/sccs24
-rw-r--r--magic/Magdir/scientific144
-rw-r--r--magic/Magdir/securitycerts6
-rw-r--r--magic/Magdir/selinux24
-rw-r--r--magic/Magdir/sendmail37
-rw-r--r--magic/Magdir/sequent42
-rw-r--r--magic/Magdir/sereal35
-rw-r--r--magic/Magdir/sgi144
-rw-r--r--magic/Magdir/sgml161
-rw-r--r--magic/Magdir/sharc23
-rw-r--r--magic/Magdir/sinclair40
-rw-r--r--magic/Magdir/sisu18
-rw-r--r--magic/Magdir/sketch6
-rw-r--r--magic/Magdir/smalltalk25
-rw-r--r--magic/Magdir/smile34
-rw-r--r--magic/Magdir/sniffer482
-rw-r--r--magic/Magdir/softquad40
-rw-r--r--magic/Magdir/sosi40
-rw-r--r--magic/Magdir/spec21
-rw-r--r--magic/Magdir/spectrum184
-rw-r--r--magic/Magdir/sql288
-rw-r--r--magic/Magdir/ssh42
-rw-r--r--magic/Magdir/ssl20
-rw-r--r--magic/Magdir/statistics45
-rw-r--r--magic/Magdir/subtitle38
-rw-r--r--magic/Magdir/sun141
-rw-r--r--magic/Magdir/svf5
-rw-r--r--magic/Magdir/sylk36
-rw-r--r--magic/Magdir/symbos42
-rw-r--r--magic/Magdir/sysex429
-rw-r--r--magic/Magdir/tcl29
-rw-r--r--magic/Magdir/teapot6
-rw-r--r--magic/Magdir/terminfo63
-rw-r--r--magic/Magdir/tex141
-rw-r--r--magic/Magdir/tgif7
-rw-r--r--magic/Magdir/ti-8x239
-rw-r--r--magic/Magdir/timezone42
-rw-r--r--magic/Magdir/tplink95
-rw-r--r--magic/Magdir/troff44
-rw-r--r--magic/Magdir/tuxedo8
-rw-r--r--magic/Magdir/typeset8
-rw-r--r--magic/Magdir/uf272
-rw-r--r--magic/Magdir/unicode15
-rw-r--r--magic/Magdir/unisig12
-rw-r--r--magic/Magdir/unknown34
-rw-r--r--magic/Magdir/usd21
-rw-r--r--magic/Magdir/uterus16
-rw-r--r--magic/Magdir/uuencode28
-rw-r--r--magic/Magdir/vacuum-cleaner54
-rw-r--r--magic/Magdir/varied.out46
-rw-r--r--magic/Magdir/varied.script21
-rw-r--r--magic/Magdir/vax32
-rw-r--r--magic/Magdir/vicar17
-rw-r--r--magic/Magdir/virtual307
-rw-r--r--magic/Magdir/virtutech12
-rw-r--r--magic/Magdir/visx32
-rw-r--r--magic/Magdir/vms30
-rw-r--r--magic/Magdir/vmware6
-rw-r--r--magic/Magdir/vorbis155
-rw-r--r--magic/Magdir/vxl14
-rw-r--r--magic/Magdir/warc16
-rw-r--r--magic/Magdir/weak16
-rw-r--r--magic/Magdir/web18
-rw-r--r--magic/Magdir/webassembly17
-rw-r--r--magic/Magdir/windows1822
-rw-r--r--magic/Magdir/wireless7
-rw-r--r--magic/Magdir/wordprocessors630
-rw-r--r--magic/Magdir/wsdl23
-rw-r--r--magic/Magdir/x6800025
-rw-r--r--magic/Magdir/xdelta13
-rw-r--r--magic/Magdir/xenix106
-rw-r--r--magic/Magdir/xilinx58
-rw-r--r--magic/Magdir/xo6537
-rw-r--r--magic/Magdir/xwindows43
-rw-r--r--magic/Magdir/yara17
-rw-r--r--magic/Magdir/zfs96
-rw-r--r--magic/Magdir/zilog12
-rw-r--r--magic/Magdir/zip126
-rw-r--r--magic/Magdir/zyxel17
340 files changed, 45070 insertions, 0 deletions
diff --git a/magic/Magdir/acorn b/magic/Magdir/acorn
new file mode 100644
index 0000000..37a4ed7
--- /dev/null
+++ b/magic/Magdir/acorn
@@ -0,0 +1,102 @@
+
+#------------------------------------------------------------------------------
+# $File: acorn,v 1.8 2021/04/26 15:56:00 christos Exp $
+# acorn: file(1) magic for files found on Acorn systems
+#
+
+# RISC OS Chunk File Format
+# From RISC OS Programmer's Reference Manual, Appendix D
+# We guess the file type from the type of the first chunk.
+0 lelong 0xc3cbc6c5 RISC OS Chunk data
+>12 string OBJ_ \b, AOF object
+>12 string LIB_ \b, ALF library
+
+# RISC OS AIF, contains "SWI OS_Exit" at offset 16.
+16 lelong 0xef000011 RISC OS AIF executable
+
+# RISC OS Draw files
+# From RISC OS Programmer's Reference Manual, Appendix E
+0 string Draw RISC OS Draw file data
+
+# RISC OS new format font files
+# From RISC OS Programmer's Reference Manual, Appendix E
+0 string FONT\0 RISC OS outline font data,
+>5 byte x version %d
+0 string FONT\1 RISC OS 1bpp font data,
+>5 byte x version %d
+0 string FONT\4 RISC OS 4bpp font data
+>5 byte x version %d
+
+# RISC OS Music files
+# From RISC OS Programmer's Reference Manual, Appendix E
+0 string Maestro\r RISC OS music file
+>8 byte x version %d
+
+>8 byte x type %d
+
+# Digital Symphony data files
+# From: Bernard Jungen (bern8817@euphonynet.be)
+0 string \x02\x01\x13\x13\x13\x01\x0d\x10 Digital Symphony sound sample (RISC OS),
+>8 byte x version %d,
+>9 pstring x named "%s",
+>(9.b+19) byte =0 8-bit logarithmic
+>(9.b+19) byte =1 LZW-compressed linear
+>(9.b+19) byte =2 8-bit linear signed
+>(9.b+19) byte =3 16-bit linear signed
+>(9.b+19) byte =4 SigmaDelta-compressed linear
+>(9.b+19) byte =5 SigmaDelta-compressed logarithmic
+>(9.b+19) byte >5 unknown format
+
+0 string \x02\x01\x13\x13\x14\x12\x01\x0b Digital Symphony song (RISC OS),
+>8 byte x version %d,
+>9 byte =1 1 voice,
+>9 byte !1 %d voices,
+>10 leshort =1 1 track,
+>10 leshort !1 %d tracks,
+>12 leshort =1 1 pattern
+>12 leshort !1 %d patterns
+
+0 string \x02\x01\x13\x13\x10\x14\x12\x0e
+>9 byte =0 Digital Symphony sequence (RISC OS),
+>>8 byte x version %d,
+>>10 byte =1 1 line,
+>>10 byte !1 %d lines,
+>>11 leshort =1 1 position
+>>11 leshort !1 %d positions
+>9 byte =1 Digital Symphony pattern data (RISC OS),
+>>8 byte x version %d,
+>>10 leshort =1 1 pattern
+>>10 leshort !1 %d patterns
+
+# From: Joerg Jenderek
+# URL: https://www.kyzer.me.uk/pack/xad/#PackDir
+# reference: https://www.kyzer.me.uk/pack/xad/xad_PackDir.lha/PackDir.c
+# GRR: line below is too general as it matches also "Git pack" in ./revision
+0 string PACK\0
+# check for valid compression method 0-4
+>5 ulelong <5
+# https://www.riscosopen.org/wiki/documentation/show/Introduction%20To%20Filing%20Systems
+# To skip "Git pack" version 0 test for root directory object like
+# ADFS::RPC.$.websitezip.FONTFIX
+>>9 string >ADFS\ PackDir archive (RISC OS)
+# TrID labels above as "Acorn PackDir compressed Archive"
+# compression mode y (0 - 4) for GIF LZW with a maximum n bits
+# (y~n,0~12,1~13,2~14,3~15,4~16)
+>>>5 ulelong+12 x \b, LZW %u-bits compression
+# https://www.filebase.org.uk/filetypes
+# !Packdir compressed archive has three hexadecimal digits code 68E
+!:mime application/x-acorn-68E
+!:ext pkd/bin
+# null terminated root directory object like IDEFS::IDE-4.$.Apps.GRAPHICS.!XFMPdemo
+>>>9 string x \b, root "%s"
+# load address 0xFFFtttdd, ttt is the object filetype and dddddddddd is time
+>>>>&1 ulelong x \b, load address %#x
+# execution address 0xdddddddd dddddddddd is 40 bit unsigned centiseconds since 1.1.1900 UTC
+>>>>&5 ulelong x \b, exec address %#x
+# attributes (bits: 0~owner read,1~owner write,3~no delete,4~public read,5~public write)
+>>>>&9 ulelong x \b, attributes %#x
+# number of entries in this directory. for root dir 0
+#>>>&13 ulelong x \b, entries %#x
+# the entries start here with object name
+>>>>&17 string x \b, 1st object "%s"
+
diff --git a/magic/Magdir/adi b/magic/Magdir/adi
new file mode 100644
index 0000000..2fe79d4
--- /dev/null
+++ b/magic/Magdir/adi
@@ -0,0 +1,13 @@
+
+#------------------------------------------------------------------------------
+# $File: adi,v 1.4 2009/09/19 16:28:07 christos Exp $
+# adi: file(1) magic for ADi's objects
+# From Gregory McGarry <g.mcgarry@ieee.org>
+#
+0 leshort 0x521c COFF DSP21k
+>18 lelong &02 executable,
+>18 lelong ^02
+>>18 lelong &01 static object,
+>>18 lelong ^01 relocatable object,
+>18 lelong &010 stripped
+>18 lelong ^010 not stripped
diff --git a/magic/Magdir/adventure b/magic/Magdir/adventure
new file mode 100644
index 0000000..bd7f863
--- /dev/null
+++ b/magic/Magdir/adventure
@@ -0,0 +1,122 @@
+
+#------------------------------------------------------------------------------
+# $File: adventure,v 1.18 2019/04/19 00:42:27 christos Exp $
+# adventure: file(1) magic for Adventure game files
+#
+# from Allen Garvin <earendil@faeryland.tamu-commerce.edu>
+# Edited by Dave Chapeskie <dchapes@ddm.on.ca> Jun 28, 1998
+# Edited by Chris Chittleborough <cchittleborough@yahoo.com.au>, March 2002
+#
+# ALAN
+# I assume there are other, lower versions, but these are the only ones I
+# saw in the archive.
+0 beshort 0x0206 ALAN game data
+>2 byte <10 version 2.6%d
+
+
+# Infocom (see z-machine)
+#------------------------------------------------------------------------------
+# Z-machine: file(1) magic for Z-machine binaries.
+# Sanity checks by David Griffith <dave@661.org>
+# Updated by Adam Buchbinder <adam.buchbinder@gmail.com>
+#
+#http://www.gnelson.demon.co.uk/zspec/sect11.html
+#https://www.jczorkmid.net/~jpenney/ZSpec11-latest.txt
+#https://en.wikipedia.org/wiki/Z-machine
+# The first byte is the Z-machine revision; it is always between 1 and 8. We
+# had false matches (for instance, inbig5.ocp from the Omega TeX extension as
+# well as an occasional MP3 file), so we sanity-check the version number.
+#
+# It might be possible to sanity-check the release number as well, as it seems
+# (at least in classic Infocom games) to always be a relatively small number,
+# always under 150 or so, but as this isn't rigorous, we'll wait on that until
+# it becomes clear that it's needed.
+#
+0 ubyte >0
+>0 ubyte <9
+>>16 belong&0xfe00f0f0 0x3030
+>>>0 ubyte < 10
+>>>>2 ubeshort x
+>>>>>18 regex [0-9][0-9][0-9][0-9][0-9][0-9]
+>>>>>>0 ubyte < 10 Infocom (Z-machine %d
+>>>>>>>2 ubeshort x \b, Release %d
+>>>>>>>>18 string >\0 \b, Serial %.6s
+>>>>>>>>18 string x \b)
+!:strength + 40
+!:mime application/x-zmachine
+
+#------------------------------------------------------------------------------
+# Glulx: file(1) magic for Glulx binaries.
+#
+# David Griffith <dave@661.org>
+# I haven't checked for false matches yet.
+#
+0 string Glul Glulx game data
+>4 beshort x (Version %d
+>>6 byte x \b.%d
+>>8 byte x \b.%d)
+>36 string Info Compiled by Inform
+!:mime application/x-glulx
+
+
+# For Quetzal and blorb magic see iff
+
+
+# TADS (Text Adventure Development System) version 2
+# All files are machine-independent (games compile to byte-code) and are tagged
+# with a version string of the form "V2.<digit>.<digit>\0".
+# Game files start with "TADS2 bin\n\r\032\0" then the compiler version.
+0 string TADS2\ bin TADS
+>9 belong !0x0A0D1A00 game data, CORRUPTED
+>9 belong 0x0A0D1A00
+>>13 string >\0 %s game data
+!:mime application/x-tads
+# Resource files start with "TADS2 rsc\n\r\032\0" then the compiler version.
+0 string TADS2\ rsc TADS
+>9 belong !0x0A0D1A00 resource data, CORRUPTED
+>9 belong 0x0A0D1A00
+>>13 string >\0 %s resource data
+!:mime application/x-tads
+# Some saved game files start with "TADS2 save/g\n\r\032\0", a little-endian
+# 2-byte length N, the N-char name of the game file *without* a NUL (darn!),
+# "TADS2 save\n\r\032\0" and the interpreter version.
+0 string TADS2\ save/g TADS
+>12 belong !0x0A0D1A00 saved game data, CORRUPTED
+>12 belong 0x0A0D1A00
+>>(16.s+32) string >\0 %s saved game data
+!:mime application/x-tads
+# Other saved game files start with "TADS2 save\n\r\032\0" and the interpreter
+# version.
+0 string TADS2\ save TADS
+>10 belong !0x0A0D1A00 saved game data, CORRUPTED
+>10 belong 0x0A0D1A00
+>>14 string >\0 %s saved game data
+!:mime application/x-tads
+
+# TADS (Text Adventure Development System) version 3
+# Game files start with "T3-image\015\012\032"
+0 string T3-image\015\012\032
+>11 leshort x TADS 3 game data (format version %d)
+# Saved game files start with "T3-state-v####\015\012\032"
+# where #### is a format version number
+0 string T3-state-v
+>14 string \015\012\032 TADS 3 saved game data (format version
+>>10 byte x %c
+>>11 byte x \b%c
+>>12 byte x \b%c
+>>13 byte x \b%c)
+!:mime application/x-t3vm-image
+
+# edited by David Griffith <dave@661.org>
+# Danny Milosavljevic <danny.milo@gmx.net>
+# These are ADRIFT (adventure game standard) game files, extension .taf
+# Checked from source at (http://www.adrift.co/) and various taf files
+# found at the Interactive Fiction Archive (https://ifarchive.org/)
+0 belong 0x3C423FC9
+>4 belong 0x6A87C2CF Adrift game file version
+>>8 belong 0x94453661 3.80
+>>8 belong 0x94453761 3.90
+>>8 belong 0x93453E61 4.0
+>>8 belong 0x92453E61 5.0
+>>8 default x unknown
+!:mime application/x-adrift
diff --git a/magic/Magdir/aes b/magic/Magdir/aes
new file mode 100644
index 0000000..e5e1edc
--- /dev/null
+++ b/magic/Magdir/aes
@@ -0,0 +1,29 @@
+
+#------------------------------------------------------------------------------
+# $File: aes,v 1.1 2020/08/18 21:20:22 christos Exp $
+#
+# aes: magic file for AES encrypted files
+
+# Summary: AES Crypt Encrypted Data File
+# From: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
+# Reference: https://www.aescrypt.com/aes_file_format.html
+0 string AES
+>3 ubyte <3 AES encrypted data, version %u
+#!:mime application/aes
+!:mime application/x-aes-encrypted
+!:ext aes
+# For Version 2 the encrypted file can have text tags
+>>3 ubyte =2
+# length of an extension identifier and contents like: 0 24 33 38
+#>>5 ubeshort x \b, tag length %u
+#>>5 pstring/H x '%s'
+# standard extension tags like CREATED_BY
+>>>7 string CREATED_BY \b, created by
+# software product, manufacturer like "SharpAESCrypt v1.3.3.0" "aescrypt (Windows GUI) 3.10" ...
+>>>>&1 string x "%s"
+# TODO: more other tags
+# tag CREATED_DATE like YYYY-MM-DD
+# tag CREATED_TIME like HH:MM:SS
+#
+
diff --git a/magic/Magdir/algol68 b/magic/Magdir/algol68
new file mode 100644
index 0000000..1ca1fad
--- /dev/null
+++ b/magic/Magdir/algol68
@@ -0,0 +1,35 @@
+
+#------------------------------------------------------------------------------
+# $File: algol68,v 1.6 2022/11/06 18:36:55 christos Exp $
+# algol68: file(1) magic for Algol 68 source
+#
+# URL: https://en.wikipedia.org/wiki/ALGOL_68
+# Reference: http://www.softwarepreservation.org/projects/ALGOL/report/Algol68_revised_report-AB.pdf
+# Update: Joerg Jenderek
+0 search/8192 (input,
+>0 use algol_68
+# graph_2d.a68
+0 regex/4006 \^PROC[[:space:]][a-zA-Z0-9_[:space:]]*[[:space:]]=
+>0 use algol_68
+0 regex/1024 \bMODE[\t\ ]
+>0 use algol_68
+0 regex/1024 \bMODE[\t\ ]
+>0 use algol_68
+0 regex/1024 \bREF[\t\ ]
+>0 use algol_68
+0 regex/1024 \bFLEX[\t\ ]\*\\[
+>0 use algol_68
+
+# display information like mime type and file name extension of Algol 68 source text
+0 name algol_68 Algol 68 source text
+!:mime text/x-Algol68
+# https://file-extension.net/seeker/file_extension_a68
+!:ext a68
+#!:ext a68/alg
+
+#0 regex [\t\ ]OD Algol 68 source text
+#>0 use algol_68
+#!:mime text/x-Algol68
+#0 regex [\t\ ]FI Algol 68 source text
+#>0 use algol_68
+#!:mime text/x-Algol68
diff --git a/magic/Magdir/allegro b/magic/Magdir/allegro
new file mode 100644
index 0000000..b937c9c
--- /dev/null
+++ b/magic/Magdir/allegro
@@ -0,0 +1,9 @@
+
+#------------------------------------------------------------------------------
+# $File: allegro,v 1.4 2009/09/19 16:28:07 christos Exp $
+# allegro: file(1) magic for Allegro datafiles
+# Toby Deshane <hac@shoelace.digivill.net>
+#
+0 belong 0x736C6821 Allegro datafile (packed)
+0 belong 0x736C682E Allegro datafile (not packed/autodetect)
+0 belong 0x736C682B Allegro datafile (appended exe data)
diff --git a/magic/Magdir/alliant b/magic/Magdir/alliant
new file mode 100644
index 0000000..9620202
--- /dev/null
+++ b/magic/Magdir/alliant
@@ -0,0 +1,18 @@
+
+#------------------------------------------------------------------------------
+# $File: alliant,v 1.7 2009/09/19 16:28:07 christos Exp $
+# alliant: file(1) magic for Alliant FX series a.out files
+#
+# If the FX series is the one that had a processor with a 68K-derived
+# instruction set, the "short" should probably become "beshort" and the
+# "long" should probably become "belong".
+# If it's the i860-based one, they should probably become either the
+# big-endian or little-endian versions, depending on the mode they ran
+# the 860 in....
+#
+0 short 0420 0420 Alliant virtual executable
+>2 short &0x0020 common library
+>16 long >0 not stripped
+0 short 0421 0421 Alliant compact executable
+>2 short &0x0020 common library
+>16 long >0 not stripped
diff --git a/magic/Magdir/amanda b/magic/Magdir/amanda
new file mode 100644
index 0000000..e7fa539
--- /dev/null
+++ b/magic/Magdir/amanda
@@ -0,0 +1,12 @@
+
+#------------------------------------------------------------------------------
+# $File: amanda,v 1.6 2017/03/17 21:35:28 christos Exp $
+# amanda: file(1) magic for amanda file format
+#
+0 string AMANDA:\ AMANDA
+>8 string TAPESTART\ DATE tape header file,
+>>23 string X
+>>>25 string >\ Unused %s
+>>23 string >\ DATE %s
+>8 string FILE\ dump file,
+>>13 string >\ DATE %s
diff --git a/magic/Magdir/amigaos b/magic/Magdir/amigaos
new file mode 100644
index 0000000..fdd947f
--- /dev/null
+++ b/magic/Magdir/amigaos
@@ -0,0 +1,218 @@
+
+#------------------------------------------------------------------------------
+# $File: amigaos,v 1.20 2021/09/20 00:42:19 christos Exp $
+# amigaos: file(1) magic for AmigaOS binary formats:
+
+#
+# From ignatios@cs.uni-bonn.de (Ignatios Souvatzis)
+#
+0 belong 0x000003fa AmigaOS shared library
+0 belong 0x000003f3 AmigaOS loadseg()ble executable/binary
+0 belong 0x000003e7 AmigaOS object/library data
+#
+0 beshort 0xe310 Amiga Workbench
+>2 beshort 1
+>>48 byte 1 disk icon
+>>48 byte 2 drawer icon
+>>48 byte 3 tool icon
+>>48 byte 4 project icon
+>>48 byte 5 garbage icon
+>>48 byte 6 device icon
+>>48 byte 7 kickstart icon
+>>48 byte 8 workbench application icon
+>2 beshort >1 icon, vers. %d
+#
+# various sound formats from the Amiga
+# G=F6tz Waschk <waschk@informatik.uni-rostock.de>
+#
+0 string FC14 Future Composer 1.4 Module sound file
+0 string SMOD Future Composer 1.3 Module sound file
+0 string AON4artofnoise Art Of Noise Module sound file
+1 string MUGICIAN/SOFTEYES Mugician Module sound file
+58 string SIDMON\ II\ -\ THE Sidmon 2.0 Module sound file
+0 string Synth4.0 Synthesis Module sound file
+0 string ARP. The Holy Noise Module sound file
+0 string BeEp\0 JamCracker Module sound file
+0 string COSO\0 Hippel-COSO Module sound file
+# Too simple (short, pure ASCII, deep), MPi
+#26 string V.3 Brian Postma's Soundmon Module sound file v3
+#26 string BPSM Brian Postma's Soundmon Module sound file v3
+#26 string V.2 Brian Postma's Soundmon Module sound file v2
+
+# The following are from: "Stefan A. Haubenthal" <polluks@web.de>
+# Update: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/Amiga_bitmap_font
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/f/font-amiga.trid.xml
+# https://wiki.amigaos.net/wiki/Graphics_Library_and_Text
+# fch_FileID=FCH_ID=0x0f00
+0 beshort 0x0f00
+# skip some AVM powerline firmware images by check for positive number of font elements
+# https://download.avm.de/fritzpowerline/fritzpowerline-1000e-t/other/fritz.os/fritz.powerline_1000ET_01_05.image
+>2 ubeshort >0 AmigaOS bitmap font
+#!:mime application/octet-stream
+!:mime font/x-amiga-font
+!:ext font
+# struct FontContents fch_FC; 1st fc_FileName [MAXFONTPATH=256]; ~ filename "/" fc_YSize
+# like: topazb/6 suits/8 Excel/9e emerald/17 Franklin/23 DIAMONDS/60.8C
+>>4 string x "%.256s"
+# fc_YSize ~number after slash in fc_FileName; like: 6 7 8 9 11 12 16 17 21 23 45 60
+>>260 beshort x \b, fc_YSize %u
+# fch_NumEntries; number of FontContents elements like:
+# 1 (often) 2 3 (IconCondensed.font tempfont.font) 4 (Franklin.font) 6 (mcoop.font)
+>>2 ubeshort >1 \b, %u elements
+#>>2 beshort x \b, %u element
+# plural s
+#>>2 beshort !1 \bs
+# like: 6 7 8 9 11 12 16 17 21 23 45 60
+#>>262 beshort x \b, FLAGS_STYLE
+>>2 beshort >1 \b, 2nd
+# 2nd fc_FileName like: Franklin/36
+>>>264 string x "%.256s"
+>>2 beshort >2 \b, 3rd
+# 3rd fc_FileName like: Franklin/18
+>>>524 string x "%.256s"
+# URL: http://fileformats.archiveteam.org/wiki/Amiga_bitmap_font
+# Reference: https://wiki.amigaos.net/wiki/Graphics_Library_and_Text
+# http://mark0.net/download/triddefs_xml.7z/defs/f/font-amiga-var2.trid.xml
+# Note: called by TrID "Amiga bitmap Font (var.2)"
+# fch_FileID=TFCH_ID=0x0f02
+0 beshort 0x0f02
+# skip possible misidentified foo by check for positive number of font elements
+>2 ubeshort >0 AmigaOS bitmap font (TFCH)
+#!:mime application/octet-stream
+!:mime font/x-amiga-font
+!:ext font
+# struct TFontContents fch_TFC[]; 1st tfc_FileName [254]; ~ filename "/" fc_YSize
+# like: Abbey/45 XScript/75 XTriumvirate/45
+>>4 string x "%.254s"
+# tfc_TagCount; including the TAG_END tag like: 4
+>>258 ubeshort x \b, tfc_TagCount %u
+# tfc_YSize ~number after slash in tfc_FileName; like: 45 75
+>>260 beshort x \b, tfc_YSize %u
+# tfc_Style; tfc_Flags like: 8022h 8222h
+#>>262 ubeshort x \b, FLAGS_STYLE %#x
+# fch_NumEntries; number of FontContents elements like: 1 (abbey.font) 2 (xscript.font xtriumvirate.font)
+>>2 ubeshort >1 \b, %u elements
+>>2 beshort >1 \b, 2nd
+# 2nd tfc_FileName like: XScript/45 XTriumvirate/30
+>>>264 string x "%.254s"
+0 beshort 0x0f03 AmigaOS outline font
+0 belong 0x80001001 AmigaOS outline tag
+0 string ##\ version catalog translation
+0 string EMOD\0 Amiga E module
+8 string ECXM\0 ECX module
+0 string/c @database AmigaGuide file
+
+# Amiga disk types
+# display information like volume name of root block on Amiga (floppy) disk
+0 name adf-rootblock
+# block primary type = T_HEADER (value 2)
+>0x000 ubelong !2 \b, type %u
+# header_key; unused in rootblock (value 0)
+>0x004 ubelong !0 \b, header_key %u
+# high_seq; unused (value 0)
+>0x008 ubelong !0 \b, high_seq %u
+# ht_size; hash table size; 0x48 for flopies
+>0x00c ubelong !0x48 \b, hash table size %#x
+# bm_flag; bitmap flag, -1 means VALID
+>0x138 belong !-1 \b, bitmap flag %#x
+# bm_ext; first bitmap extension block (Hard disks only)
+>0x1A0 ubelong !0 \b, bitmap extension block %#x
+# name_len; volume name length; diskname[30]; volume name
+>0x1B0 pstring >\0 \b, "%s"
+# first directory cache block for FFS; otherwise 0
+>0x1F8 ubelong !0 \b, directory cache block %#x
+# block secondary type = ST_ROOT (value 1)
+>0x1FC ubelong !1 \b, sec_type %#x
+#
+0 string RDSK Rigid Disk Block
+>160 string x on %.24s
+# URL: http://fileformats.archiveteam.org/wiki/ADF_(Amiga)
+# https://en.wikipedia.org/wiki/Amiga_Fast_File_System
+# Reference: http://lclevy.free.fr/adflib/adf_info.html
+# Update: Joerg Jenderek
+# Note: created by ADFOpus.exe
+# and verified by `unadf -l TURBO_SILVER_SV.ADF`
+0 string DOS
+# skip DOS Client Message Files like IPXODI.MSG DOSRQSTR.MSG
+>3 ubyte <8 Amiga
+# https://reposcope.com/mimetype/application/x-amiga-disk-format
+!:mime application/x-amiga-disk-format
+!:ext adf
+>>3 ubyte 0 DOS disk
+>>3 ubyte 1 FFS disk
+>>3 ubyte 2 Inter DOS disk
+>>3 ubyte 3 Inter FFS disk
+# For Fastdir mode the international mode is also enabled,
+>>3 ubyte 4 Fastdir DOS disk
+>>3 ubyte 5 Fastdir FFS dis
+# called by TrID "Amiga Disk image File (OFS+INTL+DIRC)"
+>>3 ubyte 6 Inter Fastdir DOS disk
+# called by TrID "Amiga Disk image File (FFS+INTL+DIRC)"
+>>3 ubyte 7 Inter Fastdir FFS disk
+# but according to Wikipedia variants with long name support
+#>>3 ubyte 6 long name DOS disk
+#>>3 ubyte 7 long name FFS disk
+# DOES NOT only work! Partly for file size ~< FILE_BYTES_MAX=1 MiB defined in ../../src/file.h
+#>>-0 offset x \b, %lld bytes
+# Correct file size, but next lines are NOT executed
+#>>-0 offset 901120 (DD 880 KiB floppy)
+# 880 KiB Double Density floppy disk by characteristic hash table size 0x48 and T_HEADER=2
+>>0x6E00C ubelong 0x48
+>>>0x6E000 ubelong 2 (DD 880 KiB)
+# 1760 KiB High Density floppy disk (1802240 bytes) by characteristic hash table size 0x48
+>>0xDC00C ubelong 0x48
+>>>0xDC000 ubelong 2 (HD 1760 KiB)
+# Chksum; special block checksum like: 0 0x44ccf4c0 0x51f32cac 0xe33d0e7d ...
+#>>4 ubelong x \b, CRC %#x
+# Rootblock: 0 880 (often for DD and HD) 1146049280 (IMAGINE_1_0_DISK_01.ADF TURBO_SILVER_SV.ADF)
+>>8 ubelong >0 \b, probably root block %d
+# bootblock code
+>>12 quad !0 \b, bootable
+# assembler instructions: lea exp(pc),a1; moveq 25h,d0; jsr -552(a6)
+>>>12 ubequad =0x43fa003e70254eae AmigaDOS 3.0
+>>>12 default x
+>>>>12 ubequad !0x43fa003e70254eae %#llx..
+# 880 KiB Double Density floppy disk (901120 bytes)
+>>0x6E00C ubelong 0x48
+>>>0x6E000 ubelong 2
+>>>>0x6E000 use adf-rootblock
+# 1760 KiB High Density floppy disk (1802240 bytes)
+>>0xDC00C ubelong 0x48
+>>>0xDC000 ubelong 2
+>>>>0xDC000 use adf-rootblock
+# 1 MiB hard disc by test for T_HEADER=2 and header_key=0=high_seq
+>>0x80000 ubelong 2
+>>>0x80004 quad 0
+>>>>0x80000 use adf-rootblock
+# 2 MiB hard disc; only works if in ../../src/file.h FILE_BYTES_MAX is raised to 2 MiB
+#>>0x100000 ubelong x 2 MiB TEST
+#>>0x100000 ubelong 2 \b, 2 MiB hard disc rootblock
+#>>>0x100000 use adf-rootblock
+0 string KICK Kickstart disk
+
+# From: Alex Beregszaszi <alex@fsn.hu>
+0 string LZX LZX compressed archive (Amiga)
+
+# From: Przemek Kramarczyk <pkramarczyk@gmail.com>
+0 string .KEY AmigaDOS script
+0 string .key AmigaDOS script
+
+# AMOS Basic file formats
+# https://www.exotica.org.uk/wiki/AMOS_file_formats
+0 string AMOS\040Basic\040 AMOS Basic source code
+>11 byte =0x56 \b, tested
+>11 byte =0x76 \b, untested
+0 string AMOS\040Pro AMOS Basic source code
+>11 byte =0x56 \b, tested
+>11 byte =0x76 \b, untested
+0 string AmSp AMOS Basic sprite bank
+>4 beshort x \b, %d sprites
+0 string AmIc AMOS Basic icon bank
+>4 beshort x \b, %d icons
+0 string AmBk AMOS Basic memory bank
+>4 beshort x \b, bank number %d
+>8 belong&0xFFFFFFF x \b, length %d
+>12 regex .{8} \b, type %s
+0 string AmBs AMOS Basic memory banks
+>4 beshort x \b, %d banks
diff --git a/magic/Magdir/android b/magic/Magdir/android
new file mode 100644
index 0000000..8a2dedf
--- /dev/null
+++ b/magic/Magdir/android
@@ -0,0 +1,259 @@
+
+#------------------------------------------------------------
+# $File: android,v 1.24 2023/02/20 16:51:59 christos Exp $
+# Various android related magic entries
+#------------------------------------------------------------
+
+# Dalvik .dex format. http://retrodev.com/android/dexformat.html
+# From <mkf@google.com> "Mike Fleming"
+# Fixed to avoid regexec 17 errors on some dex files
+# From <diff@lookout.com> "Tim Strazzere"
+0 string dex\n
+>0 regex dex\n[0-9]{2}\0 Dalvik dex file
+>4 string >000 version %s
+0 string dey\n
+>0 regex dey\n[0-9]{2}\0 Dalvik dex file (optimized for host)
+>4 string >000 version %s
+
+# Android bootimg format
+# From https://android.googlesource.com/\
+# platform/system/core/+/master/mkbootimg/bootimg.h
+# https://github.com/djrbliss/loki/blob/master/loki.h#L43
+0 string ANDROID! Android bootimg
+>1024 string LOKI \b, LOKI'd
+>>1028 lelong 0 \b (boot)
+>>1028 lelong 1 \b (recovery)
+>8 lelong >0 \b, kernel
+>>12 lelong >0 \b (%#x)
+>16 lelong >0 \b, ramdisk
+>>20 lelong >0 \b (%#x)
+>24 lelong >0 \b, second stage
+>>28 lelong >0 \b (%#x)
+>36 lelong >0 \b, page size: %d
+>38 string >0 \b, name: %s
+>64 string >0 \b, cmdline (%s)
+
+# Android Backup archive
+# From: Ariel Shkedi
+# Update: Joerg Jenderek
+# URL: https://github.com/android/platform_frameworks_base/blob/\
+# 0bacfd2ba68d21a68a3df345b830bc2a1e515b5a/services/java/com/\
+# android/server/BackupManagerService.java#L2367
+# Reference: https://sourceforge.net/projects/adbextractor/
+# android-backup-extractor/perl/backupencrypt.pl
+# Note: only unix line feeds "\n" found
+# After the header comes a tar file
+# If compressed, the entire tar file is compressed with JAVA deflate
+#
+# Include the version number hardcoded with the magic string to avoid
+# false positives
+0 string/b ANDROID\ BACKUP\n Android Backup
+# maybe look for some more characteristics like linefeed '\n' or version
+#>16 string \n
+# No mime-type defined officially
+!:mime application/x-google-ab
+!:ext ab
+# on 2nd line version (often 1, 2 on kitkat 4.4.3+, 4 on 7.1.2)
+>15 string >\0 \b, version %s
+# "1" on 3rd line means compressed
+>17 string 0\n \b, Not-Compressed
+>17 string 1\n \b, Compressed
+# The 4th line is encryption "none" or "AES-256"
+# any string as long as it's not the word none (which is matched below)
+>19 string none\n \b, Not-Encrypted
+# look for backup content after line with encryption info
+#>>19 search/7 \n
+# data part after header for not encrypted Android Backup
+#>>>&0 ubequad x \b, content %#16.16llx...
+# look for zlib compressed by ./compress after message with 1 space at end
+#>>>&0 indirect x \b; contains
+# look for tar archive block by ./archive for package name manifest
+>>288 string ustar \b; contains
+>>>31 use tar-file
+# look for zip/jar archive by ./archive ./zip after message with 1 space at end
+#>>2079 search/1025/s PK\003\004 \b; contains
+#>>>&0 indirect x
+>19 string !none
+>>19 regex/1l \^([^n\n]|n[^o]|no[^n]|non[^e]|none.+).* \b, Encrypted (%s)
+# Commented out because they don't seem useful to print
+# (but they are part of the header - the tar file comes after them):
+# The 5th line is User Password Salt (128 Hex)
+# string length too high with standard src configuration
+#>>>&1 string >\0 \b, PASSWORD salt: "%-128.128s"
+#>>>&1 regex/1l .* \b, Password salt: %s
+# The 6th line is Master Key Checksum Salt (128 Hex)
+#>>>>&1 regex/1l .* \b, Master salt: %s
+# The 7th line is Number of PBDKF2 Rounds (10000)
+#>>>>>&1 regex/1l .* \b, PBKDF2 rounds: %s
+# The 8th line is User key Initialization Vector (IV) (32 Hex)
+#>>>>>>&1 regex/1l .* \b, IV: %s
+#>>>>>>&1 regex/1l .* \b, IV: %s
+# The 9th line is Master IV+Key+Checksum (192 Hex)
+#>>>>>>>&1 regex/1l .* \b, Key: %s
+# look for new line separator char after line number 9
+#>>>0x204 ubyte 0x0a NL found
+#>>>>&1 ubequad x \b, Content magic %16.16llx
+
+# *.pit files by Joerg Jenderek
+# https://forum.xda-developers.com/showthread.php?p=9122369
+# https://forum.xda-developers.com/showthread.php?t=816449
+# Partition Information Table for Samsung's smartphone with Android
+# used by flash software Odin
+0 ulelong 0x12349876
+# 1st pit entry marker
+>0x01C ulequad&0xFFFFFFFCFFFFFFFC =0x0000000000000000
+# minimal 13 and maximal 18 PIT entries found
+>>4 ulelong <128 Partition Information Table for Samsung smartphone
+>>>4 ulelong x \b, %d entries
+# 1. pit entry
+>>>4 ulelong >0 \b; #1
+>>>0x01C use PIT-entry
+>>>4 ulelong >1 \b; #2
+>>>0x0A0 use PIT-entry
+>>>4 ulelong >2 \b; #3
+>>>0x124 use PIT-entry
+>>>4 ulelong >3 \b; #4
+>>>0x1A8 use PIT-entry
+>>>4 ulelong >4 \b; #5
+>>>0x22C use PIT-entry
+>>>4 ulelong >5 \b; #6
+>>>0x2B0 use PIT-entry
+>>>4 ulelong >6 \b; #7
+>>>0x334 use PIT-entry
+>>>4 ulelong >7 \b; #8
+>>>0x3B8 use PIT-entry
+>>>4 ulelong >8 \b; #9
+>>>0x43C use PIT-entry
+>>>4 ulelong >9 \b; #10
+>>>0x4C0 use PIT-entry
+>>>4 ulelong >10 \b; #11
+>>>0x544 use PIT-entry
+>>>4 ulelong >11 \b; #12
+>>>0x5C8 use PIT-entry
+>>>4 ulelong >12 \b; #13
+>>>>0x64C use PIT-entry
+# 14. pit entry
+>>>4 ulelong >13 \b; #14
+>>>>0x6D0 use PIT-entry
+>>>4 ulelong >14 \b; #15
+>>>0x754 use PIT-entry
+>>>4 ulelong >15 \b; #16
+>>>0x7D8 use PIT-entry
+>>>4 ulelong >16 \b; #17
+>>>0x85C use PIT-entry
+# 18. pit entry
+>>>4 ulelong >17 \b; #18
+>>>0x8E0 use PIT-entry
+
+0 name PIT-entry
+# garbage value implies end of pit entries
+>0x00 ulequad&0xFFFFFFFCFFFFFFFC =0x0000000000000000
+# skip empty partition name
+>>0x24 ubyte !0
+# partition name
+>>>0x24 string >\0 %-.32s
+# flags
+>>>0x0C ulelong&0x00000002 2 \b+RW
+# partition ID:
+# 0~IPL,MOVINAND,GANG;1~PIT,GPT;2~HIDDEN;3~SBL,HIDDEN;4~SBL2,HIDDEN;5~BOOT;6~kernel,RECOVER,misc;7~RECOVER
+# ;11~MODEM;20~efs;21~PARAM;22~FACTORY,SYSTEM;23~DBDATAFS,USERDATA;24~CACHE;80~BOOTLOADER;81~TZSW
+>>>0x08 ulelong x (%#x)
+# filename
+>>>0x44 string >\0 "%-.64s"
+#>>>0x18 ulelong >0
+# blocksize in 512 byte units ?
+#>>>>0x18 ulelong x \b, %db
+# partition size in blocks ?
+#>>>>0x22 ulelong x \b*%d
+
+# Android sparse img format
+# From https://android.googlesource.com/\
+# platform/system/core/+/master/libsparse/sparse_format.h
+0 lelong 0xed26ff3a Android sparse image
+>4 leshort x \b, version: %d
+>6 leshort x \b.%d
+>16 lelong x \b, Total of %d
+>12 lelong x \b %d-byte output blocks in
+>20 lelong x \b %d input chunks.
+
+# Android binary XML magic
+# In include/androidfw/ResourceTypes.h:
+# RES_XML_TYPE = 0x0003 followed by the size of the header (ResXMLTree_header),
+# which is 8 bytes (2 bytes type + 2 bytes header size + 4 bytes size).
+# The strength is increased to avoid misidentifying as Targa image data
+0 lelong 0x00080003 Android binary XML
+!:strength +1
+
+# Android cryptfs footer
+# From https://android.googlesource.com/\
+# platform/system/vold/+/refs/heads/master/cryptfs.h
+0 lelong 0xd0b5b1c4 Android cryptfs footer
+>4 leshort x \b, version: %d
+>6 leshort x \b.%d
+
+# Android Vdex format
+# From https://android.googlesource.com/\
+# platform/art/+/master/runtime/vdex_file.h
+0 string vdex Android vdex file,
+>4 string >000 verifier deps version: %s,
+>8 string >000 dex section version: %s,
+>12 lelong >0 number of dex files: %d,
+>16 lelong >0 verifier deps size: %d
+
+# Android Vdex format, dexfile is currently being updated
+# by android system
+# From https://android.googlesource.com/\
+# platform/art/+/master/dex2oat/dex2oat.cc
+0 string wdex Android vdex file, being processed by dex2oat,
+>4 string >000 verifier deps version: %s,
+>8 string >000 dex section version: %s,
+>12 lelong >0 number of dex files: %d,
+>16 lelong >0 verifier deps size: %d
+
+# Disassembled DEX files
+0 string/t .class\x20
+>&0 regex/512 \^\\.super\x20L.*;$ disassembled Android DEX Java class (smali/baksmali)
+!:ext smali
+
+# Android ART (baseline) profile + metadata: baseline.prof, baseline.profm
+# Reference: https://android.googlesource.com/platform/frameworks/support/\
+# +/refs/heads/androidx-main/profileinstaller/profileinstaller/\
+# src/main/java/androidx/profileinstaller/ProfileTranscoder.java
+# Reference: https://android.googlesource.com/platform/frameworks/support/\
+# +/refs/heads/androidx-main/profileinstaller/profileinstaller/\
+# src/main/java/androidx/profileinstaller/ProfileVersion.java
+0 string pro\x00
+>0 regex pro\x000[0-9][0-9]\x00 Android ART profile
+!:ext prof
+>>4 string 001\x00 \b, version 001 N
+>>4 string 005\x00 \b, version 005 O
+>>4 string 009\x00 \b, version 009 O MR1
+>>4 string 010\x00 \b, version 010 P
+>>4 string 015\x00 \b, version 015 S
+0 string prm\x00
+>0 regex prm\x000[0-9][0-9]\x00 Android ART profile metadata
+!:ext profm
+>>4 string 001\x00 \b, version 001 N
+>>4 string 002\x00 \b, version 002
+
+# Android package resource table (ARSC): resources.arsc
+# Reference: https://android.googlesource.com/platform/tools/base/\
+# +/refs/heads/mirror-goog-studio-main/apkparser/binary-resources/\
+# src/main/java/com/google/devrel/gmscore/tools/apk/arsc
+# 00: resource table type = 0x0002 (2) + header size = 12 (2)
+# 04: chunk size (4, skipped)
+# 08: #packages (4)
+0 ulelong 0x000c0002 Android package resource table (ARSC)
+!:ext arsc
+>8 ulelong !1 \b, %d packages
+# 12: string pool type = 0x0001 (2) + header size = 28 (2)
+# 16: chunk size (4, skipped)
+# 20: #strings (4), #styles (4), flags (4)
+>12 ulelong 0x001c0001
+>>20 ulelong !0 \b, %d string(s)
+>>24 ulelong !0 \b, %d style(s)
+>>28 ulelong &1 \b, sorted
+>>28 ulelong &256 \b, utf8
+
+# extracted APK Signing Block
+-16 string APK\x20Sig\x20Block\x2042 APK Signing Block
diff --git a/magic/Magdir/animation b/magic/Magdir/animation
new file mode 100644
index 0000000..aab93ca
--- /dev/null
+++ b/magic/Magdir/animation
@@ -0,0 +1,1206 @@
+
+#------------------------------------------------------------------------------
+# $File: animation,v 1.94 2023/06/16 20:06:50 christos Exp $
+# animation: file(1) magic for animation/movie formats
+#
+# animation formats
+# MPEG, FLI, DL originally from vax@ccwf.cc.utexas.edu (VaX#n8)
+# FLC, SGI, Apple originally from Daniel Quinlan (quinlan@yggdrasil.com)
+
+# SGI and Apple formats
+0 string MOVI Silicon Graphics movie file
+!:mime video/x-sgi-movie
+4 string moov Apple QuickTime
+!:mime video/quicktime
+>12 string mvhd \b movie (fast start)
+>12 string mdra \b URL
+>12 string cmov \b movie (fast start, compressed header)
+>12 string rmra \b multiple URLs
+4 string mdat Apple QuickTime movie (unoptimized)
+!:mime video/quicktime
+4 string wide Apple QuickTime movie (unoptimized)
+!:mime video/quicktime
+#4 string skip Apple QuickTime movie (modified)
+#!:mime video/quicktime
+#4 string free Apple QuickTime movie (modified)
+#!:mime video/quicktime
+4 string idsc Apple QuickTime image (fast start)
+!:mime image/x-quicktime
+#4 string idat Apple QuickTime image (unoptimized)
+#!:mime image/x-quicktime
+4 string pckg Apple QuickTime compressed archive
+!:mime application/x-quicktime-player
+
+#### MP4 ####
+# https://www.ftyps.com/ with local additions
+# https://cconcolato.github.io/mp4ra/filetype.html
+4 string ftyp ISO Media
+# https://aeroquartet.com/wordpress/2016/03/05/3-xavc-s/
+>8 string XAVC \b, MPEG v4 system, Sony XAVC Codec
+!:mime video/mp4
+>>96 string x \b, Audio "%.4s"
+>>118 beshort x at %dHz
+>>140 string x \b, Video "%.4s"
+>>168 beshort x %d
+>>170 beshort x \bx%d
+>8 string 3g2 \b, MPEG v4 system, 3GPP2
+!:mime video/3gpp2
+>>11 byte 4 \b v4 (H.263/AMR GSM 6.10)
+>>11 byte 5 \b v5 (H.263/AMR GSM 6.10)
+>>11 byte 6 \b v6 (ITU H.264/AMR GSM 6.10)
+# https://www.3gpp2.org/Public_html/Specs/C.S0050-B_v1.0_070521.pdf
+# Section 8.1.1, corresponds to a, b, c
+>>11 byte 0x61 \b C.S0050-0 V1.0
+>>11 byte 0x62 \b C.S0050-0-A V1.0.0
+>>11 byte 0x63 \b C.S0050-0-B V1.0
+>8 string 3ge \b, MPEG v4 system, 3GPP
+!:mime video/3gpp
+>>11 byte 6 \b, Release %d MBMS Extended Presentations
+>>11 byte 7 \b, Release %d MBMS Extended Presentations
+>>11 byte 9 \b, Release %d MBMS Extended Presentations
+>8 string 3gf \b, MPEG v4 system, 3GPP
+>>11 byte 9 \b, Release %d File-delivery profile
+>8 string 3gg \b, MPEG v4 system, 3GPP
+!:mime video/3gpp
+>>11 byte 6 \b, Release %d General Profile
+>>11 byte 9 \b, Release %d General Profile
+>8 string 3gh \b, MPEG v4 system, 3GPP
+!:mime video/3gpp
+>>11 byte 9 \b, Release %d Adaptive Streaming Profile
+>8 string 3gm \b, MPEG v4 system, 3GPP
+!:mime video/3gpp
+>>11 byte 9 \b, Release %d Media Segment Profile
+>8 string 3gp \b, MPEG v4 system, 3GPP
+!:mime video/3gpp
+>>11 byte 1 \b, Release %d (non existent)
+>>11 byte 2 \b, Release %d (non existent)
+>>11 byte 3 \b, Release %d (non existent)
+>>11 byte 4 \b, Release %d
+>>11 byte 5 \b, Release %d
+>>11 byte 6 \b, Release %d
+>>11 byte 7 \b, Release %d Streaming Servers
+>8 string 3gr \b, MPEG v4 system, 3GPP
+!:mime video/3gpp
+>>11 byte 6 \b, Release %d Progressive Download Profile
+>>11 byte 9 \b, Release %d Progressive Download Profile
+>8 string 3gs \b, MPEG v4 system, 3GPP
+!:mime video/3gpp
+>>11 byte 6 \b, Release %d Streaming Servers
+>>11 byte 7 \b, Release %d Streaming Servers
+>>11 byte 9 \b, Release %d Streaming Servers
+>8 string 3gt \b, MPEG v4 system, 3GPP
+!:mime video/3gpp
+>>11 byte 8 \b, Release %d Media Stream Recording Profile
+>>11 byte 9 \b, Release %d Media Stream Recording Profile
+>8 string ARRI \b, MPEG v4 system, ARRI Digital Camera
+!:mime video/mp4
+>8 string avc1 \b, MPEG v4 system, 3GPP JVT AVC [ISO 14496-12:2005]
+!:mime video/mp4
+>8 string bbxm \b, Blinkbox Master File: H.264 video/16-bit LE LPCM audio
+!:mime video/mp4
+>8 string/W qt \b, Apple QuickTime movie
+!:mime video/quicktime
+>8 string CAEP \b, Canon Digital Camera
+>8 string caqv \b, Casio Digital Camera
+>8 string CDes \b, Convergent Design
+>8 string caaa \b, CMAF Media Profile - AAC Adaptive Audio
+>8 string caac \b, CMAF Media Profile - AAC Core
+>8 string caqv \b, Casio Digital Camera Casio
+>8 string ccea \b, CMAF Supplemental Data - CEA-608/708
+>8 string ccff \b, Common container file format
+>8 string cfhd \b, CMAF Media Profile - AVC HD
+>8 string cfsd \b, CMAF Media Profile - AVC SD
+>8 string chd1 \b, CMAF Media Profile - HEVC HDR10
+>8 string chdf \b, CMAF Media Profile - AVC HDHF
+>8 string chhd \b, CMAF Media Profile - HEVC HHD8
+>8 string chh1 \b, CMAF Media Profile - HEVC HHD10
+>8 string clg1 \b, CMAF Media Profile - HEVC HLG10
+>8 string cmfc \b, CMAF Track Format
+>8 string cmff \b, CMAF Fragment Format
+>8 string cmfl \b, CMAF Chunk Format
+>8 string cmfs \b, CMAF Segment Format
+>8 string cud1 \b, CMAF Media Profile - HEVC UHD10
+>8 string cud8 \b, CMAF Media Profile - HEVC UHD8
+>8 string cwvt \b, CMAF Media Profile - WebVTT
+>8 string da0a \b, DMB MAF w/ MPEG Layer II aud, MOT slides, DLS, JPG/PNG/MNG
+>8 string da0b \b, DMB MAF, ext DA0A, with 3GPP timed text, DID, TVA, REL, IPMP
+>8 string da1a \b, DMB MAF audio with ER-BSAC audio, JPG/PNG/MNG images
+>8 string da1b \b, DMB MAF, ext da1a, with 3GPP timed text, DID, TVA, REL, IPMP
+>8 string da2a \b, DMB MAF aud w/ HE-AAC v2 aud, MOT slides, DLS, JPG/PNG/MNG
+>8 string da2b \b, DMB MAF, ext da2a, with 3GPP timed text, DID, TVA, REL, IPMP
+>8 string da3a \b, DMB MAF aud with HE-AAC aud, JPG/PNG/MNG images
+>8 string da3b \b, DMB MAF, ext da3a w/ BIFS, 3GPP, DID, TVA, REL, IPMP
+>8 string dash \b, MPEG v4 system, Dynamic Adaptive Streaming over HTTP
+!:mime video/mp4
+>8 string dby1 \b, MP4 files with Dolby content
+>8 string dsms \b, Media Segment DASH conformant
+>8 string dts1 \b, MP4 track file with audio codecs dtsc dtsh or dtse
+>8 string dts2 \b, MP4 track file with audio codec dtsx
+>8 string dts3 \b, MP4 track file with audio codec dtsy
+>8 string dxo$20 \b, DxO ONE camera
+>8 string dmb1 \b, DMB MAF supporting all the components defined in the spec
+>8 string dmpf \b, Digital Media Project
+>8 string drc1 \b, Dirac (wavelet compression), encap in ISO base media (MP4)
+>8 string dv1a \b, DMB MAF vid w/ AVC vid, ER-BSAC aud, BIFS, JPG/PNG/MNG, TS
+>8 string dv1b \b, DMB MAF, ext dv1a, with 3GPP timed text, DID, TVA, REL, IPMP
+>8 string dv2a \b, DMB MAF vid w/ AVC vid, HE-AAC v2 aud, BIFS, JPG/PNG/MNG, TS
+>8 string dv2b \b, DMB MAF, ext dv2a, with 3GPP timed text, DID, TVA, REL, IPMP
+>8 string dv3a \b, DMB MAF vid w/ AVC vid, HE-AAC aud, BIFS, JPG/PNG/MNG, TS
+>8 string dv3b \b, DMB MAF, ext dv3a, with 3GPP timed text, DID, TVA, REL, IPMP
+>8 string dvr1 \b, DVB (.DVB) over RTP
+!:mime video/vnd.dvb.file
+>8 string dvt1 \b, DVB (.DVB) over MPEG-2 Transport Stream
+>8 string emsg \b, Event message box present
+!:mime video/vnd.dvb.file
+>8 string F4V \b, Video for Adobe Flash Player 9+ (.F4V)
+!:mime video/mp4
+>8 string F4P \b, Protected Video for Adobe Flash Player 9+ (.F4P)
+!:mime video/mp4
+>8 string F4A \b, Audio for Adobe Flash Player 9+ (.F4A)
+!:mime audio/mp4
+>8 string F4B \b, Audio Book for Adobe Flash Player 9+ (.F4B)
+!:mime audio/mp4
+>8 string ifrm \b, Apple iFrame Specification, Version 8.1 Jan 2013
+>8 string im1i \b, CMAF Media Profile - IMSC1 Image
+>8 string im1t \b, CMAF Media Profile - IMSC1 Text
+>8 string isc2 \b, ISMACryp 2.0 Encrypted File
+# ?/enc-isoff-generic
+>8 string iso \b, MP4 Base Media
+!:mime video/mp4
+!:ext mp4
+>>11 string m v1 [ISO 14496-12:2003]
+>>11 string 2 v2 [ISO 14496-12:2005]
+>>11 string 4 v4
+>>11 string 5 v5
+>>11 string 6 v6
+>8 string isml \b, MP4 Base Media v2 [ISO 14496-12:2005]
+!:mime video/mp4
+>8 string J2P0 \b, JPEG2000 Profile 0
+>8 string J2P1 \b, JPEG2000 Profile 1
+>8 string/W jp2 \b, JPEG 2000
+!:mime image/jp2
+>8 string JP2 \b, JPEG 2000 Image (.JP2) [ISO 15444-1 ?]
+!:mime image/jp2
+>8 string JP20 \b, Unknown, from GPAC samples (prob non-existent)
+>8 string jpm \b, JPEG 2000 Compound Image (.JPM) [ISO 15444-6]
+!:mime image/jpm
+>8 string jpsi \b, The JPSearch data interchange format
+>8 string jpx \b, JPEG 2000 w/ extensions (.JPX) [ISO 15444-2]
+!:mime image/jpx
+>8 string KDDI \b, 3GPP2 EZmovie for KDDI 3G cellphones
+!:mime video/3gpp2
+>8 string LCAG \b, Leica digital camera
+>8 string lmsg \b, Last Media Segment indicator for ISO base media file format.
+>8 string M4A \b, Apple iTunes ALAC/AAC-LC (.M4A) Audio
+!:mime audio/x-m4a
+>8 string M4B \b, Apple iTunes ALAC/AAC-LC (.M4B) Audio Book
+!:mime audio/mp4
+>8 string M4P \b, Apple iTunes ALAC/AAC-LC (.M4P) AES Protected Audio
+!:mime video/mp4
+>8 string M4V \b, Apple iTunes Video (.M4V) Video
+!:mime video/x-m4v
+>8 string M4VH \b, Apple TV (.M4V)
+!:mime video/x-m4v
+>8 string M4VP \b, Apple iPhone (.M4V)
+!:mime video/x-m4v
+>8 string mj2s \b, Motion JPEG 2000 [ISO 15444-3] Simple Profile
+!:mime video/mj2
+>8 string mjp2 \b, Motion JPEG 2000 [ISO 15444-3] General Profile
+>8 string MFSM \b, Media File for Samsung video Metadata
+>8 string MGSV \b, Sony Home and Mobile Multimedia Platform (HMMP)
+!:mime video/mj2
+>8 string mmp4 \b, MPEG-4/3GPP Mobile Profile (.MP4 / .3GP) (for NTT)
+!:mime video/mp4
+>8 string mobi \b, MPEG-4, MOBI format
+!:mime video/mp4
+>8 string mp21 \b, MPEG-21 [ISO/IEC 21000-9]
+>8 string mp41 \b, MP4 v1 [ISO 14496-1:ch13]
+!:mime video/mp4
+>8 string mp42 \b, MP4 v2 [ISO 14496-14]
+!:mime video/mp4
+>8 string mp71 \b, MP4 w/ MPEG-7 Metadata [per ISO 14496-12]
+>8 string mp7t \b, MPEG v4 system, MPEG v7 XML
+>8 string mp7b \b, MPEG v4 system, MPEG v7 binary XML
+>8 string mpuf \b, Compliance with the MMT Processing Unit format
+>8 string msdh \b, Media Segment conforming to ISO base media file format.
+>8 string msix \b, Media Segment conforming to ISO base media file format.
+>8 string mmp4 \b, MPEG v4 system, 3GPP Mobile
+!:mime video/mp4
+>8 string MPPI \b, Photo Player, MAF [ISO/IEC 23000-3]
+>8 string mqt \b, Sony / Mobile QuickTime (.MQV) US Pat 7,477,830
+!:mime video/quicktime
+>8 string MSNV \b, MPEG-4 (.MP4) for SonyPSP
+!:mime audio/mp4
+>8 string NDAS \b, MP4 v2 [ISO 14496-14] Nero Digital AAC Audio
+!:mime audio/mp4
+>8 string NDSC \b, MPEG-4 (.MP4) Nero Cinema Profile
+!:mime video/mp4
+>8 string NDSH \b, MPEG-4 (.MP4) Nero HDTV Profile
+!:mime video/mp4
+>8 string NDSM \b, MPEG-4 (.MP4) Nero Mobile Profile
+!:mime video/mp4
+>8 string NDSP \b, MPEG-4 (.MP4) Nero Portable Profile
+!:mime video/mp4
+>8 string NDSS \b, MPEG-4 (.MP4) Nero Standard Profile
+!:mime video/mp4
+>8 string NDXC \b, H.264/MPEG-4 AVC (.MP4) Nero Cinema Profile
+!:mime video/mp4
+>8 string NDXH \b, H.264/MPEG-4 AVC (.MP4) Nero HDTV Profile
+!:mime video/mp4
+>8 string NDXM \b, H.264/MPEG-4 AVC (.MP4) Nero Mobile Profile
+!:mime video/mp4
+>8 string NDXP \b, H.264/MPEG-4 AVC (.MP4) Nero Portable Profile
+!:mime video/mp4
+>8 string NDXS \b, H.264/MPEG-4 AVC (.MP4) Nero Standard Profile
+>8 string niko \b, Nikon Digital Camera
+!:mime video/mp4
+>8 string odcf \b, OMA DCF DRM Format 2.0 (OMA-TS-DRM-DCF-V2_0-20060303-A)
+>8 string opf2 \b, OMA PDCF DRM Format 2.1 (OMA-TS-DRM-DCF-V2_1-20070724-C)
+>8 string opx2 \b, OMA PDCF DRM + XBS ext (OMA-TS-DRM_XBS-V1_0-20070529-C)
+>8 string pana \b, Panasonic Digital Camera
+>8 string piff \b, Protected Interoperable File Format
+>8 string pnvi ]b, Panasonic Video Intercom
+>8 string qt \b, Apple QuickTime (.MOV/QT)
+!:mime video/quicktime
+# HEIF image format
+# see https://nokiatech.github.io/heif/technical.html
+>8 string mif1 \b, HEIF Image
+!:mime image/heif
+>8 string msf1 \b, HEIF Image Sequence
+!:mime image/heif-sequence
+>8 string heic \b, HEIF Image HEVC Main or Main Still Picture Profile
+!:mime image/heic
+>8 string heix \b, HEIF Image HEVC Main 10 Profile
+!:mime image/heic
+>8 string hevc \b, HEIF Image Sequenz HEVC Main or Main Still Picture Profile
+!:mime image/heic-sequence
+>8 string hevx \b, HEIF Image Sequence HEVC Main 10 Profile
+!:mime image/heic-sequence
+# following HEIF brands are not mentioned in the heif technical info currently (Oct 2017)
+# but used in the reference implementation:
+# https://github.com/nokiatech/heif/blob/d5e9a21c8ba8df712bdf643021dd9f6518134776/Srcs/reader/hevcimagefilereader.cpp
+>8 string heim \b, HEIF Image L-HEVC
+!:mime image/heif
+>8 string heis \b, HEIF Image L-HEVC
+!:mime image/heif
+>8 string avic \b, HEIF Image AVC
+!:mime image/heif
+>8 string hevm \b, HEIF Image Sequence L-HEVC
+!:mime image/heif-sequence
+>8 string hevs \b, HEIF Image Sequence L-HEVC
+!:mime image/heif-sequence
+>8 string avcs \b, HEIF Image Sequence AVC
+!:mime image/heif-sequence
+# AVIF image format
+# see https://aomediacodec.github.io/av1-avif/
+>8 string avif \b, AVIF Image
+!:mime image/avif
+>8 string avis \b, AVIF Image Sequence
+!:mime image/avif
+>8 string risx \b, Representation Index Segment for MPEG-2 TS Segments
+>8 string ROSS \b, Ross Video
+>8 string sdv \b, SD Memory Card Video
+>8 string ssc1 \b, Samsung stereo, single stream (patent pending)
+>8 string ssc2 \b, Samsung stereo, dual stream (patent pending)
+>8 string SEAU \b, Sony Home and Mobile Multimedia Platform (HMMP)
+>8 string SEBK \b, Sony Home and Mobile Multimedia Platform (HMMP)
+>8 string senv \b, Video contents Sony Entertainment Network
+>8 string sims \b, Media Segment for Sub-Indexed Media Segment format
+>8 string sisx \b, Single Index Segment forindex MPEG-2 TS
+>8 string ssss \b, Subsegment Index Segment used to index MPEG-2 Segments
+>8 string uvvu \b, UltraViolet file brand for DECE Common Format
+
+# MPEG sequences
+# Scans for all common MPEG header start codes
+0 belong 0x00000001
+>4 byte&0x1F 0x07 JVT NAL sequence, H.264 video
+>>5 byte 66 \b, baseline
+>>5 byte 77 \b, main
+>>5 byte 88 \b, extended
+>>7 byte x \b @ L %u
+0 belong&0xFFFFFF00 0x00000100
+>3 byte 0xBA MPEG sequence
+!:mime video/mpeg
+# http://fileformats.archiveteam.org/wiki/Enhanced_VOB
+# https://reposcope.com/mimetype/video/mpeg
+!:ext vob/evo/mpg/mpeg
+>>4 byte &0x40 \b, v2, program multiplex
+>>4 byte ^0x40 \b, v1, system multiplex
+>3 byte 0xBB MPEG sequence, v1/2, multiplex (missing pack header)
+>3 byte&0x1F 0x07 MPEG sequence, H.264 video
+>>4 byte 66 \b, baseline
+>>4 byte 77 \b, main
+>>4 byte 88 \b, extended
+>>6 byte x \b @ L %u
+# GRR too general as it catches also FoxPro Memo example NG.FPT
+>3 byte 0xB0 MPEG sequence, v4
+# TODO: maybe this extra line exclude FoxPro Memo example NG.FPT starting with 000001b0 00000100 00000000
+#>>4 byte !0 MPEG sequence, v4
+!:mime video/mpeg4-generic
+>>5 belong 0x000001B5
+>>>9 byte &0x80
+>>>>10 byte&0xF0 16 \b, video
+>>>>10 byte&0xF0 32 \b, still texture
+>>>>10 byte&0xF0 48 \b, mesh
+>>>>10 byte&0xF0 64 \b, face
+>>>9 byte&0xF8 8 \b, video
+>>>9 byte&0xF8 16 \b, still texture
+>>>9 byte&0xF8 24 \b, mesh
+>>>9 byte&0xF8 32 \b, face
+>>4 byte 1 \b, simple @ L1
+>>4 byte 2 \b, simple @ L2
+>>4 byte 3 \b, simple @ L3
+>>4 byte 4 \b, simple @ L0
+>>4 byte 17 \b, simple scalable @ L1
+>>4 byte 18 \b, simple scalable @ L2
+>>4 byte 33 \b, core @ L1
+>>4 byte 34 \b, core @ L2
+>>4 byte 50 \b, main @ L2
+>>4 byte 51 \b, main @ L3
+>>4 byte 53 \b, main @ L4
+>>4 byte 66 \b, n-bit @ L2
+>>4 byte 81 \b, scalable texture @ L1
+>>4 byte 97 \b, simple face animation @ L1
+>>4 byte 98 \b, simple face animation @ L2
+>>4 byte 99 \b, simple face basic animation @ L1
+>>4 byte 100 \b, simple face basic animation @ L2
+>>4 byte 113 \b, basic animation text @ L1
+>>4 byte 114 \b, basic animation text @ L2
+>>4 byte 129 \b, hybrid @ L1
+>>4 byte 130 \b, hybrid @ L2
+>>4 byte 145 \b, advanced RT simple @ L!
+>>4 byte 146 \b, advanced RT simple @ L2
+>>4 byte 147 \b, advanced RT simple @ L3
+>>4 byte 148 \b, advanced RT simple @ L4
+>>4 byte 161 \b, core scalable @ L1
+>>4 byte 162 \b, core scalable @ L2
+>>4 byte 163 \b, core scalable @ L3
+>>4 byte 177 \b, advanced coding efficiency @ L1
+>>4 byte 178 \b, advanced coding efficiency @ L2
+>>4 byte 179 \b, advanced coding efficiency @ L3
+>>4 byte 180 \b, advanced coding efficiency @ L4
+>>4 byte 193 \b, advanced core @ L1
+>>4 byte 194 \b, advanced core @ L2
+>>4 byte 209 \b, advanced scalable texture @ L1
+>>4 byte 210 \b, advanced scalable texture @ L2
+>>4 byte 211 \b, advanced scalable texture @ L3
+>>4 byte 225 \b, simple studio @ L1
+>>4 byte 226 \b, simple studio @ L2
+>>4 byte 227 \b, simple studio @ L3
+>>4 byte 228 \b, simple studio @ L4
+>>4 byte 229 \b, core studio @ L1
+>>4 byte 230 \b, core studio @ L2
+>>4 byte 231 \b, core studio @ L3
+>>4 byte 232 \b, core studio @ L4
+>>4 byte 240 \b, advanced simple @ L0
+>>4 byte 241 \b, advanced simple @ L1
+>>4 byte 242 \b, advanced simple @ L2
+>>4 byte 243 \b, advanced simple @ L3
+>>4 byte 244 \b, advanced simple @ L4
+>>4 byte 245 \b, advanced simple @ L5
+>>4 byte 247 \b, advanced simple @ L3b
+>>4 byte 248 \b, FGS @ L0
+>>4 byte 249 \b, FGS @ L1
+>>4 byte 250 \b, FGS @ L2
+>>4 byte 251 \b, FGS @ L3
+>>4 byte 252 \b, FGS @ L4
+>>4 byte 253 \b, FGS @ L5
+>3 byte 0xB5 MPEG sequence, v4
+!:mime video/mpeg4-generic
+>>4 byte &0x80
+>>>5 byte&0xF0 16 \b, video (missing profile header)
+>>>5 byte&0xF0 32 \b, still texture (missing profile header)
+>>>5 byte&0xF0 48 \b, mesh (missing profile header)
+>>>5 byte&0xF0 64 \b, face (missing profile header)
+>>4 byte&0xF8 8 \b, video (missing profile header)
+>>4 byte&0xF8 16 \b, still texture (missing profile header)
+>>4 byte&0xF8 24 \b, mesh (missing profile header)
+>>4 byte&0xF8 32 \b, face (missing profile header)
+>3 byte 0xB3 MPEG sequence
+!:mime video/mpeg
+>>12 belong 0x000001B8 \b, v1, progressive Y'CbCr 4:2:0 video
+>>12 belong 0x000001B2 \b, v1, progressive Y'CbCr 4:2:0 video
+>>12 belong 0x000001B5 \b, v2,
+>>>16 byte&0x0F 1 \b HP
+>>>16 byte&0x0F 2 \b Spt
+>>>16 byte&0x0F 3 \b SNR
+>>>16 byte&0x0F 4 \b MP
+>>>16 byte&0x0F 5 \b SP
+>>>17 byte&0xF0 64 \b@HL
+>>>17 byte&0xF0 96 \b@H-14
+>>>17 byte&0xF0 128 \b@ML
+>>>17 byte&0xF0 160 \b@LL
+>>>17 byte &0x08 \b progressive
+>>>17 byte ^0x08 \b interlaced
+>>>17 byte&0x06 2 \b Y'CbCr 4:2:0 video
+>>>17 byte&0x06 4 \b Y'CbCr 4:2:2 video
+>>>17 byte&0x06 6 \b Y'CbCr 4:4:4 video
+>>11 byte &0x02
+>>>75 byte &0x01
+>>>>140 belong 0x000001B8 \b, v1, progressive Y'CbCr 4:2:0 video
+>>>>140 belong 0x000001B2 \b, v1, progressive Y'CbCr 4:2:0 video
+>>>>140 belong 0x000001B5 \b, v2,
+>>>>>144 byte&0x0F 1 \b HP
+>>>>>144 byte&0x0F 2 \b Spt
+>>>>>144 byte&0x0F 3 \b SNR
+>>>>>144 byte&0x0F 4 \b MP
+>>>>>144 byte&0x0F 5 \b SP
+>>>>>145 byte&0xF0 64 \b@HL
+>>>>>145 byte&0xF0 96 \b@H-14
+>>>>>145 byte&0xF0 128 \b@ML
+>>>>>145 byte&0xF0 160 \b@LL
+>>>>>145 byte &0x08 \b progressive
+>>>>>145 byte ^0x08 \b interlaced
+>>>>>145 byte&0x06 2 \b Y'CbCr 4:2:0 video
+>>>>>145 byte&0x06 4 \b Y'CbCr 4:2:2 video
+>>>>>145 byte&0x06 6 \b Y'CbCr 4:4:4 video
+>>76 belong 0x000001B8 \b, v1, progressive Y'CbCr 4:2:0 video
+>>76 belong 0x000001B2 \b, v1, progressive Y'CbCr 4:2:0 video
+>>76 belong 0x000001B5 \b, v2,
+>>>80 byte&0x0F 1 \b HP
+>>>80 byte&0x0F 2 \b Spt
+>>>80 byte&0x0F 3 \b SNR
+>>>80 byte&0x0F 4 \b MP
+>>>80 byte&0x0F 5 \b SP
+>>>81 byte&0xF0 64 \b@HL
+>>>81 byte&0xF0 96 \b@H-14
+>>>81 byte&0xF0 128 \b@ML
+>>>81 byte&0xF0 160 \b@LL
+>>>81 byte &0x08 \b progressive
+>>>81 byte ^0x08 \b interlaced
+>>>81 byte&0x06 2 \b Y'CbCr 4:2:0 video
+>>>81 byte&0x06 4 \b Y'CbCr 4:2:2 video
+>>>81 byte&0x06 6 \b Y'CbCr 4:4:4 video
+>>4 belong&0xFFFFFF00 0x78043800 \b, HD-TV 1920P
+>>>7 byte&0xF0 0x10 \b, 16:9
+>>4 belong&0xFFFFFF00 0x50002D00 \b, SD-TV 1280I
+>>>7 byte&0xF0 0x10 \b, 16:9
+>>4 belong&0xFFFFFF00 0x30024000 \b, PAL Capture
+>>>7 byte&0xF0 0x10 \b, 4:3
+>>4 beshort&0xFFF0 0x2C00 \b, 4CIF
+>>>5 beshort&0x0FFF 0x01E0 \b NTSC
+>>>5 beshort&0x0FFF 0x0240 \b PAL
+>>>7 byte&0xF0 0x20 \b, 4:3
+>>>7 byte&0xF0 0x30 \b, 16:9
+>>>7 byte&0xF0 0x40 \b, 11:5
+>>>7 byte&0xF0 0x80 \b, PAL 4:3
+>>>7 byte&0xF0 0xC0 \b, NTSC 4:3
+>>4 belong&0xFFFFFF00 0x2801E000 \b, LD-TV 640P
+>>>7 byte&0xF0 0x10 \b, 4:3
+>>4 belong&0xFFFFFF00 0x1400F000 \b, 320x240
+>>>7 byte&0xF0 0x10 \b, 4:3
+>>4 belong&0xFFFFFF00 0x0F00A000 \b, 240x160
+>>>7 byte&0xF0 0x10 \b, 4:3
+>>4 belong&0xFFFFFF00 0x0A007800 \b, 160x120
+>>>7 byte&0xF0 0x10 \b, 4:3
+>>4 beshort&0xFFF0 0x1600 \b, CIF
+>>>5 beshort&0x0FFF 0x00F0 \b NTSC
+>>>5 beshort&0x0FFF 0x0120 \b PAL
+>>>7 byte&0xF0 0x20 \b, 4:3
+>>>7 byte&0xF0 0x30 \b, 16:9
+>>>7 byte&0xF0 0x40 \b, 11:5
+>>>7 byte&0xF0 0x80 \b, PAL 4:3
+>>>7 byte&0xF0 0xC0 \b, NTSC 4:3
+>>>5 beshort&0x0FFF 0x0240 \b PAL 625
+>>>>7 byte&0xF0 0x20 \b, 4:3
+>>>>7 byte&0xF0 0x30 \b, 16:9
+>>>>7 byte&0xF0 0x40 \b, 11:5
+>>4 beshort&0xFFF0 0x2D00 \b, CCIR/ITU
+>>>5 beshort&0x0FFF 0x01E0 \b NTSC 525
+>>>5 beshort&0x0FFF 0x0240 \b PAL 625
+>>>7 byte&0xF0 0x20 \b, 4:3
+>>>7 byte&0xF0 0x30 \b, 16:9
+>>>7 byte&0xF0 0x40 \b, 11:5
+>>4 beshort&0xFFF0 0x1E00 \b, SVCD
+>>>5 beshort&0x0FFF 0x01E0 \b NTSC 525
+>>>5 beshort&0x0FFF 0x0240 \b PAL 625
+>>>7 byte&0xF0 0x20 \b, 4:3
+>>>7 byte&0xF0 0x30 \b, 16:9
+>>>7 byte&0xF0 0x40 \b, 11:5
+>>7 byte&0x0F 1 \b, 23.976 fps
+>>7 byte&0x0F 2 \b, 24 fps
+>>7 byte&0x0F 3 \b, 25 fps
+>>7 byte&0x0F 4 \b, 29.97 fps
+>>7 byte&0x0F 5 \b, 30 fps
+>>7 byte&0x0F 6 \b, 50 fps
+>>7 byte&0x0F 7 \b, 59.94 fps
+>>7 byte&0x0F 8 \b, 60 fps
+>>11 byte &0x04 \b, Constrained
+
+# MPEG ADTS Audio (*.mpx/mxa/aac)
+# from dreesen@math.fu-berlin.de
+# modified to fully support MPEG ADTS
+
+# MP3, M1A
+# modified by Joerg Jenderek
+# GRR the original test are too common for many DOS files
+# so don't accept as MP3 until we've tested the rate
+# But also beat GEMDOS fonts
+0 beshort&0xFFFE 0xFFFA
+# rates
+>2 byte&0xF0 !0
+>>2 byte&0xF0 !0xF0 MPEG ADTS, layer III, v1
+!:strength +20
+!:mime audio/mpeg
+>2 byte&0xF0 0x10 \b, 32 kbps
+>2 byte&0xF0 0x20 \b, 40 kbps
+>2 byte&0xF0 0x30 \b, 48 kbps
+>2 byte&0xF0 0x40 \b, 56 kbps
+>2 byte&0xF0 0x50 \b, 64 kbps
+>2 byte&0xF0 0x60 \b, 80 kbps
+>2 byte&0xF0 0x70 \b, 96 kbps
+>2 byte&0xF0 0x80 \b, 112 kbps
+>2 byte&0xF0 0x90 \b, 128 kbps
+>2 byte&0xF0 0xA0 \b, 160 kbps
+>2 byte&0xF0 0xB0 \b, 192 kbps
+>2 byte&0xF0 0xC0 \b, 224 kbps
+>2 byte&0xF0 0xD0 \b, 256 kbps
+>2 byte&0xF0 0xE0 \b, 320 kbps
+# timing
+>2 byte&0x0C 0x00 \b, 44.1 kHz
+>2 byte&0x0C 0x04 \b, 48 kHz
+>2 byte&0x0C 0x08 \b, 32 kHz
+# channels/options
+>3 byte&0xC0 0x00 \b, Stereo
+>3 byte&0xC0 0x40 \b, JntStereo
+>3 byte&0xC0 0x80 \b, 2x Monaural
+>3 byte&0xC0 0xC0 \b, Monaural
+#>1 byte ^0x01 \b, Data Verify
+#>2 byte &0x02 \b, Packet Pad
+#>2 byte &0x01 \b, Custom Flag
+#>3 byte &0x08 \b, Copyrighted
+#>3 byte &0x04 \b, Original Source
+#>3 byte&0x03 1 \b, NR: 50/15 ms
+#>3 byte&0x03 3 \b, NR: CCIT J.17
+
+# MP2, M1A
+0 beshort&0xFFFE 0xFFFC MPEG ADTS, layer II, v1
+!:mime audio/mpeg
+# rates
+>2 byte&0xF0 0x10 \b, 32 kbps
+>2 byte&0xF0 0x20 \b, 48 kbps
+>2 byte&0xF0 0x30 \b, 56 kbps
+>2 byte&0xF0 0x40 \b, 64 kbps
+>2 byte&0xF0 0x50 \b, 80 kbps
+>2 byte&0xF0 0x60 \b, 96 kbps
+>2 byte&0xF0 0x70 \b, 112 kbps
+>2 byte&0xF0 0x80 \b, 128 kbps
+>2 byte&0xF0 0x90 \b, 160 kbps
+>2 byte&0xF0 0xA0 \b, 192 kbps
+>2 byte&0xF0 0xB0 \b, 224 kbps
+>2 byte&0xF0 0xC0 \b, 256 kbps
+>2 byte&0xF0 0xD0 \b, 320 kbps
+>2 byte&0xF0 0xE0 \b, 384 kbps
+# timing
+>2 byte&0x0C 0x00 \b, 44.1 kHz
+>2 byte&0x0C 0x04 \b, 48 kHz
+>2 byte&0x0C 0x08 \b, 32 kHz
+# channels/options
+>3 byte&0xC0 0x00 \b, Stereo
+>3 byte&0xC0 0x40 \b, JntStereo
+>3 byte&0xC0 0x80 \b, 2x Monaural
+>3 byte&0xC0 0xC0 \b, Monaural
+#>1 byte ^0x01 \b, Data Verify
+#>2 byte &0x02 \b, Packet Pad
+#>2 byte &0x01 \b, Custom Flag
+#>3 byte &0x08 \b, Copyrighted
+#>3 byte &0x04 \b, Original Source
+#>3 byte&0x03 1 \b, NR: 50/15 ms
+#>3 byte&0x03 3 \b, NR: CCIT J.17
+
+# MPA, M1A
+# updated by Joerg Jenderek
+# GRR the original test are too common for many DOS files, so test 32 <= kbits <= 448
+# GRR this test is still too general as it catches a BOM of UTF-16 files (0xFFFE)
+# FIXME: Almost all little endian UTF-16 text with BOM are clobbered by these entries
+#0 beshort&0xFFFE 0xFFFE
+#>2 ubyte&0xF0 >0x0F
+#>>2 ubyte&0xF0 <0xE1 MPEG ADTS, layer I, v1
+## rate
+#>>>2 byte&0xF0 0x10 \b, 32 kbps
+#>>>2 byte&0xF0 0x20 \b, 64 kbps
+#>>>2 byte&0xF0 0x30 \b, 96 kbps
+#>>>2 byte&0xF0 0x40 \b, 128 kbps
+#>>>2 byte&0xF0 0x50 \b, 160 kbps
+#>>>2 byte&0xF0 0x60 \b, 192 kbps
+#>>>2 byte&0xF0 0x70 \b, 224 kbps
+#>>>2 byte&0xF0 0x80 \b, 256 kbps
+#>>>2 byte&0xF0 0x90 \b, 288 kbps
+#>>>2 byte&0xF0 0xA0 \b, 320 kbps
+#>>>2 byte&0xF0 0xB0 \b, 352 kbps
+#>>>2 byte&0xF0 0xC0 \b, 384 kbps
+#>>>2 byte&0xF0 0xD0 \b, 416 kbps
+#>>>2 byte&0xF0 0xE0 \b, 448 kbps
+## timing
+#>>>2 byte&0x0C 0x00 \b, 44.1 kHz
+#>>>2 byte&0x0C 0x04 \b, 48 kHz
+#>>>2 byte&0x0C 0x08 \b, 32 kHz
+## channels/options
+#>>>3 byte&0xC0 0x00 \b, Stereo
+#>>>3 byte&0xC0 0x40 \b, JntStereo
+#>>>3 byte&0xC0 0x80 \b, 2x Monaural
+#>>>3 byte&0xC0 0xC0 \b, Monaural
+##>1 byte ^0x01 \b, Data Verify
+##>2 byte &0x02 \b, Packet Pad
+##>2 byte &0x01 \b, Custom Flag
+##>3 byte &0x08 \b, Copyrighted
+##>3 byte &0x04 \b, Original Source
+##>3 byte&0x03 1 \b, NR: 50/15 ms
+##>3 byte&0x03 3 \b, NR: CCIT J.17
+
+# MP3, M2A
+0 beshort&0xFFFE 0xFFF2 MPEG ADTS, layer III, v2
+!:mime audio/mpeg
+# rate
+>2 byte&0xF0 0x10 \b, 8 kbps
+>2 byte&0xF0 0x20 \b, 16 kbps
+>2 byte&0xF0 0x30 \b, 24 kbps
+>2 byte&0xF0 0x40 \b, 32 kbps
+>2 byte&0xF0 0x50 \b, 40 kbps
+>2 byte&0xF0 0x60 \b, 48 kbps
+>2 byte&0xF0 0x70 \b, 56 kbps
+>2 byte&0xF0 0x80 \b, 64 kbps
+>2 byte&0xF0 0x90 \b, 80 kbps
+>2 byte&0xF0 0xA0 \b, 96 kbps
+>2 byte&0xF0 0xB0 \b, 112 kbps
+>2 byte&0xF0 0xC0 \b, 128 kbps
+>2 byte&0xF0 0xD0 \b, 144 kbps
+>2 byte&0xF0 0xE0 \b, 160 kbps
+# timing
+>2 byte&0x0C 0x00 \b, 22.05 kHz
+>2 byte&0x0C 0x04 \b, 24 kHz
+>2 byte&0x0C 0x08 \b, 16 kHz
+# channels/options
+>3 byte&0xC0 0x00 \b, Stereo
+>3 byte&0xC0 0x40 \b, JntStereo
+>3 byte&0xC0 0x80 \b, 2x Monaural
+>3 byte&0xC0 0xC0 \b, Monaural
+#>1 byte ^0x01 \b, Data Verify
+#>2 byte &0x02 \b, Packet Pad
+#>2 byte &0x01 \b, Custom Flag
+#>3 byte &0x08 \b, Copyrighted
+#>3 byte &0x04 \b, Original Source
+#>3 byte&0x03 1 \b, NR: 50/15 ms
+#>3 byte&0x03 3 \b, NR: CCIT J.17
+
+# MP2, M2A
+0 beshort&0xFFFE 0xFFF4 MPEG ADTS, layer II, v2
+!:mime audio/mpeg
+# rate
+>2 byte&0xF0 0x10 \b, 8 kbps
+>2 byte&0xF0 0x20 \b, 16 kbps
+>2 byte&0xF0 0x30 \b, 24 kbps
+>2 byte&0xF0 0x40 \b, 32 kbps
+>2 byte&0xF0 0x50 \b, 40 kbps
+>2 byte&0xF0 0x60 \b, 48 kbps
+>2 byte&0xF0 0x70 \b, 56 kbps
+>2 byte&0xF0 0x80 \b, 64 kbps
+>2 byte&0xF0 0x90 \b, 80 kbps
+>2 byte&0xF0 0xA0 \b, 96 kbps
+>2 byte&0xF0 0xB0 \b, 112 kbps
+>2 byte&0xF0 0xC0 \b, 128 kbps
+>2 byte&0xF0 0xD0 \b, 144 kbps
+>2 byte&0xF0 0xE0 \b, 160 kbps
+# timing
+>2 byte&0x0C 0x00 \b, 22.05 kHz
+>2 byte&0x0C 0x04 \b, 24 kHz
+>2 byte&0x0C 0x08 \b, 16 kHz
+# channels/options
+>3 byte&0xC0 0x00 \b, Stereo
+>3 byte&0xC0 0x40 \b, JntStereo
+>3 byte&0xC0 0x80 \b, 2x Monaural
+>3 byte&0xC0 0xC0 \b, Monaural
+#>1 byte ^0x01 \b, Data Verify
+#>2 byte &0x02 \b, Packet Pad
+#>2 byte &0x01 \b, Custom Flag
+#>3 byte &0x08 \b, Copyrighted
+#>3 byte &0x04 \b, Original Source
+#>3 byte&0x03 1 \b, NR: 50/15 ms
+#>3 byte&0x03 3 \b, NR: CCIT J.17
+
+# MPA, M2A
+0 beshort&0xFFFE 0xFFF6 MPEG ADTS, layer I, v2
+!:mime audio/mpeg
+# rate
+>2 byte&0xF0 0x10 \b, 32 kbps
+>2 byte&0xF0 0x20 \b, 48 kbps
+>2 byte&0xF0 0x30 \b, 56 kbps
+>2 byte&0xF0 0x40 \b, 64 kbps
+>2 byte&0xF0 0x50 \b, 80 kbps
+>2 byte&0xF0 0x60 \b, 96 kbps
+>2 byte&0xF0 0x70 \b, 112 kbps
+>2 byte&0xF0 0x80 \b, 128 kbps
+>2 byte&0xF0 0x90 \b, 144 kbps
+>2 byte&0xF0 0xA0 \b, 160 kbps
+>2 byte&0xF0 0xB0 \b, 176 kbps
+>2 byte&0xF0 0xC0 \b, 192 kbps
+>2 byte&0xF0 0xD0 \b, 224 kbps
+>2 byte&0xF0 0xE0 \b, 256 kbps
+# timing
+>2 byte&0x0C 0x00 \b, 22.05 kHz
+>2 byte&0x0C 0x04 \b, 24 kHz
+>2 byte&0x0C 0x08 \b, 16 kHz
+# channels/options
+>3 byte&0xC0 0x00 \b, Stereo
+>3 byte&0xC0 0x40 \b, JntStereo
+>3 byte&0xC0 0x80 \b, 2x Monaural
+>3 byte&0xC0 0xC0 \b, Monaural
+#>1 byte ^0x01 \b, Data Verify
+#>2 byte &0x02 \b, Packet Pad
+#>2 byte &0x01 \b, Custom Flag
+#>3 byte &0x08 \b, Copyrighted
+#>3 byte &0x04 \b, Original Source
+#>3 byte&0x03 1 \b, NR: 50/15 ms
+#>3 byte&0x03 3 \b, NR: CCIT J.17
+
+# MP3, M25A
+0 beshort&0xFFFE 0xFFE2 MPEG ADTS, layer III, v2.5
+!:mime audio/mpeg
+# rate
+>2 byte&0xF0 0x10 \b, 8 kbps
+>2 byte&0xF0 0x20 \b, 16 kbps
+>2 byte&0xF0 0x30 \b, 24 kbps
+>2 byte&0xF0 0x40 \b, 32 kbps
+>2 byte&0xF0 0x50 \b, 40 kbps
+>2 byte&0xF0 0x60 \b, 48 kbps
+>2 byte&0xF0 0x70 \b, 56 kbps
+>2 byte&0xF0 0x80 \b, 64 kbps
+>2 byte&0xF0 0x90 \b, 80 kbps
+>2 byte&0xF0 0xA0 \b, 96 kbps
+>2 byte&0xF0 0xB0 \b, 112 kbps
+>2 byte&0xF0 0xC0 \b, 128 kbps
+>2 byte&0xF0 0xD0 \b, 144 kbps
+>2 byte&0xF0 0xE0 \b, 160 kbps
+# timing
+>2 byte&0x0C 0x00 \b, 11.025 kHz
+>2 byte&0x0C 0x04 \b, 12 kHz
+>2 byte&0x0C 0x08 \b, 8 kHz
+# channels/options
+>3 byte&0xC0 0x00 \b, Stereo
+>3 byte&0xC0 0x40 \b, JntStereo
+>3 byte&0xC0 0x80 \b, 2x Monaural
+>3 byte&0xC0 0xC0 \b, Monaural
+#>1 byte ^0x01 \b, Data Verify
+#>2 byte &0x02 \b, Packet Pad
+#>2 byte &0x01 \b, Custom Flag
+#>3 byte &0x08 \b, Copyrighted
+#>3 byte &0x04 \b, Original Source
+#>3 byte&0x03 1 \b, NR: 50/15 ms
+#>3 byte&0x03 3 \b, NR: CCIT J.17
+
+# AAC (aka MPEG-2 NBC audio) and MPEG-4 audio
+
+# Stored AAC streams (instead of the MP4 format)
+0 string ADIF MPEG ADIF, AAC
+!:mime audio/x-hx-aac-adif
+>4 byte &0x80
+>>13 byte &0x10 \b, VBR
+>>13 byte ^0x10 \b, CBR
+>>16 byte&0x1E 0x02 \b, single stream
+>>16 byte&0x1E 0x04 \b, 2 streams
+>>16 byte&0x1E 0x06 \b, 3 streams
+>>16 byte &0x08 \b, 4 or more streams
+>>16 byte &0x10 \b, 8 or more streams
+>>4 byte &0x80 \b, Copyrighted
+>>13 byte &0x40 \b, Original Source
+>>13 byte &0x20 \b, Home Flag
+>4 byte ^0x80
+>>4 byte &0x10 \b, VBR
+>>4 byte ^0x10 \b, CBR
+>>7 byte&0x1E 0x02 \b, single stream
+>>7 byte&0x1E 0x04 \b, 2 streams
+>>7 byte&0x1E 0x06 \b, 3 streams
+>>7 byte &0x08 \b, 4 or more streams
+>>7 byte &0x10 \b, 8 or more streams
+>>4 byte &0x40 \b, Original Stream(s)
+>>4 byte &0x20 \b, Home Source
+
+# Live or stored single AAC stream (used with MPEG-2 systems)
+0 beshort&0xFFF6 0xFFF0 MPEG ADTS, AAC
+!:mime audio/x-hx-aac-adts
+>1 byte &0x08 \b, v2
+>1 byte ^0x08 \b, v4
+# profile
+>>2 byte &0xC0 \b LTP
+>2 byte&0xc0 0x00 \b Main
+>2 byte&0xc0 0x40 \b LC
+>2 byte&0xc0 0x80 \b SSR
+# timing
+>2 byte&0x3c 0x00 \b, 96 kHz
+>2 byte&0x3c 0x04 \b, 88.2 kHz
+>2 byte&0x3c 0x08 \b, 64 kHz
+>2 byte&0x3c 0x0c \b, 48 kHz
+>2 byte&0x3c 0x10 \b, 44.1 kHz
+>2 byte&0x3c 0x14 \b, 32 kHz
+>2 byte&0x3c 0x18 \b, 24 kHz
+>2 byte&0x3c 0x1c \b, 22.05 kHz
+>2 byte&0x3c 0x20 \b, 16 kHz
+>2 byte&0x3c 0x24 \b, 12 kHz
+>2 byte&0x3c 0x28 \b, 11.025 kHz
+>2 byte&0x3c 0x2c \b, 8 kHz
+# channels
+>2 beshort&0x01c0 0x0040 \b, monaural
+>2 beshort&0x01c0 0x0080 \b, stereo
+>2 beshort&0x01c0 0x00c0 \b, stereo + center
+>2 beshort&0x01c0 0x0100 \b, stereo+center+LFE
+>2 beshort&0x01c0 0x0140 \b, surround
+>2 beshort&0x01c0 0x0180 \b, surround + LFE
+>2 beshort &0x01C0 \b, surround + side
+#>1 byte ^0x01 \b, Data Verify
+#>2 byte &0x02 \b, Custom Flag
+#>3 byte &0x20 \b, Original Stream
+#>3 byte &0x10 \b, Home Source
+#>3 byte &0x08 \b, Copyrighted
+
+# Live MPEG-4 audio streams (instead of RTP FlexMux)
+0 beshort&0xFFE0 0x56E0 MPEG-4 LOAS
+!:mime audio/x-mp4a-latm
+#>1 beshort&0x1FFF x \b, %hu byte packet
+>3 byte&0xE0 0x40
+>>4 byte&0x3C 0x04 \b, single stream
+>>4 byte&0x3C 0x08 \b, 2 streams
+>>4 byte&0x3C 0x0C \b, 3 streams
+>>4 byte &0x08 \b, 4 or more streams
+>>4 byte &0x20 \b, 8 or more streams
+>3 byte&0xC0 0
+>>4 byte&0x78 0x08 \b, single stream
+>>4 byte&0x78 0x10 \b, 2 streams
+>>4 byte&0x78 0x18 \b, 3 streams
+>>4 byte &0x20 \b, 4 or more streams
+>>4 byte &0x40 \b, 8 or more streams
+# This magic isn't strong enough (matches plausible ISO-8859-1 text)
+#0 beshort 0x4DE1 MPEG-4 LO-EP audio stream
+#!:mime audio/x-mp4a-latm
+
+# Summary: FLI animation format
+# Created by: Daniel Quinlan <quinlan@yggdrasil.com>
+# Modified by (1): Abel Cheung <abelcheung@gmail.com> (avoid over-generic detection)
+4 leshort 0xAF11
+# standard FLI always has 320x200 resolution and 8 bit color
+>8 leshort 320
+>>10 leshort 200
+>>>12 leshort 8 FLI animation, 320x200x8
+!:mime video/x-fli
+>>>>6 leshort x \b, %d frames
+# frame speed is multiple of 1/70s
+>>>>16 leshort x \b, %d/70s per frame
+
+# Summary: FLC animation format
+# Created by: Daniel Quinlan <quinlan@yggdrasil.com>
+# Modified by (1): Abel Cheung <abelcheung@gmail.com> (avoid over-generic detection)
+4 leshort 0xAF12
+# standard FLC always use 8 bit color
+>12 leshort 8 FLC animation
+!:mime video/x-flc
+>>8 leshort x \b, %d
+>>10 leshort x \bx%dx8
+>>6 uleshort x \b, %d frames
+>>16 uleshort x \b, %dms per frame
+
+# DL animation format
+# XXX - collision with most `mips' magic
+#
+# I couldn't find a real magic number for these, however, this
+# -appears- to work. Note that it might catch other files, too, so be
+# careful!
+#
+# Note that title and author appear in the two 20-byte chunks
+# at decimal offsets 2 and 22, respectively, but they are XOR'ed with
+# 255 (hex FF)! The DL format is really bad.
+#
+#0 byte 1 DL version 1, medium format (160x100, 4 images/screen)
+#!:mime video/x-unknown
+#>42 byte x - %d screens,
+#>43 byte x %d commands
+#0 byte 2 DL version 2
+#!:mime video/x-unknown
+#>1 byte 1 - large format (320x200,1 image/screen),
+#>1 byte 2 - medium format (160x100,4 images/screen),
+#>1 byte >2 - unknown format,
+#>42 byte x %d screens,
+#>43 byte x %d commands
+# Based on empirical evidence, DL version 3 have several nulls following the
+# \003. Most of them start with non-null values at hex offset 0x34 or so.
+#0 string \3\0\0\0\0\0\0\0\0\0\0\0 DL version 3
+
+# iso 13818 transport stream
+#
+# from Oskar Schirmer <schirmer@scara.com> Feb 3, 2001 (ISO 13818.1)
+# syncbyte 8 bit 0x47
+# error_ind 1 bit -
+# payload_start 1 bit 1
+# priority 1 bit -
+# PID 13 bit 0x0000
+# scrambling 2 bit -
+# adaptfld_ctrl 2 bit 1 or 3
+# conti_count 4 bit -
+0 belong&0xFF5FFF10 0x47400010
+>188 byte 0x47 MPEG transport stream data
+!:mime video/MP2T
+!:ext ts
+
+# Blu-ray disc Audio-Video MPEG-2 transport stream
+# From: Alexandre Iooss <erdnaxe@crans.org>
+# URL: https://en.wikipedia.org/wiki/MPEG_transport_stream
+# Note: similar to ISO 13818.1 but with 4 extra bytes per packets
+4 belong&0xFF5FFF10 =0x47400010
+>196 byte =0x47 BDAV MPEG-2 Transport Stream (M2TS)
+!:mime video/MP2T
+!:ext m2ts/mts
+
+# DIF digital video file format <mpruett@sgi.com>
+0 belong&0xffffff00 0x1f070000 DIF
+!:mime video/x-dv
+>4 byte &0x01 (DVCPRO) movie file
+>4 byte ^0x01 (DV) movie file
+>3 byte &0x80 (PAL)
+>3 byte ^0x80 (NTSC)
+
+# MNG Video Format, <URL:http://www.libpng.org/pub/mng/spec/>
+0 string \x8aMNG MNG video data,
+!:mime video/x-mng
+>4 belong !0x0d0a1a0a CORRUPTED,
+>4 belong 0x0d0a1a0a
+>>16 belong x %d x
+>>20 belong x %d
+
+# JNG Video Format, <URL:http://www.libpng.org/pub/mng/spec/>
+0 string \x8bJNG JNG video data,
+!:mime video/x-jng
+>4 belong !0x0d0a1a0a CORRUPTED,
+>4 belong 0x0d0a1a0a
+>>16 belong x %d x
+>>20 belong x %d
+
+# Vivo video (Wolfram Kleff)
+3 string \x0D\x0AVersion:Vivo Vivo video data
+
+# ABC (alembic.io 3d models)
+0 string 0gawa ABC 3d model
+
+#---------------------------------------------------------------------------
+# HVQM4: compressed movie format designed by Hudson for Nintendo GameCube
+# From Mark Sheppard <msheppard@climax.co.uk>, 2002-10-03
+#
+0 string HVQM4 %s
+>6 string >\0 v%s
+>0 byte x GameCube movie,
+>0x34 ubeshort x %d x
+>0x36 ubeshort x %d,
+>0x26 ubeshort x %dus,
+>0x42 ubeshort 0 no audio
+>0x42 ubeshort >0 %dHz audio
+
+# From: Stefan A. Haubenthal <polluks@sdf.lonestar.org>
+# Update: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/VOB
+0 string DVDVIDEO-VTS Video title set,
+!:mime video/x-ifo
+!:ext ifo/bup
+>0x21 byte x v%x
+0 string DVDVIDEO-VMG Video manager,
+!:mime video/x-ifo
+!:ext ifo/bup
+>0x21 byte x v%x
+
+# From: Stefan A. Haubenthal <polluks@sdf.lonestar.org>
+0 string xMovieSetter MovieSetter movie
+0 string xSceneEditor MovieSetter movie
+
+# From: Behan Webster <behanw@websterwood.com>
+# NuppelVideo used by Mythtv (*.nuv)
+# Note: there are two identical stanzas here differing only in the
+# initial string matched. It used to be done with a regex, but we're
+# trying to get rid of those.
+0 string NuppelVideo MythTV NuppelVideo
+>12 string x v%s
+>20 lelong x (%d
+>24 lelong x \bx%d),
+>36 string P \bprogressive,
+>36 string I \binterlaced,
+>40 ledouble x \baspect:%.2f,
+>48 ledouble x \bfps:%.2f
+0 string MythTV MythTV NuppelVideo
+>12 string x v%s
+>20 lelong x (%d
+>24 lelong x \bx%d),
+>36 string P \bprogressive,
+>36 string I \binterlaced,
+>40 ledouble x \baspect:%.2f,
+>48 ledouble x \bfps:%.2f
+
+# MPEG file
+# MPEG sequences
+# FIXME: This section is from the old magic.mime file and needs
+# integrating with the rest
+#0 belong 0x000001BA
+#>4 byte &0x40
+#!:mime video/mp2p
+#>4 byte ^0x40
+#!:mime video/mpeg
+#0 belong 0x000001BB
+#!:mime video/mpeg
+#0 belong 0x000001B0
+#!:mime video/mp4v-es
+#0 belong 0x000001B5
+#!:mime video/mp4v-es
+#0 belong 0x000001B3
+#!:mime video/mpv
+#0 belong&0xFF5FFF10 0x47400010
+#!:mime video/mp2t
+#0 belong 0x00000001
+#>4 byte&0x1F 0x07
+#!:mime video/h264
+
+# Type: Bink Video
+# Extension: .bik
+# URL: https://wiki.multimedia.cx/index.php?title=Bink_Container
+# From: <hoehle@users.sourceforge.net> 2008-07-18
+0 name bik
+#>4 ulelong x size %d
+>20 ulelong x \b, %d
+>24 ulelong x \bx%d
+>8 ulelong x \b, %d frames
+>32 ulelong x at rate %d/
+>28 ulelong >1 \b%d
+>40 ulelong =0 \b, no audio
+>40 ulelong !0 \b, %d audio track
+>>40 ulelong !1 \bs
+# follow properties of the first audio track only
+>>48 uleshort x %dHz
+>>51 byte&0x20 0 mono
+>>51 byte&0x20 !0 stereo
+#>>51 byte&0x10 0 FFT
+#>>51 byte&0x10 !0 DCT
+
+0 string BIK
+>3 regex =[bdfghi] Bink Video rev.%s
+>>0 use bik
+
+0 string KB2
+>3 regex =[adfghi] Bink Video 2 rev.%s
+>>0 use bik
+
+# Type: NUT Container
+# URL: https://wiki.multimedia.cx/index.php?title=NUT
+# From: Adam Buchbinder <adam.buchbinder@gmail.com>
+0 string nut/multimedia\ container\0 NUT multimedia container
+
+# Type: Nullsoft Video (NSV)
+# URL: https://wiki.multimedia.cx/index.php?title=Nullsoft_Video
+# From: Mike Melanson <mike@multimedia.cx>
+0 string NSVf Nullsoft Video
+
+# Type: REDCode Video
+# URL: https://www.red.com/ ; https://wiki.multimedia.cx/index.php?title=REDCode
+# From: Mike Melanson <mike@multimedia.cx>
+4 string RED1 REDCode Video
+
+# Type: MTV Multimedia File
+# URL: https://wiki.multimedia.cx/index.php?title=MTV
+# From: Mike Melanson <mike@multimedia.cx>
+0 string AMVS MTV Multimedia File
+
+# Type: ARMovie
+# URL: https://wiki.multimedia.cx/index.php?title=ARMovie
+# From: Mike Melanson <mike@multimedia.cx>
+0 string ARMovie\012 ARMovie
+
+# Type: Interplay MVE Movie
+# URL: https://wiki.multimedia.cx/index.php?title=Interplay_MVE
+# From: Mike Melanson <mike@multimedia.cx>
+0 string Interplay\040MVE\040File\032 Interplay MVE Movie
+
+# Type: Windows Television DVR File
+# URL: https://wiki.multimedia.cx/index.php?title=WTV
+# From: Mike Melanson <mike@mutlimedia.cx>
+# This takes the form of a Windows-style GUID
+0 bequad 0xB7D800203749DA11
+>8 bequad 0xA64E0007E95EAD8D Windows Television DVR Media
+
+# Type: Sega FILM/CPK Multimedia
+# URL: https://wiki.multimedia.cx/index.php?title=Sega_FILM
+# From: Mike Melanson <mike@multimedia.cx>
+0 string FILM Sega FILM/CPK Multimedia,
+>32 belong x %d x
+>28 belong x %d
+
+# Type: Nintendo THP Multimedia
+# URL: https://wiki.multimedia.cx/index.php?title=THP
+# From: Mike Melanson <mike@multimedia.cx>
+0 string THP\0 Nintendo THP Multimedia
+
+# Type: BBC Dirac Video
+# URL: https://wiki.multimedia.cx/index.php?title=Dirac
+# From: Mike Melanson <mike@multimedia.cx>
+0 string BBCD BBC Dirac Video
+
+# Type: RAD Game Tools Smacker Multimedia
+# URL: https://wiki.multimedia.cx/index.php?title=Smacker
+# From: Mike Melanson <mike@multimedia.cx>
+0 string SMK RAD Game Tools Smacker Multimedia
+>3 byte x version %c,
+>4 lelong x %d x
+>8 lelong x %d,
+>12 lelong x %d frames
+
+# Material Exchange Format
+# More information:
+# https://en.wikipedia.org/wiki/Material_Exchange_Format
+# http://www.freemxf.org/
+0 string \x06\x0e\x2b\x34\x02\x05\x01\x01\x0d\x01\x02\x01\x01\x02 Material exchange container format
+!:ext mxf
+!:mime application/mxf
+
+# Recognize LucasArts Smush video files (cf.
+# https://wiki.multimedia.cx/index.php/Smush)
+0 string ANIM
+>8 string AHDR LucasArts Smush Animation Format (SAN) video
+0 string SANM
+>8 string SHDR LucasArts Smush v2 (SANM) video
+
+# Type: Scaleform video
+# Extension: .usm
+# URL: https://wiki.multimedia.cx/index.php/USM
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+0 string CRID
+>32 string @UTF Scaleform video
+
+# http://www.jerrysguide.com/tips/demystify-tvs-file-format.html
+0 string TVS\015\012
+>&0 string Version\040 TeamViewer Session File
+>>&0 string x \b, version %s
+
+# SER file format - simple uncompressed video format for astronomical use
+# Initially developed by Lucam Recorder,
+# as of 2021 maintained by Heiko Wilkens, Grischa Hahn
+# Typical extensions: .SER
+# http://www.grischa-hahn.homepage.t-online.de/astro/ser/SER%20Doc%20V3b.pdf
+0 string LUCAM-RECORDER SER video sequence
+!:ext ser
+>18 lelong 0 \b, bayer: mono
+>18 lelong 8 \b, bayer: RGGB
+>18 lelong 9 \b, bayer: GRBG
+>18 lelong 10 \b, bayer: GBRG
+>18 lelong 11 \b, bayer: BGGR
+>18 lelong 16 \b, bayer: CYYM
+>18 lelong 17 \b, bayer: YCMY
+>18 lelong 18 \b, bayer: YMCY
+>18 lelong 19 \b, bayer: MYYC
+>18 lelong 100 \b, bayer: RGB
+>18 lelong 101 \b, bayer: BGR
+>22 lelong 0 \b, big-endian
+>22 lelong 1 \b, little-endian
+>26 lelong x \b, width: %d
+>30 lelong x \b, height: %d
+>34 lelong x \b, %d bit
+>38 lelong x \b, frames: %d
+
+# https://wiki.multimedia.cx/index.php/Duck_IVF
+0 string DKIF Duck IVF video file
+!:mime video/x-ivf
+>4 leshort >0 \b, version %d
+>8 string x \b, codec %s
+>12 leshort x \b, %d
+>14 leshort x \bx%d
+>24 lelong >0 \b, %d frames
diff --git a/magic/Magdir/aout b/magic/Magdir/aout
new file mode 100644
index 0000000..69b6ec6
--- /dev/null
+++ b/magic/Magdir/aout
@@ -0,0 +1,46 @@
+
+#------------------------------------------------------------------------------
+# $File: aout,v 1.1 2013/01/09 22:37:23 christos Exp $
+# aout: file(1) magic for a.out executable/object/etc entries that
+# handle executables on multiple platforms.
+#
+
+#
+# Little-endian 32-bit-int a.out, merged from bsdi (for BSD/OS, from
+# BSDI), netbsd, and vax (for UNIX/32V and BSD)
+#
+# XXX - is there anything we can look at to distinguish BSD/OS 386 from
+# NetBSD 386 from various VAX binaries? The BSD/OS shared library flag
+# works only for binaries using shared libraries. Grabbing the entry
+# point from the a.out header, using it to find the first code executed
+# in the program, and looking at that might help.
+#
+0 lelong 0407 a.out little-endian 32-bit executable
+>16 lelong >0 not stripped
+>32 byte 0x6a (uses BSD/OS shared libs)
+
+0 lelong 0410 a.out little-endian 32-bit pure executable
+>16 lelong >0 not stripped
+>32 byte 0x6a (uses BSD/OS shared libs)
+
+0 lelong 0413 a.out little-endian 32-bit demand paged pure executable
+>16 lelong >0 not stripped
+>32 byte 0x6a (uses BSD/OS shared libs)
+
+#
+# Big-endian 32-bit-int a.out, merged from sun (for old 68010 SunOS a.out),
+# mips (for old 68020(!) SGI a.out), and netbsd (for old big-endian a.out).
+#
+# XXX - is there anything we can look at to distinguish old SunOS 68010
+# from old 68020 IRIX from old NetBSD? Again, I guess we could look at
+# the first instruction or instructions in the program.
+#
+0 belong 0407 a.out big-endian 32-bit executable
+>16 belong >0 not stripped
+
+0 belong 0410 a.out big-endian 32-bit pure executable
+>16 belong >0 not stripped
+
+0 belong 0413 a.out big-endian 32-bit demand paged executable
+>16 belong >0 not stripped
+
diff --git a/magic/Magdir/apache b/magic/Magdir/apache
new file mode 100755
index 0000000..d896b50
--- /dev/null
+++ b/magic/Magdir/apache
@@ -0,0 +1,28 @@
+
+#------------------------------------------------------------------------------
+# $File: apache,v 1.1 2017/04/11 14:52:15 christos Exp $
+# apache: file(1) magic for Apache Big Data formats
+
+# Avro files
+0 string Obj Apache Avro
+>3 byte x version %d
+
+# ORC files
+# Important information is in file footer, which we can't index to :(
+0 string ORC Apache ORC
+
+# Parquet files
+0 string PAR1 Apache Parquet
+
+# Hive RC files
+0 string RCF Apache Hive RC file
+>3 byte x version %d
+
+# Sequence files (and the careless first version of RC file)
+
+0 string SEQ
+>3 byte <6 Apache Hadoop Sequence file version %d
+>3 byte >6 Apache Hadoop Sequence file version %d
+>3 byte =6
+>>5 string org.apache.hadoop.hive.ql.io.RCFile$KeyBuffer Apache Hive RC file version 0
+>>3 default x Apache Hadoop Sequence file version 6
diff --git a/magic/Magdir/apl b/magic/Magdir/apl
new file mode 100644
index 0000000..d717e37
--- /dev/null
+++ b/magic/Magdir/apl
@@ -0,0 +1,7 @@
+
+#------------------------------------------------------------------------------
+# $File: apl,v 1.6 2009/09/19 16:28:07 christos Exp $
+# apl: file(1) magic for APL (see also "pdp" and "vax" for other APL
+# workspaces)
+#
+0 long 0100554 APL workspace (Ken's original?)
diff --git a/magic/Magdir/apple b/magic/Magdir/apple
new file mode 100644
index 0000000..547b0ac
--- /dev/null
+++ b/magic/Magdir/apple
@@ -0,0 +1,773 @@
+
+#------------------------------------------------------------------------------
+# $File: apple,v 1.48 2023/05/01 14:20:21 christos Exp $
+# apple: file(1) magic for Apple file formats
+#
+0 search/1/t FiLeStArTfIlEsTaRt binscii (apple ][) text
+0 string \x0aGL Binary II (apple ][) data
+0 string \x76\xff Squeezed (apple ][) data
+0 string NuFile NuFile archive (apple ][) data
+0 string N\xf5F\xe9l\xe5 NuFile archive (apple ][) data
+0 belong 0x00051600 AppleSingle encoded Macintosh file
+0 belong 0x00051607 AppleDouble encoded Macintosh file
+
+# Type: Apple Emulator A2R format
+# From: Greg Wildman <greg@apple2.org.za>
+# Ref: https://applesaucefdc.com/a2r2-reference/
+# Ref: https://applesaucefdc.com/a2r/
+0 string A2R
+>3 string \x31\xFF\x0A\x0D\x0A Applesauce A2R 1.x Disk Image
+>3 string \x32\xFF\x0A\x0D\x0A Applesauce A2R 2.x Disk Image
+>3 string \x33\xFF\x0A\x0D\x0A Applesauce A2R 3.x Disk Image
+>8 string INFO
+>>49 byte 01 \b, 5.25″ SS 40trk
+>>49 byte 02 \b, 3.5″ DS 80trk
+>>49 byte 03 \b, 5.25″ DS 80trk
+>>49 byte 04 \b, 5.25″ DS 40trk
+>>49 byte 05 \b, 3.5″ DS 80trk
+>>49 byte 06 \b, 8″ DS
+>>50 byte 01 \b, write protected
+>>51 byte 01 \b, cross track synchronized
+>>17 string/T x \b, %.32s
+
+# Type: Apple Emulator WOZ format
+# From: Greg Wildman <greg@apple2.org.za>
+# Ref: https://applesaucefdc.com/woz/reference/
+# Ref: https://applesaucefdc.com/woz/reference2/
+0 string WOZ
+>3 string \x31\xFF\x0A\x0D\x0A Apple ][ WOZ 1.0 Disk Image
+>3 string \x32\xFF\x0A\x0D\x0A Apple ][ WOZ 2.0 Disk Image
+>12 string INFO
+>>21 byte 01 \b, 5.25 inch
+>>21 byte 02 \b, 3.5 inch
+>>22 byte 01 \b, write protected
+>>23 byte 01 \b, cross track synchronized
+>>25 string/T x \b, %.32s
+
+# Type: Apple Macintosh Emulator MOOF format
+# From: Greg Wildman <greg@apple2.org.za>
+# Ref: https://applesaucefdc.com/moof-reference/
+0 string MOOF
+>4 string \xFF\x0A\x0D\x0A Apple Macintosh MOOF Disk Image
+>12 string INFO
+>>21 byte 01 \b, SSDD GCR (400K)
+>>21 byte 02 \b, DSDD GCR (800K)
+>>21 byte 03 \b, DSHD MFM (1.44M)
+>>22 byte 01 \b, write protected
+>>23 byte 01 \b, cross track synchronized
+>>25 string/T x \b, %.32s
+
+# Type: Apple Emulator disk images
+# From: Greg Wildman <greg@apple2.org.za>
+# ProDOS boot loader?
+0 string \x01\x38\xB0\x03\x4C Apple ProDOS Image
+# Detect Volume Directory block ($02)
+>0x400 string \x00\x00\x03\x00
+>>0x404 byte &0xF0
+>>>0x405 string x \b, Volume /%s
+>>>0x429 uleshort x \b, %u Blocks
+# ProDOS ordered ?
+>0xb00 string \x00\x00\x03\x00
+>>0xb04 byte &0xF0
+>>>0xb05 string x \b, Volume /%s
+>>>0xb29 uleshort x \b, %u Blocks
+#
+# Proboot HD
+0 string \x01\x8A\x48\xD8\x2C\x82\xC0\x8D\x0E\xC0\x8D\x0C Apple ProDOS ProBoot Image
+>0x400 string \x00\x00\x03\x00
+>>0x404 byte &0xF0
+>>>0x405 string x \b, Volume /%s
+>>>0x429 uleshort x \b, %u Blocks
+>0xb00 string \x00\x00\x03\x00
+>>0xb04 byte &0xF0
+>>>0xb05 string x \b, Volume /%s
+>>>0xb29 uleshort x \b, %u Blocks
+0 string \x01\xA8\x8A\x20\x7B\xF8\x29\x07\x09\xC0\x99\x30 Apple ProDOS ProBoot Image
+>0x400 string \x00\x00\x03\x00
+>>0x404 byte &0xF0
+>>>0x405 string x \b, Volume /%s
+>>>0x429 uleshort x \b, %u Blocks
+>0xb00 string \x00\x00\x03\x00
+>>0xb04 byte &0xF0
+>>>0xb05 string x \b, Volume /%s
+>>>0xb29 uleshort x \b, %u Blocks
+0 string \x01\x4A\xD0\x34\xE6\x3D\x8A\x20\x7B\xF8\x09\xC0 Apple ProDOS ProBoot Image
+>0x400 string \x00\x00\x03\x00
+>>0x404 byte &0xF0
+>>>0x405 string x \b, Volume /%s
+>>>0x429 uleshort x \b, %u Blocks
+>0xb00 string \x00\x00\x03\x00
+>>0xb04 byte &0xF0
+>>>0xb05 string x \b, Volume /%s
+>>>0xb29 uleshort x \b, %u Blocks
+#
+# ProDOS formatted
+0 string \x01\xBD\x88\xC0\x20\x2F\xFB\x20\x58\xFC\x20\x40 Apple ProDOS Unbootable Image
+>0x400 string \x00\x00\x03\x00
+>>0x404 byte &0xF0
+>>>0x405 string x \b, Volume /%s
+>>>0x429 uleshort x \b, %u Blocks
+>0xb00 string \x00\x00\x03\x00
+>>0xb04 byte &0xF0
+>>>0xb05 string x \b, Volume /%s
+>>>0xb29 uleshort x \b, %u Blocks
+0 string \x01\x38\xB0\x03\x4C\x1C\x09\x78\x86\x43\xC9\x03 Apple ProDOS Unbootable Image
+>0x400 string \x00\x00\x03\x00
+>>0x404 byte &0xF0
+>>>0x405 string x \b, Volume /%s
+>>>0x429 uleshort x \b, %u Blocks
+>0xb00 string \x00\x00\x03\x00
+>>0xb04 byte &0xF0
+>>>0xb05 string x \b, Volume /%s
+>>>0xb29 uleshort x \b, %u Blocks
+#
+# DOS3 boot loader
+0 string \x01\xA5\x27\xC9\x09\xD0
+>0x11001 byte 0x11
+>>0x11003 ubyte x Apple DOS 3.%u Image
+>>0x11006 ubyte x \b, Volume #%03u
+>>0x11034 ubyte x \b, %u Tracks
+>>0x11035 ubyte x \b, %u Sectors
+>>0x11036 uleshort x \b, %u bytes per sector
+#
+# DOS3 uninitialized disk
+0 string \x01\xA6\x2B\xBD\x88\xC0\x8A\x4A\x4A
+>0x11001 byte 0x11
+>>0x11003 ubyte x Apple DOS 3.%u Unbootable Image
+>>>0x11006 ubyte x \b, Volume #%03u
+>>>0x11034 ubyte x \b, %u Tracks
+>>>0x11035 ubyte x \b, %u Sectors
+>>>0x11036 uleshort x \b, %u bytes per sector
+#
+# Pascal boot loader?
+0 string \x01\xE0\x60\xF0\x03\x4C\xE3\x08\xAD
+>0xd6 pstring SYSTEM.APPLE
+>>0xb00 leshort 0x0000
+>>>0xb04 leshort 0x0000 Apple Pascal Image
+>>>>0xb06 pstring x \b, Volume %s:
+>>>>0xb0e leshort x \b, %u Blocks
+>>>>0xb10 leshort x \b, %u Files
+#
+# Diversi Dos boot loader?
+0 string \x01\xA8\xAD\x81\xC0\xEE\x09\x08\xAD
+>0x11001 string \x11\x0F\x03 Apple Diversi Dos Image
+>>0x11006 byte x \b, Volume %u
+>>0x11034 byte x \b, %u Tracks
+>>0x11035 byte x \b, %u Sectors
+>>0x11036 leshort x \b, %u bytes per sector
+
+# Type: Apple Emulator 2IMG format
+# From: Radek Vokal <rvokal@redhat.com>
+# Update: Greg Wildman <greg@apple2.org.za>
+0 string 2IMG Apple ][ 2IMG Disk Image
+>4 clear x
+>4 string XGS! \b, XGS
+>4 string CTKG \b, Catakig
+>4 string ShIm \b, Sheppy's ImageMaker
+>4 string SHEP \b, Sheppy's ImageMaker
+>4 string WOOF \b, Sweet 16
+>4 string B2TR \b, Bernie ][ the Rescue
+>4 string \!nfc \b, ASIMOV2
+>4 string \>BD\< \b, Brutal Deluxe's Cadius
+>4 string CdrP \b, CiderPress
+>4 string Vi][ \b, Virtual ][
+>4 string PRFS \b, ProFUSE
+>4 string FISH \b, FishWings
+>4 string RVLW \b, Revival for Windows
+>4 default x
+>>4 string x \b, Creator tag "%-4.4s"
+>0xc byte 00 \b, DOS 3.3 sector order
+>>0x10 byte 00 \b, Volume 254
+>>0x10 byte&0x7f x \b, Volume %u
+>0xc byte 01 \b, ProDOS sector order
+# Detect Volume Directory block ($02) + 2mg header offset
+>>0x440 string \x00\x00\x03\x00
+>>>0x444 byte &0xF0
+>>>>0x445 string x \b, Volume /%s
+>>>>0x469 uleshort x \b, %u Blocks
+>0xc byte 02 \b, NIB data
+
+# Type: Peter Ferrie QBoot
+# From: Greg Wildman <greg@apple2.org.za>
+# Ref: https://github.com/peterferrie/qboot
+0 string \x01\x4A\xA8\x69\x0F\x85\x27\xC9
+>8 string \x12\xF0\x10\xE6\x3D\x86\xDA\x8A Apple ][ QBoot Image
+
+# Type: Peter Ferrie 0Boot
+# From: Greg Wildman <greg@apple2.org.za>
+# Ref: https://github.com/peterferrie/0boot
+0 string \x01\x4A\xA8\x69\x0F\x85\x27\xC9
+>8 string \x12\xF0\x10\xE6\x3D\x86\xDA\x8A Apple ][ 0Boot Image
+
+# Different proprietary boot sectors
+0 string \x01\x0F\x21\x74\x00\x01\x6B\x00\x02\x30\x81\x5D Apple ][ Disk Image
+0 string \x01\x20\x58\xFC\xA2\x00\x8E\x78\x04\x8E\xF4\x03 Apple ][ Disk Image
+0 string \x01\x20\x58\xFC\xAD\x51\xC0\xAD\x54\xC0\xA6\x2B Apple ][ Disk Image
+0 string \x01\x20\x89\xFE\x20\x93\xFE\xA6\x2B\xBD\x88\xC0 Apple ][ Disk Image
+0 string \x01\x20\x93\xFE\x20\x89\xFE\x4C\x25\x08\x68\x85 Apple ][ Disk Image
+0 string \x01\x20\x93\xFE\x20\x89\xFE\x4C\x2D\x08\x68\x85 Apple ][ Disk Image
+0 string \x01\x38\x90\x2A\xC9\x01\xF0\x33\xA8\xC8\xC0\x10 Apple ][ Disk Image
+0 string \x01\x38\xB0\x03\x4C\x32\xA1\x87\x43\xC9\x03\x08 Apple ][ Disk Image
+0 string \x01\x4C\x04\x08\xA9\x2A\x8D\x02\x08\x86\x2B\xEE Apple ][ Disk Image
+0 string \x01\x4C\x60\x08\x09\xD0\x18\xA5\x2B\x4A\x4A\x4A Apple ][ Disk Image
+0 string \x01\x4C\x92\x08\x01\x08\xA2\x00\xB5\x00\x9D\x00 Apple ][ Disk Image
+0 string \x01\x4C\xB3\x08\x09\xD0\x18\xA5\x2B\x4A\x4A\x4A Apple ][ Disk Image
+0 string \x01\x8D\xFB\x03\x8E\xFC\x03\x8C\xFD\x03\x8A\x29 Apple ][ Disk Image
+0 string \x01\xA2\xFF\x9A\xD8\x20\x20\x08\x20\x34\x08\xAD Apple ][ Disk Image
+0 string \x01\xA5\x27\xBD\x88\xC0\x2C\x10\xC0\xA2\x00\xA9 Apple ][ Disk Image
+0 string \x01\xA5\x2B\xAE\x51\xC0\xEA\xAA\xBD\x88\xC0\x20 Apple ][ Disk Image
+0 string \x01\xA6\x27\xBD\x0B\x08\x48\xBD\x0A\x08\x48\x85 Apple ][ Disk Image
+0 string \x01\xA6\x2B\xBD\x88\xC0\x20\x58\xFC\xA9\x01\x85 Apple ][ Disk Image
+0 string \x01\xA6\x2B\xBD\x88\xC0\x20\x58\xFC\xA9\x25\x85 Apple ][ Disk Image
+0 string \x01\xA8\xC0\x0F\x90\x16\xF0\x12\xA0\xFF\x18\xAD Apple ][ Disk Image
+0 string \x01\xA9\x00\x85\xF0\xA9\x04\x85\xF1\xA0\x00\xA9 Apple ][ Disk Image
+0 string \x01\xA9\x5C\x8D\xF2\x03\xA9\xC6\x8D\xF3\x03\x49 Apple ][ Disk Image
+0 string \x01\xA9\x60\x8D\x01\x08\x20\x2F\xFB\x20\x58\xFC Apple ][ Disk Image
+0 string \x01\xA9\x60\x8D\x01\x08\x20\x49\x08\xA9\x0A\x85 Apple ][ Disk Image
+0 string \x01\xA9\x60\x8D\x01\x08\x2C\x82\xC0\xBD\x88\xC0 Apple ][ Disk Image
+0 string \x01\xA9\x60\x8D\x01\x08\x86\x43\x8A\x4A\x4A\x4A Apple ][ Disk Image
+0 string \x01\xA9\x60\x8D\x01\x08\xA2\x00\x86\xFF\xB5\x00 Apple ][ Disk Image
+0 string \x01\xA9\x60\x8D\x01\x08\xA2\x00\xB5\x00\x9D\x00 Apple ][ Disk Image
+0 string \x01\xA9\x60\x8D\x01\x08\xA9\xB2\x8D\xF2\x03\xA9 Apple ][ Disk Image
+0 string \x01\xA9\x60\x8D\x01\x08\xA9\xFF\x8D\xF3\x03\x8D Apple ][ Disk Image
+0 string \x01\xAC\x00\x08\xF0\x19\xB9\x30\x08\x85\x3D\xCE Apple ][ Disk Image
+0 string \x01\xAC\x23\x08\x30\x2E\xB9\x24\x08\x85\x3D\xCE Apple ][ Disk Image
+0 string \x01\xAD\x00\x08\xC9\x09\xB0\x20\x69\x02\x8D\x00 Apple ][ Disk Image
+0 string \x01\xB0\x00\xA9\x3C\x8D\x02\x08\x86\x2B\x8A\x4A Apple ][ Disk Image
+0 string \x01\xB0\x00\xA9\x3C\x8D\x02\x08\xA9\xF5\x8D\xF2 Apple ][ Disk Image
+0 string \x01\xB0\x00\xA9\x3F\x8D\x02\x08\x86\x2B\x8E\xF4 Apple ][ Disk Image
+0 string \x01\xB0\x00\xA9\x48\x8D\x02\x08\x86\x2B\x8E\xF4 Apple ][ Disk Image
+0 string \x01\xBD\x88\xC0\x8A\x4A\x4A\x4A\x4A\x09\xC0\x8D Apple ][ Disk Image
+0 string \x01\xBD\x88\xC0\x8A\x4A\x4A\x4A\x4A\x8D\x2F\x08 Apple ][ Disk Image
+0 string \x01\xD8\x2C\x81\xC0\xA9\x60\x4D\x58\xFF\xD0\xFE Apple ][ Disk Image
+0 string \x01\xD8\x78\xBD\x88\xC0\xA9\xFD\x85\x37\x85\x39 Apple ][ Disk Image
+0 string \x01\xE0\x60\xF0\x03\x4C\x16\x09\xAD\x00\x08\xC9 Apple ][ Disk Image
+0 string \x01\xE0\x60\xF0\x03\x4C\xCB\x08\xAD\x00\x08\xC9 Apple ][ Disk Image
+0 string \x01\xE0\x60\xF0\x03\x4C\xEE\x08\xAD\x00\x08\xC9 Apple ][ Disk Image
+0 string \x01\xE0\x60\xF0\x03\x4C\xEF\x08\xAD\x00\x08\xC9 Apple ][ Disk Image
+0 string \x01\xE0\x70\xB0\x04\xE0\x40\xB0\x39\xBD\x88\xC0 Apple ][ Disk Image
+0 string \x01\xEA\x8D\xF4\x03\xA9\x60\x9D\x88\xC0\x8D\x51 Apple ][ Disk Image
+
+# magic for Newton PDA package formats
+# from Ruda Moura <ruda@helllabs.org>
+0 string package0 Newton package, NOS 1.x,
+>12 belong &0x80000000 AutoRemove,
+>12 belong &0x40000000 CopyProtect,
+>12 belong &0x10000000 NoCompression,
+>12 belong &0x04000000 Relocation,
+>12 belong &0x02000000 UseFasterCompression,
+>16 belong x version %d
+
+0 string package1 Newton package, NOS 2.x,
+>12 belong &0x80000000 AutoRemove,
+>12 belong &0x40000000 CopyProtect,
+>12 belong &0x10000000 NoCompression,
+>12 belong &0x04000000 Relocation,
+>12 belong &0x02000000 UseFasterCompression,
+>16 belong x version %d
+
+0 string package4 Newton package,
+>8 byte 8 NOS 1.x,
+>8 byte 9 NOS 2.x,
+>12 belong &0x80000000 AutoRemove,
+>12 belong &0x40000000 CopyProtect,
+>12 belong &0x10000000 NoCompression,
+
+# The following entries for the Apple II are for files that have
+# been transferred as raw binary data from an Apple, without having
+# been encapsulated by any of the above archivers.
+#
+# In general, Apple II formats are hard to identify because Apple DOS
+# and especially Apple ProDOS have strong typing in the file system and
+# therefore programmers never felt much need to include type information
+# in the files themselves.
+#
+# Eric Fischer <enf@pobox.com>
+
+# AppleWorks word processor:
+# URL: https://en.wikipedia.org/wiki/AppleWorks
+# Reference: http://www.gno.org/pub/apple2/doc/apple/filetypes/ftn.1a.xxxx
+# Update: Joerg Jenderek
+# NOTE:
+# The "O" is really the magic number, but that's so common that it's
+# necessary to check the tab stops that follow it to avoid false positives.
+# and/or look for unused bits of booleans bytes like zoom, paginated, mail merge
+# the newer AppleWorks is from claris with extension CWK
+4 string O
+# test for unused bits of zoom- , paginated-boolean bytes
+>84 ubequad ^0x00Fe00000000Fe00
+# look for tabstop definitions "=" no tab, "|" no tab
+# "<" left tab,"^" center tab,">" right tab, "." decimal tab,
+# unofficial "!" other , "\x8a" other
+# official only if SFMinVers is nonzero
+>>5 regex/s [=.<>|!^\x8a]{79} AppleWorks Word Processor
+# AppleWorks Word Processor File (Apple II)
+# ./apple (version 5.25) labeled the entry as "AppleWorks word processor data"
+# application/x-appleworks is mime type for claris version with cwk extension
+!:mime application/x-appleworks3
+# http://home.earthlink.net/~hughhood/appleiiworksenvoy/
+# ('p' + 1-byte ProDOS File Type + 2-byte ProDOS Aux Type')
+# $70 $1A $F8 $FF is this the apple type ?
+#:apple pdosp^Z\xf8\xff
+!:ext awp
+# minimum version needed to read this files. SFMinVers (0 , 30~3.0 )
+>>>183 ubyte 30 3.0
+>>>183 ubyte !30
+>>>>183 ubyte !0 %#x
+# usual tabstop start sequence "=====<"
+>>>5 string x \b, tabstop ruler "%6.6s"
+# tabstop ruler
+#>>>5 string >\0 \b, tabstops "%-79s"
+# zoom switch
+>>>85 byte&0x01 >0 \b, zoomed
+# whether paginated
+>>>90 byte&0x01 >0 \b, paginated
+# contains any mail-merge commands
+>>>92 byte&0x01 >0 \b, with mail merge
+# left margin in 1/10 inches ( normally 0 or 10 )
+>>>91 ubyte >0
+>>>>91 ubyte x \b, %d/10 inch left margin
+
+# AppleWorks database:
+#
+# This isn't really a magic number, but it's the closest thing to one
+# that I could find. The 1 and 2 really mean "order in which you defined
+# categories" and "left to right, top to bottom," respectively; the D and R
+# mean that the cursor should move either down or right when you press Return.
+
+#30 string \x01D AppleWorks database data
+#30 string \x02D AppleWorks database data
+#30 string \x01R AppleWorks database data
+#30 string \x02R AppleWorks database data
+
+# AppleWorks spreadsheet:
+#
+# Likewise, this isn't really meant as a magic number. The R or C means
+# row- or column-order recalculation; the A or M means automatic or manual
+# recalculation.
+
+#131 string RA AppleWorks spreadsheet data
+#131 string RM AppleWorks spreadsheet data
+#131 string CA AppleWorks spreadsheet data
+#131 string CM AppleWorks spreadsheet data
+
+# Applesoft BASIC:
+#
+# This is incredibly sloppy, but will be true if the program was
+# written at its usual memory location of 2048 and its first line
+# number is less than 256. Yuck.
+# update by Joerg Jenderek at Feb 2013
+
+# GRR: this test is still too general as it catches also Gujin BOOT144.SYS (0xfa080000)
+#0 belong&0xff00ff 0x80000 Applesoft BASIC program data
+0 belong&0x00ff00ff 0x00080000
+# assuming that line number must be positive
+>2 leshort >0 Applesoft BASIC program data, first line number %d
+#>2 leshort x \b, first line number %d
+
+# ORCA/EZ assembler:
+#
+# This will not identify ORCA/M source files, since those have
+# some sort of date code instead of the two zero bytes at 6 and 7
+# XXX Conflicts with ELF
+#4 belong&0xff00ffff 0x01000000 ORCA/EZ assembler source data
+#>5 byte x \b, build number %d
+
+# Broderbund Fantavision
+#
+# I don't know what these values really mean, but they seem to recur.
+# Will they cause too many conflicts?
+
+# Probably :-)
+#2 belong&0xFF00FF 0x040008 Fantavision movie data
+
+# Some attempts at images.
+#
+# These are actually just bit-for-bit dumps of the frame buffer, so
+# there's really no reasonably way to distinguish them except for their
+# address (if preserved) -- 8192 or 16384 -- and their length -- 8192
+# or, occasionally, 8184.
+#
+# Nevertheless this will manage to catch a lot of images that happen
+# to have a solid-colored line at the bottom of the screen.
+
+# GRR: Magic too weak
+#8144 string \x7F\x7F\x7F\x7F\x7F\x7F\x7F\x7F Apple II image with white background
+#8144 string \x55\x2A\x55\x2A\x55\x2A\x55\x2A Apple II image with purple background
+#8144 string \x2A\x55\x2A\x55\x2A\x55\x2A\x55 Apple II image with green background
+#8144 string \xD5\xAA\xD5\xAA\xD5\xAA\xD5\xAA Apple II image with blue background
+#8144 string \xAA\xD5\xAA\xD5\xAA\xD5\xAA\xD5 Apple II image with orange background
+
+# Beagle Bros. Apple Mechanic fonts
+
+0 belong&0xFF00FFFF 0x6400D000 Apple Mechanic font
+
+# Apple Universal Disk Image Format (UDIF) - dmg files.
+# From Johan Gade.
+# These entries are disabled for now until we fix the following issues.
+#
+# Note there might be some problems with the "VAX COFF executable"
+# entry. Note this entry should be placed before the mac filesystem section,
+# particularly the "Apple Partition data" entry.
+#
+# The intended meaning of these tests is, that the file is only of the
+# specified type if both of the lines are correct - i.e. if the first
+# line matches and the second doesn't then it is not of that type.
+#
+#0 long 0x7801730d
+#>4 long 0x62626060 UDIF read-only zlib-compressed image (UDZO)
+#
+# Note that this entry is recognized correctly by the "Apple Partition
+# data" entry - however since this entry is more specific - this
+# information seems to be more useful.
+#0 long 0x45520200
+#>0x410 string disk\ image UDIF read/write image (UDRW)
+
+# From: Toby Peterson <toby@apple.com>
+# From https://www.nationalarchives.gov.uk/pronom/fmt/866
+0 string bplist00
+>8 search/500 WebMainResource Apple Safari Webarchive
+!:mime application/x-webarchive
+!:strength +50
+0 string bplist00 Apple binary property list
+!:mime application/x-bplist
+
+# Apple binary property list (bplist)
+# Assumes version bytes are hex.
+# Provides content hints for version 0 files. Assumes that the root
+# object is the first object (true for CoreFoundation implementation).
+# From: David Remahl <dremahl@apple.com>
+0 string bplist
+>6 byte x \bCoreFoundation binary property list data, version %#c
+>>7 byte x \b%c
+>6 string 00 \b
+>>8 byte&0xF0 0x00 \b
+>>>8 byte&0x0F 0x00 \b, root type: null
+>>>8 byte&0x0F 0x08 \b, root type: false boolean
+>>>8 byte&0x0F 0x09 \b, root type: true boolean
+>>8 byte&0xF0 0x10 \b, root type: integer
+>>8 byte&0xF0 0x20 \b, root type: real
+>>8 byte&0xF0 0x30 \b, root type: date
+>>8 byte&0xF0 0x40 \b, root type: data
+>>8 byte&0xF0 0x50 \b, root type: ascii string
+>>8 byte&0xF0 0x60 \b, root type: unicode string
+>>8 byte&0xF0 0x80 \b, root type: uid (CORRUPT)
+>>8 byte&0xF0 0xa0 \b, root type: array
+>>8 byte&0xF0 0xd0 \b, root type: dictionary
+
+# Apple/NeXT typedstream data
+# Serialization format used by NeXT and Apple for various
+# purposes in YellowStep/Cocoa, including some nib files.
+# From: David Remahl <dremahl@apple.com>
+2 string typedstream NeXT/Apple typedstream data, big endian
+>0 byte x \b, version %d
+>0 byte <5 \b
+>>13 byte 0x81 \b
+>>>14 ubeshort x \b, system %d
+2 string streamtyped NeXT/Apple typedstream data, little endian
+>0 byte x \b, version %d
+>0 byte <5 \b
+>>13 byte 0x81 \b
+>>>14 uleshort x \b, system %d
+
+#------------------------------------------------------------------------------
+# CAF: Apple CoreAudio File Format
+#
+# Container format for high-end audio purposes.
+# From: David Remahl <dremahl@apple.com>
+#
+0 string caff CoreAudio Format audio file
+>4 beshort <10 version %d
+>6 beshort x
+
+
+#------------------------------------------------------------------------------
+# Keychain database files
+0 string kych Mac OS X Keychain File
+
+#------------------------------------------------------------------------------
+# Code Signing related file types
+0 belong 0xfade0c00 Mac OS X Code Requirement
+>8 belong 1 (opExpr)
+>4 belong x - %d bytes
+
+0 belong 0xfade0c01 Mac OS X Code Requirement Set
+>8 belong >1 containing %d items
+>4 belong x - %d bytes
+
+0 belong 0xfade0c02 Mac OS X Code Directory
+>8 belong x version %x
+>12 belong >0 flags %#x
+>4 belong x - %d bytes
+
+0 belong 0xfade0cc0 Mac OS X Detached Code Signature (non-executable)
+>4 belong x - %d bytes
+
+0 belong 0xfade0cc1 Mac OS X Detached Code Signature
+>8 belong >1 (%d elements)
+>4 belong x - %d bytes
+
+# From: "Nelson A. de Oliveira" <naoliv@gmail.com>
+# .vdi
+4 string innotek\ VirtualBox\ Disk\ Image %s
+
+# Apple disk partition stuff
+# URL: https://en.wikipedia.org/wiki/Apple_Partition_Map
+# Reference: https://ftp.netbsd.org/pub/NetBSD/NetBSD-current/src/sys/sys/bootblock.h
+# Update: Joerg Jenderek
+# "ER" is APPLE_DRVR_MAP_MAGIC signature
+0 beshort 0x4552
+# display Apple Driver Map (strength=50) after Syslinux bootloader (71)
+#!:strength +0
+# strengthen the magic by looking for used blocksizes 512 2048
+>2 ubeshort&0xf1FF 0 Apple Driver Map
+# last 6 bytes for padding found are 0 or end with 55AAh marker for MBR hybrid
+#>>504 ubequad&0x0000FFffFFff0000 0
+!:mime application/x-apple-diskimage
+!:apple ????devr
+# https://en.wikipedia.org/wiki/Apple_Disk_Image
+!:ext dmg/iso
+# sbBlkSize for driver descriptor map 512 2048
+>>2 beshort x \b, blocksize %d
+# sbBlkCount sometimes garbish like
+# 0xb0200000 for unzlibed install_flash_player_19.0.0.245_osx.dmg
+# 0xf2720100 for bunziped Firefox 48.0-2.dmg
+# 0xeb02ffff for super_grub2_disk_hybrid_2.02s3.iso
+# 0x00009090 by syslinux-6.03/utils/isohybrid.c
+>>4 ubelong x \b, blockcount %u
+# following device/driver information not very useful
+# device type 0 1 (37008 garbage for super_grub2_disk_hybrid_2.02s3.iso)
+>>8 ubeshort x \b, devtype %u
+# device id 0 1 (37008 garbage for super_grub2_disk_hybrid_2.02s3.iso)
+>>10 ubeshort x \b, devid %u
+# driver data 0 (2425393296 garbage for super_grub2_disk_hybrid_2.02s3.iso)
+>>12 ubelong >0
+>>>12 ubelong x \b, driver data %u
+# number of driver descriptors sbDrvrCount <= 61
+# (37008 garbage for super_grub2_disk_hybrid_2.02s3.iso)
+>>16 ubeshort x \b, driver count %u
+# 61 * apple_drvr_descriptor[8]. information not very useful or same as in partition map
+# >>18 use apple-driver-map
+# >>26 use apple-driver-map
+# # ...
+# >>500 use apple-driver-map
+# number of partitions is always same in every partition (map block count)
+#>>0x0204 ubelong x \b, %u partitions
+>>0x0204 ubelong >0 \b, contains[@0x200]:
+>>>0x0200 use apple-apm
+>>0x0204 ubelong >1 \b, contains[@0x400]:
+>>>0x0400 use apple-apm
+>>0x0204 ubelong >2 \b, contains[@0x600]:
+>>>0x0600 use apple-apm
+>>0x0204 ubelong >3 \b, contains[@0x800]:
+>>>0x0800 use apple-apm
+>>0x0204 ubelong >4 \b, contains[@0xA00]:
+>>>0x0A00 use apple-apm
+>>0x0204 ubelong >5 \b, contains[@0xC00]:
+>>>0x0C00 use apple-apm
+>>0x0204 ubelong >6 \b, contains[@0xE00]:
+>>>0x0E00 use apple-apm
+>>0x0204 ubelong >7 \b, contains[@0x1000]:
+>>>0x1000 use apple-apm
+# display apple driver descriptor map (start-block, # blocks in sbBlkSize sizes, type)
+0 name apple-driver-map
+>0 ubequad !0
+# descBlock first block of driver
+>>0 ubelong x \b, driver start block %u
+# descSize driver size in blocks
+>>4 ubeshort x \b, size %u
+# descType driver system type 1 701h F8FFh FFFFh
+>>6 ubeshort x \b, type %#x
+
+# URL: https://en.wikipedia.org/wiki/Apple_Partition_Map
+# Reference: https://opensource.apple.com/source/IOStorageFamily/IOStorageFamily-116/IOApplePartitionScheme.h
+# Update: Joerg Jenderek
+# Yes, the 3rd and 4th bytes pmSigPad are reserved, but we use them to make the
+# magic stronger.
+# for apple partition map stored as a single file
+0 belong 0x504d0000
+# to display Apple Partition Map (strength=70) after Syslinux bootloader (71)
+#!:strength +0
+>0 use apple-apm
+# magic/Magdir/apple14.test, 365: Warning: Current entry does not yet have a description for adding a EXTENSION type
+# file: could not find any valid magic files!
+#!:ext bin
+# display apple partition map. Normally called after Apple driver map
+0 name apple-apm
+>0 belong 0x504d0000 Apple Partition Map
+# number of partitions
+>>4 ubelong x \b, map block count %u
+# logical block (512 bytes) start of partition
+>>8 ubelong x \b, start block %u
+>>12 ubelong x \b, block count %u
+>>16 string >0 \b, name %s
+>>48 string >0 \b, type %s
+# processor type dpme_process_id[16] e.g. "68000" "68020"
+>>120 string >0 \b, processor %s
+# A/UX boot arguments BootArgs[128]
+>>136 string >0 \b, boot arguments %s
+# status of partition dpme_flags
+>>88 belong & 1 \b, valid
+>>88 belong & 2 \b, allocated
+>>88 belong & 4 \b, in use
+>>88 belong & 8 \b, has boot info
+>>88 belong & 16 \b, readable
+>>88 belong & 32 \b, writable
+>>88 belong & 64 \b, pic boot code
+>>88 belong & 128 \b, chain compatible driver
+>>88 belong & 256 \b, real driver
+>>88 belong & 512 \b, chain driver
+# mount automatically at startup APPLE_PS_AUTO_MOUNT
+>>88 ubelong &0x40000000 \b, mount at startup
+# is the startup partition APPLE_PS_STARTUP
+>>88 ubelong &0x80000000 \b, is the startup partition
+
+#https://wiki.mozilla.org/DS_Store_File_Format
+#https://en.wikipedia.org/wiki/.DS_Store
+0 string \0\0\0\1Bud1\0 Apple Desktop Services Store
+
+# HFS/HFS+ Resource fork files (andrew.roazen@nau.edu Apr 13 2015)
+# Usually not in separate files, but have either filename rsrc with
+# no extension, or a filename corresponding to another file, with
+# extensions rsr/rsrc
+# URL: http://fileformats.archiveteam.org/wiki/Macintosh_resource_file
+# https://en.wikipedia.org/wiki/Resource_fork
+# Reference: https://github.com/kreativekorp/ksfl/wiki/Macintosh-Resource-File-Format
+# http://developer.apple.com/legacy/mac/library/documentation/mac/pdf/MoreMacintoshToolbox.pdf
+# https://formats.kaitai.io/resource_fork/
+# Update: Joerg Jenderek
+# Note: verified often by command like `deark -m macrsrc Icon_.rsrc`
+# offset of resource data; usually starts at offset 0x0100
+0 string \000\000\001\000
+# skip NPETraceSession.etl with invalid "low" map offset 0
+>4 ubelong >0xFF
+# skip few Atari DEGAS Elite bitmap (eil2.pi1 nastro.pi1) with ivalid "high" 0x6550766 0x7510763 map length
+>>12 ubelong <0x8001
+# most examples with zeroed system reserved field
+>>>16 lelong =0
+>>>>0 use apple-rsr
+# few samples with not zeroed system reserved field like: Empty.rsrc.rsr OpenSans-CondBold.dfont
+>>>16 lelong !0
+# resource fork variant with not zeroed system reserved field and copy of header
+>>>>(4.L) ubelong 0x100
+# GRR: the line above only works if in ../../src/file.h FILE_BYTES_MAX is raised from 1 MiB above 0x6ab0f4 (HelveticaNeue.dfont)
+>>>>>0 use apple-rsr
+# data fork variant with not zeroed system reserved field and no copy of header
+>>>>(4.L) ubelong 0
+>>>>>0 use apple-rsr
+# Note: moved and merged from ./macintosh
+# From: Adam Buchbinder <adam.buchbinder@gmail.com>
+# URL: https://en.wikipedia.org/wiki/Datafork_TrueType
+# Derived from the 'fondu' and 'ufond' source code (fondu.sf.net). 'sfnt' is
+# TrueType; 'POST' is PostScript. 'FONT' and 'NFNT' sometimes appear, but I
+# don't know what they mean.
+# display information about Mac OSX datafork font DFONT
+0 name apple-dfont
+>(4.L+30) ubelong x Mac OSX datafork font,
+# https://en.wikipedia.org/wiki/Datafork_TrueType
+!:mime application/x-dfont
+!:ext dfont
+# https://exiftool.org/TagNames/RSRC.html
+>(4.L+30) ubelong 0x73666e74 TrueType
+>(4.L+30) ubelong 0x464f4e54 'FONT'
+>(4.L+30) ubelong 0x4e464e54 'NFNT'
+>(4.L+30) ubelong 0x504f5354 PostScript
+>(4.L+30) ubelong 0x464f4e44 'FOND'
+>(4.L+30) ubelong 0x76657273 'vers'
+# display information about Macintosh resource
+0 name apple-rsr
+>(4.L+30) ubelong 0x73666e74
+>>0 use apple-dfont
+>(4.L+30) ubelong 0x464f4e54
+>>0 use apple-dfont
+>(4.L+30) ubelong 0x4e464e54
+>>0 use apple-dfont
+>(4.L+30) ubelong 0x504f5354
+>>0 use apple-dfont
+>(4.L+30) ubelong 0x464f4e44
+>>0 use apple-dfont
+>(4.L+30) ubelong 0x76657273
+>>0 use apple-dfont
+>(4.L+30) default x Apple HFS/HFS+ resource fork
+#!:mime application/octet-stream
+!:mime application/x-apple-rsr
+!:ext rsrc/rsr
+# offset to resource data; usually starts at offset 0x0100
+>0 ubelong !0x100 \b, data offset %#x
+# offset to resource map; positive but not nil like in NPETraceSession.etl
+>4 ubelong x \b, map offset %#x
+# length of resource map; positive with 32K limitation but not
+# nil like in NPETraceSession.etl or high like 0x7510763 in nastro.pi1
+>12 ubelong x \b, map length %#x
+# length of resource data; positive but not nil like in NPETraceSession.etl
+>8 ubelong x \b, data length %#x
+# reserved 112 bytes for system use; apparently often nil, but 8fd20000h in Empty.rsrc.rsr and 0x00768c2b in OpenSans-CondBold.dfont
+>16 ubelong !0 \b, at 16 %#8.8x
+# https://fontforge.org/docs/techref/macformats.html
+# jump to resource map
+# a copy of resource header or 16 bytes of zeros for data fork
+#>(4.L) ubelong x \b, DATA offset %#x
+#>(4.L+4) ubelong x \b, MAP offset %#x
+#>(4.L+8) ubelong x \b, DATA length %#x
+#>(4.L+12) ubelong x \b, MAP length %#x
+# nextResourceMap; handle to next resource map; used by the Resource Manager for internal bookkeeping; should be zero
+>(4.L+16) ubelong !0 \b, nextResourceMap %#x
+# fileRef; file reference number; used by the Resource Manager for internal bookkeeping; should be zero
+>(4.L+20) ubeshort !0 \b, fileRef %#x
+# attributes; Resource fork attributes (80h~read-only 40h~compression needed 20h~changed); other bits are reserved and should be zero
+>(4.L+22) ubeshort !0 \b, attributes %#x
+# typeListOffset; offset from resource map to start of type list like: 1Ch
+>(4.L+24) ubeshort x \b, list offset %#x
+# nameListOffset; offset from esource map to start of name list like: 32h 46h 56h (XLISP.RSR XLISPTIN.RSR) 13Eh (HelveticaNeue.dfont)
+>(4.L+26) ubeshort x \b, name offset %#x
+# typeCount; number of types in the map minus 1; If there are no resources, this is 0xFFFF
+>(4.L+28) beshort+1 >0 \b, %u type
+# plural s
+>>(4.L+28) beshort+1 >1 \bs
+# resource type list array; 1st resource type like: ALRT CODE FOND MPSR icns scsz
+>>(4.L+30) ubelong x \b, %#x
+>>(4.L+30) string x '%-.4s'
+# resourceCount; number of this type resources minus one. If there is one resource of this type, this is 0x0000
+>>(4.L+34) beshort+1 x * %d
+# resourceListOffset; offset from type list to resource list like: Ah 12h DAh
+>(4.L+36) ubeshort x resource offset %#x
+
+#https://en.wikipedia.org/wiki/AppleScript
+0 string FasdUAS AppleScript compiled
+
+# AppleWorks/ClarisWorks
+# https://github.com/joshenders/appleworks_format
+# http://fileformats.archiveteam.org/wiki/AppleWorks
+0 name appleworks
+>0 belong&0x00ffffff 0x07e100 AppleWorks CWK Document
+>0 belong&0x00ffffff 0x008803 ClarisWorks CWK Document
+>0 default x
+>>0 belong x AppleWorks/ClarisWorks CWK Document
+>0 byte x \b, version %d
+>30 beshort x \b, %d
+>32 beshort x \bx%d
+!:ext cwk
+
+4 string BOBO
+>0 byte >4
+>>12 belong 0
+>>>26 belong 0
+>>>>0 use appleworks
+>0 belong 0x0481ad00
+>>0 use appleworks
+
+# magic for Apple File System (APFS)
+# from Alex Myczko <alex@aiei.ch>
+32 string NXSB Apple File System (APFS)
+>36 ulelong x \b, blocksize %u
+
+# iTunes cover art (versions 1 and 2)
+4 string itch
+>24 string artw
+>>0x1e8 string data iTunes cover art
+>>>0x1ed string PNG (PNG)
+>>>0x1ec beshort 0xffd8 (JPEG)
+
+# MacPaint image
+65 string PNTGMPNT MacPaint image data
+#0 belong 2 MacPaint image data
diff --git a/magic/Magdir/application b/magic/Magdir/application
new file mode 100644
index 0000000..f316608
--- /dev/null
+++ b/magic/Magdir/application
@@ -0,0 +1,7 @@
+
+#------------------------------------------------------------------------------
+# $File: application,v 1.1 2016/10/17 12:13:01 christos Exp $
+# application: file(1) magic for applications on small devices
+#
+# Pebble Application
+0 string PBLAPP\000\000 Pebble application
diff --git a/magic/Magdir/applix b/magic/Magdir/applix
new file mode 100644
index 0000000..f3f362e
--- /dev/null
+++ b/magic/Magdir/applix
@@ -0,0 +1,13 @@
+
+#------------------------------------------------------------------------------
+# $File: applix,v 1.5 2009/09/19 16:28:08 christos Exp $
+# applix: file(1) magic for Applixware
+# From: Peter Soos <sp@osb.hu>
+#
+0 string *BEGIN Applixware
+>7 string WORDS Words Document
+>7 string GRAPHICS Graphic
+>7 string RASTER Bitmap
+>7 string SPREADSHEETS Spreadsheet
+>7 string MACRO Macro
+>7 string BUILDER Builder Object
diff --git a/magic/Magdir/apt b/magic/Magdir/apt
new file mode 100644
index 0000000..2d9f159
--- /dev/null
+++ b/magic/Magdir/apt
@@ -0,0 +1,52 @@
+
+#------------------------------------------------------------------------------
+# $File: apt,v 1.1 2016/10/17 19:51:57 christos Exp $
+# apt: file(1) magic for APT Cache files
+# <http://www.fifi.org/doc/libapt-pkg-doc/cache.html/ch2.html>
+# <https://anonscm.debian.org/cgit/apt/apt.git/tree/apt-pkg/pkgcache.h#n292>
+
+# before version 10 ("old format"), data was in arch-specific long/short
+
+# old format 64 bit
+0 name apt-cache-64bit-be
+>12 beshort 1 \b, dirty
+>40 bequad x \b, %llu packages
+>48 bequad x \b, %llu versions
+
+# old format 32 bit
+0 name apt-cache-32bit-be
+>8 beshort 1 \b, dirty
+>40 belong x \b, %u packages
+>44 belong x \b, %u versions
+
+# new format
+0 name apt-cache-be
+>6 byte 1 \b, dirty
+>24 belong x \b, %u packages
+>28 belong x \b, %u versions
+
+0 bequad 0x98FE76DC
+>8 ubeshort <10 APT cache data, version %u
+>>10 beshort x \b.%u, 64 bit big-endian
+>>0 use apt-cache-64bit-be
+
+0 lequad 0x98FE76DC
+>8 uleshort <10 APT cache data, version %u
+>>10 leshort x \b.%u, 64 bit little-endian
+>>0 use \^apt-cache-64bit-be
+
+0 belong 0x98FE76DC
+>4 ubeshort <10 APT cache data, version %u
+>>6 ubeshort x \b.%u, 32 bit big-endian
+>>0 use apt-cache-32bit-be
+>4 ubyte >9 APT cache data, version %u
+>>5 ubyte x \b.%u, big-endian
+>>0 use apt-cache-be
+
+0 lelong 0x98FE76DC
+>4 uleshort <10 APT cache data, version %u
+>>6 uleshort x \b.%u, 32 bit little-endian
+>>0 use \^apt-cache-32bit-be
+>4 ubyte >9 APT cache data, version %u
+>>5 ubyte x \b.%u, little-endian
+>>0 use \^apt-cache-be
diff --git a/magic/Magdir/archive b/magic/Magdir/archive
new file mode 100644
index 0000000..6e1f967
--- /dev/null
+++ b/magic/Magdir/archive
@@ -0,0 +1,2607 @@
+#------------------------------------------------------------------------------
+# $File: archive,v 1.193 2023/07/27 17:55:58 christos Exp $
+# archive: file(1) magic for archive formats (see also "msdos" for self-
+# extracting compressed archives)
+#
+# cpio, ar, arc, arj, hpack, lha/lharc, rar, squish, uc2, zip, zoo, etc.
+# pre-POSIX "tar" archives are also handled in the C code ../../src/is_tar.c.
+
+# POSIX tar archives
+# URL: https://en.wikipedia.org/wiki/Tar_(computing)
+# Reference: https://www.freebsd.org/cgi/man.cgi?query=tar&sektion=5&manpath=FreeBSD+8-current
+# header mainly padded with nul bytes
+500 quad 0
+!:strength /2
+# filename or extended attribute printable strings in range space null til umlaut ue
+>0 ubeshort >0x1F00
+>>0 ubeshort <0xFCFD
+# last 4 header bytes often null but tar\0 in gtarfail2.tar gtarfail.tar-bad
+# at https://sourceforge.net/projects/s-tar/files/testscripts/
+>>>508 ubelong&0x8B9E8DFF 0
+# nul, space or ascii digit 0-7 at start of mode
+>>>>100 ubyte&0xC8 =0
+>>>>>101 ubyte&0xC8 =0
+# nul, space at end of check sum
+>>>>>>155 ubyte&0xDF =0
+# space or ascii digit 0 at start of check sum
+>>>>>>>148 ubyte&0xEF =0x20
+# FOR DEBUGGING:
+#>>>>>>>>0 regex \^[0-9]{2,4}[.](png|jpg|jpeg|tif|tiff|gif|bmp) NAME "%s"
+# check for 1st image main name with digits used for sorting
+# and for name extension case insensitive like: PNG JPG JPEG TIF TIFF GIF BMP
+>>>>>>>>0 regex \^[0-9]{2,4}[.](png|jpg|jpeg|tif|tiff|gif|bmp)
+>>>>>>>>>0 use tar-cbt
+# check for 1st member name with ovf suffix
+>>>>>>>>0 regex \^.{1,96}[.](ovf)
+>>>>>>>>>0 use tar-ova
+# if 1st member name without digits and without used image suffix and without *.ovf then it is a TAR archive
+>>>>>>>>0 default x
+>>>>>>>>>0 use tar-file
+# minimal check and then display tar archive information which can also be
+# embedded inside others like Android Backup, Clam AntiVirus database
+0 name tar-file
+>257 string !ustar
+# header padded with nuls
+>>257 ulong =0
+# GNU tar version 1.29 with non pax format option without refusing
+# creates misleading V7 header for Long path, Multi-volume, Volume type
+>>>156 ubyte 0x4c GNU tar archive
+!:mime application/x-gtar
+!:ext tar/gtar
+>>>156 ubyte 0x4d GNU tar archive
+!:mime application/x-gtar
+!:ext tar/gtar
+>>>156 ubyte 0x56 GNU tar archive
+!:mime application/x-gtar
+!:ext tar/gtar
+>>>156 default x tar archive (V7)
+!:mime application/x-tar
+!:ext tar
+# other stuff in padding
+# some implementations add new fields to the blank area at the end of the header record
+# created for example by DOS TAR 3.20g 1994 Tim V.Shapore with -j option
+>>257 ulong !0 tar archive (old)
+!:mime application/x-tar
+!:ext tar
+# magic in newer, GNU, posix variants
+>257 string =ustar
+# 2 last char of magic and UStar version because string expression does not work
+# 2 space characters followed by a null for GNU variant
+>>261 ubelong =0x72202000 POSIX tar archive (GNU)
+!:mime application/x-gtar
+!:ext tar/gtar
+# UStar version with ASCII "00"
+>>261 ubelong 0x72003030 POSIX
+# gLOBAL and ExTENSION type only found in POSIX.1-2001 format
+>>>156 ubyte 0x67 \b.1-2001
+>>>156 ubyte 0x78 \b.1-2001
+>>>156 ubyte x tar archive
+!:mime application/x-ustar
+!:ext tar/ustar
+# version with 2 binary nuls embedded in Android Backup like com.android.settings.ab
+>>261 ubelong 0x72000000 tar archive (ustar)
+!:mime application/x-ustar
+!:ext tar/ustar
+# not seen ustar variant with garbish version
+>>261 default x tar archive (unknown ustar)
+!:mime application/x-ustar
+!:ext tar/ustar
+# type flag of 1st tar archive member
+#>156 ubyte x \b, %c-type
+>156 ubyte x
+>>156 ubyte 0 \b, file
+>>156 ubyte 0x30 \b, file
+>>156 ubyte 0x31 \b, hard link
+>>156 ubyte 0x32 \b, symlink
+>>156 ubyte 0x33 \b, char device
+>>156 ubyte 0x34 \b, block device
+>>156 ubyte 0x35 \b, directory
+>>156 ubyte 0x36 \b, fifo
+>>156 ubyte 0x37 \b, reserved
+>>156 ubyte 0x4c \b, long path
+>>156 ubyte 0x4d \b, multi volume
+>>156 ubyte 0x56 \b, volume
+>>156 ubyte 0x67 \b, global
+>>156 ubyte 0x78 \b, extension
+>>156 default x \b, type
+>>>156 ubyte x '%c'
+# name[100]
+>0 string >\0 %-.60s
+# mode mainly stored as an octal number in ASCII null or space terminated
+>100 string >\0 \b, mode %-.7s
+# user id mainly as octal numbers in ASCII null or space terminated
+>108 string >\0 \b, uid %-.7s
+# group id mainly as octal numbers in ASCII null or space terminated
+>116 string >\0 \b, gid %-.7s
+# size mainly as octal number in ASCII
+>124 ubyte <0x38
+>>124 string >\0 \b, size %-.12s
+# coding indicated by setting the high-order bit of the leftmost byte
+>124 ubyte >0xEF \b, size 0x
+>>124 ubyte !0xff \b%2.2x
+>>125 ubyte !0xff \b%2.2x
+>>126 ubyte !0xff \b%2.2x
+>>127 ubyte !0xff \b%2.2x
+>>128 ubyte !0xff \b%2.2x
+>>129 ubyte !0xff \b%2.2x
+>>130 ubyte !0xff \b%2.2x
+>>131 ubyte !0xff \b%2.2x
+>>132 ubyte !0xff \b%2.2x
+>>133 ubyte !0xff \b%2.2x
+>>134 ubyte !0xff \b%2.2x
+>>135 ubyte !0xff \b%2.2x
+# seconds since 0:0:0 1 jan 1970 UTC as octal number mainly in ASCII null or space terminated
+>136 string >\0 \b, seconds %-.11s
+# header checksum stored as an octal number in ASCII null or space terminated
+#>148 string x \b, cksum %.7s
+# linkname[100]
+>157 string >\0 \b, linkname %-.40s
+# additional fields for ustar
+>257 string =ustar
+# owner user name null terminated
+>>265 string >\0 \b, user %-.32s
+# group name null terminated
+>>297 string >\0 \b, group %-.32s
+# device major minor if not zero
+>>329 ubequad&0xCFCFCFCFcFcFcFdf !0
+>>>329 string x \b, devmaj %-.7s
+>>337 ubequad&0xCFCFCFCFcFcFcFdf !0
+>>>337 string x \b, devmin %-.7s
+# prefix[155]
+>>345 string >\0 \b, prefix %-.155s
+# old non ustar/POSIX tar
+>257 string !ustar
+>>508 string =tar\0
+# padding[255] in old star
+>>>257 string >\0 \b, padding: %-.40s
+>>508 default x
+# padding[255] in old tar sometimes comment field
+>>>257 string >\0 \b, comment: %-.40s
+# Summary: Comic Book Archive *.CBT with TAR format
+# URL: https://en.wikipedia.org/wiki/Comic_book_archive
+# http://fileformats.archiveteam.org/wiki/Comic_Book_Archive
+# Note: there exist also RAR, ZIP, ACE and 7Z packed variants
+0 name tar-cbt
+>0 string x Comic Book archive, tar archive
+#!:mime application/x-tar
+!:mime application/vnd.comicbook
+#!:mime application/vnd.comicbook+tar
+!:ext cbt
+# name[100] probably like: 19.jpg 0001.png 0002.png
+# or maybe like ComicInfo.xml
+>0 string >\0 \b, 1st image %-.60s
+# Summary: Open Virtualization Format *.OVF with disk images and more packed as TAR archive *.OVA
+# From: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/Open_Virtualization_Format
+# http://fileformats.archiveteam.org/wiki/OVF_(Open_Virtualization_Format)
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/o/ova.trid.xml
+# Note: called "Open Virtualization Format package" by TrID
+# assuming *.ovf comes first
+0 name tar-ova
+>0 string x Open Virtualization Format Archive
+#!:mime application/x-ustar
+# http://extension.nirsoft.net/ova
+!:mime application/x-virtualbox-ova
+!:ext ova
+# assuming name[100] like: DOS-0.9.ovf FreeDOS_1.ovf Win98SE_DE.ovf
+>0 string >\0 \b, with %-.60s
+
+# Incremental snapshot gnu-tar format from:
+# https://www.gnu.org/software/tar/manual/html_node/Snapshot-Files.html
+0 string GNU\ tar- GNU tar incremental snapshot data
+>&0 regex [0-9]\\.[0-9]+-[0-9]+ version %s
+
+# cpio archives
+#
+# Yes, the top two "cpio archive" formats *are* supposed to just be "short".
+# The idea is to indicate archives produced on machines with the same
+# byte order as the machine running "file" with "cpio archive", and
+# to indicate archives produced on machines with the opposite byte order
+# from the machine running "file" with "byte-swapped cpio archive".
+#
+# The SVR4 "cpio(4)" hints that there are additional formats, but they
+# are defined as "short"s; I think all the new formats are
+# character-header formats and thus are strings, not numbers.
+# URL: http://fileformats.archiveteam.org/wiki/Cpio
+# https://en.wikipedia.org/wiki/Cpio
+# Reference: https://people.freebsd.org/~kientzle/libarchive/man/cpio.5.txt
+# Update: Joerg Jenderek
+#
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/a/ark-cpio-bin.trid.xml
+# Note: called "CPIO archive (binary)" by TrID, "cpio/Binary LE" by 7-Zip and "CPIO" by DROID via PUID fmt/635
+0 short 070707
+# skip DROID fmt-635-signature-id-960.cpio by looking for pathname of 1st entry
+>26 string >\0 cpio archive
+!:mime application/x-cpio
+# https://download.opensuse.org/distribution/leap/15.4/iso/openSUSE-Leap-15.4-NET-x86_64-Media.iso
+# boot/x86_64/loader/bootlogo
+# message.cpi
+!:ext /cpio/cpi
+>>0 use cpio-bin
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/a/ark-cpio-bin-sw.trid.xml
+# Note: called "CPIO archive (byte swapped binary)" by TrID and "Cpio/Binary BE" by 7-Zip
+0 short 0143561 byte-swapped cpio archive
+!:mime application/x-cpio # encoding: swapped
+# https://telparia.com/fileFormatSamples/archive/cpio/skeleton2.cpio
+!:ext cpio
+>0 use cpio-bin-be
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/a/ark-cpio.trid.xml
+# Note: called "CPIO archive (portable)" by TrID, "cpio/Portable ASCII" by 7-Zip and "cpio/odc" by GNU cpio
+0 string 070707 ASCII cpio archive (pre-SVR4 or odc)
+!:mime application/x-cpio
+# https://telparia.com/fileFormatSamples/archive/cpio/ pthreads-1.60B5.osr5src.cpio cinema.cpi VOL.000.008 VOL.000.012
+!:ext cpio/cpi/008/012
+# Note: called "CPIO archive (portable)" by TrID, "cpio/New ASCII" by 7-Zip and "cpio/newc" by GNU cpio
+0 string 070701 ASCII cpio archive (SVR4 with no CRC)
+!:mime application/x-cpio
+# https://telparia.com/fileFormatSamples/archive/cpio/MainActor-2.06.3.cpio
+!:ext cpio
+# Note: called "CPIO archive (portable)" by TrID, "cpio/New CRC" by 7-Zip and "cpio/crc" by GNU cpio
+0 string 070702 ASCII cpio archive (SVR4 with CRC)
+!:mime application/x-cpio
+# http://ftp.gnu.org/gnu/tar/tar-1.27.cpio.gz
+# https://telparia.com/fileFormatSamples/archive/cpio/pcmcia
+!:ext /cpio
+# display information of old binary cpio archive
+# Note: verfied by 7-Zip `7z l -tcpio -slt *.cpio` and
+# `cpio -ivt --numeric-uid-gid --file=clam.bin-le.cpio`
+0 name cpio-bin
+# c_dev; device number; WHAT IS THAT?
+>2 uleshort x \b; device %u
+# c_ino; truncated inode number; use `ls --inode`
+>4 uleshort x \b, inode %u
+# c_mode; mode specifies permissions and file type like: ?622~?rw-r--r-- by `ls -l`
+>6 uleshort x \b, mode %o
+# c_uid; numeric user id; use `ls --numeric-uid-gid`
+>8 uleshort x \b, uid %u
+# c_gid; numeric group id
+>10 uleshort x \b, gid %u
+# c_nlink; links to this file; directories at least 2
+>12 uleshort >1 \b, %u links
+# c_rdev; device number for block and character entries; zero for all other entries by writers
+# like 0x0440 for /dev/ttyS0
+>14 uleshort >0 \b, device %#4.4x
+# c_mtime[2]; modification time in seconds since 1 January 1970; most-significant 16 bits first
+>16 medate x \b, modified %s
+# c_filesize[2]; size of pathname; most-significant 16 bits first like: 544
+>22 melong x \b, %u bytes
+# c_namesize; bytes in the pathname that follows the header like: 9
+#>20 uleshort x \b, namesize %u
+# pathname of entry like: "clam.exe"
+>26 string x "%s"
+# display information of old binary byte swapped cpio archive
+# Note: verfied by 7-Zip `7z l -tcpio -slt *.cpio` and
+# `LANGUAGE=C cpio -ivt --numeric-uid-gid --file=clam.bin-be.cpio`
+0 name cpio-bin-be
+>2 ubeshort x \b; device %u
+>4 ubeshort x \b, inode %u
+>6 ubeshort x \b, mode %o
+>8 ubeshort x \b, uid %u
+>10 ubeshort x \b, gid %u
+>12 ubeshort >1 \b, %u links
+>14 ubeshort >0 \b, device %#4.4x
+>16 bedate x \b, modified %s
+>22 ubelong x \b, %u bytes
+#>20 ubeshort x \b, namesize %u
+>26 string x "%s"
+
+#
+# Various archive formats used by various versions of the "ar"
+# command.
+#
+
+#
+# Original UNIX archive formats.
+# They were written with binary values in host byte order, and
+# the magic number was a host "int", which might have been 16 bits
+# or 32 bits. We don't say "PDP-11" or "VAX", as there might have
+# been ports to little-endian 16-bit-int or 32-bit-int platforms
+# (x86?) using some of those formats; if none existed, feel free
+# to use "PDP-11" for little-endian 16-bit and "VAX" for little-endian
+# 32-bit. There might have been big-endian ports of that sort as
+# well.
+#
+0 leshort 0177555 very old 16-bit-int little-endian archive
+0 beshort 0177555 very old 16-bit-int big-endian archive
+0 lelong 0177555 very old 32-bit-int little-endian archive
+0 belong 0177555 very old 32-bit-int big-endian archive
+
+0 leshort 0177545 old 16-bit-int little-endian archive
+>2 string __.SYMDEF random library
+0 beshort 0177545 old 16-bit-int big-endian archive
+>2 string __.SYMDEF random library
+0 lelong 0177545 old 32-bit-int little-endian archive
+>4 string __.SYMDEF random library
+0 belong 0177545 old 32-bit-int big-endian archive
+>4 string __.SYMDEF random library
+
+#
+# From "pdp" (but why a 4-byte quantity?)
+#
+0 lelong 0x39bed PDP-11 old archive
+0 lelong 0x39bee PDP-11 4.0 archive
+
+#
+# XXX - what flavor of APL used this, and was it a variant of
+# some ar archive format? It's similar to, but not the same
+# as, the APL workspace magic numbers in pdp.
+#
+0 long 0100554 apl workspace
+
+#
+# System V Release 1 portable(?) archive format.
+#
+0 string =<ar> System V Release 1 ar archive
+!:mime application/x-archive
+
+#
+# Debian package; it's in the portable archive format, and needs to go
+# before the entry for regular portable archives, as it's recognized as
+# a portable archive whose first member has a name beginning with
+# "debian".
+#
+# Update: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/Deb_(file_format)
+0 string =!<arch>\ndebian
+# https://manpages.debian.org/testing/dpkg/dpkg-split.1.en.html
+>14 string -split part of multipart Debian package
+!:mime application/vnd.debian.binary-package
+# udeb is used for stripped down deb file
+!:ext deb/udeb
+>14 string -binary Debian binary package
+!:mime application/vnd.debian.binary-package
+# For ipk packager see also https://en.wikipedia.org/wiki/Opkg
+!:ext deb/udeb/ipk
+# This should not happen
+>14 default x Unknown Debian package
+# NL terminated version; for most Debian cases this is 2.0 or 2.1 for split
+>68 string >\0 (format %s)
+#>68 string !2.0\n
+#>>68 string x (format %.3s)
+>68 string =2.0\n
+# 2nd archive name=control archive name like control.tar.gz or control.tar.xz
+# or control.tar.zst
+>>72 string >\0 \b, with %.15s
+# look for 3rd archive name=data archive name like data.tar.{gz,xz,bz2,lzma}
+>>0 search/0x93e4f data.tar. \b, data compression
+# the above line only works if FILE_BYTES_MAX in ../../src/file.h is raised
+# for example like libreoffice-dev-doc_1%3a5.2.7-1+rpi1+deb9u3_all.deb
+>>>&0 string x %.2s
+# skip space (0x20 BSD) and slash (0x2f System V) character marking end of name
+>>>&2 ubyte !0x20
+>>>>&-1 ubyte !0x2f
+# display 3rd character of file name extension like 2 of bz2 or m of lzma
+>>>>>&-1 ubyte x \b%c
+>>>>>>&0 ubyte !0x20
+>>>>>>>&-1 ubyte !0x2f
+# display 4th character of file name extension like a of lzma
+>>>>>>>>&-1 ubyte x \b%c
+# split debian package case
+>68 string =2.1\n
+# dpkg-1.18.25/dpkg-split/info.c
+# NL terminated ASCII package name like ckermit
+>>&0 string x \b, %s
+# NL terminated package version like 302-5.3
+>>>&1 string x %s
+# NL terminated MD5 checksum
+>>>>&1 string x \b, MD5 %s
+# NL terminated original package length
+>>>>>&1 string x \b, unsplitted size %s
+# NL terminated part length
+>>>>>>&1 string x \b, part length %s
+# NL terminated package part like n/m
+>>>>>>>&1 string x \b, part %s
+# NL terminated package architecture like armhf since dpkg 1.16.1 or later
+>>>>>>>>&1 string x \b, %s
+
+#
+# MIPS archive; they're in the portable archive format, and need to go
+# before the entry for regular portable archives, as it's recognized as
+# a portable archive whose first member has a name beginning with
+# "__________E".
+#
+0 string =!<arch>\n__________E MIPS archive
+!:mime application/x-archive
+>20 string U with MIPS Ucode members
+>21 string L with MIPSEL members
+>21 string B with MIPSEB members
+>19 string L and an EL hash table
+>19 string B and an EB hash table
+>22 string X -- out of date
+
+#
+# BSD/SVR2-and-later portable archive formats.
+#
+# Update: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/AR
+# Reference: https://www.unix.com/man-page/opensolaris/3HEAD/ar.h/
+# Note: Mach-O universal binary in ./cafebabe is dependent
+# TODO: unify current ar archive, MIPS archive, Debian package
+# distinguish BSD, SVR; 32, 64 bit; HP from other 32-bit SVR;
+# *.ar packages from *.a libraries. handle empty archive
+0 string =!<arch>\n current ar archive
+# print first and possibly second ar_name[16] for debugging purpose
+#>8 string x \b, 1st "%.16s"
+#>68 string x \b, 2nd "%.16s"
+!:mime application/x-archive
+# a in most case for libraries; lib for Microsoft libraries; ar else cases
+!:ext a/lib/ar
+>8 string __.SYMDEF random library
+# first member with long marked name __.SYMDEF SORTED implies BSD library
+>68 string __.SYMDEF\ SORTED random library
+# Reference: https://parisc.wiki.kernel.org/images-parisc/b/b2/Rad_11_0_32.pdf
+# "archive file" entry moved from ./hp
+# LST header system_id 0210h~PA-RISC 1.1,... identifies the target architecture
+# LST header a_magic 0619h~relocatable library
+>68 belong 0x020b0619 - PA-RISC1.0 relocatable library
+>68 belong 0x02100619 - PA-RISC1.1 relocatable library
+>68 belong 0x02110619 - PA-RISC1.2 relocatable library
+>68 belong 0x02140619 - PA-RISC2.0 relocatable library
+#EOF for common ar archives
+
+#
+# "Thin" archive, as can be produced by GNU ar.
+#
+0 string =!<thin>\n thin archive with
+>68 belong 0 no symbol entries
+>68 belong 1 %d symbol entry
+>68 belong >1 %d symbol entries
+
+0 search/1 -h- Software Tools format archive text
+
+# ARC archiver, from Daniel Quinlan (quinlan@yggdrasil.com)
+#
+# The first byte is the magic (0x1a), byte 2 is the compression type for
+# the first file (0x01 through 0x09), and bytes 3 to 15 are the MS-DOS
+# filename of the first file (null terminated). Since some types collide
+# we only test some types on basis of frequency: 0x08 (83%), 0x09 (5%),
+# 0x02 (5%), 0x03 (3%), 0x04 (2%), 0x06 (2%). 0x01 collides with terminfo.
+0 lelong&0x8080ffff 0x0000081a ARC archive data, dynamic LZW
+!:mime application/x-arc
+0 lelong&0x8080ffff 0x0000091a ARC archive data, squashed
+!:mime application/x-arc
+0 lelong&0x8080ffff 0x0000021a ARC archive data, uncompressed
+!:mime application/x-arc
+0 lelong&0x8080ffff 0x0000031a ARC archive data, packed
+!:mime application/x-arc
+0 lelong&0x8080ffff 0x0000041a ARC archive data, squeezed
+!:mime application/x-arc
+0 lelong&0x8080ffff 0x0000061a ARC archive data, crunched
+!:mime application/x-arc
+# [JW] stuff taken from idarc, obviously ARC successors:
+0 lelong&0x8080ffff 0x00000a1a PAK archive data
+!:mime application/x-arc
+0 lelong&0x8080ffff 0x0000141a ARC+ archive data
+!:mime application/x-arc
+0 lelong&0x8080ffff 0x0000481a HYP archive data
+!:mime application/x-arc
+
+# Acorn archive formats (Disaster prone simpleton, m91dps@ecs.ox.ac.uk)
+# I can't create either SPARK or ArcFS archives so I have not tested this stuff
+# [GRR: the original entries collide with ARC, above; replaced with combined
+# version (not tested)]
+#0 byte 0x1a RISC OS archive (spark format)
+0 string \032archive RISC OS archive (ArcFS format)
+0 string Archive\000 RISC OS archive (ArcFS format)
+
+# All these were taken from idarc, many could not be verified. Unfortunately,
+# there were many low-quality sigs, i.e. easy to trigger false positives.
+# Please notify me of any real-world fishy/ambiguous signatures and I'll try
+# to get my hands on the actual archiver and see if I find something better. [JW]
+# probably many can be enhanced by finding some 0-byte or control char near the start
+
+# idarc calls this Crush/Uncompressed... *shrug*
+0 string CRUSH Crush archive data
+# Squeeze It (.sqz)
+0 string HLSQZ Squeeze It archive data
+# SQWEZ
+0 string SQWEZ SQWEZ archive data
+# HPack (.hpk)
+0 string HPAK HPack archive data
+# HAP
+0 string \x91\x33HF HAP archive data
+# MD/MDCD
+0 string MDmd MDCD archive data
+# LIM
+0 string LIM\x1a LIM archive data
+# SAR
+3 string LH5 SAR archive data
+# BSArc/BS2
+0 string \212\3SB\020\0 BSArc/BS2 archive data
+# Bethesda Softworks Archive (Oblivion)
+0 string BSA\0 BSArc archive data
+>4 lelong x version %d
+# MAR
+2 string =-ah MAR archive data
+# ACB
+#0 belong&0x00f800ff 0x00800000 ACB archive data
+# CPZ
+# TODO, this is what idarc says: 0 string \0\0\0 CPZ archive data
+# JRC
+0 string JRchive JRC archive data
+# Quantum
+0 string DS\0 Quantum archive data
+# ReSOF
+0 string PK\3\6 ReSOF archive data
+# QuArk
+0 string 7\4 QuArk archive data
+# YAC
+14 string YC YAC archive data
+# X1
+0 string X1 X1 archive data
+0 string XhDr X1 archive data
+# CDC Codec (.dqt)
+0 belong&0xffffe000 0x76ff2000 CDC Codec archive data
+# AMGC
+0 string \xad6" AMGC archive data
+# NuLIB
+0 string N\xc3\xb5F\xc3\xa9lx\xc3\xa5 NuLIB archive data
+# PakLeo
+0 string LEOLZW PAKLeo archive data
+# ChArc
+0 string SChF ChArc archive data
+# PSA
+0 string PSA PSA archive data
+# CrossePAC
+0 string DSIGDCC CrossePAC archive data
+# Freeze
+0 string \x1f\x9f\x4a\x10\x0a Freeze archive data
+# KBoom
+0 string \xc2\xa8MP\xc2\xa8 KBoom archive data
+# NSQ, must go after CDC Codec
+0 string \x76\xff NSQ archive data
+# DPA
+0 string Dirk\ Paehl DPA archive data
+# BA
+# TODO: idarc says "bytes 0-2 == bytes 3-5"
+# TTComp
+# URL: http://fileformats.archiveteam.org/wiki/TTComp_archive
+# Update: Joerg Jenderek
+# GRR: line below is too general as it matches also Panorama database "TCDB 2003-10 demo.pan", others
+0 string \0\6
+# look for first keyword of Panorama database *.pan
+>12 search/261 DESIGN
+# skip keyword with low entropy
+>12 default x
+# skip DOS 2.0 backup id file, sequence 6 with many nils like BACKUPID_xx6.@@@ handled by ./msdos
+>>8 quad !0
+>>>0 use ttcomp
+# variant ASCII, 4K dictionary (strength=48=50-2). With strength=49 wrong order! WHY?
+0 string \1\6
+# TODO:
+# skip VAX-order 68k Blit mpx/mux executable (strength=50) handled by ./blit
+!:strength -2
+>0 use ttcomp
+0 string \0\5
+# skip some DOS 2.0 backup id file, sequence 5 with many nils like BACKUPID_075.@@@ handled by ./msdos
+>8 quad !0
+>>0 use ttcomp
+0 string \1\5
+# TODO:
+# variant ASCII, 2K dictionary (strength=48=50-2). With strength=49 wrong order! WHY?
+# skip ctab data (strength=50) handled by ./ibm6000
+# skip locale data table (strength=50) handled by ./digital
+!:strength -2
+>0 use ttcomp
+0 string \0\4
+# skip many Maple help database *.hdb with version tag handled by ./maple
+>1028 string !version
+# skip veclib maple.hdb by looking for Mable keyword
+>>4 search/1091 Maple\040
+#>4 search/34090 Maple\040
+>>4 default x
+# skip DOS 2.0-3.2 backed up sequence 4 with many nils like LOTUS5.RAR handled by ./msdos
+# skip xBASE Compound Index file *.CDX with many nils
+>>>0x54 quad !0
+>>>>0 use ttcomp
+0 string \1\4
+# TODO:
+# skip shared library (strength=50) handled by ./ibm6000
+!:strength -2
+# skip Commodore PET BASIC programs (Mastermind.prg) with last 3 nil bytes (\0~end of line followed by 0000h line offset)
+#>-4 ubelong x LAST_BYTES=%8.8x
+>-4 ubelong&0x00FFffFF !0
+>>0 use ttcomp
+# display information of TTComp archive
+0 name ttcomp
+# (version 5.25) labeled the entry as "TTComp archive data"
+>0 ubyte x TTComp archive data
+!:mime application/x-compress-ttcomp
+# PBACKSCR.PI1
+!:ext $xe/$ts/pi1/__d
+# compression type: 0~binary compression 1~ASCII compression
+>0 ubyte 0 \b, binary
+>0 ubyte 1 \b, ASCII
+# size of the dictionary: 4~1024 bytes 5~2048 bytes 6~4096 bytes
+>1 ubyte 4 \b, 1K
+>1 ubyte 5 \b, 2K
+>1 ubyte 6 \b, 4K
+>1 ubyte x dictionary
+# https://mark0.net/forum/index.php?topic=848
+# last 3 bytes probably have only 8 possible bit sequences
+# xxxxxxxx 0000000x 11111111 ____FFh
+# xxxxxxxx 10000000 01111111 __807Fh
+# 0xxxxxxx 11000000 00111111 __C03Fh
+# 00xxxxxx 11100000 00011111 __E01Fh
+# 000xxxxx 11110000 00001111 __F00Fh
+# 0000xxxx 11111000 00000111 __F807h
+# 00000xxx 11111100 00000011 __FC03h
+# 000000xx 11111110 00000001 __FE01h
+# but for quickgif.__d 0A7DD4h
+#>-3 ubyte x \b, last 3 bytes 0x%2.2x
+#>-2 ubeshort x \b%4.4x
+# From: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/Disk_Copy
+# reference: http://nulib.com/library/FTN.e00005.htm
+0x52 ubeshort 0x0100
+# test for disk image size equal or above 400k
+>0x40 ubelong >409599
+# test also for disk image size equal or below 1440k to skip
+# windows7en.mbr UNICODE.DAT
+#>>0x40 ubelong <1474561
+# test now for "low" disk image size equal or below 64 MiB to skip
+# windows7en.mbr (B441BBAAh) UNICODE.DAT (0400AF05h)
+>>0x40 ubelong <0x04000001
+# To skip Flags$StringJoiner.class with size 00106A61h test also for valid disk image sizes
+# 00064000 for 400k GCR disks dc42-400k-gcr.trid.xml
+# 000c8000 for 800k GCR disks dc42-800k-gcr.trid.xml
+# 000b4000 for 720k MFM disks dc42-720k-mfm.trid.xml
+# 00168000 for 1440k MFM disks dc42-1440k-mfm.trid.xml
+# https://lisaem.sunder.net/LisaProjectDocs.txt
+# 00500000 05M available
+# 00A00000 10M available
+# 01800000 24M possible
+# 02000000 32M uncertain
+# 04000000 64M uncertain
+>>>0x40 ubelong&0xf8003fFF 0
+# skip samples with invalid disk name length like:
+# 181 (biosmd80.rom) 202 (Flags$StringJoiner.class) 90 (UNICODE.DAT)
+>>>>0x0 ubyte <64
+>>>>>0 use dc42-floppy
+# display information of Apple DiskCopy 4.2 floppy image
+0 name dc42-floppy
+# disk name length; maximal 63
+#>0 ubyte x DISK NAME LENGTH %u
+# ASCII image pascal (maximal 63 bytes) name padded with NULs like:
+# "Microsoft Mail" "Disquette 2" "IIe Installer Disk"
+# "-lisaem.sunder.net hd-" (dc42-lisaem.trid.xml) "-not a Macintosh disk" (dc42-nonmac.trid.xml)
+>00 pstring/B x Apple DiskCopy 4.2 image %s
+#!:mime application/octet-stream
+!:mime application/x-dc42-floppy-image
+!:apple dCpydImg
+# probably also img like: "Utilitaires 2.img" "Installation 7.img"
+!:ext image/dc42/img
+# data size in bytes like: 409600 737280 819200 1474560
+>0x40 ubelong x \b, %u bytes
+# for debugging purpose size in hexadecimal
+#>0x40 ubelong x (%#8.8x)
+# tag size in bytes like: 0 (often) 2580h (PUID fmt/625) 4B00h (Microsoft Mail.image)
+>0x44 ubelong >0 \b, %#x tag size
+# data checksum
+#>0x48 ubelong x \b, %#x checksum
+# tag checksum
+#>0x4c ubelong x \b, %#x tag checksum
+# disk encoding like: 0 1 2 3 (PUID: fmt/625)
+>0x50 ubyte 0 \b, GCR CLV ssdd (400k)
+>0x50 ubyte 1 \b, GCR CLV dsdd (800k)
+>0x50 ubyte 2 \b, MFM CAV dsdd (720k)
+>0x50 ubyte 3 \b, MFM CAV dshd (1440k)
+>0x50 ubyte >3 \b, %#x encoding
+# format byte like: 12h (Lisa 400K) 24h (400K Macintosh) 96h (800K Apple II disk)
+# 2 (Mac 400k "Disquette Installation 13.image")
+# 22h (double-sided MFM or Mac 800k "Disco 12.image" "IIe Installer Disk.image")
+>0x51 ubyte x \b, %#x format
+#>0x54 ubequad x \b, data %#16.16llx
+# ESP, could this conflict with Easy Software Products' (e.g.ESP ghostscript) documentation?
+0 string ESP ESP archive data
+# ZPack
+0 string \1ZPK\1 ZPack archive data
+# Sky
+0 string \xbc\x40 Sky archive data
+# UFA
+0 string UFA UFA archive data
+# Dry
+0 string =-H2O DRY archive data
+# FoxSQZ
+0 string FOXSQZ FoxSQZ archive data
+# AR7
+0 string ,AR7 AR7 archive data
+# PPMZ
+0 string PPMZ PPMZ archive data
+# MS Compress
+# Update: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/MS-DOS_installation_compression
+# Reference: https://hwiegman.home.xs4all.nl/fileformats/compress/szdd_kwaj_format.html
+# Note: use correct version of extracting tool like EXPAND, UNPACK, DECOMP or 7Z
+4 string \x88\xf0\x27
+# KWAJ variant
+>0 string KWAJ MS Compress archive data, KWAJ variant
+!:mime application/x-ms-compress-kwaj
+# extension not working in version 5.32
+# magic/Magdir/archive, 284: Warning: EXTENSION type ` ??_' has bad char '?'
+# file: line 284: Bad magic entry ' ??_'
+!:ext ??_
+# compression method (0-4)
+>>8 uleshort x \b, %u method
+# offset of compressed data
+>>10 uleshort x \b, %#x offset
+#>>(10.s) uleshort x
+#>>>&-6 string x \b, TEST extension %-.3s
+# header flags to mark header extensions
+>>12 uleshort >0 \b, %#x flags
+# 4 bytes: decompressed length of file
+>>12 uleshort &0x01
+>>>14 ulelong x \b, original size: %u bytes
+# 2 bytes: unknown purpose
+# 2 bytes: length of unknown data + mentioned bytes
+# 1-9 bytes: null-terminated file name
+# 1-4 bytes: null-terminated file extension
+>>12 uleshort &0x08
+>>>12 uleshort ^0x01
+>>>>12 uleshort ^0x02
+>>>>>12 uleshort ^0x04
+>>>>>>12 uleshort ^0x10
+>>>>>>>14 string x \b, %-.8s
+>>>>>>12 uleshort &0x10
+>>>>>>>14 string x \b, %-.8s
+>>>>>>>>&1 string x \b.%-.3s
+>>>>>12 uleshort &0x04
+>>>>>>12 uleshort ^0x10
+>>>>>>>(14.s) uleshort x
+>>>>>>>>&14 string x \b, %-.8s
+>>>>>>12 uleshort &0x10
+>>>>>>>(14.s) uleshort x
+>>>>>>>>&14 string x \b, %-.8s
+>>>>>>>>>&1 string x \b.%-.3s
+>>>>12 uleshort &0x02
+>>>>>12 uleshort ^0x04
+>>>>>>12 uleshort ^0x10
+>>>>>>>16 string x \b, %-.8s
+>>>>>>12 uleshort &0x10
+>>>>>>>16 string x \b, %-.8s
+>>>>>>>>&1 string x \b.%-.3s
+>>>>>12 uleshort &0x04
+>>>>>>12 uleshort ^0x10
+>>>>>>>(16.s) uleshort x
+>>>>>>>>&16 string x \b, %-.8s
+>>>>>>12 uleshort &0x10
+>>>>>>>(16.s) uleshort x
+>>>>>>>&16 string x %-.8s
+>>>>>>>>&1 string x \b.%-.3s
+>>>12 uleshort &0x01
+>>>>12 uleshort ^0x02
+>>>>>12 uleshort ^0x04
+>>>>>>12 uleshort ^0x10
+>>>>>>>18 string x \b, %-.8s
+>>>>>>12 uleshort &0x10
+>>>>>>>18 string x \b, %-.8s
+>>>>>>>>&1 string x \b.%-.3s
+>>>>>12 uleshort &0x04
+>>>>>>12 uleshort ^0x10
+>>>>>>>(18.s) uleshort x
+>>>>>>>>&18 string x \b, %-.8s
+>>>>>>12 uleshort &0x10
+>>>>>>>(18.s) uleshort x
+>>>>>>>>&18 string x \b, %-.8s
+>>>>>>>>>&1 string x \b.%-.3s
+>>>>12 uleshort &0x02
+>>>>>12 uleshort ^0x04
+>>>>>>12 uleshort ^0x10
+>>>>>>>20 string x \b, %-.8s
+>>>>>>12 uleshort &0x10
+>>>>>>>20 string x \b, %-.8s
+>>>>>>>>&1 string x \b.%-.3s
+>>>>>12 uleshort &0x04
+>>>>>>12 uleshort ^0x10
+>>>>>>>(20.s) uleshort x
+>>>>>>>>&20 string x \b, %-.8s
+>>>>>>12 uleshort &0x10
+>>>>>>>(20.s) uleshort x
+>>>>>>>>&20 string x \b, %-.8s
+>>>>>>>>>&1 string x \b.%-.3s
+# 2 bytes: length of data + mentioned bytes
+#
+# SZDD variant Haruhiko Okumura's LZSS or 7z type MsLZ
+# URL: http://fileformats.archiveteam.org/wiki/MS-DOS_installation_compression
+# Reference: http://www.cabextract.org.uk/libmspack/doc/szdd_kwaj_format.html
+# http://mark0.net/download/triddefs_xml.7z/defs/s/szdd.trid.xml
+# Note: called "Microsoft SZDD compressed (Haruhiko Okumura's LZSS)" by TrID
+# verfied by 7-Zip `7z l -tMsLZ -slt *.??_` as MsLZ
+# `deark -l -m lzss_oku -d2 setup-1-41.bin` as "LZSS.C by Haruhiko Okumura"
+>0 string SZDD MS Compress archive data, SZDD variant
+# 2nd part of signature
+#>>4 ubelong 0x88F02733 \b, SIGNATURE OK
+!:mime application/x-ms-compress-szdd
+!:ext ??_
+# The character missing from the end of the filename (0=unknown)
+>>9 string >\0 \b, %-.1s is last character of original name
+# https://www.betaarchive.com/forum/viewtopic.php?t=26161
+# Compression mode: "A" (0x41) found but sometimes "B" in Windows 3.1 builds 026 and 034e
+>>8 string !A \b, %-.1s method
+>>10 ulelong >0 \b, original size: %u bytes
+# Summary: InstallShield archive with SZDD compressed
+# URL: https://community.flexera.com/t5/InstallShield-Knowledge-Base/InstallShield-Redistributable-Files/ta-p/5647
+# From: Joerg Jenderek
+1 search/48/bs SZDD\x88\xF0\x27\x33 InstallShield archive
+#!:mime application/octet-stream
+!:mime application/x-installshield-compress-szdd
+!:ext ibt
+# name of compressed archive member like: setup.dl_ _setup7int.dl_ _setup2k.dl_ _igdi.dl_ cabinet.dl_
+>0 string x %s
+# name of uncompressed archive member like: setup.dll _Setup.dll IGdi.dll CABINET.DLL
+>>&1 string x (%s)
+# probably version like: 9.0.0.333 9.1.0.429 11.50.0.42618
+>>>&1 string x \b, version %s
+# SZDD member length like: 168048 169333 181842
+>>>>&1 string x \b, %s bytes
+# MS Compress archive data
+#>&0 string SZDD \b, SIGNATURE FOUND
+>&0 indirect x
+# QBasic SZDD variant
+3 string \x88\xf0\x27
+>0 string SZ\x20 MS Compress archive data, QBasic variant
+!:mime application/x-ms-compress-sz
+!:ext ??$
+>>8 ulelong >0 \b, original size: %u bytes
+
+# Summary: lzss compressed/EDI Pack
+# From: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/EDI_Install_packed_file
+# Note: called "EDI Install LZS compressed data" by TrID and verified by
+# command like `deark -l -m edi_pack -d2 BOOK01A.IC$` as "EDI Pack LZSS1"
+0 string EDILZSS
+>7 string 1
+# look for point character before orginal file name extension
+>>8 search/9/b .
+# check suffix of possible orginal file anme
+#>>>&0 ubelong x SUFFIX=%8.8x
+# samples without valid character after point in original file name field like: FENNEL.LZS PLANTAIN.LZS
+>>>&0 ubyte <0x20
+>>>>0 use edi-lzs
+# samples with valid character after point in original file name field
+>>>&0 ubyte >0x1F
+# check 2nd charcter of suffix
+#>>>>&0 ubyte x 2ND_SUFFIX=%x
+# sample with one valid character after point followed by \0 in original file name field like: SPELMATE.H$
+>>>>&0 ubyte =0
+>>>>>0 use edi-pack
+>>>>&0 ubyte >0x1F
+# check 3rd charcter of suffix
+#>>>>>&0 ubyte x 3RD_SUFFIX=%x
+# no sample with 2 valid characters after point followed by \0 in original file name field
+>>>>>&0 ubyte =0
+>>>>>>0 use edi-pack
+# samples with valid 3rd character after point in original file name field
+>>>>>&0 ubyte >0x1F
+# sample with 3 valid character after point followed by \0 in original file name field like: BOOK01A.IC$ CTL3D.DL$
+>>>>>>&0 ubyte =0
+>>>>>>>0 use edi-pack
+# sample with 3 valid character after point followed by no \0 in original file name field like: HERBTEXT.LZS
+>>>>>>&0 ubyte !0
+>>>>>>>0 use edi-lzs
+# no sample with invalid 3rd character after point in original file name field
+>>>>>&0 default x
+>>>>>>0 use edi-lzs
+# sample with invalid 2nd character after point in original file name field like: LACERATE.LZS SPLINTER.LZS
+>>>>&0 default x
+>>>>>0 use edi-lzs
+# sample without point character in original file name field like GUNSHOT.LZS
+>>8 default x
+>>>0 use edi-lzs
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/e/edi-lzss2.trid.xml
+# Note: called "EDI Install Pro LZSS2 compressed data" by TrID and verified by
+# command like `deark -l -m edi_pack -d2 4WAY.WA$` as "EDI Pack LZSS2"
+>7 string 2 EDI LZSS2 packed
+#!:mime application/octet-stream
+!:mime application/x-edi-pack-lzss
+# the name of a compressed file often ends in character '$' or '_'
+!:ext ??$/??_
+# original filename, NUL-terminated, padded to 13 bytes like: mci.vbx 4way.wav skymap.exe cmdialog.vbx
+>>8 string x "%-0.13s"
+# original file size, as a 4-byte integer.
+>>21 ulelong x \b, %u bytes
+# compressed data like: ff5249464606ec00 ff4d5aa601010000
+>>>25 ubequad x \b, data %#16.16llx...
+0 name edi-pack
+# Note: verified by command like `deark -l -d2 SPELMATE.H$` as "EDI Pack LZSS1"
+# original filename, NUL-terminated, padded to 13 bytes like: ctl3d.dll spelmate.h filemenu.rc owl.def index-it.exe
+# but not like \377Aloe.lzs\273 (HERBTEXT.LZS)
+>8 string x EDI LZSS packed "%-.13s"
+#!:mime application/octet-stream
+!:mime application/x-edi-pack-lzss
+# the name of a compressed file often ends in character '$' or '_'
+!:ext ??$/?$
+# compressed data like: f7000001eff02020 ff4d5aa900020000 ff2f2a207370656c
+>21 ubequad x \b, data %#16.16llx...
+# URL: http://fileformats.archiveteam.org/wiki/EDI_LZSSLib
+# Note: verified partly by command like `deark -l -m edi_pack -d2 GUNSHOT.LZS` as "EDI LZSSLib"
+0 name edi-lzs
+# Note: verified by command like `deark -l -d2 GUNSHOT.LZS` as "EDI LZSSLib"
+# no original filename looks like: \277BM\226.\0 \277BM.n\001 \277BM\226.\0 \277BM.g\001 \377Aloe.lzs\273
+>8 string x EDI LZSSLib packed
+#!:mime application/octet-stream
+!:mime application/x-edi-pack-lzss
+# The name of a compressed file ends with LZS suffix
+!:ext lzs
+# compressed data like: bf424df6e10100f3 ff416c6f652e6c7a ff416c6f652e6c7a
+>8 ubequad x \b, data %#16.16llx...
+
+# Summary: CAZIP compressed file
+# From: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/CAZIP
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/c/caz.trid.xml
+# Note: Format is distinct from CAZIPXP compressed
+0 string \x0D\x0A\x1ACAZIP CAZIP compressed file
+#!:mime application/octet-stream
+!:mime application/x-compress-cazip
+# like: BLINKER.WR_ CLIPDEFS._ CAOSETUP.EX_ CLIPPER.EX_ FILEIO.C_
+!:ext ??_/?_/_
+
+# Summary: FTCOMP compressed archive
+# From: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/FTCOMP
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/a/ark-ftcomp.trid.xml
+# Note: called by TrID "FTCOMP compressed archive"
+# extracted by `unpack seahelp.hl_`
+24 string/b FTCOMP FTCOMP compressed archive
+#!:mime application/octet-stream
+!:mime application/x-compress-ftcomp
+!:ext ??_/??@/dll/drv/pk2/
+# probably A596FDFF magic at the beginning
+>0 ubelong !0xA596FDFF \b, at beginning %#x
+# probably original file name with directory like: \OS2\unpack.exe \SYSTEM\8514.DRV MAHJONGG.EXE
+>41 string x "%s"
+
+# MP3 (archiver, not lossy audio compression)
+0 string MP3\x1a MP3-Archiver archive data
+# ZET
+0 string OZ\xc3\x9d ZET archive data
+# TSComp
+0 string \x65\x5d\x13\x8c\x08\x01\x03\x00 TSComp archive data
+# ARQ
+0 string gW\4\1 ARQ archive data
+# Squash
+3 string OctSqu Squash archive data
+# Terse
+0 string \5\1\1\0 Terse archive data
+# UHarc
+0 string UHA UHarc archive data
+# ABComp
+0 string \2AB ABComp archive data
+0 string \3AB2 ABComp archive data
+# CMP
+0 string CO\0 CMP archive data
+# Splint
+0 string \x93\xb9\x06 Splint archive data
+# InstallShield
+0 string \x13\x5d\x65\x8c InstallShield Z archive Data
+# Gather
+1 string GTH Gather archive data
+# BOA
+0 string BOA BOA archive data
+# RAX
+0 string ULEB\xa RAX archive data
+# Xtreme
+0 string ULEB\0 Xtreme archive data
+# Pack Magic
+0 string @\xc3\xa2\1\0 Pack Magic archive data
+# BTS
+0 belong&0xfeffffff 0x1a034465 BTS archive data
+# ELI 5750
+0 string Ora\ ELI 5750 archive data
+# QFC
+0 string \x1aFC\x1a QFC archive data
+0 string \x1aQF\x1a QFC archive data
+# PRO-PACK https://www.segaretro.org/Rob_Northen_compression
+0 string RNC
+>3 byte 1 PRO-PACK archive data (compression 1)
+>3 byte 2 PRO-PACK archive data (compression 2)
+# 777
+0 string 777 777 archive data
+# LZS221
+0 string sTaC LZS221 archive data
+# HPA
+0 string HPA HPA archive data
+# Arhangel
+0 string LG Arhangel archive data
+# EXP1, uses bzip2
+0 string 0123456789012345BZh EXP1 archive data
+# IMP
+0 string IMP\xa IMP archive data
+# NRV
+0 string \x00\x9E\x6E\x72\x76\xFF NRV archive data
+# Squish
+0 string \x73\xb2\x90\xf4 Squish archive data
+# Par
+0 string PHILIPP Par archive data
+0 string PAR Par archive data
+# HIT
+0 string UB HIT archive data
+# SBX
+0 belong&0xfffff000 0x53423000 SBX archive data
+# NaShrink
+0 string NSK NaShrink archive data
+# SAPCAR
+0 string #\ CAR\ archive\ header SAPCAR archive data
+0 string CAR\ 2.00 SAPCAR archive data
+0 string CAR\ 2.01 SAPCAR archive data
+#!:mime application/octet-stream
+!:mime application/vnd.sar
+!:ext sar
+# Disintegrator
+0 string DST Disintegrator archive data
+# ASD
+0 string ASD ASD archive data
+# InstallShield CAB
+# Update: Joerg Jenderek at Nov 2021
+# URL: https://en.wikipedia.org/wiki/InstallShield
+# Reference: https://github.com/twogood/unshield/blob/master/lib/cabfile.h
+# Note: Not compatible with Microsoft CAB files
+# http://mark0.net/download/triddefs_xml.7z/defs/a/ark-cab-ishield.trid.xml
+# CAB_SIGNATURE 0x28635349
+0 string ISc( InstallShield
+#!:mime application/octet-stream
+!:mime application/x-installshield
+# http://mark0.net/download/triddefs_xml.7z/defs/a/ark-cab-ishield-hdr.trid.xml
+>16 ulelong !0 setup header
+# like: _SYS1.HDR _USER1.HDR data1.hdr
+!:ext hdr
+>16 ulelong =0 CAB
+# like: _SYS1.CAB _USER1.CAB DATA1.CAB data2.cab
+!:ext cab
+# https://github.com/twogood/unshield/blob/master/lib/helper.c
+# version like: 0x1005201 0x100600c 0x1007000 0x1009500
+# 0x2000578 0x20005dc 0x2000640 0x40007d0 0x4000834
+>4 ulelong x \b, version %#x
+# volume_info like: 0
+>8 ulelong !0 \b, volume_info %#x
+# cab_descriptor_offset like: 0x200
+>12 ulelong !0x200 \b, offset %#x
+#>0x200 ubequad x \b, at 0x200 %#16.16llx
+# cab_descriptor_size like: 0 (*.cab) BD5 C8B DA5 E2A E36 116C 251D 4DA9 56F0 5CC2 6E4B 777D 779E 1F7C2
+>16 ulelong !0 \b, descriptor size %#x
+# TOP4
+0 string T4\x1a TOP4 archive data
+# BatComp left out: sig looks like COM executable
+# so TODO: get real 4dos batcomp file and find sig
+# BlakHole
+0 string BH\5\7 BlakHole archive data
+# BIX
+0 string BIX0 BIX archive data
+# ChiefLZA
+0 string ChfLZ ChiefLZA archive data
+# Blink
+0 string Blink Blink archive data
+# Logitech Compress
+0 string \xda\xfa Logitech Compress archive data
+# ARS-Sfx (FIXME: really a SFX? then goto COM/EXE)
+1 string (C)\ STEPANYUK ARS-Sfx archive data
+# AKT/AKT32
+0 string AKT32 AKT32 archive data
+0 string AKT AKT archive data
+# NPack
+0 string MSTSM NPack archive data
+# PFT
+0 string \0\x50\0\x14 PFT archive data
+# SemOne
+0 string SEM SemOne archive data
+# PPMD
+0 string \x8f\xaf\xac\x84 PPMD archive data
+# FIZ
+0 string FIZ FIZ archive data
+# MSXiE
+0 belong&0xfffff0f0 0x4d530000 MSXiE archive data
+# DeepFreezer
+0 belong&0xfffffff0 0x797a3030 DeepFreezer archive data
+# DC
+0 string =<DC- DC archive data
+# TPac
+0 string \4TPAC\3 TPac archive data
+# Ai
+# Update: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/Ai_Archiver
+0 string Ai\1\1\0 Ai archive data
+#!:mime application/octet-stream
+!:mime application/x-compress-ai
+!:ext ai
+0 string Ai\1\0\0 Ai archive data
+#!:mime application/octet-stream
+!:mime application/x-compress-ai
+!:ext ai
+# Ai32
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/a/ark-ai.trid.xml
+# Note: called "Ai Archivator compressed archive" by TrID
+0 string Ai\2\0 Ai32 archive data
+#!:mime application/octet-stream
+!:mime application/x-compress-ai
+!:ext ai
+# original file name
+>8 pstring/h x "%s"
+# according to TrID the next 3 bytes are nil
+>5 ubyte !0 \b, at 5 %#x
+>6 ubyte !0 \b, at 6 %#x
+>7 ubyte !0 \b, at 7 %#x
+# the fourth byte with value 0 is probably a flag for "non solid" mode
+#>3 ubyte =0x00 \b, unsolid mode
+0 string Ai\2\1 Ai32 archive data
+#!:mime application/octet-stream
+!:mime application/x-compress-ai
+!:ext ai
+# original file name
+>8 pstring/h x "%s"
+# the fourth byte with value 0x01 is probably a flag for "solid" mode; this is not the default
+>3 ubyte =0x01 \b, solid mode
+# SBC
+0 string SBC SBC archive data
+# Ybs
+0 string YBS Ybs archive data
+# DitPack
+0 string \x9e\0\0 DitPack archive data
+# DMS
+0 string DMS! DMS archive data
+# EPC
+0 string \x8f\xaf\xac\x8c EPC archive data
+# VSARC
+0 string VS\x1a VSARC archive data
+# PDZ
+0 string PDZ PDZ archive data
+# ReDuq
+0 string rdqx ReDuq archive data
+# GCA
+0 string GCAX GCA archive data
+# PPMN
+0 string pN PPMN archive data
+# WinImage
+3 string WINIMAGE WinImage archive data
+# Compressia
+0 string CMP0CMP Compressia archive data
+# UHBC
+0 string UHB UHBC archive data
+# WinHKI
+0 string \x61\x5C\x04\x05 WinHKI archive data
+# WWPack data file
+0 string WWP WWPack archive data
+# BSN (BSA, PTS-DOS)
+0 string \xffBSG BSN archive data
+1 string \xffBSG BSN archive data
+3 string \xffBSG BSN archive data
+1 string \0\xae\2 BSN archive data
+1 string \0\xae\3 BSN archive data
+1 string \0\xae\7 BSN archive data
+# AIN
+0 string \x33\x18 AIN archive data
+0 string \x33\x17 AIN archive data
+# XPA32 test moved and merged with XPA by Joerg Jenderek at Sep 2015
+# SZip (TODO: doesn't catch all versions)
+0 string SZ\x0a\4 SZip archive data
+# XPack DiskImage
+# *.XDI updated by Joerg Jenderek Sep 2015
+# ftp://ftp.sac.sk/pub/sac/pack/0index.txt
+# GRR: this test is still too general as it catches also text files starting with jm
+0 string jm
+# only found examples with this additional characteristic 2 bytes
+>2 string \x2\x4 Xpack DiskImage archive data
+#!:ext xdi
+# XPack Data
+# *.xpa updated by Joerg Jenderek Sep 2015
+# ftp://ftp.elf.stuba.sk/pub/pc/pack/
+0 string xpa XPA
+!:ext xpa
+# XPA32
+# ftp://ftp.elf.stuba.sk/pub/pc/pack/xpa32.zip
+# created by XPA32.EXE version 1.0.2 for Windows
+>0 string xpa\0\1 \b32 archive data
+# created by XPACK.COM version 1.67m or 1.67r with short 0x1800
+>3 ubeshort !0x0001 \bck archive data
+# XPack Single Data
+# changed by Joerg Jenderek Sep 2015 back to like in version 5.12
+# letter 'I'+ acute accent is equivalent to \xcd
+0 string \xcd\ jm Xpack single archive data
+#!:mime application/x-xpa-compressed
+!:ext xpa
+
+# TODO: missing due to unknown magic/magic at end of file:
+#DWC
+#ARG
+#ZAR
+#PC/3270
+#InstallIt
+#RKive
+#RK
+#XPack Diskimage
+
+# These were inspired by idarc, but actually verified
+# Dzip archiver (.dz)
+# Update: Joerg Jenderek
+# URL: http://speeddemosarchive.com/dzip/
+# reference: http://speeddemosarchive.com/dzip/dz29src.zip/main.c
+# GRR: line below is too general as it matches also ASCII texts like Doszip commander help dz.txt
+0 string DZ
+# latest version is 2.9 dated 7 may 2003
+>2 byte <4 Dzip archive data
+!:mime application/x-dzip
+!:ext dz
+>>2 byte x \b, version %i
+>>3 byte x \b.%i
+>>4 ulelong x \b, offset %#x
+>>8 ulelong x \b, %u files
+# ZZip archiver (.zz)
+0 string ZZ\ \0\0 ZZip archive data
+0 string ZZ0 ZZip archive data
+# PAQ archiver (.paq)
+0 string \xaa\x40\x5f\x77\x1f\xe5\x82\x0d PAQ archive data
+0 string PAQ PAQ archive data
+>3 byte&0xf0 0x30
+>>3 byte x (v%c)
+# JAR archiver (.j), this is the successor to ARJ, not Java's JAR (which is essentially ZIP)
+# Update: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/JAR_(ARJ_Software)
+# reference: http://mark0.net/download/triddefs_xml.7z/defs/a/ark-jar.trid.xml
+# https://www.sac.sk/download/pack/jar102x.exe/TECHNOTE.DOC
+# Note: called "JAR compressed archive" by TrID
+0xe string \x1aJar\x1b JAR (ARJ Software, Inc.) archive data
+#!:mime application/octet-stream
+!:mime application/x-compress-j
+>0 ulelong x \b, CRC32 %#x
+# standard suffix is ".j"; for multi volumes following order j01 j02 ... j99 100 ... 990
+!:ext j/j01/j02
+# URL: http://fileformats.archiveteam.org/wiki/JARCS
+# reference: http://mark0.net/download/triddefs_xml.7z/defs/a/ark-jarcs.trid.xml
+# Note: called "JARCS compressed archive" by TrID
+0 string JARCS JAR (ARJ Software, Inc.) archive data
+#!:mime application/octet-stream
+!:mime application/x-compress-jar
+!:ext jar
+
+# ARJ archiver (jason@jarthur.Claremont.EDU)
+# URL: http://fileformats.archiveteam.org/wiki/ARJ
+# reference: http://mark0.net/download/triddefs_xml.7z/defs/a/ark-arj.trid.xml
+# https://github.com/FarGroup/FarManager/
+# blob/master/plugins/multiarc/arc.doc/arj.txt
+# Note: called "ARJ compressed archive" by TrID and
+# "ARJ File Format" by DROID via PUID fmt/610
+# verified by `7z l -tarj PHRACK1.ARJ` and
+# `arj.exe l TEST-hk9.ARJ`
+0 leshort 0xea60
+# skip DROID fmt-610-signature-id-946.arj by check for valid file type of main header
+>0xA ubyte 2
+>>0 use arj-archive
+0 name arj-archive
+>0 leshort x ARJ archive
+!:mime application/x-arj
+# look for terminating 0-character of filename
+>0x26 search/1024 \0
+# file name extension is normally .arj but not for parts of multi volume
+#>>&-5 string x extension %.4s
+>>&-5 string/c .arj data
+!:ext arj
+>>&-5 default x
+# for multi volume first name is archive.arj then following parts archive.a01 archive.a02 ...
+>>>8 byte &0x04 data
+!:ext a01/a02
+# for SFX first name is archive.exe then following parts archive.e01 archive.e02 ...
+>>>8 byte ^0x04 data, SFX multi-volume
+!:ext e01/e02
+# basic header size like: 0x002b 0x002c 0x04e0 0x04e3 0x04e7
+#>2 uleshort x basic header size %#4.4x
+# next fragment content like: 0x0a200a003a8fc713 0x524a000010bb3471 0x524a0000c73c70f9
+#>(2.s) ubequad x NEXT FRAGMENT CONTENT %#16.16llx
+# first_hdr_size; seems to be same as basic header size
+#>2 uleshort x 1st header size %#x
+# archiver version number like: 3 4 6 11 102
+>5 byte x \b, v%d
+# minimum archiver version to extract like: 1
+>6 ubyte !1 \b, minimum %u to extract
+# FOR DEBUGGING
+#>8 byte x \b, FLAGS %#x
+# GARBLED_FLAG1; garble with password; g switch
+>8 byte &0x01 \b, password-protected
+# encryption version: 0~old 1~old 2~new 3~reserved 4~40 bit key GOST
+>>0x20 ubyte x (v%u)
+#>8 byte &0x02 \b, secured
+# ANSIPAGE_FLAG; indicates ANSI codepage used by ARJ32; hy switch
+>8 byte &0x02 \b, ANSI codepage
+# VOLUME_FLAG indicates presence of succeeding volume; but apparently not for SFX
+>8 byte &0x04 \b, multi-volume
+#>8 byte &0x08 \b, file-offset
+# ARJPROT_FLAG; build with data protection record; hk switch
+>8 byte &0x08 \b, recoverable
+# arj protection factor; maximal 10; switch hky -> factor=y+1
+>>0x22 byte x (factor %u)
+>8 byte &0x10 \b, slash-switched
+# BACKUP_FLAG; obsolete
+>8 byte &0x20 \b, backup
+# SECURED_FLAG;
+>8 byte &0x40 \b, secured,
+# ALTNAME_FLAG; indicates dual-name archive
+>8 byte &0x80 \b, dual-name
+# security version; 0~old 2~current
+>9 ubyte !0
+>>9 ubyte !2 \b, security version %u
+# file type; 2 in main header; 0~binary 1~7-bitText 2~comment 3~directory 4~VolumeLabel 5=ChapterLabel
+>0xA ubyte !2 \b, file type %u
+# date+time when original archive was created in MS-DOS format via ./msdos
+>0xC ulelong x \b, created
+>0xC use dos-date
+# or date and time by new internal function
+#>0xE lemsdosdate x %s
+#>0xC lemsdostime x %s
+# FOR DEBUGGING
+#>0x12 uleshort x RAW DATE %#4.4x
+#>0x10 uleshort x RAW TIME %#4.4x
+# date+time when archive was last modified; sometimes nil or
+# maybe wrong like in HP4DRVR.ARJ
+#>0x10 ulelong >0 \b, modified
+#>>0x10 use dos-date
+# or date and time by new internal function
+#>>0x12 lemsdosdate x %s
+#>>0x10 lemsdostime x %s
+# archive size (currently used only for secured archives); MAYBE?
+#>0x14 ulelong !0 \b, file size %u
+# security envelope file position; MAYBE?
+#>0x18 ulelong !0 \b, at %#x security envelope
+# filespec position in filename; WHAT IS THAT?
+#>0x1C uleshort >0 \b, filespec position %#x
+# length in bytes of security envelope data like: 2CAh 301h 364h 471h
+>0x1E uleshort !0 \b, security envelope length %#x
+# last chapter like: 0 1
+>0x21 ubyte !0 \b, last chapter %u
+# filename (null-terminated string); sometimes at 0x26 when 4 bytes for extra data
+>34 byte x \b, original name:
+# with extras data
+>34 byte <0x0B
+>>38 string x %s
+# without extras data
+>34 byte >0x0A
+>>34 string x %s
+# host OS: 0~MSDOS ... 11~WIN32
+>7 byte 0 \b, os: MS-DOS
+>7 byte 1 \b, os: PRIMOS
+>7 byte 2 \b, os: Unix
+>7 byte 3 \b, os: Amiga
+>7 byte 4 \b, os: Macintosh
+>7 byte 5 \b, os: OS/2
+>7 byte 6 \b, os: Apple ][ GS
+>7 byte 7 \b, os: Atari ST
+>7 byte 8 \b, os: NeXT
+>7 byte 9 \b, os: VAX/VMS
+>7 byte 10 \b, os: WIN95
+>7 byte 11 \b, os: WIN32
+# [JW] idarc says this is also possible
+2 leshort 0xea60 ARJ archive data
+#2 leshort 0xea60
+#>2 use arj-archive
+
+# HA archiver (Greg Roelofs, newt@uchicago.edu)
+# This is a really bad format. A file containing HAWAII will match this...
+#0 string HA HA archive data,
+#>2 leshort =1 1 file,
+#>2 leshort >1 %hu files,
+#>4 byte&0x0f =0 first is type CPY
+#>4 byte&0x0f =1 first is type ASC
+#>4 byte&0x0f =2 first is type HSC
+#>4 byte&0x0f =0x0e first is type DIR
+#>4 byte&0x0f =0x0f first is type SPECIAL
+# suggestion: at least identify small archives (<1024 files)
+0 belong&0xffff00fc 0x48410000 HA archive data
+>2 leshort =1 1 file,
+>2 leshort >1 %u files,
+>4 byte&0x0f =0 first is type CPY
+>4 byte&0x0f =1 first is type ASC
+>4 byte&0x0f =2 first is type HSC
+>4 byte&0x0f =0x0e first is type DIR
+>4 byte&0x0f =0x0f first is type SPECIAL
+
+# HPACK archiver (Peter Gutmann, pgut1@cs.aukuni.ac.nz)
+0 string HPAK HPACK archive data
+
+# JAM Archive volume format, by Dmitry.Kohmanyuk@UA.net
+0 string \351,\001JAM\ JAM archive,
+>7 string >\0 version %.4s
+>0x26 byte =0x27 -
+>>0x2b string >\0 label %.11s,
+>>0x27 lelong x serial %08x,
+>>0x36 string >\0 fstype %.8s
+
+# LHARC/LHA archiver (Greg Roelofs, newt@uchicago.edu)
+# Update: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/LHA_(file_format)
+# Reference: https://web.archive.org/web/20021005080911/http://www.osirusoft.com/joejared/lzhformat.html
+#
+# check and display information of lharc (LHa,PMarc) file
+0 name lharc-file
+# check 1st character of method id like -lz4- -lh5- or -pm2-
+>2 string -
+# check 5th character of method id
+>>6 string -
+# check header level 0 1 2 3
+>>>20 ubyte <4
+# check 2nd, 3th and 4th character of method id
+>>>>3 regex \^(lh[0-9a-ex]|lz[s2-8]|pm[012]|pc1) \b
+!:mime application/x-lzh-compressed
+# creator type "LHA "
+!:apple ????LHA
+# display archive type name like "LHa/LZS archive data" or "LArc archive"
+>>>>>2 string -lz \b
+!:ext lzs
+# already known -lzs- -lz4- -lz5- with old names
+>>>>>>2 string -lzs LHa/LZS archive data
+>>>>>>3 regex \^lz[45] LHarc 1.x archive data
+# missing -lz?- with wikipedia names
+>>>>>>3 regex \^lz[2378] LArc archive
+# display archive type name like "LHa (2.x) archive data"
+>>>>>2 string -lh \b
+# already known -lh0- -lh1- -lh2- -lh3- -lh4- -lh5- -lh6- -lh7- -lhd- variants with old names
+>>>>>>3 regex \^lh[01] LHarc 1.x/ARX archive data
+# LHice archiver use ".ICE" as name extension instead usual one ".lzh"
+# FOOBAR archiver use ".foo" as name extension instead usual one
+# "Florian Orjanov's and Olga Bachetska's ARchiver" not found at the moment
+>>>>>>>2 string -lh1 \b
+!:ext lha/lzh/ice
+>>>>>>3 regex \^lh[23d] LHa 2.x? archive data
+>>>>>>3 regex \^lh[7] LHa (2.x)/LHark archive data
+>>>>>>3 regex \^lh[456] LHa (2.x) archive data
+>>>>>>>2 string -lh5 \b
+# https://en.wikipedia.org/wiki/BIOS
+# Some mainboard BIOS like Award use LHa compression. So archives with unusual extension are found like
+# bios.rom , kd7_v14.bin, 1010.004, ...
+!:ext lha/lzh/rom/bin
+# missing -lh?- variants (Joe Jared)
+>>>>>>3 regex \^lh[89a-ce] LHa (Joe Jared) archive
+# UNLHA32 2.67a
+>>>>>>2 string -lhx LHa (UNLHA32) archive
+# lha archives with standard file name extensions ".lha" ".lzh"
+>>>>>>3 regex !\^(lh1|lh5) \b
+!:ext lha/lzh
+# this should not happen if all -lh variants are described
+>>>>>>2 default x LHa (unknown) archive
+#!:ext lha
+# PMarc
+>>>>>3 regex \^pm[012] PMarc archive data
+!:ext pma
+# append method id without leading and trailing minus character
+>>>>>3 string x [%3.3s]
+>>>>>>0 use lharc-header
+#
+# check and display information of lharc header
+0 name lharc-header
+# header size 0x4 , 0x1b-0x61
+>0 ubyte x
+# compressed data size != compressed file size
+#>7 ulelong x \b, data size %d
+# attribute: 0x2~?? 0x10~symlink|target 0x20~normal
+#>19 ubyte x \b, 19_%#x
+# level identifier 0 1 2 3
+#>20 ubyte x \b, level %d
+# time stamp
+#>15 ubelong x DATE %#8.8x
+# OS ID for level 1
+>20 ubyte 1
+# 0x20 types find for *.rom files
+>>(21.b+24) ubyte <0x21 \b, %#x OS
+# ascii type like M for MSDOS
+>>(21.b+24) ubyte >0x20 \b, '%c' OS
+# OS ID for level 2
+>20 ubyte 2
+#>>23 ubyte x \b, OS ID %#x
+>>23 ubyte <0x21 \b, %#x OS
+>>23 ubyte >0x20 \b, '%c' OS
+# filename only for level 0 and 1
+>20 ubyte <2
+# length of filename
+>>21 ubyte >0 \b, with
+# filename
+>>>21 pstring x "%s"
+#
+#2 string -lh0- LHarc 1.x/ARX archive data [lh0]
+#!:mime application/x-lharc
+2 string -lh0-
+>0 use lharc-file
+#2 string -lh1- LHarc 1.x/ARX archive data [lh1]
+#!:mime application/x-lharc
+2 string -lh1-
+>0 use lharc-file
+# NEW -lz2- ... -lz8-
+2 string -lz2-
+>0 use lharc-file
+2 string -lz3-
+>0 use lharc-file
+2 string -lz4-
+>0 use lharc-file
+2 string -lz5-
+>0 use lharc-file
+2 string -lz7-
+>0 use lharc-file
+2 string -lz8-
+>0 use lharc-file
+# [never seen any but the last; -lh4- reported in comp.compression:]
+#2 string -lzs- LHa/LZS archive data [lzs]
+2 string -lzs-
+>0 use lharc-file
+# According to wikipedia and others such a version does not exist
+#2 string -lh\40- LHa 2.x? archive data [lh ]
+#2 string -lhd- LHa 2.x? archive data [lhd]
+2 string -lhd-
+>0 use lharc-file
+#2 string -lh2- LHa 2.x? archive data [lh2]
+2 string -lh2-
+>0 use lharc-file
+#2 string -lh3- LHa 2.x? archive data [lh3]
+2 string -lh3-
+>0 use lharc-file
+#2 string -lh4- LHa (2.x) archive data [lh4]
+2 string -lh4-
+>0 use lharc-file
+#2 string -lh5- LHa (2.x) archive data [lh5]
+2 string -lh5-
+>0 use lharc-file
+#2 string -lh6- LHa (2.x) archive data [lh6]
+2 string -lh6-
+>0 use lharc-file
+#2 string -lh7- LHa (2.x)/LHark archive data [lh7]
+2 string -lh7-
+# !:mime application/x-lha
+# >20 byte x - header level %d
+>0 use lharc-file
+# NEW -lh8- ... -lhe- , -lhx-
+2 string -lh8-
+>0 use lharc-file
+2 string -lh9-
+>0 use lharc-file
+2 string -lha-
+>0 use lharc-file
+2 string -lhb-
+>0 use lharc-file
+2 string -lhc-
+>0 use lharc-file
+2 string -lhe-
+>0 use lharc-file
+2 string -lhx-
+>0 use lharc-file
+# taken from idarc [JW]
+2 string -lZ PUT archive data
+# already done by LHarc magics
+# this should never happen if all sub types of LZS archive are identified
+#2 string -lz LZS archive data
+2 string -sw1- Swag archive data
+
+0 name rar-file-header
+>24 byte 15 \b, v1.5
+>24 byte 20 \b, v2.0
+>24 byte 29 \b, v4
+>15 byte 0 \b, os: MS-DOS
+>15 byte 1 \b, os: OS/2
+>15 byte 2 \b, os: Win32
+>15 byte 3 \b, os: Unix
+>15 byte 4 \b, os: Mac OS
+>15 byte 5 \b, os: BeOS
+
+0 name rar-archive-header
+>3 leshort&0x1ff >0 \b, flags:
+>>3 leshort &0x01 ArchiveVolume
+>>3 leshort &0x02 Commented
+>>3 leshort &0x04 Locked
+>>3 leshort &0x10 NewVolumeNaming
+>>3 leshort &0x08 Solid
+>>3 leshort &0x20 Authenticated
+>>3 leshort &0x40 RecoveryRecordPresent
+>>3 leshort &0x80 EncryptedBlockHeader
+>>3 leshort &0x100 FirstVolume
+
+# RAR (Roshal Archive) archive
+0 string Rar!\x1a\7\0 RAR archive data
+!:mime application/x-rar
+!:ext rar/cbr
+# file header
+>(0xc.l+9) byte 0x74
+>>(0xc.l+7) use rar-file-header
+# subblock seems to share information with file header
+>(0xc.l+9) byte 0x7a
+>>(0xc.l+7) use rar-file-header
+>9 byte 0x73
+>>7 use rar-archive-header
+
+0 string Rar!\x1a\7\1\0 RAR archive data, v5
+!:mime application/x-rar
+!:ext rar
+
+# Very old RAR archive
+# https://jasonblanks.com/wp-includes/images/papers/KnowyourarchiveRAR.pdf
+0 string RE\x7e\x5e RAR archive data (<v1.5)
+!:mime application/x-rar
+!:ext rar/cbr
+
+# SQUISH archiver (Greg Roelofs, newt@uchicago.edu)
+0 string SQSH squished archive data (Acorn RISCOS)
+
+# UC2 archiver (Greg Roelofs, newt@uchicago.edu)
+# [JW] see exe section for self-extracting version
+0 string UC2\x1a UC2 archive data
+
+# PKZIP multi-volume archive
+0 string PK\x07\x08PK\x03\x04 Zip multi-volume archive data, at least PKZIP v2.50 to extract
+!:mime application/zip
+!:ext zip/cbz
+
+# Android APK file (Zip archive)
+0 string PK\003\004
+!:strength +1
+# Starts with AndroidManifest.xml (file name length = 19)
+>26 uleshort 19
+>>30 string AndroidManifest.xml Android package (APK), with AndroidManifest.xml
+!:mime application/vnd.android.package-archive
+!:ext apk
+>>>-22 string PK\005\006
+>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block
+# Starts with META-INF/com/android/build/gradle/app-metadata.properties
+>26 uleshort 57
+>>30 string META-INF/com/android/build/gradle/
+>>>&0 string app-metadata.properties Android package (APK), with gradle app-metadata.properties
+!:mime application/vnd.android.package-archive
+!:ext apk
+>>>>-22 string PK\005\006
+>>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block
+# Starts with classes.dex (file name length = 11)
+>26 uleshort 11
+>>30 string classes.dex Android package (APK), with classes.dex
+!:mime application/vnd.android.package-archive
+!:ext apk
+>>>-22 string PK\005\006
+>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block
+# Starts with META-INF/MANIFEST.MF (file name length = 20)
+# NB: checks for resources.arsc, classes.dex, etc. as well to avoid matching JAR files
+>26 uleshort 20
+>>30 string META-INF/MANIFEST.MF
+# Contains resources.arsc (near the end, in the central directory)
+>>>-512 search resources.arsc Android package (APK), with MANIFEST.MF and resources.arsc
+!:mime application/vnd.android.package-archive
+!:ext apk
+>>>>-22 string PK\005\006
+>>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block
+>>>-512 default x
+# Contains classes.dex (near the end, in the central directory)
+>>>>-512 search classes.dex Android package (APK), with MANIFEST.MF and classes.dex
+!:mime application/vnd.android.package-archive
+!:ext apk
+>>>>>-22 string PK\005\006
+>>>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block
+>>>>-512 default x
+# Contains lib/armeabi (near the end, in the central directory)
+>>>>>-512 search lib/armeabi Android package (APK), with MANIFEST.MF and armeabi lib
+!:mime application/vnd.android.package-archive
+!:ext apk
+>>>>>>-22 string PK\005\006
+>>>>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block
+>>>>>-512 default x
+# Contains drawables (near the end, in the central directory)
+>>>>>>-512 search res/drawable Android package (APK), with MANIFEST.MF and drawables
+!:mime application/vnd.android.package-archive
+!:ext apk
+>>>>>>>-22 string PK\005\006
+>>>>>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block
+# It may or may not be an APK file, but it's definitely a Java JAR file
+>>>>>>-512 default x Java archive data (JAR)
+!:mime application/java-archive
+!:ext jar
+# Starts with zipflinger virtual entry (28 + 104 = 132 bytes)
+# See https://github.com/obfusk/apksigcopier/blob/666f5b7/apksigcopier/__init__.py#L230
+>4 string \x00\x00\x00\x00\x00\x00
+>>&0 string \x21\x08\x21\x02
+>>>&0 string \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
+>>>>&0 string \x00\x00 Android package (APK), with zipflinger virtual entry
+!:mime application/vnd.android.package-archive
+!:ext apk
+>>>>>-22 string PK\005\006
+>>>>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 \b, with APK Signing Block
+# APK Signing Block
+>0 default x
+>>-22 string PK\005\006
+>>>(-6.l-16) string APK\x20Sig\x20Block\x2042 Android package (APK), with APK Signing Block
+!:mime application/vnd.android.package-archive
+!:ext apk
+
+# Zip archives (Greg Roelofs, c/o zip-bugs@wkuvx1.wku.edu)
+0 string PK\005\006 Zip archive data (empty)
+!:mime application/zip
+!:ext zip/cbz
+!:strength +1
+0 string PK\003\004
+!:strength +1
+
+# Specialised zip formats which start with a member named 'mimetype'
+# (stored uncompressed, with no 'extra field') containing the file's MIME type.
+# Check for have 8-byte name, 0-byte extra field, name "mimetype", and
+# contents starting with "application/":
+>26 string \x8\0\0\0mimetypeapplication/
+
+# KOffice / OpenOffice & StarOffice / OpenDocument formats
+# From: Abel Cheung <abel@oaka.org>
+
+# KOffice (1.2 or above) formats
+# (mimetype contains "application/vnd.kde.<SUBTYPE>")
+>>50 string vnd.kde. KOffice (>=1.2)
+>>>58 string karbon Karbon document
+>>>58 string kchart KChart document
+>>>58 string kformula KFormula document
+>>>58 string kivio Kivio document
+>>>58 string kontour Kontour document
+>>>58 string kpresenter KPresenter document
+>>>58 string kspread KSpread document
+>>>58 string kword KWord document
+
+# OpenOffice formats (for OpenOffice 1.x / StarOffice 6/7)
+# (mimetype contains "application/vnd.sun.xml.<SUBTYPE>")
+# URL: https://en.wikipedia.org/wiki/OpenOffice.org_XML
+# reference: http://fileformats.archiveteam.org/wiki/OpenOffice.org_XML
+>>50 string vnd.sun.xml. OpenOffice.org 1.x
+>>>62 string writer Writer
+>>>>68 byte !0x2e document
+!:mime application/vnd.sun.xml.writer
+!:ext sxw
+>>>>68 string .template template
+!:mime application/vnd.sun.xml.writer.template
+!:ext stw
+>>>>68 string .web Web template
+!:mime application/vnd.sun.xml.writer.web
+!:ext stw
+>>>>68 string .global global document
+!:mime application/vnd.sun.xml.writer.global
+!:ext sxg
+>>>62 string calc Calc
+>>>>66 byte !0x2e spreadsheet
+!:mime application/vnd.sun.xml.calc
+!:ext sxc
+>>>>66 string .template template
+!:mime application/vnd.sun.xml.calc.template
+!:ext stc
+>>>62 string draw Draw
+>>>>66 byte !0x2e document
+!:mime application/vnd.sun.xml.draw
+!:ext sxd
+>>>>66 string .template template
+!:mime application/vnd.sun.xml.draw.template
+!:ext std
+>>>62 string impress Impress
+>>>>69 byte !0x2e presentation
+!:mime application/vnd.sun.xml.impress
+!:ext sxi
+>>>>69 string .template template
+!:mime application/vnd.sun.xml.impress.template
+!:ext sti
+>>>62 string math Math document
+!:mime application/vnd.sun.xml.math
+!:ext sxm
+>>>62 string base Database file
+!:mime application/vnd.sun.xml.base
+!:ext sdb
+
+# URL: https://wiki.openoffice.org/wiki/Documentation/DevGuide/Extensions/File_Format
+# From: Joerg Jenderek
+# Note: only few OXT samples are detected here by mimetype member
+# is used by OpenOffice and LibreOffice and probably also NeoOffice
+# verified by `unzip -Zv *.oxt` or `7z l -slt *.oxt`
+>>50 string vnd.openofficeorg. OpenOffice
+>>>68 string extension \b/LibreOffice Extension
+# http://extension.nirsoft.net/oxt
+!:mime application/vnd.openofficeorg.extension
+# like: Gallery-Puzzle.2.1.0.1.oxt
+!:ext oxt
+
+# OpenDocument formats (for OpenOffice 2.x / StarOffice >= 8)
+# URL: http://fileformats.archiveteam.org/wiki/OpenDocument
+# https://lists.oasis-open.org/archives/office/200505/msg00006.html
+# (mimetype contains "application/vnd.oasis.opendocument.<SUBTYPE>")
+>>50 string vnd.oasis.opendocument. OpenDocument
+>>>73 string text
+>>>>77 byte !0x2d Text
+!:mime application/vnd.oasis.opendocument.text
+!:ext odt
+>>>>77 string -template Text Template
+!:mime application/vnd.oasis.opendocument.text-template
+!:ext ott
+>>>>77 string -web HTML Document Template
+!:mime application/vnd.oasis.opendocument.text-web
+!:ext oth
+>>>>77 string -master
+>>>>>84 byte !0x2d Master Document
+!:mime application/vnd.oasis.opendocument.text-master
+!:ext odm
+>>>>>84 string -template Master Template
+!:mime application/vnd.oasis.opendocument.text-master-template
+!:ext otm
+>>>73 string graphics
+>>>>81 byte !0x2d Drawing
+!:mime application/vnd.oasis.opendocument.graphics
+!:ext odg
+>>>>81 string -template Drawing Template
+!:mime application/vnd.oasis.opendocument.graphics-template
+!:ext otg
+>>>73 string presentation
+>>>>85 byte !0x2d Presentation
+!:mime application/vnd.oasis.opendocument.presentation
+!:ext odp
+>>>>85 string -template Presentation Template
+!:mime application/vnd.oasis.opendocument.presentation-template
+!:ext otp
+>>>73 string spreadsheet
+>>>>84 byte !0x2d Spreadsheet
+!:mime application/vnd.oasis.opendocument.spreadsheet
+!:ext ods
+>>>>84 string -template Spreadsheet Template
+!:mime application/vnd.oasis.opendocument.spreadsheet-template
+!:ext ots
+>>>73 string chart
+>>>>78 byte !0x2d Chart
+!:mime application/vnd.oasis.opendocument.chart
+!:ext odc
+>>>>78 string -template Chart Template
+!:mime application/vnd.oasis.opendocument.chart-template
+!:ext otc
+>>>73 string formula
+>>>>80 byte !0x2d Formula
+!:mime application/vnd.oasis.opendocument.formula
+!:ext odf
+>>>>80 string -template Formula Template
+!:mime application/vnd.oasis.opendocument.formula-template
+!:ext otf
+# https://www.loc.gov/preservation/digital/formats/fdd/fdd000441.shtml
+>>>73 string database Database
+!:mime application/vnd.oasis.opendocument.database
+!:ext odb
+# Valid for LibreOffice Base 6.0.1.1 at least
+>>>73 string base Database
+# https://bugs.documentfoundation.org/show_bug.cgi?id=45854
+!:mime application/vnd.oasis.opendocument.base
+!:ext odb
+>>>73 string image
+>>>>78 byte !0x2d Image
+!:mime application/vnd.oasis.opendocument.image
+!:ext odi
+>>>>78 string -template Image Template
+!:mime application/vnd.oasis.opendocument.image-template
+!:ext oti
+
+# EPUB (OEBPS) books using OCF (OEBPS Container Format)
+# https://www.idpf.org/ocf/ocf1.0/download/ocf10.htm, section 4.
+# From: Ralf Brown <ralf.brown@gmail.com>
+>>50 string epub+zip EPUB document
+!:mime application/epub+zip
+
+# From: Hajin Jang <jb6804@naver.com>
+# hwpx (OWPML) document format follows OCF specification.
+# Hangul Word Processor 2010+ supports HWPX format.
+# URL: https://www.hancom.com/etc/hwpDownload.do
+# https://standard.go.kr/KSCI/standardIntro/getStandardSearchView.do?menuId=503&topMenuId=502&ksNo=KSX6101
+# https://e-ks.kr/streamdocs/view/sd;streamdocsId=72059197557727331
+>>50 string hwp+zip Hancom HWP (Hangul Word Processor) file, HWPX
+!:mime application/x-hwp+zip
+!:ext hwpx
+
+# From: Joerg Jenderek
+# URL: http://en.wikipedia.org/wiki/CorelDRAW
+# NOTE: version; til 2 WL-based; from 3 til 13 by ./riff; from 14 zip based
+>>50 string x-vnd.corel. Corel
+>>>62 string draw.document+zip Draw drawing, version 14-16
+!:mime application/x-vnd.corel.draw.document+zip
+!:ext cdr
+>>>62 string draw.template+zip Draw template, version 14-16
+!:mime application/x-vnd.corel.draw.template+zip
+!:ext cdrt
+>>>62 string zcf.draw.document+zip Draw drawing, version 17-22
+!:mime application/x-vnd.corel.zcf.draw.document+zip
+!:ext cdr
+>>>62 string zcf.draw.template+zip Draw template, version 17-22
+!:mime application/x-vnd.corel.zcf.draw.template+zip
+!:ext cdt/cdrt
+# URL: http://product.corel.com/help/CorelDRAW/540240626/Main/EN/Doc/CorelDRAW-Other-file-formats.html
+>>>62 string zcf.pattern+zip Draw pattern, version 22
+!:mime application/x-vnd.corel.zcf.pattern+zip
+!:ext pat
+# URL: https://en.wikipedia.org/wiki/Corel_Designer
+# Reference: http://fileformats.archiveteam.org/wiki/Corel_Designer
+# Note: called by TrID "Corel DESIGN graphics"
+>>>62 string designer.document+zip DESIGNER graphics, version 14-16
+!:mime application/x-vnd.corel.designer.document+zip
+!:ext des
+>>>62 string zcf.designer.document+zip DESIGNER graphics, version 17-21
+!:mime application/x-vnd.corel.zcf.designer.document+zip
+!:ext des
+# URL: http://product.corel.com/help/CorelDRAW/540223850/Main/EN/Documentation/
+# CorelDRAW-Corel-Symbol-Library-CSL.html
+>>>62 string symbol.library+zip Symbol Library, version 6-16.3
+!:mime application/x-vnd.corel.symbol.library+zip
+!:ext csl
+>>>62 string zcf.symbol.library+zip Symbol Library, version 17-22
+!:mime application/x-vnd.corel.zcf.symbol.library+zip
+!:ext csl
+
+# Catch other ZIP-with-mimetype formats
+# In a ZIP file, the bytes immediately after a member's contents are
+# always "PK". The 2 regex rules here print the "mimetype" member's
+# contents up to the first 'P'. Luckily, most MIME types don't contain
+# any capital 'P's. This is a kludge.
+# (mimetype contains "application/<OTHER>")
+>>50 default x Zip data
+>>>38 regex [!-OQ-~]+ (MIME type "%s"?)
+!:mime application/zip
+# (mimetype contents other than "application/*")
+>26 string \x8\0\0\0mimetype
+>>38 string !application/
+>>>38 regex [!-OQ-~]+ Zip data (MIME type "%s"?)
+!:mime application/zip
+
+# Java Jar files (see also APK files above)
+>(26.s+30) leshort 0xcafe Java archive data (JAR)
+!:mime application/java-archive
+!:ext jar
+
+# iOS App
+>(26.s+30) leshort !0xcafe
+>>26 string !\x8\0\0\0mimetype
+>>>30 string Payload/
+>>>>38 search/64 .app/ iOS App
+!:mime application/x-ios-app
+
+# Dup, see above.
+#>30 search/100/b application/epub+zip EPUB document
+#!:mime application/epub+zip
+
+# Generic zip archives (Greg Roelofs, c/o zip-bugs@wkuvx1.wku.edu)
+# Next line excludes specialized formats:
+>(26.s+30) leshort !0xcafe
+>>30 search/100/b !application/epub+zip
+>>>26 string !\x8\0\0\0mimetype Zip archive data
+!:mime application/zip
+>>>>4 beshort x \b, at least
+>>>>4 use zipversion
+>>>>4 beshort x to extract
+>>>>8 beshort x \b, compression method=
+>>>>8 use zipcompression
+>>>>0x161 string WINZIP \b, WinZIP self-extracting
+
+# StarView Metafile
+# From Pierre Ducroquet <pinaraf@pinaraf.info>
+0 string VCLMTF StarView MetaFile
+>6 beshort x \b, version %d
+>8 belong x \b, size %d
+
+# Zoo archiver
+# Update: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/Zoo_(file_format)
+# http://fileformats.archiveteam.org/wiki/Zoo
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/a/ark-zoo-strict.trid.xml
+# http://distcache.freebsd.org/ports-distfiles/zoo-2.10pl1.tar.gz/zoo.h
+# Note: called "ZOO compressed archive (strict)" by TrID and "ZOO Compressed Archive" by DROID via PUID x-fmt/269
+# verified by command like `deark -m zoo -l -d2 WHRCGA.ZOO`
+20 lelong 0xfdc4a7dc
+# skip DROID x-fmt-269-signature-id-621.zoo by looking for valid major version to manipulate archive
+>32 byte >0 Zoo archive data
+!:mime application/x-zoo
+# bak is extension of backup-ed zoo
+!:ext zoo/bak
+# version in text form like: 1.50 2.00 2.10
+>>4 byte >48 \b, v%c.
+>>>6 byte >47 \b%c
+>>>>7 byte >47 \b%c
+# ZOO files typically start with "ZOO ?.?? Archive.", followed by the bytes 0x1a 0x0 0x0; not used by Zoo and they may be anything
+>>8 string !\040Archive.\032 \b, at 8
+>>>8 string x text "%0.10s"
+# major_ver.minor_ver; minimum version needed to manipulate archive like: 1.0 2.0
+>>32 byte >0 \b, modify: v%d
+>>>33 byte x \b.%d+
+# major_ver.minor_ver; minimum version needed to extract after modify like in old versions
+>>(24.l+28) ubyte x \b, extract: v%u
+>>(24.l+29) ubyte x \b.%u+
+# with zoo 2.00 additional fields have been added in the archive header
+>>32 byte >1
+# type; type of archive header like: 1 2
+>>>34 ubyte !1 \b, header type %u
+# acmt_pos; position of archive comment like: 6258 30599 61369 149501
+>>>35 lelong >0 \b, at %d
+# acmt_len; length of archive comment like: 258
+>>>>39 uleshort x %u bytes comment
+#>>>>(35.l) ubequad x COMMENT=%16.16llx
+# 1st character of comment maybe is CarriageReturn (0x0d)
+>>>>(35.l) ubyte <040
+# 2nd character of comment maybe is LineFeed (0x0a)
+>>>>>(35.l+1) ubyte <040
+# comment string after CRLF like "Anonymous ftp site garbo.uwasa.fi 128.214.87.1 moderated by"
+>>>>>>(35.l+2) string x %s
+# next character of remaining comment maybe is CarriageReturn (0x0d)
+>>>>>>>&0 ubyte <040
+>>>>>>>>&0 ubyte <040
+# 2nd comment part like: Timo Salmi ts@chyde.uwasa.fi PC directories and uploads\015\012Harri Valkama hv@chyde.uwasa.fi PC, Mac, Unix files, and upload
+>>>>>>>>>&0 string >037 %s
+# vdata; archive-level versioning byte like: 1 3
+>>>41 ubyte !1 \b, vdata %#x
+# zoo_start; pointer to 1st entry header
+>>24 lelong x \b; at %u
+# zoo_minus; zoo_start -1 for consistency checking
+#>>28 lelong x \b, zoo_minus %#x
+# zoo_tag; tag for check
+#>>(24.l+0) ulelong !0xfdc4a7dc \b, zoo_tag=%8.8x
+# type; type of directory entry like: 1 2
+>>(24.l+4) ubyte !2 type=%u
+# packing_method; 0~no packing 1~normal LZW 2~lzh
+>>(24.l+5) ubyte x method=
+>>>(24.l+5) ubyte 0 \bnot-compressed
+>>>(24.l+5) ubyte 1 \blzd
+>>>(24.l+5) ubyte 2 \blzh
+# next; position of next directory entry
+>>(24.l+6) ulelong x \b, next entry at %u
+# offset; position of file data for this entry
+#>>(24.l+10) ulelong x \b, data at %u
+# file_crc; CRC-16 of file data
+>>(24.l+18) uleshort x \b, CRC %#4.4x
+# comment; zero if none or points to entry comment like ADD9h (WHRCGA.ZOO)
+>>(24.l+32) lelong >0 \b, at %#x
+# cmt_size; if not 0 for none then length of entry comment like: 46
+>>>(24.l+36) uleshort >0 %u bytes comment
+# entry comment itself like: "CGA .GL file showing menu input from keyboard"
+>>>>(&-6.l) string x "%s"
+# org_size; original size of file
+>>(24.l+20) ulelong x \b, size %u
+# size_now; compressed size of file
+>>(24.l+24) ulelong x (%u compressed)
+# major_ver.minor_ver; minimum version needed to extract already done
+# deleted; will be 1 if deleted, 0 if not
+>>(24.l+30) ubyte =1 \b, deleted
+# struc; file structure if any; WHAT IS THAT?
+>>(24.l+31) ubyte !0 \b, structured
+# fname[13]; short/DOS file name like 12345678.012
+>>(24.l+38) string x \b, %0.13s
+# for directory entry type 2 with variable part
+>>(24.l+4) ubyte =2
+# var_dir_len; length of variable part of dir entry
+>>>(24.l+51) uleshort >0
+#>>>(24.l+51) uleshort >0 \b, variable part length %u
+# namlen; length of long filename
+#>>>>(24.l+56) ubyte x \b, namlen %u
+# dirlen; length of directory name
+#>>>>(24.l+57) ubyte x \b, dirlen %u
+# if file length positive then show long file name
+>>>>(24.l+56) ubyte >0
+# lfname[256]; long file name \0-terminated
+>>>>>(24.l+58) string x "%s"
+# if directory length positive then jump before file name field and then jump this addtional length plus 2 (\0-terminator + dirlen field) to following directory name
+>>>>(24.l+57) ubyte >0
+>>>>>(24.l+55) ubyte x
+# dirname[256]; directory name \0-terminated
+>>>>>>&(&0.b+2) string x in "%s"
+# dir_crc; CRC of directory entry
+#>>>(24.l+54) uleshort x \b, entry CRC %#4.4x
+# tz; timezone where file was archived; 7Fh~unknown 4~1.00hoursWestOfUTC 12 16 20~5.00hoursWestOfUTC -107~26.75hoursEastOfUTC -4~1.00hoursEastOfUTC
+>>>(24.l+53) byte !0x7f \b, time zone %d/4
+# date; last mod file date in DOS format
+>>>(24.l+14) lemsdosdate x \b, modified %s
+# time; last mod file time in DOS format
+>>>(24.l+16) lemsdostime x %s
+
+# Shell archives
+10 string #\ This\ is\ a\ shell\ archive shell archive text
+!:mime application/octet-stream
+
+#
+# LBR. NB: May conflict with the questionable
+# "binary Computer Graphics Metafile" format.
+#
+0 string \0\ \ \ \ \ \ \ \ \ \ \ \0\0 LBR archive data
+#
+# PMA (CP/M derivative of LHA)
+# Update: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/LHA_(file_format)
+#
+#2 string -pm0- PMarc archive data [pm0]
+2 string -pm0-
+>0 use lharc-file
+#2 string -pm1- PMarc archive data [pm1]
+2 string -pm1-
+>0 use lharc-file
+#2 string -pm2- PMarc archive data [pm2]
+2 string -pm2-
+>0 use lharc-file
+2 string -pms- PMarc SFX archive (CP/M, DOS)
+#!:mime application/x-foobar-exec
+!:ext com
+5 string -pc1- PopCom compressed executable (CP/M)
+#!:mime application/x-
+#!:ext com
+
+# From Rafael Laboissiere <rafael@laboissiere.net>
+# The Project Revision Control System (see
+# http://prcs.sourceforge.net) generates a packaged project
+# file which is recognized by the following entry:
+0 leshort 0xeb81 PRCS packaged project
+
+# Microsoft cabinets
+# by David Necas (Yeti) <yeti@physics.muni.cz>
+#0 string MSCF\0\0\0\0 Microsoft cabinet file data,
+#>25 byte x v%d
+#>24 byte x \b.%d
+# MPi: All CABs have version 1.3, so this is pointless.
+# Better magic in debian-additions.
+
+# GTKtalog catalogs
+# by David Necas (Yeti) <yeti@physics.muni.cz>
+4 string gtktalog\ GTKtalog catalog data,
+>13 string 3 version 3
+>>14 beshort 0x677a (gzipped)
+>>14 beshort !0x677a (not gzipped)
+>13 string >3 version %s
+
+############################################################################
+# Parity archive reconstruction file, the 'par' file format now used on Usenet.
+0 string PAR\0 PARity archive data
+>48 leshort =0 - Index file
+>48 leshort >0 - file number %d
+
+# Felix von Leitner <felix-file@fefe.de>
+0 string d8:announce BitTorrent file
+!:mime application/x-bittorrent
+!:ext torrent
+# Durval Menezes, <jmgthbfile at durval dot com>
+0 string d13:announce-list BitTorrent file
+!:mime application/x-bittorrent
+!:ext torrent
+0 string d7:comment BitTorrent file
+!:mime application/x-bittorrent
+!:ext torrent
+0 string d4:info BitTorrent file
+!:mime application/x-bittorrent
+!:ext torrent
+
+# Atari MSA archive - Teemu Hukkanen <tjhukkan@iki.fi>
+# URL: http://fileformats.archiveteam.org/wiki/MSA_(Magic_Shadow_Archiver)
+# Reference: http://info-coach.fr/atari/documents/_mydoc/FD_Image_File_Format.pdf
+# http://mark0.net/download/triddefs_xml.7z/defs/m/msa.trid.xml
+# Update: Joerg Jenderek
+# Note: called by TrID "Atari MSA Disk Image" and verified by
+# command like `deark -l -m msa -d2 PDATS578.msa` as " Atari ST floppy disk image"
+# GRR: line below is too general as it matches setup.skin
+0 beshort 0x0e0f
+# skip foo setup.skin with unrealistic high number 52255 of sides by check for valid "low" value
+>4 ubeshort <2 Atari MSA archive data
+#!:mime application/octet-stream
+!:mime application/x-atari-msa
+!:ext msa
+# sectors per track like: 9 10
+>>2 beshort x \b, %d sectors per track
+# sides (0 or 1; add 1 to this to get correct number of sides)
+>>4 beshort 0 \b, 1 sided
+>>4 beshort 1 \b, 2 sided
+# starting track like: 0
+>>6 beshort x \b, starting track: %d
+# ending track like: 39 79 80 81
+>>8 beshort x \b, ending track: %d
+# tracks content
+#>>10 ubequad x \b, track content %#16.16llx
+
+# Alternate ZIP string (amc@arwen.cs.berkeley.edu)
+0 string PK00PK\003\004 Zip archive data
+!:mime application/zip
+!:ext zip/cbz
+
+# Recognize ZIP archives with prepended data by end-of-central-directory record
+# https://en.wikipedia.org/wiki/ZIP_(file_format)#End_of_central_directory_record_(EOCD)
+# by Michal Gorny <mgorny@gentoo.org>
+-2 uleshort 0
+>&-22 string PK\005\006
+# without #!
+>>0 string !#! Zip archive, with extra data prepended
+!:mime application/zip
+!:ext zip/cbz
+# with #!
+>>0 string/w #!\ a
+>>>&-1 string/T x %s script executable (Zip archive)
+
+# ACE archive (from http://www.wotsit.org/download.asp?f=ace)
+# by Stefan `Sec` Zehl <sec@42.org>
+7 string **ACE** ACE archive data
+!:mime application/x-ace-compressed
+!:ext ace
+>15 byte >0 version %d
+>16 byte =0x00 \b, from MS-DOS
+>16 byte =0x01 \b, from OS/2
+>16 byte =0x02 \b, from Win/32
+>16 byte =0x03 \b, from Unix
+>16 byte =0x04 \b, from MacOS
+>16 byte =0x05 \b, from WinNT
+>16 byte =0x06 \b, from Primos
+>16 byte =0x07 \b, from AppleGS
+>16 byte =0x08 \b, from Atari
+>16 byte =0x09 \b, from Vax/VMS
+>16 byte =0x0A \b, from Amiga
+>16 byte =0x0B \b, from Next
+>14 byte x \b, version %d to extract
+>5 leshort &0x0080 \b, multiple volumes,
+>>17 byte x \b (part %d),
+>5 leshort &0x0002 \b, contains comment
+>5 leshort &0x0200 \b, sfx
+>5 leshort &0x0400 \b, small dictionary
+>5 leshort &0x0800 \b, multi-volume
+>5 leshort &0x1000 \b, contains AV-String
+>>30 string \x16*UNREGISTERED\x20VERSION* (unregistered)
+>5 leshort &0x2000 \b, with recovery record
+>5 leshort &0x4000 \b, locked
+>5 leshort &0x8000 \b, solid
+# Date in MS-DOS format (whatever that is)
+#>18 lelong x Created on
+
+# sfArk : compression program for Soundfonts (sf2) by Dirk Jagdmann
+# <doj@cubic.org>
+0x1A string sfArk sfArk compressed Soundfont
+>0x15 string 2
+>>0x1 string >\0 Version %s
+>>0x2A string >\0 : %s
+
+# DR-DOS 7.03 Packed File *.??_
+# Reference: http://www.antonis.de/dos/dos-tuts/mpdostip/html/nwdostip.htm
+# Note: unpacked by PNUNPACK.EXE
+0 string Packed\ File\
+# by looking for Control-Z skip ASCII text starting with Packed File
+>0x18 ubyte 0x1a Personal NetWare Packed File
+!:mime application/x-novell-compress
+!:ext ??_
+>>12 string x \b, was "%.12s"
+# 1 or 2
+#>>0x19 ubyte x \b, at 0x19 %u
+>>0x1b ulelong x with %u bytes
+
+# EET archive
+# From: Tilman Sauerbeck <tilman@code-monkey.de>
+0 belong 0x1ee7ff00 EET archive
+!:mime application/x-eet
+
+# rzip archives
+0 string RZIP rzip compressed data
+>4 byte x - version %d
+>5 byte x \b.%d
+>6 belong x (%d bytes)
+
+# From: Joerg Jenderek
+# URL: https://help.foxitsoftware.com/kb/install-fzip-file.php
+# reference: http://mark0.net/download/triddefs_xml.7z/
+# defs/f/fzip.trid.xml
+# Note: unknown compression; No "PK" zip magic; normally in directory like
+# "%APPDATA%\Foxit Software\Addon\Foxit Reader\Install"
+0 ubequad 0x2506781901010000 Foxit add-on/update
+!:mime application/x-fzip
+!:ext fzip
+
+# From: "Robert Dale" <robdale@gmail.com>
+0 belong 123 dar archive,
+>4 belong x label "%.8x
+>>8 belong x %.8x
+>>>12 beshort x %.4x"
+>14 byte 0x54 end slice
+>14 beshort 0x4e4e multi-part
+>14 beshort 0x4e53 multi-part, with -S
+
+# Symbian installation files
+# https://www.thouky.co.uk/software/psifs/sis.html
+# http://developer.symbian.com/main/downloads/papers/SymbianOSv91/softwareinstallsis.pdf
+8 lelong 0x10000419 Symbian installation file
+!:mime application/vnd.symbian.install
+>4 lelong 0x1000006D (EPOC release 3/4/5)
+>4 lelong 0x10003A12 (EPOC release 6)
+0 lelong 0x10201A7A Symbian installation file (Symbian OS 9.x)
+!:mime x-epoc/x-sisx-app
+
+# From "Nelson A. de Oliveira" <naoliv@gmail.com>
+0 string MPQ\032 MoPaQ (MPQ) archive
+
+# From: "Nelson A. de Oliveira" <naoliv@gmail.com>
+# .kgb
+0 string KGB_arch KGB Archiver file
+>10 string x with compression level %.1s
+
+# xar (eXtensible ARchiver) archive
+# URL: https://en.wikipedia.org/wiki/Xar_(archiver)
+# xar archive format: https://code.google.com/p/xar/
+# From: "David Remahl" <dremahl@apple.com>
+# Update: Joerg Jenderek
+# TODO: lzma compression; X509Data for pkg and xip
+# Note: verified by `xar --dump-header -f FullBundleUpdate.xar` or
+# 7z t -txar Xcode_10.2_beta_4.xip`
+0 string xar! xar archive
+!:mime application/x-xar
+# pkg for Mac OSX installer package like FullBundleUpdate.pkg
+# xip for signed Apple software like Xcode_10.2_beta_4.xip
+!:ext xar/pkg/xip
+# always 28 in older archives
+>4 ubeshort >28 \b, header size %u
+# currently there exit only version 1 since about 2014
+>6 ubeshort >1 version %u,
+>8 ubequad x compressed TOC: %llu,
+#>16 ubequad x uncompressed TOC: %llu,
+# cksum_alg 0-2 in older and also 3-4 in newer
+>24 belong 0 no checksum
+>24 belong 1 SHA-1 checksum
+>24 belong 2 MD5 checksum
+>24 belong 3 SHA-256 checksum
+>24 belong 4 SHA-512 checksum
+>24 belong >4 unknown %#x checksum
+#>24 belong >4 checksum
+# For no compression jump 0 bytes
+>24 belong 0
+>>0 ubyte x
+# jump more bytes forward by header size
+>>>&(4.S) ubyte x
+# jump more bytes forward by compressed table of contents size
+#>>>>&(8.Q) ubequad x \b, heap data %#llx
+>>>>&(8.Q) ubyte x
+# look for data by ./compress after message with 1 space at end
+>>>>>&-3 indirect x \b, contains
+# For SHA-1 jump 20 minus 2 bytes
+>24 belong 1
+>>18 ubyte x
+# jump more bytes forward by header size
+>>>&(4.S) ubyte x
+# jump more bytes forward by compressed table of contents size
+>>>>&(8.Q) ubyte x
+# data compressed by gzip, bzip, lzma or none
+>>>>>&-1 indirect x \b, contains
+# For SHA-256 jump 32 minus 2 bytes
+>24 belong 3
+>>30 ubyte x
+# jump more bytes forward by header size
+>>>&(4.S) ubyte x
+# jump more bytes forward by compressed table of contents size
+>>>>&(8.Q) ubyte x
+>>>>>&-1 indirect x \b, contains
+# For SHA-512 jump 64 minus 2 bytes
+>24 belong 4
+>>62 ubyte x
+# jump more bytes forward by header size
+>>>&(4.S) ubyte x
+# jump more bytes forward by compressed table of contents size
+>>>>&(8.Q) ubyte x
+>>>>>&-1 indirect x \b, contains
+
+# Type: Parity Archive
+# From: Daniel van Eeden <daniel_e@dds.nl>
+0 string PAR2 Parity Archive Volume Set
+
+# Bacula volume format. (Volumes always start with a block header.)
+# URL: https://bacula.org/3.0.x-manuals/en/developers/developers/Block_Header.html
+# From: Adam Buchbinder <adam.buchbinder@gmail.com>
+12 string BB02 Bacula volume
+>20 bedate x \b, started %s
+
+# ePub is XHTML + XML inside a ZIP archive. The first member of the
+# archive must be an uncompressed file called 'mimetype' with contents
+# 'application/epub+zip'
+
+
+# From: "Michael Gorny" <mgorny@gentoo.org>
+# ZPAQ: http://mattmahoney.net/dc/zpaq.html
+0 string zPQ ZPAQ stream
+>3 byte x \b, level %d
+# From: Barry Carter <carter.barry@gmail.com>
+# https://encode.ru/threads/456-zpaq-updates/page32
+0 string 7kSt ZPAQ file
+
+# BBeB ebook, unencrypted (LRF format)
+# URL: https://www.sven.de/librie/Librie/LrfFormat
+# From: Adam Buchbinder <adam.buchbinder@gmail.com>
+0 string L\0R\0F\0\0\0 BBeB ebook data, unencrypted
+>8 beshort x \b, version %d
+>36 byte 1 \b, front-to-back
+>36 byte 16 \b, back-to-front
+>42 beshort x \b, (%dx,
+>44 beshort x %d)
+
+# Symantec GHOST image by Joerg Jenderek at May 2014
+# https://us.norton.com/ghost/
+# https://www.garykessler.net/library/file_sigs.html
+0 ubelong&0xFFFFf7f0 0xFEEF0100 Norton GHost image
+# *.GHO
+>2 ubyte&0x08 0x00 \b, first file
+# *.GHS or *.[0-9] with cns program option
+>2 ubyte&0x08 0x08 \b, split file
+# part of split index interesting for *.ghs
+>>4 ubyte x id=%#x
+# compression tag minus one equals numeric compression command line switch z[1-9]
+>3 ubyte 0 \b, no compression
+>3 ubyte 2 \b, fast compression (Z1)
+>3 ubyte 3 \b, medium compression (Z2)
+>3 ubyte >3
+>>3 ubyte <11 \b, compression (Z%d-1)
+>2 ubyte&0x08 0x00
+# ~ 30 byte password field only for *.gho
+>>12 ubequad !0 \b, password protected
+>>44 ubyte !1
+# 1~Image All, sector-by-sector only for *.gho
+>>>10 ubyte 1 \b, sector copy
+# 1~Image Boot track only for *.gho
+>>>43 ubyte 1 \b, boot track
+# 1~Image Disc only for *.gho implies Image Boot track and sector copy
+>>44 ubyte 1 \b, disc sector copy
+# optional image description only *.gho
+>>0xff string >\0 "%-.254s"
+# look for DOS sector end sequence
+>0xE08 search/7776 \x55\xAA
+>>&-512 indirect x \b; contains
+
+# Google Chrome extensions
+# https://developer.chrome.com/extensions/crx
+# https://developer.chrome.com/extensions/hosting
+0 string Cr24 Google Chrome extension
+!:mime application/x-chrome-extension
+>4 ulong x \b, version %u
+
+# SeqBox - Sequenced container
+# ext: sbx, seqbox
+# Marco Pontello marcopon@gmail.com
+# reference: https://github.com/MarcoPon/SeqBox
+0 string SBx SeqBox,
+>3 byte x version %d
+
+# LyNX archive
+# Update: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/Lynx_archive
+# Reference: http://ist.uwaterloo.ca/~schepers/formats/LNX.TXT
+# http://mark0.net/download/triddefs_xml.7z/defs/a/ark-lnx.trid.xml
+# Note: called "Lynx archive" by TrID and "Commodore C64 BASIC program" with "POKE 53280" by ./c64
+# TODO: merge and unify with Commodore C64 BASIC program
+56 string USE\040LYNX\040TO\040DISSOLVE\040THIS\040FILE LyNX archive
+# display "Lynx archive" (strength=330) before Commodore C64 BASIC program (strength=50) handled by ./c64
+#!:strength +0
+#!:mime application/octet-stream
+!:mime application/x-commodore-lnx
+!:ext lnx
+# afterwards look for BASIC tokenized GOTO (89h) 10, line terminator \0, end of programm tag \0\0 and CarriageReturn
+>86 search/10 \x8910\0\0\0\r \b,
+# for DEBUGGING
+#>>&0 string x STRING="%s"
+# number in ASCII of directory blocks with spaces on both sides like: 1 2 3 5
+>>&0 regex [0-9]{1,5} %s directory blocks
+# signature like: "*LYNX XII BY WILL CORLEY" " LYNX IX BY WILL CORLEY" "*LYNX BY CBMCONVERT 2.0*"
+>>>&2 regex [^\r]{1,24} \b, signature "%s"
+# number of files in ASCII surrounded by spaces and delimited by CR like: 2 3 6 13 69 144 (maximum?)
+>>>>&1 regex [0-9]{1,3} \b, %s files
+
+# From: Joerg Jenderek
+# URL: https://www.acronis.com/
+# Reference: https://en.wikipedia.org/wiki/TIB_(file_format)
+# Note: only tested with True Image 2013 Build 5962 and 2019 Build 14110
+0 ubequad 0xce24b9a220000000 Acronis True Image backup
+!:mime application/x-acronis-tib
+!:ext tib
+# 01000000
+#>20 ubelong x \b, at 20 %#x
+# 20000000
+#>28 ubelong x \b, at 28 %#x
+# strings like "Generic- SD/MMC 1.00" "Unknown Disk" "Msft Virtual Disk 1.0"
+# ???
+# strings like "\Device\0000011e" "\Device\0000015a"
+#>0 search/0x6852300/cs \\Device\\
+#>>&-1 pstring x \b, %s
+# "\Device\HarddiskVolume30" "\Device\HarddiskVolume39"
+#>>>&1 search/180/cs \\Device\\
+#>>>>&-1 pstring x \b, %s
+#>>>>>&0 search/29/cs \0\0\xc8\0
+# disk label
+#>>>>>>&10 lestring16 x \b, disk label %11.11s
+#>>>>>>&9 plestring16 x \b, disk label "%11.11s"
+#>>>>>>&10 ubequad x %16.16llx
+
+
+# Gentoo XPAK binary package
+# by Michal Gorny <mgorny@gentoo.org>
+# https://gitweb.gentoo.org/proj/portage.git/tree/man/xpak.5
+-4 string STOP
+>-16 string XPAKSTOP Gentoo binary package (XPAK)
+!:mime application/vnd.gentoo.xpak
+
+# From: Joerg Jenderek
+# URL: https://kodi.wiki/view/TexturePacker
+# Reference: https://mirrors.kodi.tv/releases/source/17.3-Krypton.tar.gz
+# /xbmc-Krypton/xbmc/guilib/XBTF.h
+# /xbmc-Krypton/xbmc/guilib/XBTF.cpp
+0 string XBTF
+# skip ASCII text by looking for terminating \0 of path
+>264 ubyte 0 XBMC texture package
+!:mime application/x-xbmc-xbt
+!:ext xbt
+# XBTF_VERSION 2
+>>4 string !2 \b, version %-.1s
+# nofFiles /xbmc-Krypton/xbmc/guilib/XBTFReader.cpp
+>>5 ulelong x \b, %u file
+# plural s
+>>5 ulelong >1 \bs
+# path[CXBTFFile[MaximumPathLength=256]
+>>9 string x \b, 1st %s
+
+# ALZIP archive
+# by Hyungjun Park <hyungjun.park@worksmobile.com>, Hajin Jang <hajin_jang@worksmobile.com>
+# http://kippler.com/win/unalz/
+# https://salsa.debian.org/l10n-korean-team/unalz
+0 string ALZ\001 ALZ archive data
+!:ext alz
+
+# https://cf-aldn.altools.co.kr/setup/EGG_Specification.zip
+0 string EGGA EGG archive data,
+!:ext egg
+>5 byte x version %u
+>4 byte x \b.%u
+>>0x0E ulelong =0x08E28222
+>>0x0E ulelong =0x24F5A262 \b, split
+>>0x0E ulelong =0x24E5A060 \b, solid
+>>0x0E default x \b, unknown
+
+# PAQ9A archive
+# URL: http://mattmahoney.net/dc/#paq9a
+# Note: Line 1186 of paq9a.cpp gives the magic bytes
+0 string pQ9\001 PAQ9A archive
+
+# From wof (wof@stachelkaktus.net)
+0 string Unison\ archive\ format Unison archive format
+
+# https://ankiweb.net
+30 string collection.anki2 Anki APKG file
+#!:ext .apkg
+
+# Synology archive (DiskStation Manager 7.0+)
+# From: Alexandre Iooss <erdnaxe@crans.org>
+# Note: These archives are signed and encrypted.
+0 ulelong&0xFFFFFF00 0xEFBEAD00
+# MessagePack header (fixarray of 5 elements starting with a bin of 32 bytes)
+>8 ulelong&0x00FFFFFF 0x20C495 Synology archive
+!:ext spk
+# Extract some properties from MessagePack third item
+>>43 search/0x10000 package=
+>>>&0 string x \b, package %s
+>>43 search/0x10000 arch=
+>>>&0 string x %s
+>>43 search/0x10000 version=
+>>>&0 string x %s
+>>43 search/0x10000 create_time=
+>>>&0 string x \b, created on %s
+
+# MonoGame/XNA processed assets archive
+# From: Alexandre Iooss <erdnaxe@crans.org>
+# URL: https://github.com/MonoGame/MonoGame/blob/v3.8.1/MonoGame.Framework/Content/ContentManager.cs
+0 string XNB
+# XNB must be version 4 or 5
+>4 byte <6
+>>4 byte >3
+# Size must be positive
+>>>6 lelong >0 MonoGame/XNA processed assets
+!:ext xnb
+>>>>3 string =w \b, for Windows
+>>>>3 string =x \b, for Xbox360
+>>>>3 string =i \b, for iOS
+>>>>3 string =a \b, for Android
+>>>>3 string =d \b, for DesktopGL
+>>>>3 string =X \b, for MacOSX
+>>>>3 string =W \b, for WindowsStoreApp
+>>>>3 string =n \b, for NativeClient
+>>>>3 string =M \b, for WindowsPhone8
+>>>>3 string =r \b, for RaspberryPi
+>>>>3 string =P \b, for PlayStation4
+>>>>3 string =5 \b, for PlayStation5
+>>>>3 string =O \b, for XboxOne
+>>>>3 string =S \b, for Nintendo Switch
+>>>>3 string =G \b, for Google Stadia
+>>>>3 string =b \b, for WebAssembly and Bridge.NET
+>>>>3 string =m \b, for WindowsPhone7.0 (XNA)
+>>>>3 string =p \b, for PlayStationMobile
+>>>>3 string =v \b, for PSVita
+>>>>3 string =g \b, for Windows (OpenGL)
+>>>>3 string =l \b, for Linux
+>>>>4 byte x \b, version %d
+>>>>5 byte &0x80 \b, LZX compressed
+>>>>>10 lelong x \b, decompressed size: %d bytes
+>>>>5 byte &0x40 \b, LZ4 compressed
+>>>>>10 lelong x \b, decompressed size: %d bytes
+
+# Electron ASAR archive
+# From: Alexandre Iooss <erdnaxe@crans.org>
+# URL: https://github.com/electron/asar
+0 ulelong 4
+# Match JSON header start and end
+>16 string {"files":{"
+>>(12.l+12) string }}}} Electron ASAR archive
+!:ext asar
+>>>12 ulelong x \b, header length: %d bytes
diff --git a/magic/Magdir/aria b/magic/Magdir/aria
new file mode 100644
index 0000000..c3a6bf5
--- /dev/null
+++ b/magic/Magdir/aria
@@ -0,0 +1,38 @@
+
+#------------------------------------------------------------------------------
+# URL: https://de.wikipedia.org/wiki/Aria_(Software)
+# Reference: https://github.com/aria2/aria2/blob/master/doc/manual-src/en/technical-notes.rst
+# From: Joerg Jenderek
+# Note: only version 1 suited
+# check for valid version one
+0 beshort 0x0001
+# skip most uncompressed DEGAS med-res bitmap *.PI2 and GEM bitmap (v1) *.IMG
+# by test for valid infoHashCheck extension
+>2 ubelong&0xffFFffFE 0x00000000
+# skip DEGAS med-res bitmap DIAGRAM1.PI2 by test for valid length of download
+>>(6.L+14) ubequad >0
+>>>0 use aria
+0 name aria
+# version; (0x0000) or (0x0001); for 0 all multi-byte are in host byte order. For 1 big endian
+>0 beshort x aria2 control file, version %u
+#!:mime application/octet-stream
+!:mime application/x-aria
+!:ext aria2
+# EXTension; if EXT[3]&1 == 1 checks whether saved InfoHash and current downloading the same; infoHashCheck extension
+>2 ubelong !0 \b, infoHashCheck %#x
+# info hash length like: 0 14h
+>6 ubelong !0 \b, %#x bytes info hash
+# info hash; BitTorrent InfoHash
+>>10 ubequad x %#16.16llx...
+# piece length; the length of the piece like: 400h 100000h
+>(6.L+10) ubelong x \b, piece length 0x%x
+# total length; the total length of the download
+>(6.L+14) ubequad x \b, total length %llu
+#>(6.L+14) ubequad x \b, total length %#llx
+# upload length; the uploaded length of download like: 0 400h
+>(6.L+22) ubequad !0 \b, upload length %#llx
+# bitfield length; the length of bitfield like: 4 6 Ah 10h 13h 167h
+>(6.L+30) ubelong x \b, %#x bytes bitfield
+# bitfield; bitfield which represents current download progress
+>(6.L+34) ubequad !0 %#llx...
+
diff --git a/magic/Magdir/arm b/magic/Magdir/arm
new file mode 100644
index 0000000..c514320
--- /dev/null
+++ b/magic/Magdir/arm
@@ -0,0 +1,50 @@
+#------------------------------------------------------------------------------
+# $File: arm,v 1.3 2022/10/31 14:35:39 christos Exp $
+# arm: file(1) magic for ARM COFF
+#
+# https://docs.microsoft.com/en-us/windows/win32/debug/pe-format
+
+# Aarch64
+0 leshort 0xaa64
+# test for unused flag bits in f_flags
+>18 uleshort&0x8E80 0
+# use little endian variant of subroutine to
+# display name+variables+flags for common object formatted files
+>>0 use display-coff
+!:strength -10
+
+# ARM
+0 leshort 0x01c0
+# test for unused flag bits in f_flags
+>18 uleshort&0x8E80 0
+# use little endian variant of subroutine to
+# display name+variables+flags for common object formatted files
+>>0 use display-coff
+!:strength -10
+
+# ARM Thumb
+0 leshort 0x01c2
+# test for unused flag bits in f_flags
+>18 uleshort&0x8E80 0
+# use little endian variant of subroutine to
+# display name+variables+flags for common object formatted files
+>>0 use display-coff
+!:strength -10
+
+# ARMv7 Thumb
+0 leshort 0x01c4
+# test for unused flag bits in f_flags
+>18 uleshort&0x8E80 0
+# use little endian variant of subroutine to
+# display name+variables+flags for common object formatted files
+>>0 use display-coff
+!:strength -10
+
+# ARM64EC
+0 leshort 0xa641
+# test for unused flag bits in f_flags
+>18 uleshort&0x8E80 0
+# use little endian variant of subroutine to
+# display name+variables+flags for common object formatted files
+>>0 use display-coff
+!:strength -10
diff --git a/magic/Magdir/asf b/magic/Magdir/asf
new file mode 100644
index 0000000..744a0af
--- /dev/null
+++ b/magic/Magdir/asf
@@ -0,0 +1,132 @@
+
+#------------------------------------------------------------------------------
+# $File: asf,v 1.4 2022/10/31 13:22:26 christos Exp $
+# asf: file(1) magic for Microsoft Advanced Systems Format (ASF) files
+# http://www.staroceans.org/e-book/ASF_Specification.pdf
+
+0 name asf-name
+# ASF_Data_Object
+#>0 guid 75B22636-668E-11CF-A6D9-00AA0062CE6C
+#>16 lequad >0
+#>>(16.q) use asf-object
+# ASF_Simple_Index_Object
+>0 guid 33000890-E5B1-11CF-89F4-00A0C90349CB
+>0 guid D6E229D3-35DA-11D1-9034-00A0C90349BE ASF_Index_Object
+>0 guid FEB103F8-12AD-4C64-840F-2A1D2F7AD48C ASF_Media_Object_Index_Object
+>0 guid 3CB73FD0-0C4A-4803-953D-EDF7B6228F0C ASF_Timecode_Index_Object
+
+# ASF_File_Properties_Object
+>0 guid 8CABDCA1-A947-11CF-8EE4-00C00C205365
+
+# ASF_Stream_Properties_Object
+>0 guid B7DC0791-A9B7-11CF-8EE6-00C00C205365
+#>>56 lequad x Time Offset %lld
+#>>64 lelong x Type-Specific Data Length %d
+#>>68 lelong x Error Correction Data Length %d
+#>>72 leshort x Flags %#x
+#>>74 lelong x Reserved %x
+# ASF_Audio_Media
+>>24 guid F8699E40-5B4D-11CF-A8FD-00805F5C442B \b, Audio Media (
+>>>78 leshort x \bCodec Id %d
+>>>80 leshort x \b, Number of channels %d
+>>>82 lelong x \b, Samples Per Second %d
+>>>86 lelong x \b, Average Number of Bytes Per Second %d
+>>>90 lelong x \b, Block Alignment %d
+>>>94 leshort x \b, Bits Per Sample %d
+# ASF_Video_Media
+>>24 guid BC19EFC0-5B4D-11CF-A8FD-00805F5C442B \b, Video Media (
+>>>78 lelong x \bEncoded Image Width %d
+>>>82 lelong x \b, Encoded Image Height %d
+#>>>85 leshort x \b, Format Data Size %x
+>>>93 lelong x \b, Image Width %d
+>>>97 lelong x \b, Image Height %d
+#>>>101 leshort x \b, Reserved %#x
+>>>103 leshort x \b, Bits Per Pixel Count %d
+#>>>105 lelong x \b, Compression ID %d
+#>>>109 lelong x \b, Image Size %d
+#>>>113 lelong x \b, Horizontal Pixels Per Meter %d
+#>>>117 lelong x \b, Vertical Pixels Per Meter %d
+#>>>121 lelong x \b, Colors Used Count %d
+#>>>125 lelong x \b, Important Colors Count %d
+>>0 lelong x \b, Error correction type
+>>40 use asf-name
+>>0 lelong x \b)
+#ASF_Header_Extension_Object
+>0 guid 5FBF03B5-A92E-11CF-8EE3-00C00C205365
+# ASF_Codec_List_Object
+>0 guid 86D15240-311D-11D0-A3A4-00A0C90348F6
+>0 guid 1EFB1A30-0B62-11D0-A39B-00A0C90348F6 ASF_Script_Command_Object
+>0 guid F487CD01-A951-11CF-8EE6-00C00C205365 ASF_Marker_Object
+>0 guid D6E229DC-35DA-11D1-9034-00A0C90349BE ASF_Bitrate_Mutual_Exclusion_Object
+>0 guid 75B22635-668E-11CF-A6D9-00AA0062CE6C ASF_Error_Correction_Object
+# ASF_Content_Description_Object
+>0 guid 75B22633-668E-11CF-A6D9-00AA0062CE6C
+#>>24 leshort title length %d
+#>>26 leshort author length %d
+#>>28 leshort copyright length %d
+#>>30 leshort descriptor length %d
+#>>32 leshort rating length %d
+>0 guid D2D0A440-E307-11D2-97F0-00A0C95EA850 ASF_Extended_Content_Description_Object
+>0 guid 2211B3FA-BD23-11D2-B4B7-00A0C955FC6E ASF_Content_Branding_Object
+>0 guid 7BF875CE-468D-11D1-8D82-006097C9A2B2 ASF_Stream_Bitrate_Properties_Object
+>0 guid 2211B3FB-BD23-11D2-B4B7-00A0C955FC6E ASF_Content_Encryption_Object
+>0 guid 298AE614-2622-4C17-B935-DAE07EE9289C ASF_Extended_Content_Encryption_Object
+>0 guid 2211B3FC-BD23-11D2-B4B7-00A0C955FC6E ASF_Digital_Signature_Object
+# ASF_Padding_Object
+>0 guid 1806D474-CADF-4509-A4BA-9AABCB96AAE8
+>0 guid 14E6A5CB-C672-4332-8399-A96952065B5A ASF_Extended_Stream_Properties_Object
+>0 guid A08649CF-4775-4670-8A16-6E35357566CD ASF_Advanced_Mutual_Exclusion_Object
+>0 guid D1465A40-5A79-4338-B71B-E36B8FD6C249 ASF_Group_Mutual_Exclusion_Object
+>0 guid D4FED15B-88D3-454F-81F0-ED5C45999E24 ASF_Stream_Prioritization_Object
+>0 guid A69609E6-517B-11D2-B6AF-00C04FD908E9 ASF_Bandwidth_Sharing_Object
+>0 guid 7C4346A9-EFE0-4BFC-B229-393EDE415C85 ASF_Language_List_Object
+>0 guid C5F8CBEA-5BAF-4877-8467-AA8C44FA4CCA ASF_Metadata_Object
+>0 guid 44231C94-9498-49D1-A141-1D134E457054 ASF_Metadata_Library_Object
+>0 guid D6E229DF-35DA-11D1-9034-00A0C90349BE ASF_Index_Parameters_Object
+>0 guid 6B203BAD-3F11-48E4-ACA8-D7613DE2CFA7 ASF_Media_Object_Index_Parameters_Object
+>0 guid F55E496D-9797-4B5D-8C8B-604DFE9BFB24 ASF_Timecode_Index_Parameters_Object
+>0 guid 26F18B5D-4584-47EC-9F5F-0E651F0452C9 ASF_Compatibility_Object
+>0 guid 43058533-6981-49E6-9B74-AD12CB86D58C ASF_Advanced_Content_Encryption_Object
+>0 guid 59DACFC0-59E6-11D0-A3AC-00A0C90348F6 ASF_Command_Media
+>0 guid B61BE100-5B4E-11CF-A8FD-00805F5C442B ASF_JFIF_Media
+>0 guid 35907DE0-E415-11CF-A917-00805F5C442B ASF_Degradable_JPEG_Media
+>0 guid 91BD222C-F21C-497A-8B6D-5AA86BFC0185 ASF_File_Transfer_Media
+>0 guid 3AFB65E2-47EF-40F2-AC2C-70A90D71D343 ASF_Binary_Media
+>0 guid 776257D4-C627-41CB-8F81-7AC7FF1C40CC ASF_Web_Stream_Media_Subtype
+>0 guid DA1E6B13-8359-4050-B398-388E965BF00C ASF_Web_Stream_Format
+>0 guid 20FB5700-5B55-11CF-A8FD-00805F5C442B ASF_No_Error_Correction
+>0 guid BFC3CD50-618F-11CF-8BB2-00AA00B4E220 ASF_Audio_Spread
+>0 guid ABD3D211-A9BA-11cf-8EE6-00C00C205365 ASF_Reserved_1
+>0 guid 7A079BB6-DAA4-4e12-A5CA-91D38DC11A8D ASF_Content_Encryption_System_Windows_Media_DRM
+# _Network_Devices
+>0 guid 86D15241-311D-11D0-A3A4-00A0C90348F6 ASF_Reserved_2
+>0 guid 4B1ACBE3-100B-11D0-A39B-00A0C90348F6 ASF_Reserved_3
+>0 guid 4CFEDB20-75F6-11CF-9C0F-00A0C90349CB ASF_Reserved_4
+>0 guid D6E22A00-35DA-11D1-9034-00A0C90349BE ASF_Mutex_Language
+>0 guid D6E22A01-35DA-11D1-9034-00A0C90349BE ASF_Mutex_Bitrate
+>0 guid D6E22A02-35DA-11D1-9034-00A0C90349BE ASF_Mutex_Unknown
+>0 guid AF6060AA-5197-11D2-B6AF-00C04FD908E9 ASF_Bandwidth_Sharing_Exclusive
+>0 guid AF6060AB-5197-11D2-B6AF-00C04FD908E9 ASF_Bandwidth_Sharing_Partial
+>0 guid 399595EC-8667-4E2D-8FDB-98814CE76C1E ASF_Payload_Extension_System_Timecode
+>0 guid E165EC0E-19ED-45D7-B4A7-25CBD1E28E9B ASF_Payload_Extension_System_File_Name
+>0 guid D590DC20-07BC-436C-9CF7-F3BBFBF1A4DC ASF_Payload_Extension_System_Content_Type
+>0 guid 1B1EE554-F9EA-4BC8-821A-376B74E4C4B8 ASF_Payload_Extension_System_Pixel_Aspect_Ratio
+>0 guid C6BD9450-867F-4907-83A3-C77921B733AD ASF_Payload_Extension_System_Sample_Duration
+>0 guid 6698B84E-0AFA-4330-AEB2-1C0A98D7A44D ASF_Payload_Extension_System_Encryption_Sample_ID
+>0 guid 00E1AF06-7BEC-11D1-A582-00C04FC29CFB ASF_Payload_Extension_System_Degradable_JPEG
+
+0 name asf-object
+>0 use asf-name
+#>>16 lequad >0 (size %lld) [
+>>16 lequad >0
+>>>(16.q) use asf-object
+#>>16 lequad 0 ]
+
+# Microsoft Advanced Streaming Format (ASF) <mpruett@sgi.com>
+0 guid 75B22630-668E-11CF-A6D9-00AA0062CE6C Microsoft ASF
+!:mime video/x-ms-asf
+#>16 lequad >0 (size %lld
+#>>24 lelong x \b, %d header objects)
+>16 lequad >0
+>>30 use asf-object
+>>(16.q) use asf-object
diff --git a/magic/Magdir/assembler b/magic/Magdir/assembler
new file mode 100644
index 0000000..805a326
--- /dev/null
+++ b/magic/Magdir/assembler
@@ -0,0 +1,18 @@
+#------------------------------------------------------------------------------
+# $File: assembler,v 1.6 2013/12/11 14:14:20 christos Exp $
+# make: file(1) magic for assembler source
+#
+0 regex \^[\040\t]{0,50}\\.asciiz assembler source text
+!:mime text/x-asm
+0 regex \^[\040\t]{0,50}\\.byte assembler source text
+!:mime text/x-asm
+0 regex \^[\040\t]{0,50}\\.even assembler source text
+!:mime text/x-asm
+0 regex \^[\040\t]{0,50}\\.globl assembler source text
+!:mime text/x-asm
+0 regex \^[\040\t]{0,50}\\.text assembler source text
+!:mime text/x-asm
+0 regex \^[\040\t]{0,50}\\.file assembler source text
+!:mime text/x-asm
+0 regex \^[\040\t]{0,50}\\.type assembler source text
+!:mime text/x-asm
diff --git a/magic/Magdir/asterix b/magic/Magdir/asterix
new file mode 100644
index 0000000..a9ea885
--- /dev/null
+++ b/magic/Magdir/asterix
@@ -0,0 +1,18 @@
+
+#------------------------------------------------------------------------------
+# $File: asterix,v 1.5 2009/09/19 16:28:08 christos Exp $
+# asterix: file(1) magic for Aster*x; SunOS 5.5.1 gave the 4-character
+# strings as "long" - we assume they're just strings:
+# From: guy@netapp.com (Guy Harris)
+#
+0 string *STA Aster*x
+>7 string WORD Words Document
+>7 string GRAP Graphic
+>7 string SPRE Spreadsheet
+>7 string MACR Macro
+0 string 2278 Aster*x Version 2
+>29 byte 0x36 Words Document
+>29 byte 0x35 Graphic
+>29 byte 0x32 Spreadsheet
+>29 byte 0x38 Macro
+
diff --git a/magic/Magdir/att3b b/magic/Magdir/att3b
new file mode 100644
index 0000000..b83ae2e
--- /dev/null
+++ b/magic/Magdir/att3b
@@ -0,0 +1,41 @@
+
+#------------------------------------------------------------------------------
+# $File: att3b,v 1.10 2017/03/17 21:35:28 christos Exp $
+# att3b: file(1) magic for AT&T 3B machines
+#
+# The `versions' should be un-commented if they work for you.
+# (Was the problem just one of endianness?)
+#
+# 3B20
+#
+# The 3B20 conflicts with SCCS.
+#0 beshort 0550 3b20 COFF executable
+#>12 belong >0 not stripped
+#>22 beshort >0 - version %d
+#0 beshort 0551 3b20 COFF executable (TV)
+#>12 belong >0 not stripped
+#>22 beshort >0 - version %d
+#
+# WE32K
+#
+0 beshort 0560 WE32000 COFF
+>18 beshort ^00000020 object
+>18 beshort &00000020 executable
+>12 belong >0 not stripped
+>18 beshort ^00010000 N/A on 3b2/300 w/paging
+>18 beshort &00020000 32100 required
+>18 beshort &00040000 and MAU hardware required
+>20 beshort 0407 (impure)
+>20 beshort 0410 (pure)
+>20 beshort 0413 (demand paged)
+>20 beshort 0443 (target shared library)
+>22 beshort >0 - version %d
+0 beshort 0561 WE32000 COFF executable (TV)
+>12 belong >0 not stripped
+#>18 beshort &00020000 - 32100 required
+#>18 beshort &00040000 and MAU hardware required
+#>22 beshort >0 - version %d
+#
+# core file for 3b2
+0 string \000\004\036\212\200 3b2 core file
+>364 string >\0 of '%s'
diff --git a/magic/Magdir/audio b/magic/Magdir/audio
new file mode 100644
index 0000000..55c5cd0
--- /dev/null
+++ b/magic/Magdir/audio
@@ -0,0 +1,1291 @@
+
+#------------------------------------------------------------------------------
+# $File: audio,v 1.127 2023/03/05 20:15:49 christos Exp $
+# audio: file(1) magic for sound formats (see also "iff")
+#
+# Jan Nicolai Langfeldt (janl@ifi.uio.no), Dan Quinlan (quinlan@yggdrasil.com),
+# and others
+#
+
+# Sun/NeXT audio data
+0 string .snd Sun/NeXT audio data:
+>12 belong 1 8-bit ISDN mu-law,
+!:mime audio/basic
+>12 belong 2 8-bit linear PCM [REF-PCM],
+!:mime audio/basic
+>12 belong 3 16-bit linear PCM,
+!:mime audio/basic
+>12 belong 4 24-bit linear PCM,
+!:mime audio/basic
+>12 belong 5 32-bit linear PCM,
+!:mime audio/basic
+>12 belong 6 32-bit IEEE floating point,
+!:mime audio/basic
+>12 belong 7 64-bit IEEE floating point,
+!:mime audio/basic
+>12 belong 8 Fragmented sample data,
+>12 belong 10 DSP program,
+>12 belong 11 8-bit fixed point,
+>12 belong 12 16-bit fixed point,
+>12 belong 13 24-bit fixed point,
+>12 belong 14 32-bit fixed point,
+>12 belong 18 16-bit linear with emphasis,
+>12 belong 19 16-bit linear compressed,
+>12 belong 20 16-bit linear with emphasis and compression,
+>12 belong 21 Music kit DSP commands,
+>12 belong 23 8-bit ISDN mu-law compressed (CCITT G.721 ADPCM voice enc.),
+!:mime audio/x-adpcm
+>12 belong 24 compressed (8-bit CCITT G.722 ADPCM)
+>12 belong 25 compressed (3-bit CCITT G.723.3 ADPCM),
+>12 belong 26 compressed (5-bit CCITT G.723.5 ADPCM),
+>12 belong 27 8-bit A-law (CCITT G.711),
+>20 belong 1 mono,
+>20 belong 2 stereo,
+>20 belong 4 quad,
+>16 belong >0 %d Hz
+
+# DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format
+# that uses little-endian encoding and has a different magic number
+0 lelong 0x0064732E DEC audio data:
+>12 lelong 1 8-bit ISDN mu-law,
+!:mime audio/x-dec-basic
+>12 lelong 2 8-bit linear PCM [REF-PCM],
+!:mime audio/x-dec-basic
+>12 lelong 3 16-bit linear PCM,
+!:mime audio/x-dec-basic
+>12 lelong 4 24-bit linear PCM,
+!:mime audio/x-dec-basic
+>12 lelong 5 32-bit linear PCM,
+!:mime audio/x-dec-basic
+>12 lelong 6 32-bit IEEE floating point,
+!:mime audio/x-dec-basic
+>12 lelong 7 64-bit IEEE floating point,
+!:mime audio/x-dec-basic
+>12 belong 8 Fragmented sample data,
+>12 belong 10 DSP program,
+>12 belong 11 8-bit fixed point,
+>12 belong 12 16-bit fixed point,
+>12 belong 13 24-bit fixed point,
+>12 belong 14 32-bit fixed point,
+>12 belong 18 16-bit linear with emphasis,
+>12 belong 19 16-bit linear compressed,
+>12 belong 20 16-bit linear with emphasis and compression,
+>12 belong 21 Music kit DSP commands,
+>12 lelong 23 8-bit ISDN mu-law compressed (CCITT G.721 ADPCM voice enc.),
+!:mime audio/x-dec-basic
+>12 belong 24 compressed (8-bit CCITT G.722 ADPCM)
+>12 belong 25 compressed (3-bit CCITT G.723.3 ADPCM),
+>12 belong 26 compressed (5-bit CCITT G.723.5 ADPCM),
+>12 belong 27 8-bit A-law (CCITT G.711),
+>20 lelong 1 mono,
+>20 lelong 2 stereo,
+>20 lelong 4 quad,
+>16 lelong >0 %d Hz
+
+# Creative Labs AUDIO stuff
+0 string MThd Standard MIDI data
+!:mime audio/midi
+>8 beshort x (format %d)
+>10 beshort x using %d track
+>10 beshort >1 \bs
+>12 beshort&0x7fff x at 1/%d
+>12 beshort&0x8000 >0 SMPTE
+
+0 string CTMF Creative Music (CMF) data
+!:mime audio/x-unknown
+0 string SBI SoundBlaster instrument data
+!:mime audio/x-unknown
+0 string Creative\ Voice\ File Creative Labs voice data
+!:mime audio/x-unknown
+# is this next line right? it came this way...
+>19 byte 0x1A
+>23 byte >0 - version %d
+>22 byte >0 \b.%d
+
+# first entry is also the string "NTRK"
+0 belong 0x4e54524b MultiTrack sound data
+>4 belong x - version %d
+
+# Extended MOD format (*.emd) (Greg Roelofs, newt@uchicago.edu); NOT TESTED
+# [based on posting 940824 by "Dirk/Elastik", husberg@lehtori.cc.tut.fi]
+0 string EMOD Extended MOD sound data,
+>4 byte&0xf0 x version %d
+>4 byte&0x0f x \b.%d,
+>45 byte x %d instruments
+>83 byte 0 (module)
+>83 byte 1 (song)
+
+# Real Audio (Magic .ra\0375)
+0 belong 0x2e7261fd RealAudio sound file
+!:mime audio/x-pn-realaudio
+0 string .RMF\0\0\0 RealMedia file
+!:mime application/vnd.rn-realmedia
+#video/x-pn-realvideo
+#video/vnd.rn-realvideo
+#application/vnd.rn-realmedia
+# sigh, there are many mimes for that but the above are the most common.
+
+# MTM/669/FAR/S3M/ULT/XM format checking [Aaron Eppert, aeppert@dialin.ind.net]
+# Oct 31, 1995
+# fixed by <doj@cubic.org> 2003-06-24
+# Too short...
+#0 string MTM MultiTracker Module sound file
+#0 string if Composer 669 Module sound data
+#0 string JN Composer 669 Module sound data (extended format)
+0 string MAS_U ULT(imate) Module sound data
+
+#0 string FAR Module sound data
+#>4 string >\15 Title: "%s"
+
+0x2c string SCRM ScreamTracker III Module sound data
+>0 string >\0 Title: "%s"
+!:mime audio/x-s3m
+
+# .stm before it got above .s3m extension
+0x16 string \!Scream\! ScreamTracker Module sound data
+>0 string >\0 Title: "%s"
+
+# Gravis UltraSound patches
+# From <ache@nagual.ru>
+
+0 string GF1PATCH110\0ID#000002\0 GUS patch
+0 string GF1PATCH100\0ID#000002\0 Old GUS patch
+
+# mime types according to http://www.geocities.com/nevilo/mod.htm:
+# audio/it .it
+# audio/x-zipped-it .itz
+# audio/xm fasttracker modules
+# audio/x-s3m screamtracker modules
+# audio/s3m screamtracker modules
+# audio/x-zipped-mod mdz
+# audio/mod mod
+# audio/x-mod All modules (mod, s3m, 669, mtm, med, xm, it, mdz, stm, itz, xmz, s3z)
+
+#
+# Taken from loader code from mikmod version 2.14
+# by Steve McIntyre (stevem@chiark.greenend.org.uk)
+# <doj@cubic.org> added title printing on 2003-06-24
+0 string MAS_UTrack_V00
+>14 string >/0 ultratracker V1.%.1s module sound data
+!:mime audio/x-mod
+#audio/x-tracker-module
+
+0 string UN05 MikMod UNI format module sound data
+
+0 string Extended\ Module: Fasttracker II module sound data
+!:mime audio/x-mod
+#audio/x-tracker-module
+>17 string >\0 Title: "%s"
+
+21 string/c =!SCREAM! Screamtracker 2 module sound data
+!:mime audio/x-mod
+#audio/x-screamtracker-module
+21 string BMOD2STM Screamtracker 2 module sound data
+!:mime audio/x-mod
+#audio/x-screamtracker-module
+
+1080 string \!PM! 4-channel Protracker module sound data
+!:mime audio/x-mod
+#audio/x-protracker-module
+>0 string >\0 Title: "%s"
+
+1080 string M.K. 4-channel Protracker module sound data
+!:mime audio/x-mod
+#audio/x-protracker-module
+>0 string >\0 Title: "%s"
+
+1080 string M!K! 4-channel Protracker module sound data
+!:mime audio/x-mod
+#audio/x-protracker-module
+>0 string >\0 Title: "%s"
+
+1080 string FLT4 4-channel Startracker module sound data
+!:mime audio/x-mod
+#audio/x-startracker-module
+>0 string >\0 Title: "%s"
+
+1080 string FLT8 8-channel Startracker module sound data
+!:mime audio/x-mod
+#audio/x-startracker-module
+>0 string >\0 Title: "%s"
+
+1080 string 4CHN 4-channel Fasttracker module sound data
+!:mime audio/x-mod
+#audio/x-fasttracker-module
+>0 string >\0 Title: "%s"
+
+1080 string 6CHN 6-channel Fasttracker module sound data
+!:mime audio/x-mod
+#audio/x-fasttracker-module
+>0 string >\0 Title: "%s"
+
+1080 string 8CHN 8-channel Fasttracker module sound data
+!:mime audio/x-mod
+#audio/x-fasttracker-module
+>0 string >\0 Title: "%s"
+
+1080 string CD81 8-channel Octalyser module sound data
+!:mime audio/x-mod
+#audio/x-octalysertracker-module
+>0 string >\0 Title: "%s"
+
+1080 string OKTA 8-channel Octalyzer module sound data
+!:mime audio/x-mod
+#audio/x-octalysertracker-module
+>0 string >\0 Title: "%s"
+
+# Not good enough.
+#1082 string CH
+#>1080 string >/0 %.2s-channel Fasttracker "oktalyzer" module sound data
+1080 string 16CN 16-channel Taketracker module sound data
+!:mime audio/x-mod
+#audio/x-taketracker-module
+>0 string >\0 Title: "%s"
+1080 string 32CN 32-channel Taketracker module sound data
+!:mime audio/x-mod
+#audio/x-taketracker-module
+>0 string >\0 Title: "%s"
+
+# TOC sound files -Trevor Johnson <trevor@jpj.net>
+#
+0 string TOC TOC sound file
+
+# sidfiles <pooka@iki.fi>
+# added name,author,(c) and new RSID type by <doj@cubic.org> 2003-06-24
+0 string SIDPLAY\ INFOFILE Sidplay info file
+
+0 string PSID PlaySID v2.2+ (AMIGA) sidtune
+>4 beshort >0 w/ header v%d,
+>14 beshort =1 single song,
+>14 beshort >1 %d songs,
+>16 beshort >0 default song: %d
+>0x16 string >\0 name: "%s"
+>0x36 string >\0 author: "%s"
+>0x56 string >\0 copyright: "%s"
+
+0 string RSID RSID sidtune PlaySID compatible
+>4 beshort >0 w/ header v%d,
+>14 beshort =1 single song,
+>14 beshort >1 %d songs,
+>16 beshort >0 default song: %d
+>0x16 string >\0 name: "%s"
+>0x36 string >\0 author: "%s"
+>0x56 string >\0 copyright: "%s"
+
+# IRCAM sound files - Michael Pruett <michael@68k.org>
+# http://www-mmsp.ece.mcgill.ca/documents/AudioFormats/IRCAM/IRCAM.html
+0 belong 0x64a30100 IRCAM file (VAX little-endian)
+0 belong 0x0001a364 IRCAM file (VAX big-endian)
+0 belong 0x64a30200 IRCAM file (Sun big-endian)
+0 belong 0x0002a364 IRCAM file (Sun little-endian)
+0 belong 0x64a30300 IRCAM file (MIPS little-endian)
+0 belong 0x0003a364 IRCAM file (MIPS big-endian)
+0 belong 0x64a30400 IRCAM file (NeXT big-endian)
+0 belong 0x64a30400 IRCAM file (NeXT big-endian)
+0 belong 0x0004a364 IRCAM file (NeXT little-endian)
+
+# NIST SPHERE <mpruett@sgi.com>
+0 string NIST_1A\n\ \ \ 1024\n NIST SPHERE file
+
+# Sample Vision <mpruett@sgi.com>
+0 string SOUND\ SAMPLE\ DATA\ Sample Vision file
+
+# Audio Visual Research <tonigonenstein@users.sourceforge.net>
+0 string 2BIT Audio Visual Research file,
+>12 beshort =0 mono,
+>12 beshort =-1 stereo,
+>14 beshort x %d bits
+>16 beshort =0 unsigned,
+>16 beshort =-1 signed,
+>22 belong&0x00ffffff x %d Hz,
+>18 beshort =0 no loop,
+>18 beshort =-1 loop,
+>21 ubyte <128 note %d,
+>22 byte =0 replay 5.485 KHz
+>22 byte =1 replay 8.084 KHz
+>22 byte =2 replay 10.971 KHz
+>22 byte =3 replay 16.168 KHz
+>22 byte =4 replay 21.942 KHz
+>22 byte =5 replay 32.336 KHz
+>22 byte =6 replay 43.885 KHz
+>22 byte =7 replay 47.261 KHz
+
+# SGI SoundTrack <mpruett@sgi.com>
+0 string _SGI_SoundTrack SGI SoundTrack project file
+# ID3 version 2 tags <waschk@informatik.uni-rostock.de>
+0 string ID3 Audio file with ID3 version 2
+>3 byte x \b.%d
+>4 byte x \b.%d
+>>5 byte &0x80 \b, unsynchronized frames
+>>5 byte &0x40 \b, extended header
+>>5 byte &0x20 \b, experimental
+>>5 byte &0x10 \b, footer present
+>(6.I+10) indirect x \b, contains:
+
+# NSF (NES sound file) magic
+0 string NESM\x1a NES Sound File
+>14 string >\0 ("%s" by
+>46 string >\0 %s, copyright
+>78 string >\0 %s),
+>5 byte x version %d,
+>6 byte x %d tracks,
+>122 byte&0x2 =1 dual PAL/NTSC
+>122 byte&0x1 =1 PAL
+>122 byte&0x1 =0 NTSC
+
+# NSFE (Extended NES sound file) magic
+# http://slickproductions.org/docs/NSF/nsfespec.txt
+# From: David Pflug <david@pflug.email>
+0 string NSFE Extended NES Sound File
+>48 search/0x1000 auth
+>>&0 string >\0 ("%s"
+>>>&1 string >\0 by %s
+>>>>&1 string >\0 \b, copyright %s
+>>>>>&1 string >\0 \b, ripped by %s
+>20 byte x \b), %d tracks,
+>18 byte&0x2 =1 dual PAL/NTSC
+>18 byte&0x2 =0
+>>18 byte&0x1 =1 PAL
+>>18 byte&0x1 =0 NTSC
+
+# Type: SNES SPC700 sound files
+# From: Josh Triplett <josh@freedesktop.org>
+0 string SNES-SPC700\ Sound\ File\ Data\ v SNES SPC700 sound file
+>&0 string 0.30 \b, version %s
+>>0x23 byte 0x1B \b, without ID666 tag
+>>0x23 byte 0x1A \b, with ID666 tag
+>>>0x2E string >\0 \b, song "%.32s"
+>>>0x4E string >\0 \b, game "%.32s"
+
+# Impulse tracker module (audio/x-it)
+0 string IMPM Impulse Tracker module sound data -
+!:mime audio/x-mod
+>4 string >\0 "%s"
+>40 leshort !0 compatible w/ITv%x
+>42 leshort !0 created w/ITv%x
+
+# Imago Orpheus module (audio/x-imf)
+60 string IM10 Imago Orpheus module sound data -
+>0 string >\0 "%s"
+
+# From <collver1@attbi.com>
+# These are the /etc/magic entries to decode modules, instruments, and
+# samples in Impulse Tracker's native format.
+
+0 string IMPS Impulse Tracker Sample
+>18 byte &2 16 bit
+>18 byte ^2 8 bit
+>18 byte &4 stereo
+>18 byte ^4 mono
+0 string IMPI Impulse Tracker Instrument
+>28 leshort !0 ITv%x
+>30 byte !0 %d samples
+
+# Yamaha TX Wave: file(1) magic for Yamaha TX Wave audio files
+# From <collver1@attbi.com>
+0 string LM8953 Yamaha TX Wave
+>22 byte 0x49 looped
+>22 byte 0xC9 non-looped
+>23 byte 1 33kHz
+>23 byte 2 50kHz
+>23 byte 3 16kHz
+
+# scream tracker: file(1) magic for Scream Tracker sample files
+#
+# From <collver1@attbi.com>
+76 string SCRS Scream Tracker Sample
+>0 byte 1 sample
+>0 byte 2 adlib melody
+>0 byte >2 adlib drum
+>31 byte &2 stereo
+>31 byte ^2 mono
+>31 byte &4 16bit little endian
+>31 byte ^4 8bit
+>30 byte 0 unpacked
+>30 byte 1 packed
+
+# audio
+# From: Cory Dikkers <cdikkers@swbell.net>
+0 string MMD0 MED music file, version 0
+0 string MMD1 OctaMED Pro music file, version 1
+0 string MMD3 OctaMED Soundstudio music file, version 3
+0 string OctaMEDCmpr OctaMED Soundstudio compressed file
+0 string MED MED_Song
+0 string SymM Symphonie SymMOD music file
+#
+# Track Length (TRL), Tracks (TRK), Samples (SMP), Subsongs (SS)
+# http://lclevy.free.fr/exotica/ahx/ahxformat.txt
+0 string THX AHX version
+>3 byte =0 1 module data
+>3 byte =1 2 module data
+>11 ubyte x TRK: %u
+>10 ubyte x TRL: %u
+>12 ubyte x SMP: %u
+>13 ubyte x SS: %u
+>(4.H) string x Title: "%.128s"
+
+# header is mostly AHX format
+0 string HVL
+>3 byte <2 Hively Tracker Song
+>3 byte =0 v1 module data
+>3 byte =1 v2 module data
+>11 ubyte x TRK: %u
+>10 ubyte x TRL: %u
+>12 ubyte x SMP: %u
+>13 ubyte x SS: %u
+>8 ubyte/4 =0 CHN: 4
+>8 ubyte/4 >0 CHN: 4+%u
+#>-0 offset <0xffff
+>(4.H) string x Title: "%.128s"
+
+#
+0 string OKTASONG Oktalyzer module data
+#
+0 string DIGI\ Booster\ module\0 %s
+>20 byte >0 %c
+>>21 byte >0 \b%c
+>>>22 byte >0 \b%c
+>>>>23 byte >0 \b%c
+>610 string >\0 \b, "%s"
+#
+0 string DBM0 DIGI Booster Pro Module
+>4 byte >0 V%X.
+>>5 byte x \b%02X
+>16 string >\0 \b, "%s"
+#
+0 string FTMN FaceTheMusic module
+>16 string >\0d \b, "%s"
+
+# From: <doj@cubic.org> 2003-06-24
+0 string AMShdr\32 Velvet Studio AMS Module v2.2
+0 string Extreme Extreme Tracker AMS Module v1.3
+0 string DDMF Xtracker DMF Module
+>4 byte x v%i
+>0xD string >\0 Title: "%s"
+>0x2B string >\0 Composer: "%s"
+0 string DSM\32 Dynamic Studio Module DSM
+0 string SONG DigiTrekker DTM Module
+0 string DMDL DigiTrakker MDL Module
+0 string PSM\32 Protracker Studio PSM Module
+44 string PTMF Poly Tracker PTM Module
+>0 string >\32 Title: "%s"
+0 string MT20 MadTracker 2.0 Module MT2
+0 string RAD\40by\40REALiTY!! RAD Adlib Tracker Module RAD
+0 string RTMM RTM Module
+0x426 string MaDoKaN96 XMS Adlib Module
+>0 string >\0 Composer: "%s"
+0 string AMF AMF Module
+>4 string >\0 Title: "%s"
+0 string MODINFO1 Open Cubic Player Module Information MDZ
+0 string Extended\40Instrument: Fast Tracker II Instrument
+
+# From: Takeshi Hamasaki <hma@syd.odn.ne.jp>
+# NOA Nancy Codec file
+0 string \210NOA\015\012\032 NOA Nancy Codec Movie file
+# Yamaha SMAF format
+0 string MMMD Yamaha SMAF file
+# Sharp Jisaku Melody format for PDC
+0 string \001Sharp\040JisakuMelody SHARP Cell-Phone ringing Melody
+>20 string Ver01.00 Ver. 1.00
+>>32 byte x , %d tracks
+
+# Free lossless audio codec <http://flac.sourceforge.net>
+# From: Przemyslaw Augustyniak <silvathraec@rpg.pl>
+0 string fLaC FLAC audio bitstream data
+!:mime audio/flac
+>4 byte&0x7f >0 \b, unknown version
+>4 byte&0x7f 0 \b
+# some common bits/sample values
+>>20 beshort&0x1f0 0x030 \b, 4 bit
+>>20 beshort&0x1f0 0x050 \b, 6 bit
+>>20 beshort&0x1f0 0x070 \b, 8 bit
+>>20 beshort&0x1f0 0x0b0 \b, 12 bit
+>>20 beshort&0x1f0 0x0f0 \b, 16 bit
+>>20 beshort&0x1f0 0x170 \b, 24 bit
+>>20 byte&0xe 0x0 \b, mono
+>>20 byte&0xe 0x2 \b, stereo
+>>20 byte&0xe 0x4 \b, 3 channels
+>>20 byte&0xe 0x6 \b, 4 channels
+>>20 byte&0xe 0x8 \b, 5 channels
+>>20 byte&0xe 0xa \b, 6 channels
+>>20 byte&0xe 0xc \b, 7 channels
+>>20 byte&0xe 0xe \b, 8 channels
+# sample rates derived from known oscillator frequencies;
+# 24.576 MHz (video/fs=48kHz), 22.5792 (audio/fs=44.1kHz) and
+# 16.384 (other/fs=32kHz).
+>>17 belong&0xfffff0 0x02b110 \b, 11.025 kHz
+>>17 belong&0xfffff0 0x03e800 \b, 16 kHz
+>>17 belong&0xfffff0 0x056220 \b, 22.05 kHz
+>>17 belong&0xfffff0 0x05dc00 \b, 24 kHz
+>>17 belong&0xfffff0 0x07d000 \b, 32 kHz
+>>17 belong&0xfffff0 0x0ac440 \b, 44.1 kHz
+>>17 belong&0xfffff0 0x0bb800 \b, 48 kHz
+>>17 belong&0xfffff0 0x0fa000 \b, 64 kHz
+>>17 belong&0xfffff0 0x158880 \b, 88.2 kHz
+>>17 belong&0xfffff0 0x177000 \b, 96 kHz
+>>17 belong&0xfffff0 0x1f4000 \b, 128 kHz
+>>17 belong&0xfffff0 0x2b1100 \b, 176.4 kHz
+>>17 belong&0xfffff0 0x2ee000 \b, 192 kHz
+>>17 belong&0xfffff0 0x3e8000 \b, 256 kHz
+>>17 belong&0xfffff0 0x562200 \b, 352.8 kHz
+>>17 belong&0xfffff0 0x5dc000 \b, 384 kHz
+>>21 byte&0xf >0 \b, >4G samples
+>>21 byte&0xf 0 \b
+>>>22 belong >0 \b, %u samples
+>>>22 belong 0 \b, length unknown
+
+# (ISDN) VBOX voice message file (Wolfram Kleff)
+0 string VBOX VBOX voice message data
+
+# ReBorn Song Files (.rbs)
+# David J. Singer <doc@deadvirgins.org.uk>
+8 string RB40 RBS Song file
+>29 string ReBorn created by ReBorn
+>37 string Propellerhead created by ReBirth
+
+# Synthesizer Generator and Kimwitu share their file format
+0 string A#S#C#S#S#L#V#3 Synthesizer Generator or Kimwitu data
+# Kimwitu++ uses a slightly different magic
+0 string A#S#C#S#S#L#HUB Kimwitu++ data
+
+# From "Simon Hosie
+0 string TFMX-SONG TFMX module sound data
+
+# Monkey's Audio compressed audio format (.ape)
+# From danny.milo@gmx.net (Danny Milosavljevic)
+# New version from Abel Cheung <abel (@) oaka.org>
+0 string MAC\040 Monkey's Audio compressed format
+!:mime audio/x-ape
+>4 uleshort >0x0F8B version %d
+>>(0x08.l) uleshort =1000 with fast compression
+>>(0x08.l) uleshort =2000 with normal compression
+>>(0x08.l) uleshort =3000 with high compression
+>>(0x08.l) uleshort =4000 with extra high compression
+>>(0x08.l) uleshort =5000 with insane compression
+>>(0x08.l+18) uleshort =1 \b, mono
+>>(0x08.l+18) uleshort =2 \b, stereo
+>>(0x08.l+20) ulelong x \b, sample rate %d
+>4 uleshort <0x0F8C version %d
+>>6 uleshort =1000 with fast compression
+>>6 uleshort =2000 with normal compression
+>>6 uleshort =3000 with high compression
+>>6 uleshort =4000 with extra high compression
+>>6 uleshort =5000 with insane compression
+>>10 uleshort =1 \b, mono
+>>10 uleshort =2 \b, stereo
+>>12 ulelong x \b, sample rate %d
+
+# adlib sound files
+# From: Alex Myczko <alex@aiei.ch>
+
+# https://github.com/rerrahkr/BambooTracker
+0 string BambooTracker BambooTracker
+>13 string Mod Module
+>13 string Ist Instrument
+>13 string Bnk Bank
+>22 byte x \b, version %u
+>21 byte x \b.%u
+>20 byte x \b.%u
+
+0 string CC2x CheeseCutter 2 song
+
+0 string RAWADATA RdosPlay RAW
+
+1068 string RoR AMUSIC Adlib Tracker
+
+0 string JCH EdLib
+
+0 string mpu401tr MPU-401 Trakker
+
+0 string SAdT Surprise! Adlib Tracker
+>4 byte x Version %d
+
+0 string XAD! eXotic ADlib
+
+0 string ofTAZ! eXtra Simple Music
+
+0 string FMK! FM Kingtracker Song
+
+0 string DFM DFM Song
+
+0 string \<CUD-FM-File\> CFF Song
+
+0 string _A2module A2M Song
+
+# Spectrum 128 tunes (.ay files).
+# From: Emanuel Haupt <ehaupt@critical.ch>
+0 string ZXAYEMUL Spectrum 128 tune
+
+0 string \0BONK BONK,
+#>5 byte x version %d
+>14 byte x %d channel(s),
+>15 byte =1 lossless,
+>15 byte =0 lossy,
+>16 byte x mid-side
+
+384 string LockStream LockStream Embedded file (mostly MP3 on old Nokia phones)
+
+# format VQF (proprietary codec for sound)
+# some infos on the header file available at :
+# http://www.twinvq.org/english/technology_format.html
+0 string TWIN97012000 VQF data
+>27 short 0 \b, Mono
+>27 short 1 \b, Stereo
+>31 short >0 \b, %d kbit/s
+>35 short >0 \b, %d kHz
+
+# Nelson A. de Oliveira (naoliv@gmail.com)
+# .eqf
+0 string Winamp\ EQ\ library\ file %s
+# it will match only versions like v<digit>.<digit>
+# Since I saw only eqf files with version v1.1 I think that it's OK
+>23 string x \b%.4s
+# .preset
+0 string [Equalizer\ preset] XMMS equalizer preset
+# .m3u
+0 search/1 #EXTM3U M3U playlist text
+# .pls
+0 search/1 [playlist] PLS playlist text
+# licq.conf
+1 string [licq] LICQ configuration file
+
+# Atari ST audio files by Dirk Jagdmann <doj@cubic.org>
+# NOTE: Most SNDH music is packed using ICE, which has
+# magic numbers "ICE!" and "Ice!". Some SNDH music is
+# not packed, so we check for both packed and unpacked.
+12 string SNDH SNDH Atari ST music
+0 belong&0xFFDFDFFF 0x49434521
+>14 search/40 NDH SNDH Atari ST music
+>14 search/40 TITL SNDH Atari ST music
+0 string SC68\ Music-file\ /\ (c)\ (BeN)jami sc68 Atari ST music
+
+# musepak support From: "Jiri Pejchal" <jiri.pejchal@gmail.com>
+0 string MP+ Musepack audio (MP+)
+!:mime audio/x-musepack
+>3 byte 255 \b, SV pre8
+>3 byte&0xF 0x6 \b, SV 6
+>3 byte&0xF 0x8 \b, SV 8
+>3 byte&0xF 0x7 \b, SV 7
+>>3 byte&0xF0 0x0 \b.0
+>>3 byte&0xF0 0x10 \b.1
+>>3 byte&0xF0 240 \b.15
+>>10 byte&0xF0 0x0 \b, no profile
+>>10 byte&0xF0 0x10 \b, profile 'Unstable/Experimental'
+>>10 byte&0xF0 0x50 \b, quality 0
+>>10 byte&0xF0 0x60 \b, quality 1
+>>10 byte&0xF0 0x70 \b, quality 2 (Telephone)
+>>10 byte&0xF0 0x80 \b, quality 3 (Thumb)
+>>10 byte&0xF0 0x90 \b, quality 4 (Radio)
+>>10 byte&0xF0 0xA0 \b, quality 5 (Standard)
+>>10 byte&0xF0 0xB0 \b, quality 6 (Xtreme)
+>>10 byte&0xF0 0xC0 \b, quality 7 (Insane)
+>>10 byte&0xF0 0xD0 \b, quality 8 (BrainDead)
+>>10 byte&0xF0 0xE0 \b, quality 9
+>>10 byte&0xF0 0xF0 \b, quality 10
+>>27 byte 0x0 \b, Buschmann 1.7.0-9, Klemm 0.90-1.05
+>>27 byte 102 \b, Beta 1.02
+>>27 byte 104 \b, Beta 1.04
+>>27 byte 105 \b, Alpha 1.05
+>>27 byte 106 \b, Beta 1.06
+>>27 byte 110 \b, Release 1.1
+>>27 byte 111 \b, Alpha 1.11
+>>27 byte 112 \b, Beta 1.12
+>>27 byte 113 \b, Alpha 1.13
+>>27 byte 114 \b, Beta 1.14
+>>27 byte 115 \b, Alpha 1.15
+
+0 string MPCK Musepack audio (MPCK)
+!:mime audio/x-musepack
+
+# IMY
+# from http://filext.com/detaillist.php?extdetail=IMY
+# https://cellphones.about.com/od/cellularfaqs/f/rf_imelody.htm
+# http://download.ncl.ie/doc/api/ie/ncl/media/music/IMelody.html
+# http://www.wx800.com/msg/download/irda/iMelody.pdf
+0 string BEGIN:IMELODY iMelody Ringtone Format
+
+# From: "Mateus Caruccio" <mateus@caruccio.com>
+# guitar pro v3,4,5 from http://filext.com/file-extension/gp3
+0 string \030FICHIER\ GUITAR\ PRO\ v3. Guitar Pro Ver. 3 Tablature
+
+# From: "Leslie P. Polzer" <leslie.polzer@gmx.net>
+60 string SONG SoundFX Module sound file
+
+# Type: Adaptive Multi-Rate Codec
+# URL: http://filext.com/detaillist.php?extdetail=AMR
+# From: Russell Coker <russell@coker.com.au>
+0 string #!AMR Adaptive Multi-Rate Codec (GSM telephony)
+!:mime audio/amr
+!:ext amr
+
+# Type: SuperCollider 3 Synth Definition File Format
+# From: Mario Lang <mlang@debian.org>
+0 string SCgf SuperCollider3 Synth Definition file,
+>4 belong x version %d
+
+# Type: True Audio Lossless Audio
+# URL: https://wiki.multimedia.cx/index.php?title=True_Audio
+# From: Mike Melanson <mike@multimedia.cx>
+0 string TTA1 True Audio Lossless Audio
+
+# Type: WavPack Lossless Audio
+# URL: https://wiki.multimedia.cx/index.php?title=WavPack
+# From: Mike Melanson <mike@multimedia.cx>
+0 string wvpk WavPack Lossless Audio
+
+# From Fabio R. Schmidlin <frs@pop.com.br>
+# VGM music file
+0 string Vgm\040
+>9 ubyte >0 VGM Video Game Music dump v
+!:mime audio/x-vgm
+!:ext vgm
+>>9 ubyte/16 >0 \b%d
+>>9 ubyte&0x0F x \b%d
+>>8 ubyte/16 x \b.%d
+>>8 ubyte&0x0F >0 \b%d
+#Get soundchips
+>>8 ubyte x \b, soundchip(s)=
+>>0x0C ulelong >0 SN76489 (PSG),
+>>0x10 ulelong >0 YM2413 (OPLL),
+>>0x2C ulelong >0 YM2612 (OPN2),
+>>0x30 ulelong >0 YM2151 (OPM),
+>>0x38 ulelong >0 Sega PCM,
+>>0x34 ulelong >0xC
+>>>0x40 ulelong >0 RF5C68 (PCM),
+>>0x34 ulelong >0x10
+>>>0x44 ulelong >0 YM2203 (OPN),
+>>0x34 ulelong >0x14
+>>>0x48 ulelong >0 YM2608 (OPNA),
+>>0x34 ulelong >0x18
+>>>0x4C lelong >0 YM2610 (OPNB),
+>>>0x4C lelong <0 YM2610B (OPNB+2FM),
+>>0x34 ulelong >0x1C
+>>>0x50 ulelong >0 YM3812 (OPL2),
+>>0x34 ulelong >0x20
+>>>0x54 ulelong >0 YM3526 (OPL),
+>>0x34 ulelong >0x24
+>>>0x58 ulelong >0 Y8950 (MSX-Audio),
+>>0x34 ulelong >0x28
+>>>0x5C ulelong >0 YMF262 (OPL3),
+>>0x34 ulelong >0x2C
+>>>0x60 ulelong >0 YMF278B (OPL4),
+>>0x34 ulelong >0x30
+>>>0x64 ulelong >0 YMF271 (OPX),
+>>0x34 ulelong >0x34
+>>>0x68 ulelong >0 YMZ280B (PCMD8),
+>>0x34 ulelong >0x38
+>>>0x6C ulelong >0 RF5C164 (PCM),
+>>0x34 ulelong >0x3C
+>>>0x70 ulelong >0 PWM,
+>>0x34 ulelong >0x40
+>>>0x74 ulelong >0
+>>>>0x78 ubyte 0x00 AY-3-8910,
+>>>>0x78 ubyte 0x01 AY-3-8912,
+>>>>0x78 ubyte 0x02 AY-3-8913,
+>>>>0x78 ubyte 0x03 AY-3-8930,
+>>>>0x78 ubyte 0x10 YM2149,
+>>>>0x78 ubyte 0x11 YM3439,
+>>>>0x78 ubyte 0x12 YMZ284,
+>>>>0x78 ubyte 0x13 YMZ294,
+# VGM 1.61
+>>0x34 ulelong >0x4C
+>>>0x80 ulelong >0 DMG,
+>>0x34 ulelong >0x50
+>>>0x84 lelong >0 NES APU,
+>>>0x84 lelong <0 NES APU with FDS,
+>>0x34 ulelong >0x54
+>>>0x88 ulelong >0 MultiPCM,
+>>0x34 ulelong >0x58
+>>>0x8C ulelong >0 uPD7759 (ADPCM Speech),
+>>0x34 ulelong >0x5C
+>>>0x90 ulelong >0 OKIM6258 (ADPCM Speech),
+>>0x34 ulelong >0x64
+>>>0x98 ulelong >0 OKIM6295 (ADPCM),
+>>0x34 ulelong >0x68
+>>>0x9C ulelong >0 K051649,
+>>0x34 ulelong >0x6C
+>>>0xA0 ulelong >0 K054539,
+>>0x34 ulelong >0x70
+>>>0xA4 ulelong >0 HuC6280,
+>>0x34 ulelong >0x74
+>>>0xA8 ulelong >0 C140,
+>>0x34 ulelong >0x78
+>>>0xAC ulelong >0 K053260,
+>>0x34 ulelong >0x7C
+>>>0xB0 ulelong >0 Pokey,
+>>0x34 ulelong >0x80
+>>>0xB4 ulelong >0 QSound,
+# VGM 1.71
+>>0x34 ulelong >0x84
+>>>0xB8 ulelong >0 SCSP,
+>>0x34 ulelong >0x8C
+>>>0xC0 ulelong >0 WonderSwan,
+>>0x34 ulelong >0x90
+>>>0xC4 ulelong >0 VSU,
+>>0x34 ulelong >0x94
+>>>0xC8 ulelong >0 SAA1099,
+>>0x34 ulelong >0x98
+>>>0xCC ulelong >0 ES5503 (DOC),
+>>0x34 ulelong >0x9C
+>>>0xD0 lelong >0 ES5505 (OTIS),
+>>>0xD0 lelong <0 ES5506 (OTTO),
+>>0x34 ulelong >0xA4
+>>>0xD8 ulelong >0 X1-010,
+>>0x34 ulelong >0xA8
+>>>0xDC ulelong >0 C352,
+>>0x34 ulelong >0xAC
+>>>0xE0 ulelong >0 GA20,
+
+# GVOX Encore file format
+# Since this is a proprietary file format and there is no publicly available
+# format specification, this is just based on induction
+#
+0 string SCOW
+>4 byte 0xc4 GVOX Encore music, version 5.0 or above
+>4 byte 0xc2 GVOX Encore music, version < 5.0
+
+0 string ZBOT
+>4 byte 0xc5 GVOX Encore music, version < 5.0
+
+# Summary: Garmin Voice Processing Module (WAVE audios)
+# From: Joerg Jenderek
+# URL: https://www.garmin.com/
+# Reference: http://www.poi-factory.com/node/19580
+# NOTE: there exist 2 other Garmin VPM formats
+0 string AUDIMG
+# skip text files starting with string "AUDIMG"
+>13 ubyte <13 Garmin Voice Processing Module
+!:mime audio/x-vpm-wav-garmin
+!:ext vpm
+# 3 bytes indicating the voice version (200,220)
+>>6 string x \b, version %3.3s
+# day of release (01-31)
+>>12 ubyte x \b, %.2d
+# month of release (01-12)
+>>13 ubyte x \b.%.2d
+# year of release (like 2006, 2007, 2008)
+>>14 uleshort x \b.%.4d
+# hour of release (0-23)
+>>11 ubyte x %.2d
+# minute of release (0-59)
+>>10 ubyte x \b:%.2d
+# second of release (0-59)
+>>9 ubyte x \b:%.2d
+# if you select a language like german on your garmin device
+# you can only select voice modules with corresponding language byte ID like 1
+>>18 ubyte x \b, language ID %d
+# structure for phrases/sentences?
+# number of voice sample in the 1st phrase?
+#>>19 uleshort x \b, %#x samples
+#>>>21 uleshort >0 \b, at %#4.4x
+#>>>(21.s) ubequad x %#llx
+# 2nd phrase?
+#>>23 uleshort x \b, %#x samples
+#>>>25 uleshort >0 \b, at %#4.4x
+#>>>(25.s) ubequad x %#llx
+# pointer to 1st audio WAV sample
+>>16 uleshort >0
+>>>(16.s) ulelong >0 \b, at %#x
+# WAV length
+# 1 space char after "bytes" to get phrase "bytes RIFF"
+>>>>(16.s+4) ulelong >0 %u bytes
+# look for magic
+>>>>>(&-8.l) string RIFF
+# determine type by ./riff
+>>>>>>&-4 indirect x
+# 2 - ~ 131 WAV samples following same way
+#
+# Summary: encrypted Garmin Voice Processing Module
+# From: Joerg Jenderek
+# URL: https://www.garmin.com/us/products/ontheroad/voicestudio
+# NOTE: Encrypted variant used in voices like DrNightmare, Elfred, Yeti.
+# There exist 2 other Garmin VPM formats
+0 ubequad 0xa141190fecc8ced6 Garmin Voice Processing Module (encrypted)
+!:mime audio/x-vpm-garmin
+!:ext vpm
+
+# From Martin Mueller Skarbiniks Pedersen
+0 string GDM
+>0x3 byte 0xFE General Digital Music.
+>0x4 string >\0 title: "%s"
+>0x24 string >\0 musician: "%s"
+>>0x44 beshort 0x0D0A
+>>>0x46 byte 0x1A
+>>>>0x47 string GMFS Version
+>>>>0x4B byte x %d.
+>>>>0x4C byte x \b%02d
+>>>>0x4D beshort 0x000 (2GDM v
+>>>>0x4F byte x \b%d.
+>>>>>0x50 byte x \b%d)
+
+0 string MTM Multitracker
+>0x3 byte/16 x Version %d.
+>0x3 byte&0x0F x \b%02d
+>>0x4 string >\0 title: "%s"
+
+0 string MO3
+>3 ubyte <6 MOdule with MP3
+>>3 byte 0 Version 0 (With MP3 and lossless)
+>>3 byte 1 Version 1 (With ogg and lossless)
+>>3 byte 3 Version 2.2
+>>3 byte 4 (With no LAME header)
+>>3 byte 5 Version 2.4
+
+0 string ADRVPACK AProSys module
+
+# ftp://ftp.modland.com/pub/documents/format_documentation/\
+# Art%20Of%20Noise%20(.aon).txt
+0 string AON
+>4 string "ArtOfNoise by Bastian Spiegel(twice/lego)"
+>0x2e string NAME Art of Noise Tracker Song
+>3 string <9
+>3 string 4 (4 voices)
+>3 string 8 (8 voices)
+>>0x36 string >\0 Title: "%s"
+
+0 string FAR
+>0x2c byte 0x0d
+>0x2d byte 0x0a
+>0x2e byte 0x1a
+>>0x3 byte 0xFE Farandole Tracker Song
+>>>0x31 byte/16 x Version %d.
+>>>0x31 byte&0x0F x \b%02d
+>>>>0x4 string >\0 \b, title: "%s"
+
+# magic for Klystrack, https://kometbomb.github.io/klystrack/
+# from Alex Myczko <alex@aiei.ch>
+0 string cyd!song Klystrack song
+>8 byte >0 \b, version %u
+>8 byte >26
+#>>9 byte x \b, channels %u
+#>>10 leshort x \b, time signature %u
+#>>12 leshort x \b, sequence step %u
+#>>14 byte x \b, instruments %u
+#>>15 leshort x \b, patterns %u
+#>>17 leshort x \b, sequences %u
+#>>19 leshort x \b, length %u
+#>>21 leshort x \b, loop point %u
+#>>23 byte x \b, master volume %u
+#>>24 byte x \b, song speed %u
+#>>25 byte x \b, song speed2 %u
+#>>26 byte x \b, song rate %u
+#>>27 belong x \b, flags %#x
+#>>31 byte x \b, multiplex period %u
+#>>32 byte x \b, pitch inaccuracy %u
+>>149 pstring x \b, title %s
+
+0 string cyd!inst Klystrack instrument
+
+# magic for WOPL instrument files, https://github.com/Wohlstand/OPL3BankEditor
+# see Specifications/WOPL-and-OPLI-Specification.txt
+
+0 string WOPL3-INST\0 WOPL instrument
+>11 leshort x \b, version %u
+0 string WOPL3-BANK\0 WOPL instrument bank
+>11 leshort x \b, version %u
+
+# AdLib/OPL instrument files. Format specifications on
+# http://www.shikadi.net/moddingwiki
+0 string Junglevision\ Patch\ File Junglevision instrument data
+0 string #OPL_II# DMX OP2 instrument data
+0 string IBK\x1a IBK instrument data
+0 string 2OP\x1a IBK instrument data, 2 operators
+0 string 4OP\x1a IBK instrument data, 4 operators
+2 string ADLIB- AdLib instrument data
+>0 byte x \b, version %u
+>1 byte x \b.%u
+
+# CRI ADX ADPCM audio
+# Used by various Sega games.
+# https://en.wikipedia.org/wiki/ADX_(file_format)
+# https://wiki.multimedia.cx/index.php/CRI_ADX_file
+# Added by David Korth <gerbilsoft@gerbilsoft.com>
+0x00 beshort 0x8000
+>(2.S-2) string (c)CRI CRI ADX ADPCM audio
+!:ext adx
+!:mime audio/x-adx
+!:strength +50
+>>0x12 byte x v%u
+>>0x04 byte 0x02 \b, pre-set prediction coefficients
+>>0x04 byte 0x03 \b, standard ADX
+>>0x04 byte 0x04 \b, exponential scale
+>>0x04 byte 0x10 \b, AHX (Dreamcast)
+>>0x04 byte 0x11 \b, AHX
+>>0x08 belong x \b, %u Hz
+>>0x12 byte 0x03
+>>>0x02 beshort >0x2B
+>>>>0x18 belong !0 \b, looping
+>>0x12 byte 0x04
+>>>0x02 beshort >0x37
+>>>>0x24 belong !0 \b, looping
+>>0x13 byte&0x08 0x08 \b, encrypted
+
+# Lossless audio (.la) (http://www.lossless-audio.com/)
+0 string LA
+>2 string 03 Lossless audio version 0.3
+>2 string 04 Lossless audio version 0.4
+
+# Sony PlayStation Audio (.xa)
+0 leshort 0x4158 Sony PlayStation Audio
+
+# Portable Sound Format
+# Used for audio rips for various consoles.
+# http://fileformats.archiveteam.org/wiki/Portable_Sound_Format
+# Added by David Korth <gerbilsoft@gerbilsoft.com>
+0 string PSF
+>3 byte 0x01
+>3 byte 0x02
+>3 byte 0x11
+>3 byte 0x12
+>3 byte 0x13
+>3 byte 0x21
+>3 byte 0x22
+>3 byte 0x23
+>3 byte 0x41
+>>0 string PSF Portable Sound Format
+!:mime audio/x-psf
+>>>3 byte 0x01 (Sony PlayStation)
+>>>3 byte 0x02 (Sony PlayStation 2)
+>>>3 byte 0x11 (Sega Saturn)
+>>>3 byte 0x12 (Sega Dreamcast)
+>>>3 byte 0x13 (Sega Mega Drive)
+>>>3 byte 0x21 (Nintendo 64)
+>>>3 byte 0x22 (Game Boy Advance)
+>>>3 byte 0x23 (Super NES)
+>>>3 byte 0x41 (Capcom QSound)
+
+# Atari 8-bit SAP audio format
+# http://asap.sourceforge.net/sap-format.html
+# Added by David Korth <gerbilsoft@gerbilsoft.com>
+0 string SAP\r\n Atari 8-bit SAP audio file
+!:mime audio/x-sap
+!:ext sap
+>5 search/1024 NAME
+>>&1 string x \b: %s
+>>5 search/1024 AUTHOR
+>>>&1 string x by %s
+
+# Nintendo Wii BRSTM audio format (fields)
+# NOTE: Assuming HEAD starts at 0x40.
+# FIXME: Replace 0x48 with HEAD offset plus 8.
+0 name nintendo-wii-brstm-fields
+>(0x10.L) string HEAD \b:
+>>(0x10.L+0x0C) belong x
+>>>(&-4.L+0x48) belong x
+>>>>&-4 byte 0 PCM, signed 8-bit,
+>>>>&-4 byte 1 PCM, signed 16-bit,
+>>>>&-4 byte 2 THP ADPCM,
+>>>>&-3 byte !0 looping,
+>>>>&-2 byte 1 mono
+>>>>&-2 byte 2 stereo
+>>>>&-2 byte 3 3 channels
+>>>>&-2 byte 4 quad
+>>>>&-2 byte >4 %u channels
+>>>>&0 beshort !0 %u Hz
+
+# Nintendo Wii BRSTM audio format
+# https://wiibrew.org/wiki/BRSTM_file
+# Added by David Korth <gerbilsoft@gerbilsoft.com>
+0 string RSTM Nintendo Wii BRSTM audio file
+!:mime audio/x-brstm
+!:ext brstm
+# Wii is big-endian, so default to BE.
+>4 beshort 0xFEFF
+>>0 use nintendo-wii-brstm-fields
+>4 leshort 0xFEFF
+>>0 use \^nintendo-wii-brstm-fields
+
+# Nintendo 3DS BCSTM audio format (fields)
+0 name nintendo-3ds-bcstm-fields
+>(0x18.l) string INFO \b:
+# INFO block: Stream information starts at 0x20 (minus 4 for the 'INFO' magic)
+>>&0x1C byte 0 PCM, signed 8-bit,
+>>&0x1C byte 1 PCM, signed 16-bit,
+>>&0x1C byte 2 DSP ADPCM,
+>>&0x1C byte 3 IMA ADPCM,
+>>&0x1D byte !0 looping,
+>>&0x1E byte 1 mono
+>>&0x1E byte 2 stereo
+>>&0x1E byte 3 3 channels
+>>&0x1E byte 4 quad
+>>&0x1E byte >4 %u channels
+>>&0x20 lelong !0 %u Hz
+
+# Nintendo 3DS BCSTM audio format
+# https://www.3dbrew.org/wiki/BCSTM
+# Added by David Korth <gerbilsoft@gerbilsoft.com>
+0 string CSTM Nintendo 3DS BCSTM audio file
+!:mime audio/x-bcstm
+!:ext bcstm
+# 3DS is little-endian, so default to LE.
+>4 leshort 0xFEFF
+>>0 use nintendo-3ds-bcstm-fields
+>4 beshort 0xFEFF
+>>0 use \^nintendo-3ds-bcstm-fields
+
+# Nintendo Wii U BFSTM audio format
+# http://mk8.tockdom.com/wiki/BFSTM_(File_Format)
+# NOTE: This format is very similar to BCSTM.
+# Added by David Korth <gerbilsoft@gerbilsoft.com>
+0 string FSTM Nintendo Wii U BFSTM audio file
+!:mime audio/x-bfstm
+!:ext bfstm
+# BFSTM is used on both Wii U (BE) and Switch (LE),
+# so default to LE.
+>4 leshort 0xFEFF
+>>0 use nintendo-3ds-bcstm-fields
+>4 beshort 0xFEFF
+>>0 use \^nintendo-3ds-bcstm-fields
+
+# Nintendo 3DS BCSTM audio format (fields)
+0 name nintendo-3ds-bcwav-fields
+>(0x18.l) string INFO \b:
+# INFO block (minus 4 for INFO magic)
+>>&0x4 byte 0 PCM, signed 8-bit,
+>>&0x4 byte 1 PCM, signed 16-bit,
+>>&0x4 byte 2 DSP ADPCM,
+>>&0x4 byte 3 IMA ADPCM,
+>>&0x5 byte !0 looping,
+>>&0x8 lelong x stereo
+>>&0x8 lelong !0 %u Hz
+
+# Nintendo 3DS BCWAV audio format
+# https://www.3dbrew.org/wiki/BCWAV
+# Added by David Korth <gerbilsoft@gerbilsoft.com>
+0 string CWAV Nintendo 3DS BCWAV audio file
+!:mime audio/x-bcwav
+!:ext bcwav
+# 3DS is little-endian, so default to LE.
+>4 leshort 0xFEFF
+>>0 use nintendo-3ds-bcwav-fields
+>4 beshort 0xFEFF
+>>0 use \^nintendo-3ds-bcwav-fields
+
+# Philips DSDIFF audio format (Direct Stream Digital Interchange File Format)
+# Used for DSD audio recordings and Super Audio CD (SACD) mastering annotations
+# https://dsd-guide.com/sites/default/files/white-papers/DSDIFF_1.5_Spec.pdf
+# From: Toni Ruottu <toni.ruottu@iki.fi>
+0 string FRM8
+12 string DSD\x20 DSDIFF audio bitstream data
+!:mime audio/x-dff
+!:ext dff
+
+# format version chunk
+>&0 string FVER
+# version 1
+>>&8 byte 1
+
+# v1 / sampling resolution ( 1 bit PDM only )
+>>>&0 string x \b, 1 bit
+
+# v1 / sound property chunk
+>>>&0 search/0xff PROP
+>>>>&8 string SND
+
+# v1 / sound property chunk / channel configuration chunk
+>>>>>&0 search/0xff CHNL
+>>>>>>&8 ubeshort 1 \b, mono
+>>>>>>&8 ubeshort 2
+>>>>>>>&0 string SLFTSRGT \b, stereo
+>>>>>>>&0 default x \b, 2 channels
+>>>>>>&8 ubeshort 3
+>>>>>>>&0 string SLFTSRGTLFE\x20 \b, 2.1 stereo
+>>>>>>>&0 string SLFTSRGTC\x20\x20\x20 \b, 3.0 stereo
+>>>>>>>&0 default x \b, 3 channels
+>>>>>>&8 ubeshort 4
+>>>>>>>&0 string MLFTMRGTLS\x20\x20RS\x20\x20 \b, 4.0 surround
+>>>>>>>&0 string SLFTSRGTC\x20\x20\x20LFE\x20 \b, 3.1 stereo
+>>>>>>>&0 default x \b, 4 channels
+>>>>>>&8 ubeshort 5
+>>>>>>>&0 string MLFTMRGTC\x20\x20\x20LS\x20\x20RS\x20\x20 \b, 5.0 surround
+>>>>>>>&0 string MLFTMRGTLFE\x20LS\x20\x20RS\x20\x20 \b, 4.1 surround
+>>>>>>>&0 default x \b, 5 channels
+>>>>>>&8 ubeshort 6
+>>>>>>>&0 string MLFTMRGTC\x20\x20\x20LFE\x20LS\x20\x20RS\x20\x20 \b, 5.1 surround
+>>>>>>>&0 default x \b, 6 channels
+>>>>>>&8 ubeshort >6 \b, %u channels
+
+# v1 / sound property chunk / sample rate chunk
+>>>>>&0 search/0xff FS\x20\x20
+>>>>>>&0 string x \b,
+>>>>>>&8 ubelong%44100 0
+>>>>>>>&-4 ubelong/44100 x "DSD %u"
+>>>>>>>&-4 ubelong x %u Hz
+
+# v1 / sound property chunk / compression type chunk
+>>>>>&0 search/0xff CMPR
+>>>>>>&8 string DSD\x20 \b, no compression
+>>>>>>&8 string DST\x20 \b, DST compression
+>>>>>>&8 default x \b, unknown compression
+
+# v1 / quest for metadata
+>>>&0 string x
+
+# v1 / quest for metadata / edited master information chunk
+>>>>&0 search DIIN
+>>>>>&0 ubequad >0 \b, "edited master" metadata
+
+# v1 / quest for metadata / ID3 chunk ( defacto standard )
+>>>>&0 search ID3\x20
+>>>>>&8 string ID3 \b, ID3 version 2
+>>>>>&0 byte x \b.%u
+>>>>>&1 byte x \b.%u
+
+# v1 / quest for metadata / failure ( possibly due to -P bytes=... being too low )
+>>>>&0 default x \b, ID3 missing (or unreachable)
+
+# version > 1 or 0
+>>&0 default x \b, unknown version
+
+# Sony DSF audio format (Direct Stream Digital Stream File)
+# Used for lossless digital storage of songs produced as DSD audio
+# Portable analog of a track stored on a Super Audio CD (SACD)
+# https://dsd-guide.com/sites/default/files/white-papers/DSFFileFormatSpec_E.pdf
+# From: Toni Ruottu <toni.ruottu@iki.fi>
+0 string DSD\x20 DSF audio bitstream data
+!:mime audio/x-dsf
+!:ext dsf
+
+# format chunk
+>28 string fmt\x20
+# version 1
+>>&8 ulelong 1
+
+# v1 / sampling resolution ( 1 bit PDM only )
+# NOTE: the spec incorrectly uses "bits per sample" instead of "bits per byte"
+>>>&0 string x \b, 1 bit
+
+# v1 / channel configuration
+>>>>&4 ulelong 1 \b, mono
+>>>>&4 ulelong 2 \b, stereo
+>>>>&4 ulelong 3 \b, 3.0 stereo
+>>>>&4 ulelong 4 \b, 4.0 surround
+>>>>&4 ulelong 5 \b, 3.1 stereo
+>>>>&4 ulelong 6 \b, 5.0 surround
+>>>>&4 ulelong 7 \b, 5.1 surround
+>>>>&0 default x
+>>>>>&4 ulelong x \b, %u channels
+
+# v1 / sample rate chunk
+>>>>&0 string x \b,
+>>>>&12 ulelong%44100 0
+>>>>>&-4 ulelong/44100 x "DSD %u"
+>>>>&12 ulelong x %u Hz
+
+# v1 / compression
+>>>>&0 string x
+>>>>>&0 ulelong 0 \b, no compression
+>>>>>&0 default x \b, unknown compression
+
+# v1 / embedded ID3v2 metadata
+>>>0 string x \b, ID3
+>>>>20 ulequad !0
+>>>>>(20.q) string ID3 version 2
+>>>>>>&0 byte x \b.%u
+>>>>>>&1 byte x \b.%u
+# unable to verify ID3 ( possibly due to -P bytes=... being too low )
+>>>>>&0 default x unreachable
+>>>>&0 default x missing
+
+# version > 1 or 0
+>>&0 default x \b, unknown version
diff --git a/magic/Magdir/avm b/magic/Magdir/avm
new file mode 100644
index 0000000..86e96d1
--- /dev/null
+++ b/magic/Magdir/avm
@@ -0,0 +1,33 @@
+
+#------------------------------------------------------------------------------
+# $File: avm,v 1.1 2020/08/28 20:37:58 christos Exp $
+# avm: file(1) magic for avm files; this is not use
+
+# Summary: FRITZ!Box router configuration backup
+# From: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/Fritz!Box
+# Reference: http://www.mengelke.de/Projekte/FritzBoxTools2
+# Note: only tested with models 4040 and 6490 Cable (lgi)
+0 string ****\ FRITZ!Box\ FRITZ!Box configuration backup
+#!:mime text/plain
+!:mime application/x-avm-export
+!:ext export
+# router model name like "4040" , "6490 Cable (lgi)" followed by " CONFIGURATION EXPORT"
+>15 string x of %-.4s
+# on 2nd line hashed password
+#>41 search/54 Password= \b, password
+# on 3rd line firmware version like: 141.06.24 141.06.50 141.07.10 ... 155.06.83
+>41 search/172 FirmwareVersion= \b, firmware version
+>>&0 string x %s
+# on 5th line oem like: avme lgi
+>41 search/285 OEM= \b, oem
+>>&0 string x %s
+# on 7th line language like: de en
+>41 search/305 Language= \b, language
+>>&0 string x %s
+# on 10th line cfg file name like: /var/tmp.cfg
+>41 search/349 tmp.cfg
+# on 11th line date inside c-comment like: Thu Jun 4 22:25:19 2015
+>>&4 string x \b, %s
+#
+
diff --git a/magic/Magdir/basis b/magic/Magdir/basis
new file mode 100644
index 0000000..19dd463
--- /dev/null
+++ b/magic/Magdir/basis
@@ -0,0 +1,18 @@
+
+#----------------------------------------------------------------
+# $File: basis,v 1.5 2019/04/19 00:42:27 christos Exp $
+# basis: file(1) magic for BBx/Pro5-files
+# Oliver Dammer <dammer@olida.de> 2005/11/07
+# https://www.basis.com business-basic-files.
+#
+0 string \074\074bbx\076\076 BBx
+>7 string \000 indexed file
+>7 string \001 serial file
+>7 string \002 keyed file
+>>13 short 0 (sort)
+>7 string \004 program
+>>18 byte x (LEVEL %d)
+>>>23 string >\000 psaved
+>7 string \006 mkeyed file
+>>13 short 0 (sort)
+>>8 string \000 (mkey)
diff --git a/magic/Magdir/beetle b/magic/Magdir/beetle
new file mode 100644
index 0000000..94a835c
--- /dev/null
+++ b/magic/Magdir/beetle
@@ -0,0 +1,7 @@
+#------------------------------------------------------------------------------
+# $File: beetle,v 1.2 2018/02/05 23:42:17 rrt Exp $
+# beetle: file(1) magic for Beetle VM object files
+# https://github.com/rrthomas/beetle/
+
+# Beetle object module
+0 string BEETLE\000 Beetle VM object file
diff --git a/magic/Magdir/ber b/magic/Magdir/ber
new file mode 100644
index 0000000..15288c6
--- /dev/null
+++ b/magic/Magdir/ber
@@ -0,0 +1,65 @@
+
+#------------------------------------------------------------------------------
+# $File: ber,v 1.2 2019/04/19 00:42:27 christos Exp $
+# ber: file(1) magic for several BER formats used in the mobile
+# telecommunications industry (Georg Sauthoff)
+
+# The file formats are standardized by the GSMA (GSM association).
+# They are specified via ASN.1 schemas and some prose. Basic encoding
+# rules (BER) is the used encoding. The formats are used for exchanging
+# call data records (CDRs) between mobile operators and associated
+# parties for roaming clearing purposes and fraud detection.
+
+# The magic file covers:
+
+# - TAP files (TD.57) - CDR batches and notifications
+# - RAP files (TD.32) - return batches and acknowledgements
+# - NRT files (TD.35) - CDR batches for 'near real time' processing
+
+#
+# TAP 3 Files
+# TAP -> Transferred Account Procedure
+# cf. https://www.gsma.com/newsroom/wp-content/uploads/TD.57-v32.31.pdf
+# TransferBatch short tag
+0 byte 0x61
+# BatchControlInfo short tag
+>&1 search/b5 \x64
+# Sender long tag #TAP 3.x (BER encoded)
+>>&1 search/b8 \x5f\x81\x44
+# <SpecificationVersionNumber>3</><ReleaseVersionNumber> block
+>>>&64 search/b64 \x5f\x81\x49\x01\x03\x5f\x81\x3d\x01
+>>>>&0 byte x TAP 3.%d Batch (TD.57, Transferred Account)
+
+# Notification short tag
+0 byte 0x62
+# Sender long tag
+>2 search/b8 \x5f\x81\x44
+# <SpecificationVersionNumber>3</><ReleaseVersionNumber> block
+>>&64 search/b64 \x5f\x81\x49\x01\x03\x5f\x81\x3d\x01
+>>>&0 byte x TAP 3.%d Notification (TD.57, Transferred Account)
+
+
+# NRT Files
+# NRT a.k.a. NRTRDE
+0 byte 0x61
+# <SpecificationVersionNumber>2</><ReleaseVersionNumber> block
+>&1 search/b8 \x5f\x29\x01\x02\x5f\x25\x01
+>>&0 byte x NRT 2.%d (TD.35, Near Real Time Roaming Data Exchange)
+
+# RAP Files
+# cf. https://www.gsma.com/newsroom/wp-content/uploads/TD.32-v6.11.pdf
+# Long ReturnBatch tag
+0 string \x7f\x84\x16
+# Long RapBatchControlInfo tag
+>&1 search/b8 \x7f\x84\x19
+# <SpecificationVersionNumber>3</><ReleaseVersionNumber> block
+>>&64 search/b64 \x5f\x81\x49\x01\x03\x5f\x81\x3d\x01
+# <RapSpecificationVersionNumber>1</><RapReleaseVersionNumber> block
+>>>&1 string/b \x5f\x84\x20\x01\x01\x5f\x84\x1f\x01
+>>>>&0 byte x RAP 1.%d Batch (TD.32, Returned Account Procedure),
+>>>&0 byte x TAP 3.%d
+
+# Long Acknowledgement tag
+0 string \x7f\x84\x17
+# Long Sender tag
+>&1 search/b5 \x5f\x81\x44 RAP Acknowledgement (TD.32, Returned Account Procedure)
diff --git a/magic/Magdir/bflt b/magic/Magdir/bflt
new file mode 100644
index 0000000..c46b4db
--- /dev/null
+++ b/magic/Magdir/bflt
@@ -0,0 +1,14 @@
+
+#------------------------------------------------------------------------------
+# $File: bflt,v 1.5 2014/04/30 21:41:02 christos Exp $
+# bFLT: file(1) magic for BFLT uclinux binary files
+#
+# From Philippe De Muyter <phdm@macqel.be>
+#
+0 string bFLT BFLT executable
+>4 belong x - version %d
+>4 belong 4
+>>36 belong&0x1 0x1 ram
+>>36 belong&0x2 0x2 gotpic
+>>36 belong&0x4 0x4 gzip
+>>36 belong&0x8 0x8 gzdata
diff --git a/magic/Magdir/bhl b/magic/Magdir/bhl
new file mode 100644
index 0000000..6f57f03
--- /dev/null
+++ b/magic/Magdir/bhl
@@ -0,0 +1,10 @@
+
+#------------------------------------------------------------------------------
+# $File: bhl,v 1.1 2017/06/11 22:20:02 christos Exp $
+# BlockHashLoc
+# ext: bhl
+# Marco Pontello marcopon@gmail.com
+# reference: https://github.com/MarcoPon/BlockHashLoc
+0 string BlockHashLoc\x1a BlockHashLoc recovery info,
+>13 byte x version %d
+!:ext bhl
diff --git a/magic/Magdir/bioinformatics b/magic/Magdir/bioinformatics
new file mode 100644
index 0000000..2966fa6
--- /dev/null
+++ b/magic/Magdir/bioinformatics
@@ -0,0 +1,178 @@
+
+#------------------------------------------------------------------------------
+# $File: bioinformatics,v 1.5 2019/04/19 00:42:27 christos Exp $
+# bioinfomatics: file(1) magic for Bioinfomatics file formats
+
+###############################################################################
+# BGZF (Blocked GNU Zip Format) - gzip compatible, but also indexable
+# used by SAMtools bgzip/tabix (http://samtools.sourceforge.net/tabix.shtml)
+###############################################################################
+0 string \037\213
+>3 byte &0x04
+>>12 string BC
+>>>14 leshort &0x02 Blocked GNU Zip Format (BGZF; gzip compatible)
+>>>>16 leshort x \b, block length %d
+!:mime application/x-gzip
+
+
+###############################################################################
+# Tabix index file
+# used by SAMtools bgzip/tabix (http://samtools.sourceforge.net/tabix.shtml)
+###############################################################################
+0 string TBI\1 SAMtools TBI (Tabix index format)
+>0x04 lelong =1 \b, with %d reference sequence
+>0x04 lelong >1 \b, with %d reference sequences
+>0x08 lelong &0x10000 \b, using half-closed-half-open coordinates (BED style)
+>0x08 lelong ^0x10000
+>>0x08 lelong =0 \b, using closed and one based coordinates (GFF style)
+>>0x08 lelong =1 \b, using SAM format
+>>0x08 lelong =2 \b, using VCF format
+>0x0c lelong x \b, sequence name column: %d
+>0x10 lelong x \b, region start column: %d
+>0x08 lelong =0
+>>0x14 lelong x \b, region end column: %d
+>0x18 byte x \b, comment character: %c
+>0x1c lelong x \b, skip line count: %d
+
+
+###############################################################################
+# BAM (Binary Sequence Alignment/Map format)
+# used by SAMtools (http://samtools.sourceforge.net/SAM1.pdf)
+# data is normally present only within compressed BGZF blocks (CDATA), so use file -z to examine it
+###############################################################################
+0 string BAM\1 SAMtools BAM (Binary Sequence Alignment/Map)
+>0x04 lelong >0
+>>&0x00 regex =^[@]HD\t.*VN: \b, with SAM header
+>>>&0 regex =[0-9.]+ \b version %s
+>>&(0x04) lelong >0 \b, with %d reference sequences
+
+
+###############################################################################
+# BAI (BAM indexing format)
+# used by SAMtools (http://samtools.sourceforge.net/SAM1.pdf)
+###############################################################################
+0 string BAI\1 SAMtools BAI (BAM indexing format)
+>0x04 lelong >0 \b, with %d reference sequences
+
+
+###############################################################################
+# CRAM (Binary Sequence Alignment/Map format)
+###############################################################################
+0 string CRAM CRAM
+>0x04 byte >-1 version %d.
+>0x05 byte >-1 \b%d
+>0x06 string >\0 (identified as %s)
+
+
+###############################################################################
+# BCF (Binary Call Format), version 1
+# used by SAMtools & VCFtools (http://vcftools.sourceforge.net/bcf.pdf)
+# data is normally present only within compressed BGZF blocks (CDATA), so use file -z to examine it
+###############################################################################
+0 string BCF\4
+# length of seqnm data in bytes is positive
+>&0x00 lelong >0
+# length of smpl data in bytes is positive
+>>&(&-0x04) lelong >0 SAMtools BCF (Binary Call Format)
+# length of meta in bytes
+>>>&(&-0x04) lelong >0
+# have meta text string
+>>>>&0x00 search ##samtoolsVersion=
+>>>>>&0x00 string x \b, generated by SAMtools version %s
+
+
+###############################################################################
+# BCF (Binary Call Format), version 2.1
+# used by SAMtools (https://samtools.github.io/hts-specs/BCFv2_qref.pdf)
+# data is normally present only within compressed BGZF blocks (CDATA), so use file -z to examine it
+###############################################################################
+0 string BCF\2\1 Binary Call Format (BCF) version 2.1
+# length of header text
+>&0x00 lelong >0
+# have header string
+>>&0x00 search ##samtoolsVersion=
+>>>&0x00 string x \b, generated by SAMtools version %s
+
+
+###############################################################################
+# BCF (Binary Call Format), version 2.2
+# used by SAMtools (https://samtools.github.io/hts-specs/BCFv2_qref.pdf)
+# data is normally present only within compressed BGZF blocks (CDATA), so use file -z to examine it
+###############################################################################
+0 string BCF\2\2 Binary Call Format (BCF) version 2.2
+# length of header text
+>&0x00 lelong >0
+# have header string
+>>&0x00 search ##samtoolsVersion=
+>>>&0x00 string x \b, generated by SAMtools version %s
+
+###############################################################################
+# VCF (Variant Call Format)
+# used by VCFtools (http://vcftools.sourceforge.net/)
+###############################################################################
+0 search ##fileformat=VCFv Variant Call Format (VCF)
+>&0 string x \b version %s
+
+###############################################################################
+# FASTQ
+# used by MAQ (http://maq.sourceforge.net/fastq.shtml)
+###############################################################################
+# XXX Broken?
+# @<seqname>
+#0 regex =^@[A-Za-z0-9_.:-]+\?\n
+# <seq>
+#>&1 regex =^[A-Za-z\n.~]++
+# +[<seqname>]
+#>>&1 regex =^[A-Za-z0-9_.:-]*\?\n
+# <qual>
+#>>>&1 regex =^[!-~\n]+\n FASTQ
+
+###############################################################################
+# FASTA
+# used by FASTA (https://fasta.bioch.virginia.edu/fasta_www2/fasta_guide.pdf)
+###############################################################################
+#0 byte 0x3e
+# q>0 regex =^[>][!-~\t\ ]+$
+# Amino Acid codes: [A-IK-Z*-]+
+#>>1 regex !=[!-'Jj;:=?@^`|~\\] FASTA
+# IUPAC codes/gaps: [ACGTURYKMSWBDHVNX-]+
+# not in IUPAC codes/gaps: [EFIJLOPQZ]
+#>>>1 regex !=[EFIJLOPQZefijlopqz] \b, with IUPAC nucleotide codes
+#>>>1 regex =^[EFIJLOPQZefijlopqz]+$ \b, with Amino Acid codes
+
+###############################################################################
+# SAM (Sequence Alignment/Map format)
+# used by SAMtools (http://samtools.sourceforge.net/SAM1.pdf)
+###############################################################################
+# Short-cut version to recognise SAM files with (optional) header at beginning
+###############################################################################
+0 string @HD\t
+>4 search VN: Sequence Alignment/Map (SAM), with header
+>>&0 regex [0-9.]+ \b version %s
+###############################################################################
+# Longer version to recognise SAM alignment lines using (many) regexes
+###############################################################################
+# SAM Alignment QNAME
+0 regex =^[!-?A-~]{1,255}(\t[^\t]+){11}
+# SAM Alignment FLAG
+>0 regex =^([^\t]+\t){1}[0-9]{1,5}\t
+# SAM Alignment RNAME
+>>0 regex =^([^\t]+\t){2}\\*|[^*=]*\t
+# SAM Alignment POS
+>>>0 regex =^([^\t]+\t){3}[0-9]{1,9}\t
+# SAM Alignment MAPQ
+>>>>0 regex =^([^\t]+\t){4}[0-9]{1,3}\t
+# SAM Alignment CIGAR
+>>>>>0 regex =\t(\\*|([0-9]+[MIDNSHPX=])+)\t
+# SAM Alignment RNEXT
+>>>>>>0 regex =\t(\\*|=|[!-()+->?-~][!-~]*)\t
+# SAM Alignment PNEXT
+>>>>>>>0 regex =^([^\t]+\t){7}[0-9]{1,9}\t
+# SAM Alignment TLEN
+>>>>>>>>0 regex =\t[+-]{0,1}[0-9]{1,9}\t.*\t
+# SAM Alignment SEQ
+>>>>>>>>>0 regex =^([^\t]+\t){9}(\\*|[A-Za-z=.]+)\t
+# SAM Alignment QUAL
+>>>>>>>>>>0 regex =^([^\t]+\t){10}[!-~]+ Sequence Alignment/Map (SAM)
+>>>>>>>>>>>0 regex =^[@]HD\t.*VN: \b, with header
+>>>>>>>>>>>>&0 regex =[0-9.]+ \b version %s
diff --git a/magic/Magdir/biosig b/magic/Magdir/biosig
new file mode 100644
index 0000000..7d41713
--- /dev/null
+++ b/magic/Magdir/biosig
@@ -0,0 +1,154 @@
+
+##############################################################################
+#
+# Magic ids for biomedical signal file formats
+# Copyright (C) 2018 Alois Schloegl <alois.schloegl@gmail.com>
+#
+# The list has been derived from biosig projects
+# http://biosig.sourceforge.net
+# https://pub.ist.ac.at/~schloegl/matlab/eeg/
+# https://pub.ist.ac.at/~schloegl/biosig/TESTED
+#
+##############################################################################
+#
+0 string ABF\x20 Biosig/Axon Binary format
+!:mime biosig/abf2
+0 string ABF2\0\0 Biosig/Axon Binary format
+!:mime biosig/abf2
+#
+0 string ATES\x20MEDICA\x20SOFT.\x20EEG\x20for\x20Windows Biosig/ATES MEDICA SOFT. EEG for Windows
+!:mime biosig/ates
+#
+0 string ATF\x09 Biosig/Axon Text format
+!:mime biosig/atf
+#
+0 string ADU1 Biosig/Axona file format
+!:mime biosig/axona
+0 string ADU2 Biosig/Axona file format
+!:mime biosig/axona
+#
+0 string ALPHA-TRACE-MEDICAL Biosig/alpha trace
+!:mime biosig/alpha
+#
+0 string AxGr Biosig/AXG
+0 string axgx Biosig/AXG
+!:mime biosig/axg
+#
+0 string HeaderLen= Biosig/BCI2000
+0 string BCI2000V Biosig/BCI2000
+!:mime biosig/bci2000
+#
+### Specification: https://www.biosemi.com/faq/file_format.htm
+0 string \xffBIOSEMI Biosig/Biosemi data format
+!:mime biosig/bdf
+#
+0 string Brain\x20Vision\x20Data\x20Exchange\x20Header\x20File Biosig/Brainvision data file
+0 string Brain\x20Vision\x20V-Amp\x20Data\x20Header\x20File\x20Version Biosig/Brainvision V-Amp file
+0 string Brain\x20Vision\x20Data\x20Exchange\x20Marker\x20File,\x20Version Biosig/Brainvision Marker file
+!:mime biosig/brainvision
+#
+0 string CEDFILE Biosig/CFS: Cambridge Electronic devices File format
+!:mime biosig/ced
+#
+### Specification: https://www.edfplus.info/specs/index.html
+0 string 0\x20\x20\x20\x20\x20\x20\x20 Biosig/EDF: European Data format
+!:mime biosig/edf
+#
+### Specifications: https://arxiv.org/abs/cs/0608052
+0 string GDF Biosig/GDF: General data format for biosignals
+!:mime biosig/gdf
+#
+0 string DATA\0\0\0\0 Biosig/Heka Patchmaster
+0 string DAT1\0\0\0\0 Biosig/Heka Patchmaster
+0 string DAT2\0\0\0\0 Biosig/Heka Patchmaster
+!:mime biosig/heka
+#
+0 string (C)\x20CED\x2087 Biosig/CED SMR
+!:mime biosig/ced-smr
+#
+0 string CFWB\1\0\0\0 Biosig/CFWB
+!:mime biosig/cfwb
+#
+0 string DEMG Biosig/DEMG
+!:mime biosig/demg
+#
+0 string EBS\x94\x0a\x13\x1a\x0d Biosig/EBS
+!:mime biosig/ebs
+#
+0 string Embla\x20data\x20file Biosig/Embla
+!:mime biosig/embla
+#
+0 string Header\r\nFile Version Biosig/ETG4000
+!:mime biosig/etg4000
+#
+0 string GALILEO\x20EEG\x20TRACE\x20FILE Biosig/Galileo
+!:mime biosig/galileo
+#
+0 string IGOR Biosig/IgorPro ITX file
+!:mime biosig/igorpro
+#
+# Specification: http://www.ampsmedical.com/uploads/2017-12-7/The_ISHNE_Format.pdf
+0 string ISHNE1.0 Biosig/ISHNE
+!:mime biosig/ishne
+#
+# CEN/ISO 11073/22077 series, http://www.mfer.org/en/document.htm
+0 string @\x20\x20MFER\x20 Biosig/MFER
+0 string @\x20MFR\x20 Biosig/MFER
+!:mime biosig/mfer
+#
+0 string NEURALEV Biosig/NEV
+0 string N.EV.\0 Biosig/NEV
+!:mime biosig/nev
+#
+0 string NEX1 Biosig/NEX
+!:mime biosig/nex1
+#
+0 string PLEX Biosig/Plexon v1.0
+10 string PLEXON Biosig/Plexon v2.0
+!:mime biosig/plexon
+#
+0 string \x02\x27\x91\xC6 Biosig/RHD2000: Intan RHD2000 format
+#
+# Specification: CEN 1064:2005/ISO 11073:91064
+16 string SCPECG\0\0 Biosig/SCP-ECG format CEN 1064:2005/ISO 11073:91064
+!:mime biosig/scpecg
+#
+0 string IAvSFo Biosig/SIGIF
+!:mime biosig/sigif
+#
+0 string POLY\x20SAMPLE\x20FILEversion\x20 Biosig/TMS32
+!:mime biosig/tms32
+#
+0 string FileId=TMSi\x20PortiLab\x20sample\x20log\x20file\x0a\x0dVersion= Biosig/TMSiLOG
+!:mime biosig/tmsilog
+#
+4 string Synergy\0\48\49\50\46\48\48\51\46\48\48\48\46\48\48\48\0\28\0\0\0\2\0\0\0
+>63 string CRawDataElement
+>>85 string CRawDataBuffer Biosig/SYNERGY
+!:mime biosig/synergy
+#
+4 string \40\0\4\1\44\1\102\2\146\3\44\0\190\3 Biosig/UNIPRO
+!:mime biosig/unipro
+#
+0 string VER=9\r\nCTIME= Biosig/WCP
+!:mime biosig/wcp
+#
+0 string \xAF\xFE\xDA\xDA Biosig/Walter Graphtek
+0 string \xDA\xDA\xFE\xAF Biosig/Walter Graphtek
+0 string \x55\x55\xFE\xAF Biosig/Walter Graphtek
+!:mime biosig/walter-graphtek
+#
+0 string V3.0\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20
+>32 string [PatInfo] Biosig/Sigma
+!:mime biosig/sigma
+#
+0 string \067\069\078\013\010\0x1a\04\0x84 Biosig/File exchange format (FEF)
+!:mime biosig/fef
+0 string \67\69\78\0x13\0x10\0x1a\4\0x84 Biosig/File exchange format (FEF)
+!:mime biosig/fef
+#
+0 string \0\0\0\x64\0\0\0\x1f\0\0\0\x14\0\0\0\0\0\1
+>36 string \0\0\0\x65\0\0\0\3\0\0\0\4\0\0
+>>56 string \0\0\0\x6a\0\0\0\3\0\0\0\4\0\0\0\0\xff\xff\xff\xff\0\0 Biosig/FIFF
+!:mime biosig/fiff
+#
diff --git a/magic/Magdir/blackberry b/magic/Magdir/blackberry
new file mode 100644
index 0000000..2e38a54
--- /dev/null
+++ b/magic/Magdir/blackberry
@@ -0,0 +1,8 @@
+
+#------------------------------------------------------------------------------
+# $File: blackberry,v 1.2 2017/03/17 21:35:28 christos Exp $
+# blackberry: file(1) magic for BlackBerry file formats
+#
+5 belong 0
+>8 belong 010010010 BlackBerry RIM ETP file
+>>22 string x \b for %s
diff --git a/magic/Magdir/blcr b/magic/Magdir/blcr
new file mode 100644
index 0000000..d2f901a
--- /dev/null
+++ b/magic/Magdir/blcr
@@ -0,0 +1,25 @@
+# Berkeley Lab Checkpoint Restart (BLCR) checkpoint context files
+# https://ftg.lbl.gov/checkpoint
+0 string C\0\0\0R\0\0\0 BLCR
+>16 lelong 1 x86
+>16 lelong 3 alpha
+>16 lelong 5 x86-64
+>16 lelong 7 ARM
+>8 lelong x context data (little endian, version %d)
+# Uncomment the following only of your "file" program supports "search"
+#>0 search/1024 VMA\06 for kernel
+#>>&1 byte x %d.
+#>>&2 byte x %d.
+#>>&3 byte x %d
+0 string \0\0\0C\0\0\0R BLCR
+>16 belong 2 SPARC
+>16 belong 4 ppc
+>16 belong 6 ppc64
+>16 belong 7 ARMEB
+>16 belong 8 SPARC64
+>8 belong x context data (big endian, version %d)
+# Uncomment the following only of your "file" program supports "search"
+#>0 search/1024 VMA\06 for kernel
+#>>&1 byte x %d.
+#>>&2 byte x \b%d.
+#>>&3 byte x \b%d
diff --git a/magic/Magdir/blender b/magic/Magdir/blender
new file mode 100644
index 0000000..5a89711
--- /dev/null
+++ b/magic/Magdir/blender
@@ -0,0 +1,50 @@
+
+#------------------------------------------------------------------------------
+# $File: blender,v 1.9 2022/12/21 15:53:27 christos Exp $
+# blender: file(1) magic for Blender 3D related files
+#
+# Native format rule v1.2. For questions use the developers list
+# https://lists.blender.org/mailman/listinfo/bf-committers
+# GLOB chunk was moved near start and provides subversion info since 2.42
+# Update: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/BLEND
+# http://www.blender.org/
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/b/blend.trid.xml
+# http://formats.kaitai.io/blender_blend/index.html
+# Note: called "Blender 3D data" by TrID
+# and gzip compressed variant handled by ./compress
+0 string =BLENDER Blender3D,
+#!:mime application/octet-stream
+!:mime application/x-blender
+!:ext blend
+# no sample found with extension blender
+#!:ext blend/blender
+>7 string =_ saved as 32-bits
+>>8 string =v little endian
+>>>9 byte x with version %c.
+>>>10 byte x \b%c
+>>>11 byte x \b%c
+>>>0x40 string =GLOB \b.
+>>>>0x58 leshort x \b%.4d
+>>8 string =V big endian
+>>>9 byte x with version %c.
+>>>10 byte x \b%c
+>>>11 byte x \b%c
+>>>0x40 string =GLOB \b.
+>>>>0x58 beshort x \b%.4d
+>7 string =- saved as 64-bits
+>>8 string =v little endian
+>>9 byte x with version %c.
+>>10 byte x \b%c
+>>11 byte x \b%c
+>>0x44 string =GLOB \b.
+>>>0x60 leshort x \b%.4d
+>>8 string =V big endian
+>>>9 byte x with version %c.
+>>>10 byte x \b%c
+>>>11 byte x \b%c
+>>>0x44 string =GLOB \b.
+>>>>0x60 beshort x \b%.4d
+
+# Scripts that run in the embedded Python interpreter
+0 string #!BPY Blender3D BPython script
diff --git a/magic/Magdir/blit b/magic/Magdir/blit
new file mode 100644
index 0000000..5ce7870
--- /dev/null
+++ b/magic/Magdir/blit
@@ -0,0 +1,24 @@
+
+#------------------------------------------------------------------------------
+# $File: blit,v 1.9 2021/07/03 14:01:46 christos Exp $
+# blit: file(1) magic for 68K Blit stuff as seen from 680x0 machine
+#
+# Note that this 0407 conflicts with several other a.out formats...
+#
+# XXX - should this be redone with "be" and "le", so that it works on
+# little-endian machines as well? If so, what's the deal with
+# "VAX-order" and "VAX-order2"?
+#
+#0 long 0407 68K Blit (standalone) executable
+#0 short 0407 VAX-order2 68K Blit (standalone) executable
+0 short 03401 VAX-order 68K Blit (standalone) executable
+0 long 0406 68k Blit mpx/mux executable
+0 short 0406 VAX-order2 68k Blit mpx/mux executable
+# GRR: line below is too general as it matches also TTComp archive, ASCII, 4K handled by ./archive
+0 short 03001 VAX-order 68k Blit mpx/mux executable
+# TODO:
+# skip TTComp archive, ASCII, 4K by looking for executable keyword like main
+#>0 search/5536 main\0 VAX-order 68k Blit mpx/mux executable
+# Need more values for WE32 DMD executables.
+# Note that 0520 is the same as COFF
+#0 short 0520 tty630 layers executable
diff --git a/magic/Magdir/bm b/magic/Magdir/bm
new file mode 100644
index 0000000..a9a1d5b
--- /dev/null
+++ b/magic/Magdir/bm
@@ -0,0 +1,10 @@
+
+#------------------------------------------------------------------------------
+# $File: bm,v 1.2 2021/03/14 16:56:51 christos Exp $
+# bm: file(1) magic for "Birtual Machine", cf. https://github.com/tsoding/bm
+
+0 string bm\001\244 Birtual Machine
+>4 leshort x \b, version %d
+>6 lelong x \b, program size %u
+>14 lelong x \b, memory size %u
+>22 lelong x \b, memory capacity %u
diff --git a/magic/Magdir/bout b/magic/Magdir/bout
new file mode 100644
index 0000000..693cc2a
--- /dev/null
+++ b/magic/Magdir/bout
@@ -0,0 +1,11 @@
+
+#------------------------------------------------------------------------------
+# $File: bout,v 1.5 2009/09/19 16:28:08 christos Exp $
+# i80960 b.out objects and archives
+#
+0 long 0x10d i960 b.out relocatable object
+>16 long >0 not stripped
+#
+# b.out archive (hp-rt on i960)
+0 string =!<bout> b.out archive
+>8 string __.SYMDEF random library
diff --git a/magic/Magdir/bsdi b/magic/Magdir/bsdi
new file mode 100644
index 0000000..8499b0c
--- /dev/null
+++ b/magic/Magdir/bsdi
@@ -0,0 +1,33 @@
+
+#------------------------------------------------------------------------------
+# $File: bsdi,v 1.7 2014/03/29 15:40:34 christos Exp $
+# bsdi: file(1) magic for BSD/OS (from BSDI) objects
+# Some object/executable formats use the same magic numbers as are used
+# in other OSes; those are handled by entries in aout.
+#
+
+0 lelong 0314 386 compact demand paged pure executable
+>16 lelong >0 not stripped
+>32 byte 0x6a (uses shared libs)
+
+# same as in SunOS 4.x, except for static shared libraries
+0 belong&077777777 0600413 SPARC demand paged
+>0 byte &0x80
+>>20 belong <4096 shared library
+>>20 belong =4096 dynamically linked executable
+>>20 belong >4096 dynamically linked executable
+>0 byte ^0x80 executable
+>16 belong >0 not stripped
+>36 belong 0xb4100001 (uses shared libs)
+
+0 belong&077777777 0600410 SPARC pure
+>0 byte &0x80 dynamically linked executable
+>0 byte ^0x80 executable
+>16 belong >0 not stripped
+>36 belong 0xb4100001 (uses shared libs)
+
+0 belong&077777777 0600407 SPARC
+>0 byte &0x80 dynamically linked executable
+>0 byte ^0x80 executable
+>16 belong >0 not stripped
+>36 belong 0xb4100001 (uses shared libs)
diff --git a/magic/Magdir/bsi b/magic/Magdir/bsi
new file mode 100644
index 0000000..87e0fec
--- /dev/null
+++ b/magic/Magdir/bsi
@@ -0,0 +1,10 @@
+# Chiasmus is an encryption standard developed by the German Federal
+# Office for Information Security (Bundesamt fuer Sicherheit in der
+# Informationstechnik).
+
+# https://www.bsi.bund.de/EN/Topics/OtherTopics/Chiasmus/Chiasmus_node.html
+0 string XIA1\r Chiasmus Encrypted data
+!:ext xia
+
+0 string XIS Chiasmus key
+!:ext xis
diff --git a/magic/Magdir/btsnoop b/magic/Magdir/btsnoop
new file mode 100644
index 0000000..d72daad
--- /dev/null
+++ b/magic/Magdir/btsnoop
@@ -0,0 +1,13 @@
+
+#------------------------------------------------------------------------------
+# $File: btsnoop,v 1.5 2009/09/19 16:28:08 christos Exp $
+# BTSnoop: file(1) magic for BTSnoop files
+#
+# From <marcel@holtmann.org>
+0 string btsnoop\0 BTSnoop
+>8 belong x version %d,
+>12 belong 1001 Unencapsulated HCI
+>12 belong 1002 HCI UART (H4)
+>12 belong 1003 HCI BCSP
+>12 belong 1004 HCI Serial (H5)
+>>12 belong x type %d
diff --git a/magic/Magdir/burp b/magic/Magdir/burp
new file mode 100644
index 0000000..460d18c
--- /dev/null
+++ b/magic/Magdir/burp
@@ -0,0 +1,7 @@
+
+#------------------------------------------------------------
+# $File: burp,v 1.1 2022/07/04 17:15:09 christos Exp $
+# Burp file, I don't know the version
+#------------------------------------------------------------
+# From wof (wof@stachelkaktus.net)
+0 bequad 0x6685828000000001 Burp project save file
diff --git a/magic/Magdir/bytecode b/magic/Magdir/bytecode
new file mode 100644
index 0000000..dca961c
--- /dev/null
+++ b/magic/Magdir/bytecode
@@ -0,0 +1,41 @@
+
+#------------------------------------------------------------
+# $File: bytecode,v 1.5 2023/02/20 16:25:05 christos Exp $
+# magic for various bytecodes
+
+# From: Mikhail Gusarov <dottedmag@dottedmag.net>
+# NekoVM (https://nekovm.org/) bytecode
+0 string NEKO NekoVM bytecode
+>4 lelong x (%d global symbols,
+>8 lelong x %d global fields,
+>12 lelong x %d bytecode ops)
+!:mime application/x-nekovm-bytecode
+
+# https://www.iana.org/assignments/media-types/application/vnd.resilient.logic
+# From: Benedikt Muessig <benedikt@resilient-group.de>
+0 belong 0x07524c4d Resilient Logic bytecode
+!:mime application/vnd.resilient.logic
+>4 byte/16 x \b, version %d
+>4 byte&0x0f x \b.%d
+
+# Guile file magic from <dalepsmith@gmail.com>
+# https://www.gnu.org/s/guile/
+# https://git.savannah.gnu.org/gitweb/?p=guile.git;f=libguile/_scm.h;hb=HEAD#l250
+
+0 string GOOF---- Guile Object
+>8 string LE \b, little endian
+>8 string BE \b, big endian
+>11 string 4 \b, 32bit
+>11 string 8 \b, 64bit
+>13 regex .\\.. \b, bytecode v%s
+
+# Racket file magic
+# From: Haelwenn (lanodan) Monnier <contact+libmagic@hacktivis.me>
+# https://racket-lang.org/
+# https://github.com/racket/racket/blob/master/racket/src/expander/compile/write-linklet.rkt
+0 string #~
+>&0 pstring x
+>>&0 pstring racket
+>>>0 string #~ Racket bytecode
+>>>>&0 pstring x (version %s)
+
diff --git a/magic/Magdir/c-lang b/magic/Magdir/c-lang
new file mode 100644
index 0000000..6e375a0
--- /dev/null
+++ b/magic/Magdir/c-lang
@@ -0,0 +1,110 @@
+#------------------------------------------------------------------------------
+# $File: c-lang,v 1.32 2023/06/16 19:57:19 christos Exp $
+# c-lang: file(1) magic for C and related languages programs
+#
+# The strength is to beat standard HTML
+
+# BCPL
+0 search/8192 "libhdr" BCPL source text
+!:mime text/x-bcpl
+0 search/8192 "LIBHDR" BCPL source text
+!:mime text/x-bcpl
+
+# C
+# Check for class if include is found, otherwise class is beaten by include because of lowered strength
+0 search/8192 #include
+>0 regex \^#include C
+>>0 regex \^class[[:space:]]+
+>>>&0 regex \\{[\.\*]\\}(;)?$ \b++
+>>&0 clear x source text
+!:strength + 15
+!:mime text/x-c
+0 search/8192 pragma
+>0 regex \^#[[:space:]]*pragma C source text
+!:mime text/x-c
+0 search/8192 endif
+>0 regex \^#[[:space:]]*(if\|ifn)def
+>>&0 regex \^#[[:space:]]*endif$ C source text
+!:mime text/x-c
+0 search/8192 define
+>0 regex \^#[[:space:]]*(if\|ifn)def
+>>&0 regex \^#[[:space:]]*define C source text
+!:mime text/x-c
+0 search/8192 char
+>0 regex \^[[:space:]]*char(\ \\*|\\*)(.+)(=.*)?;[[:space:]]*$ C source text
+!:mime text/x-c
+0 search/8192 double
+>0 regex \^[[:space:]]*double(\ \\*|\\*)(.+)(=.*)?;[[:space:]]*$ C source text
+!:mime text/x-c
+0 search/8192 extern
+>0 regex \^[[:space:]]*extern[[:space:]]+ C source text
+!:mime text/x-c
+0 search/8192 float
+>0 regex \^[[:space:]]*float(\ \\*|\\*)(.+)(=.*)?;[[:space:]]*$ C source text
+!:mime text/x-c
+0 search/8192 struct
+>0 regex \^struct[[:space:]]+ C source text
+!:mime text/x-c
+0 search/8192 union
+>0 regex \^union[[:space:]]+ C source text
+!:mime text/x-c
+0 search/8192 main(
+>&0 search/64 String Java source text
+!:mime text/x-java
+>&0 default x
+>>&0 regex \\)[[:space:]]*\\{ C source text
+!:mime text/x-c
+
+# C++
+# The strength of these rules is increased so they beat the C rules above
+0 search/8192 namespace
+>0 regex \^namespace[[:space:]]+[_[:alpha:]]{1,30}[[:space:]]*\\{ C++ source text
+!:strength + 30
+!:mime text/x-c++
+# using namespace [namespace] or using std::[lib]
+0 search/8192 using
+>0 regex \^using[[:space:]]+(namespace\ )?std(::)?[[:alpha:]]*[[:space:]]*; C++ source text
+!:strength + 30
+!:mime text/x-c++
+0 search/8192 template
+>0 regex \^[[:space:]]*template[[:space:]]*<.*>[[:space:]]*$ C++ source text
+!:strength + 30
+!:mime text/x-c++
+0 search/8192 virtual
+>0 regex \^[[:space:]]*virtual[[:space:]]+.*[};][[:space:]]*$ C++ source text
+!:strength + 30
+!:mime text/x-c++
+# But class alone is reduced to avoid beating php (Jens Schleusener)
+0 search/8192 class
+>0 regex \^[[:space:]]*class[[:space:]]+[[:digit:][:alpha:]:_]+[[:space:]]*\\{(.*[\n]*)*\\}(;)?$ C++ source text
+!:strength + 13
+!:mime text/x-c++
+0 search/8192 public
+>0 regex \^[[:space:]]*public: C++ source text
+!:strength + 30
+!:mime text/x-c++
+0 search/8192 private
+>0 regex \^[[:space:]]*private: C++ source text
+!:strength + 30
+!:mime text/x-c++
+0 search/8192 protected
+>0 regex \^[[:space:]]*protected: C++ source text
+!:strength + 30
+!:mime text/x-c++
+
+# Objective-C
+0 search/8192 #import
+>0 regex \^#import[[:space:]]+["<] Objective-C source text
+!:strength + 25
+!:mime text/x-objective-c
+
+# From: Mikhail Teterin <mi@aldan.algebra.com>
+0 string cscope cscope reference data
+>7 string x version %.2s
+# We skip the path here, because it is often long (so file will
+# truncate it) and mostly redundant.
+# The inverted index functionality was added some time between
+# versions 11 and 15, so look for -q if version is above 14:
+>7 string >14
+>>10 search/100 \ -q\ with inverted index
+>10 search/100 \ -c\ text (non-compressed)
diff --git a/magic/Magdir/c64 b/magic/Magdir/c64
new file mode 100644
index 0000000..6c87320
--- /dev/null
+++ b/magic/Magdir/c64
@@ -0,0 +1,549 @@
+
+#------------------------------------------------------------------------------
+# $File: c64,v 1.14 2023/06/16 19:24:06 christos Exp $
+# c64: file(1) magic for various commodore 64 related files
+#
+# From: Dirk Jagdmann <doj@cubic.org>
+
+0x16500 belong 0x12014100 D64 Image
+0x16500 belong 0x12014180 D71 Image
+0x61800 belong 0x28034400 D81 Image
+0 belong 0x43154164 X64 Image
+
+# C64 (and other CBM) cartridges
+# Extended by David Korth <gerbilsoft@gerbilsoft.com>
+# Reference: https://vice-emu.sourceforge.io/vice_17.html#SEC391
+
+0 string C64\40CARTRIDGE Commodore 64 cartridge
+>0x20 ubyte 0 \b,
+>0x20 ubyte !0
+>>0x20 string/T x \b: "%.32s",
+>0x16 beshort 0
+>>0x18 beshort 0x0000 16 KB game
+>>0x18 beshort 0x0001 8 KB game
+>>0x18 beshort 0x0100 UltiMax mode
+>>0x18 beshort 0x0101 RAM/disabled
+>0x16 beshort 1 Action Replay
+>0x16 beshort 2 KCS Power Cartridge
+>0x16 beshort 3 Final Cartridge III
+>0x16 beshort 4 Simons' BASIC
+>0x16 beshort 5 Ocean type 1
+>0x16 beshort 6 Expert Cartridge
+>0x16 beshort 7 Fun Play, Power Play
+>0x16 beshort 8 Super Games
+>0x16 beshort 9 Atomic Power
+>0x16 beshort 10 Epyx Fastload
+>0x16 beshort 11 Westermann Learning
+>0x16 beshort 12 Rex Utility
+>0x16 beshort 13 Final Cartridge I
+>0x16 beshort 14 Magic Formel
+>0x16 beshort 15 C64 Game System, System 3
+>0x16 beshort 16 Warp Speed
+>0x16 beshort 17 Dinamic
+>0x16 beshort 18 Zaxxon / Super Zaxxon (Sega)
+>0x16 beshort 19 Magic Desk, Domark, HES Australia
+>0x16 beshort 20 Super Snapshot V5
+>0x16 beshort 21 Comal-80
+>0x16 beshort 22 Structured BASIC
+>0x16 beshort 23 Ross
+>0x16 beshort 24 Dela EP64
+>0x16 beshort 25 Dela EP7x8
+>0x16 beshort 26 Dela EP256
+>0x16 beshort 27 Rex EP256
+>0x16 beshort 28 Mikro Assembler
+>0x16 beshort 29 Final Cartridge Plus
+>0x16 beshort 30 Action Replay 4
+>0x16 beshort 31 Stardos
+>0x16 beshort 32 EasyFlash
+>0x16 beshort 33 EasyFlash Xbank
+>0x16 beshort 34 Capture
+>0x16 beshort 35 Action Replay 3
+>0x16 beshort 36
+>>0x1A ubyte 1 Nordic Replay
+>>0x1A ubyte !1 Retro Replay
+>0x16 beshort 37 MMC64
+>0x16 beshort 38 MMC Replay
+>0x16 beshort 39 IDE64
+>0x16 beshort 40 Super Snapshot V4
+>0x16 beshort 41 IEEE-488
+>0x16 beshort 42 Game Killer
+>0x16 beshort 43 Prophet64
+>0x16 beshort 44 EXOS
+>0x16 beshort 45 Freeze Frame
+>0x16 beshort 46 Freeze Machine
+>0x16 beshort 47 Snapshot64
+>0x16 beshort 48 Super Explode V5.0
+>0x16 beshort 49 Magic Voice
+>0x16 beshort 50 Action Replay 2
+>0x16 beshort 51 MACH 5
+>0x16 beshort 52 Diashow-Maker
+>0x16 beshort 53 Pagefox
+>0x16 beshort 54 Kingsoft
+>0x16 beshort 55 Silverrock 128K Cartridge
+>0x16 beshort 56 Formel 64
+>0x16 beshort 57
+>>0x1A ubyte 1 Hucky
+>>0x1A ubyte !1 RGCD
+>0x16 beshort 58 RR-Net MK3
+>0x16 beshort 59 EasyCalc
+>0x16 beshort 60 GMod2
+>0x16 beshort 61 MAX Basic
+>0x16 beshort 62 GMod3
+>0x16 beshort 63 ZIPP-CODE 48
+>0x16 beshort 64 Blackbox V8
+>0x16 beshort 65 Blackbox V3
+>0x16 beshort 66 Blackbox V4
+>0x16 beshort 67 REX RAM-Floppy
+>0x16 beshort 68 BIS-Plus
+>0x16 beshort 69 SD-BOX
+>0x16 beshort 70 MultiMAX
+>0x16 beshort 71 Blackbox V9
+>0x16 beshort 72 Lt. Kernal Host Adaptor
+>0x16 beshort 73 RAMLink
+>0x16 beshort 74 H.E.R.O.
+>0x16 beshort 75 IEEE Flash! 64
+>0x16 beshort 76 Turtle Graphics II
+>0x16 beshort 77 Freeze Frame MK2
+
+0 string C128\40CARTRIDGE Commodore 128 cartridge
+>0x20 ubyte 0 \b,
+>0x20 ubyte !0
+>>0x20 string/T x \b: "%.32s",
+>0x16 beshort 0 generic cartridge
+>0x16 beshort 1 Warpspeed128
+>>0x1A ubyte 1 \b, REU support
+>>0x1A ubyte 2 \b, REU support, with I/O and ROM banking
+
+0 string CBM2\40CARTRIDGE Commodore CBM-II cartridge
+>0x20 ubyte !0
+>>0x20 string/T x \b: "%.32s"
+
+0 string VIC20\40CARTRIDGE Commodore VIC-20 cartridge
+>0x20 ubyte 0 \b,
+>0x20 ubyte !0
+>>0x20 string/T x \b: "%.32s",
+>0x16 beshort 0 generic cartridge
+>0x16 beshort 1 Mega-Cart
+>0x16 beshort 2 Behr Bonz
+>0x16 beshort 3 Vic Flash Plugin
+>0x16 beshort 4 UltiMem
+>0x16 beshort 5 Final Expansion
+
+0 string PLUS4\40CARTRIDGE Commodore 16/Plus4 cartridge
+>0x20 ubyte !0
+>>0x20 string/T x \b: "%.32s"
+
+
+# DreamLoad archives see:
+# https://www.lemon64.com/forum/viewtopic.php?t=37415\
+# &sid=494dc2ca91289e05dadf80a7f8a968fe (at the bottom).
+# https://www.c64-wiki.com/wiki/DreamLoad.
+# Example HVSC Commodore 64 music collection:
+# https://kohina.duckdns.org/HVSC/C64Music/10_Years_HVSC.dfi
+
+0 byte 0
+>1 string DREAMLOAD\40FILE\40ARCHIVE
+>>0x17 byte 0 DFI Image
+>>>0x1a leshort x version: %d.
+>>>0x18 leshort x \b%d
+>>>0x1c lelong x tracks: %d
+
+0 string GCR-1541 GCR Image
+>8 byte x version: %i
+>9 byte x tracks: %i
+
+9 string PSUR ARC archive (c64)
+2 string -LH1- LHA archive (c64)
+
+0 string C64File PC64 Emulator file
+>8 string >\0 "%s"
+0 string C64Image PC64 Freezer Image
+
+0 beshort 0x38CD C64 PCLink Image
+0 string CBM\144\0\0 Power 64 C64 Emulator Snapshot
+
+0 belong 0xFF424CFF WRAptor packer (c64)
+
+0 string C64S\x20tape\x20file T64 tape Image
+>32 leshort x Version:%#x
+>36 leshort !0 Entries:%i
+>40 string x Name:%.24s
+
+0 string C64\x20tape\x20image\x20file\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0 T64 tape Image
+>32 leshort x Version:%#x
+>36 leshort !0 Entries:%i
+>40 string x Name:%.24s
+
+0 string C64S\x20tape\x20image\x20file\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0 T64 tape Image
+>32 leshort x Version:%#x
+>36 leshort !0 Entries:%i
+>40 string x Name:%.24s
+
+# Raw tape file format (.tap files)
+# Esa Hyyti <esa@netlab.tkk.fi>
+0 string C64-TAPE-RAW C64 Raw Tape File (.tap),
+>0x0c byte x Version:%u,
+>0x10 lelong x Length:%u cycles
+
+# magic for Goattracker2, http://covertbitops.c64.org/
+# from Alex Myczko <alex@aiei.ch>
+0 string GTS5 GoatTracker 2 song
+>4 string >\0 \b, "%s"
+>36 string >\0 \b by %s
+>68 string >\0 \b (C) %s
+>100 byte >0 \b, %u subsong(s)
+
+# CBM BASIC (cc65 compiled)
+# Summary: binary executable or Basic program for Commodore C64 computers
+# Update: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/Commodore_BASIC_tokenized_file
+# Reference: https://www.c64-wiki.com/wiki/BASIC_token
+# https://github.com/thezerobit/bastext/blob/master/bastext.doc
+# http://mark0.net/download/triddefs_xml.7z/defs/p/prg-c64.trid.xml
+# TODO: unify Commodore BASIC/program sub routines
+# Note: "PUCrunch archive data" moved from ./archive and merged with c64-exe
+0 leshort 0x0801
+# display Commodore C64 BASIC program (strength=50) after "Lynx archive" (strength=330) handled by ./archive
+#!:strength +0
+# if first token is not SYS this implies BASIC program in most cases
+>6 ubyte !0x9e
+# but sELF-ExTRACTING-zIP executable unzp6420.prg contains SYS token at end of second BASIC line (at 0x35)
+>>23 search/30 \323ELF-E\330TRACTING-\332IP
+>>>0 use c64-exe
+>>23 default x
+>>>0 use c64-prg
+# if first token is SYS this implies binary executable
+>6 ubyte =0x9e
+>>0 use c64-exe
+# display information about C64 binary executable (memory address, line number, token)
+0 name c64-exe
+>0 uleshort x Commodore C64
+# http://a1bert.kapsi.fi/Dev/pucrunch/
+# start address 0801h; next offset 080bh; BASIC line number is 239=00EFh; BASIC instruction is SYS 2061
+# the above combination appartly also occur for other Commodore programs like: gunzip111.c64.prg
+# and there exist PUCrunch archive for other machines like C16 with other magics
+>0 string \x01\x08\x0b\x08\xef\x00\x9e\x32\x30\x36\x31 program, probably PUCrunch archive data
+!:mime application/x-compress-pucrunch
+!:ext prg/pck
+>0 string !\x01\x08\x0b\x08\xef\x00\x9e\x32\x30\x36\x31 program
+!:mime application/x-commodore-exec
+!:ext prg/
+# start address like: 801h
+>0 uleshort !0x0801 \b, start address %#4.4x
+# 1st BASIC fragment
+>2 use basic-line
+# jump to 1 byte before next BASIC fragment; this must be zero-byte marking the end of line
+>(2.s-0x800) ubyte x
+>>&-1 ubyte !0 \b, no EOL=%#x
+# valid 2nd BASIC fragment found only in sELF-ExTRACTING-zIP executable unzp6420.prg
+>>23 search/30 \323ELF-E\330TRACTING-\332IP
+# jump again from beginning
+>>>(2.s-0x800) ubyte x
+>>>>&0 use basic-line
+# Zero-byte marking the end of the BASIC line
+>-3 ubyte !0 \b, 3 last bytes %#2.2x
+# Two zero-bytes in place of the pointer to next BASIC line indicates the end of the program
+>>-2 ubeshort x \b%4.4x
+# display information about tokenized C64 BASIC program (memory address, line number, token)
+0 name c64-prg
+>0 uleshort x Commodore C64 BASIC program
+!:mime application/x-commodore-basic
+# Tokenized BASIC programs were stored by Commodore as file type program "PRG" in separate field in directory structures.
+# So file name can have no suffix like in saveroms; When transferring to other platforms, they are often saved with .prg extensions.
+# BAS suffix is typically used for the BASIC source but also found in program pods.bas
+!:ext prg/bas/
+# start address like: 801h
+>0 uleshort !0x0801 \b, start address %#4.4x
+# 1st BASIC fragment
+>2 use basic-line
+# jump to 1 byte before next BASIC fragment; this must be zero-byte marking the end of line
+>(2.s-0x0800) ubyte x
+>>&-1 ubyte !0 \b, no EOL=%#x
+# 2nd BASIC fragment
+>>&0 use basic-line
+# zero-byte marking the end of the BASIC line
+>-3 ubyte !0 \b, 3 last bytes %#2.2x
+# Two zero-bytes in place of the pointer to next BASIC line indicates the end of the program
+>>-2 ubeshort x \b%4.4x
+# Summary: binary executable or Basic program for Commodore C128 computers
+# URL: https://en.wikipedia.org/wiki/Commodore_128
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/p/prg-c128.trid.xml
+# From: Joerg Jenderek
+# Note: Commodore 128 BASIC 7.0 variant; there exist varaints with different start addresses
+0 leshort 0x1C01
+!:strength +1
+# GRR: line above with strength 51 (50+1) is too generic because it matches SVr3 curses screen image, big-endian with strength (50) handled by ./terminfo
+# probably skip SVr3 curses images with "invalid high" second line offset
+>2 uleshort <0x1D02
+# skip foo with "invalid low" second line offset
+>>2 uleshort >0x1C06
+# if first token is not SYS this implies BASIC program
+>>>6 ubyte !0x9e
+>>>>0 use c128-prg
+# if first token is SYS this implies binary executable
+>>>6 ubyte =0x9e
+>>>>0 use c128-exe
+# Summary: binary executable or Basic program for Commodore C128 computers
+# Note: Commodore 128 BASIC 7.1 extension by Rick Simon
+# start adress 132Dh
+#0 leshort 0x132D THIS_IS_C128_7.1
+#>0 use c128-prg
+# Summary: binary executable or Basic program for Commodore C128 computers
+# Note: Commodore 128 BASIC 7.0 saved with graphics mode enabled
+# start adress 4001h
+#0 leshort 0x4001 THIS_IS_C128_GRAPHIC
+#>0 use c128-prg
+# display information about tokenized C128 BASIC program (memory address, line number, token)
+0 name c128-prg
+>0 uleshort x Commodore C128 BASIC program
+!:mime application/x-commodore-basic
+!:ext prg
+# start address like: 1C01h
+>0 uleshort !0x1C01 \b, start address %#4.4x
+# 1st BASIC fragment
+>2 use basic-line
+# jump to 1 byte before next BASIC fragment; this must be zero-byte marking the end of line
+>(2.s-0x1C00) ubyte x
+>>&-1 ubyte !0 \b, no EOL=%#x
+# 2nd BASIC fragment
+>>&0 use basic-line
+# Zero-byte marking the end of the BASIC line
+>-3 ubyte !0 \b, 3 last bytes %#2.2x
+# Two zero-bytes in place of the pointer to next BASIC line indicates the end of the program
+>>-2 ubeshort x \b%4.4x
+# display information about C128 program (memory address, line number, token)
+0 name c128-exe
+>0 uleshort x Commodore C128 program
+!:mime application/x-commodore-exec
+!:ext prg/
+# start address like: 1C01h
+>0 uleshort !0x1C01 \b, start address %#4.4x
+# 1st BASIC fragment
+>2 use basic-line
+# jump to 1 byte before next BASIC fragment; this must be zero-byte marking the end of line
+>(2.s-0x1C00) ubyte x
+>>&-1 ubyte !0 \b, no EOL=%#x
+# no valid 2nd BASIC fragment in Commodore executables
+#>>&0 use basic-line
+# Zero-byte marking the end of the BASIC line
+>-3 ubyte !0 \b, 3 last bytes %#2.2x
+# Two zero-bytes in place of the pointer to next BASIC line indicates the end of the program
+>>-2 ubeshort x \b%4.4x
+# Summary: binary executable or Basic program for Commodore C16/VIC-20/Plus4 computers
+# URL: https://en.wikipedia.org/wiki/Commodore_Plus/4
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/p/prg-vic20.trid.xml
+# defs/p/prg-plus4.trid.xml
+# From: Joerg Jenderek
+# Note: there exist VIC-20 variants with different start address
+# GRR: line below is too generic because it matches Novell LANalyzer capture
+# with regular trace header record handled by ./sniffer
+0 leshort 0x1001
+# skip regular Novell LANalyzer capture (novell-2.tr1 novell-lanalyzer.tr1 novell-win10.tr1) with "invalid low" token value 54h
+>6 ubyte >0x7F
+# skip regular Novell LANalyzer capture (novell-2.tr1 novell-lanalyzer.tr1 novell-win10.tr1) with "invalid low" second line offset 4Ch
+#>>2 uleshort >0x1006 OFFSET_NOT_TOO_LOW
+# skip foo with "invalid high" second line offset but not for 0x123b (Minefield.prg)
+#>>>2 uleshort <0x1102 OFFSET_NOT_TOO_HIGH
+# if first token is not SYS this implies BASIC program
+>>6 ubyte !0x9e
+# valid second end of line separator implies BASIC program
+>>>(2.s-0x1000) ubyte =0
+>>>>0 use c16-prg
+# invalid second end of line separator !=0 implies binary executable like: Minefield.prg
+>>>(2.s-0x1000) ubyte !0
+>>>>0 use c16-exe
+# if first token is SYS this implies binary executable
+>>6 ubyte =0x9e
+>>>0 use c16-exe
+# display information about C16 program (memory address, line number, token)
+0 name c16-exe
+>0 uleshort x Commodore C16/VIC-20/Plus4 program
+!:mime application/x-commodore-exec
+!:ext prg/
+# start address like: 1001h
+>0 uleshort !0x1001 \b, start address %#4.4x
+# 1st BASIC fragment
+>2 use basic-line
+# jump to 1 byte before next BASIC fragment; this must be zero-byte marking the end of line
+>(2.s-0x1000) ubyte x
+>>&-1 ubyte !0 \b, no EOL=%#x
+# no valid 2nd BASIC fragment in excutables
+#>>&0 use basic-line
+# Zero-byte marking the end of the BASIC line
+>-3 ubyte !0 \b, 3 last bytes %#2.2x
+# Two zero-bytes in place of the pointer to next BASIC line indicates the end of the program
+>>-2 ubeshort x \b%4.4x
+# display information about tokenized C16 BASIC program (memory address, line number, token)
+0 name c16-prg
+>0 uleshort x Commodore C16/VIC-20/Plus4 BASIC program
+!:mime application/x-commodore-basic
+!:ext prg
+# start address like: 1001h
+>0 uleshort !0x1001 \b, start address %#4.4x
+# 1st BASIC fragment
+>2 use basic-line
+# jump to 1 byte before next BASIC fragment; this must be zero-byte marking the end of line
+>(2.s-0x1000) ubyte x
+>>&-1 ubyte !0 \b, no EOL=%#x
+# 2nd BASIC fragment
+>>&0 use basic-line
+# Zero-byte marking the end of the BASIC line
+>-3 ubyte !0 \b, 3 last bytes %#2.2x
+# Two zero-bytes in place of the pointer to next BASIC line indicates the end of the program
+>>-2 ubeshort x \b%4.4x
+# Summary: binary executable or Basic program for Commodore VIC-20 computer with 8K RAM expansion
+# URL: https://en.wikipedia.org/wiki/VIC-20
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/p/prg-vic20-8k.trid.xml
+# From: Joerg Jenderek
+# Note: Basic v2.0 with Basic v4.0 extension (VIC20); there exist VIC-20 variants with different start addresses
+# start adress 1201h
+0 leshort 0x1201
+# if first token is not SYS this implies BASIC program
+>6 ubyte !0x9e
+>>0 use vic-prg
+# if first token is SYS this implies binary executable
+>6 ubyte =0x9e
+>>0 use vic-exe
+# display information about Commodore VIC-20 BASIC+8K program (memory address, line number, token)
+0 name vic-prg
+>0 uleshort x Commodore VIC-20 +8K BASIC program
+!:mime application/x-commodore-basic
+!:ext prg
+# start address like: 1201h
+>0 uleshort !0x1201 \b, start address %#4.4x
+# 1st BASIC fragment
+>2 use basic-line
+# jump to 1 byte before next BASIC fragment; this must be zero-byte marking the end of line
+>(2.s-0x1200) ubyte x
+>>&-1 ubyte !0 \b, no EOL=%#x
+# 2nd BASIC fragment
+>>&0 use basic-line
+# Zero-byte marking the end of the BASIC line
+>-3 ubyte !0 \b, 3 last bytes %#2.2x
+# Two zero-bytes in place of the pointer to next BASIC line indicates the end of the program
+>>-2 ubeshort x \b%4.4x
+# display information about Commodore VIC-20 +8K program (memory address, line number, token)
+0 name vic-exe
+>0 uleshort x Commodore VIC-20 +8K program
+!:mime application/x-commodore-exec
+!:ext prg/
+# start address like: 1201h
+>0 uleshort !0x1201 \b, start address %#4.4x
+# 1st BASIC fragment
+>2 use basic-line
+# jump to 1 byte before next BASIC fragment; this must be zero-byte marking the end of line
+>(2.s-0x0400) ubyte x
+>>&-1 ubyte !0 \b, no EOL=%#x
+# no valid 2nd BASIC fragment in excutables
+#>>&0 use basic-line
+# Zero-byte marking the end of the BASIC line
+>-3 ubyte !0 \b, 3 last bytes %#2.2x
+# Two zero-bytes in place of the pointer to next BASIC line indicates the end of the program
+>>-2 ubeshort x \b%4.4x
+# Summary: binary executable or Basic program for Commodore PET computers
+# URL: https://en.wikipedia.org/wiki/Commodore_PET
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/p/prg-pet.trid.xml
+# From: Joerg Jenderek
+# start adress 0401h
+0 leshort 0x0401
+!:strength +1
+# GRR: line above with strength 51 (50+1) is too generic because it matches TTComp archive data, ASCII, 1K dictionary
+# (strength=48=50-2) handled by ./archive and shared library (strength=50) handled by ./ibm6000
+# skip TTComp archive data, ASCII, 1K dictionary ttcomp-ascii-1k.bin with "invalid high" second line offset 4162h
+>2 uleshort <0x0502
+# skip foo with "invalid low" second line offset
+#>>2 uleshort >0x0406 OFFSET_NOT_TOO_LOW
+# skip bar with "invalid end of line"
+#>>>(2.s-0x0400) ubyte =0 END_OF_LINE_OK
+# if first token is not SYS this implies BASIC program
+>>6 ubyte !0x9e
+>>>0 use pet-prg
+# if first token is SYS this implies binary executable
+>>6 ubyte =0x9e
+>>>0 use pet-exe
+# display information about Commodore PET BASIC program (memory address, line number, token)
+0 name pet-prg
+>0 uleshort x Commodore PET BASIC program
+!:mime application/x-commodore-basic
+!:ext prg
+# start address like: 0401h
+>0 uleshort !0x0401 \b, start address %#4.4x
+# 1st BASIC fragment
+>2 use basic-line
+# jump to 1 byte before next BASIC fragment; this must be zero-byte marking the end of line
+>(2.s-0x0400) ubyte x
+# 2nd BASIC fragment
+>>&0 use basic-line
+# zero-byte marking the end of the BASIC line
+>-3 ubyte !0 \b, 3 last bytes %#2.2x
+# Two zero-bytes in place of the pointer to next BASIC line indicates the end of the program
+>>-2 ubeshort x \b%4.4x
+# display information about Commodore PET program (memory address, line number, token)
+0 name pet-exe
+>0 uleshort x Commodore PET program
+!:mime application/x-commodore-exec
+!:ext prg/
+# start address like: 0401h
+>0 uleshort !0x0401 \b, start address %#4.4x
+# 1st BASIC fragment
+>2 use basic-line
+# jump to 1 byte before next BASIC fragment; this must be zero-byte marking the end of line
+>(2.s-0x0400) ubyte x
+>>&-1 ubyte !0 \b, no EOL=%#x
+# no valid 2nd BASIC fragment in excutables
+#>>&0 use basic-line
+# Zero-byte marking the end of the BASIC line
+>-3 ubyte !0 \b, 3 last bytes %#2.2x
+# Two zero-bytes in place of the pointer to next BASIC line indicates the end of the program
+>>-2 ubeshort x \b%4.4x
+# display information about tokenized BASIC line (memory address, line number, Token)
+0 name basic-line
+# pointer to memory address of beginning of "next" BASIC line
+# greater then previous offset but maximal 100h difference
+>0 uleshort x \b, offset %#4.4x
+# offset 0x0000 indicates the end of BASIC program; so bytes afterwards may be some other data
+>0 uleshort 0
+# not line number but first 2 data bytes
+>>2 ubeshort x \b, data %#4.4x
+# not token but next 2 data bytes
+>>4 ubeshort x \b%4.4x
+# not token arguments but next data bytes
+>>6 ubequad x \b%16.16llx
+>>14 ubequad x \b%16.16llx...
+# like 0x0d20352020204c594e5820495820204259205749 "\r 5 LYNX IX BY WILL CORLEY" for LyNX archive Darkon.lnx handled by ./archive
+#>>3 string x "%-0.30s"
+>0 uleshort >0
+# BASIC line number with range from 0 to 65520; practice to increment numbers by some value (5, 10 or 100)
+>>2 uleshort x \b, line %u
+# https://www.c64-wiki.com/wiki/BASIC_token
+# The "high-bit" bytes from #128-#254 stood for the various BASIC commands and mathematical operators
+>>4 ubyte x \b, token (%#x)
+# https://www.c64-wiki.com/wiki/REM
+>>4 string \x8f REM
+# remark string like: ** SYNTHESIZER BY RICOCHET **
+>>>5 string >\0 %s
+#>>>>&1 uleshort x \b, NEXT OFFSET %#4.4x
+# https://www.c64-wiki.com/wiki/PRINT
+>>4 string \x99 PRINT
+# string like: "Hello world" "\021 \323ELF-E\330TRACTING-\332IP (64 ONLY)\016\231":\2362141
+>>>5 string x %s
+#>>>>&0 ubequad x AFTER_PRINT=%#16.16llx
+# https://www.c64-wiki.com/wiki/POKE
+>>4 string \x97 POKE
+# <Memory address>,<number>
+>>>5 regex \^[0-9,\040]+ %s
+# BASIC command delimiter colon (:=3Ah)
+>>>>&-2 ubyte =0x3A
+# after BASIC command delimiter colon remaining (<255) other tokenized BASIC commands
+>>>>>&0 string x "%s"
+# https://www.c64-wiki.com/wiki/SYS 0x9e=\236
+>>4 string \x9e SYS
+# SYS <Address> parameter is a 16-bit unsigned integer; in the range 0 - 65535
+>>>5 regex \^[0-9]{1,5} %s
+# maybe followed by spaces, "control-characters" or colon (:) followed by next commnds or in victracker.prg
+# (\302(43)\252256\254\302(44)\25236) /T.L.R/
+#>>>5 string x SYS_STRING="%s"
+# https://www.c64-wiki.com/wiki/GOSUB
+>>4 string \x8d GOSUB
+# <line>
+>>>5 string >\0 %s
diff --git a/magic/Magdir/cad b/magic/Magdir/cad
new file mode 100644
index 0000000..0bead6e
--- /dev/null
+++ b/magic/Magdir/cad
@@ -0,0 +1,437 @@
+
+#------------------------------------------------------------------------------
+# $File: cad,v 1.31 2022/12/09 15:36:23 christos Exp $
+# autocad: file(1) magic for cad files
+#
+
+# Microstation DGN/CIT Files (www.bentley.com)
+# Last updated July 29, 2005 by Lester Hightower
+# DGN is the default file extension of Microstation/Intergraph CAD files.
+# CIT is the proprietary raster format (similar to TIFF) used to attach
+# raster underlays to Microstation DGN (vector) drawings.
+#
+# http://www.wotsit.org/search.asp
+# https://filext.com/detaillist.php?extdetail=DGN
+# https://filext.com/detaillist.php?extdetail=CIT
+#
+# https://www.bentley.com/products/default.cfm?objectid=97F351F5-9C35-4E5E-89C2
+# 3F86C928&method=display&p_objectid=97F351F5-9C35-4E5E-89C280A93F86C928
+# https://www.bentley.com/products/default.cfm?objectid=A5C2FD43-3AC9-4C71-B682
+# 721C479F&method=display&p_objectid=A5C2FD43-3AC9-4C71-B682C7BE721C479F
+#
+# URL: https://en.wikipedia.org/wiki/MicroStation
+# reference: http://dgnlib.maptools.org/dgn.html
+# http://dgnlib.maptools.org/dl/ref18.pdf
+# Update: Joerg Jenderek
+# Note: verfied by command like `dgndump seed2d_b.dgn`
+# test for level 8 and type 5 or 9
+0 beshort&0x3F73 0x0801
+# level of element like 8
+#>0 ubyte&0x3F x \b, level %u
+#>0 ubyte &0x80 \b, complex
+#>0 ubyte &0x40 \b, reserved
+# type of element 9~TCB 8~Digitizer setup 5~Group Data Elements
+#>1 ubyte&0x7F x \b, type %u
+# words to follow in element: 17H~CEL library 2FEh~DGN 9FEh,DFEh~CIT
+#>2 uleshort x \b, words %#4.4x to follow
+# test for 3 reserved 0 bytes in CIT or "conversion" in ViewInfo structure (DGN CEL)
+#>508 ubelong x \b, RESERVED %8.8x
+>508 ubelong&0xFFffFF00 =0
+# test for level 8 and type 9 for INGR raster image
+>>0 beshort 0x0809
+# test for length of 1st element is multiple of blocks a 512 bytes
+>>>2 ubyte 0xfe
+>>>>0 use ingr-image
+# test for DGN or CEL by jump words (uleshort) forward to next element
+>(2.s*2) ulong x
+# 2nd element type: 8~Digitizer~DesiGNfile 1~library cell header other~CIT
+#>>&1 ubyte&0x7F x \b, 2nd type %u
+# DGN
+>>&1 ubyte&0x7F 8
+>>>2 uleshort =0x02FE Bentley/Intergraph Microstation CAD drawing
+!:mime application/x-bentley-dgn
+!:ext dgn
+# The 0x40 bit of this byte is 1 if the file is 3D, otherwise 0
+>>>>1214 ubyte &0x40 3D
+>>>>1214 ubyte ^0x40 2D
+# 2 chars for name of subunits like ft FT in IN mu m mm '\0 '\040
+>>>>1120 string x \b, units %-.2s
+# 2 chars for name of master unit like IN in ML SU tn th TH HU mm "\0 "\040 \0\0
+>>>>1122 string >\0 %-.2s
+#>>>>1120 ubelong x \b, units %#8.8x
+# element range low,high x y z like xlow=0 08010000h 01080000h
+#>>>>4 ubelong !0 \b, xlow %8.8x
+#>>>>8 ubelong !0 \b, ylow %8.8x
+#>>>>12 ubelong !0 \b, zlow %8.8x
+#>>>>16 ubelong !0 \b, xhigh %8.8x
+#>>>>20 ubelong !0 \b, yhigh %8.8x
+#>>>>24 ubelong !0 \b, zhigh %8.8x
+# graphic group number; all other elements in that group have same non-0 number
+#>>>>28 leshort x \b, grphgrp %#4.4x
+# words to optional attribute linkage
+#>>>>30 ubyte x \b, attindx \%o
+#>>>>31 ubyte x \b\%o
+# >>30 string \026\105 DGNFile
+# >>30 string \034\105 DGNFile
+# >>30 string \073\107 DGNFile
+# >>30 string \073\110 DGNFile
+# >>30 string \106\107 DGNFile
+# >>30 string \110\103 DGNFile
+# >>30 string \120\104 DGNFile
+# >>30 string \172\104 DGNFile
+# >>30 string \172\105 DGNFile
+# >>30 string \172\106 DGNFile
+# >>30 string \234\106 DGNFile
+# >>30 string \273\105 DGNFile
+# >>30 string \306\106 DGNFile
+# >>30 string \310\104 DGNFile
+# >>30 string \341\104 DGNFile
+# >>30 string \372\103 DGNFile
+# >>30 string \372\104 DGNFile
+# >>30 string \372\106 DGNFile
+# >>30 string \376\103 DGNFile
+# elements properties indicator
+#>>>>32 uleshort !0 \b, properties %#4.4x
+# class 0~Primary
+#>>>>>32 uleshort&0x000F !0 \b, class %#4.4x
+# Symbology
+#>>>>>34 uleshort x \b, Symbology %#4.4x
+# test for 2nd element type 1~library cell header
+>>&1 ubyte&0x7F 1
+# test for 1st element with level 8 and type 5 for cell library
+>>>0 beshort 0x0805 Bentley/Intergraph Microstation CAD cell library
+!:mime application/x-bentley-cel
+!:ext cel
+#
+# URL: http://fileformats.archiveteam.org/wiki/Intergraph_Raster
+# reference: https://web.archive.org/web/20140903185431/
+# http://oreilly.com/www/centers/gff/formats/ingr/index.htm
+# note: verfied by command like `nconvert -fullinfo LONGLAT.CIT`
+# display information for intergraph raster bitmap
+0 name ingr-image
+# in 5.37 "Microstation CITFile" "Bentley/Intergraph MicroStation CIT raster CAD"
+# DataTypeCode indicates format, depth of the pixel data and used compression
+>4 uleshort x Intergraph raster image
+>>4 uleshort 0x0009 \b, Run-Length Encoded 1-bit
+!:mime image/x-intergraph-rle
+!:ext rel
+>>4 uleshort 0x0018 \b, CCITT Group 4 1-bit
+!:mime image/x-intergraph-cit
+!:ext cit
+>>4 uleshort 27 \b, Adaptive RLE RGB
+!:mime image/x-intergraph-rgb
+!:ext rgb
+>>4 default x
+>>>4 uleshort x \b, Type %u
+!:mime image/x-intergraph
+# TODO:
+#>4 uleshort 0 \b, no data
+# ...
+#>4 uleshort 0x0045 \b, Continuous Tone CMKY (Uncompressed)
+# ApplicationType: 0~generic raster image 3~drawing, scanning
+# 8~I/IMAGE and MicroStation Imager 9~ModelView
+>6 uleshort !0 \b, ApplicationType %u
+#>6 uleshort x \b, ApplicationType %u
+# XViewOrigin; Raster grid data X origin
+#>8 ulequad !0 \b, XViewOrigin %llx
+# PixelsPerLine is the number of pixels in a scan line of bitmapp
+>184 ulelong x \b, %u x
+# NumberOfLines is height of the raster data in scanlines
+>188 ulelong x %u
+# DeviceResolution; resolution of scanning device
+# positive indicates number of micros between lines; negative indicates DPI
+#>192 leshort x \b, DeviceResolution %d
+# ScanlineOrient indicates the origin and the orientation of the scan lines
+#>194 ubyte x \b, ScanlineOrient %x
+>194 ubyte x \b, orientation
+>194 ubyte &0x01 right
+>194 ubyte ^0x01 left
+>194 ubyte &0x02 down
+>194 ubyte ^0x02 top
+>194 ubyte &0x04 horizontal
+>194 ubyte ^0x04 vertical
+# ScannableFlag; Scanline indexing method used
+#>195 ubyte !0 \b, ScannableFlag %#x
+# RotationAngle; Rotation angle of raster data
+#>196 ubequad !0 \b, RotationAngle %#llx
+# SkewAngle; Skew angle of raster data
+#>204 ubequad !0 \b, SkewAngle %llx
+# DataTypeModifier; Additional raster data format info
+#>212 uleshort !0 \b, DataTypeModifier %#4.4x
+# DesignFile[66]; Name of the design file
+>214 string >\0 \b, DesignFile %-.66s
+# DatabaseFile[66]; Name of the database file
+>280 string >\0 \b, DatabaseFile %-.66s
+# ParentGridFile[66]; Name of parent grid file
+>346 string >\0 \b, ParentGridFile %-.66s
+# FileDescription[80]; Text description of file and contents
+>412 string >\0 \b, FileDescription %-.80s
+# MinValue
+#>492 ubequad !0 \b, MinValue %#llx
+# MaxValue
+#>500 ubequad !0 \b, MaxValue %#llx
+# Reserved[3]; Unused (always 0)
+#>508 ubelong&0xFFffFF00 x \b, RESERVED %8.8x
+# GridFileVersion; Grid File Version like 2 3
+#>511 ubyte x \b, GridFileVersion %x
+
+# AutoCAD
+# Merge of the different contributions and updates from https://en.wikipedia.org/wiki/Dwg
+# and https://www.iana.org/assignments/media-types/image/vnd.dwg
+0 string MC0.0 DWG AutoDesk AutoCAD Release 1.0
+!:mime image/vnd.dwg
+0 string AC1.2 DWG AutoDesk AutoCAD Release 1.2
+!:mime image/vnd.dwg
+0 string AC1.3 DWG AutoDesk AutoCAD Release 1.3
+!:mime image/vnd.dwg
+0 string AC1.40 DWG AutoDesk AutoCAD Release 1.40
+!:mime image/vnd.dwg
+0 string AC1.50 DWG AutoDesk AutoCAD Release 2.05
+!:mime image/vnd.dwg
+0 string AC2.10 DWG AutoDesk AutoCAD Release 2.10
+!:mime image/vnd.dwg
+0 string AC2.21 DWG AutoDesk AutoCAD Release 2.21
+!:mime image/vnd.dwg
+0 string AC2.22 DWG AutoDesk AutoCAD Release 2.22
+!:mime image/vnd.dwg
+0 string AC1001 DWG AutoDesk AutoCAD Release 2.22
+!:mime image/vnd.dwg
+0 string AC1002 DWG AutoDesk AutoCAD Release 2.50
+!:mime image/vnd.dwg
+0 string AC1003 DWG AutoDesk AutoCAD Release 2.60
+!:mime image/vnd.dwg
+0 string AC1004 DWG AutoDesk AutoCAD Release 9
+!:mime image/vnd.dwg
+0 string AC1006 DWG AutoDesk AutoCAD Release 10
+!:mime image/vnd.dwg
+0 string AC1009 DWG AutoDesk AutoCAD Release 11/12
+!:mime image/vnd.dwg
+# AutoCAD DWG versions R13/R14 (www.autodesk.com)
+# Written December 01, 2003 by Lester Hightower
+# Based on the DWG File Format Specifications at http://www.opendwg.org/
+# AutoCad, from Nahuel Greco
+# AutoCAD DWG versions R12/R13/R14 (www.autodesk.com)
+0 string AC1012 DWG AutoDesk AutoCAD Release 13
+!:mime image/vnd.dwg
+0 string AC1013 DWG AutoDesk AutoCAD Release 13c3
+!:mime image/vnd.dwg
+0 string AC1014 DWG AutoDesk AutoCAD Release 14
+!:mime image/vnd.dwg
+0 string AC1015 DWG AutoDesk AutoCAD 2000
+!:mime image/vnd.dwg
+
+# A new version of AutoCAD DWG
+# Sergey Zaykov (mail_of_sergey@mail.ru, sergey_zaikov@rambler.ru,
+# ICQ 358572321)
+# From various sources like:
+# https://autodesk.blogs.com/between_the_lines/autocad-release-history.html
+0 string AC1018 DWG AutoDesk AutoCAD 2004/2005/2006
+!:mime image/vnd.dwg
+0 string AC1021 DWG AutoDesk AutoCAD 2007/2008/2009
+!:mime image/vnd.dwg
+0 string AC1024 DWG AutoDesk AutoCAD 2010/2011/2012
+!:mime image/vnd.dwg
+0 string AC1027 DWG AutoDesk AutoCAD 2013-2017
+!:mime image/vnd.dwg
+
+# From GNU LibreDWG
+0 string AC1032 DWG AutoDesk AutoCAD 2018/2019/2020
+!:mime image/vnd.dwg
+0 string AC1035 DWG AutoDesk AutoCAD 2021
+!:mime image/vnd.dwg
+
+# KOMPAS 2D drawing from ASCON
+# This is KOMPAS 2D drawing or fragment of drawing but is not detailed nor
+# gathered nor specification
+# ASCON https://ascon.net/main/ in English,
+# https://ascon.ru/ main site in Russian
+# Extension is CDW for drawing and FRW for fragment of drawing
+# Sergey Zaykov (mail_of_sergey@mail.ru, sergey_zaikov@rambler.ru,
+# ICQ 358572321, https://vkontakte.ru/id16076543)
+# From:
+# https://sd.ascon.ru/otrs/customer.pl?Action=CustomerFAQ&CategoryID=4&ItemID=292
+# (in russian) and my experiments
+0 string KF
+>2 belong 0x4E00000C Kompas drawing 12.0 SP1
+>2 belong 0x4D00000C Kompas drawing 12.0
+>2 belong 0x3200000B Kompas drawing 11.0 SP1
+>2 belong 0x3100000B Kompas drawing 11.0
+>2 belong 0x2310000A Kompas drawing 10.0 SP1
+>2 belong 0x2110000A Kompas drawing 10.0
+>2 belong 0x08000009 Kompas drawing 9.0 SP1
+>2 belong 0x05000009 Kompas drawing 9.0
+>2 belong 0x33010008 Kompas drawing 8+
+>2 belong 0x1A000008 Kompas drawing 8.0
+>2 belong 0x2C010107 Kompas drawing 7+
+>2 belong 0x05000007 Kompas drawing 7.0
+>2 belong 0x32000006 Kompas drawing 6+
+>2 belong 0x09000006 Kompas drawing 6.0
+>2 belong 0x5C009005 Kompas drawing 5.11R03
+>2 belong 0x54009005 Kompas drawing 5.11R02
+>2 belong 0x51009005 Kompas drawing 5.11R01
+>2 belong 0x22009005 Kompas drawing 5.10R03
+>2 belong 0x22009005 Kompas drawing 5.10R02 mar
+>2 belong 0x21009005 Kompas drawing 5.10R02 febr
+>2 belong 0x19009005 Kompas drawing 5.10R01
+>2 belong 0xF4008005 Kompas drawing 5.9R01.003
+>2 belong 0x1C008005 Kompas drawing 5.9R01.002
+>2 belong 0x11008005 Kompas drawing 5.8R01.003
+
+# CAD: file(1) magic for computer aided design files
+# Phillip Griffith <phillip dot griffith at gmail dot com>
+# AutoCAD magic taken from the Open Design Alliance's OpenDWG specifications.
+#
+
+# 3DS (3d Studio files)
+0 leshort 0x4d4d
+>6 leshort 0x2
+>>8 lelong 0xa
+>>>16 leshort 0x3d3d 3D Studio model
+# Beat sgi MMV
+!:strength +20
+!:mime image/x-3ds
+!:ext 3ds
+
+# MegaCAD 2D/3D drawing (.prt)
+# https://megacad.de/
+# From: Markus Heidelberg <markus.heidelberg@web.de>
+0 string MegaCad23\0 MegaCAD 2D/3D drawing
+
+# Hoops CAD files
+# https://docs.techsoft3d.com/visualize/3df/latest/build/general/hsf/\
+# HSF_architecture.html
+# Stephane Charette <stephane.charette@gmail.com>
+0 string ;;\040HSF\040V OpenHSF (Hoops Stream Format)
+>7 regex/9 V[.0-9]{4,5}\040 %s
+!:ext hsf
+
+# AutoCAD Drawing Exchange Format
+# Update: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/DXF
+# https://en.wikipedia.org/wiki/AutoCAD_DXF
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/d/
+# dxf-var0.trid.xml dxf-var0u.trid.xml dxf-var2.trid.xml dxf-var2u.trid.xml
+# Note: called "AutoCAD Drawing eXchange Format" by TrID and
+# "Drawing Interchange File Format (ASCII)" by DROID
+# GRR: some samples does not match 1st test like: abydos.dxf
+0 regex \^[\ \t]*0\r?\000$
+>1 regex \^[\ \t]*SECTION\r?$
+>>2 regex \^[\ \t]*2\r?$
+# GRR: some samples without HEADER section like: airplan2.dxf
+>>>3 regex \^[\ \t]*HEADER\r?$ AutoCAD Drawing Exchange Format
+#!:mime application/x-dxf
+!:mime image/vnd.dxf
+!:ext dxf
+# DROID PUID fmt/64 fmt-64-signature-id-99.dxf
+>>>>&1 search/8192 MC0.0 \b, 1.0
+# DROID PUID fmt/65 fmt-65-signature-id-100.dxf
+>>>>&1 search/8192 AC1.2 \b, 1.2
+# DROID PUID fmt/66 fmt-66-signature-id-101.dxf
+>>>>&1 search/8192 AC1.3 \b, 1.3
+# DROID PUID fmt/67 fmt-67-signature-id-102.dxf
+>>>>&1 search/8192 AC1.40 \b, 1.4
+# DROID PUID fmt/68 fmt-68-signature-id-103.dxf
+>>>>&1 search/8192 AC1.50 \b, 2.0
+# DROID PUID fmt/69 fmt-69-signature-id-104.dxf
+>>>>&1 search/8192 AC2.10 \b, 2.1
+# DROID PUID fmt/70 fmt-70-signature-id-105.dxf
+>>>>&1 search/8192 AC2.21 \b, 2.2
+# DROID PUID fmt/71 fmt-71-signature-id-106.dxf
+>>>>&1 search/8192 AC1002 \b, 2.5
+# DROID PUID fmt/72 fmt-72-signature-id-107.dxf
+>>>>&1 search/8192 AC1003 \b, 2.6
+# DROID PUID fmt/73 fmt-73-signature-id-108.dxf
+>>>>&1 search/8192 AC1004 \b, R9
+>>>>&1 search/8192 AC1006 \b, R10
+# http://cd.textfiles.com/amigaenv/DXF/OBJEKTE/LASTMINUTE/apple.dxf
+#>>>>&1 search/8192 AC1008 \b, Rfoo
+>>>>&1 search/8192 AC1009 \b, R11/R12
+>>>>&1 search/8192 AC1012 \b, R13
+>>>>&1 search/8192 AC1013 \b, R13c3
+>>>>&1 search/8192 AC1014 \b, R14
+>>>>&1 search/8192 AC1015 \b, version 2000
+>>>>&1 search/8192 AC1018 \b, version 2004
+>>>>&1 search/8192 AC1021 \b, version 2007
+>>>>&1 search/8192 AC1024 \b, version 2010
+>>>>&1 search/8192 AC1027 \b, version 2013
+>>>>&1 search/8192 AC1032 \b, version 2018
+>>>>&1 search/8192 AC1035 \b, version 2021
+
+# The Sketchup 3D model format https://www.sketchup.com/
+0 string \xff\xfe\xff\x0e\x53\x00\x6b\x00\x65\x00\x74\x00\x63\x00\x68\x00\x55\x00\x70\x00\x20\x00\x4d\x00\x6f\x00\x64\x00\x65\x00\x6c\x00 SketchUp Model
+!:mime application/vnd.sketchup.skp
+!:ext skp
+
+4 regex/b P[0-9][0-9]\\.[0-9][0-9][0-9][0-9]\\.[0-9][0-9][0-9][0-9]\\.[0-9] NAXOS CAD System file from version %s
+!:strength +40
+
+# glTF (GL Transmission Format) - by the Khronos Group
+# Reference: https://github.com/KhronosGroup/glTF/tree/master/specification/2.0#glb-file-format-specification
+0 string glTF glTF binary model
+>4 ulelong x \b, version %d
+>8 ulelong x \b, length %d bytes
+!:mime model/gltf-binary
+!:ext glb
+
+# FBX (FilmBoX) - by Kaydara/Autodesk
+# Reference: https://code.blender.org/2013/08/fbx-binary-file-format-specification
+0 string Kaydara\ FBX\ Binary\ \ \0 Kaydara FBX model,
+>&2 ulelong x version %d
+!:ext fbx
+
+# PLY (Polygon File Format/Stanford Triangle Format) - by Greg Turk
+# Reference: https://web.archive.org/web/20161204152348/http://www.dcs.ed.ac.uk/teaching/cs4/www/graphics/Web/ply.html
+0 string ply\n PLY model,
+!:ext ply
+>4 string format\ ascii\ ASCII,
+>>&0 regex/6 [0-9.]+ version %s
+>4 string format\ binary binary,
+>>&0 string _little_endian\ little endian,
+>>>&0 regex/6 [0-9.]+ version %s
+>>&0 string _big_endian\ big endian,
+>>>&0 regex/6 [0-9.]+ version %s
+
+# VRML (Virtual Reality Modeling Language) - by the Web3D Consortium
+# From: Michel Briand <michelbriand@free.fr>
+# Reference: https://www.web3d.org/standards
+0 string/w #VRML\ V1.0\ ascii VRML 1 file
+!:mime model/vrml
+!:ext wrl
+0 string/w #VRML\ V2.0\ utf8 ISO/IEC 14772 VRML 97 file
+!:mime model/vrml
+!:ext wrl
+# X3D, VRML encoded
+0 string #X3D X3D (Extensible 3D) model, VRML format
+>4 string V
+>>5 regex/6 [0-9.]+ \b, version %s
+!:mime model/x3d+vrml
+!:ext x3dv
+
+## XML-based 3D CAD Formats
+# From: Michel Briand <michelbriand@free.fr>, Oliver Galvin <odg@riseup.net>
+0 string/w \<?xml\ version=
+!:strength + 5
+# X3D (Extensible 3D)
+# Schema: https://www.web3d.org/specifications/x3d-3.2.dtd
+# MIME Type: https://www.iana.org/assignments/media-types/model/x3d+xml
+# Example: https://www.web3d.org/x3d/content/examples/Basic/course/CreateX3DFromStringRandomSpheres.x3d
+>20 search/1000/w \<!DOCTYPE\ X3D X3D (Extensible 3D) model, XML document
+!:mime model/x3d+xml
+!:ext x3d
+# COLLADA (COLLAborative Design Activity) - by the Khronos Group
+# Schema: http://www.collada.org/2005/11/COLLADASchema
+# Reference: https://www.khronos.org/collada
+>20 search/1000/w \<COLLADA COLLADA model, XML document
+!:mime model/vnd.collada+xml
+!:ext dae
+# 3MF (3D Manufacturing Format) - by the 3MF Consortium
+# Schema: http://schemas.microsoft.com/3dmanufacturing/core/2015/02
+# Reference: https://3mf.io/specification
+>20 search/1000/w xmlns="http://schemas.microsoft.com/3dmanufacturing 3MF (3D Manufacturing Format) model, XML document
+!:mime model/3mf
+!:ext 3mf
+# AMF (Additive Manufacturing File)
+# Reference: https://www.astm.org/Standards/ISOASTM52915.htm
+>20 search/1000/w \<amf AMF (Additive Manufacturing Format) model, XML document
+!:mime application/x-amf
+!:ext amf
diff --git a/magic/Magdir/cafebabe b/magic/Magdir/cafebabe
new file mode 100644
index 0000000..4f97cc0
--- /dev/null
+++ b/magic/Magdir/cafebabe
@@ -0,0 +1,107 @@
+
+#------------------------------------------------------------------------------
+# $File: cafebabe,v 1.28 2022/07/01 23:24:47 christos Exp $
+# Cafe Babes unite!
+#
+# Since Java bytecode and Mach-O universal binaries have the same magic number,
+# the test must be performed in the same "magic" sequence to get both right.
+# The long at offset 4 in a Mach-O universal binary tells the number of
+# architectures; the short at offset 4 in a Java bytecode file is the JVM minor
+# version and the short at offset 6 is the JVM major version. Since there are only
+# only 18 labeled Mach-O architectures at current, and the first released
+# Java class format was version 43.0, we can safely choose any number
+# between 18 and 39 to test the number of architectures against
+# (and use as a hack). Let's not use 18, because the Mach-O people
+# might add another one or two as time goes by...
+#
+### JAVA START ###
+# Reference: http://en.wikipedia.org/wiki/Java_class_file
+# Update: Joerg Jenderek
+0 belong 0xcafebabe
+>4 ubelong >30 compiled Java class data,
+!:mime application/x-java-applet
+#!:mime application/java-byte-code
+!:ext class
+>>6 ubeshort x version %d.
+>>4 ubeshort x \b%d
+# for debugging purpose version as hexadecimal to compare with Mach-O universal binary
+#>>4 ubelong x (%#8.8x)
+# Which is which?
+# https://docs.oracle.com/javase/specs/jvms/se6/html/ClassFile.doc.html
+#>>4 belong 0x002b (Java 0.?)
+#>>4 belong 0x032d (Java 1.0)
+#>>4 belong 0x032d (Java 1.1)
+>>4 belong 0x002e (Java 1.2)
+>>4 belong 0x002f (Java 1.3)
+>>4 belong 0x0030 (Java 1.4)
+>>4 belong 0x0031 (Java 1.5)
+>>4 belong 0x0032 (Java 1.6)
+>>4 belong 0x0033 (Java 1.7)
+>>4 belong 0x0034 (Java 1.8)
+>>4 belong 0x0035 (Java SE 9)
+>>4 belong 0x0036 (Java SE 10)
+>>4 belong 0x0037 (Java SE 11)
+>>4 belong 0x0038 (Java SE 12)
+>>4 belong 0x0039 (Java SE 13)
+>>4 belong 0x003A (Java SE 14)
+>>4 belong 0x003B (Java SE 15)
+>>4 belong 0x003C (Java SE 16)
+>>4 belong 0x003D (Java SE 17)
+>>4 belong 0x003E (Java SE 18)
+>>4 belong 0x003F (Java SE 19)
+>>4 belong 0x0040 (Java SE 20)
+# pool count unequal zero
+#>>8 beshort x \b, pool count %#x
+# pool table
+#>>10 ubequad x \b, pool %#16.16llx...
+
+0 belong 0xcafed00d JAR compressed with pack200,
+>5 byte x version %d.
+>4 byte x \b%d
+!:mime application/x-java-pack200
+
+
+0 belong 0xcafed00d JAR compressed with pack200,
+>5 byte x version %d.
+>4 byte x \b%d
+!:mime application/x-java-pack200
+
+### JAVA END ###
+### MACH-O START ###
+# URL: https://en.wikipedia.org/wiki/Mach-O
+
+0 name mach-o \b [
+# for debugging purpose CPU type as hexadecimal
+#>0 ubequad x CPU=%16.16llx
+# display CPU type as string like: i386 x86_64 ... armv7 armv7k ...
+>0 use mach-o-cpu \b
+# for debugging purpose print offset to 1st mach_header like:
+# 1000h 4000h seldom 2d000h 88000h 5b000h 10e000 h
+#>8 ubelong x at %#x offset
+>(8.L) indirect x \b:
+>0 belong x \b]
+
+# Reference: https://opensource.apple.com/source/cctools/cctools-949.0.1/
+# include/mach-o/fat.h
+# include/mach/machine.h
+0 belong 0xcafebabe
+>4 belong 1 Mach-O universal binary with 1 architecture:
+!:mime application/x-mach-binary
+>>8 use mach-o \b
+# nfat_arch; number of CPU architectures; highest is 18 for CPU_TYPE_POWERPC in 2020
+>4 ubelong >1
+>>4 ubelong <20 Mach-O universal binary with %d architectures:
+!:mime application/x-mach-binary
+>>>8 use mach-o \b
+>>>4 ubelong >1
+>>>>28 use mach-o \b
+>>>4 ubelong >2
+>>>>48 use mach-o \b
+>>>4 ubelong >3
+>>>>68 use mach-o \b
+>>>4 ubelong >4
+>>>>88 use mach-o \b
+>>>4 ubelong >5
+>>>>108 use mach-o \b
+
+### MACH-O END ###
diff --git a/magic/Magdir/cbor b/magic/Magdir/cbor
new file mode 100644
index 0000000..c780dc6
--- /dev/null
+++ b/magic/Magdir/cbor
@@ -0,0 +1,21 @@
+
+#------------------------------------------------------------------------------
+# $File: cbor,v 1.1 2015/01/28 01:05:21 christos Exp $
+# cbor: file(1) magic for CBOR files as defined in RFC 7049
+
+0 string \xd9\xd9\xf7 Concise Binary Object Representation (CBOR) container
+!:mime application/cbor
+>3 ubyte <0x20 (positive integer)
+>3 ubyte <0x40
+>>3 ubyte >0x1f (negative integer)
+>3 ubyte <0x60
+>>3 ubyte >0x3f (byte string)
+>3 ubyte <0x80
+>>3 ubyte >0x5f (text string)
+>3 ubyte <0xa0
+>3 ubyte >0x7f (array)
+>3 ubyte <0xc0
+>>3 ubyte >0x9f (map)
+>3 ubyte <0xe0
+>>3 ubyte >0xbf (tagged)
+>3 ubyte >0xdf (other)
diff --git a/magic/Magdir/ccf b/magic/Magdir/ccf
new file mode 100644
index 0000000..1d5ba19
--- /dev/null
+++ b/magic/Magdir/ccf
@@ -0,0 +1,14 @@
+
+#------------------------------------------------------------------------------
+# $File: ccf,v 1.1 2022/02/15 12:57:45 christos Exp $
+# file(1) magic(5) data for Phillips remote controls
+
+# Exchange format for Philips Pronto universal infrared remote controls
+# A CCF file describes a learned/customized remote control,
+# i.e. it contains button UI and infrared pulse code definitions
+# (Georg Sauthoff)
+# http://files.remotecentral.com/download/45/pan-air-csakr.zip.html
+# https://github.com/gsauthof/pronto-ccf/blob/
+
+8 string @\xa5Z@_CCF
+>32 string CCF\x00 Philips Pronto IR remote control CCF
diff --git a/magic/Magdir/cddb b/magic/Magdir/cddb
new file mode 100644
index 0000000..5d8a851
--- /dev/null
+++ b/magic/Magdir/cddb
@@ -0,0 +1,12 @@
+
+#------------------------------------------------------------------------------
+# $File: cddb,v 1.4 2009/09/19 16:28:08 christos Exp $
+# CDDB: file(1) magic for CDDB(tm) format CD text data files
+#
+# From <steve@gracenote.com>
+#
+# This is the /etc/magic entry to decode datafiles as used by
+# CDDB-enabled CD player applications.
+#
+
+0 search/1/w #\040xmcd CDDB(tm) format CD text data
diff --git a/magic/Magdir/chord b/magic/Magdir/chord
new file mode 100644
index 0000000..00d0bec
--- /dev/null
+++ b/magic/Magdir/chord
@@ -0,0 +1,15 @@
+
+#------------------------------------------------------------------------------
+# $File: chord,v 1.5 2010/09/20 19:19:16 rrt Exp $
+# chord: file(1) magic for Chord music sheet typesetting utility input files
+#
+# From Philippe De Muyter <phdm@macqel.be>
+# File format is actually free, but many distributed files begin with `{title'
+#
+0 string {title Chord text file
+
+# Type: PowerTab file format
+# URL: http://www.power-tab.net/
+# From: Jelmer Vernooij <jelmer@samba.org>
+0 string ptab\003\000 Power-Tab v3 Tablature File
+0 string ptab\004\000 Power-Tab v4 Tablature File
diff --git a/magic/Magdir/cisco b/magic/Magdir/cisco
new file mode 100644
index 0000000..0279bbb
--- /dev/null
+++ b/magic/Magdir/cisco
@@ -0,0 +1,12 @@
+
+#------------------------------------------------------------------------------
+# $File: cisco,v 1.4 2009/09/19 16:28:08 christos Exp $
+# cisco: file(1) magic for cisco Systems routers
+#
+# Most cisco file-formats are covered by the generic elf code
+#
+# Microcode files are non-ELF, 0x8501 conflicts with NetBSD/alpha.
+0 belong&0xffffff00 0x85011400 cisco IOS microcode
+>7 string >\0 for '%s'
+0 belong&0xffffff00 0x8501cb00 cisco IOS experimental microcode
+>7 string >\0 for '%s'
diff --git a/magic/Magdir/citrus b/magic/Magdir/citrus
new file mode 100644
index 0000000..1801a55
--- /dev/null
+++ b/magic/Magdir/citrus
@@ -0,0 +1,12 @@
+
+#------------------------------------------------------------------------------
+# $File: citrus,v 1.5 2021/01/04 19:48:31 christos Exp $
+# citrus locale declaration
+#
+
+0 string RuneCT Citrus locale declaration for LC_CTYPE
+0 string CtrsME Citrus locale declaration for LC_MESSAGES
+0 string CtrsMO Citrus locale declaration for LC_MONETARY
+0 string CtrsNU Citrus locale declaration for LC_NUMERIC
+0 string CtrsTI Citrus locale declaration for LC_TIME
+
diff --git a/magic/Magdir/clarion b/magic/Magdir/clarion
new file mode 100644
index 0000000..9fa0049
--- /dev/null
+++ b/magic/Magdir/clarion
@@ -0,0 +1,27 @@
+
+#------------------------------------------------------------------------------
+# $File: clarion,v 1.5 2014/04/30 21:41:02 christos Exp $
+# clarion: file(1) magic for # Clarion Personal/Professional Developer
+# (v2 and above)
+# From: Julien Blache <jb@jblache.org>
+
+# Database files
+# signature
+0 leshort 0x3343 Clarion Developer (v2 and above) data file
+# attributes
+>2 leshort &0x0001 \b, locked
+>2 leshort &0x0004 \b, encrypted
+>2 leshort &0x0008 \b, memo file exists
+>2 leshort &0x0010 \b, compressed
+>2 leshort &0x0040 \b, read only
+# number of records
+>5 lelong x \b, %d records
+
+# Memo files
+0 leshort 0x334d Clarion Developer (v2 and above) memo data
+
+# Key/Index files
+# No magic? :(
+
+# Help files
+0 leshort 0x49e0 Clarion Developer (v2 and above) help data
diff --git a/magic/Magdir/claris b/magic/Magdir/claris
new file mode 100644
index 0000000..6a1b68f
--- /dev/null
+++ b/magic/Magdir/claris
@@ -0,0 +1,48 @@
+
+#------------------------------------------------------------------------------
+# $File: claris,v 1.8 2016/07/18 19:23:38 christos Exp $
+# claris: file(1) magic for claris
+# "H. Nanosecond" <aldomel@ix.netcom.com>
+# Claris Works a word processor, etc.
+# Version 3.0
+
+# .pct claris works clip art files
+#0000000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000
+#*
+#0001000 #010 250 377 377 377 377 000 213 000 230 000 021 002 377 014 000
+#null to byte 1000 octal
+514 string \377\377\377\377\000
+>0 string \0\0\0\0\0\0\0\0\0\0\0\0\0 Claris clip art
+514 string \377\377\377\377\001
+>0 string \0\0\0\0\0\0\0\0\0\0\0\0\0 Claris clip art
+
+# Claris works files
+# .cwk
+# Moved to Apple AppleWorks document
+#0 string \002\000\210\003\102\117\102\117\000\001\206 Claris works document
+# .plt
+0 string \020\341\000\000\010\010 Claris Works palette files .plt
+
+# .msp a dictionary file I am not sure about this I have only one .msp file
+0 string \002\271\262\000\040\002\000\164 Claris works dictionary
+
+# .usp are user dictionary bits
+# I am not sure about a magic header:
+#0000000 001 123 160 146 070 125 104 040 136 123 015 012 160 157 144 151
+# soh S p f 8 U D sp ^ S cr nl p o d i
+#0000020 141 164 162 151 163 164 040 136 123 015 012 144 151 166 040 043
+# a t r i s t sp ^ S cr nl d i v sp #
+
+# .mth Thesaurus
+# starts with \0 but no magic header
+
+# .chy Hyphenation file
+# I am not sure: 000 210 034 000 000
+
+# other claris files
+#./windows/claris/useng.ndx: data
+#./windows/claris/xtndtran.l32: data
+#./windows/claris/xtndtran.lst: data
+#./windows/claris/clworks.lbl: data
+#./windows/claris/clworks.prf: data
+#./windows/claris/userd.spl: data
diff --git a/magic/Magdir/clipper b/magic/Magdir/clipper
new file mode 100644
index 0000000..484caeb
--- /dev/null
+++ b/magic/Magdir/clipper
@@ -0,0 +1,65 @@
+
+#------------------------------------------------------------------------------
+# $File: clipper,v 1.9 2020/12/15 23:57:27 christos Exp $
+# clipper: file(1) magic for Intergraph (formerly Fairchild) Clipper.
+#
+# XXX - what byte order does the Clipper use?
+#
+# XXX - what's the "!" stuff:
+#
+# >18 short !074000,000000 C1 R1
+# >18 short !074000,004000 C2 R1
+# >18 short !074000,010000 C3 R1
+# >18 short !074000,074000 TEST
+#
+# I shall assume it's ANDing the field with the first value and
+# comparing it with the second, and rewrite it as:
+#
+# >18 short&074000 000000 C1 R1
+# >18 short&074000 004000 C2 R1
+# >18 short&074000 010000 C3 R1
+# >18 short&074000 074000 TEST
+#
+# as SVR3.1's "file" doesn't support anything of the "!074000,000000"
+# sort, nor does SunOS 4.x, so either it's something Intergraph added
+# in CLIX, or something AT&T added in SVR3.2 or later, or something
+# somebody else thought was a good idea; it's not documented in the
+# man page for this version of "magic", nor does it appear to be
+# implemented (at least not after I blew off the bogus code to turn
+# old-style "&"s into new-style "&"s, which just didn't work at all).
+#
+0 short 0575 CLIPPER COFF executable (VAX #)
+>20 short 0407 (impure)
+>20 short 0410 (5.2 compatible)
+>20 short 0411 (pure)
+>20 short 0413 (demand paged)
+>20 short 0443 (target shared library)
+>12 long >0 not stripped
+>22 short >0 - version %d
+0 short 0577 CLIPPER COFF executable
+>18 short&074000 000000 C1 R1
+>18 short&074000 004000 C2 R1
+>18 short&074000 010000 C3 R1
+>18 short&074000 074000 TEST
+>20 short 0407 (impure)
+>20 short 0410 (pure)
+>20 short 0411 (separate I&D)
+>20 short 0413 (paged)
+>20 short 0443 (target shared library)
+>12 long >0 not stripped
+>22 short >0 - version %d
+>48 long&01 01 alignment trap enabled
+>52 byte 1 -Ctnc
+>52 byte 2 -Ctsw
+>52 byte 3 -Ctpw
+>52 byte 4 -Ctcb
+>53 byte 1 -Cdnc
+>53 byte 2 -Cdsw
+>53 byte 3 -Cdpw
+>53 byte 4 -Cdcb
+>54 byte 1 -Csnc
+>54 byte 2 -Cssw
+>54 byte 3 -Cspw
+>54 byte 4 -Cscb
+#4 string pipe CLIPPER instruction trace
+#4 string prof CLIPPER instruction profile
diff --git a/magic/Magdir/clojure b/magic/Magdir/clojure
new file mode 100644
index 0000000..1f1cddf
--- /dev/null
+++ b/magic/Magdir/clojure
@@ -0,0 +1,30 @@
+#------------------------------------------------------------------------------
+# file: file(1) magic for Clojure
+# URL: https://clojure.org/
+# From: Jason Felice <jason.m.felice@gmail.com>
+
+0 string/w #!\ /usr/bin/clj Clojure script text executable
+!:mime text/x-clojure
+0 string/w #!\ /usr/local/bin/clj Clojure script text executable
+!:mime text/x-clojure
+0 string/w #!\ /usr/bin/clojure Clojure script text executable
+!:mime text/x-clojure
+0 string/w #!\ /usr/local/bin/clojure Clojure script text executable
+!:mime text/x-clojure
+0 string/W #!/usr/bin/env\ clj Clojure script text executable
+!:mime text/x-clojure
+0 string/W #!/usr/bin/env\ clojure Clojure script text executable
+!:mime text/x-clojure
+0 string/W #!\ /usr/bin/env\ clj Clojure script text executable
+!:mime text/x-clojure
+0 string/W #!\ /usr/bin/env\ clojure Clojure script text executable
+!:mime text/x-clojure
+
+0 regex \^\\\(ns[[:space:]]+[a-z] Clojure module source text
+!:mime text/x-clojure
+
+0 regex \^\\\(ns[[:space:]]+\\\^\\{: Clojure module source text
+!:mime text/x-clojure
+
+0 regex \^\\\(defn-?[[:space:]] Clojure module source text
+!:mime text/x-clojure
diff --git a/magic/Magdir/coff b/magic/Magdir/coff
new file mode 100644
index 0000000..5123b72
--- /dev/null
+++ b/magic/Magdir/coff
@@ -0,0 +1,98 @@
+
+#------------------------------------------------------------------------------
+# $File: coff,v 1.7 2022/11/21 22:30:22 christos Exp $
+# coff: file(1) magic for Common Object Files not specific to known cpu types or manufactures
+#
+# COFF
+#
+# by Joerg Jenderek at Oct 2015, Feb 2021
+# https://en.wikipedia.org/wiki/COFF
+# https://de.wikipedia.org/wiki/Common_Object_File_Format
+# http://www.delorie.com/djgpp/doc/coff/filhdr.html
+
+# display name+variables+flags of Common Object Files Format (32bit)
+# Maybe used also in adi,att3b,clipper,hitachi-sh,hp,ibm6000,intel,
+# mips,motorola,msdos,osf1,sharc,varied.out,vax
+0 name display-coff
+# test for unused flag bits (0x8000,0x0800,0x0400,0x0200,x0080) in f_flags
+>18 uleshort&0x8E80 0
+# skip DOCTOR.DAILY READER.NDA REDBOX.ROOT by looking for positive number of sections
+>>2 uleshort >0
+# skip ega80woa.fnt svgafix.fnt HP3FNTS1.DAT HP3FNTS2.DAT INTRO.ACT LEARN.PIF by looking for low number of sections
+>>>2 uleshort <4207
+>>>>0 clear x
+# f_magic - magic number
+# DJGPP, 80386 COFF executable, MS Windows COFF Intel 80386 object file (./intel)
+>>>>0 uleshort 0x014C Intel 80386
+# Hitachi SH big-endian COFF (./hitachi-sh)
+>>>>0 uleshort 0x0500 Hitachi SH big-endian
+# Hitachi SH little-endian COFF (./hitachi-sh)
+>>>>0 uleshort 0x0550 Hitachi SH little-endian
+# executable (RISC System/6000 V3.1) or obj module (./ibm6000)
+#>>>>0 uleshort 0x01DF
+# MS Windows COFF Intel Itanium, AMD64
+# https://msdn.microsoft.com/en-us/library/windows/desktop/ms680313(v=vs.85).aspx
+>>>>0 uleshort 0x0200 Intel ia64
+>>>>0 uleshort 0x8664 Intel amd64
+# ARM COFF (./arm)
+>>>>0 uleshort 0xaa64 Aarch64
+>>>>0 uleshort 0x01c0 ARM
+>>>>0 uleshort 0xa641 ARM64EC
+>>>>0 uleshort 0x01c2 ARM Thumb
+>>>>0 uleshort 0x01c4 ARMv7 Thumb
+# TODO for other COFFs
+#>>>>0 uleshort 0xABCD COFF_TEMPLATE
+>>>>0 default x
+>>>>>0 uleshort x type %#04x
+>>>>0 uleshort x COFF
+# F_EXEC flag bit
+>>>>18 leshort ^0x0002 object file
+!:mime application/x-coff
+!:ext o/obj/lib
+# no cof sample found
+#!:ext cof/o/obj/lib
+>>>>18 leshort &0x0002 executable
+#!:mime application/x-coffexec
+# F_RELFLG flag bit,static object
+>>>>18 leshort &0x0001 \b, no relocation info
+# F_LNNO flag bit
+>>>>18 leshort &0x0004 \b, no line number info
+# F_LSYMS flag bit
+>>>>18 leshort &0x0008 \b, stripped
+>>>>18 leshort ^0x0008 \b, not stripped
+# flags in other COFF versions
+#0x0010 F_FDPR_PROF
+#0x0020 F_FDPR_OPTI
+#0x0040 F_DSA
+# F_AR32WR flag bit
+#>>>>18 leshort &0x0100 \b, 32 bit little endian
+#0x1000 F_DYNLOAD
+#0x2000 F_SHROBJ
+#0x4000 F_LOADONLY
+# f_nscns - number of sections like: 1 2 3 4 5 7 8 9 11 12 15 16 19 20 21 22 26 30 36 40 42 56 80 89 96 124
+>>>>2 uleshort <2 \b, %u section
+>>>>2 uleshort >1 \b, %u sections
+# f_symptr - symbol table pointer, only for not stripped
+# like: 0 0x7c 0xf4 0x104 0x182 0x1c2 0x1c6 0x468 0x948 0x416e 0x149a6 0x1c9d8 0x23a68 0x35120 0x7afa0
+>>>>8 ulelong >0 \b, symbol offset=%#x
+# f_nsyms - number of symbols, only for not stripped
+# like: 0 2 7 9 10 11 20 35 41 63 71 80 105 146 153 158 170 208 294 572 831 1546
+>>>>12 ulelong >0 \b, %d symbols
+# f_opthdr - optional header size. An object file should have a value of 0
+>>>>16 uleshort >0 \b, optional header size %u
+# f_timdat - file time & date stamp only for little endian
+>>>>4 ledate >0 \b, created %s
+# at offset 20 can be optional header, extra bytes FILHSZ-20 because
+# do not rely on sizeof(FILHDR) to give the correct size for header.
+# or first section header
+# additional variables for other COFF files
+>>>>16 uleshort =0
+# first section name s_name[8] like: .text .data .debug$S .drectve .testseg
+>>>>>20 string x \b, 1st section name "%.8s"
+# >20 beshort 0407 (impure)
+# >20 beshort 0410 (pure)
+# >20 beshort 0413 (demand paged)
+# >20 beshort 0421 (standalone)
+# >22 leshort >0 - version %d
+# >168 string .lowmem Apple toolbox
+
diff --git a/magic/Magdir/commands b/magic/Magdir/commands
new file mode 100644
index 0000000..6ad87fd
--- /dev/null
+++ b/magic/Magdir/commands
@@ -0,0 +1,201 @@
+
+#------------------------------------------------------------------------------
+# $File: commands,v 1.73 2022/11/06 18:39:23 christos Exp $
+# commands: file(1) magic for various shells and interpreters
+#
+#0 string/w : shell archive or script for antique kernel text
+0 string/fwt #!\ /bin/sh POSIX shell script text executable
+!:mime text/x-shellscript
+0 string/fwb #!\ /bin/sh POSIX shell script executable (binary data)
+!:mime text/x-shellscript
+>10 string #\040This\040script\040was\040generated\040using\040Makeself \b, self-executable archive
+>>53 string x \b, Makeself %s
+
+0 string/fwt #!\ /bin/csh C shell script text executable
+!:mime text/x-shellscript
+
+# korn shell magic, sent by George Wu, gwu@clyde.att.com
+0 string/fwt #!\ /bin/ksh Korn shell script text executable
+!:mime text/x-shellscript
+0 string/fwb #!\ /bin/ksh Korn shell script executable (binary data)
+!:mime text/x-shellscript
+
+0 string/fwt #!\ /bin/tcsh Tenex C shell script text executable
+!:mime text/x-shellscript
+0 string/fwt #!\ /usr/bin/tcsh Tenex C shell script text executable
+!:mime text/x-shellscript
+0 string/fwt #!\ /usr/local/tcsh Tenex C shell script text executable
+!:mime text/x-shellscript
+0 string/fwt #!\ /usr/local/bin/tcsh Tenex C shell script text executable
+!:mime text/x-shellscript
+
+#
+# zsh/ash/ae/nawk/gawk magic from cameron@cs.unsw.oz.au (Cameron Simpson)
+0 string/fwt #!\ /bin/zsh Paul Falstad's zsh script text executable
+!:mime text/x-shellscript
+0 string/fwt #!\ /usr/bin/zsh Paul Falstad's zsh script text executable
+!:mime text/x-shellscript
+0 string/fwt #!\ /usr/local/bin/zsh Paul Falstad's zsh script text executable
+!:mime text/x-shellscript
+0 string/fwt #!\ /usr/bin/env\ zsh Paul Falstad's zsh script text executable
+!:mime text/x-shellscript
+
+0 string/fwt #!\ /bin/ash Neil Brown's ash script text executable
+!:mime text/x-shellscript
+0 string/fwt #!\ /usr/bin/ash Neil Brown's ash script text executable
+!:mime text/x-shellscript
+0 string/fwt #!\ /usr/local/bin/ash Neil Brown's ash script text executable
+!:mime text/x-shellscript
+0 string/fwt #!\ /usr/local/bin/ae Neil Brown's ae script text executable
+!:mime text/x-shellscript
+0 string/fwt #!\ /bin/nawk new awk script text executable
+!:mime text/x-nawk
+0 string/fwt #!\ /usr/bin/nawk new awk script text executable
+!:mime text/x-nawk
+0 string/fwt #!\ /usr/local/bin/nawk new awk script text executable
+!:mime text/x-nawk
+0 string/fwt #!\ /bin/gawk GNU awk script text executable
+!:mime text/x-gawk
+0 string/wt #!\ /usr/bin/gawk GNU awk script text executable
+!:mime text/x-gawk
+0 string/fwt #!\ /usr/local/bin/gawk GNU awk script text executable
+!:mime text/x-gawk
+#
+0 string/fwt #!\ /bin/awk awk script text executable
+!:mime text/x-awk
+0 string/fwt #!\ /usr/bin/awk awk script text executable
+!:mime text/x-awk
+0 regex/4096 =^[\040\t\f\r\n]{0,100}BEGIN[\040\t\f\r\n]{0,100}[{] awk or perl script text
+
+# AT&T Bell Labs' Plan 9 shell
+0 string/fwt #!\ /bin/rc Plan 9 rc shell script text executable
+
+# bash shell magic, from Peter Tobias (tobias@server.et-inf.fho-emden.de)
+0 string/fwt #!\ /bin/bash Bourne-Again shell script text executable
+!:mime text/x-shellscript
+0 string/fwb #!\ /bin/bash Bourne-Again shell script executable (binary data)
+!:mime text/x-shellscript
+0 string/fwt #!\ /usr/bin/bash Bourne-Again shell script text executable
+!:mime text/x-shellscript
+0 string/fwb #!\ /usr/bin/bash Bourne-Again shell script executable (binary data)
+!:mime text/x-shellscript
+0 string/fwt #!\ /usr/local/bash Bourne-Again shell script text executable
+!:mime text/x-shellscript
+0 string/fwb #!\ /usr/local/bash Bourne-Again shell script executable (binary data)
+!:mime text/x-shellscript
+0 string/fwt #!\ /usr/local/bin/bash Bourne-Again shell script text executable
+!:mime text/x-shellscript
+0 string/fwb #!\ /usr/local/bin/bash Bourne-Again shell script executable (binary data)
+!:mime text/x-shellscript
+0 string/fwt #!\ /usr/bin/env\ bash Bourne-Again shell script text executable
+!:mime text/x-shellscript
+
+# Fish shell magic
+# From: Benjamin Lowry <ben@ben.gmbh>
+0 string/fwt #!\ /usr/local/bin/fish fish shell script text executable
+!:mime text/x-shellscript
+0 string/fwt #!\ /usr/bin/fish fish shell script text executable
+!:mime text/x-shellscript
+0 string/fwt #!\ /usr/bin/env\ fish fish shell script text executable
+!:mime text/x-shellscript
+
+0 search/1/fwt #!\ /usr/bin/tclsh Tcl/Tk script text executable
+!:mime text/x-tcl
+
+0 search/1/fwt #!\ /usr/bin/texlua LuaTex script text executable
+!:mime text/x-luatex
+
+0 search/1/fwt #!\ /usr/bin/luatex LuaTex script text executable
+!:mime text/x-luatex
+
+0 search/1/fwt #!\ /usr/bin/stap Systemtap script text executable
+!:mime text/x-systemtap
+
+# From: Kylie McClain <kylie@somas.is>
+# Type: execline scripts
+# URL: https://skarnet.org/software/execline/
+0 string/fwt #!\ /command/execlineb execline script text executable
+!:mime text/x-execline
+0 string/fwt #!\ /bin/execlineb execline script text executable
+!:mime text/x-execline
+0 string/fwt #!\ /usr/bin/execlineb execline script text executable
+!:mime text/x-execline
+0 string/fwt #!\ /usr/bin/env\ execlineb execline script text executable
+!:mime text/x-execline
+
+0 string #!
+>0 regex \^#!.*/bin/execlineb([[:space:]].*)*$ execline script text executable
+!:mime text/x-execline
+
+# PHP scripts
+# Ulf Harnhammar <ulfh@update.uu.se>
+0 search/1/c =<?php PHP script text
+!:strength + 30
+!:mime text/x-php
+0 search/1 =<?\n PHP script text
+!:mime text/x-php
+0 search/1 =<?\r PHP script text
+!:mime text/x-php
+0 search/1/w #!\ /usr/local/bin/php PHP script text executable
+!:strength + 10
+!:mime text/x-php
+0 search/1/w #!\ /usr/bin/php PHP script text executable
+!:strength + 10
+!:mime text/x-php
+# Smarty compiled template, https://www.smarty.net/
+# Elan Ruusamae <glen@delfi.ee>
+0 string =<?php
+>5 regex [\ \n]
+>>6 string /*\ Smarty\ version Smarty compiled template
+>>>24 regex [0-9.]+ \b, version %s
+!:mime text/x-php
+
+0 string Zend\x00 PHP script Zend Optimizer data
+
+# From: Anatol Belski <ab@php.net>
+0 string OPCACHE
+>7 ubyte 0 PHP opcache filecache data
+
+0 search/64 --TEST--
+>16 search/64 --FILE--
+>24 search/8192 --EXPECT PHP core test
+!:ext phpt
+
+# https://www.php.net/manual/en/phar.fileformat.signature.php
+-4 string GBMB PHP phar archive
+>-8 ubyte 0x1 with MD5 signature
+!:ext phar
+>-8 ubyte 0x2 with SHA1 signature
+!:ext phar
+>-8 ubyte 0x3 with SHA256 signature
+!:ext phar
+>-8 ubyte 0x4 with SHA512 signature
+!:ext phar
+>-8 ubyte 0x10 with OpenSSL signature
+!:ext phar
+>-8 ubyte 0x11 with OpenSSL SHA256 signature
+!:ext phar
+>-8 ubyte 0x12 with OpenSSL SHA512 signature
+!:ext phar
+
+0 string/t $! DCL command file
+
+# Type: Pdmenu
+# URL: https://packages.debian.org/pdmenu
+# From: Edward Betts <edward@debian.org>
+0 string #!/usr/bin/pdmenu Pdmenu configuration file text
+
+# From Danny Weldon
+0 string \x0b\x13\x08\x00
+>0x04 uleshort <4 ksh byte-code version %d
+
+# From: arno <arenevier@fdn.fr>
+# mozilla xpconnect typelib
+# see https://www.mozilla.org/scriptable/typelib_file.html
+0 string XPCOM\nTypeLib\r\n\032 XPConnect Typelib
+>0x10 byte x version %d
+>>0x11 byte x \b.%d
+
+0 string/fwt #!\ /usr/bin/env\ runghc GHC script executable
+0 string/fwt #!\ /usr/bin/env\ runhaskell Haskell script executable
+0 string/fwt #!\ /usr/bin/env\ julia Julia script executable
diff --git a/magic/Magdir/communications b/magic/Magdir/communications
new file mode 100644
index 0000000..8e1d908
--- /dev/null
+++ b/magic/Magdir/communications
@@ -0,0 +1,22 @@
+
+#----------------------------------------------------------------------------
+# $File: communications,v 1.5 2009/09/19 16:28:08 christos Exp $
+# communication
+
+# TTCN is the Tree and Tabular Combined Notation described in ISO 9646-3.
+# It is used for conformance testing of communication protocols.
+# Added by W. Borgert <debacle@debian.org>.
+0 string $Suite TTCN Abstract Test Suite
+>&1 string $SuiteId
+>>&1 string >\n %s
+>&2 string $SuiteId
+>>&1 string >\n %s
+>&3 string $SuiteId
+>>&1 string >\n %s
+
+# MSC (message sequence charts) are a formal description technique,
+# described in ITU-T Z.120, mainly used for communication protocols.
+# Added by W. Borgert <debacle@debian.org>.
+0 string mscdocument Message Sequence Chart (document)
+0 string msc Message Sequence Chart (chart)
+0 string submsc Message Sequence Chart (subchart)
diff --git a/magic/Magdir/compress b/magic/Magdir/compress
new file mode 100644
index 0000000..c3f93fa
--- /dev/null
+++ b/magic/Magdir/compress
@@ -0,0 +1,461 @@
+#------------------------------------------------------------------------------
+# $File: compress,v 1.91 2023/06/16 19:37:47 christos Exp $
+# compress: file(1) magic for pure-compression formats (no archives)
+#
+# compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, etc.
+#
+# Formats for various forms of compressed data
+# Formats for "compress" proper have been moved into "compress.c",
+# because it tries to uncompress it to figure out what's inside.
+
+# standard unix compress
+0 string \037\235 compress'd data
+!:mime application/x-compress
+!:apple LZIVZIVU
+!:ext Z
+>2 byte&0x80 >0 block compressed
+>2 byte&0x1f x %d bits
+
+# gzip (GNU zip, not to be confused with Info-ZIP or PKWARE zip archiver)
+# URL: https://en.wikipedia.org/wiki/Gzip
+# Reference: https://tools.ietf.org/html/rfc1952
+# Update: Joerg Jenderek, Apr 2019, Dec 2022
+# Edited by Chris Chittleborough <cchittleborough@yahoo.com.au>, March 2002
+# * Original filename is only at offset 10 if "extra field" absent
+# * Produce shorter output - notably, only report compression methods
+# other than 8 ("deflate", the only method defined in RFC 1952).
+# Note: find defs -iname '*.trid.xml' -exec grep -q '<Bytes>1F8B08' {} \; -ls
+# TODO:
+# FBR Blueberry FlashBack screen Record https://www.flashbackrecorder.com/
+# KPR KOffice/Calligra KPresenter application/x-kpresenter
+# KPT KOffice/Calligra KPresenter template? application/x-kpresenter
+# SAV Diggles Saved Game File http://www.innonics.com
+# SAV FarCry (demo) saved game http://www.farcry-thegame.com
+# DAT ZOAGZIP game data format http://en.wikipedia.org/wiki/SD_Gundam_Capsule_Fighter
+0 string \037\213
+# to display gzip compressed (strength=100=2*50) before other (strength=50)?
+#!:strength * 2
+# no FNAME and FCOMMENT bit implies no file name/comment. That means only binary
+>3 byte&0x18 =0
+# For binary gzipped no ASCII text should occur
+# mcd-monu-cad.trid.xml
+>>10 string MCD Monu-Cad Drawing, Component or Font
+#>>36 string Created\ with\ MONU-CAD
+#!:mime application/octet-stream
+# http://fileformats.archiveteam.org/wiki/Monu-CAD
+# http://www.monucad.com/downloads/FullDemo-2005.EXE
+# /HANDS96.MCC Component
+# /DEMO_DD01.MCD Drawing
+# /MCALF020.FNT Font
+!:ext mcc/mcd/fnt
+# http://www.generalcadd.com
+>>10 string GXD General CADD, Drawing or Component
+#!:mime application/octet-stream
+# /gxc/BUILDINGEDGE.gxc Component
+# /gxd/HOCKETT-STPAUL-WRHSE.gxd Drawing
+# /gxd/POWERLAND-MILL-ADD-11.gxd Drawing v9.1.06
+!:ext gxc/gxd
+#>>>13 ubyte 0 \b, version 0
+>>>13 string 09 \b, version 9
+# other gzipped binary like gzipped tar, VirtualBox extension package,...
+>>10 default x gzip compressed data
+!:mime application/gzip
+>>>0 use gzip-info
+# size of the original (uncompressed) input data modulo 2^32
+# TODO: check for GXD MCD cad the reported size
+>>>-4 ulelong x \b, original size modulo 2^32 %u
+# gzipped TAR or VirtualBox extension package
+#!:mime application/x-compressed-tar
+#!:mime application/x-virtualbox-vbox-extpack
+# https://www.w3.org/TR/SVG/mimereg.html
+#!:mime image/svg+xml-compressed
+# zlib.3.gz
+# microcode-20180312.tgz
+# tpz same as tgz
+# lua-md5_1.2-1_i386_i486.ipk https://en.wikipedia.org/wiki/Opkg
+# Oracle_VM_VirtualBox_Extension_Pack-5.0.12-104815.vbox-extpack
+# trees.blend http://fileformats.archiveteam.org/wiki/BLEND
+# 2020-07-19-Note-16-24.xoj https://xournal.sourceforge.net/manual.html
+# MYgnucash-gz.gnucash https://wiki.gnucash.org/wiki/GnuCash_XML_format
+# text-rotate.dia https://en.wikipedia.org/wiki/Dia_(software)
+# MYrdata.RData https://en.wikipedia.org/wiki/R_(programming_language)
+!:ext gz/tgz/tpz/ipk/vbox-extpack/svgz/blend/dia/gnucash/rdata/xoj
+# FNAME/FCOMMENT bit implies file name/comment as iso-8859-1 text
+>3 byte&0x18 >0 gzip compressed data
+!:mime application/gzip
+# gzipped tar, gzipped Abiword document
+#!:mime application/x-compressed-tar
+#!:mime application/x-abiword-compressed
+#!:mime image/image/svg+xml-compressed
+# kleopatra_splashscreen.svgz gzipped .svg
+# RSI-Mega-Demo_Disk1.adz gzipped .adf http://fileformats.archiveteam.org/wiki/ADF_(Amiga)
+# PostbankTest.kmy gzipped XML https://docs.kde.org/stable5/en/kmymoney/kmymoney/details.formats.compressed.html
+# Logo.xcfgz gzipped .xcf http://fileformats.archiveteam.org/wiki/XCF
+!:ext gz/tgz/tpz/zabw/svgz/adz/kmy/xcfgz
+>>0 use gzip-info
+# size of the original (uncompressed) input data modulo 2^32
+>>-4 ulelong x \b, original size modulo 2^32 %u
+# display information of gzip compressed files
+0 name gzip-info
+#>2 byte x THIS iS GZIP
+>2 byte <8 \b, reserved method
+>2 byte >8 \b, unknown method
+>3 byte &0x01 \b, ASCII
+>3 byte &0x02 \b, has CRC
+>3 byte &0x04 \b, extra field
+>3 byte&0xC =0x08
+>>10 string x \b, was "%s"
+>3 byte &0x10 \b, has comment
+>3 byte &0x20 \b, encrypted
+>4 ledate >0 \b, last modified: %s
+>8 byte 2 \b, max compression
+>8 byte 4 \b, max speed
+>9 byte =0x00 \b, from FAT filesystem (MS-DOS, OS/2, NT)
+>9 byte =0x01 \b, from Amiga
+>9 byte =0x02 \b, from VMS
+>9 byte =0x03 \b, from Unix
+>9 byte =0x04 \b, from VM/CMS
+>9 byte =0x05 \b, from Atari
+>9 byte =0x06 \b, from HPFS filesystem (OS/2, NT)
+>9 byte =0x07 \b, from MacOS
+>9 byte =0x08 \b, from Z-System
+>9 byte =0x09 \b, from CP/M
+>9 byte =0x0A \b, from TOPS/20
+>9 byte =0x0B \b, from NTFS filesystem (NT)
+>9 byte =0x0C \b, from QDOS
+>9 byte =0x0D \b, from Acorn RISCOS
+# size of the original (uncompressed) input data modulo 2^32
+#>-4 ulelong x \b, original size modulo 2^32 %u
+#ERROR: line 114: non zero offset 1048572 at level 1
+
+# packed data, Huffman (minimum redundancy) codes on a byte-by-byte basis
+0 string \037\036 packed data
+!:mime application/octet-stream
+!:ext z
+>2 belong >1 \b, %d characters originally
+>2 belong =1 \b, %d character originally
+#
+# This magic number is byte-order-independent.
+0 short 0x1f1f old packed data
+!:mime application/octet-stream
+
+# XXX - why *two* entries for "compacted data", one of which is
+# byte-order independent, and one of which is byte-order dependent?
+#
+0 short 0x1fff compacted data
+!:mime application/octet-stream
+# This string is valid for SunOS (BE) and a matching "short" is listed
+# in the Ultrix (LE) magic file.
+0 string \377\037 compacted data
+!:mime application/octet-stream
+0 short 0145405 huf output
+!:mime application/octet-stream
+
+# bzip2
+0 string BZh bzip2 compressed data
+!:mime application/x-bzip2
+!:ext bz2
+>3 byte >47 \b, block size = %c00k
+
+# bzip a block-sorting file compressor
+# by Julian Seward <sewardj@cs.man.ac.uk> and others
+0 string BZ0 bzip compressed data
+!:mime application/x-bzip
+>3 byte >47 \b, block size = %c00k
+
+# lzip
+0 string LZIP lzip compressed data
+!:mime application/x-lzip
+!:ext lz
+>4 byte x \b, version: %d
+
+# squeeze and crunch
+# Michael Haardt <michael@cantor.informatik.rwth-aachen.de>
+0 beshort 0x76FF squeezed data,
+>4 string x original name %s
+0 beshort 0x76FE crunched data,
+>2 string x original name %s
+0 beshort 0x76FD LZH compressed data,
+>2 string x original name %s
+
+# Freeze
+0 string \037\237 frozen file 2.1
+0 string \037\236 frozen file 1.0 (or gzip 0.5)
+
+# SCO compress -H (LZH)
+0 string \037\240 SCO compress -H (LZH) data
+
+# European GSM 06.10 is a provisional standard for full-rate speech
+# transcoding, prI-ETS 300 036, which uses RPE/LTP (residual pulse
+# excitation/long term prediction) coding at 13 kbit/s.
+#
+# There's only a magic nibble (4 bits); that nibble repeats every 33
+# bytes. This isn't suited for use, but maybe we can use it someday.
+#
+# This will cause very short GSM files to be declared as data and
+# mismatches to be declared as data too!
+#0 byte&0xF0 0xd0 data
+#>33 byte&0xF0 0xd0
+#>66 byte&0xF0 0xd0
+#>99 byte&0xF0 0xd0
+#>132 byte&0xF0 0xd0 GSM 06.10 compressed audio
+
+# lzop from <markus.oberhumer@jk.uni-linz.ac.at>
+0 string \x89\x4c\x5a\x4f\x00\x0d\x0a\x1a\x0a lzop compressed data
+!:ext lzo
+>9 beshort <0x0940
+>>9 byte&0xf0 =0x00 - version 0.
+>>9 beshort&0x0fff x \b%03x,
+>>13 byte 1 LZO1X-1,
+>>13 byte 2 LZO1X-1(15),
+>>13 byte 3 LZO1X-999,
+## >>22 bedate >0 last modified: %s,
+>>14 byte =0x00 os: MS-DOS
+>>14 byte =0x01 os: Amiga
+>>14 byte =0x02 os: VMS
+>>14 byte =0x03 os: Unix
+>>14 byte =0x05 os: Atari
+>>14 byte =0x06 os: OS/2
+>>14 byte =0x07 os: MacOS
+>>14 byte =0x0A os: Tops/20
+>>14 byte =0x0B os: WinNT
+>>14 byte =0x0E os: Win32
+>9 beshort >0x0939
+>>9 byte&0xf0 =0x00 - version 0.
+>>9 byte&0xf0 =0x10 - version 1.
+>>9 byte&0xf0 =0x20 - version 2.
+>>9 beshort&0x0fff x \b%03x,
+>>15 byte 1 LZO1X-1,
+>>15 byte 2 LZO1X-1(15),
+>>15 byte 3 LZO1X-999,
+## >>25 bedate >0 last modified: %s,
+>>17 byte =0x00 os: MS-DOS
+>>17 byte =0x01 os: Amiga
+>>17 byte =0x02 os: VMS
+>>17 byte =0x03 os: Unix
+>>17 byte =0x05 os: Atari
+>>17 byte =0x06 os: OS/2
+>>17 byte =0x07 os: MacOS
+>>17 byte =0x0A os: Tops/20
+>>17 byte =0x0B os: WinNT
+>>17 byte =0x0E os: Win32
+
+# 4.3BSD-Quasijarus Strong Compression
+# https://minnie.tuhs.org/Quasijarus/compress.html
+0 string \037\241 Quasijarus strong compressed data
+
+# From: Cory Dikkers <cdikkers@swbell.net>
+0 string XPKF Amiga xpkf.library compressed data
+0 string PP11 Power Packer 1.1 compressed data
+0 string PP20 Power Packer 2.0 compressed data,
+>4 belong 0x09090909 fast compression
+>4 belong 0x090A0A0A mediocre compression
+>4 belong 0x090A0B0B good compression
+>4 belong 0x090A0C0C very good compression
+>4 belong 0x090A0C0D best compression
+
+# 7-zip archiver, from Thomas Klausner (wiz@danbala.tuwien.ac.at)
+# https://www.7-zip.org or DOC/7zFormat.txt
+#
+0 string 7z\274\257\047\034 7-zip archive data,
+>6 byte x version %d
+>7 byte x \b.%d
+!:mime application/x-7z-compressed
+!:ext 7z/cb7
+
+0 name lzma LZMA compressed data,
+!:mime application/x-lzma
+!:ext lzma
+>5 lequad =0xffffffffffffffff streamed
+>5 lequad !0xffffffffffffffff non-streamed, size %lld
+
+# Type: LZMA
+0 lelong&0xffffff =0x5d
+>12 leshort 0xff
+>>0 use lzma
+>12 leshort 0
+>>0 use lzma
+
+# http://tukaani.org/xz/xz-file-format.txt
+0 ustring \xFD7zXZ\x00 XZ compressed data, checksum
+!:strength * 2
+!:mime application/x-xz
+!:ext xz
+>7 byte&0xf 0x0 NONE
+>7 byte&0xf 0x1 CRC32
+>7 byte&0xf 0x4 CRC64
+>7 byte&0xf 0xa SHA-256
+
+# https://github.com/ckolivas/lrzip/blob/master/doc/magic.header.txt
+0 string LRZI LRZIP compressed data
+!:mime application/x-lrzip
+>4 byte x - version %d
+>5 byte x \b.%d
+>22 byte 1 \b, encrypted
+
+# https://fastcompression.blogspot.fi/2013/04/lz4-streaming-format-final.html
+0 lelong 0x184d2204 LZ4 compressed data (v1.4+)
+!:mime application/x-lz4
+!:ext lz4
+# Added by osm0sis@xda-developers.com
+0 lelong 0x184c2103 LZ4 compressed data (v1.0-v1.3)
+!:mime application/x-lz4
+0 lelong 0x184c2102 LZ4 compressed data (v0.1-v0.9)
+!:mime application/x-lz4
+
+# Zstandard/LZ4 skippable frames
+# https://github.com/facebook/zstd/blob/dev/zstd_compression_format.md
+0 lelong&0xFFFFFFF0 0x184D2A50
+>(4.l+8) indirect x
+
+# Zstandard Dictionary ID subroutine
+0 name zstd-dictionary-id
+# Single Segment = True
+>0 byte &0x20 \b, Dictionary ID:
+>>0 byte&0x03 0 None
+>>0 byte&0x03 1
+>>>1 byte x %u
+>>0 byte&0x03 2
+>>>1 leshort x %u
+>>0 byte&0x03 3
+>>>1 lelong x %u
+# Single Segment = False
+>0 byte ^0x20 \b, Dictionary ID:
+>>0 byte&0x03 0 None
+>>0 byte&0x03 1
+>>>2 byte x %u
+>>0 byte&0x03 2
+>>>2 leshort x %u
+>>0 byte&0x03 3
+>>>2 lelong x %u
+
+# Zstandard compressed data
+# https://github.com/facebook/zstd/blob/dev/zstd_compression_format.md
+0 lelong 0xFD2FB522 Zstandard compressed data (v0.2)
+!:mime application/zstd
+!:ext zst
+0 lelong 0xFD2FB523 Zstandard compressed data (v0.3)
+!:mime application/zstd
+!:ext zst
+0 lelong 0xFD2FB524 Zstandard compressed data (v0.4)
+!:mime application/zstd
+!:ext zst
+0 lelong 0xFD2FB525 Zstandard compressed data (v0.5)
+!:mime application/zstd
+!:ext zst
+0 lelong 0xFD2FB526 Zstandard compressed data (v0.6)
+!:mime application/zstd
+!:ext zst
+0 lelong 0xFD2FB527 Zstandard compressed data (v0.7)
+!:mime application/zstd
+!:ext zst
+>4 use zstd-dictionary-id
+0 lelong 0xFD2FB528 Zstandard compressed data (v0.8+)
+!:mime application/zstd
+!:ext zst
+>4 use zstd-dictionary-id
+
+# https://github.com/facebook/zstd/blob/dev/zstd_compression_format.md
+0 lelong 0xEC30A437 Zstandard dictionary
+!:mime application/x-std-dictionary
+>4 lelong x (ID %u)
+
+# AFX compressed files (Wolfram Kleff)
+2 string -afx- AFX compressed file data
+
+# Supplementary magic data for the file(1) command to support
+# rzip(1). The format is described in magic(5).
+#
+# Copyright (C) 2003 by Andrew Tridgell. You may do whatever you want with
+# this file.
+#
+0 string RZIP rzip compressed data
+>4 byte x - version %d
+>5 byte x \b.%d
+>6 belong x (%d bytes)
+
+0 string ArC\x01 FreeArc archive <http://freearc.org>
+
+# Type: DACT compressed files
+0 long 0x444354C3 DACT compressed data
+>4 byte >-1 (version %i.
+>5 byte >-1 %i.
+>6 byte >-1 %i)
+>7 long >0 , original size: %i bytes
+>15 long >30 , block size: %i bytes
+
+# Valve Pack (VPK) files
+0 lelong 0x55aa1234 Valve Pak file
+>0x4 lelong x \b, version %u
+>0x8 lelong x \b, %u entries
+
+# Snappy framing format
+# https://code.google.com/p/snappy/source/browse/trunk/framing_format.txt
+0 string \377\006\0\0sNaPpY snappy framed data
+!:mime application/x-snappy-framed
+
+# qpress, https://www.quicklz.com/
+0 string qpress10 qpress compressed data
+!:mime application/x-qpress
+
+# Zlib https://www.ietf.org/rfc/rfc6713.txt
+0 string/b x
+>0 beshort%31 =0
+>>0 byte&0xf =8
+>>>0 byte&0x80 =0 zlib compressed data
+!:mime application/zlib
+
+# BWC compression
+0 string BWC
+>3 byte 0 BWC compressed data
+
+# UCL compression
+0 bequad 0x00e955434cff011a UCL compressed data
+
+# Softlib archive
+0 string SLIB Softlib archive
+>4 leshort x \b, version %d
+>6 leshort x (contains %d files)
+
+# URL: https://github.com/lzfse/lzfse/blob/master/src/lzfse_internal.h#L276
+# From: Eric Hall <eric.hall@darkart.com>
+0 string bvx- lzfse encoded, no compression
+0 string bvx1 lzfse compressed, uncompressed tables
+0 string bvx2 lzfse compressed, compressed tables
+0 string bvxn lzfse encoded, lzvn compressed
+
+# pcxLib.exe compression program
+# http://www.shikadi.net/moddingwiki/PCX_Library
+0 string/b pcxLib
+>0x0A string/b Copyright\020(c)\020Genus\020Microprogramming,\020Inc. pcxLib compressed
+
+# https://support-docs.illumina.com/SW/ORA_Format_Specification/Content/SW/ORA/ORAFormatSpecification.htm
+0 uleshort 0x7c49
+>2 lelong 0x80 ORA FASTQ compressed file
+>>6 ulelong x \b, DNA size %u
+>>10 ulelong x \b, read names size %u
+>>14 ulelong x \b, quality buffer 1 size %u
+>>18 ulelong x \b, quality buffer 2 size %u
+>>22 ulelong x \b, sequence buffer size %u
+>>26 ulelong x \b, N-position buffer size %u
+>>30 ulelong x \b, crypto buffer size %u
+>>34 ulelong x \b, misc buffer 1 size %u
+>>38 ulelong x \b, misc buffer 2 size %u
+>>42 ulelong x \b, flags %#x
+>>46 lelong x \b, read size %d
+>>50 lelong x \b, number of reads %d
+>>54 leshort x \b, version %d
+
+# https://github.com/kspalaiologos/bzip3/blob/master/doc/file_format.md
+0 string/b BZ3v1 bzip3 compressed data
+>5 ulelong x \b, blocksize %u
+
+
+# https://support-docs.illumina.com/SW/ORA_Format_Specification/Content/\
+# SW/ORA/ORAFormatSpecification.htm
+# From Guillaume Rizk
+0 short =0x7C49 DRAGEN ORA file,
+>-261 short =0x7C49 with metadata:
+>-125 u8 x NB reads: %llu,
+>-109 u8 x NB bases: %llu.
+>-219 u4&0x02 2 File contains interleaved paired reads
diff --git a/magic/Magdir/console b/magic/Magdir/console
new file mode 100644
index 0000000..0ed53fe
--- /dev/null
+++ b/magic/Magdir/console
@@ -0,0 +1,1226 @@
+
+#------------------------------------------------------------------------------
+# $File: console,v 1.72 2023/06/16 19:24:06 christos Exp $
+# Console game magic
+# Toby Deshane <hac@shoelace.digivill.net>
+
+# ines: file(1) magic for Marat's iNES Nintendo Entertainment System ROM dump format
+# Updated by David Korth <gerbilsoft@gerbilsoft.com>
+# References:
+# - https://wiki.nesdev.com/w/index.php/INES
+# - https://wiki.nesdev.com/w/index.php/NES_2.0
+
+# Common header for iNES, NES 2.0, and Wii U iNES.
+0 name nes-rom-image-ines
+>7 byte&0x0C =0x8 (NES 2.0)
+>4 byte x \b: %ux16k PRG
+>5 byte x \b, %ux8k CHR
+>6 byte&0x08 =0x8 [4-Scr]
+>6 byte&0x09 =0x0 [H-mirror]
+>6 byte&0x09 =0x1 [V-mirror]
+>6 byte&0x02 =0x2 [SRAM]
+>6 byte&0x04 =0x4 [Trainer]
+>7 byte&0x03 =0x2 [PC10]
+>7 byte&0x03 =0x1 [VS]
+>>7 byte&0x0C =0x8
+# NES 2.0: VS PPU
+>>>13 byte&0x0F =0x0 \b, RP2C03B
+>>>13 byte&0x0F =0x1 \b, RP2C03G
+>>>13 byte&0x0F =0x2 \b, RP2C04-0001
+>>>13 byte&0x0F =0x3 \b, RP2C04-0002
+>>>13 byte&0x0F =0x4 \b, RP2C04-0003
+>>>13 byte&0x0F =0x5 \b, RP2C04-0004
+>>>13 byte&0x0F =0x6 \b, RP2C03B
+>>>13 byte&0x0F =0x7 \b, RP2C03C
+>>>13 byte&0x0F =0x8 \b, RP2C05-01
+>>>13 byte&0x0F =0x9 \b, RP2C05-02
+>>>13 byte&0x0F =0xA \b, RP2C05-03
+>>>13 byte&0x0F =0xB \b, RP2C05-04
+>>>13 byte&0x0F =0xC \b, RP2C05-05
+# TODO: VS protection hardware?
+>>7 byte x \b]
+# NES 2.0-specific flags.
+>7 byte&0x0C =0x8
+>>12 byte&0x03 =0x0 [NTSC]
+>>12 byte&0x03 =0x1 [PAL]
+>>12 byte&0x02 =0x2 [NTSC+PAL]
+
+# Standard iNES ROM header.
+0 string NES\x1A NES ROM image (iNES)
+!:mime application/x-nes-rom
+>0 use nes-rom-image-ines
+
+# Wii U Virtual Console iNES ROM header.
+0 belong 0x4E455300 NES ROM image (Wii U Virtual Console)
+!:mime application/x-nes-rom
+>0 use nes-rom-image-ines
+
+#------------------------------------------------------------------------------
+# unif: file(1) magic for UNIF-format Nintendo Entertainment System ROM images
+# Reference: https://wiki.nesdev.com/w/index.php/UNIF
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+#
+# NOTE: The UNIF format uses chunks instead of a fixed header,
+# so most of the data isn't easily parseable.
+#
+0 string UNIF
+>4 lelong <16 NES ROM image (UNIF v%d format)
+!:mime application/x-nes-rom
+
+#------------------------------------------------------------------------------
+# fds: file(1) magic for Famicom Disk System disk images
+# Reference: https://wiki.nesdev.com/w/index.php/Family_Computer_Disk_System#.FDS_format
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+# TODO: Check "Disk info block" and get info from that in addition to the optional header.
+
+# Disk info block. (block 1)
+0 name nintendo-fds-disk-info-block
+>23 byte !1 FMC-
+>23 byte 1 FSC-
+>16 string x \b%.3s
+>15 ubyte x \b, mfr %02X
+>20 ubyte x (Rev.%02u)
+
+# Headered version.
+0 string FDS\x1A
+>0x11 string *NINTENDO-HVC* Famicom Disk System disk image:
+!:mime application/x-fds-disk
+>>0x10 use nintendo-fds-disk-info-block
+>4 byte 1 (%u side)
+>4 byte !1 (%u sides)
+
+# Unheadered version.
+1 string *NINTENDO-HVC* Famicom Disk System disk image:
+!:mime application/x-fds-disk
+>0 use nintendo-fds-disk-info-block
+
+#------------------------------------------------------------------------------
+# tnes: file(1) magic for TNES-format Nintendo Entertainment System ROM images
+# Used by Nintendo 3DS NES Virtual Console games.
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+#
+0 string TNES NES ROM image (Nintendo 3DS Virtual Console)
+!:mime application/x-nes-rom
+>4 byte 100 \b: FDS,
+>>0x2010 use nintendo-fds-disk-info-block
+>4 byte !100 \b: TNES mapper %u
+>>5 byte x \b, %ux8k PRG
+>>6 byte x \b, %ux8k CHR
+>>7 byte&0x08 =1 [WRAM]
+>>8 byte&0x09 =1 [H-mirror]
+>>8 byte&0x09 =2 [V-mirror]
+>>8 byte&0x02 =3 [VRAM]
+
+#------------------------------------------------------------------------------
+# gameboy: file(1) magic for the Nintendo (Color) Gameboy raw ROM format
+# Reference: http://gbdev.gg8.se/wiki/articles/The_Cartridge_Header
+#
+0x104 bequad 0xCEED6666CC0D000B Game Boy ROM image
+# TODO: application/x-gameboy-color-rom for GBC.
+!:mime application/x-gameboy-rom
+>0x143 byte&0x80 0x80
+>>0x134 string >\0 \b: "%.15s"
+>0x143 byte&0x80 !0x80
+>>0x134 string >\0 \b: "%.16s"
+>0x14c byte x (Rev.%02u)
+
+# Machine type. (SGB, CGB, SGB+CGB)
+# Old licensee code 0x33 is required for SGB, but not CGB.
+>0x14b byte 0x33
+>>0x146 byte 0x03
+>>>0x143 byte&0x80 0x80 [SGB+CGB]
+>>>0x143 byte&0x80 !0x80 [SGB]
+>>0x146 byte !0x03
+>>>0x143 byte&0xC0 0x80 [CGB]
+>>>0x143 byte&0xC0 0xC0 [CGB ONLY]
+>0x14b byte !0x33
+>>0x143 byte&0xC0 0x80 [CGB]
+>>0x143 byte&0xC0 0xC0 [CGB ONLY]
+
+# Mapper.
+>0x147 byte 0x00 [ROM ONLY]
+>0x147 byte 0x01 [MBC1]
+>0x147 byte 0x02 [MBC1+RAM]
+>0x147 byte 0x03 [MBC1+RAM+BATT]
+>0x147 byte 0x05 [MBC2]
+>0x147 byte 0x06 [MBC2+BATTERY]
+>0x147 byte 0x08 [ROM+RAM]
+>0x147 byte 0x09 [ROM+RAM+BATTERY]
+>0x147 byte 0x0B [MMM01]
+>0x147 byte 0x0C [MMM01+SRAM]
+>0x147 byte 0x0D [MMM01+SRAM+BATT]
+>0x147 byte 0x0F [MBC3+TIMER+BATT]
+>0x147 byte 0x10 [MBC3+TIMER+RAM+BATT]
+>0x147 byte 0x11 [MBC3]
+>0x147 byte 0x12 [MBC3+RAM]
+>0x147 byte 0x13 [MBC3+RAM+BATT]
+>0x147 byte 0x19 [MBC5]
+>0x147 byte 0x1A [MBC5+RAM]
+>0x147 byte 0x1B [MBC5+RAM+BATT]
+>0x147 byte 0x1C [MBC5+RUMBLE]
+>0x147 byte 0x1D [MBC5+RUMBLE+SRAM]
+>0x147 byte 0x1E [MBC5+RUMBLE+SRAM+BATT]
+>0x147 byte 0xFC [Pocket Camera]
+>0x147 byte 0xFD [Bandai TAMA5]
+>0x147 byte 0xFE [Hudson HuC-3]
+>0x147 byte 0xFF [Hudson HuC-1]
+
+# ROM size.
+>0x148 byte 0 \b, ROM: 256Kbit
+>0x148 byte 1 \b, ROM: 512Kbit
+>0x148 byte 2 \b, ROM: 1Mbit
+>0x148 byte 3 \b, ROM: 2Mbit
+>0x148 byte 4 \b, ROM: 4Mbit
+>0x148 byte 5 \b, ROM: 8Mbit
+>0x148 byte 6 \b, ROM: 16Mbit
+>0x148 byte 7 \b, ROM: 32Mbit
+>0x148 byte 0x52 \b, ROM: 9Mbit
+>0x148 byte 0x53 \b, ROM: 10Mbit
+>0x148 byte 0x54 \b, ROM: 12Mbit
+
+# RAM size.
+>0x149 byte 1 \b, RAM: 16Kbit
+>0x149 byte 2 \b, RAM: 64Kbit
+>0x149 byte 3 \b, RAM: 256Kbit
+>0x149 byte 4 \b, RAM: 1Mbit
+>0x149 byte 5 \b, RAM: 512Kbit
+
+#------------------------------------------------------------------------------
+# genesis: file(1) magic for various Sega Mega Drive / Genesis ROM image and disc formats
+# Updated by David Korth <gerbilsoft@gerbilsoft.com>
+# References:
+# - https://www.retrodev.com/segacd.html
+# - http://devster.monkeeh.com/sega/32xguide1.txt
+#
+
+# Common Sega Mega Drive header format.
+# FIXME: Name fields are 48 bytes, but have spaces for padding instead of 00s.
+0 name sega-mega-drive-header
+# ROM title. (Use domestic if present; if not, use international.)
+>0x120 byte >0x20
+>>0x120 string >\0 \b: "%.16s"
+>0x120 byte <0x21
+>>0x150 string >\0 \b: "%.16s"
+# Other information.
+>0x180 string >\0 (%.14s
+>>0x110 string >\0 \b, %.16s
+>0x180 byte 0
+>>0x110 string >\0 (%.16s
+>0 byte x \b)
+
+# TODO: Check for 32X CD?
+# Sega Mega CD disc images: 2048-byte sectors.
+0 string SEGADISCSYSTEM\ \ Sega Mega CD disc image
+!:mime application/x-sega-cd-rom
+>0 use sega-mega-drive-header
+>0 byte x \b, 2048-byte sectors
+0 string SEGABOOTDISC\ \ \ \ Sega Mega CD disc image
+!:mime application/x-sega-cd-rom
+>0 use sega-mega-drive-header
+>0 byte x \b, 2048-byte sectors
+# Sega Mega CD disc images: 2352-byte sectors.
+0x10 string SEGADISCSYSTEM\ \ Sega Mega CD disc image
+!:mime application/x-sega-cd-rom
+>0x10 use sega-mega-drive-header
+>0 byte x \b, 2352-byte sectors
+0x10 string SEGABOOTDISC\ \ \ \ Sega Mega CD disc image
+!:mime application/x-sega-cd-rom
+>0x10 use sega-mega-drive-header
+>0 byte x \b, 2352-byte sectors
+
+# Sega Mega Drive: Identify the system ID.
+0x100 string SEGA
+>0x3C0 string MARS\ CHECK\ MODE Sega 32X ROM image
+!:mime application/x-genesis-32x-rom
+>>0 use sega-mega-drive-header
+>0x104 string \ PICO Sega Pico ROM image
+!:mime application/x-sega-pico-rom
+>>0 use sega-mega-drive-header
+>0x104 string TOYS\ PICO Sega Pico ROM image
+!:mime application/x-sega-pico-rom
+>>0 use sega-mega-drive-header
+>0x104 string \ TOYS\ PICO Sega Pico ROM image
+!:mime application/x-sega-pico-rom
+>>0 use sega-mega-drive-header
+>0x104 string \ IAC Sega Pico ROM image
+!:mime application/x-sega-pico-rom
+>>0 use sega-mega-drive-header
+>0x104 string \ TERA68K Sega Teradrive (68K) ROM image
+!:mime application/x-sega-teradrive-rom
+>>0 use sega-mega-drive-header
+>0x104 string \ TERA286 Sega Teradrive (286) ROM image
+!:mime application/x-sega-teradrive-rom
+>>0 use sega-mega-drive-header
+>0x180 string BR Sega Mega CD Boot ROM image
+!:mime application/x-genesis-rom
+>>0 use sega-mega-drive-header
+>0x104 default x Sega Mega Drive / Genesis ROM image
+!:mime application/x-genesis-rom
+>>0 use sega-mega-drive-header
+
+# Sega Mega Drive: Some ROMs have "SEGA" at 0x101, not 0x100.
+0x100 string \ SEGA Sega Mega Drive / Genesis ROM image
+>0 use sega-mega-drive-header
+
+# Sega Pico ROMs that don't start with "SEGA".
+0x100 string SAMSUNG\ PICO Samsung Pico ROM image
+!:mime application/x-sega-pico-rom
+>0 use sega-mega-drive-header
+0x100 string IMA\ IKUNOUJYUKU Samsung Pico ROM image
+!:mime application/x-sega-pico-rom
+>0 use sega-mega-drive-header
+0x100 string IMA IKUNOJYUKU Samsung Pico ROM image
+!:mime application/x-sega-pico-rom
+>0 use sega-mega-drive-header
+
+# Sega Picture Magic (modified 32X)
+0x100 string Picture\ Magic
+>0x3C0 string PICTURE MAGIC-01 Sega 32X ROM image
+!:mime application/x-genesis-32x-rom
+>>0 use sega-mega-drive-header
+
+#------------------------------------------------------------------------------
+# genesis: file(1) magic for the Super MegaDrive ROM dump format
+#
+
+# NOTE: Due to interleaving, we can't display anything
+# other than the copier header information.
+0 name sega-genesis-smd-header
+>0 byte x %dx16k blocks
+>2 byte 0 \b, last in series or standalone
+>2 byte >0 \b, split ROM
+
+# "Sega Genesis" header.
+0x280 string EAGN
+>8 beshort 0xAABB Sega Mega Drive / Genesis ROM image (SMD format):
+!:mime application/x-genesis-rom
+>>0 use sega-genesis-smd-header
+
+# "Sega Mega Drive" header.
+0x280 string EAMG
+>8 beshort 0xAABB Sega Mega Drive / Genesis ROM image (SMD format):
+!:mime application/x-genesis-rom
+>>0 use sega-genesis-smd-header
+
+#------------------------------------------------------------------------------
+# smsgg: file(1) magic for Sega Master System and Game Gear ROM images
+# Detects all Game Gear and export Sega Master System ROM images,
+# and some Japanese Sega Master System ROM images.
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+# Reference: https://www.smspower.org/Development/ROMHeader
+#
+
+# General SMS header rule.
+# The SMS boot ROM checks the header at three locations.
+0 name sega-master-system-rom-header
+# Machine type.
+>0x0F byte&0xF0 0x30 Sega Master System
+!:mime application/x-sms-rom
+>0x0F byte&0xF0 0x40 Sega Master System
+!:mime application/x-sms-rom
+>0x0F byte&0xF0 0x50 Sega Game Gear
+!:mime application/x-gamegear-rom
+>0x0F byte&0xF0 0x60 Sega Game Gear
+!:mime application/x-gamegear-rom
+>0x0F byte&0xF0 0x70 Sega Game Gear
+!:mime application/x-gamegear-rom
+>0x0F default x Sega Master System / Game Gear
+!:mime application/x-sms-rom
+>0 byte x ROM image:
+# Product code.
+>0x0E byte&0xF0 0x10 1
+>0x0E byte&0xF0 0x20 2
+>0x0E byte&0xF0 0x30 3
+>0x0E byte&0xF0 0x40 4
+>0x0E byte&0xF0 0x50 5
+>0x0E byte&0xF0 0x60 6
+>0x0E byte&0xF0 0x70 7
+>0x0E byte&0xF0 0x80 8
+>0x0E byte&0xF0 0x90 9
+>0x0E byte&0xF0 0xA0 10
+>0x0E byte&0xF0 0xB0 11
+>0x0E byte&0xF0 0xC0 12
+>0x0E byte&0xF0 0xD0 13
+>0x0E byte&0xF0 0xE0 14
+>0x0E byte&0xF0 0xF0 15
+# If the product code is 5 digits, we'll need to backspace here.
+>0x0E byte&0xF0 !0
+>>0x0C leshort x \b%04x
+>0x0E byte&0xF0 0
+>>0x0C leshort x %04x
+# Revision.
+>0x0E byte&0x0F x (Rev.%02d)
+# ROM size. (Used for the boot ROM checksum routine.)
+>0x0F byte&0x0F 0x0A (8 KB)
+>0x0F byte&0x0F 0x0B (16 KB)
+>0x0F byte&0x0F 0x0C (32 KB)
+>0x0F byte&0x0F 0x0D (48 KB)
+>0x0F byte&0x0F 0x0E (64 KB)
+>0x0F byte&0x0F 0x0F (128 KB)
+>0x0F byte&0x0F 0x00 (256 KB)
+>0x0F byte&0x0F 0x01 (512 KB)
+>0x0F byte&0x0F 0x02 (1 MB)
+
+# SMS/GG header locations.
+0x7FF0 string TMR\ SEGA
+>0x7FF0 use sega-master-system-rom-header
+0x3FF0 string TMR\ SEGA
+>0x3FF0 use sega-master-system-rom-header
+0x1FF0 string TMR\ SEGA
+>0x1FF0 use sega-master-system-rom-header
+
+#------------------------------------------------------------------------------
+# saturn: file(1) magic for the Sega Saturn disc image format.
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+#
+
+# Common Sega Saturn disc header format.
+# NOTE: Title is 112 bytes, but we're only showing 32 due to space padding.
+# TODO: Release date, device information, region code, others?
+0 name sega-saturn-disc-header
+>0x60 string >\0 \b: "%.32s"
+>0x20 string >\0 (%.10s
+>>0x2A string >\0 \b, %.6s)
+>>0x2A byte 0 \b)
+
+# 2048-byte sector version.
+0 string SEGA\ SEGASATURN\ Sega Saturn disc image
+!:mime application/x-saturn-rom
+>0 use sega-saturn-disc-header
+>0 byte x (2048-byte sectors)
+# 2352-byte sector version.
+0x10 string SEGA\ SEGASATURN\ Sega Saturn disc image
+!:mime application/x-saturn-rom
+>0x10 use sega-saturn-disc-header
+>0 byte x (2352-byte sectors)
+
+#------------------------------------------------------------------------------
+# dreamcast: file(1) magic for the Sega Dreamcast disc image format.
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+# Reference: https://mc.pp.se/dc/ip0000.bin.html
+#
+
+# Common Sega Dreamcast disc header format.
+# NOTE: Title is 128 bytes, but we're only showing 32 due to space padding.
+# TODO: Release date, device information, region code, others?
+0 name sega-dreamcast-disc-header
+>0x80 string >\0 \b: "%.32s"
+>0x40 string >\0 (%.10s
+>>0x4A string >\0 \b, %.6s)
+>>0x4A byte 0 \b)
+
+# 2048-byte sector version.
+0 string SEGA\ SEGAKATANA\ Sega Dreamcast disc image
+!:mime application/x-dc-rom
+>0 use sega-dreamcast-disc-header
+>0 byte x (2048-byte sectors)
+# 2352-byte sector version.
+0x10 string SEGA\ SEGAKATANA\ Sega Dreamcast disc image
+!:mime application/x-dc-rom
+>0x10 use sega-dreamcast-disc-header
+>0 byte x (2352-byte sectors)
+
+#------------------------------------------------------------------------------
+# dreamcast: file(1) uncertain magic for the Sega Dreamcast VMU image format
+#
+0 belong 0x21068028 Sega Dreamcast VMU game image
+0 string LCDi Dream Animator file
+
+#------------------------------------------------------------------------------
+# z64: file(1) magic for the Z64 format N64 ROM dumps
+# Reference: http://forum.pj64-emu.com/showthread.php?t=2239
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+#
+0 bequad 0x803712400000000F Nintendo 64 ROM image
+!:mime application/x-n64-rom
+>0x20 string >\0 \b: "%.20s"
+>0x3B string x (%.4s
+>0x3F byte x \b, Rev.%02u)
+
+#------------------------------------------------------------------------------
+# v64: file(1) magic for the V64 format N64 ROM dumps
+# Same as z64 format, but with 16-bit byteswapping.
+#
+0 bequad 0x3780401200000F00 Nintendo 64 ROM image (V64)
+!:mime application/x-n64-rom
+
+#------------------------------------------------------------------------------
+# n64-swap2: file(1) magic for the swap2 format N64 ROM dumps
+# Same as z64 format, but with swapped 16-bit words.
+#
+0 bequad 0x12408037000F0000 Nintendo 64 ROM image (wordswapped)
+!:mime application/x-n64-rom
+
+#------------------------------------------------------------------------------
+# n64-le32: file(1) magic for the 32-bit byteswapped format N64 ROM dumps
+# Same as z64 format, but with 32-bit byteswapping.
+#
+0 bequad 0x401237800F000000 Nintendo 64 ROM image (32-bit byteswapped)
+!:mime application/x-n64-rom
+
+#------------------------------------------------------------------------------
+# gba: file(1) magic for the Nintendo Game Boy Advance raw ROM format
+# Reference: https://problemkaputt.de/gbatek.htm#gbacartridgeheader
+#
+# Original version from: "Nelson A. de Oliveira" <naoliv@gmail.com>
+# Updated version from: David Korth <gerbilsoft@gerbilsoft.com>
+#
+4 bequad 0x24FFAE51699AA221 Game Boy Advance ROM image
+!:mime application/x-gba-rom
+>0xA0 string >\0 \b: "%.12s"
+>0xAC string x (%.6s
+>0xBC byte x \b, Rev.%02u)
+
+#------------------------------------------------------------------------------
+# nds: file(1) magic for the Nintendo DS(i) raw ROM format
+# Reference: https://problemkaputt.de/gbatek.htm#dscartridgeheader
+#
+# Original version from: "Nelson A. de Oliveira" <naoliv@gmail.com>
+# Updated version from: David Korth <gerbilsoft@gerbilsoft.com>
+#
+0xC0 bequad 0x24FFAE51699AA221 Nintendo DS ROM image
+!:mime application/x-nintendo-ds-rom
+>0x00 string >\0 \b: "%.12s"
+>0x0C string x (%.6s
+>0x1E byte x \b, Rev.%02u)
+>0x12 byte 2 (DSi enhanced)
+>0x12 byte 3 (DSi only)
+# Secure Area check.
+>0x20 lelong <0x4000 (homebrew)
+>0x20 lelong >0x3FFF
+>>0x4000 lequad 0x0000000000000000 (multiboot)
+>>0x4000 lequad !0x0000000000000000
+>>>0x4000 lequad 0xE7FFDEFFE7FFDEFF (decrypted)
+>>>0x4000 lequad !0xE7FFDEFFE7FFDEFF
+>>>>0x1000 lequad 0x0000000000000000 (encrypted)
+>>>>0x1000 lequad !0x0000000000000000 (mask ROM)
+
+#------------------------------------------------------------------------------
+# nds_passme: file(1) magic for Nintendo DS ROM images for GBA cartridge boot.
+# This is also used for loading .nds files using the MSET exploit on 3DS.
+# Reference: https://github.com/devkitPro/ndstool/blob/master/source/ndscreate.cpp
+0xC0 bequad 0xC8604FE201708FE2 Nintendo DS Slot-2 ROM image (PassMe)
+!:mime application/x-nintendo-ds-rom
+
+#------------------------------------------------------------------------------
+# ngp: file(1) magic for the Neo Geo Pocket (Color) raw ROM format.
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+# References:
+# - https://neogpc.googlecode.com/svn-history/r10/trunk/src/core/neogpc.cpp
+# - https://www.devrs.com/ngp/files/ngpctech.txt
+#
+0x0A string BY\ SNK\ CORPORATION Neo Geo Pocket
+!:mime application/x-neo-geo-pocket-rom
+>0x23 byte 0x10 Color
+>0 byte x ROM image
+>0x24 string >\0 \b: "%.12s"
+>0x21 uleshort x \b, NEOP%04X
+>0x1F ubyte 0xFF (debug mode enabled)
+
+#------------------------------------------------------------------------------
+# msx: file(1) magic for MSX game cartridge dumps
+# Too simple - MPi
+#0 beshort 0x4142 MSX game cartridge dump
+
+#------------------------------------------------------------------------------
+# Sony Playstation executables (Adam Sjoegren <asjo@diku.dk>) :
+0 string PS-X\ EXE Sony Playstation executable
+>16 lelong x PC=%#08x,
+>20 lelong !0 GP=%#08x,
+>24 lelong !0 .text=[%#08x,
+>>28 lelong x \b%#x],
+>32 lelong !0 .data=[%#08x,
+>>36 lelong x \b%#x],
+>40 lelong !0 .bss=[%#08x,
+>>44 lelong x \b%#x],
+>48 lelong !0 Stack=%#08x,
+>48 lelong =0 No Stack!,
+>52 lelong !0 StackSize=%#x,
+#>76 string >\0 (%s)
+# Area:
+>113 string x (%s)
+
+# CPE executables
+0 string CPE CPE executable
+>3 byte x (version %d)
+
+# Sony PlayStation archive (PSARC)
+# From: Alexandre Iooss <erdnaxe@crans.org>
+# URL: https://www.psdevwiki.com/ps3/PlayStation_archive_(PSARC)
+0 string PSAR Sony PlayStation Archive
+!:ext psarc
+>4 ubeshort x \b, version %d.
+>6 ubeshort x \b%d
+>8 string zlib \b, zlib compression
+>8 string lzma \b, LZMA compression
+>28 ubeshort&2 0 \b, relative paths
+>28 ubeshort&2 2 \b, absolute paths
+>28 ubeshort&1 1 \b, ignore case
+
+#------------------------------------------------------------------------------
+# Microsoft Xbox executables .xbe (Esa Hyytia <ehyytia@cc.hut.fi>)
+0 string XBEH Microsoft Xbox executable
+!:mime audio/x-xbox-executable
+!:ext xbe
+# expect base address of 0x10000
+>0x0104 ulelong =0x10000
+>>(0x0118.l-0x0FFF4) lestring16 x \b: "%.40s"
+>>(0x0118.l-0x0FFF5) byte x (%c
+>>(0x0118.l-0x0FFF6) byte x \b%c-
+>>(0x0118.l-0x0FFF8) uleshort x \b%03u)
+>>(0x0118.l-0x0FF60) ulelong&0x80000007 0x80000007 \b, all regions
+>>(0x0118.l-0x0FF60) ulelong&0x80000007 !0x80000007
+>>>(0x0118.l-0x0FF60) ulelong >0 (regions:
+>>>>(0x0118.l-0x0FF60) ulelong &0x00000001 NA
+>>>>(0x0118.l-0x0FF60) ulelong &0x00000002 Japan
+>>>>(0x0118.l-0x0FF60) ulelong &0x00000004 Rest_of_World
+>>>>(0x0118.l-0x0FF60) ulelong &0x80000000 Manufacturer
+>>>(0x0118.l-0x0FF60) ulelong >0 \b)
+# probabilistic checks whether signed or not
+>0x0004 ulelong =0x0
+>>&2 ulelong =0x0
+>>>&2 ulelong =0x0 \b, not signed
+>0x0004 ulelong >0
+>>&2 ulelong >0
+>>>&2 ulelong >0 \b, signed
+
+# --------------------------------
+# Microsoft Xbox data file formats
+0 string XIP0 XIP, Microsoft Xbox data
+0 string XTF0 XTF, Microsoft Xbox data
+
+#------------------------------------------------------------------------------
+# Microsoft Xbox 360 executables (.xex)
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+# References:
+# - https://free60project.github.io/wiki/XEX.html
+# - https://github.com/xenia-project/xenia/blob/HEAD/src/xenia/kernel/util/xex2_info.h
+
+# Title ID (part of Execution ID section)
+0 name xbox-360-xex-execution-id
+>(0.L+0xC) byte x (%c
+>(0.L+0xD) byte x \b%c
+>(0.L+0xE) beshort x \b-%04u, media ID:
+>(0.L) belong x %08X)
+
+# Region code (part of Security Info)
+0 name xbox-360-xex-region-code
+>0 ubelong 0xFFFFFFFF \b, all regions
+>0 ubelong !0xFFFFFFFF
+>>0 ubelong >0 (regions:
+>>0 ubelong&0x000000FF 0x000000FF USA
+>>0 ubelong&0x00000100 0x00000100 Japan
+>>0 ubelong&0x00000200 0x00000200 China
+>>0 ubelong&0x0000FC00 0x0000FC00 Asia
+>>0 ubelong&0x00FF0000 0x00FF0000 PAL
+>>0 ubelong&0x00FF0000 0x00FE0000 PAL [except AU/NZ]
+>>0 ubelong&0x00FF0000 0x00010000 AU/NZ
+>>0 ubelong&0xFF000000 0xFF000000 Other
+>>0 ubelong >0 \b)
+
+0 string XEX2 Microsoft Xbox 360 executable
+!:mime audio/x-xbox360-executable
+!:ext xex
+>0x18 search/0x100 \x00\x04\x00\x06
+>>&0 use xbox-360-xex-execution-id
+>(0x010.L+0x178) use xbox-360-xex-region-code
+
+0 string XEX1 Microsoft Xbox 360 executable (XEX1)
+!:mime audio/x-xbox360-executable
+!:ext xex
+>0x18 search/0x100 \x00\x04\x00\x06
+>>&0 use xbox-360-xex-execution-id
+>(0x010.L+0x154) use xbox-360-xex-region-code
+
+#------------------------------------------------------------------------------
+# Microsoft Xbox 360 packages
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+# References:
+# - https://free60project.github.io/wiki/STFS.html
+# - https://github.com/xenia-project/xenia/blob/HEAD/src/xenia/kernel/util/xex2_info.h
+
+# TODO: More information for console-signed packages.
+
+0 name xbox-360-package
+>0x360 byte x (%c
+>0x361 byte x \b%c
+>0x362 beshort x \b-%04u, media ID:
+>0x354 belong x %08X)
+>0x344 belong x \b, content type:
+>>0x344 belong 0x1 Saved Game
+>>0x344 belong 0x2 Marketplace Content
+>>0x344 belong 0x3 Publisher
+>>0x344 belong 0x1000 Xbox 360 Title
+>>0x344 belong 0x2000 IPTV Pause Buffer
+>>0x344 belong 0x4000 Installed Game
+>>0x344 belong 0x5000 Original Xbox Game
+>>0x344 belong 0x9000 Avatar Item
+>>0x344 belong 0x10000 Profile
+>>0x344 belong 0x20000 Gamer Picture
+>>0x344 belong 0x30000 Theme
+>>0x344 belong 0x40000 Cache File
+>>0x344 belong 0x50000 Storage Download
+>>0x344 belong 0x60000 Xbox Saved Game
+>>0x344 belong 0x70000 Xbox Download
+>>0x344 belong 0x80000 Game Demo
+>>0x344 belong 0x90000 Video
+>>0x344 belong 0xA0000 Game
+>>0x344 belong 0xB0000 Installer
+>>0x344 belong 0xC0000 Game Trailer
+>>0x344 belong 0xD0000 Arcade Title
+>>0x344 belong 0xE0000 XNA
+>>0x344 belong 0xF0000 License Store
+>>0x344 belong 0x100000 Movie
+>>0x344 belong 0x200000 TV
+>>0x344 belong 0x300000 Music Video
+>>0x344 belong 0x400000 Game Video
+>>0x344 belong 0x500000 Podcast Video
+>>0x344 belong 0x600000 Viral Video
+>>0x344 belong 0x2000000 Community Game
+
+0 string CON\x20 Microsoft Xbox 360 package (console-signed)
+>0 use xbox-360-package
+0 string PIRS
+>0 belong 0 Microsoft Xbox 360 package (non-Xbox Live)
+>>0 use xbox-360-package
+0 string LIVE
+>0x104 belong 0 Microsoft Xbox 360 package (Xbox Live)
+>>0 use xbox-360-package
+
+# Atari Lynx cartridge dump (EXE/BLL header)
+# From: "Stefan A. Haubenthal" <polluks@sdf.lonestar.org>
+# Reference:
+# https://raw.githubusercontent.com/cc65/cc65/master/libsrc/lynx/exehdr.s
+# Double-check that the image type matches too, 0x8008 conflicts with
+# 8 character OMF-86 object file headers.
+0 beshort 0x8008
+>6 string BS93 Lynx homebrew cartridge
+!:mime application/x-atari-lynx-rom
+>>2 beshort x \b, RAM start $%04x
+# Update: Joerg Jenderek
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/l/lnx.trid.xml
+# Note: called "Atari Lynx ROM" by TrID
+0 string LYNX Lynx cartridge
+!:mime application/x-atari-lynx-rom
+!:ext lnx
+# bank 0 page size like: 128 256 512
+>4 leshort/4 >0 \b, bank 0 %dk
+>6 leshort/4 >0 \b, bank 1 %dk
+# 32 bytes cart name like: "jconnort.lyx" "viking~1.lyx" "Eye of the Beholder" "C:\EMU\LYNX\ROMS\ULTCHESS.LYX"
+>10 string >\0 \b, "%.32s"
+# 16 bytes manufacturer like: "Atari" "NuFX Inc." "Matthias Domin"
+>42 string >\0 \b, "%.16s"
+# version number
+#>8 leshort !1 \b, version number %u
+# rotation: 1~left Lexis (NA).lnx 2~right Centipede (Prototype).lnx
+>58 ubyte >0 \b, rotation %u
+# spare
+#>59 lelong !0 \b, spare %#x
+
+# Opera file system that is used on the 3DO console
+# From: Serge van den Boom <svdb@stack.nl>
+0 string \x01ZZZZZ\x01 3DO "Opera" file system
+
+# From: Alex Myczko <alex@aiei.ch>
+# From: David Pflug <david@pflug.email>
+# is the offset 12 or the offset 16 correct?
+# GBS (Game Boy Sound) magic
+# ftp://ftp.modland.com/pub/documents/format_documentation/\
+# Gameboy%20Sound%20System%20(.gbs).txt
+0 string GBS Nintendo Gameboy Music/Audio Data
+#12 string GameBoy\ Music\ Module Nintendo Gameboy Music Module
+>16 string >\0 ("%.32s" by
+>48 string >\0 %.32s, copyright
+>80 string >\0 %.32s),
+>3 byte x version %u,
+>4 byte x %u tracks
+
+# IPS Patch Files from: From: Thomas Klausner <tk@giga.or.at>
+# see https://zerosoft.zophar.net/ips.php
+0 string PATCH IPS patch file
+!:ext ips
+
+# BPS Patch Files - from: David Korth <gerbilsoft@gerbilsoft.com>
+# Reference: https://www.romhacking.net/documents/746/
+0 string BPS1 BPS patch file
+!:ext bps
+
+# APS Patch Files - from: David Korth <gerbilsoft@gerbilsoft.com>
+# Reference: https://github.com/btimofeev/UniPatcher/wiki/APS-(N64)
+0 string APS10 APS patch file
+!:ext aps
+>5 byte 0 \b, simple patch
+>5 byte 1 \b, N64-specific patch for
+>>58 byte x N%c
+>>59 byte x \b%c
+>>60 byte x \b%c
+>7 byte !0x20
+# FIXME: /T specifier isn't working with a fixed-length string.
+>>7 string x \b: "%.50s"
+
+# UPS Patch Files - from: David Korth <gerbilsoft@gerbilsoft.com>
+# Reference: http://fileformats.archiveteam.org/wiki/UPS_(binary_patch_format)
+0 string UPS1 UPS patch file
+!:ext ups
+
+# Playstations Patch Files from: From: Thomas Klausner <tk@giga.or.at>
+0 string PPF30 Playstation Patch File version 3.0
+>5 byte 0 \b, PPF 1.0 patch
+>5 byte 1 \b, PPF 2.0 patch
+>5 byte 2 \b, PPF 3.0 patch
+>>56 byte 0 \b, Imagetype BIN (any)
+>>56 byte 1 \b, Imagetype GI (PrimoDVD)
+>>57 byte 0 \b, Blockcheck disabled
+>>57 byte 1 \b, Blockcheck enabled
+>>58 byte 0 \b, Undo data not available
+>>58 byte 1 \b, Undo data available
+>6 string x \b, description: %s
+
+0 string PPF20 Playstation Patch File version 2.0
+>5 byte 0 \b, PPF 1.0 patch
+>5 byte 1 \b, PPF 2.0 patch
+>>56 lelong >0 \b, size of file to patch %d
+>6 string x \b, description: %s
+
+0 string PPF10 Playstation Patch File version 1.0
+>5 byte 0 \b, Simple Encoding
+>6 string x \b, description: %s
+
+# Compressed ISO disc image (used mostly by PSP, PS2 and MegaDrive)
+# From: Alexandre Iooss <erdnaxe@crans.org>
+# URL: https://en.wikipedia.org/wiki/.CSO
+# NOTE: This is NOT the same as Compact ISO or GameCube/Wii disc image,
+# though it has the same magic number.
+0 string CISO
+# Match CISO version 1 with ISO-9660 sector size
+>20 ubyte <2
+>>16 ulelong =2048 CSO v1 disk image
+!:mime application/x-compressed-iso
+!:ext ciso/cso
+>>>8 ulequad x \b, original size %llu bytes
+>>>16 ulelong x \b, datablock size %u bytes
+# Match CISO version 2
+>20 ubyte =2
+>>22 uleshort =0
+>>>4 ulelong =24 CSO v2 disk image
+!:mime application/x-compressed-iso
+!:ext ciso/cso
+>>>>8 ulequad x \b, original size %llu bytes
+>>>>16 ulelong x \b, datablock size %u bytes
+
+# From: Daniel Dawson <ddawson@icehouse.net>
+# SNES9x .smv "movie" file format.
+0 string SMV\x1A SNES9x input recording
+>0x4 lelong x \b, version %d
+# version 4 is latest so far
+>0x4 lelong <5
+>>0x8 ledate x \b, recorded at %s
+>>0xc lelong >0 \b, rerecorded %d times
+>>0x10 lelong x \b, %d frames long
+>>0x14 byte >0 \b, data for controller(s):
+>>>0x14 byte &0x1 #1
+>>>0x14 byte &0x2 #2
+>>>0x14 byte &0x4 #3
+>>>0x14 byte &0x8 #4
+>>>0x14 byte &0x10 #5
+>>0x15 byte ^0x1 \b, begins from snapshot
+>>0x15 byte &0x1 \b, begins from reset
+>>0x15 byte ^0x2 \b, NTSC standard
+>>0x15 byte &0x2 \b, PAL standard
+>>0x17 byte &0x1 \b, settings:
+# WIP1Timing not used as of version 4
+>>>0x4 lelong <4
+>>>>0x17 byte &0x2 WIP1Timing
+>>>0x17 byte &0x4 Left+Right
+>>>0x17 byte &0x8 VolumeEnvX
+>>>0x17 byte &0x10 FakeMute
+>>>0x17 byte &0x20 SyncSound
+# New flag as of version 4
+>>>0x4 lelong >3
+>>>>0x17 byte &0x80 NoCPUShutdown
+>>0x4 lelong <4
+>>>0x18 lelong >0x23
+>>>>0x20 leshort !0
+>>>>>0x20 lestring16 x \b, metadata: "%s"
+>>0x4 lelong >3
+>>>0x24 byte >0 \b, port 1:
+>>>>0x24 byte 1 joypad
+>>>>0x24 byte 2 mouse
+>>>>0x24 byte 3 SuperScope
+>>>>0x24 byte 4 Justifier
+>>>>0x24 byte 5 multitap
+>>>0x24 byte >0 \b, port 2:
+>>>>0x25 byte 1 joypad
+>>>>0x25 byte 2 mouse
+>>>>0x25 byte 3 SuperScope
+>>>>0x25 byte 4 Justifier
+>>>>0x25 byte 5 multitap
+>>>0x18 lelong >0x43
+>>>>0x40 leshort !0
+>>>>>0x40 lestring16 x \b, metadata: "%s"
+>>0x17 byte &0x40 \b, ROM:
+>>>(0x18.l-26) lelong x CRC32 %#08x
+>>>(0x18.l-23) string x "%s"
+
+# Type: scummVM savegame files
+# From: Sven Hartge <debian@ds9.argh.org>
+0 string SCVM ScummVM savegame
+>12 string >\0 "%s"
+
+#------------------------------------------------------------------------------
+# Nintendo GameCube / Wii file formats.
+#
+
+# Type: Nintendo GameCube/Wii common disc header data.
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+# Reference: https://wiibrew.org/wiki/Wii_Disc
+0 name nintendo-gcn-disc-common
+>0x20 string x "%.64s"
+>0x00 string x (%.6s
+>0x06 byte >0
+>>0x06 byte 1 \b, Disc 2
+>>0x06 byte 2 \b, Disc 3
+>>0x06 byte 3 \b, Disc 4
+>0x07 byte x \b, Rev.%02u)
+>0x18 belong 0x5D1C9EA3
+>>0x60 beshort 0x0101 \b (Unencrypted)
+>0x200 string NKIT \b (NKit compressed)
+
+
+# Type: Nintendo GameCube disc image
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+# Reference: https://wiibrew.org/wiki/Wii_Disc
+0x1C belong 0xC2339F3D Nintendo GameCube disc image:
+!:mime application/x-gamecube-rom
+>0 use nintendo-gcn-disc-common
+
+# Type: Nintendo GameCube embedded disc image
+# Commonly found on demo discs.
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+# Reference: http://hitmen.c02.at/files/yagcd/yagcd/index.html#idx14.8
+0 belong 0xAE0F38A2
+>0x0C belong 0x00100000
+>>(8.L+0x1C) belong 0xC2339F3D Nintendo GameCube embedded disc image:
+!:mime application/x-gamecube-rom
+>>>(8.L) use nintendo-gcn-disc-common
+
+# Type: Nintendo Wii disc image
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+# Reference: https://wiibrew.org/wiki/Wii_Disc
+0x18 belong 0x5D1C9EA3 Nintendo Wii disc image:
+>0 use nintendo-gcn-disc-common
+
+# Type: Nintendo Wii disc image (WBFS format)
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+# Reference: https://wiibrew.org/wiki/Wii_Disc
+0 string WBFS
+>0x218 belong 0x5D1C9EA3 Nintendo Wii disc image (WBFS format):
+!:mime application/x-wii-rom
+>>0x200 use nintendo-gcn-disc-common
+
+# Type: Nintendo GameCube/Wii disc image (CISO format)
+# NOTE: This is NOT the same as Compact ISO or PSP CISO,
+# though it has the same magic number.
+0 string CISO
+# Other fields are used to determine what type of CISO this is:
+# - 0x04 == 0x00200000: GameCube/Wii CISO (block_size)
+# - 0x10 == 0x00000800: PSP CISO (ISO-9660 sector size)
+# - None of the above: Compact ISO.
+>4 lelong 0x200000
+>>8 byte 1
+>>>0x801C belong 0xC2339F3D Nintendo GameCube disc image (CISO format):
+!:mime application/x-wii-rom
+>>>>0x8000 use nintendo-gcn-disc-common
+>>>0x8018 belong 0x5D1C9EA3 Nintendo Wii disc image (CISO format):
+!:mime application/x-wii-rom
+>>>>0x8000 use nintendo-gcn-disc-common
+
+# Type: Nintendo GameCube/Wii disc image (GCZ format)
+# Due to zlib compression, we can't get the actual disc information.
+0 lelong 0xB10BC001
+>4 lelong 0 Nintendo GameCube disc image (GCZ format)
+!:mime application/x-gamecube-rom
+>4 lelong 1 Nintendo Wii disc image (GCZ format)
+!:mime application/x-wii-rom
+>4 default x Nintendo GameCube/Wii disc image (GCZ format)
+
+# Type: Nintendo GameCube/Wii disc image (WDF format)
+0 string WII\001DISC
+>8 belong 1
+# WDFv1
+>>0x54 belong 0xC2339F3D Nintendo GameCube disc image (WDFv1 format):
+!:mime application/x-gamecube-rom
+>>>0x38 use nintendo-gcn-disc-common
+>>0x58 belong 0x5D1C9EA3 Nintendo Wii disc image (WDFv1 format):
+!:mime application/x-wii-rom
+>>>0x38 use nintendo-gcn-disc-common
+>8 belong 2
+# WDFv2
+>>(12.L+0x1C) belong 0xC2339F3D Nintendo GameCube disc image (WDFv2 format):
+!:mime application/x-gamecube-rom
+>>>(12.L) use nintendo-gcn-disc-common
+>>(12.L+0x18) belong 0x5D1C9EA3 Nintendo Wii disc image (WDFv2 format):
+!:mime application/x-wii-rom
+>>>(12.L) use nintendo-gcn-disc-common
+
+# Type: Nintendo GameCube/Wii disc image (WIA format)
+0 string WIA\001 Nintendo
+>0x48 belong 1 GameCube
+!:mime application/x-gamecube-rom
+>0x48 belong 2 Wii
+!:mime application/x-wii-rom
+>0x48 default x GameCube/Wii
+>0x48 belong x disc image (WIA format):
+>>0x58 use nintendo-gcn-disc-common
+
+# Type: Nintendo GameCube/Wii disc image (with SDK header)
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+# Reference: https://wiibrew.org/wiki/Wii_Disc
+0 belong 0xFFFF0000
+>0x18 belong 0x00000000
+>>0x1C belong 0x00000000
+>>>0x8018 belong 0x5D1C9EA3 Nintendo Wii SDK disc image:
+!:mime application/x-wii-rom
+>>>>0x8000 use nintendo-gcn-disc-common
+>>>0x801C belong 0xC2339F3D Nintendo GameCube SDK disc image:
+!:mime application/x-gamecube-rom
+>>>>0x8000 use nintendo-gcn-disc-common
+
+# Type: Nintendo GameCube/Wii disc image (RVZ format)
+0 string RVZ\001 Nintendo
+>0x48 belong 1 GameCube
+!:mime application/x-gamecube-rom
+>0x48 belong 2 Wii
+!:mime application/x-wii-rom
+>0x48 default x GameCube/Wii
+>0x48 belong x disc image (RVZ format):
+>>0x58 use nintendo-gcn-disc-common
+
+#------------------------------------------------------------------------------
+# Nintendo 3DS file formats.
+#
+
+# Type: Nintendo 3DS "NCSD" image. (game cards and eMMC)
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+# Reference: https://www.3dbrew.org/wiki/NCSD
+0x100 string NCSD
+>0x118 lequad 0 Nintendo 3DS Game Card image
+# NCCH header for partition 0. (game data)
+>>0x1150 string >\0 \b: "%.16s"
+>>0x312 byte x (Rev.%02u)
+>>0x118C byte 2 (New3DS only)
+>>0x18D byte 0 (inner device)
+>>0x18D byte 1 (Card1)
+>>0x18D byte 2 (Card2)
+>>0x18D byte 3 (extended device)
+>0x118 bequad 0x0102020202000000 Nintendo 3DS eMMC dump (Old3DS)
+>0x118 bequad 0x0102020203000000 Nintendo 3DS eMMC dump (New3DS)
+
+# Nintendo 3DS version code.
+# Reference: https://www.3dbrew.org/wiki/Titles
+# Format: leshort containing three fields:
+# - 6-bit: Major
+# - 6-bit: Minor
+# - 4-bit: Revision
+# NOTE: Only supporting major/minor versions from 0-15 right now.
+# NOTE: Should be prefixed with "v".
+0 name nintendo-3ds-version-code
+# Raw version.
+>0 leshort x \b%u,
+# Major version.
+>0 leshort&0xFC00 0x0000 0
+>0 leshort&0xFC00 0x0400 1
+>0 leshort&0xFC00 0x0800 2
+>0 leshort&0xFC00 0x0C00 3
+>0 leshort&0xFC00 0x1000 4
+>0 leshort&0xFC00 0x1400 5
+>0 leshort&0xFC00 0x1800 6
+>0 leshort&0xFC00 0x1C00 7
+>0 leshort&0xFC00 0x2000 8
+>0 leshort&0xFC00 0x2400 9
+>0 leshort&0xFC00 0x2800 10
+>0 leshort&0xFC00 0x2C00 11
+>0 leshort&0xFC00 0x3000 12
+>0 leshort&0xFC00 0x3400 13
+>0 leshort&0xFC00 0x3800 14
+>0 leshort&0xFC00 0x3C00 15
+# Minor version.
+>0 leshort&0x03F0 0x0000 \b.0
+>0 leshort&0x03F0 0x0010 \b.1
+>0 leshort&0x03F0 0x0020 \b.2
+>0 leshort&0x03F0 0x0030 \b.3
+>0 leshort&0x03F0 0x0040 \b.4
+>0 leshort&0x03F0 0x0050 \b.5
+>0 leshort&0x03F0 0x0060 \b.6
+>0 leshort&0x03F0 0x0070 \b.7
+>0 leshort&0x03F0 0x0080 \b.8
+>0 leshort&0x03F0 0x0090 \b.9
+>0 leshort&0x03F0 0x00A0 \b.10
+>0 leshort&0x03F0 0x00B0 \b.11
+>0 leshort&0x03F0 0x00C0 \b.12
+>0 leshort&0x03F0 0x00D0 \b.13
+>0 leshort&0x03F0 0x00E0 \b.14
+>0 leshort&0x03F0 0x00F0 \b.15
+# Revision.
+>0 leshort&0x000F x \b.%u
+
+# Type: Nintendo 3DS "NCCH" container.
+# https://www.3dbrew.org/wiki/NCCH
+0x100 string NCCH Nintendo 3DS
+>0x18D byte&2 0 File Archive (CFA)
+>0x18D byte&2 2 Executable Image (CXI)
+>0x150 string >\0 \b: "%.16s"
+>0x18D byte 0x05
+>>0x10E leshort x (Old3DS System Update v
+>>0x10E use nintendo-3ds-version-code
+>>0x10E leshort x \b)
+>0x18D byte 0x15
+>>0x10E leshort x (New3DS System Update v
+>>0x10E use nintendo-3ds-version-code
+>>0x10E leshort x \b)
+>0x18D byte !0x05
+>>0x18D byte !0x15
+>>>0x112 byte x (v
+>>>0x112 use nintendo-3ds-version-code
+>>>0x112 byte x \b)
+>0x18C byte 2 (New3DS only)
+
+# Type: Nintendo 3DS "SMDH" file. (application description)
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+# Reference: https://3dbrew.org/wiki/SMDH
+0 string SMDH Nintendo 3DS SMDH file
+>0x208 leshort !0
+>>0x208 lestring16 x \b: "%.128s"
+>>0x388 leshort !0
+>>>0x388 lestring16 x by %.128s
+>0x208 leshort 0
+>>0x008 leshort !0
+>>>0x008 lestring16 x \b: "%.128s"
+>>>0x188 leshort !0
+>>>>0x188 lestring16 x by %.128s
+
+# Type: Nintendo 3DS Homebrew Application.
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+# Reference: https://3dbrew.org/wiki/3DSX_Format
+0 string 3DSX Nintendo 3DS Homebrew Application (3DSX)
+
+# Type: Nintendo 3DS Banner Model Data.
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+# Reference: https://3dbrew.org/wiki/CBMD
+0 string CBMD\0\0\0\0 Nintendo 3DS Banner Model Data
+
+#------------------------------------------------------------------------------
+# a7800: file(1) magic for the Atari 7800 raw ROM format.
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+# Reference: https://sites.google.com/site/atari7800wiki/a78-header
+
+0 byte >0
+>0 byte <3
+>>1 string ATARI7800 Atari 7800 ROM image
+!:mime application/x-atari-7800-rom
+>>>0x11 string >\0 \b: "%.32s"
+# Display type.
+>>>0x39 byte 0 (NTSC)
+>>>0x39 byte 1 (PAL)
+>>>0x36 byte&1 1 (POKEY)
+
+#------------------------------------------------------------------------------
+# vectrex: file(1) magic for the GCE Vectrex raw ROM format.
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+# Reference: http://www.playvectrex.com/designit/chrissalo/hello1.htm
+#
+# NOTE: Title is terminated with 0x80, not 0.
+# The header is terminated with a 0, so that will
+# terminate the title as well.
+#
+0 string g\ GCE Vectrex ROM image
+>0x11 string >\0 \b: "%.16s"
+
+#------------------------------------------------------------------------------
+# amiibo: file(1) magic for Nintendo amiibo NFC dumps.
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+# Reference: https://www.3dbrew.org/wiki/Amiibo
+0x00 byte 0x04
+>0x0A beshort 0x0FE0
+>>0x0C belong 0xF110FFEE
+>>>0x208 beshort 0x0100
+>>>>0x020A byte 0x0F
+>>>>>0x020C bequad 0x000000045F000000
+>>>>>>0x5B byte 0x02
+>>>>>>>0x54 belong x Nintendo amiibo NFC dump - amiibo ID: %08X-
+>>>>>>>0x58 belong x \b%08X
+
+#------------------------------------------------------------------------------
+# Type: Nintendo Switch XCI (Game Cartridge Image)
+# From: Benjamin Lowry <ben@ben.gmbh>
+# Reference: https://switchbrew.org/wiki/Gamecard_Format
+0x100 string HEAD
+>0x10D byte 0xFA Nintendo Switch cartridge image (XCI), 1GB
+>0x10D byte 0xF8 Nintendo Switch cartridge image (XCI), 2GB
+>0x10D byte 0xF0 Nintendo Switch cartridge image (XCI), 4GB
+>0x10D byte 0xE0 Nintendo Switch cartridge image (XCI), 8GB
+>0x10D byte 0xE1 Nintendo Switch cartridge image (XCI), 16GB
+>0x10D byte 0xE2 Nintendo Switch cartridge image (XCI), 32GB
+
+#------------------------------------------------------------------------------
+# Type: Nintendo Switch Executable
+# From: Benjamin Lowry <ben@ben.gmbh>
+# Reference: https://switchbrew.org/wiki/NSO
+0x00 string NSO0 Nintendo Switch executable (NSO)
+
+#------------------------------------------------------------------------------
+# Type: Nintendo Switch PFS0
+# From: Benjamin Lowry <ben@ben.gmbh>
+# Reference: https://switchbrew.org/wiki/NCA_Format#PFS0
+0x00 string PFS0 Nintendo Switch partition filesystem (PFS0)
+>0x04 ulelong x \b, %d files
+
+#------------------------------------------------------------------------------
+# amiibo: file(1) magic for Nintendo Badge Arcade files.
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+# References:
+# - https://github.com/GerbilSoft/rom-properties/issues/92
+# - https://github.com/CaitSith2/BadgeArcadeTool
+# - https://github.com/TheMachinumps/Advanced-badge-editor
+
+# PRBS: Individual badge and/or mega badge.
+0 string PRBS
+>0x44 byte >0x20 Nintendo Badge Arcade
+>>0xB8 ulelong <2
+>>>0xBC ulelong <2 badge:
+>>>0xBC ulelong >1 Mega Badge
+>>>>0xB8 ulelong x (%ux
+>>>>0xBC ulelong x \b%u):
+>>0xB8 ulelong >1 Mega Badge
+>>>0xB8 ulelong x (%ux
+>>>0xBC ulelong x \b%u):
+>0x44 string x "%s"
+>0x3C ulelong x \b, badge ID: %u
+>0x74 byte >0x20
+>>0x74 string x \b, set: "%s"
+>0xA8 ulelong !0xFFFFFFFF
+>>0xA8 ulelong x \b, launch title ID: %08X
+>>0xA4 ulelong x \b-%08X
+
+# CABS: Badge set.
+0 string CABS
+>0x2C byte >0x20 Nintendo Badge Arcade badge set:
+>>0x2C string x "%.48s"
+>>0x24 ulelong x \b, set ID: %u
+
+#------------------------------------------------------------------------------
+# sufami: file(1) magic for Sufami Turbo ROM images.
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+# References:
+# - https://problemkaputt.de/fullsnes.htm#snescartsufamiturbominicartridgeadaptor
+0 string BANDAI\ SFC-ADX
+>0x10 string !SFC-ADX\ BACKUP Sufami Turbo ROM image:
+>>0x10 string/T x "%.14s"
+>>0x30 byte x \b, ID %02X
+>>0x31 byte x \b%02X
+>>0x32 byte x \b%02X
+>>0x33 ubyte >0 \b, series index %u
+>>0x34 ubyte 0 [SlowROM]
+>>0x34 ubyte 1 [FastROM]
+>>0x35 ubyte 1 [SRAM]
+>>0x35 ubyte 3 [Special]
diff --git a/magic/Magdir/convex b/magic/Magdir/convex
new file mode 100644
index 0000000..6b28f76
--- /dev/null
+++ b/magic/Magdir/convex
@@ -0,0 +1,69 @@
+
+#------------------------------------------------------------------------------
+# $File: convex,v 1.8 2012/10/03 23:44:43 christos Exp $
+# convex: file(1) magic for Convex boxes
+#
+# Convexes are big-endian.
+#
+# /*\
+# * Below are the magic numbers and tests added for Convex.
+# * Added at beginning, because they are expected to be used most.
+# \*/
+0 belong 0507 Convex old-style object
+>16 belong >0 not stripped
+0 belong 0513 Convex old-style demand paged executable
+>16 belong >0 not stripped
+0 belong 0515 Convex old-style pre-paged executable
+>16 belong >0 not stripped
+0 belong 0517 Convex old-style pre-paged, non-swapped executable
+>16 belong >0 not stripped
+0 belong 0x011257 Core file
+#
+# The following are a series of dump format magic numbers. Each one
+# corresponds to a drastically different dump format. The first on is
+# the original dump format on a 4.1 BSD or earlier file system. The
+# second marks the change between the 4.1 file system and the 4.2 file
+# system. The Third marks the changing of the block size from 1K
+# to 2K to be compatible with an IDC file system. The fourth indicates
+# a dump that is dependent on Convex Storage Manager, because data in
+# secondary storage is not physically contained within the dump.
+# The restore program uses these number to determine how the data is
+# to be extracted.
+#
+24 belong =60013 dump format, 4.2 or 4.3 BSD (IDC compatible)
+24 belong =60014 dump format, Convex Storage Manager by-reference dump
+#
+# what follows is a bunch of bit-mask checks on the flags field of the opthdr.
+# If there is no `=' sign, assume just checking for whether the bit is set?
+#
+0 belong 0601 Convex SOFF
+>88 belong&0x000f0000 =0x00000000 c1
+>88 belong &0x00010000 c2
+>88 belong &0x00020000 c2mp
+>88 belong &0x00040000 parallel
+>88 belong &0x00080000 intrinsic
+>88 belong &0x00000001 demand paged
+>88 belong &0x00000002 pre-paged
+>88 belong &0x00000004 non-swapped
+>88 belong &0x00000008 POSIX
+#
+>84 belong &0x80000000 executable
+>84 belong &0x40000000 object
+>84 belong&0x20000000 =0 not stripped
+>84 belong&0x18000000 =0x00000000 native fpmode
+>84 belong&0x18000000 =0x10000000 ieee fpmode
+>84 belong&0x18000000 =0x18000000 undefined fpmode
+#
+0 belong 0605 Convex SOFF core
+#
+0 belong 0607 Convex SOFF checkpoint
+>88 belong&0x000f0000 =0x00000000 c1
+>88 belong &0x00010000 c2
+>88 belong &0x00020000 c2mp
+>88 belong &0x00040000 parallel
+>88 belong &0x00080000 intrinsic
+>88 belong &0x00000008 POSIX
+#
+>84 belong&0x18000000 =0x00000000 native fpmode
+>84 belong&0x18000000 =0x10000000 ieee fpmode
+>84 belong&0x18000000 =0x18000000 undefined fpmode
diff --git a/magic/Magdir/coverage b/magic/Magdir/coverage
new file mode 100644
index 0000000..9f2c3dc
--- /dev/null
+++ b/magic/Magdir/coverage
@@ -0,0 +1,91 @@
+
+#------------------------------------------------------------------------------
+# $File: coverage,v 1.3 2021/02/23 00:51:10 christos Exp $
+# xoverage: file(1) magic for test coverage data
+
+# File formats used to store test coverage data
+# 2016-05-21, Georg Sauthoff <mail@georg.so>
+
+
+# - GCC gcno - written by GCC at compile time when compiling with
+# gcc -ftest-coverage
+# - GCC gcda - written by a program that was compiled with
+# gcc -fprofile-arcs
+# - LLVM raw profiles - generated by a program compiled with
+# clang -fprofile-instr-generate -fcoverage-mapping ...
+# - LLVM indexed profiles - generated by
+# llvm-profdata
+# - GCOV reports, i.e. the annotated source code
+# - LCOV trace files, i.e. aggregated GCC profiles
+#
+# GCC coverage tracefiles
+# .gcno file are created during compile time,
+# while data collected during runtime is stored in .gcda files
+# cf. gcov-io.h
+# https://gcc.gnu.org/onlinedocs/gcc-5.3.0/gcc/Gcov-Data-Files.html
+# Examples:
+# Fedora 23/x86-64/gcc-5.3.1: 6f 6e 63 67 52 33 30 35
+# Debian 8 PPC64/gcc-4.9.2 : 67 63 6e 6f 34 30 39 2a
+0 lelong 0x67636e6f GCC gcno coverage (-ftest-coverage),
+>&3 byte x version %c.
+>&1 byte x \b%c
+
+# big endian
+0 belong 0x67636e6f GCC gcno coverage (-ftest-coverage),
+>&0 byte x version %c.
+>&2 byte x \b%c (big-endian)
+
+# Examples:
+# Fedora 23/x86-64/gcc-5.3.1: 61 64 63 67 52 33 30 35
+# Debian 8 PPC64/gcc-4.9.2 : 67 63 64 61 34 30 39 2a
+0 lelong 0x67636461 GCC gcda coverage (-fprofile-arcs),
+>&3 byte x version %c.
+>&1 byte x \b%c
+
+# big endian
+0 belong 0x67636461 GCC gcda coverage (-fprofile-arcs),
+>&0 byte x version %c.
+>&2 byte x \b%c (big-endian)
+
+
+# LCOV tracefiles
+# cf. http://ltp.sourceforge.net/coverage/lcov/geninfo.1.php
+0 string TN:
+>&0 search/64 \nSF:/ LCOV coverage tracefile
+
+
+# Coverage reports generated by gcov
+# i.e. source code annotated with coverage information
+0 string \x20\x20\x20\x20\x20\x20\x20\x20-:\x20\x20\x20\ 0:Source:
+>&0 search/128 \x20\x20\x20\x20\x20\x20\x20\x20-:\x20\x20\x20\ 0:Graph:
+>>&0 search/128 \x20\x20\x20\x20\x20\x20\x20\x20-:\x20\x20\x20\ 0:Data: GCOV coverage report
+
+
+# LLVM coverage files
+
+# raw data after running a program compiled with:
+# `clang -fprofile-instr-generate -fcoverage-mapping ...`
+# default name: default.profraw
+# magic is: \xFF lprofr \x81
+# cf. https://llvm.org/docs/doxygen/html/InstrProfData_8inc_source.html
+0 lequad 0xff6c70726f667281 LLVM raw profile data,
+>&0 byte x version %d
+
+# big endian
+0 bequad 0xff6c70726f667281 LLVM raw profile data,
+>&7 byte x version %d (big-endian)
+
+
+# LLVM indexed instruction profile (as generated by llvm-profdata)
+# magic is: reverse(\xFF lprofi \x81)
+# cf. https://llvm.org/docs/CoverageMappingFormat.html
+# https://llvm.org/docs/doxygen/html/namespacellvm_1_1IndexedInstrProf.html
+# https://llvm.org/docs/CommandGuide/llvm-cov.html
+# https://llvm.org/docs/CommandGuide/llvm-profdata.html
+0 lequad 0x8169666f72706cff LLVM indexed profile data,
+>&0 byte x version %d
+
+# big endian
+0 bequad 0x8169666f72706cff LLVM indexed profile data,
+>&7 byte x version %d (big-endian)
+
diff --git a/magic/Magdir/cracklib b/magic/Magdir/cracklib
new file mode 100644
index 0000000..1676596
--- /dev/null
+++ b/magic/Magdir/cracklib
@@ -0,0 +1,14 @@
+
+#------------------------------------------------------------------------------
+# $File: cracklib,v 1.7 2009/09/19 16:28:08 christos Exp $
+# cracklib: file (1) magic for cracklib v2.7
+
+0 lelong 0x70775631 Cracklib password index, little endian
+>4 long >0 (%i words)
+>4 long 0 ("64-bit")
+>>8 long >-1 (%i words)
+0 belong 0x70775631 Cracklib password index, big endian
+>4 belong >-1 (%i words)
+# really bellong 0x0000000070775631
+0 search/1 \0\0\0\0pwV1 Cracklib password index, big endian ("64-bit")
+>12 belong >0 (%i words)
diff --git a/magic/Magdir/crypto b/magic/Magdir/crypto
new file mode 100644
index 0000000..910df8d
--- /dev/null
+++ b/magic/Magdir/crypto
@@ -0,0 +1,49 @@
+
+#------------------------------------------------------------------------------
+# $File: crypto,v 1.4 2023/07/17 16:41:48 christos Exp $
+# crypto: file(1) magic for crypto formats
+#
+# Bitcoin block files
+0 lelong 0xD9B4BEF9 Bitcoin
+>(4.l+40) lelong 0xD9B4BEF9 reverse block
+>>4 lelong x \b, size %u
+# normal block below
+>0 default x block
+>>4 lelong x \b, size %u
+>>8 lelong&0xE0000000 0x20000000
+>>>8 lelong x \b, BIP9 0x%x
+>>8 lelong&0xE0000000 !0x20000000
+>>>8 lelong x \b, version 0x%x
+>>76 ledate x \b, %s UTC
+# VarInt counter
+>>88 ubyte <0xfd \b, txcount %u
+>>88 ubyte 0xfd
+>>>89 leshort x \b, txcount %u
+>>88 ubyte 0xfe
+>>>89 lelong x \b, txcount %u
+>>88 ubyte 0xff
+>>>89 lequad x \b, txcount %llu
+!:ext dat
+# option to find more blocks in the file
+#>>(4.l+8) indirect x ;
+
+# LevelDB
+-8 lequad 0xdb4775248b80fb57 LevelDB table data
+
+# http://www.tarsnap.com/scrypt.html
+# see scryptenc_setup() in lib/scryptenc/scryptenc.c
+0 string scrypt\0 scrypt encrypted file
+>7 byte x \b, N=2**%d
+>8 belong x \b, r=%d
+>12 belong x \b, p=%d
+
+# https://age-encryption.org/
+# Only the first recipient is printed in detail to prevent repetitive output
+# in extreme cases ("ssh-rsa, ssh-rsa, ssh-rsa, ...").
+0 string age-encryption.org/v1\n age encrypted file
+>25 regex/128 \^[^\040]+ \b, %s recipient
+>>25 string scrypt
+>>>&0 regex/64 [0-9]+\$ (N=2**%s)
+>>&0 search/256 \n->\040 \b, among others
+
+0 string -----BEGIN\040AGE\040ENCRYPTED\040FILE----- age encrypted file, ASCII armored
diff --git a/magic/Magdir/ctags b/magic/Magdir/ctags
new file mode 100644
index 0000000..f480d32
--- /dev/null
+++ b/magic/Magdir/ctags
@@ -0,0 +1,6 @@
+
+# ----------------------------------------------------------------------------
+# $File: ctags,v 1.6 2009/09/19 16:28:08 christos Exp $
+# ctags: file (1) magic for Exuberant Ctags files
+# From: Alexander Mai <mai@migdal.ikp.physik.tu-darmstadt.de>
+0 search/1 =!_TAG Exuberant Ctags tag file text
diff --git a/magic/Magdir/ctf b/magic/Magdir/ctf
new file mode 100644
index 0000000..d91684d
--- /dev/null
+++ b/magic/Magdir/ctf
@@ -0,0 +1,23 @@
+
+#--------------------------------------------------------------
+# ctf: file(1) magic for CTF (Common Trace Format) trace files
+#
+# Specs. available here: <https://www.efficios.com/ctf>
+#--------------------------------------------------------------
+
+# CTF trace data
+0 lelong 0xc1fc1fc1 Common Trace Format (CTF) trace data (LE)
+0 belong 0xc1fc1fc1 Common Trace Format (CTF) trace data (BE)
+
+# CTF metadata (packetized)
+0 lelong 0x75d11d57 Common Trace Format (CTF) packetized metadata (LE)
+>35 byte x \b, v%d
+>36 byte x \b.%d
+0 belong 0x75d11d57 Common Trace Format (CTF) packetized metadata (BE)
+>35 byte x \b, v%d
+>36 byte x \b.%d
+
+# CTF metadata (plain text)
+0 string /*\x20CTF\x20 Common Trace Format (CTF) plain text metadata
+!:strength + 5 # this is to make sure we beat C
+>&0 regex [0-9]+\\.[0-9]+ \b, v%s
diff --git a/magic/Magdir/cubemap b/magic/Magdir/cubemap
new file mode 100644
index 0000000..e2f87d8
--- /dev/null
+++ b/magic/Magdir/cubemap
@@ -0,0 +1,8 @@
+
+#------------------------------------------------------------------------------
+# $File: cubemap,v 1.1 2012/06/06 13:03:20 christos Exp $
+# file(1) magic(5) data for cubemaps Martin Erik Werner <martinerikwerner@gmail.com>
+#
+0 string ACMP Map file for the AssaultCube FPS game
+0 string CUBE Map file for cube and cube2 engine games
+0 string MAPZ) Map file for the Blood Frontier/Red Eclipse FPS games
diff --git a/magic/Magdir/cups b/magic/Magdir/cups
new file mode 100644
index 0000000..6dd14ac
--- /dev/null
+++ b/magic/Magdir/cups
@@ -0,0 +1,56 @@
+
+#------------------------------------------------------------------------------
+# $File: cups,v 1.6 2019/04/19 00:42:27 christos Exp $
+# Cups: file(1) magic for the cups raster file format
+# From: Laurent Martelli <martellilaurent@gmail.com>
+# https://www.cups.org/documentation.php/spec-raster.html
+#
+
+0 name cups-le
+>280 lelong x \b, %d
+>284 lelong x \bx%d dpi
+>376 lelong x \b, %dx
+>380 lelong x \b%d pixels
+>388 lelong x %d bits/color
+>392 lelong x %d bits/pixel
+>400 lelong 0 ColorOrder=Chunky
+>400 lelong 1 ColorOrder=Banded
+>400 lelong 2 ColorOrder=Planar
+>404 lelong 0 ColorSpace=gray
+>404 lelong 1 ColorSpace=RGB
+>404 lelong 2 ColorSpace=RGBA
+>404 lelong 3 ColorSpace=black
+>404 lelong 4 ColorSpace=CMY
+>404 lelong 5 ColorSpace=YMC
+>404 lelong 6 ColorSpace=CMYK
+>404 lelong 7 ColorSpace=YMCK
+>404 lelong 8 ColorSpace=KCMY
+>404 lelong 9 ColorSpace=KCMYcm
+>404 lelong 10 ColorSpace=GMCK
+>404 lelong 11 ColorSpace=GMCS
+>404 lelong 12 ColorSpace=WHITE
+>404 lelong 13 ColorSpace=GOLD
+>404 lelong 14 ColorSpace=SILVER
+>404 lelong 15 ColorSpace=CIE XYZ
+>404 lelong 16 ColorSpace=CIE Lab
+>404 lelong 17 ColorSpace=RGBW
+>404 lelong 18 ColorSpace=sGray
+>404 lelong 19 ColorSpace=sRGB
+>404 lelong 20 ColorSpace=AdobeRGB
+
+# Cups Raster image format, Big Endian
+0 string RaS
+>3 string t Cups Raster version 1, Big Endian
+>3 string 2 Cups Raster version 2, Big Endian
+>3 string 3 Cups Raster version 3, Big Endian
+!:mime application/vnd.cups-raster
+>0 use \^cups-le
+
+
+# Cups Raster image format, Little Endian
+1 string SaR
+>0 string t Cups Raster version 1, Little Endian
+>0 string 2 Cups Raster version 2, Little Endian
+>0 string 3 Cups Raster version 3, Little Endian
+!:mime application/vnd.cups-raster
+>0 use cups-le
diff --git a/magic/Magdir/dact b/magic/Magdir/dact
new file mode 100644
index 0000000..04627c9
--- /dev/null
+++ b/magic/Magdir/dact
@@ -0,0 +1,11 @@
+
+#------------------------------------------------------------------------------
+# $File: dact,v 1.4 2009/09/19 16:28:08 christos Exp $
+# dact: file(1) magic for DACT compressed files
+#
+0 long 0x444354C3 DACT compressed data
+>4 byte >-1 (version %i.
+>5 byte >-1 $BS%i.
+>6 byte >-1 $BS%i)
+>7 long >0 $BS, original size: %i bytes
+>15 long >30 $BS, block size: %i bytes
diff --git a/magic/Magdir/database b/magic/Magdir/database
new file mode 100644
index 0000000..03ac423
--- /dev/null
+++ b/magic/Magdir/database
@@ -0,0 +1,886 @@
+
+#------------------------------------------------------------------------------
+# $File: database,v 1.69 2023/01/12 00:14:04 christos Exp $
+# database: file(1) magic for various databases
+#
+# extracted from header/code files by Graeme Wilford (eep2gw@ee.surrey.ac.uk)
+#
+#
+# GDBM magic numbers
+# Will be maintained as part of the GDBM distribution in the future.
+# <downsj@teeny.org>
+0 belong 0x13579acd GNU dbm 1.x or ndbm database, big endian, 32-bit
+!:mime application/x-gdbm
+0 belong 0x13579ace GNU dbm 1.x or ndbm database, big endian, old
+!:mime application/x-gdbm
+0 belong 0x13579acf GNU dbm 1.x or ndbm database, big endian, 64-bit
+!:mime application/x-gdbm
+0 lelong 0x13579acd GNU dbm 1.x or ndbm database, little endian, 32-bit
+!:mime application/x-gdbm
+0 lelong 0x13579ace GNU dbm 1.x or ndbm database, little endian, old
+!:mime application/x-gdbm
+0 lelong 0x13579acf GNU dbm 1.x or ndbm database, little endian, 64-bit
+!:mime application/x-gdbm
+0 string GDBM GNU dbm 2.x database
+!:mime application/x-gdbm
+#
+# Berkeley DB
+#
+# Ian Darwin's file /etc/magic files: big/little-endian version.
+#
+# Hash 1.85/1.86 databases store metadata in network byte order.
+# Btree 1.85/1.86 databases store the metadata in host byte order.
+# Hash and Btree 2.X and later databases store the metadata in host byte order.
+
+0 long 0x00061561 Berkeley DB
+!:mime application/x-dbm
+>8 belong 4321
+>>4 belong >2 1.86
+>>4 belong <3 1.85
+>>4 belong >0 (Hash, version %d, native byte-order)
+>8 belong 1234
+>>4 belong >2 1.86
+>>4 belong <3 1.85
+>>4 belong >0 (Hash, version %d, little-endian)
+
+0 belong 0x00061561 Berkeley DB
+>8 belong 4321
+>>4 belong >2 1.86
+>>4 belong <3 1.85
+>>4 belong >0 (Hash, version %d, big-endian)
+>8 belong 1234
+>>4 belong >2 1.86
+>>4 belong <3 1.85
+>>4 belong >0 (Hash, version %d, native byte-order)
+
+0 long 0x00053162 Berkeley DB 1.85/1.86
+>4 long >0 (Btree, version %d, native byte-order)
+0 belong 0x00053162 Berkeley DB 1.85/1.86
+>4 belong >0 (Btree, version %d, big-endian)
+0 lelong 0x00053162 Berkeley DB 1.85/1.86
+>4 lelong >0 (Btree, version %d, little-endian)
+
+12 long 0x00061561 Berkeley DB
+>16 long >0 (Hash, version %d, native byte-order)
+12 belong 0x00061561 Berkeley DB
+>16 belong >0 (Hash, version %d, big-endian)
+12 lelong 0x00061561 Berkeley DB
+>16 lelong >0 (Hash, version %d, little-endian)
+
+12 long 0x00053162 Berkeley DB
+>16 long >0 (Btree, version %d, native byte-order)
+12 belong 0x00053162 Berkeley DB
+>16 belong >0 (Btree, version %d, big-endian)
+12 lelong 0x00053162 Berkeley DB
+>16 lelong >0 (Btree, version %d, little-endian)
+
+12 long 0x00042253 Berkeley DB
+>16 long >0 (Queue, version %d, native byte-order)
+12 belong 0x00042253 Berkeley DB
+>16 belong >0 (Queue, version %d, big-endian)
+12 lelong 0x00042253 Berkeley DB
+>16 lelong >0 (Queue, version %d, little-endian)
+
+# From Max Bowsher.
+12 long 0x00040988 Berkeley DB
+>16 long >0 (Log, version %d, native byte-order)
+12 belong 0x00040988 Berkeley DB
+>16 belong >0 (Log, version %d, big-endian)
+12 lelong 0x00040988 Berkeley DB
+>16 lelong >0 (Log, version %d, little-endian)
+
+#
+#
+# Round Robin Database Tool by Tobias Oetiker <oetiker@ee.ethz.ch>
+0 string/b RRD\0 RRDTool DB
+>4 string/b x version %s
+
+>>10 short !0 16bit aligned
+>>>10 bedouble 8.642135e+130 big-endian
+>>>>18 short x 32bit long (m68k)
+
+>>10 short 0
+>>>12 long !0 32bit aligned
+>>>>12 bedouble 8.642135e+130 big-endian
+>>>>>20 long 0 64bit long
+>>>>>20 long !0 32bit long
+>>>>12 ledouble 8.642135e+130 little-endian
+>>>>>24 long 0 64bit long
+>>>>>24 long !0 32bit long (i386)
+>>>>12 string \x43\x2b\x1f\x5b\x2f\x25\xc0\xc7 middle-endian
+>>>>>24 short !0 32bit long (arm)
+
+>>8 quad 0 64bit aligned
+>>>16 bedouble 8.642135e+130 big-endian
+>>>>24 long 0 64bit long (s390x)
+>>>>24 long !0 32bit long (hppa/mips/ppc/s390/SPARC)
+>>>16 ledouble 8.642135e+130 little-endian
+>>>>28 long 0 64bit long (alpha/amd64/ia64)
+>>>>28 long !0 32bit long (armel/mipsel)
+
+#----------------------------------------------------------------------
+# ROOT: file(1) magic for ROOT databases
+#
+0 string root\0 ROOT file
+>4 belong x Version %d
+>33 belong x (Compression: %d)
+
+# XXX: Weak magic.
+# Alex Ott <ott@jet.msk.su>
+## Paradox file formats
+#2 leshort 0x0800 Paradox
+#>0x39 byte 3 v. 3.0
+#>0x39 byte 4 v. 3.5
+#>0x39 byte 9 v. 4.x
+#>0x39 byte 10 v. 5.x
+#>0x39 byte 11 v. 5.x
+#>0x39 byte 12 v. 7.x
+#>>0x04 byte 0 indexed .DB data file
+#>>0x04 byte 1 primary index .PX file
+#>>0x04 byte 2 non-indexed .DB data file
+#>>0x04 byte 3 non-incrementing secondary index .Xnn file
+#>>0x04 byte 4 secondary index .Ynn file
+#>>0x04 byte 5 incrementing secondary index .Xnn file
+#>>0x04 byte 6 non-incrementing secondary index .XGn file
+#>>0x04 byte 7 secondary index .YGn file
+#>>>0x04 byte 8 incrementing secondary index .XGn file
+
+## XBase database files
+# updated by Joerg Jenderek at Feb 2013
+# https://www.dbase.com/Knowledgebase/INT/db7_file_fmt.htm
+# https://www.clicketyclick.dk/databases/xbase/format/dbf.html
+# inspect VVYYMMDD , where 1<= MM <= 12 and 1<= DD <= 31
+0 ubelong&0x0000FFFF <0x00000C20
+!:strength +10
+# skip Infocom game Z-machine
+>2 ubyte >0
+# skip Androids *.xml
+>>3 ubyte >0
+>>>3 ubyte <32
+# 1 < version VV
+>>>>0 ubyte >1
+# skip HELP.CA3 by test for reserved byte ( NULL )
+>>>>>27 ubyte 0
+# reserved bytes not always 0 ; also found 0x3901 (T4.DBF) ,0x7101 (T5.DBF,T6.DBF)
+#>>>>>30 ubeshort x 30NULL?%x
+# possible production flag,tag numbers(<=0x30),tag length(<=0x20), reserved (NULL)
+>>>>>>24 ubelong&0xffFFFFff >0x01302000
+# .DBF or .MDX
+>>>>>>24 ubelong&0xffFFFFff <0x01302001
+# for Xbase Database file (*.DBF) reserved (NULL) for multi-user
+>>>>>>>24 ubelong&0xffFFFFff =0
+# test for 2 reserved NULL bytes,transaction and encryption byte flag
+>>>>>>>>12 ubelong&0xFFFFfEfE 0
+# test for MDX flag
+>>>>>>>>>28 ubyte x
+>>>>>>>>>28 ubyte&0xf8 0
+# header size >= 32
+>>>>>>>>>>8 uleshort >31
+# skip PIC15736.PCX by test for language driver name or field name
+>>>>>>>>>>>32 ubyte >0
+#!:mime application/x-dbf; charset=unknown-8bit ??
+#!:mime application/x-dbase
+>>>>>>>>>>>>0 use xbase-type
+# database file
+>>>>>>>>>>>>28 ubyte&0x04 =0 \b DBF
+!:ext dbf
+>>>>>>>>>>>>28 ubyte&0x04 =4 \b DataBaseContainer
+!:ext dbc
+>>>>>>>>>>>>4 lelong 0 \b, no records
+>>>>>>>>>>>>4 lelong >0 \b, %d record
+# plural s appended
+>>>>>>>>>>>>>4 lelong >1 \bs
+# https://www.clicketyclick.dk/databases/xbase/format/dbf_check.html#CHECK_DBF
+# 1 <= record size <= 4000 (dBase 3,4) or 32 * KB (=0x8000)
+>>>>>>>>>>>>10 uleshort x * %d
+# file size = records * record size + header size
+>>>>>>>>>>>>1 ubyte x \b, update-date
+>>>>>>>>>>>>1 use xbase-date
+# https://msdn.microsoft.com/de-de/library/cc483186(v=vs.71).aspx
+#>>>>>>>>>>>>29 ubyte =0 \b, codepage ID=%#x
+# 2~cp850 , 3~cp1252 , 0x1b~?? ; what code page is 0x1b ?
+>>>>>>>>>>>>29 ubyte >0 \b, codepage ID=%#x
+#>>>>>>>>>>>>28 ubyte&0x01 0 \b, no index file
+# MDX or CDX index
+>>>>>>>>>>>>28 ubyte&0x01 1 \b, with index file .MDX
+>>>>>>>>>>>>28 ubyte&0x02 2 \b, with memo .FPT
+#>>>>>>>>>>>>28 ubyte&0x04 4 \b, DataBaseContainer
+# 1st record offset + 1 = header size
+>>>>>>>>>>>>8 uleshort >0
+>>>>>>>>>>>>(8.s+1) ubyte >0
+>>>>>>>>>>>>>8 uleshort >0 \b, at offset %d
+>>>>>>>>>>>>>(8.s+1) ubyte >0
+>>>>>>>>>>>>>>&-1 string >\0 1st record "%s"
+# for multiple index files (*.MDX) Production flag,tag numbers(<=0x30),tag length(<=0x20), reserved (NULL)
+>>>>>>>24 ubelong&0x0133f7ff >0
+# test for reserved NULL byte
+>>>>>>>>47 ubyte 0
+# test for valid TAG key format (0x10 or 0)
+>>>>>>>>>559 ubyte&0xeF 0
+# test MM <= 12
+>>>>>>>>>>45 ubeshort <0x0C20
+>>>>>>>>>>>45 ubyte >0
+>>>>>>>>>>>>46 ubyte <32
+>>>>>>>>>>>>>46 ubyte >0
+#!:mime application/x-mdx
+>>>>>>>>>>>>>>0 use xbase-type
+>>>>>>>>>>>>>>0 ubyte x \b MDX
+>>>>>>>>>>>>>>1 ubyte x \b, creation-date
+>>>>>>>>>>>>>>1 use xbase-date
+>>>>>>>>>>>>>>44 ubyte x \b, update-date
+>>>>>>>>>>>>>>44 use xbase-date
+# No.of tags in use (1,2,5,12)
+>>>>>>>>>>>>>>28 uleshort x \b, %d
+# No. of entries in tag (0x30)
+>>>>>>>>>>>>>>25 ubyte x \b/%d tags
+# Length of tag
+>>>>>>>>>>>>>>26 ubyte x * %d
+# 1st tag name_
+>>>>>>>>>>>>>548 string x \b, 1st tag "%.11s"
+# 2nd tag name
+#>>>>>>>>>>>>(26.b+548) string x \b, 2nd tag "%.11s"
+#
+# Print the xBase names of different version variants
+0 name xbase-type
+>0 ubyte <2
+# 1 < version
+>0 ubyte >1
+>>0 ubyte 0x02 FoxBase
+!:mime application/x-dbf
+# like: ACCESS.DBF USER.DBF dbase3date.dbf mitarbei.dbf produkte.dbf umlaut-test-v2.dbf
+# FoxBase+/dBaseIII+, no memo
+>>0 ubyte 0x03 FoxBase+/dBase III
+!:mime application/x-dbf
+# like: 92DATA.DBF MSCATLOG.DBF SYLLABI2.DBF SYLLABUS.DBF T4.DBF Teleadr.dbf us_city.dbf
+# dBASE IV no memo file
+>>0 ubyte 0x04 dBase IV
+!:mime application/x-dbf
+# like: Quattro-test11.dbf umlaut-test-v4.dbf
+# dBASE V no memo file
+>>0 ubyte 0x05 dBase V
+!:mime application/x-dbf
+# like: dbase4double.dbf Quattro-test2.dbf umlaut-test7.dbf
+!:ext dbf
+# probably Apollo Database Server 9.7? xBase (0x6)
+>>0 ubyte 0x06 Apollo
+!:mime application/x-dbf
+# like: ALIAS.DBF CRYPT.DBF PROCS.DBF USERS.DBF
+# https://docs.microsoft.com/en-us/previous-versions/visualstudio/foxpro/st4a0s68(v=vs.80)
+>>0 ubyte 0x2F FoxBase+/Dbase III plus, no memo
+!:mime application/x-dbf
+# no example
+>>0 ubyte 0x30 Visual FoxPro
+!:mime application/x-dbf
+# like: 26FRX.DBF 30DBC.DBF 30DBCPRO.DBF BEHINDSC.DBF USER_LEV.DBF
+# Microsoft Visual FoxPro Database Container File like: FOXPRO-DB-TEST.DBC TESTDATA.DBC TASTRADE.DBC
+>>0 ubyte 0x31 Visual FoxPro, autoincrement
+!:mime application/x-dbf
+# like: AI_Table.DBF dbase_31.dbf w_cityFoxpro.dbf
+# Visual FoxPro, with field type Varchar or Varbinary
+>>0 ubyte 0x32 Visual FoxPro, with field type Varchar
+!:mime application/x-dbf
+# like: dbase_32.dbf
+# dBASE IV SQL, no memo;dbv memo var size (Flagship)
+>>0 ubyte 0x43 dBase IV, with SQL table
+!:mime application/x-dbf
+# like: ASSEMBLY.DBF INVENTRY.DBF STAFF.DBF
+# https://docs.microsoft.com/en-us/previous-versions/visualstudio/foxpro/st4a0s68(v=vs.80)
+>>0 ubyte 0x62 dBase IV, with SQL table
+#!:mime application/x-dbf
+# no example
+# dBASE IV, with memo!!
+>>0 ubyte 0x7b dBase IV, with memo
+!:mime application/x-dbf
+# like: test3memo.DBF dbase5.DBF
+# https://docs.microsoft.com/en-us/previous-versions/visualstudio/foxpro/st4a0s68(v=vs.80)
+>>0 ubyte 0x82 dBase IV, with SQL system
+#!:mime application/x-dbf
+# no example
+# FoxBase+/dBaseIII+ with memo .DBT!
+>>0 ubyte 0x83 FoxBase+/dBase III, with memo .DBT
+!:mime application/x-dbf
+# like: T2.DBF t3.DBF biblio.dbf dbase_83.dbf dbase3dbt0_4.dbf fsadress.dbf stop.dbf
+# VISUAL OBJECTS (first 1.0 versions) for the Dbase III files (NTX clipper driver); memo file
+>>0 ubyte 0x87 VISUAL OBJECTS, with memo file
+!:mime application/x-dbf
+# like: ACCESS.DBF dbase3date.dbf dbase3float.dbf holdings.dbf mitarbei.dbf
+# https://docs.microsoft.com/en-us/previous-versions/visualstudio/foxpro/st4a0s68(v=vs.80)
+>>0 ubyte 0x8A FoxBase+/dBase III, with memo .DBT
+#!:mime application/x-dbf
+# no example
+# dBASE IV with memo!
+>>0 ubyte 0x8B dBase IV, with memo .DBT
+!:mime application/x-dbf
+# like: animals.dbf archive.dbf callin.dbf dbase_8b.dbf phnebook.dbf t6.dbf
+# dBase IV with SQL Table,no memo?
+>>0 ubyte 0x8E dBase IV, with SQL table
+!:mime application/x-dbf
+# like: dbase5.DBF test3memo.DBF test-memo.DBF
+# .dbv and .dbt memo (Flagship)?
+>>0 ubyte 0xB3 Flagship
+!:mime application/x-dbf
+# no example
+# https://docs.microsoft.com/en-us/previous-versions/visualstudio/foxpro/st4a0s68(v=vs.80)
+>>0 ubyte 0xCA dBase IV with memo .DBT
+#!:mime application/x-dbf
+# no example
+# dBASE IV with SQL table, with memo .DBT
+>>0 ubyte 0xCB dBase IV with SQL table, with memo .DBT
+!:mime application/x-dbf
+# like: dbase5.DBF test3memo.DBF test-memo.DBF
+# HiPer-Six format;Clipper SIX, with SMT memo file
+>>0 ubyte 0xE5 Clipper SIX with memo
+!:mime application/x-dbf
+# like: dbase5.DBF test3memo.DBF test-memo.DBF testClipper.dbf DATA.DBF
+# https://docs.microsoft.com/en-us/previous-versions/visualstudio/foxpro/st4a0s68(v=vs.80)
+>>0 ubyte 0xF4 dBase IV, with SQL table, with memo
+#!:mime application/x-dbf
+# no example
+>>0 ubyte 0xF5 FoxPro with memo
+!:mime application/x-dbf
+# like: CUSTOMER.DBF FOXUSER1.DBF Invoice.DBF NG.DBF OBJSAMP.DBF dbase_f5.dbf kunde.dbf
+# probably Apollo Database Server 9.7 with SQL and memo mask? xBase (0xF6)
+>>0 ubyte 0xF6 Apollo, with SQL table with memo
+!:mime application/x-dbf
+# like: SCRIPTS.DBF
+# https://docs.microsoft.com/en-us/previous-versions/visualstudio/foxpro/st4a0s68(v=vs.80)
+#>>0 ubyte 0xFA FoxPro 2.x, with memo
+#!:mime application/x-dbf
+# no example
+# unknown version (should not happen)
+>>0 default x xBase
+!:mime application/x-dbf
+>>>0 ubyte x (%#x)
+# flags in version byte
+# DBT flag (with dBASE III memo .DBT)!!
+# >>0 ubyte&0x80 >0 DBT_FLAG=%x
+# memo flag ??
+# >>0 ubyte&0x08 >0 MEMO_FLAG=%x
+# SQL flag ??
+# >>0 ubyte&0x70 >0 SQL_FLAG=%x
+# test and print the date of xBase .DBF .MDX
+0 name xbase-date
+# inspect YYMMDD , where 1<= MM <= 12 and 1<= DD <= 31
+>0 ubelong x
+>1 ubyte <13
+>>1 ubyte >0
+>>>2 ubyte >0
+>>>>2 ubyte <32
+>>>>>0 ubyte x
+# YY is interpreted as 20YY or 19YY
+>>>>>>0 ubyte <100 \b %.2d
+# YY is interpreted 1900+YY; TODO: display yy or 20yy instead 1YY
+>>>>>>0 ubyte >99 \b %d
+>>>>>1 ubyte x \b-%d
+>>>>>2 ubyte x \b-%d
+
+# dBase memo files .DBT or .FPT
+# https://msdn.microsoft.com/en-us/library/8599s21w(v=vs.80).aspx
+16 ubyte <4
+>16 ubyte !2
+>>16 ubyte !1
+# next free block index is positive
+>>>0 ulelong >0
+# skip many JPG. ZIP, BZ2 by test for reserved bytes NULL , 0|2 , 0|1 , low byte of block size
+>>>>17 ubelong&0xFFfdFEff 0x00000000
+# skip many RAR by test for low byte 0 ,high byte 0|2|even of block size, 0|a|e|d7 , 0|64h
+>>>>>20 ubelong&0xFF01209B 0x00000000
+# dBASE III
+>>>>>>16 ubyte 3
+# skip with invalid "low" 1st item "\0\0\0\0" StateRepository-Deployment.srd-shm "\001\010\0\0" gcry_cast5.mod
+>>>>>>>512 ubyte >040
+# skip with valid 1st item "rintf" keylayouts.mod
+# by looking for valid terminating character Ctrl-Z like in test.dbt
+>>>>>>>>513 search/3308 \032
+# skip GRUB plan9.mod with invalid second terminating character 007
+# by checking second terminating character Ctrl-Z like in test.dbt
+>>>>>>>>>&0 ubyte 032
+# dBASE III DBT with two Ctr-Z terminating characters
+>>>>>>>>>>0 use dbase3-memo-print
+# second terminating character \0 like in dbase-memo.dbt or GRUB nativedisk.mod
+>>>>>>>>>&0 ubyte 0
+# skip GRUB nativedisk.mod with grub_mod_init\0grub_mod_fini\0grub_fs_autoload_hook\0
+>>>>>>>>>>0x1ad string !grub_mod_init
+# like dbase-memo.dbt
+>>>>>>>>>>>0 use dbase3-memo-print
+# dBASE III DBT without version, dBASE IV DBT , FoxPro FPT , or many ZIP , DBF garbage
+>>>>>>16 ubyte 0
+# unusual dBASE III DBT like angest.dbt, dBASE IV DBT with block size 0 , FoxPro FPT , or garbage PCX DBF
+>>>>>>>20 uleshort 0
+# FoxPro FPT , unusual dBASE III DBT like biblio.dbt or garbage
+>>>>>>>>8 ulong =0
+>>>>>>>>>6 ubeshort >0
+# skip emacs.PIF
+>>>>>>>>>>4 ushort 0
+# check for valid FoxPro field type
+>>>>>>>>>>>512 ubelong <3
+# skip LXMDCLN4.OUT LXMDCLN6.OUT LXMDALG6.OUT with invalid blocksize 170=AAh
+>>>>>>>>>>>>6 ubeshort&0x002f 0
+>>>>>>>>>>>>>0 use foxpro-memo-print
+# dBASE III DBT , garbage
+# skip WORD1XW.DOC with improbably high free block index
+>>>>>>>>>0 ulelong <0x400000
+# skip WinStore.App.exe by looking for printable 2nd character of 1st memo item
+>>>>>>>>>>513 ubyte >037
+# skip DOS executables CPQ0TD.DRV E30ODI.COM IBM0MONO.DRV by looking for printable 1st character of 1st memo item
+>>>>>>>>>>>512 ubyte >037
+# skip few (14/758) Microsoft Event Trace Logs (boot_BASE+CSWITCH_1.etl DlTel-Merge.etl UpdateUx.006.etl) with invalid "high" 1st item \377\377
+>>>>>>>>>>>>512 ubyte <0377
+# skip some Commodore 64 Art Studio (Deep_Strike.aas dragon's_lair_ii.aas), some Atari DEGAS Elite bitmap (ELEPHANT.PC3 ST.PC2)
+# some probably old GRUB modules (part_sun.mod) and virtual-boy-wario-land.vb.
+# by looking for valid terminating character Ctrl-Z
+>>>>>>>>>>>>>513 search/523 \032
+# Atari DEGAS bitmap ST.PC2 with 0370 as second terminating character
+#>>>>>>>>>>>>>>&0 ubyte x 2ND_CHAR_IS=%o
+# dBASE III DBT with two Ctr-Z terminating characters like dbase3dbt0_1.dbt dbase_83.dbt
+>>>>>>>>>>>>>>&0 ubyte 032
+>>>>>>>>>>>>>>>0 use dbase3-memo-print
+# second terminating character \0 like in pcidump.mod or fsadress.dbt umlaut-dbf-cmd.dbt
+>>>>>>>>>>>>>>&0 ubyte 0
+# look for old GRUB module pcidump.mod with specific content "pcidump\0Show raw dump of the PCI configuration space"
+>>>>>>>>>>>>>>>514 search/0x11E pcidump\0Show
+# dBASE III DBT with Ctr-Z + \0 terminating characters like fsadress.dbt
+>>>>>>>>>>>>>>>514 default x
+# unusual dBASE III DBT like fsadress.dbt umlaut-dbf-cmd.dbt
+>>>>>>>>>>>>>>>>0 use dbase3-memo-print
+# dBASE III DBT like angest.dbt, or garbage PCX DBF
+>>>>>>>>8 ubelong !0
+# skip PCX and some DBF by test for for reserved NULL bytes
+>>>>>>>>>510 ubeshort 0
+# skip bad symples with improbably high free block index above 2 GiB file limit
+>>>>>>>>>>0 ulelong <0x400000
+# skip AI070GEP.EPS by printable 1st character of 1st memo item
+>>>>>>>>>>>512 ubyte >037
+# skip some Microsoft Visual C, OMF library like: BZ2.LIB WATTCPWL.LIB ZLIB.LIB
+>>>>>>>>>>>>512 ubyte <0200
+# skip gluon-ffhat-1.0-tp-link-tl-wr1043n-nd-v2-sysupgrade.bin by printable 2nd character
+>>>>>>>>>>>>>513 ubyte >037
+# skip few (8/758) Microsoft Event Trace Logs (WBEngine.3.etl Wifi.etl) with valid 1st item like
+# "9600.20369.amd64fre.winblue_ltsb_escrow.220427-1727"
+# "9600.19846.amd64fre.winblue_ltsb_escrow.200923-1735"
+# "10586.494.amd64fre.th2_release_sec.160630-1736"
+# by looking for valid terminating character Ctrl-Z
+>>>>>>>>>>>>>>513 search/0x11E \032
+# followed by second character Ctrl-Z implies typical DBT
+>>>>>>>>>>>>>>>&0 ubyte 032
+# examples like: angest.dbt
+>>>>>>>>>>>>>>>>0 use dbase3-memo-print
+>>>>>>>>>>>>>>>&0 ubyte 0
+# no example found here with terminating sequence CTRL-Z + \0
+>>>>>>>>>>>>>>>>0 use dbase3-memo-print
+# dBASE IV DBT with positive block size
+>>>>>>>20 uleshort >0
+# dBASE IV DBT with valid block length like 512, 1024
+# multiple of 2 in between 16 and 16 K ,implies upper and lower bits are zero
+# skip also 3600h 3E00h size
+>>>>>>>>20 uleshort&0xE00f 0
+>>>>>>>>>0 use dbase4-memo-print
+
+# Print the information of dBase III DBT memo file
+0 name dbase3-memo-print
+>0 ubyte x dBase III DBT
+!:mime application/x-dbt
+!:ext dbt
+# instead 3 as version number 0 for unusual examples like biblio.dbt
+>16 ubyte !3 \b, version number %u
+# Number of next available block for appending data
+#>0 lelong =0 \b, next free block index %u
+>0 lelong !0 \b, next free block index %u
+# no positive block length
+#>20 uleshort =0 \b, block length %u
+>20 uleshort !0 \b, block length %u
+# dBase III memo field terminated often by \032\032
+# like: "WHAT IS XBASE" test.dbt "Borges, Malte" biblio.dbt "First memo\032\032" T2.DBT
+>512 string >\0 \b, 1st item "%s"
+# For DEBUGGING
+#>512 ubelong x \b, 1ST item %#8.8x
+#>513 search/0x225 \032 FOUND_TERMINATOR
+#>>&0 ubyte 032 2xCTRL_Z
+# fsadress.dbt has 1 Ctrl-Z terminator followed by nil byte
+#>>&0 ubyte 0 1xCTRL_Z
+
+# https://www.clicketyclick.dk/databases/xbase/format/dbt.html
+# Print the information of dBase IV DBT memo file
+0 name dbase4-memo-print
+>0 lelong x dBase IV DBT
+!:mime application/x-dbt
+!:ext dbt
+# 8 character shorted main name of corresponding dBASE IV DBF file
+>8 ubelong >0x20000000
+# skip unusual like for angest.dbt
+>>20 uleshort >0
+>>>8 string >\0 \b of %-.8s.DBF
+# value 0 implies 512 as size
+#>4 ulelong =0 \b, blocks size %u
+# size of blocks not reliable like 0x2020204C in angest.dbt
+>4 ulelong !0
+>>4 ulelong&0x0000003f 0 \b, blocks size %u
+# dBase IV DBT with positive block length (found 512 , 1024)
+>20 uleshort >0 \b, block length %u
+# next available block
+#>0 lelong =0 \b, next free block index %u
+>0 lelong !0 \b, next free block index %u
+>20 uleshort >0
+>>(20.s) ubelong x
+>>>&-4 use dbase4-memofield-print
+# unusual dBase IV DBT without block length (implies 512 as length)
+>20 uleshort =0
+>>512 ubelong x
+>>>&-4 use dbase4-memofield-print
+# Print the information of dBase IV memo field
+0 name dbase4-memofield-print
+# free dBase IV memo field
+>0 ubelong !0xFFFF0800
+>>0 lelong x \b, next free block %u
+>>4 lelong x \b, next used block %u
+# used dBase IV memo field
+>0 ubelong =0xFFFF0800
+# length of memo field
+>>4 lelong x \b, field length %d
+>>>8 string >\0 \b, 1st used item "%s"
+# http://www.dbfree.org/webdocs/1-documentation/0018-developers_stuff_(advanced)/os_related_stuff/xbase_file_format.htm
+# Print the information of FoxPro FPT memo file
+0 name foxpro-memo-print
+>0 belong x FoxPro FPT
+!:mime application/x-fpt
+!:ext fpt
+# Size of blocks for FoxPro ( 64,256 ); probably a multiple of two
+>6 ubeshort x \b, blocks size %u
+# next available block
+#>0 belong =0 \b, next free block index %u
+>0 belong !0 \b, next free block index %u
+# field type ( 0~picture, 1~memo, 2~object )
+>512 ubelong <3 \b, field type %u
+# length of memo field
+>512 ubelong 1
+>>516 belong >0 \b, field length %d
+>>>520 string >\0 \b, 1st item "%s"
+
+# Summary: DBASE Compound Index file *.CDX and FoxPro index *.IDX
+# From: Joerg Jenderek
+# URL: https://www.clicketyclick.dk/databases/xbase/format/cdx.html
+# https://www.clicketyclick.dk/databases/xbase/format/idx.html
+# https://www.clicketyclick.dk/databases/xbase/format/idx_comp.html
+# Reference: https://mark0.net/download/triddefs_xml.7z/defs/s/sybase-ianywhere-cdx.trid.xml
+# https://mark0.net/download/triddefs_xml.7z/defs/c/cdx-vfp7.trid.xml
+# like: kunde.cdx
+0 ulelong 0x1C00
+>0 use xbase-index
+# like: SYLLABI2.CDX SYLLABUS.CDX
+0 ulelong 0x0800
+>0 use xbase-index
+# often in xBase index pointer to root node 400h
+0 ulelong 0x0400
+# skip most Maple help database *.hdb with version tag handled by ./maple
+>1028 string !version
+# skip Maple help database hsum.hdb checking for valid reserved area
+>>492 quad =0
+# skip remaining Maple help database *.hdb by checking key length
+#>>>12 uleshort !0x000F KEY_LENGTHVALID
+>>>0 use xbase-index
+# display information about dBase/FoxPro index
+0 name xbase-index
+>0 ulelong x xBase
+!:mime application/x-dbase-index
+>14 ubyte &0x40 compound index
+# DCX for FoxPro database index like: TESTDATA.DCX
+!:ext cdx/dcx
+>14 ubyte ^0x40 index
+# only 1 example like: TEST.IDX
+!:ext idx
+# pointer to root node like: 1C00h 800h often 400h
+>0 ulelong !0x400 \b, root pointer %#x
+# Pointer to free node list: often 0 but -1 if not present
+>4 ulelong !0 \b, free node pointer %#x
+# MAYBE number of pages in file (Foxbase, FoxPro 1.x) or
+# http://www.foxpert.com/foxpro/knowlbits/files/knowlbits_200708_1.HTM
+# Whenever Visual FoxPro updates the index file it increments this reserved field
+# Reserved for internal use like: 02000000h 03000000h 460c0000h 780f0000h 89000000h 9fdc0100h often 0
+>8 ulelong !0 \b, reserved counter %#x
+# length of key like: mostly 000Ah 0028h (TEST.IDX)
+>12 uleshort !0x000A \b, key length %#x
+# index options like: 24h E0h E8h
+# 1~a unique index 8~index has FOR clause 32~compact index format 64~compound index header
+# 16~Bit vector (SoftC) 128~Structure index (FoxPro)
+>14 ubyte x \b, index options (%#x
+>14 ubyte &0x01 \b, unique
+>14 ubyte &0x08 \b, has FOR clause
+>14 ubyte &0x10 \b, bit vector (SoftC)
+>14 ubyte &0x20 \b, compact format
+#>14 ubyte &0x40 \b, compound header
+>14 ubyte &0x80 \b, structure
+>14 ubyte x \b)
+# WHAT EXACTLY IS THAT? index signature like: 0 (sybase-ianywhere-cdx.trid.xml) 1 (cdx-vfp7.trid.xml)
+>15 ubyte !0 \b, index signature %u
+# reserved area (0-bytes) til about 500, but not for uncompressed Index files *.idx
+>16 quad !0 \b, at 16 reserved %#llx
+>492 quad !0 \b, at 492 reserved %#llx
+# for IDX variant
+#>14 ubyte ^0x40 IDX
+# for CDX variant
+>14 ubyte &0x40
+# Ascending or descending: 0~ascending 1~descending
+>>502 uleshort x \b, sort order %u
+# Total expression length (FoxPro 2) like: 0 1
+>>504 uleshort !0 \b, expression length %u
+# FOR expression pool length like: 1
+>>506 uleshort !1 \b, FOR expression pool length %#x
+# reserved for internal use like: 0
+>>508 uleshort !0 \b, at 0x508 reserved %#x
+# Key expression pool length like: 1
+>>510 uleshort !1 \b, key expression pool length %#x
+# 512 - 1023 Key & FOR expression pool (uncompiled)
+>>512 quad !0 \b, key expression pool %#llx
+#>>520 quad !0 \b, key expression pool %#llx
+
+# Summary: dBASE IV Printer Form *.PRF
+# From: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/.dbf#Other_file_types_found_in_dBASE
+# Reference: https://mark0.net/download/triddefs_xml.7z/defs/p/prf-dbase.trid.xml
+0 ubeshort 0x0400
+# skip some Xbase Index files *.ndx and Infocom (Z-machine 4) *.z4 handled by ./adventure
+# by looking for valid printer driver name extension
+>0x58 search/8 .PR2
+>>0 use xbase-prf
+# display information of dbase print form like printer driver *.PR2
+0 name xbase-prf dBase Printer Form
+!:mime application/x-dbase-prf
+!:ext prf
+# MAYBE version? like: 4~DBASE IV
+#>0 ubyte x \b, version %u
+# MAYBE flag like: 1~with output file name 0~not
+#>2 ubyte !0 \b, flag %u
+# optional printer text output file name like E:\DBASE\IV\T6.txt
+>3 string >\0 \b, output file %s
+# probably padding with nils til 0x53
+#>0x48 uquad !0 \b, at 0x48 padding %#llx
+# dBASE IV printer driver name like: Generic.PR2 ASCII.PR2
+>0x56 string >\0 \b, using printer driver %s
+# 2 is probably last character of previous dBASE printer driver name
+#>0x60 ubyte !0x32 \b, at 0x60 %#x
+# probably padding with nils til 0xa8
+#>0x61 uquad !0 \b, at 0x61 padding %#llx
+# unknown 0x03020300 0x03020100 at 0xa8
+>0xa8 ubelong x \b, at 0xa8 unknown %#8.8x
+# probably padding with nils til 0x2aa
+#>0x2a0 uquad !0 \b, at 0x2a0 padding %#llx
+# unknown 0x100ff7f01000001 at 0x2AB
+>0x2ab ubequad !0x100ff7f01000001 \b, at 0x2ab unknown %#llx
+# unknown 0x0042 at 0x2b3
+>0x2b3 ubeshort !0x0042 \b, at 0x2b3 unknown %#4.4x
+# unknown last 4 bytes at 0x2b6 like: 0 0x23
+>0x2b6 ubelong !0 \b, at 0x2b6 unknown %#8.8x
+
+# TODO:
+# DBASE index file *.NDX
+# dBASE compiled Format *.FMO
+# FoxPro Database memo file *.DCT
+# FoxPro Forms Memo *.SCT
+# FoxPro Generated Menu Program *.MPR
+# FoxPro Report *.FRX
+# FoxPro Report Memo *.FRT
+# Foxpro Generated Screen Program *.SPR
+# Foxpro memo *.PJT
+## End of XBase database stuff
+
+# MS Access database
+4 string Standard\ Jet\ DB Microsoft Access Database
+!:mime application/x-msaccess
+4 string Standard\ ACE\ DB Microsoft Access Database
+!:mime application/x-msaccess
+
+# From: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/Extensible_Storage_Engine
+# Reference: https://github.com/libyal/libesedb/archive/master.zip
+# libesedb-master/documentation/
+# Extensible Storage Engine (ESE) Database File (EDB) format.asciidoc
+# Note: also known as "JET Blue". Used by numerous Windows components such as
+# Windows Search, Mail, Exchange and Active Directory.
+4 ubelong 0xefcdab89
+# unknown1
+>132 ubelong 0 Extensible storage engine
+!:mime application/x-ms-ese
+# file_type 0~database 1~stream
+>>12 ulelong 0 DataBase
+# Security DataBase (sdb)
+!:ext edb/sdb
+>>12 ulelong 1 STreaMing
+!:ext stm
+# format_version 620h
+>>8 uleshort x \b, version %#x
+>>10 uleshort >0 revision %#4.4x
+>>0 ubelong x \b, checksum %#8.8x
+# Page size 4096 8192 32768
+>>236 ulequad x \b, page size %lld
+# database_state
+>>52 ulelong 1 \b, JustCreated
+>>52 ulelong 2 \b, DirtyShutdown
+#>>52 ulelong 3 \b, CleanShutdown
+>>52 ulelong 4 \b, BeingConverted
+>>52 ulelong 5 \b, ForceDetach
+# Windows NT major version when the databases indexes were updated.
+>>216 ulelong x \b, Windows version %d
+# Windows NT minor version
+>>220 ulelong x \b.%d
+
+# From: Joerg Jenderek
+# URL: https://forensicswiki.org/wiki/Windows_Application_Compatibility
+# Note: files contain application compatibility fixes, application compatibility modes and application help messages.
+8 string sdbf
+>7 ubyte 0
+# TAG_TYPE_LIST+TAG_INDEXES
+>>12 uleshort 0x7802 Windows application compatibility Shim DataBase
+# version? 2 3
+#>>>0 ulelong x \b, version %d
+!:mime application/x-ms-sdb
+!:ext sdb
+
+# TDB database from Samba et al - Martin Pool <mbp@samba.org>
+0 string TDB\ file TDB database
+>32 lelong 0x2601196D version 6, little-endian
+>>36 lelong x hash size %d bytes
+
+# SE Linux policy database
+0 lelong 0xf97cff8c SE Linux policy
+>16 lelong x v%d
+>20 lelong 1 MLS
+>24 lelong x %d symbols
+>28 lelong x %d ocons
+
+# ICE authority file data (Wolfram Kleff)
+2 string ICE ICE authority data
+
+# X11 Xauthority file (Wolfram Kleff)
+10 string MIT-MAGIC-COOKIE-1 X11 Xauthority data
+11 string MIT-MAGIC-COOKIE-1 X11 Xauthority data
+12 string MIT-MAGIC-COOKIE-1 X11 Xauthority data
+13 string MIT-MAGIC-COOKIE-1 X11 Xauthority data
+14 string MIT-MAGIC-COOKIE-1 X11 Xauthority data
+15 string MIT-MAGIC-COOKIE-1 X11 Xauthority data
+16 string MIT-MAGIC-COOKIE-1 X11 Xauthority data
+17 string MIT-MAGIC-COOKIE-1 X11 Xauthority data
+18 string MIT-MAGIC-COOKIE-1 X11 Xauthority data
+
+# From: Maxime Henrion <mux@FreeBSD.org>
+# PostgreSQL's custom dump format, Maxime Henrion <mux@FreeBSD.org>
+0 string PGDMP PostgreSQL custom database dump
+>5 byte x - v%d
+>6 byte x \b.%d
+>5 beshort <0x101 \b-0
+>5 beshort >0x100
+>>7 byte x \b-%d
+
+# Type: Advanced Data Format (ADF) database
+# URL: https://www.grc.nasa.gov/WWW/cgns/adf/
+# From: Nicolas Chauvat <nicolas.chauvat@logilab.fr>
+0 string @(#)ADF\ Database CGNS Advanced Data Format
+
+# Tokyo Cabinet magic data
+# http://tokyocabinet.sourceforge.net/index.html
+0 string ToKyO\ CaBiNeT\n Tokyo Cabinet
+>14 string x \b (%s)
+>32 byte 0 \b, Hash
+!:mime application/x-tokyocabinet-hash
+>32 byte 1 \b, B+ tree
+!:mime application/x-tokyocabinet-btree
+>32 byte 2 \b, Fixed-length
+!:mime application/x-tokyocabinet-fixed
+>32 byte 3 \b, Table
+!:mime application/x-tokyocabinet-table
+>33 byte &1 \b, [open]
+>33 byte &2 \b, [fatal]
+>34 byte x \b, apow=%d
+>35 byte x \b, fpow=%d
+>36 byte &0x01 \b, [large]
+>36 byte &0x02 \b, [deflate]
+>36 byte &0x04 \b, [bzip]
+>36 byte &0x08 \b, [tcbs]
+>36 byte &0x10 \b, [excodec]
+>40 lequad x \b, bnum=%lld
+>48 lequad x \b, rnum=%lld
+>56 lequad x \b, fsiz=%lld
+
+# Type: QDBM Quick Database Manager
+# From: Benoit Sibaud <bsibaud@april.org>
+0 string \\[depot\\]\n\f Quick Database Manager, little endian
+0 string \\[DEPOT\\]\n\f Quick Database Manager, big endian
+
+# Type: TokyoCabinet database
+# URL: http://tokyocabinet.sourceforge.net/
+# From: Benoit Sibaud <bsibaud@april.org>
+0 string ToKyO\ CaBiNeT\n TokyoCabinet database
+>14 string x (version %s)
+
+# From: Stephane Blondon https://www.yaal.fr
+# Database file for Zope (done by FileStorage)
+0 string FS21 Zope Object Database File Storage v3 (data)
+0 string FS30 Zope Object Database File Storage v4 (data)
+
+# Cache file for the database of Zope (done by ClientStorage)
+0 string ZEC3 Zope Object Database Client Cache File (data)
+
+# IDA (Interactive Disassembler) database
+0 string IDA1 IDA (Interactive Disassembler) database
+
+# Hopper (reverse engineering tool) https://www.hopperapp.com/
+0 string hopperdb Hopper database
+
+# URL: https://en.wikipedia.org/wiki/Panorama_(database_engine)
+# Reference: http://www.provue.com/Panorama/
+# From: Joerg Jenderek
+# NOTE: test only versions 4 and 6.0 with Windows
+# length of Panorama database name
+5 ubyte >0
+# look after database name for "some" null bits
+>(5.B+7) ubelong&0xF3ffF000 0
+# look for first keyword
+>>&1 search/2 DESIGN Panorama database
+#!:mime application/x-panorama-database
+!:apple KASXZEPD
+!:ext pan
+# database name
+>>>5 pstring x \b, "%s"
+
+#
+#
+# askSam Database by Stefan A. Haubenthal <polluks@web.de>
+0 string askw40\0 askSam DB
+
+#
+#
+# MUIbase Database Tool by Stefan A. Haubenthal <polluks@web.de>
+0 string MBSTV\040 MUIbase DB
+>6 string x version %s
+
+#
+# CDB database
+0 string NBCDB\012 NetBSD Constant Database
+>7 byte x \b, version %d
+>8 string x \b, for '%s'
+>24 lelong x \b, datasize %d
+>28 lelong x \b, entries %d
+>32 lelong x \b, index %d
+>36 lelong x \b, seed %#x
+
+#
+# Redis RDB - https://redis.io/topics/persistence
+0 string REDIS Redis RDB file,
+>5 regex [0-9][0-9][0-9][0-9] version %s
+
+# Mork database.
+# Used by older versions of Mozilla Suite and Firefox,
+# and current versions of Thunderbird.
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+0 string //\ <!--\ <mdb:mork:z\ v=" Mozilla Mork database
+>23 string x \b, version %.3s
+
+# URL: https://en.wikipedia.org/wiki/Management_Information_Format
+# Reference: https://www.dmtf.org/sites/default/files/standards/documents/DSP0005.pdf
+# From: Joerg Jenderek
+# Note: only tested with monitor asset reports of Dell Display Manager
+# skip start like Language=fr|CA|iso8859-1
+0 search/27/C Start\040Component DMI Management Information Format
+#!:mime text/plain
+!:mime text/x-dmtf-mif
+!:ext mif
+
diff --git a/magic/Magdir/dataone b/magic/Magdir/dataone
new file mode 100644
index 0000000..566633e
--- /dev/null
+++ b/magic/Magdir/dataone
@@ -0,0 +1,47 @@
+
+#------------------------------------------------------------------------------
+# $File: dataone,v 1.3 2022/04/18 21:38:10 christos Exp $
+#
+# DataONE- files from Dave Vieglais <dave.vieglais@gmail.com> &
+# Pratik Shrivastava <pratikshrivastava23@gmail.com>
+#
+# file formats: https://cn.dataone.org/cn/v2/formats
+#------------------------------------------------------------------------------
+
+# EML (Ecological Metadata Language Format)
+0 string \<?xml\ version=
+>&0 regex/1024 eml-[0-9]\\.[0-9]\\.[0-9]+ eml://ecoinformatics.org/%s
+
+# onedcx (DataONE Dublin Core Extended v1.0)
+>&0 regex/1024 onedcx/v[0-9]\\.[0-9]+ https://ns.dataone.org/metadata/schema/onedcx/v1.0
+
+# FGDC-STD-001-1998 (Content Standard for Digital Geospatial Metadata,
+# version 001-1998)
+>&0 search/1024 fgdc FGDC-STD-001-1998
+
+# Mercury (Oak Ridge National Lab Mercury Metadata version 1.0)
+>&0 regex/1024 mercury/terms/v[0-9]\\.[0-9] https://purl.org/ornl/schema/mercury/terms/v1.0
+
+# ISOTC211 (Geographic MetaData (GMD) Extensible Markup Language)
+>&0 search/1024 isotc211
+>>&0 search/1024 eng;USA https://www.isotc211.org/2005/gmd
+
+# ISOTC211 (NOAA Variant Geographic MetaData (GMD) Extensible Markup Language)
+>>&0 regex/1024 gov\\.noaa\\.nodc:[0-9]+ https://www.isotc211.org/2005/gmd-noaa
+
+# ISOTC211 PANGAEA Variant Geographic MetaData (GMD) Extensible Markup Language
+>>&0 regex/1024 pangaea\\.dataset[0-9][0-9][0-9][0-9][0-9][0-9]+ https://www.isotc211.org/2005/gmd-pangaea
+!:mime text/xml
+
+
+# Object Reuse and Exchange Vocabulary
+0 string \<?xml\ version=
+>&0 search/1024 rdf
+>>&0 search/1024 openarchives https://www.openarchives.org/ore/terms
+!:mime application/rdf+xml
+
+
+# Dryad Metadata Application Profile Version 3.1
+0 string <DryadData
+>&0 regex/1024 dryad-bibo/v[0-9]\\.[0-9] https://datadryad.org/profile/v3.1
+!:mime text/xml
diff --git a/magic/Magdir/dbpf b/magic/Magdir/dbpf
new file mode 100644
index 0000000..df07ff8
--- /dev/null
+++ b/magic/Magdir/dbpf
@@ -0,0 +1,15 @@
+
+#------------------------------------------------------------------------------
+# $File: dbpf,v 1.3 2019/04/19 00:42:27 christos Exp $
+# dppf: Maxis Database Packed Files, the stored data file format used by all
+# Maxis games after the Sims: http://wiki.niotso.org/DBPF
+# https://www.wiki.sc4devotion.com/index.php?title=DBPF
+# 13 Oct 2017, Kip Warner <kip at thevertigo dot com>
+0 string DBPF Maxis Database Packed File
+>4 ulelong x \b, version: %u.
+>>8 ulelong x \b%u
+>>>36 ulelong x \b, files: %u
+>>24 ledate !0 \b, created: %s
+>>28 ledate !0 \b, modified: %s
+!:ext dbpf/package/dat/sc4
+!:mime application/x-maxis-dbpf
diff --git a/magic/Magdir/der b/magic/Magdir/der
new file mode 100644
index 0000000..3bc2e38
--- /dev/null
+++ b/magic/Magdir/der
@@ -0,0 +1,146 @@
+#------------------------------------------------------------------------------
+# $File: der,v 1.6 2023/01/11 23:59:49 christos Exp $
+# der: file(1) magic for DER encoded files
+#
+
+# Certificate information piece
+0 name certinfo
+>0 der seq
+>>&0 der set
+>>>&0 der seq
+>>>>&0 der obj_id3=550406
+>>>>&0 der prt_str=x \b, countryName=%s
+>>&0 der set
+>>>&0 der seq
+>>>>&0 der obj_id3=550408
+>>>>&0 der utf8_str=x \b, stateOrProvinceName=%s
+>>&0 der set
+>>>&0 der seq
+>>>>&0 der obj_id3=55040a
+>>>>&0 der utf8_str=x \b, organizationName=%s
+>>&0 der set
+>>>&0 der seq
+>>>>&0 der obj_id3=550403
+>>>>&0 der utf8_str=x \b, commonName=%s
+>>&0 der seq
+
+# Certificate requests
+0 der seq
+>&0 der seq
+>>&0 der int1=00 DER Encoded Certificate request
+>>&0 use certinfo
+
+# Key Pairs
+0 der seq
+>&0 der int1=00
+>&0 der int65=x
+>&0 der int3=010001 DER Encoded Key Pair, 512 bits
+
+0 der seq
+>&0 der int1=00
+>&0 der int129=x
+>&0 der int3=010001 DER Encoded Key Pair, 1024 bits
+
+0 der seq
+>&0 der int1=00
+>&0 der int257=x
+>&0 der int3=010001 DER Encoded Key Pair, 2048 bits
+
+0 der seq
+>&0 der int1=00
+>&0 der int513=x
+>&0 der int3=010001 DER Encoded Key Pair, 4096 bits
+
+0 der seq
+>&0 der int1=00
+>&0 der int1025=x
+>&0 der int3=010001 DER Encoded Key Pair, 8192 bits
+
+0 der seq
+>&0 der int1=00
+>&0 der int2049=x
+>&0 der int3=010001 DER Encoded Key Pair, 16k bits
+
+0 der seq
+>&0 der int1=00
+>&0 der int4097=x
+>&0 der int3=010001 DER Encoded Key Pair, 32k bits
+
+# Certificates
+0 der seq
+>&0 der seq
+>>&0 der int2=0dfa DER Encoded Certificate, 512 bits
+>>&0 der int2=0dfb DER Encoded Certificate, 1024 bits
+>>&0 der int2=0dfc DER Encoded Certificate, 2048 bits
+>>&0 der int2=0dfd DER Encoded Certificate, 4096 bits
+>>&0 der int2=0dfe DER Encoded Certificate, 8192 bits
+>>&0 der int2=0dff DER Encoded Certificate, 16k bits
+>>&0 der int2=0e04 DER Encoded Certificate, 32k bits
+>>&0 der int2=x DER Encoded Certificate, ? bits (%s)
+>>&0 der seq
+>>>&0 der obj_id9=2a864886f70d010105 \b, sha1WithRSAEncryption
+>>>&0 der obj_id9=x \b, ? Encryption (%s)
+>>>&0 der null
+>>&0 der seq
+>>>&0 der set
+>>>>&0 der seq
+>>>>>&0 der obj_id3=550406
+>>>>>&0 der prt_str=x \b, countryName=%s
+>>>&0 der set
+>>>>&0 der seq
+>>>>>&0 der obj_id3=550408
+>>>>>&0 der prt_str=x \b, stateOrProvinceName=%s
+>>>&0 der set
+>>>>&0 der seq
+>>>>>&0 der obj_id3=550407
+>>>>>&0 der prt_str=x \b, localityName=%s
+>>>&0 der set
+>>>>&0 der seq
+>>>>>&0 der obj_id3=55040a
+>>>>>&0 der prt_str=x \b, organizationName=%s
+>>>&0 der set
+>>>>&0 der seq
+>>>>>&0 der obj_id3=55040b
+>>>>>&0 der prt_str=x \b, organizationUnitName=%s
+>>>&0 der set
+>>>>&0 der seq
+>>>>>&0 der obj_id3=550403
+>>>>>&0 der prt_str=x \b, commonName=%s
+>>>&0 der set
+>>>>&0 der seq
+>>>>>&0 der obj_id9=2a864886f70d010901
+>>>>>&0 der ia5_str=x \b, emailAddress=%s
+#>>&0 der seq
+#>>>&0 der utc_time=x \b, utcTime=%s
+#>>>&0 der utc_time=x \b, utcTime=%s
+>>&0 use certinfo
+
+0 der seq
+>&0 der seq
+>>&0 der eoc
+>>>&0 der int1=02 Certificate, Version=3
+>>>&0 der int1=x Certificate, Version=%s
+>>&0 der int9=x \b, Serial=%s
+>>&0 der seq
+>>>&0 der obj_id9=2a864886f70d01010b
+>>>&0 der null
+>>&0 der seq
+>>>&0 der set
+>>>>&0 der seq
+>>>>>&0 der obj_id3=550403
+>>>>>&0 der utf8_str=x \b, Issuer=%s
+#>>&0 der seq
+#>>>&0 der utc_time=x \b, not-valid-before=%s
+#>>>&0 der utc_time=x \b, not-valid-after=%s
+>>&0 der seq
+>>>&0 der set
+>>>>&0 der seq
+>>>>>&0 der obj_id3=550403
+>>>>>&0 der utf8_str=x \b, Subject=%s
+
+# PKCS#7 Signed Data (e.g. JAR Signature Block File)
+# OID 1.2.840.113549.1.7.2 (2a864886f70d010702)
+# Reference: https://www.rfc-editor.org/rfc/rfc2315
+0 der seq
+>&0 der obj_id9=2a864886f70d010702 DER Encoded PKCS#7 Signed Data
+!:ext RSA/DSA/EC
diff --git a/magic/Magdir/diamond b/magic/Magdir/diamond
new file mode 100644
index 0000000..39d1ed6
--- /dev/null
+++ b/magic/Magdir/diamond
@@ -0,0 +1,12 @@
+
+#------------------------------------------------------------------------------
+# $File: diamond,v 1.7 2009/09/19 16:28:08 christos Exp $
+# diamond: file(1) magic for Diamond system
+#
+# ... diamond is a multi-media mail and electronic conferencing system....
+#
+# XXX - I think it was either renamed Slate, or replaced by Slate....
+#
+# The full deal is too long...
+#0 string <list>\n<protocol\ bbn-multimedia-format> Diamond Multimedia Document
+0 string =<list>\n<protocol\ bbn-m Diamond Multimedia Document
diff --git a/magic/Magdir/dif b/magic/Magdir/dif
new file mode 100644
index 0000000..9d7e5fd
--- /dev/null
+++ b/magic/Magdir/dif
@@ -0,0 +1,33 @@
+
+#------------------------------------------------------------------------------
+# $File: dif,v 1.1 2020/04/09 19:14:01 christos Exp $
+# dif: file(1) magic for DIF text files
+
+#------------------------------------------------------------------------------
+# From: Joerg Jenderek
+# URL: http://en.wikipedia.org/wiki/Data_Interchange_Format
+# http://fileformats.archiveteam.org/wiki/Data_Interchange_Format
+# Note: called by TrID "Data Interchange Format",
+# by DROID x-fmt/368 "VisiCalc Database"
+0 string TABLE
+# skip text starting with TABLE by looking for numeric version on 2nd line
+>6 search/2 0,
+# skip DROID x-fmt-41-signature-id-380.dif by looking for key word TUPLES at the beginning
+>>27 search/128 TUPLES Data Interchange Format
+# https://www.pcmatic.com/company/libraries/fileextension/detail.asp?ext=dif.html
+#!:mime application/x-dif-spreadsheet Gnumeric
+# https://github.com/LibreOffice/online/blob/master/discovery.xml
+#!:mime application/x-dif-document LibreOffice
+# https://www.wikidata.org/wiki/Wikidata:WikiProject_Informatics/File_formats/Lists/File_formats
+!:mime application/x-dif
+# https://extension.nirsoft.net/dif
+#!:mime application/vnd.ms-excel
+#!:mime text/plain
+!:ext dif
+# look for double quote 0x22 on 3rd line
+>>>10 search/3 "
+# skip if next character also double quote
+>>>>&0 ubyte !0x22 \b, generator or table name
+# comment like EXCEL, pwm enclosed in double quotes
+>>>>>&-2 string x %s
+
diff --git a/magic/Magdir/diff b/magic/Magdir/diff
new file mode 100644
index 0000000..a6124e3
--- /dev/null
+++ b/magic/Magdir/diff
@@ -0,0 +1,41 @@
+
+#------------------------------------------------------------------------------
+# $File: diff,v 1.17 2020/08/22 18:16:58 christos Exp $
+# diff: file(1) magic for diff(1) output
+#
+0 search/1 diff\040 diff output text
+!:mime text/x-diff
+0 search/1 ***\040
+>&0 search/1024 \n---\040 context diff output text
+!:mime text/x-diff
+0 search/1 Only\040in\040 diff output text
+!:mime text/x-diff
+0 search/1 Common\040subdirectories:\040 diff output text
+!:mime text/x-diff
+
+0 search/1 Index: RCS/CVS diff output text
+!:mime text/x-diff
+
+# bsdiff: file(1) magic for bsdiff(1) output
+0 string/b BSDIFF40 bsdiff(1) patch file
+
+
+# unified diff
+0 search/4096 ---\040
+>&0 search/1024 \n
+>>&0 search/1 +++\040
+>>>&0 search/1024 \n
+>>>>&0 search/1 @@ unified diff output text
+!:mime text/x-diff
+!:strength + 90
+
+# librsync -- the library for network deltas
+#
+# Copyright (C) 2001 by Martin Pool. You may do whatever you want with
+# this file.
+#
+0 belong 0x72730236 rdiff network-delta data
+
+0 belong 0x72730136 rdiff network-delta signature data
+>4 belong x (block length=%d,
+>8 belong x signature strength=%d)
diff --git a/magic/Magdir/digital b/magic/Magdir/digital
new file mode 100644
index 0000000..b2753b9
--- /dev/null
+++ b/magic/Magdir/digital
@@ -0,0 +1,59 @@
+
+#------------------------------------------------------------------------------
+# $File: digital,v 1.12 2021/07/03 14:01:46 christos Exp $
+# Digital UNIX - Info
+#
+0 string =!<arch>\n________64E Alpha archive
+>22 string X -- out of date
+#
+
+0 leshort 0603
+>24 leshort 0410 COFF format alpha pure
+>24 leshort 0413 COFF format alpha demand paged
+>>22 leshort&030000 !020000 executable
+>>22 leshort&020000 !0 dynamically linked
+>>16 lelong !0 not stripped
+>>16 lelong 0 stripped
+>>27 byte x - version %d
+>>26 byte x \b.%d
+>>28 byte x \b-%d
+>24 leshort 0407 COFF format alpha object
+>>22 leshort&030000 020000 shared library
+>>27 byte x - version %d
+>>26 byte x \b.%d
+>>28 byte x \b-%d
+
+# Basic recognition of Digital UNIX core dumps - Mike Bremford <mike@opac.bl.uk>
+#
+# The actual magic number is just "Core", followed by a 2-byte version
+# number; however, treating any file that begins with "Core" as a Digital
+# UNIX core dump file may produce too many false hits, so we include one
+# byte of the version number as well; DU 5.0 appears only to be up to
+# version 2.
+#
+0 string Core\001 Alpha COFF format core dump (Digital UNIX)
+>24 string >\0 \b, from '%s'
+0 string Core\002 Alpha COFF format core dump (Digital UNIX)
+>24 string >\0 \b, from '%s'
+#
+# The next is incomplete, we could tell more about this format,
+# but its not worth it.
+0 leshort 0x188 Alpha compressed COFF
+0 leshort 0x18f Alpha u-code object
+#
+#
+# Some other interesting Digital formats,
+0 string \377\377\177 ddis/ddif
+0 string \377\377\174 ddis/dots archive
+0 string \377\377\176 ddis/dtif table data
+0 string \033c\033 LN03 output
+0 long 04553207 X image
+#
+0 string =!<PDF>!\n profiling data file
+#
+# Locale data tables (MIPS and Alpha).
+#
+# GRR: line below is too general as it matches also TTComp archive, ASCII, 2K handled by ./archive
+0 short 0x0501 locale data table
+>6 short 0x24 for MIPS
+>6 short 0x40 for Alpha
diff --git a/magic/Magdir/dolby b/magic/Magdir/dolby
new file mode 100644
index 0000000..d73e7d3
--- /dev/null
+++ b/magic/Magdir/dolby
@@ -0,0 +1,69 @@
+
+#------------------------------------------------------------------------------
+# $File: dolby,v 1.9 2019/04/19 00:42:27 christos Exp $
+# ATSC A/53 aka AC-3 aka Dolby Digital <ashitaka@gmx.at>
+# from https://www.atsc.org/standards/a_52a.pdf
+# corrections, additions, etc. are always welcome!
+#
+# syncword
+0 beshort 0x0b77 ATSC A/52 aka AC-3 aka Dolby Digital stream,
+# Proposed audio/ac3 RFC/4184
+!:mime audio/vnd.dolby.dd-raw
+# fscod
+>4 byte&0xc0 = 0x00 48 kHz,
+>4 byte&0xc0 = 0x40 44.1 kHz,
+>4 byte&0xc0 = 0x80 32 kHz,
+# is this one used for 96 kHz?
+>4 byte&0xc0 = 0xc0 reserved frequency,
+#
+>5 byte&0x07 = 0x00 \b, complete main (CM)
+>5 byte&0x07 = 0x01 \b, music and effects (ME)
+>5 byte&0x07 = 0x02 \b, visually impaired (VI)
+>5 byte&0x07 = 0x03 \b, hearing impaired (HI)
+>5 byte&0x07 = 0x04 \b, dialogue (D)
+>5 byte&0x07 = 0x05 \b, commentary (C)
+>5 byte&0x07 = 0x06 \b, emergency (E)
+>5 beshort&0x07e0 0x0720 \b, voiceover (VO)
+>5 beshort&0x07e0 >0x0720 \b, karaoke
+# acmod
+>6 byte&0xe0 = 0x00 1+1 front,
+>>6 byte&0x10 = 0x10 LFE on,
+>6 byte&0xe0 = 0x20 1 front/0 rear,
+>>6 byte&0x10 = 0x10 LFE on,
+>6 byte&0xe0 = 0x40 2 front/0 rear,
+# dsurmod (for stereo only)
+>>6 byte&0x18 = 0x00 Dolby Surround not indicated
+>>6 byte&0x18 = 0x08 not Dolby Surround encoded
+>>6 byte&0x18 = 0x10 Dolby Surround encoded
+>>6 byte&0x18 = 0x18 reserved Dolby Surround mode
+>>6 byte&0x04 = 0x04 LFE on,
+>6 byte&0xe0 = 0x60 3 front/0 rear,
+>>6 byte&0x04 = 0x04 LFE on,
+>6 byte&0xe0 = 0x80 2 front/1 rear,
+>>6 byte&0x04 = 0x04 LFE on,
+>6 byte&0xe0 = 0xa0 3 front/1 rear,
+>>6 byte&0x01 = 0x01 LFE on,
+>6 byte&0xe0 = 0xc0 2 front/2 rear,
+>>6 byte&0x04 = 0x04 LFE on,
+>6 byte&0xe0 = 0xe0 3 front/2 rear,
+>>6 byte&0x01 = 0x01 LFE on,
+#
+>4 byte&0x3e = 0x00 \b, 32 kbit/s
+>4 byte&0x3e = 0x02 \b, 40 kbit/s
+>4 byte&0x3e = 0x04 \b, 48 kbit/s
+>4 byte&0x3e = 0x06 \b, 56 kbit/s
+>4 byte&0x3e = 0x08 \b, 64 kbit/s
+>4 byte&0x3e = 0x0a \b, 80 kbit/s
+>4 byte&0x3e = 0x0c \b, 96 kbit/s
+>4 byte&0x3e = 0x0e \b, 112 kbit/s
+>4 byte&0x3e = 0x10 \b, 128 kbit/s
+>4 byte&0x3e = 0x12 \b, 160 kbit/s
+>4 byte&0x3e = 0x14 \b, 192 kbit/s
+>4 byte&0x3e = 0x16 \b, 224 kbit/s
+>4 byte&0x3e = 0x18 \b, 256 kbit/s
+>4 byte&0x3e = 0x1a \b, 320 kbit/s
+>4 byte&0x3e = 0x1c \b, 384 kbit/s
+>4 byte&0x3e = 0x1e \b, 448 kbit/s
+>4 byte&0x3e = 0x20 \b, 512 kbit/s
+>4 byte&0x3e = 0x22 \b, 576 kbit/s
+>4 byte&0x3e = 0x24 \b, 640 kbit/s
diff --git a/magic/Magdir/dump b/magic/Magdir/dump
new file mode 100644
index 0000000..cc5644d
--- /dev/null
+++ b/magic/Magdir/dump
@@ -0,0 +1,96 @@
+
+#------------------------------------------------------------------------------
+# $File: dump,v 1.17 2018/06/26 01:07:17 christos Exp $
+# dump: file(1) magic for dump file format--for new and old dump filesystems
+#
+# We specify both byte orders in order to recognize byte-swapped dumps.
+#
+0 name new-dump-be
+>4 bedate x This dump %s,
+>8 bedate x Previous dump %s,
+>12 belong >0 Volume %d,
+>692 belong 0 Level zero, type:
+>692 belong >0 Level %d, type:
+>0 belong 1 tape header,
+>0 belong 2 beginning of file record,
+>0 belong 3 map of inodes on tape,
+>0 belong 4 continuation of file record,
+>0 belong 5 end of volume,
+>0 belong 6 map of inodes deleted,
+>0 belong 7 end of medium (for floppy),
+>676 string >\0 Label %s,
+>696 string >\0 Filesystem %s,
+>760 string >\0 Device %s,
+>824 string >\0 Host %s,
+>888 belong >0 Flags %x
+
+0 name old-dump-be
+#>4 bedate x This dump %s,
+#>8 bedate x Previous dump %s,
+>12 belong >0 Volume %d,
+>692 belong 0 Level zero, type:
+>692 belong >0 Level %d, type:
+>0 belong 1 tape header,
+>0 belong 2 beginning of file record,
+>0 belong 3 map of inodes on tape,
+>0 belong 4 continuation of file record,
+>0 belong 5 end of volume,
+>0 belong 6 map of inodes deleted,
+>0 belong 7 end of medium (for floppy),
+>676 string >\0 Label %s,
+>696 string >\0 Filesystem %s,
+>760 string >\0 Device %s,
+>824 string >\0 Host %s,
+>888 belong >0 Flags %x
+
+0 name ufs2-dump-be
+>896 beqdate x This dump %s,
+>904 beqdate x Previous dump %s,
+>12 belong >0 Volume %d,
+>692 belong 0 Level zero, type:
+>692 belong >0 Level %d, type:
+>0 belong 1 tape header,
+>0 belong 2 beginning of file record,
+>0 belong 3 map of inodes on tape,
+>0 belong 4 continuation of file record,
+>0 belong 5 end of volume,
+>0 belong 6 map of inodes deleted,
+>0 belong 7 end of medium (for floppy),
+>676 string >\0 Label %s,
+>696 string >\0 Filesystem %s,
+>760 string >\0 Device %s,
+>824 string >\0 Host %s,
+>888 belong >0 Flags %x
+
+24 belong 60012 new-fs dump file (big endian),
+>0 use new-dump-be
+
+24 belong 60011 old-fs dump file (big endian),
+>0 use old-dump-be
+
+24 lelong 60012 new-fs dump file (little endian),
+# to correctly recognize '*.mo' GNU message catalog (little endian)
+!:strength - 15
+>0 use \^new-dump-be
+
+24 lelong 60011 old-fs dump file (little endian),
+>0 use \^old-dump-be
+
+
+24 belong 0x19540119 new-fs dump file (ufs2, big endian),
+>0 use ufs2-dump-be
+
+24 lelong 0x19540119 new-fs dump file (ufs2, little endian),
+>0 use \^ufs2-dump-be
+
+18 leshort 60011 old-fs dump file (16-bit, assuming PDP-11 endianness),
+>2 medate x Previous dump %s,
+>6 medate x This dump %s,
+>10 leshort >0 Volume %d,
+>0 leshort 1 tape header.
+>0 leshort 2 beginning of file record.
+>0 leshort 3 map of inodes on tape.
+>0 leshort 4 continuation of file record.
+>0 leshort 5 end of volume.
+>0 leshort 6 map of inodes deleted.
+>0 leshort 7 end of medium (for floppy).
diff --git a/magic/Magdir/dwarfs b/magic/Magdir/dwarfs
new file mode 100644
index 0000000..3700a33
--- /dev/null
+++ b/magic/Magdir/dwarfs
@@ -0,0 +1,45 @@
+
+#------------------------------------------------------------------------------
+# $File: dwarfs,v 1.2 2023/05/23 13:37:32 christos Exp $
+# dwarfs: file(1) magic for DwarFS File System Image files
+# URL: https://github.com/mhx/dwarfs for details about DwarFS
+# From: Marcus Holland-Moritz <github@mhxnet.de>
+
+#### DwarFS Version Macro
+0 name dwarfsversion
+>&0 byte x \b, version %d
+>&1 byte x \b.%d
+
+#### DwarFS Compression Macro
+0 name dwarfscompression
+>&0 leshort =0 \b, uncompressed
+>&0 leshort =1 \b, LZMA compression
+>&0 leshort =2 \b, ZSTD compression
+>&0 leshort =3 \b, LZ4 compression
+>&0 leshort =4 \b, LZ4HC compression
+>&0 leshort =5 \b, BROTLI compression
+
+#### DwarFS files without header
+## We first check against a DWARFS magic at the start of the file, then
+## validate by checking the block count / section type to be all zeros
+## for the first block. Finally, we check that the *next* block also
+## has the correct DWARFS magic.
+0 string DWARFS
+>&0x2A string/b \0\0\0\0\0\0
+>>&(&0x02.q+0x0A) string DWARFS DwarFS File System Image
+>>>&0 use dwarfsversion
+>>&0 use dwarfscompression
+
+#### DwarFS files with header
+## We search for a DWARFS magic in the first 64k of the file (images with
+## headers longer than 64k won't be recognized), then validate by checking
+## the block count / section type to be all zeros for the first block.
+## Finally, we check that the *next* block also has the correct DWARFS magic.
+## If we find a DWARFS magic that doesn't pass validation, we continue with
+## an indirect match recursively.
+1 search/65536/b DWARFS
+>&0x2A string/b \0\0\0\0\0\0
+>>&(&0x02.q+0x0A) string DWARFS DwarFS File System Image (with header)
+>>>&0 use dwarfsversion
+>>&0 use dwarfscompression
+>&-1 indirect x
diff --git a/magic/Magdir/dyadic b/magic/Magdir/dyadic
new file mode 100644
index 0000000..c57f81b
--- /dev/null
+++ b/magic/Magdir/dyadic
@@ -0,0 +1,61 @@
+
+#------------------------------------------------------------------------------
+# $File: dyadic,v 1.9 2019/04/19 00:42:27 christos Exp $
+# Dyadic: file(1) magic for Dyalog APL.
+#
+# updated by Joerg Jenderek at Oct 2013
+# https://en.wikipedia.org/wiki/Dyalog_APL
+# https://www.dyalog.com/
+# .DXV Dyalog APL External Variable
+# .DIN Dyalog APL Input Table
+# .DOT Dyalog APL Output Table
+# .DFT Dyalog APL Format File
+0 ubeshort&0xFF60 0xaa00
+# skip biblio.dbt
+>1 byte !4
+# real Dyalog APL have non zero version numbers like 7.3 or 13.4
+>>2 ubeshort >0x0000 Dyalog APL
+>>>1 byte 0x00 aplcore
+#>>>1 byte 0x00 incomplete workspace
+# *.DCF Dyalog APL Component File
+>>>1 byte 0x01 component file 32-bit non-journaled non-checksummed
+#>>>1 byte 0x01 component file
+>>>1 byte 0x02 external variable exclusive
+#>>>1 byte 0x02 external variable
+# *.DWS Dyalog APL Workspace
+>>>1 byte 0x03 workspace
+>>>>7 byte&0x28 0x00 32-bit
+>>>>7 byte&0x28 0x20 64-bit
+>>>>7 byte&0x0c 0x00 classic
+>>>>7 byte&0x0c 0x04 unicode
+>>>>7 byte&0x88 0x00 big-endian
+>>>>7 byte&0x88 0x80 little-endian
+>>>1 byte 0x06 external variable shared
+# *.DSE Dyalog APL Session , *.DLF Dyalog APL Session Log File
+>>>1 byte 0x07 session
+>>>1 byte 0x08 mapped file 32-bit
+>>>1 byte 0x09 component file 64-bit non-journaled non-checksummed
+>>>1 byte 0x0a mapped file 64-bit
+>>>1 byte 0x0b component file 32-bit level 1 journaled non-checksummed
+>>>1 byte 0x0c component file 64-bit level 1 journaled non-checksummed
+>>>1 byte 0x0d component file 32-bit level 1 journaled checksummed
+>>>1 byte 0x0e component file 64-bit level 1 journaled checksummed
+>>>1 byte 0x0f component file 32-bit level 2 journaled checksummed
+>>>1 byte 0x10 component file 64-bit level 2 journaled checksummed
+>>>1 byte 0x11 component file 32-bit level 3 journaled checksummed
+>>>1 byte 0x12 component file 64-bit level 3 journaled checksummed
+>>>1 byte 0x13 component file 32-bit non-journaled checksummed
+>>>1 byte 0x14 component file 64-bit non-journaled checksummed
+>>>1 byte 0x15 component file under construction
+>>>1 byte 0x16 DFS component file 64-bit level 1 journaled checksummed
+>>>1 byte 0x17 DFS component file 64-bit level 2 journaled checksummed
+>>>1 byte 0x18 DFS component file 64-bit level 3 journaled checksummed
+>>>1 byte 0x19 external workspace
+>>>1 byte 0x80 DDB
+>>>2 byte x version %d
+>>>3 byte x \b.%d
+#>>>2 byte x type %d
+#>>>3 byte x subtype %d
+
+# *.DXF Dyalog APL Transfer File
+0 short 0x6060 Dyalog APL transfer
diff --git a/magic/Magdir/ebml b/magic/Magdir/ebml
new file mode 100644
index 0000000..d37b5c0
--- /dev/null
+++ b/magic/Magdir/ebml
@@ -0,0 +1,8 @@
+
+#------------------------------------------------------------------------------
+# $File: ebml,v 1.2 2019/04/19 00:42:27 christos Exp $
+# ebml: file(1) magic for various Extensible Binary Meta Language
+# https://www.matroska.org/technical/specs/index.html#track
+0 belong 0x1a45dfa3 EBML file
+>4 search/b/100 \102\202
+>>&1 string x \b, creator %.8s
diff --git a/magic/Magdir/edid b/magic/Magdir/edid
new file mode 100644
index 0000000..a17b6c4
--- /dev/null
+++ b/magic/Magdir/edid
@@ -0,0 +1,11 @@
+
+#------------------------------------------------------------------------------
+# $File: edid,v 1.1 2019/03/28 12:36:01 christos Exp $
+# edid: file(1) magic for EDID dump files
+
+0 quad 0x00ffffffffffff00 Extended display identification data dump
+!:mime application/x-edid-dump
+>18 byte 0x01 Version 1
+>>19 byte <0x04 \b.%d
+>18 byte 0x02 Version 2
+>>19 byte 0x00 \b.0
diff --git a/magic/Magdir/editors b/magic/Magdir/editors
new file mode 100644
index 0000000..48eaa11
--- /dev/null
+++ b/magic/Magdir/editors
@@ -0,0 +1,43 @@
+
+#------------------------------------------------------------------------------
+# $File: editors,v 1.12 2020/10/11 20:28:07 christos Exp $
+# T602 editor documents
+# by David Necas <yeti@physics.muni.cz>
+0 string @CT\ T602 document data,
+>4 string 0 Kamenicky
+>4 string 1 CP 852
+>4 string 2 KOI8-CS
+>4 string >2 unknown encoding
+
+# Vi IMproved Encrypted file
+# by David Necas <yeti@physics.muni.cz>
+# updated by Osman Surkatty
+0 string VimCrypt~ Vim encrypted file data
+>9 string 01! with zip cryptmethod
+>9 string 02! with blowfish cryptmethod
+>9 string 03! with blowfish2 cryptmethod
+
+0 name vimnanoswap
+>67 byte 0
+>>107 byte 0
+#>>>2 string x %s swap file
+>>>24 ulelong x \b, pid %d
+>>>28 string >\0 \b, user %s
+>>>68 string >\0 \b, host %s
+>>>108 string >\0 \b, file %s
+>>>1007 byte 0x55 \b, modified
+
+# Vi IMproved Swap file
+# by Sven Wegener <swegener@gentoo.org>
+0 string b0VIM\ Vim swap file
+>&0 string >\0 \b, version %s
+>0 use vimnanoswap
+
+
+# Lock/swap file for several editors, at least
+# Vi IMproved and nano
+0 string b0nano Nano swap file
+>0 use vimnanoswap
+
+# kate (K Advanced Text Editor)
+0 string \x00\x00\x00\x12Kate\ Swap\ File\ 2.0\x00 Kate swap file
diff --git a/magic/Magdir/efi b/magic/Magdir/efi
new file mode 100644
index 0000000..7760100
--- /dev/null
+++ b/magic/Magdir/efi
@@ -0,0 +1,15 @@
+
+#------------------------------------------------------------------------------
+# $File: efi,v 1.5 2014/04/30 21:41:02 christos Exp $
+# efi: file(1) magic for Universal EFI binaries
+
+0 lelong 0x0ef1fab9
+>4 lelong 1 Universal EFI binary with 1 architecture
+>>&0 lelong 7 \b, i386
+>>&0 lelong 0x01000007 \b, x86_64
+>4 lelong 2 Universal EFI binary with 2 architectures
+>>&0 lelong 7 \b, i386
+>>&0 lelong 0x01000007 \b, x86_64
+>>&20 lelong 7 \b, i386
+>>&20 lelong 0x01000007 \b, x86_64
+>4 lelong >2 Universal EFI binary with %d architectures
diff --git a/magic/Magdir/elf b/magic/Magdir/elf
new file mode 100644
index 0000000..d3ec026
--- /dev/null
+++ b/magic/Magdir/elf
@@ -0,0 +1,379 @@
+
+#------------------------------------------------------------------------------
+# $File: elf,v 1.88 2023/01/08 17:09:18 christos Exp $
+# elf: file(1) magic for ELF executables
+#
+# We have to check the byte order flag to see what byte order all the
+# other stuff in the header is in.
+#
+# What're the correct byte orders for the nCUBE and the Fujitsu VPP500?
+#
+# https://www.sco.com/developers/gabi/latest/ch4.eheader.html
+#
+# Created by: unknown
+# Modified by (1): Daniel Quinlan <quinlan@yggdrasil.com>
+# Modified by (2): Peter Tobias <tobias@server.et-inf.fho-emden.de> (core support)
+# Modified by (3): Christian 'Dr. Disk' Hechelmann <drdisk@ds9.au.s.shuttle.de> (fix of core support)
+# Modified by (4): <gerardo.cacciari@gmail.com> (VMS Itanium)
+# Modified by (5): Matthias Urlichs <smurf@debian.org> (Listing of many architectures)
+
+0 name elf-mips
+>0 lelong&0xf0000000 0x00000000 MIPS-I
+>0 lelong&0xf0000000 0x10000000 MIPS-II
+>0 lelong&0xf0000000 0x20000000 MIPS-III
+>0 lelong&0xf0000000 0x30000000 MIPS-IV
+>0 lelong&0xf0000000 0x40000000 MIPS-V
+>0 lelong&0xf0000000 0x50000000 MIPS32
+>0 lelong&0xf0000000 0x60000000 MIPS64
+>0 lelong&0xf0000000 0x70000000 MIPS32 rel2
+>0 lelong&0xf0000000 0x80000000 MIPS64 rel2
+>0 lelong&0xf0000000 0x90000000 MIPS32 rel6
+>0 lelong&0xf0000000 0xa0000000 MIPS64 rel6
+
+0 name elf-sparc
+>0 lelong&0x00ffff00 0x00000100 V8+ Required,
+>0 lelong&0x00ffff00 0x00000200 Sun UltraSPARC1 Extensions Required,
+>0 lelong&0x00ffff00 0x00000400 HaL R1 Extensions Required,
+>0 lelong&0x00ffff00 0x00000800 Sun UltraSPARC3 Extensions Required,
+>0 lelong&0x3 0 total store ordering,
+>0 lelong&0x3 1 partial store ordering,
+>0 lelong&0x3 2 relaxed memory ordering,
+
+0 name elf-pa-risc
+>2 leshort 0x020b 1.0
+>2 leshort 0x0210 1.1
+>2 leshort 0x0214 2.0
+>0 leshort &0x0008 (LP64)
+
+0 name elf-riscv
+>0 lelong&0x00000001 0x00000001 RVC,
+>0 lelong&0x00000008 0x00000008 RVE,
+>0 lelong&0x00000006 0x00000000 soft-float ABI,
+>0 lelong&0x00000006 0x00000002 single-float ABI,
+>0 lelong&0x00000006 0x00000004 double-float ABI,
+>0 lelong&0x00000006 0x00000006 quad-float ABI,
+
+0 name elf-le
+>16 leshort 0 no file type,
+!:mime application/octet-stream
+>16 leshort 1 relocatable,
+!:mime application/x-object
+>16 leshort 2 executable,
+!:mime application/x-executable
+>16 leshort 3 ${x?pie executable:shared object},
+
+!:mime application/x-${x?pie-executable:sharedlib}
+>16 leshort 4 core file,
+!:mime application/x-coredump
+# OS-specific
+>7 byte 202
+>>16 leshort 0xFE01 executable,
+!:mime application/x-executable
+# Core file detection is not reliable.
+#>>>(0x38+0xcc) string >\0 of '%s'
+#>>>(0x38+0x10) lelong >0 (signal %d),
+>16 leshort &0xff00
+>>18 leshort !8 processor-specific,
+>>18 leshort 8
+>>>16 leshort 0xFF80 PlayStation 2 IOP module,
+!:mime application/x-sharedlib
+>>>16 leshort !0xFF80 processor-specific,
+>18 clear x
+>18 leshort 0 no machine,
+>18 leshort 1 AT&T WE32100,
+>18 leshort 2 SPARC,
+>18 leshort 3 Intel 80386,
+>18 leshort 4 Motorola m68k,
+>>4 byte 1
+>>>36 lelong &0x01000000 68000,
+>>>36 lelong &0x00810000 CPU32,
+>>>36 lelong 0 68020,
+>18 leshort 5 Motorola m88k,
+>18 leshort 6 Intel 80486,
+>18 leshort 7 Intel 80860,
+# The official e_machine number for MIPS is now #8, regardless of endianness.
+# The second number (#10) will be deprecated later. For now, we still
+# say something if #10 is encountered, but only gory details for #8.
+>18 leshort 8 MIPS,
+>>4 byte 1
+>>>36 lelong &0x20 N32
+>18 leshort 10 MIPS,
+>>4 byte 1
+>>>36 lelong &0x20 N32
+>18 leshort 8
+# only for 32-bit
+>>4 byte 1
+>>>36 use elf-mips
+# only for 64-bit
+>>4 byte 2
+>>>48 use elf-mips
+>18 leshort 9 Amdahl,
+>18 leshort 10 MIPS (deprecated),
+>18 leshort 11 RS6000,
+>18 leshort 15 PA-RISC,
+# only for 32-bit
+>>4 byte 1
+>>>36 use elf-pa-risc
+# only for 64-bit
+>>4 byte 2
+>>>48 use elf-pa-risc
+>18 leshort 16 nCUBE,
+>18 leshort 17 Fujitsu VPP500,
+>18 leshort 18 SPARC32PLUS,
+# only for 32-bit
+>>4 byte 1
+>>>36 use elf-sparc
+>18 leshort 19 Intel 80960,
+>18 leshort 20 PowerPC or cisco 4500,
+>18 leshort 21 64-bit PowerPC or cisco 7500,
+>>48 lelong 0 Unspecified or Power ELF V1 ABI,
+>>48 lelong 1 Power ELF V1 ABI,
+>>48 lelong 2 OpenPOWER ELF V2 ABI,
+>18 leshort 22 IBM S/390,
+>18 leshort 23 Cell SPU,
+>18 leshort 24 cisco SVIP,
+>18 leshort 25 cisco 7200,
+>18 leshort 36 NEC V800 or cisco 12000,
+>18 leshort 37 Fujitsu FR20,
+>18 leshort 38 TRW RH-32,
+>18 leshort 39 Motorola RCE,
+>18 leshort 40 ARM,
+>>4 byte 1
+>>>36 lelong&0xff000000 0x04000000 EABI4
+>>>36 lelong&0xff000000 0x05000000 EABI5
+>>>36 lelong &0x00800000 BE8
+>>>36 lelong &0x00400000 LE8
+>18 leshort 41 Alpha,
+>18 leshort 42 Renesas SH,
+>18 leshort 43 SPARC V9,
+>>4 byte 2
+>>>48 use elf-sparc
+>18 leshort 44 Siemens Tricore Embedded Processor,
+>18 leshort 45 Argonaut RISC Core, Argonaut Technologies Inc.,
+>18 leshort 46 Renesas H8/300,
+>18 leshort 47 Renesas H8/300H,
+>18 leshort 48 Renesas H8S,
+>18 leshort 49 Renesas H8/500,
+>18 leshort 50 IA-64,
+>18 leshort 51 Stanford MIPS-X,
+>18 leshort 52 Motorola Coldfire,
+>18 leshort 53 Motorola M68HC12,
+>18 leshort 54 Fujitsu MMA,
+>18 leshort 55 Siemens PCP,
+>18 leshort 56 Sony nCPU,
+>18 leshort 57 Denso NDR1,
+>18 leshort 58 Start*Core,
+>18 leshort 59 Toyota ME16,
+>18 leshort 60 ST100,
+>18 leshort 61 Tinyj emb.,
+>18 leshort 62 x86-64,
+>18 leshort 63 Sony DSP,
+>18 leshort 64 DEC PDP-10,
+>18 leshort 65 DEC PDP-11,
+>18 leshort 66 FX66,
+>18 leshort 67 ST9+ 8/16 bit,
+>18 leshort 68 ST7 8 bit,
+>18 leshort 69 MC68HC16,
+>18 leshort 70 MC68HC11,
+>18 leshort 71 MC68HC08,
+>18 leshort 72 MC68HC05,
+>18 leshort 73 SGI SVx or Cray NV1,
+>18 leshort 74 ST19 8 bit,
+>18 leshort 75 Digital VAX,
+>18 leshort 76 Axis cris,
+>18 leshort 77 Infineon 32-bit embedded,
+>18 leshort 78 Element 14 64-bit DSP,
+>18 leshort 79 LSI Logic 16-bit DSP,
+>18 leshort 80 MMIX,
+>18 leshort 81 Harvard machine-independent,
+>18 leshort 82 SiTera Prism,
+>18 leshort 83 Atmel AVR 8-bit,
+>18 leshort 84 Fujitsu FR30,
+>18 leshort 85 Mitsubishi D10V,
+>18 leshort 86 Mitsubishi D30V,
+>18 leshort 87 NEC v850,
+>18 leshort 88 Renesas M32R,
+>18 leshort 89 Matsushita MN10300,
+>18 leshort 90 Matsushita MN10200,
+>18 leshort 91 picoJava,
+>18 leshort 92 OpenRISC,
+>18 leshort 93 Synopsys ARCompact ARC700 cores,
+>18 leshort 94 Tensilica Xtensa,
+>18 leshort 95 Alphamosaic VideoCore,
+>18 leshort 96 Thompson Multimedia,
+>18 leshort 97 NatSemi 32k,
+>18 leshort 98 Tenor Network TPC,
+>18 leshort 99 Trebia SNP 1000,
+>18 leshort 100 STMicroelectronics ST200,
+>18 leshort 101 Ubicom IP2022,
+>18 leshort 102 MAX Processor,
+>18 leshort 103 NatSemi CompactRISC,
+>18 leshort 104 Fujitsu F2MC16,
+>18 leshort 105 TI msp430,
+>18 leshort 106 Analog Devices Blackfin,
+>18 leshort 107 S1C33 Family of Seiko Epson,
+>18 leshort 108 Sharp embedded,
+>18 leshort 109 Arca RISC,
+>18 leshort 110 PKU-Unity Ltd.,
+>18 leshort 111 eXcess: 16/32/64-bit,
+>18 leshort 112 Icera Deep Execution Processor,
+>18 leshort 113 Altera Nios II,
+>18 leshort 114 NatSemi CRX,
+>18 leshort 115 Motorola XGATE,
+>18 leshort 116 Infineon C16x/XC16x,
+>18 leshort 117 Renesas M16C series,
+>18 leshort 118 Microchip dsPIC30F,
+>18 leshort 119 Freescale RISC core,
+>18 leshort 120 Renesas M32C series,
+>18 leshort 131 Altium TSK3000 core,
+>18 leshort 132 Freescale RS08,
+>18 leshort 134 Cyan Technology eCOG2,
+>18 leshort 135 Sunplus S+core7 RISC,
+>18 leshort 136 New Japan Radio (NJR) 24-bit DSP,
+>18 leshort 137 Broadcom VideoCore III,
+>18 leshort 138 LatticeMico32,
+>18 leshort 139 Seiko Epson C17 family,
+>18 leshort 140 TI TMS320C6000 DSP family,
+>18 leshort 141 TI TMS320C2000 DSP family,
+>18 leshort 142 TI TMS320C55x DSP family,
+>18 leshort 144 TI Programmable Realtime Unit
+>18 leshort 160 STMicroelectronics 64bit VLIW DSP,
+>18 leshort 161 Cypress M8C,
+>18 leshort 162 Renesas R32C series,
+>18 leshort 163 NXP TriMedia family,
+>18 leshort 164 QUALCOMM DSP6,
+>18 leshort 165 Intel 8051 and variants,
+>18 leshort 166 STMicroelectronics STxP7x family,
+>18 leshort 167 Andes embedded RISC,
+>18 leshort 168 Cyan eCOG1X family,
+>18 leshort 169 Dallas MAXQ30,
+>18 leshort 170 New Japan Radio (NJR) 16-bit DSP,
+>18 leshort 171 M2000 Reconfigurable RISC,
+>18 leshort 172 Cray NV2 vector architecture,
+>18 leshort 173 Renesas RX family,
+>18 leshort 174 META,
+>18 leshort 175 MCST Elbrus,
+>18 leshort 176 Cyan Technology eCOG16 family,
+>18 leshort 177 NatSemi CompactRISC,
+>18 leshort 178 Freescale Extended Time Processing Unit,
+>18 leshort 179 Infineon SLE9X,
+>18 leshort 180 Intel L1OM,
+>18 leshort 181 Intel K1OM,
+>18 leshort 183 ARM aarch64,
+>18 leshort 185 Atmel 32-bit family,
+>18 leshort 186 STMicroeletronics STM8 8-bit,
+>18 leshort 187 Tilera TILE64,
+>18 leshort 188 Tilera TILEPro,
+>18 leshort 189 Xilinx MicroBlaze 32-bit RISC,
+>18 leshort 190 NVIDIA CUDA architecture,
+>18 leshort 191 Tilera TILE-Gx,
+>18 leshort 195 Synopsys ARCv2/HS3x/HS4x cores,
+>18 leshort 197 Renesas RL78 family,
+>18 leshort 199 Renesas 78K0R,
+>18 leshort 200 Freescale 56800EX,
+>18 leshort 201 Beyond BA1,
+>18 leshort 202 Beyond BA2,
+>18 leshort 203 XMOS xCORE,
+>18 leshort 204 Microchip 8-bit PIC(r),
+>18 leshort 210 KM211 KM32,
+>18 leshort 211 KM211 KMX32,
+>18 leshort 212 KM211 KMX16,
+>18 leshort 213 KM211 KMX8,
+>18 leshort 214 KM211 KVARC,
+>18 leshort 215 Paneve CDP,
+>18 leshort 216 Cognitive Smart Memory,
+>18 leshort 217 iCelero CoolEngine,
+>18 leshort 218 Nanoradio Optimized RISC,
+>18 leshort 219 CSR Kalimba architecture family
+>18 leshort 220 Zilog Z80
+>18 leshort 221 Controls and Data Services VISIUMcore processor
+>18 leshort 222 FTDI Chip FT32 high performance 32-bit RISC architecture
+>18 leshort 223 Moxie processor family
+>18 leshort 224 AMD GPU architecture
+>18 leshort 243 UCB RISC-V,
+# only for 32-bit
+>>4 byte 1
+>>>36 use elf-riscv
+# only for 64-bit
+>>4 byte 2
+>>>48 use elf-riscv
+>18 leshort 244 Lanai 32-bit processor,
+>18 leshort 245 CEVA Processor Architecture Family,
+>18 leshort 246 CEVA X2 Processor Family,
+>18 leshort 247 eBPF,
+>18 leshort 248 Graphcore Intelligent Processing Unit,
+>18 leshort 249 Imagination Technologies,
+>18 leshort 250 Netronome Flow Processor,
+>18 leshort 251 NEC Vector Engine,
+>18 leshort 252 C-SKY processor family,
+>18 leshort 253 Synopsys ARCv3 64-bit ISA/HS6x cores,
+>18 leshort 254 MOS Technology MCS 6502 processor,
+>18 leshort 255 Synopsys ARCv3 32-bit,
+>18 leshort 256 Kalray VLIW core of the MPPA family,
+>18 leshort 257 WDC 65816/65C816,
+>18 leshort 258 LoongArch,
+>18 leshort 259 ChipON KungFu32,
+>18 leshort 0x1057 AVR (unofficial),
+>18 leshort 0x1059 MSP430 (unofficial),
+>18 leshort 0x1223 Adapteva Epiphany (unofficial),
+>18 leshort 0x2530 Morpho MT (unofficial),
+>18 leshort 0x3330 FR30 (unofficial),
+>18 leshort 0x3426 OpenRISC (obsolete),
+>18 leshort 0x4688 Infineon C166 (unofficial),
+>18 leshort 0x5441 Cygnus FRV (unofficial),
+>18 leshort 0x5aa5 DLX (unofficial),
+>18 leshort 0x7650 Cygnus D10V (unofficial),
+>18 leshort 0x7676 Cygnus D30V (unofficial),
+>18 leshort 0x8217 Ubicom IP2xxx (unofficial),
+>18 leshort 0x8472 OpenRISC (obsolete),
+>18 leshort 0x9025 Cygnus PowerPC (unofficial),
+>18 leshort 0x9026 Alpha (unofficial),
+>18 leshort 0x9041 Cygnus M32R (unofficial),
+>18 leshort 0x9080 Cygnus V850 (unofficial),
+>18 leshort 0xa390 IBM S/390 (obsolete),
+>18 leshort 0xabc7 Old Xtensa (unofficial),
+>18 leshort 0xad45 xstormy16 (unofficial),
+>18 leshort 0xbaab Old MicroBlaze (unofficial),,
+>18 leshort 0xbeef Cygnus MN10300 (unofficial),
+>18 leshort 0xdead Cygnus MN10200 (unofficial),
+>18 leshort 0xf00d Toshiba MeP (unofficial),
+>18 leshort 0xfeb0 Renesas M32C (unofficial),
+>18 leshort 0xfeba Vitesse IQ2000 (unofficial),
+>18 leshort 0xfebb NIOS (unofficial),
+>18 leshort 0xfeed Moxie (unofficial),
+>18 default x
+>>18 leshort x *unknown arch %#x*
+>20 lelong 0 invalid version
+>20 lelong 1 version 1
+
+0 string \177ELF ELF
+!:strength *2
+>4 byte 0 invalid class
+>4 byte 1 32-bit
+>4 byte 2 64-bit
+>5 byte 0 invalid byte order
+>5 byte 1 LSB
+>>0 use elf-le
+>5 byte 2 MSB
+>>0 use \^elf-le
+>7 byte 0 (SYSV)
+>7 byte 1 (HP-UX)
+>7 byte 2 (NetBSD)
+>7 byte 3 (GNU/Linux)
+>7 byte 4 (GNU/Hurd)
+>7 byte 5 (86Open)
+>7 byte 6 (Solaris)
+>7 byte 7 (Monterey)
+>7 byte 8 (IRIX)
+>7 byte 9 (FreeBSD)
+>7 byte 10 (Tru64)
+>7 byte 11 (Novell Modesto)
+>7 byte 12 (OpenBSD)
+>7 byte 13 (OpenVMS)
+>7 byte 14 (HP NonStop Kernel)
+>7 byte 15 (AROS Research Operating System)
+>7 byte 16 (FenixOS)
+>7 byte 17 (Nuxi CloudABI)
+>7 byte 97 (ARM)
+>7 byte 202 (Cafe OS)
+>7 byte 255 (embedded)
diff --git a/magic/Magdir/encore b/magic/Magdir/encore
new file mode 100644
index 0000000..287b388
--- /dev/null
+++ b/magic/Magdir/encore
@@ -0,0 +1,22 @@
+
+#------------------------------------------------------------------------------
+# $File: encore,v 1.7 2014/04/30 21:41:02 christos Exp $
+# encore: file(1) magic for Encore machines
+#
+# XXX - needs to have the byte order specified (NS32K was little-endian,
+# dunno whether they run the 88K in little-endian mode or not).
+#
+0 short 0x154 Encore
+>20 short 0x107 executable
+>20 short 0x108 pure executable
+>20 short 0x10b demand-paged executable
+>20 short 0x10f unsupported executable
+>12 long >0 not stripped
+>22 short >0 - version %d
+>22 short 0 -
+#>4 date x stamp %s
+0 short 0x155 Encore unsupported executable
+>12 long >0 not stripped
+>22 short >0 - version %d
+>22 short 0 -
+#>4 date x stamp %s
diff --git a/magic/Magdir/epoc b/magic/Magdir/epoc
new file mode 100644
index 0000000..6f4ab5f
--- /dev/null
+++ b/magic/Magdir/epoc
@@ -0,0 +1,62 @@
+
+#------------------------------------------------------------------------------
+# $File: epoc,v 1.9 2013/12/21 14:28:15 christos Exp $
+# EPOC : file(1) magic for EPOC documents [Psion Series 5/Osaris/Geofox 1]
+# Stefan Praszalowicz <hpicollo@worldnet.fr> and Peter Breitenlohner <peb@mppmu.mpg.de>
+# Useful information for improving this file can be found at:
+# http://software.frodo.looijaard.name/psiconv/formats/Index.html
+#------------------------------------------------------------------------------
+0 lelong 0x10000037 Psion Series 5
+>4 lelong 0x10000039 font file
+>4 lelong 0x1000003A printer driver
+>4 lelong 0x1000003B clipboard
+>4 lelong 0x10000042 multi-bitmap image
+!:mime image/x-epoc-mbm
+>4 lelong 0x1000006A application information file
+>4 lelong 0x1000006D
+>>8 lelong 0x1000007D Sketch image
+!:mime image/x-epoc-sketch
+>>8 lelong 0x1000007E voice note
+>>8 lelong 0x1000007F Word file
+!:mime application/x-epoc-word
+>>8 lelong 0x10000085 OPL program (TextEd)
+!:mime application/x-epoc-opl
+>>8 lelong 0x10000087 Comms settings
+>>8 lelong 0x10000088 Sheet file
+!:mime application/x-epoc-sheet
+>>8 lelong 0x100001C4 EasyFax initialisation file
+>4 lelong 0x10000073 OPO module
+!:mime application/x-epoc-opo
+>4 lelong 0x10000074 OPL application
+!:mime application/x-epoc-app
+>4 lelong 0x1000008A exported multi-bitmap image
+>4 lelong 0x1000016D
+>>8 lelong 0x10000087 Comms names
+
+0 lelong 0x10000041 Psion Series 5 ROM multi-bitmap image
+
+0 lelong 0x10000050 Psion Series 5
+>4 lelong 0x1000006D database
+>>8 lelong 0x10000084 Agenda file
+!:mime application/x-epoc-agenda
+>>8 lelong 0x10000086 Data file
+!:mime application/x-epoc-data
+>>8 lelong 0x10000CEA Jotter file
+!:mime application/x-epoc-jotter
+>4 lelong 0x100000E4 ini file
+
+0 lelong 0x10000079 Psion Series 5 binary:
+>4 lelong 0x00000000 DLL
+>4 lelong 0x10000049 comms hardware library
+>4 lelong 0x1000004A comms protocol library
+>4 lelong 0x1000005D OPX
+>4 lelong 0x1000006C application
+>4 lelong 0x1000008D DLL
+>4 lelong 0x100000AC logical device driver
+>4 lelong 0x100000AD physical device driver
+>4 lelong 0x100000E5 file transfer protocol
+>4 lelong 0x100000E5 file transfer protocol
+>4 lelong 0x10000140 printer definition
+>4 lelong 0x10000141 printer definition
+
+0 lelong 0x1000007A Psion Series 5 executable
diff --git a/magic/Magdir/erlang b/magic/Magdir/erlang
new file mode 100644
index 0000000..df7aa2a
--- /dev/null
+++ b/magic/Magdir/erlang
@@ -0,0 +1,21 @@
+
+#------------------------------------------------------------------------------
+# $File: erlang,v 1.7 2019/04/19 00:42:27 christos Exp $
+# erlang: file(1) magic for Erlang JAM and BEAM files
+# URL: https://www.erlang.org/faq/x779.html#AEN812
+
+# OTP R3-R4
+0 string \0177BEAM! Old Erlang BEAM file
+>6 short >0 - version %d
+
+# OTP R5 and onwards
+0 string FOR1
+>8 string BEAM Erlang BEAM file
+
+# 4.2 version may have a copyright notice!
+4 string Tue\ Jan\ 22\ 14:32:44\ MET\ 1991 Erlang JAM file - version 4.2
+79 string Tue\ Jan\ 22\ 14:32:44\ MET\ 1991 Erlang JAM file - version 4.2
+
+4 string 1.0\ Fri\ Feb\ 3\ 09:55:56\ MET\ 1995 Erlang JAM file - version 4.3
+
+0 bequad 0x0000000000ABCDEF Erlang DETS file
diff --git a/magic/Magdir/espressif b/magic/Magdir/espressif
new file mode 100644
index 0000000..a97c093
--- /dev/null
+++ b/magic/Magdir/espressif
@@ -0,0 +1,57 @@
+
+# $File: espressif,v 1.3 2021/04/26 15:56:00 christos Exp $
+# configuration dump of Tasmota firmware for ESP8266 based devices by Espressif
+# URL: https://github.com/arendst/Sonoff-Tasmota/
+# Reference: https://codeload.github.com/arendst/Sonoff-Tasmota/zip/release-6.2/
+# Sonoff-Tasmota-release-6.2.zip/Sonoff-Tasmota-release-6.2/sonoff/settings.h
+# From: Joerg Jenderek
+#
+# cfg_holder=4617=0x1209
+0 uleshort 4617
+# remaining settings normally 0x5A+offset XORed; free_1D5[20] empty since 5.12.0e
+>0x1D5 ubequad 0x2f30313233343536 configuration of Tasmota firmware (ESP8266)
+!:mime application/x-tasmota-dmp
+!:ext dmp
+# version like 6.2.1.0 ~ 0x06020100 XORed to 0x63666262
+>>11 ubyte^0x65 x \b, version %u
+>>10 ubyte^0x64 x \b.%u
+>>9 ubyte^0x63 x \b.%u
+>>8 ubyte^0x62 x \b.%u
+#>8 ubelong x (%#x)
+# hostname[33] XORed
+>>0x165 ubyte^0x1BF x \b, hostname %c
+>>0x166 ubyte^0x1C0 >037 \b%c
+>>0x167 ubyte^0x1C1 >037 \b%c
+>>0x168 ubyte^0x1C2 >037 \b%c
+>>0x169 ubyte^0x1C3 >037 \b%c
+>>0x16A ubyte^0x1C4 >037 \b%c
+>>0x16B ubyte^0x1C5 >037 \b%c
+>>0x16C ubyte^0x1C6 >037 \b%c
+>>0x16D ubyte^0x1C7 >037 \b%c
+>>0x16E ubyte^0x1C8 >037 \b%c
+>>0x16F ubyte^0x1C9 >037 \b%c
+>>0x170 ubyte^0x1CA >037 \b%c
+>>0x171 ubyte^0x1CB >037 \b%c
+>>0x172 ubyte^0x1CC >037 \b%c
+>>0x173 ubyte^0x1CD >037 \b%c
+>>0x174 ubyte^0x1CE >037 \b%c
+>>0x175 ubyte^0x1CF >037 \b%c
+>>0x176 ubyte^0x1D0 >037 \b%c
+>>0x177 ubyte^0x1D1 >037 \b%c
+>>0x178 ubyte^0x1D2 >037 \b%c
+>>0x179 ubyte^0x1D3 >037 \b%c
+>>0x17A ubyte^0x1D4 >037 \b%c
+>>0x17B ubyte^0x1D5 >037 \b%c
+>>0x17C ubyte^0x1D6 >037 \b%c
+>>0x17D ubyte^0x1D7 >037 \b%c
+>>0x17E ubyte^0x1D8 >037 \b%c
+>>0x17F ubyte^0x1D9 >037 \b%c
+>>0x180 ubyte^0x1DA >037 \b%c
+>>0x181 ubyte^0x1DB >037 \b%c
+>>0x182 ubyte^0x1DC >037 \b%c
+>>0x183 ubyte^0x1DD >037 \b%c
+>>0x184 ubyte^0x1DE >037 \b%c
+>>0x185 ubyte^0x1DF >037 \b%c
+#>>0x165 string x (%.33s)
+
+
diff --git a/magic/Magdir/esri b/magic/Magdir/esri
new file mode 100644
index 0000000..e49a7ce
--- /dev/null
+++ b/magic/Magdir/esri
@@ -0,0 +1,28 @@
+
+#------------------------------------------------------------------------------
+# $File: esri,v 1.5 2019/04/19 00:42:27 christos Exp $
+# ESRI Shapefile format (.shp .shx .dbf=DBaseIII)
+# Based on info from
+# <URL:https://www.esri.com/library/whitepapers/pdfs/shapefile.pdf>
+0 belong 9994 ESRI Shapefile
+>4 belong =0
+>8 belong =0
+>12 belong =0
+>16 belong =0
+>20 belong =0
+>28 lelong x version %d
+>24 belong x length %d
+>32 lelong =0 type Null Shape
+>32 lelong =1 type Point
+>32 lelong =3 type PolyLine
+>32 lelong =5 type Polygon
+>32 lelong =8 type MultiPoint
+>32 lelong =11 type PointZ
+>32 lelong =13 type PolyLineZ
+>32 lelong =15 type PolygonZ
+>32 lelong =18 type MultiPointZ
+>32 lelong =21 type PointM
+>32 lelong =23 type PolyLineM
+>32 lelong =25 type PolygonM
+>32 lelong =28 type MultiPointM
+>32 lelong =31 type MultiPatch
diff --git a/magic/Magdir/fcs b/magic/Magdir/fcs
new file mode 100644
index 0000000..613437f
--- /dev/null
+++ b/magic/Magdir/fcs
@@ -0,0 +1,9 @@
+
+#------------------------------------------------------------------------------
+# $File: fcs,v 1.4 2009/09/19 16:28:09 christos Exp $
+# fcs: file(1) magic for FCS (Flow Cytometry Standard) data files
+# From Roger Leigh <roger@whinlatter.uklinux.net>
+0 string FCS1.0 Flow Cytometry Standard (FCS) data, version 1.0
+0 string FCS2.0 Flow Cytometry Standard (FCS) data, version 2.0
+0 string FCS3.0 Flow Cytometry Standard (FCS) data, version 3.0
+
diff --git a/magic/Magdir/filesystems b/magic/Magdir/filesystems
new file mode 100644
index 0000000..cd72130
--- /dev/null
+++ b/magic/Magdir/filesystems
@@ -0,0 +1,2694 @@
+#------------------------------------------------------------------------------
+# $File: filesystems,v 1.158 2023/05/21 17:19:08 christos Exp $
+# filesystems: file(1) magic for different filesystems
+#
+0 name partid
+>0 ubyte 0x00 Unused
+>0 ubyte 0x01 12-bit FAT
+>0 ubyte 0x02 XENIX /
+>0 ubyte 0x03 XENIX /usr
+>0 ubyte 0x04 16-bit FAT, less than 32M
+>0 ubyte 0x05 extended partition
+>0 ubyte 0x06 16-bit FAT, more than 32M
+>0 ubyte 0x07 OS/2 HPFS, NTFS, QNX2, Adv. UNIX
+>0 ubyte 0x08 AIX or os, or etc.
+>0 ubyte 0x09 AIX boot partition or Coherent
+>0 ubyte 0x0a O/2 boot manager or Coherent swap
+>0 ubyte 0x0b 32-bit FAT
+>0 ubyte 0x0c 32-bit FAT, LBA-mapped
+>0 ubyte 0x0d 7XXX, LBA-mapped
+>0 ubyte 0x0e 16-bit FAT, LBA-mapped
+>0 ubyte 0x0f extended partition, LBA-mapped
+>0 ubyte 0x10 OPUS
+>0 ubyte 0x11 OS/2 DOS 12-bit FAT
+>0 ubyte 0x12 Compaq diagnostics
+>0 ubyte 0x14 OS/2 DOS 16-bit FAT <32M
+>0 ubyte 0x16 OS/2 DOS 16-bit FAT >=32M
+>0 ubyte 0x17 OS/2 hidden IFS
+>0 ubyte 0x18 AST Windows swapfile
+>0 ubyte 0x19 Willowtech Photon coS
+>0 ubyte 0x1b hidden win95 fat 32
+>0 ubyte 0x1c hidden win95 fat 32 lba
+>0 ubyte 0x1d hidden win95 fat 16 lba
+>0 ubyte 0x20 Willowsoft OFS1
+>0 ubyte 0x21 reserved
+>0 ubyte 0x23 reserved
+>0 ubyte 0x24 NEC DOS
+>0 ubyte 0x26 reserved
+>0 ubyte 0x31 reserved
+>0 ubyte 0x32 Alien Internet Services NOS
+>0 ubyte 0x33 reserved
+>0 ubyte 0x34 reserved
+>0 ubyte 0x35 JFS on OS2
+>0 ubyte 0x36 reserved
+>0 ubyte 0x38 Theos
+>0 ubyte 0x39 Plan 9, or Theos spanned
+>0 ubyte 0x3a Theos ver 4 4gb partition
+>0 ubyte 0x3b Theos ve 4 extended partition
+>0 ubyte 0x3c PartitionMagic recovery
+>0 ubyte 0x3d Hidden Netware
+>0 ubyte 0x40 VENIX 286 or LynxOS
+>0 ubyte 0x41 PReP
+>0 ubyte 0x42 linux swap sharing DRDOS disk
+>0 ubyte 0x43 linux sharing DRDOS disk
+>0 ubyte 0x44 GoBack change utility
+>0 ubyte 0x45 Boot US Boot manager
+>0 ubyte 0x46 EUMEL/Elan or Ergos 3
+>0 ubyte 0x47 EUMEL/Elan or Ergos 3
+>0 ubyte 0x48 EUMEL/Elan or Ergos 3
+>0 ubyte 0x4a ALFX/THIN filesystem for DOS
+>0 ubyte 0x4c Oberon partition
+>0 ubyte 0x4d QNX4.x
+>0 ubyte 0x4e QNX4.x 2nd part
+>0 ubyte 0x4f QNX4.x 3rd part
+>0 ubyte 0x50 DM (disk manager)
+>0 ubyte 0x51 DM6 Aux1 (or Novell)
+>0 ubyte 0x52 CP/M or Microport SysV/AT
+>0 ubyte 0x53 DM6 Aux3
+>0 ubyte 0x54 DM6 DDO
+>0 ubyte 0x55 EZ-Drive (disk manager)
+>0 ubyte 0x56 Golden Bow (disk manager)
+>0 ubyte 0x57 Drive PRO
+>0 ubyte 0x5c Priam Edisk (disk manager)
+>0 ubyte 0x61 SpeedStor
+>0 ubyte 0x63 GNU HURD or Mach or Sys V/386
+>0 ubyte 0x64 Novell Netware 2.xx or Speedstore
+>0 ubyte 0x65 Novell Netware 3.xx
+>0 ubyte 0x66 Novell 386 Netware
+>0 ubyte 0x67 Novell
+>0 ubyte 0x68 Novell
+>0 ubyte 0x69 Novell
+>0 ubyte 0x70 DiskSecure Multi-Boot
+>0 ubyte 0x71 reserved
+>0 ubyte 0x73 reserved
+>0 ubyte 0x74 reserved
+>0 ubyte 0x75 PC/IX
+>0 ubyte 0x76 reserved
+>0 ubyte 0x77 M2FS/M2CS partition
+>0 ubyte 0x78 XOSL boot loader filesystem
+>0 ubyte 0x80 MINIX until 1.4a
+>0 ubyte 0x81 MINIX since 1.4b
+>0 ubyte 0x82 Linux swap or Solaris
+>0 ubyte 0x83 Linux native
+>0 ubyte 0x84 OS/2 hidden C: drive
+>0 ubyte 0x85 Linux extended partition
+>0 ubyte 0x86 NT FAT volume set
+>0 ubyte 0x87 NTFS volume set or HPFS mirrored
+>0 ubyte 0x8a Linux Kernel AiR-BOOT partition
+>0 ubyte 0x8b Legacy Fault tolerant FAT32
+>0 ubyte 0x8c Legacy Fault tolerant FAT32 ext
+>0 ubyte 0x8d Hidden free FDISK FAT12
+>0 ubyte 0x8e Linux Logical Volume Manager
+>0 ubyte 0x90 Hidden free FDISK FAT16
+>0 ubyte 0x91 Hidden free FDISK DOS EXT
+>0 ubyte 0x92 Hidden free FDISK FAT16 Big
+>0 ubyte 0x93 Amoeba filesystem
+>0 ubyte 0x94 Amoeba bad block table
+>0 ubyte 0x95 MIT EXOPC native partitions
+>0 ubyte 0x97 Hidden free FDISK FAT32
+>0 ubyte 0x98 Datalight ROM-DOS Super-Boot
+>0 ubyte 0x99 Mylex EISA SCSI
+>0 ubyte 0x9a Hidden free FDISK FAT16 LBA
+>0 ubyte 0x9b Hidden free FDISK EXT LBA
+>0 ubyte 0x9f BSDI?
+>0 ubyte 0xa0 IBM Thinkpad hibernation
+>0 ubyte 0xa1 HP Volume expansion (SpeedStor)
+>0 ubyte 0xa3 HP Volume expansion (SpeedStor)
+>0 ubyte 0xa4 HP Volume expansion (SpeedStor)
+>0 ubyte 0xa5 386BSD partition type
+>0 ubyte 0xa6 OpenBSD partition type
+>0 ubyte 0xa7 NeXTSTEP 486
+>0 ubyte 0xa8 Apple UFS
+>0 ubyte 0xa9 NetBSD partition type
+>0 ubyte 0xaa Olivetty Fat12 1.44MB Service part
+>0 ubyte 0xab Apple Boot
+>0 ubyte 0xae SHAG OS filesystem
+>0 ubyte 0xaf Apple HFS
+>0 ubyte 0xb0 BootStar Dummy
+>0 ubyte 0xb1 reserved
+>0 ubyte 0xb3 reserved
+>0 ubyte 0xb4 reserved
+>0 ubyte 0xb6 reserved
+>0 ubyte 0xb7 BSDI BSD/386 filesystem
+>0 ubyte 0xb8 BSDI BSD/386 swap
+>0 ubyte 0xbb Boot Wizard Hidden
+>0 ubyte 0xbe Solaris 8 partition type
+>0 ubyte 0xbf Solaris partition type
+>0 ubyte 0xc0 CTOS
+>0 ubyte 0xc1 DRDOS/sec (FAT-12)
+>0 ubyte 0xc2 Hidden Linux
+>0 ubyte 0xc3 Hidden Linux swap
+>0 ubyte 0xc4 DRDOS/sec (FAT-16, < 32M)
+>0 ubyte 0xc5 DRDOS/sec (EXT)
+>0 ubyte 0xc6 DRDOS/sec (FAT-16, >= 32M)
+>0 ubyte 0xc7 Syrinx (Cyrnix?) or HPFS disabled
+>0 ubyte 0xc8 Reserved for DR-DOS 8.0+
+>0 ubyte 0xc9 Reserved for DR-DOS 8.0+
+>0 ubyte 0xca Reserved for DR-DOS 8.0+
+>0 ubyte 0xcb DR-DOS 7.04+ Secured FAT32 CHS
+>0 ubyte 0xcc DR-DOS 7.04+ Secured FAT32 LBA
+>0 ubyte 0xcd CTOS Memdump
+>0 ubyte 0xce DR-DOS 7.04+ FAT16X LBA
+>0 ubyte 0xcf DR-DOS 7.04+ EXT LBA
+>0 ubyte 0xd0 REAL/32 secure big partition
+>0 ubyte 0xd1 Old Multiuser DOS FAT12
+>0 ubyte 0xd4 Old Multiuser DOS FAT16 Small
+>0 ubyte 0xd5 Old Multiuser DOS Extended
+>0 ubyte 0xd6 Old Multiuser DOS FAT16 Big
+>0 ubyte 0xd8 CP/M 86
+>0 ubyte 0xdb CP/M or Concurrent CP/M
+>0 ubyte 0xdd Hidden CTOS Memdump
+>0 ubyte 0xde Dell PowerEdge Server utilities
+>0 ubyte 0xdf DG/UX virtual disk manager
+>0 ubyte 0xe0 STMicroelectronics ST AVFS
+>0 ubyte 0xe1 DOS access or SpeedStor 12-bit
+>0 ubyte 0xe3 DOS R/O or Storage Dimensions
+>0 ubyte 0xe4 SpeedStor 16-bit FAT < 1024 cyl.
+>0 ubyte 0xe5 reserved
+>0 ubyte 0xe6 reserved
+>0 ubyte 0xeb BeOS
+>0 ubyte 0xee GPT Protective MBR
+>0 ubyte 0xef EFI system partition
+>0 ubyte 0xf0 Linux PA-RISC boot loader
+>0 ubyte 0xf1 SpeedStor or Storage Dimensions
+>0 ubyte 0xf2 DOS 3.3+ Secondary
+>0 ubyte 0xf3 reserved
+>0 ubyte 0xf4 SpeedStor large partition
+>0 ubyte 0xf5 Prologue multi-volumen partition
+>0 ubyte 0xf6 reserved
+>0 ubyte 0xf9 pCache: ext2/ext3 persistent cache
+>0 ubyte 0xfa Bochs x86 emulator
+>0 ubyte 0xfb VMware File System
+>0 ubyte 0xfc VMware Swap
+>0 ubyte 0xfd Linux RAID partition persistent sb
+>0 ubyte 0xfe LANstep or IBM PS/2 IML
+>0 ubyte 0xff Xenix Bad Block Table
+
+0 string \366\366\366\366 PC formatted floppy with no filesystem
+# Sun disk labels
+# From /usr/include/sun/dklabel.h:
+0774 beshort 0xdabe
+# modified by Joerg Jenderek, because original test
+# succeeds for Cabinet archive dao360.dl_ with negative blocks
+>0770 long >0 Sun disk label
+>>0 string x '%s
+>>>31 string >\0 \b%s
+>>>>63 string >\0 \b%s
+>>>>>95 string >\0 \b%s
+>>0 string x \b'
+>>0734 short >0 %d rpm,
+>>0736 short >0 %d phys cys,
+>>0740 short >0 %d alts/cyl,
+>>0746 short >0 %d interleave,
+>>0750 short >0 %d data cyls,
+>>0752 short >0 %d alt cyls,
+>>0754 short >0 %d heads/partition,
+>>0756 short >0 %d sectors/track,
+>>0764 long >0 start cyl %d,
+>>0770 long x %d blocks
+# Is there a boot block written 1 sector in?
+>512 belong&077777777 0600407 \b, boot block present
+
+# Joerg Jenderek: Smart Boot Manager backup file is 25 (MSDOS) or 41 (LINUX) byte header + first sectors of disk
+# (http://btmgr.sourceforge.net/docs/user-guide-3.html)
+0 string SBMBAKUP_ Smart Boot Manager backup file
+>9 string x \b, version %-5.5s
+>>14 string =_
+>>>15 string x %-.1s
+>>>>16 string =_ \b.
+>>>>>17 string x \b%-.1s
+>>>>>>18 string =_ \b.
+>>>>>>>19 string x \b%-.1s
+>>>22 ubyte 0
+>>>>21 ubyte x \b, from drive %#x
+>>>22 ubyte >0
+>>>>21 string x \b, from drive %s
+>>>535 search/17 \x55\xAA
+>>>>&-512 indirect x \b; contains
+
+# updated by Joerg Jenderek at Nov 2012
+# DOS Emulator image is 128 byte, null right padded header + harddisc image
+0 string DOSEMU\0
+>0x27E leshort 0xAA55
+#offset is 128
+>>19 ubyte 128
+>>>(19.b-1) ubyte 0x0 DOS Emulator image
+>>>>7 ulelong >0 \b, %u heads
+>>>>11 ulelong >0 \b, %d sectors/track
+>>>>15 ulelong >0 \b, %d cylinders
+>>>>128 indirect x \b; contains
+
+# added by Joerg Jenderek at Nov 2012
+# http://www.thenakedpc.com/articles/v04/08/0408-05.html
+# Symantec (Peter Norton) Image.dat file consists of variable header, bootrecord, part of FAT and root directory data
+0 string PNCIHISK\0 Norton Utilities disc image data
+# real x86 boot sector with jump instruction
+>509 search/1026 \x55\xAA\xeb
+>>&-1 indirect x \b; contains
+# http://file-extension.net/seeker/file_extension_dat
+0 string PNCIUNDO Norton Disk Doctor UnDo file
+#
+
+# DOS/MBR boot sector updated by Joerg Jenderek at Sep 2007,May 2011,2013
+# for any allowed sector sizes
+30 search/481 \x55\xAA
+# to display DOS/MBR boot sector (40) before old one (strength=50+21),Syslinux bootloader (71),SYSLINUX MBR (37+36),NetBSD mbr (110),AdvanceMAME mbr (111)
+# DOS BPB information (70) and after DOS floppy (120) like in previous file version
+!:strength +65
+# for sector sizes < 512 Bytes
+>11 uleshort <512
+>>(11.s-2) uleshort 0xAA55 DOS/MBR boot sector
+# for sector sizes with 512 or more Bytes
+>0x1FE leshort 0xAA55 DOS/MBR boot sector
+
+# ExFAT
+3 string/w =EXFAT
+>0x1FE leshort 0xAA55
+>>0x6E ubyte 1
+>>>0x6F ubyte 0x80
+>>>0 ubyte 0xEB DOS/MBR boot sector,
+>>>0x69 ubyte x ExFAT Filesystem version %d.
+>>>0x68 ubyte x \b%d
+>>>0x6d ubyte x \b, (1<<%d) sectors per cluster
+>>>0x48 ulequad x \b, sectors %lld
+>>>0x64 ulelong x \b, serial number %#x
+
+# keep old DOS/MBR boot sector as dummy for mbr and bootloader displaying
+# only for sector sizes with 512 or more Bytes
+0x1FE leshort 0xAA55 DOS/MBR boot sector
+#
+# to display information (50) before DOS BPB (strength=70) and after DOS floppy (120) like in old file version
+!:strength +65
+>2 string OSBS OS/BS MBR
+# added by Joerg Jenderek at Feb 2013 according to https://thestarman.pcministry.com/asm/mbr/
+# and https://en.wikipedia.org/wiki/Master_Boot_Record
+# test for nearly all MS-DOS Master Boot Record initial program loader (IPL) is now done by
+# characteristic assembler instructions: xor ax,ax;mov ss,ax;mov sp,7c00
+>0 search/2 \x33\xc0\x8e\xd0\xbc\x00\x7c MS-MBR
+# Microsoft Windows 95A and early ( https://thestarman.pcministry.com/asm/mbr/STDMBR.htm )
+# assembler instructions: mov si,sp;push ax;pop es;push ax;pop ds;sti;cld
+>>8 ubequad 0x8bf45007501ffbfc
+# https://thestarman.pcministry.com/asm/mbr/200MBR.htm
+>>>0x16 ubyte 0xF3 \b,DOS 2
+>>>>219 regex Author\ -\ Author:
+# found "David Litton" , "A Pehrsson "
+>>>>>&0 string x "%s"
+>>>0x16 ubyte 0xF2
+# NEC MS-DOS 3.30 Rev. 3 . See https://thestarman.pcministry.com/asm/mbr/DOS33MBR.htm
+# assembler instructions: mov di,077c;cmp word ptrl[di],a55a;jnz
+>>>>0x22 ubequad 0xbf7c07813d5aa575 \b,NEC 3.3
+# version MS-DOS 3.30 til MS-Windows 95A (WinVer=4.00.1111)
+>>>>0x22 default x \b,D0S version 3.3-7.0
+# error messages are printed by assembler instructions: mov si,06nn;...;int 10 (0xBEnn06;...)
+# where nn is string offset varying for different languages
+# "Invalid partition table" nn=0x8b for english version
+>>>>>(0x49.b) string Invalid\ partition\ table english
+>>>>>(0x49.b) string Ung\201ltige\ Partitionstabelle german
+>>>>>(0x49.b) string Table\ de\ partition\ invalide french
+>>>>>(0x49.b) string Tabela\ de\ parti\207ao\ inv\240lida portuguese
+>>>>>(0x49.b) string Tabla\ de\ partici\242n\ no\ v\240lida spanish
+>>>>>(0x49.b) string Tavola\ delle\ partizioni\ non\ valida italian
+>>>>>0x49 ubyte >0 at offset %#x
+>>>>>>(0x49.b) string >\0 "%s"
+# "Error loading operating system" nn=0xa3 for english version
+# "Fehler beim Laden des Betriebssystems" nn=0xa7 for german version
+# "Erreur en chargeant syst\212me d'exploitation" nn=0xa7 for french version
+# "Erro na inicializa\207ao do sistema operacional" nn=0xa7 for portuguese Brazilian version
+# "Error al cargar sistema operativo" nn=0xa8 for spanish version
+# "Errore durante il caricamento del sistema operativo" nn=0xae for italian version
+>>>>>0x74 ubyte >0 at offset %#x
+>>>>>>(0x74.b) string >\0 "%s"
+# "Missing operating system" nn=0xc2 for english version
+# "Betriebssystem fehlt" nn=0xcd for german version
+# "Syst\212me d'exploitation absent" nn=0xd2 for french version
+# "Sistema operacional nao encontrado" nn=0xd4 for portuguese Brazilian version
+# "Falta sistema operativo" nn=0xca for spanish version
+# "Sistema operativo mancante" nn=0xe2 for italian version
+>>>>>0x79 ubyte >0 at offset %#x
+>>>>>>(0x79.b) string >\0 "%s"
+# Microsoft Windows 95B to XP (https://thestarman.pcministry.com/asm/mbr/95BMEMBR.htm)
+# assembler instructions: push ax;pop es;push ax;pop ds;cld;mov si,7c1b
+>>8 ubequad 0x5007501ffcbe1b7c
+# assembler instructions: rep;movsb;retf;mov si,07be;mov cl,04
+>>>24 ubequad 0xf3a4cbbebe07b104 9M
+# "Invalid partition table" nn=0x10F for english version
+# "Ung\201ltige Partitionstabelle" nn=0x10F for german version
+# "Table de partition erron\202e" nn=0x10F for french version
+# "\216\257\245\340\240\346\250\256\255\255\240\357 \341\250\341\342\245\254\240 \255\245 \255\240\251\244\245\255\240" nn=0x10F for russian version
+>>>>(0x3C.b+0x0FF) string Invalid\ partition\ table english
+>>>>(0x3C.b+0x0FF) string Ung\201ltige\ Partitionstabelle german
+>>>>(0x3C.b+0x0FF) string Table\ de\ partition\ erron\202e french
+>>>>(0x3C.b+0x0FF) string \215\245\257\340\240\242\250\253\354\255\240\357\ \342\240\241\253\250\346\240 russian
+>>>>0x3C ubyte x at offset %#x+0xFF
+>>>>(0x3C.b+0x0FF) string >\0 "%s"
+# "Error loading operating system" nn=0x127 for english version
+# "Fehler beim Laden des Betriebssystems" nn=0x12b for german version
+# "Erreur lors du chargement du syst\212me d'exploitation" nn=0x12a for french version
+# "\216\350\250\241\252\240 \257\340\250 \247\240\243\340\343\247\252\245 \256\257\245\340\240\346\250\256\255\255\256\251 \341\250\341\342\245\254\353" nn=0x12d for russian version
+>>>>0xBD ubyte x at offset 0x1%x
+>>>>(0xBD.b+0x100) string >\0 "%s"
+# "Missing operating system" nn=0x146 for english version
+# "Betriebssystem fehlt" nn=0x151 for german version
+# "Syst\212me d'exploitation manquant" nn=0x15e for french version
+# "\216\257\245\340\240\346\250\256\255\255\240\357 \341\250\341\342\245\254\240 \255\245 \255\240\251\244\245\255\240" nn=0x156 for russian version
+>>>>0xA9 ubyte x at offset 0x1%x
+>>>>(0xA9.b+0x100) string >\0 "%s"
+# https://thestarman.pcministry.com/asm/mbr/Win2kmbr.htm
+# assembler instructions: rep;movsb;retf;mov BP,07be;mov cl,04
+>>>24 ubequad 0xf3a4cbbdbe07b104 XP
+# where xxyyzz are lower bits from offsets of error messages varying for different languages
+>>>>0x1B4 ubelong&0x00FFFFFF 0x002c4463 english
+>>>>0x1B4 ubelong&0x00FFFFFF 0x002c486e german
+# "Invalid partition table" xx=0x12C for english version
+# "Ung\201ltige Partitionstabelle" xx=0x12C for german version
+>>>>0x1b5 ubyte >0 at offset 0x1%x
+>>>>(0x1b5.b+0x100) string >\0 "%s"
+# "Error loading operating system" yy=0x144 for english version
+# "Fehler beim Laden des Betriebssystems" yy=0x148 for german version
+>>>>0x1b6 ubyte >0 at offset 0x1%x
+>>>>(0x1b6.b+0x100) string >\0 "%s"
+# "Missing operating system" zz=0x163 for english version
+# "Betriebssystem nicht vorhanden" zz=0x16e for german version
+>>>>0x1b7 ubyte >0 at offset 0x1%x
+>>>>(0x1b7.b+0x100) string >\0 "%s"
+# Microsoft Windows Vista or 7
+# assembler instructions: ..;mov ds,ax;mov si,7c00;mov di,..00
+>>8 ubequad 0xc08ed8be007cbf00
+# Microsoft Windows Vista (https://thestarman.pcministry.com/asm/mbr/VistaMBR.htm)
+# assembler instructions: jnz 0729;cmp ebx,"TCPA"
+>>>0xEC ubequad 0x753b6681fb544350 Vista
+# where xxyyzz are lower bits from offsets of error messages varying for different languages
+>>>>0x1B4 ubelong&0x00FFFFFF 0x00627a99 english
+#>>>>0x1B4 ubelong&0x00FFFFFF ? german
+# "Invalid partition table" xx=0x162 for english version
+# "Ung\201ltige Partitionstabelle" xx=0x1?? for german version
+>>>>0x1b5 ubyte >0 at offset 0x1%x
+>>>>(0x1b5.b+0x100) string >\0 "%s"
+# "Error loading operating system" yy=0x17a for english version
+# "Fehler beim Laden des Betriebssystems" yy= 0x1?? for german version
+>>>>0x1b6 ubyte >0 at offset 0x1%x
+>>>>(0x1b6.b+0x100) string >\0 "%s"
+# "Missing operating system" zz=0x199 for english version
+# "Betriebssystem nicht vorhanden" zz=0x1?? for german version
+>>>>0x1b7 ubyte >0 at offset 0x1%x
+>>>>(0x1b7.b+0x100) string >\0 "%s"
+# Microsoft Windows 7 (https://thestarman.pcministry.com/asm/mbr/W7MBR.htm)
+# assembler instructions: cmp ebx,"TCPA";cmp
+>>>0xEC ubequad 0x6681fb5443504175 Windows 7
+# where xxyyzz are lower bits from offsets of error messages varying for different languages
+>>>>0x1B4 ubelong&0x00FFFFFF 0x00637b9a english
+#>>>>0x1B4 ubelong&0x00FFFFFF ? german
+# "Invalid partition table" xx=0x163 for english version
+# "Ung\201ltige Partitionstabelle" xx=0x1?? for german version
+>>>>0x1b5 ubyte >0 at offset 0x1%x
+>>>>(0x1b5.b+0x100) string >\0 "%s"
+# "Error loading operating system" yy=0x17b for english version
+# "Fehler beim Laden des Betriebssystems" yy=0x1?? for german version
+>>>>0x1b6 ubyte >0 at offset 0x1%x
+>>>>(0x1b6.b+0x100) string >\0 "%s"
+# "Missing operating system" zz=0x19a for english version
+# "Betriebssystem nicht vorhanden" zz=0x1?? for german version
+>>>>0x1b7 ubyte >0 at offset 0x1%x
+>>>>(0x1b7.b+0x100) string >\0 "%s"
+# https://thestarman.pcministry.com/asm/mbr/Win2kmbr.htm#DiskSigs
+# https://en.wikipedia.org/wiki/MBR_disk_signature#ID
+>>0x1b8 ulelong >0 \b, disk signature %#-.4x
+# driveID/timestamp for Win 95B,98,98SE and ME. See https://thestarman.pcministry.com/asm/mbr/mystery.htm
+>>0xDA uleshort 0
+>>>0xDC ulelong >0 \b, created
+# physical drive number (0x80-0xFF) when the Windows wrote that byte to the drive
+>>>>0xDC ubyte x with driveID %#x
+# hours, minutes and seconds
+>>>>0xDf ubyte x at %x
+>>>>0xDe ubyte x \b:%x
+>>>>0xDd ubyte x \b:%x
+# special case for Microsoft MS-DOS 3.21 spanish
+# assembler instructions: cli;mov $0x30,%ax;mov %ax,%ss;mov
+>0 ubequad 0xfab830008ed0bc00
+# assembler instructions: $0x1f00,%sp;mov $0x80cb,%di;add %cl,(%bx,%si);in (%dx),%ax;mov
+>>8 ubequad 0x1fbfcb800008ed8 MS-MBR,D0S version 3.21 spanish
+# Microsoft MBR IPL end
+
+# dr-dos with some upper-, lowercase variants
+>0x9D string Invalid\ partition\ table$
+>>181 string No\ Operating\ System$
+>>>201 string Operating\ System\ load\ error$ \b, DR-DOS MBR, Version 7.01 to 7.03
+>0x9D string Invalid\ partition\ table$
+>>181 string No\ operating\ system$
+>>>201 string Operating\ system\ load\ error$ \b, DR-DOS MBR, Version 7.01 to 7.03
+>342 string Invalid\ partition\ table$
+>>366 string No\ operating\ system$
+>>>386 string Operating\ system\ load\ error$ \b, DR-DOS MBR, version 7.01 to 7.03
+>295 string NEWLDR\0
+>>302 string Bad\ PT\ $
+>>>310 string No\ OS\ $
+>>>>317 string OS\ load\ err$
+>>>>>329 string Moved\ or\ missing\ IBMBIO.LDR\n\r
+>>>>>>358 string Press\ any\ key\ to\ continue.\n\r$
+>>>>>>>387 string Copyright\ (c)\ 1984,1998
+>>>>>>>>411 string Caldera\ Inc.\0 \b, DR-DOS MBR (IBMBIO.LDR)
+#
+# tests for different MS-DOS Master Boot Records (MBR) moved and merged
+#
+#>0x145 string Default:\ F \b, FREE-DOS MBR
+#>0x14B string Default:\ F \b, FREE-DOS 1.0 MBR
+>0x145 search/7 Default:\ F \b, FREE-DOS MBR
+#>>313 string F0\ .\ .\ .
+#>>>322 string disk\ 1
+#>>>>382 string FAT3
+>64 string no\ active\ partition\ found
+>>96 string read\ error\ while\ reading\ drive \b, FREE-DOS Beta 0.9 MBR
+# Ranish Partition Manager http://www.ranish.com/part/
+>387 search/4 \0\ Error!\r
+>>378 search/7 Virus!
+>>>397 search/4 Booting\040
+>>>>408 search/4 HD1/\0 \b, Ranish MBR (
+>>>>>416 string Writing\ changes... \b2.37
+>>>>>>438 ubyte x \b,%#x dots
+>>>>>>440 ubyte >0 \b,virus check
+>>>>>>441 ubyte >0 \b,partition %c
+#2.38,2.42,2.44
+>>>>>416 string !Writing\ changes... \b
+>>>>>>418 ubyte 1 \bvirus check,
+>>>>>>419 ubyte x \b%#x seconds
+>>>>>>420 ubyte&0x0F >0 \b,partition
+>>>>>>>420 ubyte&0x0F <5 \b %x
+>>>>>>>420 ubyte&0x0F 0Xf \b ask
+>>>>>420 ubyte x \b)
+#
+# SYSLINUX MBR moved
+# https://www.acronis.de/
+>362 string MBR\ Error\ \0\r
+>>376 string ress\ any\ key\ to\040
+>>>392 string boot\ from\ floppy...\0 \b, Acronis MBR
+# added by Joerg Jenderek
+# https://www.visopsys.org/
+# https://partitionlogic.org.uk/
+>309 string No\ bootable\ partition\ found\r
+>>339 string I/O\ Error\ reading\ boot\ sector\r \b, Visopsys MBR
+>349 string No\ bootable\ partition\ found\r
+>>379 string I/O\ Error\ reading\ boot\ sector\r \b, simple Visopsys MBR
+# bootloader, bootmanager
+>0x40 string SBML
+# label with 11 characters of FAT 12 bit filesystem
+>>43 string SMART\ BTMGR
+>>>430 string SBMK\ Bad!\r \b, Smart Boot Manager
+# OEM-ID not always "SBM"
+#>>>>3 strings SBM
+>>>>6 string >\0 \b, version %s
+>382 string XOSLLOADXCF \b, eXtended Operating System Loader
+>6 string LILO \b, LInux i386 boot LOader
+>>120 string LILO \b, version 22.3.4 SuSe
+>>172 string LILO \b, version 22.5.8 Debian
+# updated by Joerg Jenderek at Oct 2008
+# variables according to grub-0.97/stage1/stage1.S or
+# https://www.gnu.org/software/grub/manual/grub.html#Embedded-data
+# usual values are marked with comments to get only information of strange GRUB loaders
+>342 search/60 \0Geom\0
+#>0 ulelong x %x=0x009048EB , 0x2a9048EB 0
+>>0x41 ubyte <2
+>>>0x3E ubyte >2 \b; GRand Unified Bootloader
+# 0x3 for 0.5.95,0.93,0.94,0.96 0x4 for 1.90
+>>>>0x3E ubyte x \b, stage1 version %#x
+#If it is 0xFF, use a drive passed by BIOS
+>>>>0x40 ubyte <0xFF \b, boot drive %#x
+# in most case 0,1,0x2e for GRUB 0.5.95
+>>>>0x41 ubyte >0 \b, LBA flag %#x
+>>>>0x42 uleshort <0x8000 \b, stage2 address %#x
+#>>>>0x42 uleshort =0x8000 \b, stage2 address %#x (usual)
+>>>>0x42 uleshort >0x8000 \b, stage2 address %#x
+#>>>>0x44 ulelong =1 \b, 1st sector stage2 %#x (default)
+>>>>0x44 ulelong >1 \b, 1st sector stage2 %#x
+>>>>0x48 uleshort <0x800 \b, stage2 segment %#x
+#>>>>0x48 uleshort =0x800 \b, stage2 segment %#x (usual)
+>>>>0x48 uleshort >0x800 \b, stage2 segment %#x
+>>>>402 string Geom\0Hard\ Disk\0Read\0\ Error\0
+>>>>>394 string stage1 \b, GRUB version 0.5.95
+>>>>382 string Geom\0Hard\ Disk\0Read\0\ Error\0
+>>>>>376 string GRUB\ \0 \b, GRUB version 0.93 or 1.94
+>>>>383 string Geom\0Hard\ Disk\0Read\0\ Error\0
+>>>>>377 string GRUB\ \0 \b, GRUB version 0.94
+>>>>385 string Geom\0Hard\ Disk\0Read\0\ Error\0
+>>>>>379 string GRUB\ \0 \b, GRUB version 0.95 or 0.96
+>>>>391 string Geom\0Hard\ Disk\0Read\0\ Error\0
+>>>>>385 string GRUB\ \0 \b, GRUB version 0.97
+# unknown version
+>>>343 string Geom\0Read\0\ Error\0
+>>>>321 string Loading\ stage1.5 \b, GRUB version x.y
+>>>380 string Geom\0Hard\ Disk\0Read\0\ Error\0
+>>>>374 string GRUB\ \0 \b, GRUB version n.m
+# SYSLINUX bootloader moved
+>395 string chksum\0\ ERROR!\0 \b, Gujin bootloader
+# http://www.bcdwb.de/bcdw/index_e.htm
+>3 string BCDL
+>>498 string BCDL\ \ \ \ BIN \b, Bootable CD Loader (1.50Z)
+# mbr partition table entries updated by Joerg Jenderek at Sep 2013
+# skip Norton Utilities disc image data
+>3 string !IHISK
+# skip Linux style boot sector starting with assembler instructions mov 0x7c0,ax;
+>>0 belong !0xb8c0078e
+# not Linux kernel
+>>>514 string !HdrS
+# not BeOS
+>>>>422 string !Be\ Boot\ Loader
+# jump over BPB instruction implies DOS bootsector or AdvanceMAME mbr
+>>>>>0 ubelong&0xFD000000 =0xE9000000
+# AdvanceMAME mbr
+>>>>>>(1.b+2) ubequad 0xfa31c08ed88ec08e
+>>>>>>>446 use partition-table
+# mbr, Norton Utilities disc image data, or 2nd,etc. sector of x86 bootloader
+>>>>>0 ubelong&0xFD000000 !0xE9000000
+# skip FSInfosector
+>>>>>>0 string !RRaA
+# skip 3rd sector of MS x86 bootloader with assembler instructions cli;MOVZX EAX,BYTE PTR [BP+10];MOV ECX,
+# https://thestarman.pcministry.com/asm/mbr/MSWIN41.htm
+>>>>>>>0 ubequad !0xfa660fb64610668b
+# skip 13rd sector of MS x86 bootloader
+>>>>>>>>0 ubequad !0x660fb64610668b4e
+# skip sector starting with DOS new line
+>>>>>>>>>0 string !\r\n
+# allowed active flag 0,80h-FFh
+>>>>>>>>>>446 ubyte 0
+>>>>>>>>>>>446 use partition-table
+>>>>>>>>>>446 ubyte >0x7F
+>>>>>>>>>>>446 use partition-table
+# TODO: test for extended bootrecord (ebr) moved and merged with mbr partition table entries
+# mbr partition table entries end
+# https://www.acronis.de/
+#FAT label=ACRONIS\ SZ
+#OEM-ID=BOOTWIZ0
+>442 string Non-system\ disk,\040
+>>459 string press\ any\ key...\x7\0 \b, Acronis Startup Recovery Loader
+# updated by Joerg Jenderek at Nov 2012, Sep 2013
+# DOS names like F11.SYS or BOOTWIZ.SYS are 8 right space padded bytes+3 bytes
+# display 1 space
+>>>447 ubyte x \b
+>>>477 use DOS-filename
+#
+>185 string FDBOOT\ Version\040
+>>204 string \rNo\ Systemdisk.\040
+>>>220 string Booting\ from\ harddisk.\n\r
+>>>245 string Cannot\ load\ from\ harddisk.\n\r
+>>>>273 string Insert\ Systemdisk\040
+>>>>>291 string and\ press\ any\ key.\n\r \b, FDBOOT harddisk Bootloader
+>>>>>>200 string >\0 \b, version %-3s
+>242 string Bootsector\ from\ C.H.\ Hochst\204
+# http://freecode.com/projects/dosfstools dosfstools-n.m/src/mkdosfs.c
+# updated by Joerg Jenderek at Nov 2012. Use search directive with offset instead of string
+# skip name "C.H. Hochstaetter" partly because it is sometimes written without umlaut
+>242 search/127 Bootsector\ from\ C.H.\ Hochst
+>>278 search/127 No\ Systemdisk.\ Booting\ from\ harddisk
+# followed by variants with point,CR-NL or NL-CR
+>>>208 search/261 Cannot\ load\ from\ harddisk.
+# followed by variants CR-NL or NL-CR
+>>>>236 search/235 Insert\ Systemdisk\ and\ press\ any\ key.
+# followed by variants with point,CR-NL or NL-CR
+>>>>>180 search/96 Disk\ formatted\ with\ WinImage\ \b, WinImage harddisk Bootloader
+# followed by string like "6.50 (c) 1993-2004 Gilles Vollant"
+>>>>>>&0 string x \b, version %-4.4s
+>(1.b+2) ubyte 0xe
+>>(1.b+3) ubyte 0x1f
+>>>(1.b+4) ubyte 0xbe
+# message offset found at (1.b+5) is 0x77 for FAT32 or 0x5b for others
+>>>>(1.b+5) ubyte&0xd3 0x53
+>>>>>(1.b+6) ubyte 0x7c
+# assembler instructions: lodsb;and al,al;jz 0xb;push si;mov ah,
+>>>>>>(1.b+7) ubyte 0xac
+>>>>>>>(1.b+8) ubyte 0x22
+>>>>>>>>(1.b+9) ubyte 0xc0
+>>>>>>>>>(1.b+10) ubyte 0x74
+>>>>>>>>>>(1.b+11) ubyte 0x0b
+>>>>>>>>>>>(1.b+12) ubyte 0x56
+>>>>>>>>>>>>(1.b+13) ubyte 0xb4 \b, mkdosfs boot message display
+# FAT1X version
+>>>>>>>>>>>>>(1.b+5) ubyte 0x5b
+>>>>>>>>>>>>>>0x5b string >\0 "%-s"
+# FAT32 version
+>>>>>>>>>>>>>(1.b+5) ubyte 0x77
+>>>>>>>>>>>>>>0x77 string >\0 "%-s"
+>214 string Please\ try\ to\ install\ FreeDOS\ \b, DOS Emulator boot message display
+#>>244 string from\ dosemu-freedos-*-bin.tgz\r
+#>>>170 string Sorry,\ could\ not\ load\ an\040
+#>>>>195 string operating\ system.\r\n
+#
+>103 string This\ is\ not\ a\ bootable\ disk.\040
+>>132 string Please\ insert\ a\ bootable\040
+>>>157 string floppy\ and\r\n
+>>>>169 string press\ any\ key\ to\ try\ again...\r \b, FREE-DOS message display
+#
+>66 string Solaris\ Boot\ Sector
+>>99 string Incomplete\ MDBoot\ load.
+>>>89 string Version \b, Sun Solaris Bootloader
+>>>>97 byte x version %c
+#
+>408 string OS/2\ !!\ SYS01475\r\0
+>>429 string OS/2\ !!\ SYS02025\r\0
+>>>450 string OS/2\ !!\ SYS02027\r\0
+>>>469 string OS2BOOT\ \ \ \ \b, IBM OS/2 Warp bootloader
+#
+>409 string OS/2\ !!\ SYS01475\r\0
+>>430 string OS/2\ !!\ SYS02025\r\0
+>>>451 string OS/2\ !!\ SYS02027\r\0
+>>>470 string OS2BOOT\ \ \ \ \b, IBM OS/2 Warp Bootloader
+>112 string This\ disk\ is\ not\ bootable\r
+>>142 string If\ you\ wish\ to\ make\ it\ bootable
+>>>176 string run\ the\ DOS\ program\ SYS\040
+>>>200 string after\ the\r
+>>>>216 string system\ has\ been\ loaded\r\n
+>>>>>242 string Please\ insert\ a\ DOS\ diskette\040
+>>>>>271 string into\r\n\ the\ drive\ and\040
+>>>>>>292 string strike\ any\ key...\0 \b, IBM OS/2 Warp message display
+# XP
+>430 string NTLDR\ is\ missing\xFF\r\n
+>>449 string Disk\ error\xFF\r\n
+>>>462 string Press\ any\ key\ to\ restart\r \b, Microsoft Windows XP Bootloader
+# DOS names like NTLDR,CMLDR,$LDR$ are 8 right space padded bytes+3 bytes
+>>>>417 ubyte&0xDF >0
+>>>>>417 string x %-.5s
+>>>>>>422 ubyte&0xDF >0
+>>>>>>>422 string x \b%-.3s
+>>>>>425 ubyte&0xDF >0
+>>>>>>425 string >\ \b.%-.3s
+#
+>>>>371 ubyte >0x20
+>>>>>368 ubyte&0xDF >0
+>>>>>>368 string x %-.5s
+>>>>>>>373 ubyte&0xDF >0
+>>>>>>>>373 string x \b%-.3s
+>>>>>>376 ubyte&0xDF >0
+>>>>>>>376 string x \b.%-.3s
+#
+>430 string NTLDR\ nicht\ gefunden\xFF\r\n
+>>453 string Datentr\204gerfehler\xFF\r\n
+>>>473 string Neustart\ mit\ beliebiger\ Taste\r \b, Microsoft Windows XP Bootloader (german)
+>>>>417 ubyte&0xDF >0
+>>>>>417 string x %-.5s
+>>>>>>422 ubyte&0xDF >0
+>>>>>>>422 string x \b%-.3s
+>>>>>425 ubyte&0xDF >0
+>>>>>>425 string >\ \b.%-.3s
+# offset variant
+>>>>379 string \0
+>>>>>368 ubyte&0xDF >0
+>>>>>>368 string x %-.5s
+>>>>>>>373 ubyte&0xDF >0
+>>>>>>>>373 string x \b%-.3s
+#
+>430 string NTLDR\ fehlt\xFF\r\n
+>>444 string Datentr\204gerfehler\xFF\r\n
+>>>464 string Neustart\ mit\ beliebiger\ Taste\r \b, Microsoft Windows XP Bootloader (2.german)
+>>>>417 ubyte&0xDF >0
+>>>>>417 string x %-.5s
+>>>>>>422 ubyte&0xDF >0
+>>>>>>>422 string x \b%-.3s
+>>>>>425 ubyte&0xDF >0
+>>>>>>425 string >\ \b.%-.3s
+# variant
+>>>>371 ubyte >0x20
+>>>>>368 ubyte&0xDF >0
+>>>>>>368 string x %-.5s
+>>>>>>>373 ubyte&0xDF >0
+>>>>>>>>373 string x \b%-.3s
+>>>>>>376 ubyte&0xDF >0
+>>>>>>>376 string x \b.%-.3s
+#
+>430 string NTLDR\ fehlt\xFF\r\n
+>>444 string Medienfehler\xFF\r\n
+>>>459 string Neustart:\ Taste\ dr\201cken\r \b, Microsoft Windows XP Bootloader (3.german)
+>>>>371 ubyte >0x20
+>>>>>368 ubyte&0xDF >0
+>>>>>>368 string x %-.5s
+>>>>>>>373 ubyte&0xDF >0
+>>>>>>>>373 string x \b%-.3s
+>>>>>>376 ubyte&0xDF >0
+>>>>>>>376 string x \b.%-.3s
+# variant
+>>>>417 ubyte&0xDF >0
+>>>>>417 string x %-.5s
+>>>>>>422 ubyte&0xDF >0
+>>>>>>>422 string x \b%-.3s
+>>>>>425 ubyte&0xDF >0
+>>>>>>425 string >\ \b.%-.3s
+#
+>430 string Datentr\204ger\ entfernen\xFF\r\n
+>>454 string Medienfehler\xFF\r\n
+>>>469 string Neustart:\ Taste\ dr\201cken\r \b, Microsoft Windows XP Bootloader (4.german)
+>>>>379 string \0
+>>>>>368 ubyte&0xDF >0
+>>>>>>368 string x %-.5s
+>>>>>>>373 ubyte&0xDF >0
+>>>>>>>>373 string x \b%-.3s
+>>>>>>376 ubyte&0xDF >0
+>>>>>>>376 string x \b.%-.3s
+# variant
+>>>>417 ubyte&0xDF >0
+>>>>>417 string x %-.5s
+>>>>>>422 ubyte&0xDF >0
+>>>>>>>422 string x \b%-.3s
+>>>>>425 ubyte&0xDF >0
+>>>>>>425 string >\ \b.%-.3s
+#
+
+#>3 string NTFS\ \ \ \040
+>389 string Fehler\ beim\ Lesen\040
+>>407 string des\ Datentr\204gers
+>>>426 string NTLDR\ fehlt
+>>>>440 string NTLDR\ ist\ komprimiert
+>>>>>464 string Neustart\ mit\ Strg+Alt+Entf\r \b, Microsoft Windows XP Bootloader NTFS (german)
+#>3 string NTFS\ \ \ \040
+>313 string A\ disk\ read\ error\ occurred.\r
+>>345 string A\ kernel\ file\ is\ missing\040
+>>>370 string from\ the\ disk.\r
+>>>>484 string NTLDR\ is\ compressed
+>>>>>429 string Insert\ a\ system\ diskette\040
+>>>>>>454 string and\ restart\r\nthe\ system.\r \b, Microsoft Windows XP Bootloader NTFS
+# DOS loader variants different languages,offsets
+>472 ubyte&0xDF >0
+>>389 string Invalid\ system\ disk\xFF\r\n
+>>>411 string Disk\ I/O\ error
+>>>>428 string Replace\ the\ disk,\ and\040
+>>>>>455 string press\ any\ key \b, Microsoft Windows 98 Bootloader
+#IO.SYS
+>>>>>>472 ubyte&0xDF >0
+>>>>>>>472 string x \b %-.2s
+>>>>>>>>474 ubyte&0xDF >0
+>>>>>>>>>474 string x \b%-.5s
+>>>>>>>>>>479 ubyte&0xDF >0
+>>>>>>>>>>>479 string x \b%-.1s
+>>>>>>>480 ubyte&0xDF >0
+>>>>>>>>480 string x \b.%-.3s
+#MSDOS.SYS
+>>>>>>>483 ubyte&0xDF >0 \b+
+>>>>>>>>483 string x \b%-.5s
+>>>>>>>>>488 ubyte&0xDF >0
+>>>>>>>>>>488 string x \b%-.3s
+>>>>>>>>491 ubyte&0xDF >0
+>>>>>>>>>491 string x \b.%-.3s
+#
+>>390 string Invalid\ system\ disk\xFF\r\n
+>>>412 string Disk\ I/O\ error\xFF\r\n
+>>>>429 string Replace\ the\ disk,\ and\040
+>>>>>451 string then\ press\ any\ key\r \b, Microsoft Windows 98 Bootloader
+>>388 string Ungueltiges\ System\ \xFF\r\n
+>>>410 string E/A-Fehler\ \ \ \ \xFF\r\n
+>>>>427 string Datentraeger\ wechseln\ und\040
+>>>>>453 string Taste\ druecken\r \b, Microsoft Windows 95/98/ME Bootloader (german)
+#WINBOOT.SYS only not spaces (0xDF)
+>>>>>>497 ubyte&0xDF >0
+>>>>>>>497 string x %-.5s
+>>>>>>>>502 ubyte&0xDF >0
+>>>>>>>>>502 string x \b%-.1s
+>>>>>>>>>>503 ubyte&0xDF >0
+>>>>>>>>>>>503 string x \b%-.1s
+>>>>>>>>>>>>504 ubyte&0xDF >0
+>>>>>>>>>>>>>504 string x \b%-.1s
+>>>>>>505 ubyte&0xDF >0
+>>>>>>>505 string x \b.%-.3s
+#IO.SYS
+>>>>>>472 ubyte&0xDF >0 or
+>>>>>>>472 string x \b %-.2s
+>>>>>>>>474 ubyte&0xDF >0
+>>>>>>>>>474 string x \b%-.5s
+>>>>>>>>>>479 ubyte&0xDF >0
+>>>>>>>>>>>479 string x \b%-.1s
+>>>>>>>480 ubyte&0xDF >0
+>>>>>>>>480 string x \b.%-.3s
+#MSDOS.SYS
+>>>>>>>483 ubyte&0xDF >0 \b+
+>>>>>>>>483 string x \b%-.5s
+>>>>>>>>>488 ubyte&0xDF >0
+>>>>>>>>>>488 string x \b%-.3s
+>>>>>>>>491 ubyte&0xDF >0
+>>>>>>>>>491 string x \b.%-.3s
+#
+>>390 string Ungueltiges\ System\ \xFF\r\n
+>>>412 string E/A-Fehler\ \ \ \ \xFF\r\n
+>>>>429 string Datentraeger\ wechseln\ und\040
+>>>>>455 string Taste\ druecken\r \b, Microsoft Windows 95/98/ME Bootloader (German)
+#WINBOOT.SYS only not spaces (0xDF)
+>>>>>>497 ubyte&0xDF >0
+>>>>>>>497 string x %-.7s
+>>>>>>>>504 ubyte&0xDF >0
+>>>>>>>>>504 string x \b%-.1s
+>>>>>>505 ubyte&0xDF >0
+>>>>>>>505 string x \b.%-.3s
+#IO.SYS
+>>>>>>472 ubyte&0xDF >0 or
+>>>>>>>472 string x \b %-.2s
+>>>>>>>>474 ubyte&0xDF >0
+>>>>>>>>>474 string x \b%-.6s
+>>>>>>>480 ubyte&0xDF >0
+>>>>>>>>480 string x \b.%-.3s
+#MSDOS.SYS
+>>>>>>>483 ubyte&0xDF >0 \b+
+>>>>>>>>483 string x \b%-.5s
+>>>>>>>>>488 ubyte&0xDF >0
+>>>>>>>>>>488 string x \b%-.3s
+>>>>>>>>491 ubyte&0xDF >0
+>>>>>>>>>491 string x \b.%-.3s
+#
+>>389 string Ungueltiges\ System\ \xFF\r\n
+>>>411 string E/A-Fehler\ \ \ \ \xFF\r\n
+>>>>428 string Datentraeger\ wechseln\ und\040
+>>>>>454 string Taste\ druecken\r \b, Microsoft Windows 95/98/ME Bootloader (GERMAN)
+# DOS names like IO.SYS,WINBOOT.SYS,MSDOS.SYS,WINBOOT.INI are 8 right space padded bytes+3 bytes
+>>>>>>472 string x %-.2s
+>>>>>>>474 ubyte&0xDF >0
+>>>>>>>>474 string x \b%-.5s
+>>>>>>>>479 ubyte&0xDF >0
+>>>>>>>>>479 string x \b%-.1s
+>>>>>>480 ubyte&0xDF >0
+>>>>>>>480 string x \b.%-.3s
+>>>>>>483 ubyte&0xDF >0 \b+
+>>>>>>>483 string x \b%-.5s
+>>>>>>>488 ubyte&0xDF >0
+>>>>>>>>488 string x \b%-.2s
+>>>>>>>>490 ubyte&0xDF >0
+>>>>>>>>>490 string x \b%-.1s
+>>>>>>>491 ubyte&0xDF >0
+>>>>>>>>491 string x \b.%-.3s
+>479 ubyte&0xDF >0
+>>416 string Kein\ System\ oder\040
+>>>433 string Laufwerksfehler
+>>>>450 string Wechseln\ und\ Taste\ dr\201cken \b, Microsoft DOS Bootloader (german)
+#IO.SYS
+>>>>>479 string x \b %-.2s
+>>>>>>481 ubyte&0xDF >0
+>>>>>>>481 string x \b%-.6s
+>>>>>487 ubyte&0xDF >0
+>>>>>>487 string x \b.%-.3s
+#MSDOS.SYS
+>>>>>>490 ubyte&0xDF >0 \b+
+>>>>>>>490 string x \b%-.5s
+>>>>>>>>495 ubyte&0xDF >0
+>>>>>>>>>495 string x \b%-.3s
+>>>>>>>498 ubyte&0xDF >0
+>>>>>>>>498 string x \b.%-.3s
+#
+>376 search/41 Non-System\ disk\ or\040
+>>395 search/41 disk\ error\r
+>>>407 search/41 Replace\ and\040
+>>>>419 search/41 press\ \b,
+>>>>419 search/41 strike\ \b, old
+>>>>426 search/41 any\ key\ when\ ready\r MS or PC-DOS bootloader
+#449 Disk\ Boot\ failure\r MS 3.21
+#466 Boot\ Failure\r MS 3.30
+>>>>>468 search/18 \0
+#IO.SYS,IBMBIO.COM
+>>>>>>&0 string x \b %-.2s
+>>>>>>>&-20 ubyte&0xDF >0
+>>>>>>>>&-1 string x \b%-.4s
+>>>>>>>>>&-16 ubyte&0xDF >0
+>>>>>>>>>>&-1 string x \b%-.2s
+>>>>>>&8 ubyte&0xDF >0 \b.
+>>>>>>>&-1 string x \b%-.3s
+#MSDOS.SYS,IBMDOS.COM
+>>>>>>&11 ubyte&0xDF >0 \b+
+>>>>>>>&-1 string x \b%-.5s
+>>>>>>>>&-6 ubyte&0xDF >0
+>>>>>>>>>&-1 string x \b%-.1s
+>>>>>>>>>>&-5 ubyte&0xDF >0
+>>>>>>>>>>>&-1 string x \b%-.2s
+>>>>>>>&7 ubyte&0xDF >0 \b.
+>>>>>>>>&-1 string x \b%-.3s
+>441 string Cannot\ load\ from\ harddisk.\n\r
+>>469 string Insert\ Systemdisk\040
+>>>487 string and\ press\ any\ key.\n\r \b, MS (2.11) DOS bootloader
+#>43 string \224R-LOADER\ \ SYS =label
+>54 string SYS
+>>324 string VASKK
+>>>495 string NEWLDR\0 \b, DR-DOS Bootloader (LOADER.SYS)
+#
+>98 string Press\ a\ key\ to\ retry\0\r
+>>120 string Cannot\ find\ file\ \0\r
+>>>139 string Disk\ read\ error\0\r
+>>>>156 string Loading\ ...\0 \b, DR-DOS (3.41) Bootloader
+#DRBIOS.SYS
+>>>>>44 ubyte&0xDF >0
+>>>>>>44 string x \b %-.6s
+>>>>>>>50 ubyte&0xDF >0
+>>>>>>>>50 string x \b%-.2s
+>>>>>>52 ubyte&0xDF >0
+>>>>>>>52 string x \b.%-.3s
+#
+>70 string IBMBIO\ \ COM
+>>472 string Cannot\ load\ DOS!\040
+>>>489 string Any\ key\ to\ retry \b, DR-DOS Bootloader
+>>471 string Cannot\ load\ DOS\040
+>>487 string press\ key\ to\ retry \b, Open-DOS Bootloader
+#??
+>444 string KERNEL\ \ SYS
+>>314 string BOOT\ error! \b, FREE-DOS Bootloader
+>499 string KERNEL\ \ SYS
+>>305 string BOOT\ err!\0 \b, Free-DOS Bootloader
+>449 string KERNEL\ \ SYS
+>>319 string BOOT\ error! \b, FREE-DOS 0.5 Bootloader
+#
+>449 string Loading\ FreeDOS
+>>0x1AF ulelong >0 \b, FREE-DOS 0.95,1.0 Bootloader
+>>>497 ubyte&0xDF >0
+>>>>497 string x \b %-.6s
+>>>>>503 ubyte&0xDF >0
+>>>>>>503 string x \b%-.1s
+>>>>>>>504 ubyte&0xDF >0
+>>>>>>>>504 string x \b%-.1s
+>>>>505 ubyte&0xDF >0
+>>>>>505 string x \b.%-.3s
+#
+>331 string Error!.0 \b, FREE-DOS 1.0 bootloader
+#
+>125 string Loading\ FreeDOS...\r
+>>311 string BOOT\ error!\r \b, FREE-DOS bootloader
+>>>441 ubyte&0xDF >0
+>>>>441 string x \b %-.6s
+>>>>>447 ubyte&0xDF >0
+>>>>>>447 string x \b%-.1s
+>>>>>>>448 ubyte&0xDF >0
+>>>>>>>>448 string x \b%-.1s
+>>>>449 ubyte&0xDF >0
+>>>>>449 string x \b.%-.3s
+>124 string FreeDOS\0
+>>331 string \ err\0 \b, FREE-DOS BETa 0.9 Bootloader
+# DOS names like KERNEL.SYS,KERNEL16.SYS,KERNEL32.SYS,METAKERN.SYS are 8 right space padded bytes+3 bytes
+>>>497 ubyte&0xDF >0
+>>>>497 string x \b %-.6s
+>>>>>503 ubyte&0xDF >0
+>>>>>>503 string x \b%-.1s
+>>>>>>>504 ubyte&0xDF >0
+>>>>>>>>504 string x \b%-.1s
+>>>>505 ubyte&0xDF >0
+>>>>>505 string x \b.%-.3s
+>>333 string \ err\0 \b, FREE-DOS BEta 0.9 Bootloader
+>>>497 ubyte&0xDF >0
+>>>>497 string x \b %-.6s
+>>>>>503 ubyte&0xDF >0
+>>>>>>503 string x \b%-.1s
+>>>>>>>504 ubyte&0xDF >0
+>>>>>>>>504 string x \b%-.1s
+>>>>505 ubyte&0xDF >0
+>>>>>505 string x \b.%-.3s
+>>334 string \ err\0 \b, FREE-DOS Beta 0.9 Bootloader
+>>>497 ubyte&0xDF >0
+>>>>497 string x \b %-.6s
+>>>>>503 ubyte&0xDF >0
+>>>>>>503 string x \b%-.1s
+>>>>>>>504 ubyte&0xDF >0
+>>>>>>>>504 string x \b%-.1s
+>>>>505 ubyte&0xDF >0
+>>>>>505 string x \b.%-.3s
+>336 string Error!\040
+>>343 string Hit\ a\ key\ to\ reboot. \b, FREE-DOS Beta 0.9sr1 Bootloader
+>>>497 ubyte&0xDF >0
+>>>>497 string x \b %-.6s
+>>>>>503 ubyte&0xDF >0
+>>>>>>503 string x \b%-.1s
+>>>>>>>504 ubyte&0xDF >0
+>>>>>>>>504 string x \b%-.1s
+>>>>505 ubyte&0xDF >0
+>>>>>505 string x \b.%-.3s
+# added by Joerg Jenderek
+# https://www.visopsys.org/
+# https://partitionlogic.org.uk/
+# OEM-ID=Visopsys
+>478 ulelong 0
+>>(1.b+326) string I/O\ Error\ reading\040
+>>>(1.b+344) string Visopsys\ loader\r
+>>>>(1.b+361) string Press\ any\ key\ to\ continue.\r \b, Visopsys loader
+# http://alexfru.chat.ru/epm.html#bootprog
+>494 ubyte >0x4D
+>>495 string >E
+>>>495 string <S
+#OEM-ID is not reliable
+>>>>3 string BootProg
+# It just looks for a program file name at the root directory
+# and loads corresponding file with following execution.
+# DOS names like STARTUP.BIN,STARTUPC.COM,STARTUPE.EXE are 8 right space padded bytes+3 bytes
+>>>>499 ubyte&0xDF >0 \b, COM/EXE Bootloader
+>>>>>499 use DOS-filename
+#If the boot sector fails to read any other sector,
+#it prints a very short message ("RE") to the screen and hangs the computer.
+#If the boot sector fails to find needed program in the root directory,
+#it also hangs with another message ("NF").
+>>>>>492 string RENF \b, FAT (12 bit)
+>>>>>495 string RENF \b, FAT (16 bit)
+#If the boot sector fails to read any other sector,
+#it prints a very short message ("RE") to the screen and hangs the computer.
+# x86 bootloader end
+
+# added by Joerg Jenderek at Feb 2013 according to https://thestarman.pcministry.com/asm/mbr/MSWIN41.htm#FSINFO
+# and https://en.wikipedia.org/wiki/File_Allocation_Table#FS_Information_Sector
+>0 string RRaA
+>>0x1E4 string rrAa \b, FSInfosector
+#>>0x1FC uleshort =0 SHOULD BE ZERO
+>>>0x1E8 ulelong <0xffffffff \b, %u free clusters
+>>>0x1EC ulelong <0xffffffff \b, last allocated cluster %u
+
+# updated by Joerg Jenderek at Sep 2007
+>3 ubyte 0
+#no active flag
+>>446 ubyte 0
+# partition 1 not empty
+>>>450 ubyte >0
+# partitions 3,4 empty
+>>>>482 ubyte 0
+>>>>>498 ubyte 0
+# partition 2 ID=0,5,15
+>>>>>>466 ubyte <0x10
+>>>>>>>466 ubyte 0x05 \b, extended partition table
+>>>>>>>466 ubyte 0x0F \b, extended partition table (LBA)
+>>>>>>>466 ubyte 0x0 \b, extended partition table (last)
+
+# DOS x86 sector separated and moved from "DOS/MBR boot sector" by Joerg Jenderek at May 2011
+
+>0x200 lelong 0x82564557 \b, BSD disklabel
+
+# by Joerg Jenderek at Apr 2013
+# Print the DOS filenames from directory entry form with 8 right space padded bytes + 3 bytes for extension
+# like IO.SYS. MSDOS.SYS , KERNEL.SYS , DRBIO.SYS
+0 name DOS-filename
+# space=0x20 (00100000b) means empty
+>0 ubyte&0xDF >0
+>>0 ubyte x \b%c
+>>>1 ubyte&0xDF >0
+>>>>1 ubyte x \b%c
+>>>>>2 ubyte&0xDF >0
+>>>>>>2 ubyte x \b%c
+>>>>>>>3 ubyte&0xDF >0
+>>>>>>>>3 ubyte x \b%c
+>>>>>>>>>4 ubyte&0xDF >0
+>>>>>>>>>>4 ubyte x \b%c
+>>>>>>>>>>>5 ubyte&0xDF >0
+>>>>>>>>>>>>5 ubyte x \b%c
+>>>>>>>>>>>>>6 ubyte&0xDF >0
+>>>>>>>>>>>>>>6 ubyte x \b%c
+>>>>>>>>>>>>>>>7 ubyte&0xDF >0
+>>>>>>>>>>>>>>>>7 ubyte x \b%c
+# DOS filename extension
+>>8 ubyte&0xDF >0 \b.
+>>>8 ubyte x \b%c
+>>>>9 ubyte&0xDF >0
+>>>>>9 ubyte x \b%c
+>>>>>>10 ubyte&0xDF >0
+>>>>>>>10 ubyte x \b%c
+# Print 2 following DOS filenames from directory entry form
+# like IO.SYS+MSDOS.SYS or ibmbio.com+ibmdos.com
+0 name 2xDOS-filename
+# display 1 space
+>0 ubyte x \b
+>0 use DOS-filename
+>11 ubyte x \b+
+>11 use DOS-filename
+
+# https://en.wikipedia.org/wiki/Master_boot_record#PTE
+# display standard partition table
+0 name partition-table
+#>0 ubyte x PARTITION-TABLE
+# test and display 1st til 4th partition table entry
+>0 use partition-entry-test
+>16 use partition-entry-test
+>32 use partition-entry-test
+>48 use partition-entry-test
+# test for entry of partition table
+0 name partition-entry-test
+# partition type ID > 0
+>4 ubyte >0
+# active flag 0
+>>0 ubyte 0
+>>>0 use partition-entry
+# active flag 0x80, 0x81, ...
+>>0 ubyte >0x7F
+>>>0 use partition-entry
+# Print entry of partition table
+0 name partition-entry
+# partition type ID > 0
+>4 ubyte >0 \b; partition
+>>64 leshort 0xAA55 1
+>>48 leshort 0xAA55 2
+>>32 leshort 0xAA55 3
+>>16 leshort 0xAA55 4
+>>4 ubyte x : ID=%#x
+>>0 ubyte&0x80 0x80 \b, active
+>>0 ubyte >0x80 %#x
+>>1 ubyte x \b, start-CHS (
+>>1 use partition-chs
+>>5 ubyte x \b), end-CHS (
+>>5 use partition-chs
+>>8 ulelong x \b), startsector %u
+>>12 ulelong x \b, %u sectors
+# Print cylinder,head,sector (CHS) of partition entry
+0 name partition-chs
+# cylinder
+>1 ubyte x \b0x
+>1 ubyte&0xC0 0x40 \b1
+>1 ubyte&0xC0 0x80 \b2
+>1 ubyte&0xC0 0xC0 \b3
+>2 ubyte x \b%x
+# head
+>0 ubyte x \b,%u
+# sector
+>1 ubyte&0x3F x \b,%u
+
+# FATX
+0 string FATX FATX filesystem data
+
+# romfs filesystems - Juan Cespedes <cespedes@debian.org>
+0 string -rom1fs- romfs filesystem, version 1
+>8 belong x %d bytes,
+>16 string x named %s.
+
+# netboot image - Juan Cespedes <cespedes@debian.org>
+0 lelong 0x1b031336L Netboot image,
+>4 lelong&0xFFFFFF00 0
+>>4 lelong&0x100 0x000 mode 2
+>>4 lelong&0x100 0x100 mode 3
+>4 lelong&0xFFFFFF00 !0 unknown mode
+
+0x18b string OS/2 OS/2 Boot Manager
+
+# updated by Joerg Jenderek at Oct 2008 and Sep 2012
+# https://syslinux.zytor.com/iso.php
+# tested with versions 1.47,1.48,1.49,1.50,1.62,1.76,2.00,2.10;3.00,3.11,3.31,;3.70,3.71,3.73,3.75,3.80,3.82,3.84,3.86,4.01,4.03 and 4.05
+# assembler instructions: cli;jmp 0:7Cyy (yy=0x40,0x5e,0x6c,0x6e,0x77);nop;nop
+0 ulequad&0x909000007cc0eafa 0x909000007c40eafa
+>631 search/689 ISOLINUX\ isolinux Loader
+>>&0 string x (version %-4.4s)
+# https://syslinux.zytor.com/pxe.php
+# assembler instructions: jmp 7C05
+0 ulelong 0x007c05ea pxelinux loader (version 2.13 or older)
+# assembler instructions: pushfd;pushad
+0 ulelong 0x60669c66 pxelinux loader
+# assembler instructions: jmp 05
+0 ulelong 0xc00005ea pxelinux loader (version 3.70 or newer)
+# https://syslinux.zytor.com/wiki/index.php/SYSLINUX
+0 string LDLINUX\ SYS\ SYSLINUX loader
+>12 string x (older version %-4.4s)
+0 string \r\nSYSLINUX\ SYSLINUX loader
+>11 string x (version %-4.4s)
+# syslinux updated and separated from "DOS/MBR boot sector" by Joerg Jenderek at Sep 2012
+# assembler instructions: jmp yy (yy=0x3c,0x58);nop;"SYSLINUX"
+0 ulelong&0x80909bEB 0x009018EB
+# OEM-ID not always "SYSLINUX"
+>434 search/47 Boot\ failed
+# followed by \r\n\0 or :\
+>>482 search/132 \0LDLINUX\ SYS Syslinux bootloader (version 2.13 or older)
+>>1 ubyte 0x58 Syslinux bootloader (version 3.0-3.9)
+>459 search/30 Boot\ error\r\n\0
+>>1 ubyte 0x58 Syslinux bootloader (version 3.10 or newer)
+# SYSLINUX MBR updated and separated from "DOS/MBR boot sector" by Joerg Jenderek at Sep 2012
+# assembler instructions: mov di,0600h;mov cx,0100h
+16 search/4 \xbf\x00\x06\xb9\x00\x01
+# to display SYSLINUX MBR (36) before old DOS/MBR boot sector one with partition table (strength=50+21)
+!:strength +36
+>94 search/249 Missing\ operating\ system
+# followed by \r for versions older 3.35 , .\r for versions newer 3.52 and point for other
+# skip Ranish MBR
+>>408 search/4 HD1/\0
+>>408 default x
+>>>250 search/118 \0Operating\ system\ load SYSLINUX MBR
+# followed by "ing " or space
+>>>>292 search/98 error
+>>>>>&0 string \r (version 3.35 or older)
+>>>>>&0 string .\r (version 3.52 or newer)
+>>>>>&0 default x (version 3.36-3.51 )
+>368 search/106 \0Disk\ error\ on\ boot\r\n SYSLINUX GPT-MBR
+>>156 search/10 \0Boot\ partition\ not\ found\r\n
+>>>270 search/10 \0OS\ not\ bootable\r\n (version 3.86 or older)
+>>174 search/10 \0Missing\ OS\r\n
+>>>189 search/10 \0Multiple\ active\ partitions\r\n (version 4.00 or newer)
+# SYSLINUX END
+
+# NetBSD mbr variants (master-boot-code version 1.22) added by Joerg Jenderek at Nov 2012
+# assembler instructions: xor ax,ax;mov ax,ss;mov sp,0x7c00;mov ax,
+0 ubequad 0x31c08ed0bc007c8e
+# mbr_bootsel magic before partition table not reliable with small ipl fragments
+#>444 uleshort 0xb5e1
+>0004 uleshort x
+# ERRorTeXT
+>>181 search/166 Error\ \0\r\n NetBSD mbr
+# NT Drive Serial Number https://thestarman.pcministry.com/asm/mbr/Win2kmbr.htm#DS
+>>>0x1B8 ubelong >0 \b,Serial %#-.8x
+# BOOTSEL definitions contains assembler instructions: int 0x13;pop dx;push dx;push dx
+>>>0xbb search/71 \xcd\x13\x5a\x52\x52 \b,bootselector
+# BOOT_EXTENDED definitions contains assembler instructions:
+# xchg ecx,edx;addl ecx,edx;movw lba_info,si;movb 0x42,ah;pop dx;push dx;int 0x13
+>>>0x96 search/1 \x66\x87\xca\x66\x01\xca\x66\x89\x16\x3a\x07\xbe\x32\x07\xb4\x42\x5a\x52\xcd\x13 \b,boot extended
+# COM_PORT_VAL definitions contains assembler instructions: outb al,dx;add 5,dl;inb %dx;test 0x40,al
+>>>0x130 search/55 \xee\x80\xc2\x05\xec\xa8\x40 \b,serial IO
+# not TERSE_ERROR
+>>>196 search/106 No\ active\ partition\0
+>>>>&0 string Disk\ read\ error\0
+>>>>>&0 string No\ operating\ system\0 \b,verbose
+# not NO_CHS definitions contains assembler instructions: pop dx;push dx;movb $8,ah;int0x13
+>>>0x7d search/7 \x5a\x52\xb4\x08\xcd\x13 \b,CHS
+# not NO_LBA_CHECK definitions contains assembler instructions: movw 0x55aa,bx;movb 0x41,ah;pop dx;push dx;int 0x13
+>>>0xa4 search/84 \xbb\xaa\x55\xb4\x41\x5a\x52\xcd\x13 \b,LBA-check
+# assembler instructions: movw nametab,bx
+>>>0x26 search/21 \xBB\x94\x07
+# not NO_BANNER definitions contains assembler instructions: mov banner,si;call message_crlf
+>>>>&-9 ubequad&0xBE00f0E800febb94 0xBE0000E80000bb94
+>>>>>181 search/166 Error\ \0
+# "a: disk" , "Fn: diskn" or "NetBSD MBR boot"
+>>>>>>&3 string x \b,"%s"
+>>>446 use partition-table
+# Andrea Mazzoleni AdvanceCD mbr loader of http://advancemame.sourceforge.net/boot-readme.html
+# added by Joerg Jenderek at Nov 2012 for versions 1.3 - 1.4
+# assembler instructions: jmp short 0x58;nop;ASCII
+0 ubequad&0xeb58908000000000 0xeb58900000000000
+# assembler instructions: cli;xor ax,ax;mov ds,ax;mov es,ax;mov ss,
+>(1.b+2) ubequad 0xfa31c08ed88ec08e
+# Error messages at end of code
+>>376 string No\ operating\ system\r\n\0
+>>>398 string Disk\ error\r\n\0FDD\0HDD\0
+>>>>419 string \ EBIOS\r\n\0 AdvanceMAME mbr
+
+# Neil Turton mbr loader variant of https://www.chiark.greenend.org.uk/~neilt/mbr/
+# added by Joerg Jenderek at Mar 2011 for versions 1.0.0 - 1.1.11
+# for 1st version assembler instructions: cld;xor ax,ax;mov DS,ax;MOV ES,AX;mov SI,
+# or cld;xor ax,ax;mov SS,ax;XOR SP,SP;mov DS,
+0 ulequad&0xcE1b40D48EC031FC 0x8E0000D08EC031FC
+# pointer to the data starting with Neil Turton signature string
+>(0x1BC.s) string NDTmbr
+>>&-14 string 1234F\0 Turton mbr (
+# parameters also viewed by install-mbr --list
+>>>(0x1BC.s+7) ubyte x \b%u<=
+>>>(0x1BC.s+9) ubyte x \bVersion<=%u
+#>>>(0x1BC.s+8) ubyte x asm_flag_%x
+>>>(0x1BC.s+8) ubyte&1 1 \b,Y2K-Fix
+# variant used by testdisk of https://www.cgsecurity.org/wiki/Menu_MBRCode
+>>>(0x1BC.s+8) ubyte&2 2 \b,TestDisk
+#0x1~1,..,0x8~4,0x10~F,0x80~A enabled
+#>>>(0x1BC.s+10) ubyte x \b,flags %#x
+#0x0~1,0x1~2,...,0x3~4,0x4~F,0x7~D default boot
+#>>>(0x1BC.s+11) ubyte x \b,cfg_def %#x
+# for older versions
+>>>(0x1BC.s+9) ubyte <2
+#>>>>(0x1BC.s+12) ubyte 18 \b,%hhu/18 seconds
+>>>>(0x1BC.s+12) ubyte !18 \b,%u/18 seconds
+# floppy A: or B:
+>>>>(0x1BC.s+13) ubyte <2 \b,floppy %#x
+>>>>(0x1BC.s+13) ubyte >1
+# 1st hard disc
+#>>>>>(0x1BC.s+13) ubyte 0x80 \b,drive %#x
+# not 1st hard disc
+>>>>>(0x1BC.s+13) ubyte !0x80 \b,drive %#x
+# for version >= 2 maximal timeout can be 65534
+>>>(0x1BC.s+9) ubyte >1
+#>>>>(0x1BC.s+12) uleshort 18 \b,%u/18 seconds
+>>>>(0x1BC.s+12) uleshort !18 \b,%u/18 seconds
+# floppy A: or B:
+>>>>(0x1BC.s+14) ubyte <2 \b,floppy %#x
+>>>>(0x1BC.s+14) ubyte >1
+# 1st hard disc
+#>>>>>(0x1BC.s+14) ubyte 0x80 \b,drive %#x
+# not 1st hard disc
+>>>>>(0x1BC.s+14) ubyte !0x80 \b,drive %#x
+>>>0 ubyte x \b)
+
+# added by Joerg Jenderek
+# In the second sector (+0x200) are variables according to grub-0.97/stage2/asm.S or
+# grub-1.94/kern/i386/pc/startup.S
+# https://www.gnu.org/software/grub/manual/grub.html#Embedded-data
+# usual values are marked with comments to get only information of strange GRUB loaders
+0x200 uleshort 0x70EA
+# found only version 3.{1,2}
+>0x206 ubeshort >0x0300
+# GRUB version (0.5.)95,0.93,0.94,0.96,0.97 > "00"
+>>0x212 ubyte >0x29
+>>>0x213 ubyte >0x29
+# not iso9660_stage1_5
+#>>>0 ulelong&0x00BE5652 0x00BE5652
+>>>>0x213 ubyte >0x29 GRand Unified Bootloader
+# config_file for stage1_5 is 0xffffffff + default "/boot/grub/stage2"
+>>>>0x217 ubyte 0xFF stage1_5
+>>>>0x217 ubyte <0xFF stage2
+>>>>0x206 ubyte x \b version %u
+>>>>0x207 ubyte x \b.%u
+# module_size for 1.94
+>>>>0x208 ulelong <0xffffff \b, installed partition %u
+#>>>>0x208 ulelong =0xffffff \b, %lu (default)
+>>>>0x208 ulelong >0xffffff \b, installed partition %u
+# GRUB 0.5.95 unofficial
+>>>>0x20C ulelong&0x2E300000 0x2E300000
+# 0=stage2 1=ffs 2=e2fs 3=fat 4=minix 5=reiserfs
+>>>>>0x20C ubyte x \b, identifier %#x
+#>>>>>0x20D ubyte =0 \b, LBA flag %#x (default)
+>>>>>0x20D ubyte >0 \b, LBA flag %#x
+# GRUB version as string
+>>>>>0x20E string >\0 \b, GRUB version %-s
+# for stage1_5 is 0xffffffff + config_file "/boot/grub/stage2" default
+>>>>>>0x215 ulong 0xffffffff
+>>>>>>>0x219 string >\0 \b, configuration file %-s
+>>>>>>0x215 ulong !0xffffffff
+>>>>>>>0x215 string >\0 \b, configuration file %-s
+# newer GRUB versions
+>>>>0x20C ulelong&0x2E300000 !0x2E300000
+##>>>>>0x20C ulelong =0 \b, saved entry %d (usual)
+>>>>>0x20C ulelong >0 \b, saved entry %d
+# for 1.94 contains kernel image size
+# for 0.93,0.94,0.96,0.97
+# 0=stage2 1=ffs 2=e2fs 3=fat 4=minix 5=reiserfs 6=vstafs 7=jfs 8=xfs 9=iso9660 a=ufs2
+>>>>>0x210 ubyte x \b, identifier %#x
+# The flag for LBA forcing is in most cases 0
+#>>>>>0x211 ubyte =0 \b, LBA flag %#x (default)
+>>>>>0x211 ubyte >0 \b, LBA flag %#x
+# GRUB version as string
+>>>>>0x212 string >\0 \b, GRUB version %-s
+# for stage1_5 is 0xffffffff + config_file "/boot/grub/stage2" default
+>>>>>0x217 ulong 0xffffffff
+>>>>>>0x21b string >\0 \b, configuration file %-s
+>>>>>0x217 ulong !0xffffffff
+>>>>>>0x217 string >\0 \b, configuration file %-s
+
+# DOS x86 sector updated and separated from "DOS/MBR boot sector" by Joerg Jenderek at May 2011
+# JuMP short bootcodeoffset NOP assembler instructions will usually be EB xx 90
+# over BIOS parameter block (BPB)
+# https://thestarman.pcministry.com/asm/2bytejumps.htm#FWD
+# older drives may use Near JuMP instruction E9 xx xx
+# minimal short forward jump found 0x29 for bootloaders or 0x0
+# maximal short forward jump is 0x7f
+# OEM-ID is empty or contain readable bytes
+0 ulelong&0x804000E9 0x000000E9
+!:strength +60
+# mtools-3.9.8/msdos.h
+# usual values are marked with comments to get only information of strange FAT systems
+# valid sectorsize must be a power of 2 from 32 to 32768
+>11 uleshort&0x001f 0
+>>11 uleshort <32769
+>>>11 uleshort >31
+>>>>21 ubyte&0xf0 0xF0
+>>>>>0 ubyte 0xEB DOS/MBR boot sector
+>>>>>>1 ubyte x \b, code offset %#x+2
+>>>>>0 ubyte 0xE9
+>>>>>>1 uleshort x \b, code offset %#x+3
+>>>>>3 string >\0 \b, OEM-ID "%-.8s"
+#http://mirror.href.com/thestarman/asm/debug/debug2.htm#IHC
+>>>>>>8 string IHC \b cached by Windows 9M
+>>>>>11 uleshort >512 \b, Bytes/sector %u
+#>>>>>11 uleshort =512 \b, Bytes/sector %u=512 (usual)
+>>>>>11 uleshort <512 \b, Bytes/sector %u
+>>>>>13 ubyte >1 \b, sectors/cluster %u
+#>>>>>13 ubyte =1 \b, sectors/cluster %u (usual on Floppies)
+# for lazy FAT32 implementation like Transcend digital photo frame PF830
+>>>>>82 string/c fat32
+>>>>>>14 uleshort !32 \b, reserved sectors %u
+#>>>>>>14 uleshort =32 \b, reserved sectors %u (usual Fat32)
+>>>>>82 string/c !fat32
+>>>>>>14 uleshort >1 \b, reserved sectors %u
+#>>>>>>14 uleshort =1 \b, reserved sectors %u (usual FAT12,FAT16)
+#>>>>>>14 uleshort 0 \b, reserved sectors %u (usual NTFS)
+>>>>>16 ubyte >2 \b, FATs %u
+#>>>>>16 ubyte =2 \b, FATs %u (usual)
+>>>>>16 ubyte =1 \b, FAT %u
+>>>>>16 ubyte >0
+>>>>>17 uleshort >0 \b, root entries %u
+#>>>>>17 uleshort =0 \b, root entries %hu=0 (usual Fat32)
+>>>>>19 uleshort >0 \b, sectors %u (volumes <=32 MB)
+#>>>>>19 uleshort =0 \b, sectors %hu=0 (usual Fat32)
+>>>>>21 ubyte >0xF0 \b, Media descriptor %#x
+#>>>>>21 ubyte =0xF0 \b, Media descriptor %#x (usual floppy)
+>>>>>21 ubyte <0xF0 \b, Media descriptor %#x
+>>>>>22 uleshort >0 \b, sectors/FAT %u
+#>>>>>22 uleshort =0 \b, sectors/FAT %hu=0 (usual Fat32)
+>>>>>24 uleshort x \b, sectors/track %u
+>>>>>26 ubyte >2 \b, heads %u
+#>>>>>26 ubyte =2 \b, heads %u (usual floppy)
+>>>>>26 ubyte =1 \b, heads %u
+# valid only for sector sizes with more then 32 Bytes
+>>>>>11 uleshort >32
+# https://en.wikipedia.org/wiki/Design_of_the_FAT_file_system#Extended_BIOS_Parameter_Block
+# skip for values 2,2Ah,70h,73h,DFh
+# and continue for extended boot signature values 0,28h,29h,80h
+>>>>>>38 ubyte&0x56 =0
+>>>>>>>28 ulelong >0 \b, hidden sectors %u
+#>>>>>>>28 ulelong =0 \b, hidden sectors %u (usual floppy)
+>>>>>>>32 ulelong >0 \b, sectors %u (volumes > 32 MB)
+#>>>>>>>32 ulelong =0 \b, sectors %u (volumes > 32 MB)
+# FAT<32 bit specific
+>>>>>>>82 string/c !fat32
+#>>>>>>>>36 ubyte 0x80 \b, physical drive %#x=0x80 (usual harddisk)
+#>>>>>>>>36 ubyte 0 \b, physical drive %#x=0 (usual floppy)
+>>>>>>>>36 ubyte !0x80
+>>>>>>>>>36 ubyte !0 \b, physical drive %#x
+# VGA-copy CRC or
+# in Windows NT bit 0 is a dirty flag to request chkdsk at boot time. bit 1 requests surface scan too
+>>>>>>>>37 ubyte >0 \b, reserved %#x
+#>>>>>>>>37 ubyte =0 \b, reserved %#x
+# extended boot signature value is 0x80 for NTFS, 0x28 or 0x29 for others
+>>>>>>>>38 ubyte !0x29 \b, dos < 4.0 BootSector (%#x)
+>>>>>>>>38 ubyte&0xFE =0x28
+>>>>>>>>>39 ulelong x \b, serial number %#x
+>>>>>>>>38 ubyte =0x29
+>>>>>>>>>43 string <NO\ NAME \b, label: "%11.11s"
+>>>>>>>>>43 string >NO\ NAME \b, label: "%11.11s"
+>>>>>>>>>43 string =NO\ NAME \b, unlabeled
+# there exist some old floppies without word FAT at offset 54
+# a word like "FATnm " is only a hint for a FAT size on nm-bits
+# Normally the number of clusters is calculated by the values of BPP.
+# if it is small enough FAT is 12 bit, if it is too big enough FAT is 32 bit,
+# otherwise FAT is 16 bit.
+# http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/determining-fat-widths.html
+>>>>>82 string/c !fat32
+>>>>>>54 string FAT12 \b, FAT (12 bit)
+>>>>>>54 string FAT16 \b, FAT (16 bit)
+>>>>>>54 default x
+# determinate FAT bit size by media descriptor
+# small floppies implies FAT12
+>>>>>>>21 ubyte <0xF0 \b, FAT (12 bit by descriptor)
+# with media descriptor F0h floppy or maybe superfloppy with FAT16
+>>>>>>>21 ubyte =0xF0
+# superfloppy (many sectors) implies FAT16
+>>>>>>>>32 ulelong >0xFFFF \b, FAT (16 bit by descriptor+sectors)
+# no superfloppy with media descriptor F0h implies FAT12
+>>>>>>>>32 default x \b, FAT (12 bit by descriptor+sectors)
+# with media descriptor F8h floppy or hard disc with FAT12 or FAT16
+>>>>>>>21 ubyte =0xF8
+# 360 KiB with media descriptor F8h, 9 sectors per track ,single sided floppy implies FAT12
+>>>>>>>>19 ubequad 0xd002f80300090001 \b, FAT (12 bit by descriptor+geometry)
+# hard disc with FAT12 or FAT16
+>>>>>>>>19 default x \b, FAT (1Y bit by descriptor)
+# with media descriptor FAh floppy, RAM disc with FAT12 or FAT16 or Tandy hard disc
+>>>>>>>21 ubyte =0xFA
+# 320 KiB with media descriptor FAh, 8 sectors per track ,single sided floppy implies FAT12
+>>>>>>>>19 ubequad 0x8002fa0200080001 \b, FAT (12 bit by descriptor+geometry)
+# RAM disc with FAT12 or FAT16 or Tandy hard disc
+>>>>>>>>19 default x \b, FAT (1Y bit by descriptor)
+# others are floppy
+>>>>>>>21 default x \b, FAT (12 bit by descriptor)
+# FAT32 bit specific
+>>>>>82 string/c fat32 \b, FAT (32 bit)
+>>>>>>36 ulelong x \b, sectors/FAT %u
+# https://technet.microsoft.com/en-us/library/cc977221.aspx
+>>>>>>40 uleshort >0 \b, extension flags %#x
+#>>>>>>40 uleshort =0 \b, extension flags %hu
+>>>>>>42 uleshort >0 \b, fsVersion %u
+#>>>>>>42 uleshort =0 \b, fsVersion %u (usual)
+>>>>>>44 ulelong >2 \b, rootdir cluster %u
+#>>>>>>44 ulelong =2 \b, rootdir cluster %u
+#>>>>>>44 ulelong =1 \b, rootdir cluster %u
+>>>>>>48 uleshort >1 \b, infoSector %u
+#>>>>>>48 uleshort =1 \b, infoSector %u (usual)
+>>>>>>48 uleshort <1 \b, infoSector %u
+# 0 or 0xFFFF instead of usual 6 means no backup sector
+>>>>>>50 uleshort =0xFFFF \b, no Backup boot sector
+>>>>>>50 uleshort =0 \b, no Backup boot sector
+#>>>>>>50 uleshort =6 \b, Backup boot sector %u (usual)
+>>>>>>50 default x
+>>>>>>>50 uleshort x \b, Backup boot sector %u
+# corrected by Joerg Jenderek at Feb 2011 according to https://thestarman.pcministry.com/asm/mbr/MSWIN41.htm#FSINFO
+>>>>>>52 ulelong >0 \b, reserved1 %#x
+>>>>>>56 ulelong >0 \b, reserved2 %#x
+>>>>>>60 ulelong >0 \b, reserved3 %#x
+# same structure as FAT1X
+#>>>>>>64 ubyte =0x80 \b, physical drive %#x=80 (usual harddisk)
+#>>>>>>64 ubyte =0 \b, physical drive %#x=0 (usual floppy)
+>>>>>>64 ubyte !0x80
+>>>>>>>64 ubyte >0 \b, physical drive %#x
+# in Windows NT bit 0 is a dirty flag to request chkdsk at boot time. bit 1 requests surface scan too
+>>>>>>65 ubyte >0 \b, reserved %#x
+>>>>>>66 ubyte !0x29 \b, dos < 4.0 BootSector (%#x)
+>>>>>>66 ubyte =0x29
+>>>>>>>67 ulelong x \b, serial number %#x
+>>>>>>>71 string <NO\ NAME \b, label: "%11.11s"
+>>>>>>>71 string >NO\ NAME \b, label: "%11.11s"
+>>>>>>>71 string =NO\ NAME \b, unlabeled
+# additional tests for floppy image added by Joerg Jenderek
+# no fixed disk
+>>>>>21 ubyte !0xF8
+# floppy media with 12 bit FAT
+>>>>>>54 string !FAT16
+# test for FAT after bootsector
+>>>>>>>(11.s) ulelong&0x00ffffF0 0x00ffffF0 \b, followed by FAT
+# floppy image
+!:mime application/x-ima
+# NTFS specific added by Joerg Jenderek at Mar 2011 according to https://thestarman.pcministry.com/asm/mbr/NTFSBR.htm
+# and http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/bios-parameter-block.html
+# 0 FATs
+>>>>>16 ubyte =0
+# 0 root entries
+>>>>>>17 uleshort =0
+# 0 DOS sectors
+>>>>>>>19 uleshort =0
+# 0 sectors/FAT
+# dos < 4.0 BootSector value found is 0x80
+#38 ubyte =0x80 \b, dos < 4.0 BootSector (%#x)
+>>>>>>>>22 uleshort =0 \b; NTFS
+>>>>>>>>>24 uleshort >0 \b, sectors/track %u
+>>>>>>>>>36 ulelong !0x800080 \b, physical drive %#x
+>>>>>>>>>40 ulequad >0 \b, sectors %lld
+>>>>>>>>>48 ulequad >0 \b, $MFT start cluster %lld
+>>>>>>>>>56 ulequad >0 \b, $MFTMirror start cluster %lld
+# Values 0 to 127 represent MFT record sizes of 0 to 127 clusters.
+# Values 128 to 255 represent MFT record sizes of 2^(256-N) bytes.
+>>>>>>>>>64 lelong <256
+>>>>>>>>>>64 lelong <128 \b, clusters/RecordSegment %d
+>>>>>>>>>>64 ubyte >127 \b, bytes/RecordSegment 2^(-1*%i)
+# Values 0 to 127 represent index block sizes of 0 to 127 clusters.
+# Values 128 to 255 represent index block sizes of 2^(256-N) byte
+>>>>>>>>>68 ulelong <256
+>>>>>>>>>>68 ulelong <128 \b, clusters/index block %d
+#>>>>>>>>>>68 ulelong >127 \b, bytes/index block 2^(256-%d)
+>>>>>>>>>>68 ubyte >127 \b, bytes/index block 2^(-1*%i)
+>>>>>>>>>72 ulequad x \b, serial number 0%llx
+>>>>>>>>>80 ulelong >0 \b, checksum %#x
+#>>>>>>>>>80 ulelong =0 \b, checksum %#x=0 (usual)
+# unicode loadername size jump
+>>>>>>>>>(0x200.s*2) ubyte x
+# in next sector loadername terminated by unicode CTRL-D and $
+>>>>>>>>>>&0x1FF ulequad&0x0000FFffFFffFF00 0x0000002400040000 \b; contains
+# if 2nd NTFS sectors is found then assume whole filesystem
+#!:mime application/x-raw-disk-image
+!:ext img/bin/ntfs
+>>>>>>>>>>>0x200 use ntfs-sector2
+
+# For 2nd NTFS sector added by Joerg Jenderek at Jan 2013, Mar 2019
+# https://thestarman.pcministry.com/asm/mbr/NTFSbrHexEd.htm
+# unused assembler instructions short JMP y2;NOP;NOP
+0x056 ulelong&0xFFFF0FFF 0x909002EB NTFS
+#!:mime application/octet-stream
+!:ext bin
+>0 use ntfs-sector2
+# https://memory.dataram.com/products-and-services/software/ramdisk
+# assembler instructions JMP C000;NOP
+0x056 ulelong 0x9000c0e9 NTFS
+#!:mime application/octet-stream
+!:ext bin
+>0 use ntfs-sector2
+# check for characteristics of second NTFS sector and then display loader name
+0 name ntfs-sector2
+# number of utf16 characters of loadername
+>0 uleshort <8
+# unused assembler instructions JMP y2;NOP;NOP or JMP C000;NOP
+>>0x056 ulelong&0xFF0000FD 0x900000E9
+# loadernames are NTLDR,CMLDR,PELDR,$LDR$ or BOOTMGR
+>>>0x002 lestring16 x bootstrap %-5.5s
+# check for 7 character length of loader name like BOOTMGR
+>>>0 uleshort 7
+>>>>0x0c lestring16 x \b%-2.2s
+### DOS,NTFS boot sectors end
+
+# ntfsclone-image is a special save format for NTFS volumes,
+# created and restored by the ntfsclone program
+0 string \0ntfsclone-image ntfsclone image,
+>0x10 byte x version %d.
+>0x11 byte x \b%d,
+>0x12 lelong x cluster size %d,
+>0x16 lequad x device size %lld,
+>0x1e lequad x %lld total clusters,
+>0x26 lequad x %lld clusters in use
+
+
+0 name ffsv1
+>8404 string x last mounted on %s,
+#>9504 ledate x last checked at %s,
+>8224 ledate x last written at %s,
+>8401 byte x clean flag %d,
+>8228 lelong x number of blocks %d,
+>8232 lelong x number of data blocks %d,
+>8236 lelong x number of cylinder groups %d,
+>8240 lelong x block size %d,
+>8244 lelong x fragment size %d,
+>8252 lelong x minimum percentage of free blocks %d,
+>8256 lelong x rotational delay %dms,
+>8260 lelong x disk rotational speed %drps,
+>8320 lelong 0 TIME optimization
+>8320 lelong 1 SPACE optimization
+
+9564 lelong 0x00011954 Unix Fast File system [v1] (little-endian),
+>0 use ffsv1
+
+9564 belong 0x00011954 Unix Fast File system [v1] (big-endian),
+>7168 belong 0x4c41424c Apple UFS Volume
+>>7186 string x named %s,
+>>7176 belong x volume label version %d,
+>>7180 bedate x created on %s,
+>0 use \^ffsv1
+
+0 name ffsv2
+>212 string x last mounted on %s,
+>680 string >\0 volume name %s,
+>1072 leqldate x last written at %s,
+>209 byte x clean flag %d,
+>210 byte x readonly flag %d,
+>1080 lequad x number of blocks %lld,
+>1088 lequad x number of data blocks %lld,
+>44 lelong x number of cylinder groups %d,
+>48 lelong x block size %d,
+>52 lelong x fragment size %d,
+>1196 lelong x average file size %d,
+>1200 lelong x average number of files in dir %d,
+>1104 lequad x pending blocks to free %lld,
+>1112 lelong x pending inodes to free %d,
+>712 lequad x system-wide uuid %0llx,
+>60 lelong x minimum percentage of free blocks %d,
+>128 lelong 0 TIME optimization
+>128 lelong 1 SPACE optimization
+
+42332 lelong 0x19012038 Unix Fast File system [v2ea] (little-endian)
+>40960 use ffsv2
+
+42332 lelong 0x19540119 Unix Fast File system [v2] (little-endian)
+>40960 use ffsv2
+
+42332 belong 0x19012038 Unix Fast File system [v2ea] (little-endian)
+>40960 use \^ffsv2
+
+42332 belong 0x19540119 Unix Fast File system [v2] (big-endian)
+>40960 use \^ffsv2
+
+66908 lelong 0x19012038 Unix Fast File system [v2ea] (little-endian)
+>65536 use ffsv2
+
+66908 lelong 0x19540119 Unix Fast File system [v2] (little-endian)
+>65536 use ffsv2
+
+66908 belong 0x19012038 Unix Fast File system [v2ea] (little-endian)
+>65536 use \^ffsv2
+
+66908 belong 0x19540119 Unix Fast File system [v2] (big-endian)
+>65536 use \^ffsv2
+
+0 ulequad 0xc8414d4dc5523031 HAMMER filesystem (little-endian),
+>0x90 lelong+1 x volume %d
+>0x94 lelong x (of %d),
+>0x50 string x name %s,
+>0x98 ulelong x version %u,
+>0xa0 ulelong x flags %#x
+
+0 ulequad 0x48414d3205172011 HAMMER2 filesystem (little-endian),
+>0x3b byte x volume %d,
+>0x28 ulequad/1073741824 x size %lluGB,
+>0x30 ulelong x version %u,
+>0x34 ulelong x flags %#x
+
+# ext2/ext3 filesystems - Andreas Dilger <adilger@dilger.ca>
+# ext4 filesystem - Eric Sandeen <sandeen@sandeen.net>
+# volume label and UUID Russell Coker
+# https://etbe.coker.com.au/2008/07/08/label-vs-uuid-vs-device/
+0x438 leshort 0xEF53 Linux
+>0x44c lelong x rev %d
+>0x43e leshort x \b.%d
+# No journal? ext2
+>0x45c lelong ^0x0000004 ext2 filesystem data
+>>0x43a leshort ^0x0000001 (mounted or unclean)
+# Has a journal? ext3 or ext4
+>0x45c lelong &0x0000004
+# and small INCOMPAT?
+>>0x460 lelong <0x0000040
+# and small RO_COMPAT?
+>>>0x464 lelong <0x0000008 ext3 filesystem data
+# else large RO_COMPAT?
+>>>0x464 lelong >0x0000007 ext4 filesystem data
+# else large INCOMPAT?
+>>0x460 lelong >0x000003f ext4 filesystem data
+>0x468 ubelong x \b, UUID=%08x
+>0x46c ubeshort x \b-%04x
+>0x46e ubeshort x \b-%04x
+>0x470 ubeshort x \b-%04x
+>0x472 ubelong x \b-%08x
+>0x476 ubeshort x \b%04x
+>0x478 string >0 \b, volume name "%s"
+# General flags for any ext* fs
+>0x460 lelong &0x0000004 (needs journal recovery)
+>0x43a leshort &0x0000002 (errors)
+# INCOMPAT flags
+>0x460 lelong &0x0000001 (compressed)
+#>0x460 lelong &0x0000002 (filetype)
+#>0x460 lelong &0x0000010 (meta bg)
+>0x460 lelong &0x0000040 (extents)
+>0x460 lelong &0x0000080 (64bit)
+#>0x460 lelong &0x0000100 (mmp)
+#>0x460 lelong &0x0000200 (flex bg)
+# RO_INCOMPAT flags
+#>0x464 lelong &0x0000001 (sparse super)
+>0x464 lelong &0x0000002 (large files)
+>0x464 lelong &0x0000008 (huge files)
+#>0x464 lelong &0x0000010 (gdt checksum)
+#>0x464 lelong &0x0000020 (many subdirs)
+#>0x463 lelong &0x0000040 (extra isize)
+
+# f2fs filesystem - Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>
+0x400 lelong 0xF2F52010 F2FS filesystem
+>0x46c ubelong x \b, UUID=%08x
+>0x470 ubeshort x \b-%04x
+>0x472 ubeshort x \b-%04x
+>0x474 ubeshort x \b-%04x
+>0x476 ubelong x \b-%08x
+>0x47a ubeshort x \b%04x
+>0x147c lestring16 x \b, volume name "%s"
+
+# Minix filesystems - Juan Cespedes <cespedes@debian.org>
+0x410 leshort 0x137f
+!:strength / 2
+>0x402 beshort < 100
+>0x402 beshort > -1 Minix filesystem, V1, 14 char names, %d zones
+>0x1e string minix \b, bootable
+0x410 beshort 0x137f
+!:strength / 2
+>0x402 beshort < 100
+>0x402 beshort > -1 Minix filesystem, V1 (big endian), %d zones
+>0x1e string minix \b, bootable
+0x410 leshort 0x138f
+!:strength / 2
+>0x402 beshort < 100
+>0x402 beshort > -1 Minix filesystem, V1, 30 char names, %d zones
+>0x1e string minix \b, bootable
+0x410 beshort 0x138f
+!:strength / 2
+>0x402 beshort < 100
+>0x402 beshort > -1 Minix filesystem, V1, 30 char names (big endian), %d zones
+>0x1e string minix \b, bootable
+# Weak Magic: this is $x
+#0x410 leshort 0x2468
+#>0x402 beshort < 100
+#>>0x402 beshort > -1 Minix filesystem, V2, 14 char names
+#>0x1e string minix \b, bootable
+#0x410 beshort 0x2468
+#>0x402 beshort < 100
+#>0x402 beshort > -1 Minix filesystem, V2 (big endian)
+#>0x1e string minix \b, bootable
+#0x410 leshort 0x2478
+#>0x402 beshort < 100
+#>0x402 beshort > -1 Minix filesystem, V2, 30 char names
+#>0x1e string minix \b, bootable
+#0x410 leshort 0x2478
+#>0x402 beshort < 100
+#>0x402 beshort > -1 Minix filesystem, V2, 30 char names
+#>0x1e string minix \b, bootable
+#0x410 beshort 0x2478
+#>0x402 beshort !0 Minix filesystem, V2, 30 char names (big endian)
+#>0x1e string minix \b, bootable
+# Weak Magic! this is MD
+#0x418 leshort 0x4d5a
+#>0x402 beshort <100
+#>>0x402 beshort > -1 Minix filesystem, V3, 60 char names
+
+# SGI disk labels - Nathan Scott <nathans@debian.org>
+0 belong 0x0BE5A941 SGI disk label (volume header)
+
+# SGI XFS filesystem - Nathan Scott <nathans@debian.org>
+0 belong 0x58465342 SGI XFS filesystem data
+>0x4 belong x (blksz %d,
+>0x68 beshort x inosz %d,
+>0x64 beshort ^0x2004 v1 dirs)
+>0x64 beshort &0x2004 v2 dirs)
+
+############################################################################
+# Minix-ST kernel floppy
+0x800 belong 0x46fc2700 Atari-ST Minix kernel image
+# https://en.wikipedia.org/wiki/BIOS_parameter_block
+# floppies with valid BPB and any instruction at beginning
+>19 string \240\005\371\005\0\011\0\2\0 \b, 720k floppy
+>19 string \320\002\370\005\0\011\0\1\0 \b, 360k floppy
+
+############################################################################
+# Hmmm, is this a better way of detecting _standard_ floppy images ?
+19 string \320\002\360\003\0\011\0\1\0 DOS floppy 360k
+>0x1FE leshort 0xAA55 \b, DOS/MBR hard disk boot sector
+19 string \240\005\371\003\0\011\0\2\0 DOS floppy 720k
+>0x1FE leshort 0xAA55 \b, DOS/MBR hard disk boot sector
+19 string \100\013\360\011\0\022\0\2\0 DOS floppy 1440k
+>0x1FE leshort 0xAA55 \b, DOS/MBR hard disk boot sector
+
+19 string \240\005\371\005\0\011\0\2\0 DOS floppy 720k, IBM
+>0x1FE leshort 0xAA55 \b, DOS/MBR hard disk boot sector
+19 string \100\013\371\005\0\011\0\2\0 DOS floppy 1440k, mkdosfs
+>0x1FE leshort 0xAA55 \b, DOS/MBR hard disk boot sector
+
+19 string \320\002\370\005\0\011\0\1\0 Atari-ST floppy 360k
+19 string \240\005\371\005\0\011\0\2\0 Atari-ST floppy 720k
+# | | | | |
+# | | | | heads
+# | | | sectors/track
+# | | sectors/FAT
+# | media descriptor
+# BPB: sectors
+
+# Valid media descriptor bytes for MS-DOS:
+#
+# Byte Capacity Media Size and Type
+# -------------------------------------------------
+#
+# F0 2.88 MB 3.5-inch, 2-sided, 36-sector
+# F0 1.44 MB 3.5-inch, 2-sided, 18-sector
+# F9 720K 3.5-inch, 2-sided, 9-sector
+# F9 1.2 MB 5.25-inch, 2-sided, 15-sector
+# FD 360K 5.25-inch, 2-sided, 9-sector
+# FF 320K 5.25-inch, 2-sided, 8-sector
+# FC 180K 5.25-inch, 1-sided, 9-sector
+# FE 160K 5.25-inch, 1-sided, 8-sector
+# FE 250K 8-inch, 1-sided, single-density
+# FD 500K 8-inch, 2-sided, single-density
+# FE 1.2 MB 8-inch, 2-sided, double-density
+# F8 ----- Fixed disk
+#
+# FC xxxK Apricot 70x1x9 boot disk.
+#
+# Originally a bitmap:
+# xxxxxxx0 Not two sided
+# xxxxxxx1 Double sided
+# xxxxxx0x Not 8 SPT
+# xxxxxx1x 8 SPT
+# xxxxx0xx Not Removable drive
+# xxxxx1xx Removable drive
+# 11111xxx Must be one.
+#
+# But now it's rather random:
+# 111111xx Low density disk
+# 00 SS, Not 8 SPT
+# 01 DS, Not 8 SPT
+# 10 SS, 8 SPT
+# 11 DS, 8 SPT
+#
+# 11111001 Double density 3 1/2 floppy disk, high density 5 1/4
+# 11110000 High density 3 1/2 floppy disk
+# 11111000 Hard disk any format
+#
+
+# all FAT12 (strength=70) floppies with sectorsize 512 added by Joerg Jenderek at Jun 2013
+# https://en.wikipedia.org/wiki/File_Allocation_Table#Exceptions
+# Too Weak.
+#512 ubelong&0xE0ffff00 0xE0ffff00
+# without valid Media descriptor in place of BPB, cases with are done at other places
+#>21 ubyte <0xE5 floppy with old FAT filesystem
+# but valid Media descriptor at begin of FAT
+#>>512 ubyte =0xed 720k
+#>>512 ubyte =0xf0 1440k
+#>>512 ubyte =0xf8 720k
+#>>512 ubyte =0xf9 1220k
+#>>512 ubyte =0xfa 320k
+#>>512 ubyte =0xfb 640k
+#>>512 ubyte =0xfc 180k
+# look like an old DOS directory entry
+#>>>0xA0E ubequad 0
+#>>>>0xA00 ubequad !0
+#!:mime application/x-ima
+#>>512 ubyte =0xfd
+# look for 2nd FAT at different location to distinguish between 360k and 500k
+#>>>0x600 ubelong&0xE0ffff00 0xE0ffff00 360k
+#>>>0x500 ubelong&0xE0ffff00 0xE0ffff00 500k
+#>>>0xA0E ubequad 0
+#!:mime application/x-ima
+#>>512 ubyte =0xfe
+#>>>0x400 ubelong&0xE0ffff00 0xE0ffff00 160k
+#>>>>0x60E ubequad 0
+#>>>>>0x600 ubequad !0
+#!:mime application/x-ima
+#>>>0xC00 ubelong&0xE0ffff00 0xE0ffff00 1200k
+#>>512 ubyte =0xff 320k
+#>>>0x60E ubequad 0
+#>>>>0x600 ubequad !0
+#!:mime application/x-ima
+#>>512 ubyte x \b, Media descriptor %#x
+# without x86 jump instruction
+#>>0 ulelong&0x804000E9 !0x000000E9
+# assembler instructions: CLI;MOV SP,1E7;MOV AX;07c0;MOV
+#>>>0 ubequad 0xfabce701b8c0078e \b, MS-DOS 1.12 bootloader
+# IOSYS.COM+MSDOS.COM
+#>>>>0xc4 use 2xDOS-filename
+#>>0 ulelong&0x804000E9 =0x000000E9
+# only x86 short jump instruction found
+#>>>0 ubyte =0xEB
+#>>>>1 ubyte x \b, code offset %#x+2
+# https://thestarman.pcministry.com/DOS/ibm100/Boot.htm
+# assembler instructions: CLI;MOV AX,CS;MOV DS,AX;MOV DX,0
+#>>>>(1.b+2) ubequad 0xfa8cc88ed8ba0000 \b, PC-DOS 1.0 bootloader
+# ibmbio.com+ibmdos.com
+#>>>>>0x176 use DOS-filename
+#>>>>>0x181 ubyte x \b+
+#>>>>>0x182 use DOS-filename
+# https://thestarman.pcministry.com/DOS/ibm110/Boot.htm
+# assembler instructions: CLI;MOV AX,CS;MOV DS,AX;XOR DX,DX;MOV
+#>>>>(1.b+2) ubequad 0xfa8cc88ed833d28e \b, PC-DOS 1.1 bootloader
+# ibmbio.com+ibmdos.com
+#>>>>>0x18b use DOS-filename
+#>>>>>0x196 ubyte x \b+
+#>>>>>0x197 use DOS-filename
+# https://en.wikipedia.org/wiki/Zenith_Data_Systems
+# assembler instructions: MOV BX,07c0;MOV SS,BX;MOV SP,01c6
+#>>>>(1.b+2) ubequad 0xbbc0078ed3bcc601 \b, Zenith Data Systems MS-DOS 1.25 bootloader
+# IO.SYS+MSDOS.SYS
+#>>>>>0x20 use 2xDOS-filename
+# https://en.wikipedia.org/wiki/Corona_Data_Systems
+# assembler instructions: MOV AX,CS;MOV DS,AX;CLI;MOV SS,AX;
+#>>>>(1.b+2) ubequad 0x8cc88ed8fa8ed0bc \b, MS-DOS 1.25 bootloader
+# IO.SYS+MSDOS.SYS
+#>>>>>0x69 use 2xDOS-filename
+# assembler instructions: CLI;PUSH CS;POP SS;MOV SP,7c00;
+#>>>>(1.b+2) ubequad 0xfa0e17bc007cb860 \b, MS-DOS 2.11 bootloader
+# defect IO.SYS+MSDOS.SYS ?
+#>>>>>0x162 use 2xDOS-filename
+
+0 name cdrom
+>38913 string !NSR0 ISO 9660 CD-ROM filesystem data
+!:mime application/x-iso9660-image
+!:ext iso/iso9660
+>38913 string NSR0 UDF filesystem data
+!:mime application/x-iso9660-image
+!:ext iso/udf
+>>38917 string 1 (version 1.0)
+>>38917 string 2 (version 1.5)
+>>38917 string 3 (version 2.0)
+>>38917 byte >0x33 (unknown version, ID %#X)
+>>38917 byte <0x31 (unknown version, ID %#X)
+# The next line is not necessary because the MBR staff is done looking for boot signature
+>0x1FE leshort 0xAA55 (DOS/MBR boot sector)
+# "application id" which appears to be used as a volume label
+>32808 string/T >\0 '%.32s'
+>34816 string \000CD001\001EL\ TORITO\ SPECIFICATION (bootable)
+37633 string CD001 ISO 9660 CD-ROM filesystem data (raw 2352 byte sectors)
+!:mime application/x-iso9660-image
+32777 string CDROM High Sierra CD-ROM filesystem data
+# "application id" which appears to be used as a volume label
+>32816 string/T >\0 '%.32s'
+
+
+# CDROM Filesystems
+# https://en.wikipedia.org/wiki/ISO_9660
+# Modified for UDF by gerardo.cacciari@gmail.com
+32769 string CD001
+# mime line at that position does not work
+# to display CD-ROM (70=81-11) after MBR (113=40+72+1), partition-table (71=50+21) and before Apple Driver Map (51)
+#!:strength -11
+# to display CD-ROM (114=81+33) before MBR (113=40+72+1), partition-table (71=50+21) and Apple Driver Map (51)
+!:strength +35
+>0 use cdrom
+
+# URL: https://en.wikipedia.org/wiki/NRG_(file_format)
+# Reference: https://dl.opendesktop.org/api/files/download/id/1460731811/
+# 11577-mount-iso-0.9.5.tar.bz2/mount-iso-0.9.5/install.sh
+# From: Joerg Jenderek
+# Note: Only for nero disc with once (DAO) type after 300 KB header
+339969 string CD001 Nero CD image at 0x4B000
+!:mime application/x-nrg
+!:ext nrg
+>307200 use cdrom
+
+# .cso files
+# Reference: https://pismotec.com/ciso/ciso.h
+# NOTE: There are two other formats with the same magic but
+# completely incompatible specifications:
+# - GameCube/Wii CISO: https://github.com/dolphin-emu/dolphin/blob/master/Source/Core/DiscIO/CISOBlob.h
+# - PSP CISO: https://github.com/jamie/ciso/blob/master/ciso.h
+0 string CISO
+# Other fields are used to determine what type of CISO this is:
+# - 0x04 == 0x00200000: GameCube/Wii CISO (block_size)
+# - 0x10 == 0x00000800: PSP CISO (ISO-9660 sector size)
+# - 0x10 == 0x00004000: For >2GB files using maxcso...
+# https://github.com/unknownbrackets/maxcso/issues/26
+# - None of the above: Compact ISO.
+>4 lelong !0
+>>4 lelong !0x200000
+>>>16 lelong !0x800
+>>>>16 lelong !0x4000 Compressed ISO CD image
+
+# cramfs filesystem - russell@coker.com.au
+0 lelong 0x28cd3d45 Linux Compressed ROM File System data, little endian
+>4 lelong x size %u
+>8 lelong &1 version #2
+>8 lelong &2 sorted_dirs
+>8 lelong &4 hole_support
+>32 lelong x CRC %#x,
+>36 lelong x edition %u,
+>40 lelong x %u blocks,
+>44 lelong x %u files
+
+0 belong 0x28cd3d45 Linux Compressed ROM File System data, big endian
+>4 belong x size %u
+>8 belong &1 version #2
+>8 belong &2 sorted_dirs
+>8 belong &4 hole_support
+>32 belong x CRC %#x,
+>36 belong x edition %u,
+>40 belong x %u blocks,
+>44 belong x %u files
+
+# reiserfs - russell@coker.com.au
+0x10034 string ReIsErFs ReiserFS V3.5
+0x10034 string ReIsEr2Fs ReiserFS V3.6
+0x10034 string ReIsEr3Fs ReiserFS V3.6.19
+>0x1002c leshort x block size %d
+>0x10032 leshort &2 (mounted or unclean)
+>0x10000 lelong x num blocks %d
+>0x10040 lelong 1 tea hash
+>0x10040 lelong 2 yura hash
+>0x10040 lelong 3 r5 hash
+
+# EST flat binary format (which isn't, but anyway)
+# From: Mark Brown <broonie@sirena.org.uk>
+0 string ESTFBINR EST flat binary
+
+# Aculab VoIP firmware
+# From: Mark Brown <broonie@sirena.org.uk>
+0 string VoIP\ Startup\ and Aculab VoIP firmware
+>35 string x format %s
+
+# From: Mark Brown <broonie@sirena.org.uk> [old]
+# From: Behan Webster <behanw@websterwood.com>
+0 belong 0x27051956 u-boot legacy uImage,
+>32 string x %s,
+>28 byte 0 Invalid os/
+>28 byte 1 OpenBSD/
+>28 byte 2 NetBSD/
+>28 byte 3 FreeBSD/
+>28 byte 4 4.4BSD/
+>28 byte 5 Linux/
+>28 byte 6 SVR4/
+>28 byte 7 Esix/
+>28 byte 8 Solaris/
+>28 byte 9 Irix/
+>28 byte 10 SCO/
+>28 byte 11 Dell/
+>28 byte 12 NCR/
+>28 byte 13 LynxOS/
+>28 byte 14 VxWorks/
+>28 byte 15 pSOS/
+>28 byte 16 QNX/
+>28 byte 17 Firmware/
+>28 byte 18 RTEMS/
+>28 byte 19 ARTOS/
+>28 byte 20 Unity OS/
+>28 byte 21 INTEGRITY/
+>29 byte 0 \bInvalid CPU,
+>29 byte 1 \bAlpha,
+>29 byte 2 \bARM,
+>29 byte 3 \bIntel x86,
+>29 byte 4 \bIA64,
+>29 byte 5 \bMIPS,
+>29 byte 6 \bMIPS 64-bit,
+>29 byte 7 \bPowerPC,
+>29 byte 8 \bIBM S390,
+>29 byte 9 \bSuperH,
+>29 byte 10 \bSparc,
+>29 byte 11 \bSparc 64-bit,
+>29 byte 12 \bM68K,
+>29 byte 13 \bNios-32,
+>29 byte 14 \bMicroBlaze,
+>29 byte 15 \bNios-II,
+>29 byte 16 \bBlackfin,
+>29 byte 17 \bAVR32,
+>29 byte 18 \bSTMicroelectronics ST200,
+>29 byte 19 \bSandbox architecture,
+>29 byte 20 \bANDES Technology NDS32,
+>29 byte 21 \bOpenRISC 1000,
+>29 byte 22 \bARM 64-bit,
+>29 byte 23 \bDesignWare ARC,
+>29 byte 24 \bx86_64,
+>29 byte 25 \bXtensa,
+>29 byte 26 \bRISC-V,
+>30 byte 0 Invalid Image
+>30 byte 1 Standalone Program
+>30 byte 2 OS Kernel Image
+>30 byte 3 RAMDisk Image
+>30 byte 4 Multi-File Image
+>30 byte 5 Firmware Image
+>30 byte 6 Script File
+>30 byte 7 Filesystem Image (any type)
+>30 byte 8 Binary Flat Device Tree BLOB
+>31 byte 0 (Not compressed),
+>31 byte 1 (gzip),
+>31 byte 2 (bzip2),
+>31 byte 3 (lzma),
+>12 belong x %d bytes,
+>8 bedate x %s,
+>16 belong x Load Address: %#08X,
+>20 belong x Entry Point: %#08X,
+>4 belong x Header CRC: %#08X,
+>24 belong x Data CRC: %#08X
+
+# JFFS2 file system
+0 leshort 0x1984 Linux old jffs2 filesystem data little endian
+0 beshort 0x1984 Linux old jffs2 filesystem data big endian
+0 leshort 0x1985 Linux jffs2 filesystem data little endian
+0 beshort 0x1985 Linux jffs2 filesystem data big endian
+
+# Squashfs
+0 name squashfs
+>28 beshort x version %d.
+>30 beshort x \b%d,
+>20 beshort 0 uncompressed,
+>20 beshort 1 zlib
+>20 beshort 2 lzma
+>20 beshort 3 lzo
+>20 beshort 4 xz
+>20 beshort 5 lz4
+>20 beshort 6 zstd
+>20 beshort >0 compressed,
+>28 beshort <3
+>>8 belong x %d bytes,
+>28 beshort >2
+>>28 beshort <4
+>>>63 bequad x %lld bytes,
+>>28 beshort >3
+>>>40 bequad x %lld bytes,
+#>>67 belong x %d bytes,
+>4 belong x %d inodes,
+>28 beshort <2
+>>32 beshort x blocksize: %d bytes,
+>28 beshort >1
+>>28 beshort <4
+>>>51 belong x blocksize: %d bytes,
+>>28 beshort >3
+>>>12 belong x blocksize: %d bytes,
+>28 beshort <4
+>>39 bedate x created: %s
+>28 beshort >3
+>>8 bedate x created: %s
+
+0 string sqsh Squashfs filesystem, big endian,
+>0 use squashfs
+
+0 string hsqs Squashfs filesystem, little endian,
+>0 use \^squashfs
+
+# AFS Dump Magic
+# From: Ty Sarna <tsarna@sarna.org>
+0 string \x01\xb3\xa1\x13\x22 AFS Dump
+>&0 belong x (v%d)
+>>&0 byte 0x76
+>>>&0 belong x Vol %d,
+>>>>&0 byte 0x6e
+>>>>>&0 string x %s
+>>>>>>&1 byte 0x74
+>>>>>>>&0 beshort 2
+>>>>>>>>&4 bedate x on: %s
+>>>>>>>>&0 bedate =0 full dump
+>>>>>>>>&0 bedate !0 incremental since: %s
+
+#----------------------------------------------------------
+#delta ISO Daniel Novotny (dnovotny@redhat.com)
+0 string DISO Delta ISO data
+!:strength +50
+>4 belong x version %d
+
+# VMS backup savesets - gerardo.cacciari@gmail.com
+#
+4 string \x01\x00\x01\x00\x01\x00
+>(0.s+16) string \x01\x01
+>>&(&0.b+8) byte 0x42 OpenVMS backup saveset data
+>>>40 lelong x (block size %d,
+>>>49 string >\0 original name '%s',
+>>>2 short 1024 VAX generated)
+>>>2 short 2048 AXP generated)
+>>>2 short 4096 I64 generated)
+
+# Summary: Oracle Clustered Filesystem
+# Created by: Aaron Botsis <redhat@digitalmafia.org>
+8 string OracleCFS Oracle Clustered Filesystem,
+>4 long x rev %d
+>0 long x \b.%d,
+>560 string x label: %.64s,
+>136 string x mountpoint: %.128s
+
+# Summary: Oracle ASM tagged volume
+# Created by: Aaron Botsis <redhat@digitalmafia.org>
+32 string ORCLDISK Oracle ASM Volume,
+>40 string x Disk Name: %0.12s
+32 string ORCLCLRD Oracle ASM Volume (cleared),
+>40 string x Disk Name: %0.12s
+
+# Oracle Clustered Filesystem - Aaron Botsis <redhat@digitalmafia.org>
+8 string OracleCFS Oracle Clustered Filesystem,
+>4 long x rev %d
+>0 long x \b.%d,
+>560 string x label: %.64s,
+>136 string x mountpoint: %.128s
+
+# Oracle ASM tagged volume - Aaron Botsis <redhat@digitalmafia.org>
+32 string ORCLDISK Oracle ASM Volume,
+>40 string x Disk Name: %0.12s
+32 string ORCLCLRD Oracle ASM Volume (cleared),
+>40 string x Disk Name: %0.12s
+
+# Compaq/HP RILOE floppy image
+# From: Dirk Jagdmann <doj@cubic.org>
+0 string CPQRFBLO Compaq/HP RILOE floppy image
+
+#------------------------------------------------------------------------------
+# Files-11 On-Disk Structure (File system for various RSX-11 and VMS flavours).
+# These bits come from LBN 1 (home block) of ODS-1, ODS-2 and ODS-5 volumes,
+# which is mapped to VBN 2 of [000000]INDEXF.SYS;1 - gerardo.cacciari@gmail.com
+#
+1008 string DECFILE11 Files-11 On-Disk Structure
+>525 byte x (ODS-%d);
+>1017 string A RSX-11, VAX/VMS or OpenVMS VAX file system;
+>1017 string B
+>>525 byte 2 VAX/VMS or OpenVMS file system;
+>>525 byte 5 OpenVMS Alpha or Itanium file system;
+>984 string x volume label is '%-12.12s'
+
+# From: Thomas Klausner <wiz@NetBSD.org>
+# https://filext.com/file-extension/DAA
+# describes the daa file format. The magic would be:
+0 string DAA\x0\x0\x0\x0\x0 PowerISO Direct-Access-Archive
+
+# From Albert Cahalan <acahalan@gmail.com>
+# really le32 operation,destination,payloadsize (but quite predictable)
+# 01 00 00 00 00 00 00 c0 00 02 00 00
+0 string \1\0\0\0\0\0\0\300\0\2\0\0 Marvell Libertas firmware
+
+# From Eric Sandeen
+# GFS2
+0x10000 belong 0x01161970
+>0x10018 belong 0x0000051d GFS1 Filesystem
+>>0x10024 belong x (blocksize %d,
+>>0x10060 string >\0 lockproto %s)
+>0x10018 belong 0x00000709 GFS2 Filesystem
+>>0x10024 belong x (blocksize %d,
+>>0x10060 string >\0 lockproto %s)
+
+# Russell Coker <russell@coker.com.au>
+0x10040 string _BHRfS_M BTRFS Filesystem
+>0x1012b string >\0 label "%s",
+>0x10090 lelong x sectorsize %d,
+>0x10094 lelong x nodesize %d,
+>0x10098 lelong x leafsize %d,
+>0x10020 ubelong x UUID=%08x-
+>0x10024 ubeshort x \b%04x-
+>0x10026 ubeshort x \b%04x-
+>0x10028 ubeshort x \b%04x-
+>0x1002a ubeshort x \b%04x
+>0x1002c ubelong x \b%08x,
+>0x10078 lequad x %lld/
+>0x10070 lequad x \b%lld bytes used,
+>0x10088 lequad x %lld devices
+
+0 string btrfs-stream BTRFS stream file
+
+# dvdisaster's .ecc
+# From: "Nelson A. de Oliveira" <naoliv@gmail.com>
+0 string *dvdisaster* dvdisaster error correction file
+
+# xfs metadump image
+# mb_magic XFSM at 0; superblock magic XFSB at 1 << mb_blocklog
+# but can we do the << ? For now it's always 512 (0x200) anyway.
+0 string XFSM
+>0x200 string XFSB XFS filesystem metadump image
+
+# Type: CROM filesystem
+# From: Werner Fink <werner@suse.de>
+0 string CROMFS CROMFS
+>6 string >\0 \b version %2.2s,
+>8 ulequad >0 \b block data at %lld,
+>16 ulequad >0 \b fblock table at %lld,
+>24 ulequad >0 \b inode table at %lld,
+>32 ulequad >0 \b root at %lld,
+>40 ulelong >0 \b fblock size = %d,
+>44 ulelong >0 \b block size = %d,
+>48 ulequad >0 \b bytes = %lld
+
+# Type: xfs metadump image
+# From: Daniel Novotny <dnovotny@redhat.com>
+# mb_magic XFSM at 0; superblock magic XFSB at 1 << mb_blocklog
+# but can we do the << ? For now it's always 512 (0x200) anyway.
+0 string XFSM
+>0x200 string XFSB XFS filesystem metadump image
+
+# Type: delta ISO
+# From: Daniel Novotny <dnovotny@redhat.com>
+0 string DISO Delta ISO data,
+>4 belong x version %d
+
+# JFS2 (Journaling File System) image. (Old JFS1 has superblock at 0x1000.)
+# See linux/fs/jfs/jfs_superblock.h for layout; see jfs_filsys.h for flags.
+# From: Adam Buchbinder <adam.buchbinder@gmail.com>
+0x8000 string JFS1
+# Because it's text-only magic, check a binary value (version) to be sure.
+# Should always be 2, but mkfs.jfs writes it as 1. Needs to be 2 or 1 to be
+# mountable.
+>&0 lelong <3 JFS2 filesystem image
+# Label is followed by a UUID; we have to limit string length to avoid
+# appending the UUID in the case of a 16-byte label.
+>>&144 regex [\x20-\x7E]{1,16} (label "%s")
+>>&0 lequad x \b, %lld blocks
+>>&8 lelong x \b, blocksize %d
+>>&32 lelong&0x00000006 >0 (dirty)
+>>&36 lelong >0 (compressed)
+
+# LFS
+0 lelong 0x070162 LFS filesystem image
+>4 lelong 1 version 1,
+>>8 lelong x \b blocks %u,
+>>12 lelong x \b blocks per segment %u,
+>4 lelong 2 version 2,
+>>8 lelong x \b fragments %u,
+>>12 lelong x \b bytes per segment %u,
+>16 lelong x \b disk blocks %u,
+>20 lelong x \b block size %u,
+>24 lelong x \b fragment size %u,
+>28 lelong x \b fragments per block %u,
+>32 lelong x \b start for free list %u,
+>36 lelong x \b number of free blocks %d,
+>40 lelong x \b number of files %u,
+>44 lelong x \b blocks available for writing %d,
+>48 lelong x \b inodes in cache %d,
+>52 lelong x \b inode file disk address %#x,
+>56 lelong x \b inode file inode number %u,
+>60 lelong x \b address of last segment written %#x,
+>64 lelong x \b address of next segment to write %#x,
+>68 lelong x \b address of current segment written %#x
+
+0 string td\000 floppy image data (TeleDisk, compressed)
+0 string TD\000 floppy image data (TeleDisk)
+
+0 string CQ\024 floppy image data (CopyQM,
+>16 leshort x %d sectors,
+>18 leshort x %d heads.)
+
+0 string ACT\020Apricot\020disk\020image\032\004 floppy image data (ApriDisk)
+
+# URL: http://fileformats.archiveteam.org/wiki/LoadDskF/SaveDskF
+# Update: Joerg Jenderek
+# Note: called "IBM SKF disk image" by TrID
+# verfied by 7-Zip `7z l -tFAT -slt *.dsk` and
+# `deark -l -m loaddskf 06200D19.DSK`
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/d/dsk-skf-old.trid.xml
+0 beshort 0xAA58
+>0 use SaveDskF
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/d/dsk-skf.trid.xml
+0 beshort 0xAA59
+>0 use SaveDskF
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/d/dsk-skf-comp.trid.xml
+0 beshort 0xAA5A
+# skip foo by additional check for unused upper byte of media type in SaveDskF header
+#>3 ubyte =0
+# skip bar by additional check for valid "low" number of heads in SaveDskF header
+#>>26 uleshort <3
+# skip foo by additional check for unused double word field in SaveDskF header
+#>>>30 long =0
+#>>>>0 use SaveDskF
+>0 use SaveDskF
+# display information about IBM SaveDskF floppy disk images
+0 name SaveDskF
+# SaveDskF magic
+>0 beshort x floppy image data (IBM SaveDskF
+#!:mime application/octet-stream
+!:mime application/x-ibm-dsk
+!:ext dsk
+# also suffix with digit (1dk .2dk ...); NO example FOUND!
+#!:ext dsk/1dk/2dk
+>1 ubyte =0x58 \b, old)
+>1 ubyte =0x59 \b)
+>1 ubyte =0x5A \b, compressed)
+# media type; the first byte of the FAT like: 0xF0 (usual floppy) 0xF9 0xFE
+# https://en.wikipedia.org/wiki/Design_of_the_FAT_file_system
+>2 ubyte !0xF0 \b, Media descriptor %#x
+# upper byte of media type is not used; so this seems to be nil
+>3 ubyte !0 \b, upper byte of media type %#x
+# sector size in bytes as in the BIOS parameter block like: 512 ; SAVEDSKF.EXE with other sizes produce garbage images
+>4 uleshort !512 \b, Bytes/sector %u
+# cluster mask; number of sectors per cluster, minus 1
+>6 uleshort+1 >1 \b, sectors/cluster %u
+#>6 uleshort+1 x \b, sectors/cluster %u
+# cluster shift; log2(cluster size / sector size) like: 0~1=ClusterSize/SectorSize
+>7 ubyte >0 \b, cluster shift %u
+#>7 ubyte x \b, cluster shift %u
+# reserved sectors; as in the BIOS parameter block like: 1 256 (2M256R-K.DSK)
+>8 uleshort >1 \b, reserved sectors %u
+#>8 uleshort x \b, reserved sectors %u
+# FAT copies; as in the BIOS parameter block like: 2 (usual) 1 (2-NK.DSK)
+>10 ubyte !2 \b, FAT
+# plural s
+>>10 ubyte >1 \bs
+>>10 ubyte x %u
+# root directory entries; as in the BIOS parameter block like: 224 (usual) 64 (H1-NK.DSK) 4096 (2-NK.DSK)
+>11 uleshort !224 \b, root entries %u
+# sector number of first cluster (count sectors used by boot sector, FATs and root directory) like: 7 10 29 33 288
+>13 uleshort !33 \b, 1st cluster at sector %u
+# number of clusters in image; empty clusters at the end are not saved and counted like: 2372 2848
+>15 uleshort x \b, %u clusters
+# sectors/FAT; as in the BIOS parameter block like: 1 (H1-NK.DSK) 7 9
+>17 ubyte !9 \b, sectors/FAT %u
+# sector number of root directory (ie, count of sectors used by boot sector and FATs) like: 3 (H1-NK.DSK) 9 10 15 19 274 (2M256R-K.DSK)
+>18 uleshort !19 \b, root directory at sector %u
+# checksum; sum of all bytes in the file
+>20 ulelong x \b, checksum %#8.8x
+# cylinders; number of cylinders like: 40 80
+>24 uleshort !80 \b, %u cylinders
+#>24 uleshort x \b, %u cylinders
+# heads; number of heads as in the BIOS parameter block like: 1 (H1-NK.DSK) 2
+>26 uleshort !2 \b, heads %u
+#>26 uleshort x \b, heads %u
+# sectors/track; number of sectors per track as in the BIOS parameter block like: 8 15 18 36
+>28 uleshort !18 \b, sectors/track %u
+#>28 uleshort x \b, sectors/track %u
+# unused double word field seems to be always like: 0
+>30 ulelong !0 \b, at 0x1E %#x
+# number of sectors in images like: 1017 2786 2880
+>34 uleshort x \b, sectors %u
+# if string is "printable" it can be a real comment
+>(36.s) ubyte !0x00
+# if 1st sector is far enough away (> 0x29) then there is space for comment part
+>>38 uleshort >41
+# offset to comment string like: 28h=40
+>>>36 uleshort x \b, at %#x
+# comment string terminated with \r\n\0
+>>>(36.s) string x "%s"
+# offset to the first sector like: 0 (If this is 0, assume it is 0x200) 29h=41 (DISPLAY3.DSK) 31h 43h 45h 46h 48h 50h 200h=512
+>38 uleshort !0 \b, 1st sector at %#x
+# FOR DEBUGGING!
+#>(38.s) ubelong x SECTOR CONTENT %x
+# not compressed floppy image implies readable DOS boot sector inside image
+>>1 ubyte !0x5A
+# when not compressed it is readable as DOS boot sector via ./filesystems
+#>>>(38.s) indirect x \b; contains
+>38 uleshort =0 \b, 1st sector at 0x200 (0)
+# maybe standard DOS boot sector; NO example FOUND HERE!
+#>>0x200 indirect x \b; contains
+
+0 string \074CPM_Disk\076 disk image data (YAZE)
+
+# From: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/Central_Point_Software#cite_note-6
+# Reference: https://www.robcraig.com/download/transcopy-5-x-file-format
+# https://www.robcraig.com/download/transcopy-file-format-by-gene-thompson
+# http://mark0.net/download/triddefs_xml.7z/defs/t/tc-transcopy.trid.xml
+# TransCopy signature
+0 beshort 0x5AA5
+# skip Intel serial flash ROM with invalid 0 disk sides handled by ./intel
+>0x103 ubyte !0
+# skip Intel serial flash ROM with unlikely "high" start cylinder 100 handled by ./intel
+#>>0x101 ubyte <100 VALID_START_CYLINDER
+# skip Intel serial flash ROM with unlikely description handled by ./intel
+#>>>2 beshort !0xF00f VALID_DESCRIPTION
+# skip Intel serial flash ROM with invalid disk types 89h 88h handled by ./intel
+#>>>>0x100 byte !0x89 VALID_DISK_TYPE
+>>0 use tc-floppy
+# display information of Central Point Software (CPS) Option Board TransCopy floppy image
+0 name tc-floppy
+>0 beshort x TransCopy disk image
+#!:mime application/octet-stream
+!:mime application/x-floppy-image-tc
+# like: disk04.tc VOCALC2.TC WIZ5_A.tc WIZ2_720.IMG
+!:ext tc/img
+# 1st description (optional 0-terminated maximal 32) like:
+# "Project Workbench 2.20" "Visi On Calc" "Wizardry V Disk 1 of 3"
+>2 string >\0 %.32s
+# 2nd desc. (optional 0-terminated maximal 32) like:
+# "(1988)." "Advanced - Utility" 'Program Disk 2"
+>0x22 string >\0 "%.32s"
+# Looks like ascii (like MESSAGES) formatted with attribute bytes (190)?
+# not needed for disk copy
+#>>0x42 string x '%.190s'
+#>>0x88 lestring16 x "%.8s"
+# disktype: 2~MFM High Density 3~MFM Double Density 4~Apple II GCR 5~FM Single Density
+# 6~Commodore GCR 7~MFM Double Density 8~Commodore Amiga Ch~Atari FM FFh~Unknown
+>0x100 ubyte !0xFF \b, disk type %u
+# StartingCylinder like: 0
+>0x101 ubyte x \b, cylinder
+>0x101 ubyte !0 start=%u
+# EndingCylinder like: 40 (often) 41 79
+>0x102 ubyte x end=%u
+# NumberOfSides like: 2
+>0x103 ubyte !2 \b, %u sides
+# TrackIncrement like: 1
+>0x104 ubyte !1 \b, track increment %u
+# TrackPosTbl Track skew
+#>0x105 ubequad x \b, Track skew %#16.16llx
+# TrackOffsTbl
+#>0x305 ubequad x \b, TrackOffsTbl %#16.16llx
+# TrackLngthTbl
+#>0x505 ubequad x \b, TrackLngthTbl %#16.16llx
+# TrackTypeTable
+#>0x705 ubequad x \b, TrackTypeTable %#16.16llx
+# Address mark timing
+#>0x905 ubequad x \b, Address mark timing %#16.16llx
+# Track fragment
+#>0x2905 ubequad !0 \b, Track fragment %#16.16llx
+# Track data
+#>0x4000 ubequad !0 \b, Track data %#16.16llx
+
+# ReFS
+# Richard W.M. Jones <rjones@redhat.com>
+0 string \0\0\0ReFS\0 ReFS filesystem image
+
+# EFW encase image file format:
+# Gregoire Passault
+# http://www.forensicswiki.org/wiki/Encase_image_file_format
+0 string EVF\x09\x0d\x0a\xff\x00 EWF/Expert Witness/EnCase image file format
+
+# UBIfs
+# Linux kernel sources: fs/ubifs/ubifs-media.h
+0 lelong 0x06101831
+>0x16 leshort 0 UBIfs image
+>0x08 lequad x \b, sequence number %llu
+>0x10 leshort x \b, length %u
+>0x04 lelong x \b, CRC %#08x
+
+0 lelong 0x23494255
+>0x04 leshort <2
+>0x05 string \0\0\0
+>0x1c string \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
+>0x04 leshort x UBI image, version %u
+
+# NEC PC-88 2D disk image
+# From Fabio R. Schmidlin <sd-snatcher@users.sourceforge.net>
+0x20 ulelong&0xFFFFFEFF 0x2A0
+>0x10 string \0\0\0\0\0\0\0\0\0\0
+>>0x280 string \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
+>>>0x1A ubyte&0xEF 0
+>>>>0x1B ubyte&0x8F 0
+>>>>>0x1B ubyte&70 <0x40
+>>>>>>0x1C ulelong >0x21
+>>>>>>>0 regex [[:print:]]* NEC PC-88 disk image, name=%s
+>>>>>>>>0x1B ubyte 0 \b, media=2D
+>>>>>>>>0x1B ubyte 0x10 \b, media=2DD
+>>>>>>>>0x1B ubyte 0x20 \b, media=2HD
+>>>>>>>>0x1B ubyte 0x30 \b, media=1D
+>>>>>>>>0x1B ubyte 0x40 \b, media=1DD
+>>>>>>>>0x1A ubyte 0x10 \b, write-protected
+
+# HDD Raw Copy Tool disk image, file extension: .imgc
+# From Benjamin Vanheuverzwijn <bvanheu@gmail.com>
+0 pstring HDD\ Raw\ Copy\ Tool %s
+>0x100 pstring x %s
+>0x200 pstring x - HD model: %s
+#>0x300 pstring x unknown %s
+>0x400 pstring x serial: %s
+#>0x500 pstring x unknown: %s
+!:ext imgc
+
+# http://martin.hinner.info/fs/bfs/bfs-structure.html
+0 lelong 0x1BADFACE SCO UnixWare BFS filesystem
+
+# https://arstechnica.com/information-technology/2018/07/the-beos-filesystem/
+32 lelong 0x42465331 BE/OS BFS1 filesystem
+>36 lelong x \b, byte order %d
+>40 lelong x \b, block size %d
+>44 lelong x \b, block shift %d
+>48 lequad x \b, total blocks %lld
+>56 lequad x \b, used blocks %lld
+
+
+0 name next
+>0 lelong x \b, size %d
+>4 string x \b, label %s
+
+# https://opensource.apple.com/source/IOStorageFamily/IOStorageFamily-44.3\
+# /IONeXTPartitionScheme.h
+0 string NeXT NeXT version 1 disklabel
+>12 use next
+0 string dlV1 NeXT version 2 disklabel
+>12 use next
+0 string dlV2 NeXT version 3 disklabel
+>12 use next
+
+# bcachefs
+# From: Thomas Weißschuh <thomas@t-8ch.de>
+
+0 name bcachefs-uuid
+>0 ubelong x \b%08x
+>4 ubeshort x \b-%04x
+>6 ubeshort x \b-%04x
+>8 ubeshort x \b-%04x
+>10 ubelong x \b-%08x
+>14 ubeshort x \b%04x
+
+0 name bcachefs bcachefs
+>0x68 lequad 8 \b, UUID=
+>>0x38 use bcachefs-uuid
+>>0x48 string >0 \b, label "%.32s"
+>>0x10 uleshort x \b, version %u
+>>0x12 uleshort x \b, min version %u
+>>0x7a byte x \b, device %d
+# assumes the first field is the members field
+>>0x2f4 ulelong 0x01 \b/UUID=
+>>>0x2f0 default x
+>>>&(0x07a.b*56) use bcachefs-uuid
+>>0x07b byte x \b, %d devices
+>>0x090 byte ^0x02 \b (unclean)
+
+0x1018 string \xc6\x85\x73\xf6\x4e\x1a\x45\xca\x82\x65\xf5\x7f\x48\xba\x6d\x81
+>0x1000 use bcachefs
+
+0x1018 string \xc6\x85\x73\xf6\x66\xce\x90\xa9\xd9\x6a\x60\xcf\x80\x3d\xf7\xef
+>0x1000 use bcachefs
+
+# EROFS
+# https://kernel.googlesource.com/pub/scm/linux/kernel/git/xiang/erofs-utils/\
+# +/refs/heads/experimental/include/erofs_fs.h#12
+1024 lelong 0xE0F5E1E2 EROFS filesystem
+#>1028 lelong x \b, checksum=%#x
+>1032 lelong >0 \b, compat:
+>>1032 lelong &1 SB_CHKSUM
+>>1032 lelong &2 MTIME
+>1036 byte x \b, blocksize=%u
+>1037 byte x \b, exslots=%u
+#>1038 leshort x \b, root_nid=%d
+#>1040 lequad x \b, inodes=%ld
+#>1048 leldate x \b, build_time=%s
+#>1056 lelong x \b.%d
+#>1060 lelong x \b, blocks=%d
+#>1064 lelong x \b, metadata@%#x
+#>1068 lelong x \b, xattr@%#x
+>1072 guid x \b, uuid=%s
+>1088 string >0 \b, name=%s
+>1104 lelong >0 \b, incompat:
+>>1104 lelong &1 LZ4_0PADDING
+>>1104 lelong &2 BIG_PCLUSTER
+>>1104 lelong &4 CHUNKED_FILE
+>>1104 lelong &8 DEVICE_TABLE
+>>1104 lelong &16 ZTAILPACKING
+
+# YAFFS
+# The layout itself is undocumented, determined by the memory layout of the
+# reference implementation. This signature is derived from the
+# reference implementation code and generated test cases
+# We recognize the start of an object header defined by yaffs_obj_hdr:
+# (Note the values being encoded depending on platform endianess)
+
+# u32 type /* enum yaffs_obj_type, valid 1-5 */
+# u32 parent_obj_id; /* 1 for root objects we recognize */
+# u16 sum_no_longer_used; /* checksum of name. Not used by YAFFS and memset to 0xFF */
+# YCHAR name[YAFFS_MAX_NAME_LENGTH + 1];
+
+# mkyaffsimage always writes a root directory with empty name, then processing the target directory contents
+# mkyaffs2image directly proceeds to writing entries with the appropriate u32 YAFFS_OBJECT_TYPE (1-5 valid), each with parent id 1
+
+0 name yaffs
+>0 ulelong 1 \b, type file
+>0 ulelong 2 \b, type symlink
+>0 ulelong 3 \b, type root or directory
+>0 ulelong 4 \b, type hardlink
+>0 ulelong 5 \b, type special
+>0xA byte 0 \b, v1 root directory
+>0xA byte !0 \b, object entry
+>>0xA string x (name: "%s")
+
+# Little Endian: XX 00 00 00 01 00 00 00 FF FF YY
+# XX: 01 - 05 (object type)
+# YY: 00 for version 1 root directory, > 00 for version 2 (name data)
+0x1 string \x00\x00\x00\x01\x00\x00\x00\xFF\xFF
+>0 ulelong 0
+>0 ulelong >5
+>0 default x YAFFS filesystem root entry (little endian)
+>>0 use yaffs
+
+# Big Endian: 00 00 00 XX 00 00 00 01 FF FF YY
+# XX: 01 - 05 (object type)
+# YY: 00 for version 1 root directory, > 00 for version 2 (name data)
+0x4 string \x00\x00\x00\x01\xFF\xFF
+>0 string \x00\x00\x00
+>>0 ubelong 0
+>>0 ubelong >5
+>>0 default x YAFFS filesystem root entry (big endian)
+>>>0 use \^yaffs
diff --git a/magic/Magdir/finger b/magic/Magdir/finger
new file mode 100644
index 0000000..ab43ac6
--- /dev/null
+++ b/magic/Magdir/finger
@@ -0,0 +1,16 @@
+
+#------------------------------------------------------------------------------
+# $File: finger,v 1.3 2019/04/19 00:42:27 christos Exp $
+# fingerprint: file(1) magic for fingerprint data
+# XPM bitmaps)
+#
+
+# https://cgit.freedesktop.org/libfprint/libfprint/tree/libfprint/data.c
+
+0 string FP1 libfprint fingerprint data V1
+>3 beshort x \b, driver_id %x
+>5 belong x \b, devtype %x
+
+0 string FP2 libfprint fingerprint data V2
+>3 beshort x \b, driver_id %x
+>5 belong x \b, devtype %x
diff --git a/magic/Magdir/firmware b/magic/Magdir/firmware
new file mode 100644
index 0000000..4835b12
--- /dev/null
+++ b/magic/Magdir/firmware
@@ -0,0 +1,133 @@
+#------------------------------------------------------------------------------
+# $File: firmware,v 1.7 2023/03/11 18:52:03 christos Exp $
+# firmware: file(1) magic for firmware files
+#
+
+# https://github.com/MatrixEditor/frontier-smart-api/blob/main/docs/firmware-2.0.md#11-header-structure
+# examples: https://github.com/cweiske/frontier-silicon-firmwares
+0 lelong 0x00001176
+>4 lelong 0x7c Frontier Silicon firmware download
+>>8 lelong x \b, MeOS version %x
+>>12 string/32/T x \b, version %s
+>>40 string/64/T x \b, customization %s
+
+# HPE iLO firmware update image
+# From: Alexandre Iooss <erdnaxe@crans.org>
+# URL: https://www.sstic.org/2018/presentation/backdooring_your_server_through_its_bmc_the_hpe_ilo4_case/
+# iLO1 (ilo1*.bin) or iLO2 (ilo2_*.bin) images
+0 string \x20\x36\xc1\xce\x60\x37\x62\xf0\x3f\x06\xde\x00\x00\x03\x7f\x00
+>16 ubeshort =0xCFDD HPE iLO2 firmware update image
+>16 ubeshort =0x6444 HPE iLO1 firmware update image
+# iLO3 images (ilo3_*.bin) start directly with image name
+0 string iLO3\x20v\x20 HPE iLO3 firmware update image,
+>7 string x version %s
+# iLO4 images (ilo4_*.bin) start with a signature and a certificate
+0 string --=</Begin\x20HP\x20Signed
+>75 string label_HPBBatch
+>>5828 string iLO\x204
+>>>5732 string HPIMAGE\x00 HPE iLO4 firmware update image,
+>>>6947 string x version %s
+# iLO5 images (ilo5_*.bin) start with a signature
+>75 string label_HPE-HPB-BMC-ILO5-4096
+>>880 string HPIMAGE\x00 HPE iLO5 firmware update image,
+>>944 string x version %s
+
+# IBM POWER Secure Boot Container
+# from https://github.com/open-power/skiboot/blob/master/libstb/container.h
+0 belong 0x17082011 POWER Secure Boot Container,
+>4 beshort x version %u
+>6 bequad x container size %llu
+# These are always zero
+# >14 bequad x target HRMOR %llx
+# >22 bequad x stack pointer %llx
+>4096 ustring \xFD7zXZ\x00 XZ compressed
+0 belong 0x1bad1bad POWER boot firmware
+>256 belong 0x48002030 (PHYP entry point)
+
+# ARM Cortex-M vector table
+# From: Alexandre Iooss <erdnaxe@crans.org>
+# URL: https://developer.arm.com/documentation/100701/0200/Exception-properties
+# Match stack MSB
+3 byte 0x20
+# Function pointers must be in Thumb-mode and before 0x20000000 (4*5 bits match)
+>4 ulelong&0xE0000001 1
+>>8 ulelong&0xE0000001 1
+>>>12 ulelong&0xE0000001 1
+>>>>44 ulelong&0xE0000001 1
+>>>>>56 ulelong&0xE0000001 1
+# Match Cortex-M reserved sections (0x00000000 or 0xFFFFFFFF)
+>>>>>>28 ulelong+1 <2
+>>>>>>>32 ulelong+1 <2
+>>>>>>>>36 ulelong+1 <2
+>>>>>>>>>40 ulelong+1 <2
+>>>>>>>>>>52 ulelong+1 <2 ARM Cortex-M firmware
+>>>>>>>>>>>0 ulelong >0 \b, initial SP at 0x%08x
+>>>>>>>>>>>4 ulelong^1 x \b, reset at 0x%08x
+>>>>>>>>>>>8 ulelong^1 x \b, NMI at 0x%08x
+>>>>>>>>>>>12 ulelong^1 x \b, HardFault at 0x%08x
+>>>>>>>>>>>44 ulelong^1 x \b, SVCall at 0x%08x
+>>>>>>>>>>>56 ulelong^1 x \b, PendSV at 0x%08x
+
+# ESP-IDF partition table entry
+# From: Alexandre Iooss <erdnaxe@crans.org>
+# URL: https://github.com/espressif/esp-idf/blob/v5.0/components/esp_partition/include/esp_partition.h
+0 string \xAA\x50
+>2 ubyte <2 ESP-IDF partition table entry
+>>12 string/16 x \b, label: "%s"
+>>2 ubyte 0
+>>>3 ubyte 0x00 \b, factory app
+>>>3 ubyte 0x10 \b, OTA_0 app
+>>>3 ubyte 0x11 \b, OTA_1 app
+>>>3 ubyte 0x12 \b, OTA_2 app
+>>>3 ubyte 0x13 \b, OTA_3 app
+>>>3 ubyte 0x14 \b, OTA_4 app
+>>>3 ubyte 0x15 \b, OTA_5 app
+>>>3 ubyte 0x16 \b, OTA_6 app
+>>>3 ubyte 0x17 \b, OTA_7 app
+>>>3 ubyte 0x18 \b, OTA_8 app
+>>>3 ubyte 0x19 \b, OTA_9 app
+>>>3 ubyte 0x1A \b, OTA_10 app
+>>>3 ubyte 0x1B \b, OTA_11 app
+>>>3 ubyte 0x1C \b, OTA_12 app
+>>>3 ubyte 0x1D \b, OTA_13 app
+>>>3 ubyte 0x1E \b, OTA_14 app
+>>>3 ubyte 0x1F \b, OTA_15 app
+>>>3 ubyte 0x20 \b, test app
+>>2 ubyte 1
+>>>3 ubyte 0x00 \b, OTA selection data
+>>>3 ubyte 0x01 \b, PHY init data
+>>>3 ubyte 0x02 \b, NVS data
+>>>3 ubyte 0x03 \b, coredump data
+>>>3 ubyte 0x04 \b, NVS keys
+>>>3 ubyte 0x05 \b, emulated eFuse data
+>>>3 ubyte 0x06 \b, undefined data
+>>>3 ubyte 0x80 \b, ESPHTTPD partition
+>>>3 ubyte 0x81 \b, FAT partition
+>>>3 ubyte 0x82 \b, SPIFFS partition
+>>>3 ubyte 0xFF \b, any data
+>>4 ulelong x \b, offset: 0x%X
+>>8 ulelong x \b, size: 0x%X
+>>28 ulelong&0x1 1 \b, encrypted
+
+# ESP-IDF application image
+# From: Alexandre Iooss <erdnaxe@crans.org>
+# URL: https://github.com/espressif/esp-idf/blob/v5.0/components/bootloader_support/include/esp_app_format.h
+# Note: Concatenation of esp_image_header_t, esp_image_segment_header_t and esp_app_desc_t
+# First segment contains esp_app_desc_t
+0 ubyte 0xE9
+>32 ulelong 0xABCD5432 ESP-IDF application image
+>>12 uleshort 0x0000 for ESP32
+>>12 uleshort 0x0002 for ESP32-S2
+>>12 uleshort 0x0005 for ESP32-C3
+>>12 uleshort 0x0009 for ESP32-S3
+>>12 uleshort 0x000A for ESP32-H2 Beta1
+>>12 uleshort 0x000C for ESP32-C2
+>>12 uleshort 0x000D for ESP32-C6
+>>12 uleshort 0x000E for ESP32-H2 Beta2
+>>12 uleshort 0x0010 for ESP32-H2
+>>80 string/32 x \b, project name: "%s"
+>>48 string/32 x \b, version %s
+>>128 string/16 x \b, compiled on %s
+>>>112 string/16 x %s
+>>144 string/32 x \b, IDF version: %s
+>>4 ulelong x \b, entry address: 0x%08X
diff --git a/magic/Magdir/flash b/magic/Magdir/flash
new file mode 100644
index 0000000..33b7344
--- /dev/null
+++ b/magic/Magdir/flash
@@ -0,0 +1,62 @@
+
+#------------------------------------------------------------------------------
+# $File: flash,v 1.15 2019/04/19 00:42:27 christos Exp $
+# flash: file(1) magic for Macromedia Flash file format
+#
+# See
+#
+# https://www.macromedia.com/software/flash/open/
+# https://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/\
+# en/devnet/swf/pdf/swf-file-format-spec.pdf page 27
+#
+
+0 name swf-details
+
+>0 string F
+>>8 byte&0xfd 0x08 Macromedia Flash data
+!:mime application/x-shockwave-flash
+>>>3 byte x \b, version %d
+>>8 byte&0xfe 0x10 Macromedia Flash data
+!:mime application/x-shockwave-flash
+>>>3 byte x \b, version %d
+>>8 byte 0x18 Macromedia Flash data
+!:mime application/x-shockwave-flash
+>>>3 byte x \b, version %d
+>>8 beshort&0xff87 0x2000 Macromedia Flash data
+!:mime application/x-shockwave-flash
+>>>3 byte x \b, version %d
+>>8 beshort&0xffe0 0x3000 Macromedia Flash data
+!:mime application/x-shockwave-flash
+>>>3 byte x \b, version %d
+>>8 byte&0x7 0
+>>>8 ubyte >0x2f
+>>>>9 ubyte <0x20 Macromedia Flash data
+!:mime application/x-shockwave-flash
+>>>>>3 byte x \b, version %d
+
+>0 string C
+>>8 byte 0x78 Macromedia Flash data (compressed)
+!:mime application/x-shockwave-flash
+>>>3 byte x \b, version %d
+
+>0 string Z
+>>8 byte 0x5d Macromedia Flash data (lzma compressed)
+!:mime application/x-shockwave-flash
+>>>3 byte x \b, version %d
+
+
+1 string WS
+>4 ulelong >14
+>>3 ubyte !0
+>>>0 use swf-details
+
+# From: Cal Peake <cp@absolutedigital.net>
+0 string FLV\x01 Macromedia Flash Video
+!:mime video/x-flv
+
+#
+# Yosu Gomez
+0 string AGD2\xbe\xb8\xbb\xcd\x00 Macromedia Freehand 7 Document
+0 string AGD3\xbe\xb8\xbb\xcc\x00 Macromedia Freehand 8 Document
+# From Dave Wilson
+0 string AGD4\xbe\xb8\xbb\xcb\x00 Macromedia Freehand 9 Document
diff --git a/magic/Magdir/flif b/magic/Magdir/flif
new file mode 100644
index 0000000..9406208
--- /dev/null
+++ b/magic/Magdir/flif
@@ -0,0 +1,36 @@
+
+#------------------------------------------------------------------------------
+# $File: flif,v 1.1 2015/11/23 22:04:36 christos Exp $
+# flif: Magic data for file(1) command.
+# FLIF (Free Lossless Image Format)
+
+0 string FLIF FLIF
+>4 string <H image data
+>>6 beshort x \b, %u
+>>8 beshort x \bx%u
+>>5 string 1 \b, 8-bit/color,
+>>5 string 2 \b, 16-bit/color,
+>>4 string 1 \b, grayscale, non-interlaced
+>>4 string 3 \b, RGB, non-interlaced
+>>4 string 4 \b, RGBA, non-interlaced
+>>4 string A \b, grayscale
+>>4 string C \b, RGB, interlaced
+>>4 string D \b, RGBA, interlaced
+>4 string >H \b, animation data
+>>5 ubyte <255 \b, %i frames
+>>>7 beshort x \b, %u
+>>>9 beshort x \bx%u
+>>>6 string =1 \b, 8-bit/color
+>>>6 string =2 \b, 16-bit/color
+>>5 ubyte 0xFF
+>>>6 beshort x \b, %i frames,
+>>>9 beshort x \b, %u
+>>>11 beshort x \bx%u
+>>>8 string =1 \b, 8-bit/color
+>>>8 string =2 \b, 16-bit/color
+>>4 string =Q \b, grayscale, non-interlaced
+>>4 string =S \b, RGB, non-interlaced
+>>4 string =T \b, RGBA, non-interlaced
+>>4 string =a \b, grayscale
+>>4 string =c \b, RGB, interlaced
+>>4 string =d \b, RGBA, interlaced
diff --git a/magic/Magdir/fonts b/magic/Magdir/fonts
new file mode 100644
index 0000000..17373b5
--- /dev/null
+++ b/magic/Magdir/fonts
@@ -0,0 +1,449 @@
+
+#------------------------------------------------------------------------------
+# $File: fonts,v 1.51 2022/08/16 11:16:39 christos Exp $
+# fonts: file(1) magic for font data
+#
+0 search/1 FONT ASCII vfont text
+0 short 0436 Berkeley vfont data
+0 short 017001 byte-swapped Berkeley vfont data
+
+# PostScript fonts (must precede "printer" entries), quinlan@yggdrasil.com
+# Modified by: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/PostScript_fonts
+# http://fileformats.archiveteam.org/wiki/Adobe_Type_1
+# Reference: http://mark0.net/download/triddefs_xml.7z
+# defs/p/pfb.trid.xml
+# Note: PFB stands for Printer Font Binary
+0 string %!PS-AdobeFont-1. PostScript Type 1 font text
+#!:mime font/x-postscript-pfb
+#!:ext pfb
+>20 string >\0 (%s)
+# http://www.nationalarchives.gov.uk/pronom/fmt/525
+6 string %!PS-AdobeFont-1.
+# skip DROID fmt-525-signature-id-816.pfb by checking for content after header
+>24 ubyte x PostScript Type 1 font program data
+#!:mime application/octet-stream
+!:mime font/x-postscript-pfb
+!:ext pfb
+# often followed by colon (3Ah) and space (20h) and font name like: DarkGardenMK LetterGothic
+>>24 ubyte =0x3A
+>>>26 string >\0 (%s)
+# some times instead of colon %%CreationDate: and "font name" later
+>>24 ubyte !0x3A
+# font name directive followed by def like: c0633bt_.pfb
+>>>25 search/1247 /FontName\040/
+# show font name in parentheses like: Frankfurt Lithos CharterBT-BoldItalic Courier10PitchBT-Bold
+>>>>&0 regex [A-Za-z0-9-]+ (%s)
+# http://cd.textfiles.com/maxfonts/ATM/M/MIRROR__.PFB
+6 string %PS-AdobeFont-1. PostScript Type 1 font program data
+!:mime font/x-postscript-pfb
+!:ext pfb
+# font name like: Times-Mirror
+>25 string >\0 (%s)
+0 string %!FontType1 PostScript Type 1 font program data
+#!:mime font/x-postscript-pfb
+#!:ext pfb
+6 string %!FontType1 PostScript Type 1 font program data
+#!:mime application/octet-stream
+!:mime font/x-postscript-pfb
+!:ext pfb
+# font name like: CaslonOpenFace FetteFraktur Kaufmann Linotext MesozoicGothic Old-Town
+>23 string >\0 (%s)
+# http://cd.textfiles.com/maxfonts/ATM/P/PLAYBI.PFB
+230 string %!FontType1 PostScript Type 1 font program data
+!:mime font/x-postscript-pfb
+!:ext pfb
+# font name like: Playbill
+>247 string >\0 (%s)
+0 string %!PS-Adobe-3.0\ Resource-Font PostScript Type 1 font text
+#!:mime font/x-postscript-pfb
+#!:ext pfb
+
+# Summary: PostScript Type 1 Printer Font Metrics
+# URL: https://en.wikipedia.org/wiki/PostScript_fonts
+# Reference: https://partners.adobe.com/public/developer/en/font/5178.PFM.pdf
+# Modified by: Joerg Jenderek
+# Note: moved from ./msdos magic
+# dfVersion 256=0100h
+0 uleshort 0x0100
+# GRR: line above is too general as it catches also TrueType font,
+# raw G3 data FAX, WhatsApp encrypted and Panorama database
+# dfType 129=0081h
+>66 uleshort 0x0081
+# dfVertRes 300=012Ch not needed as additional test
+#>>70 uleshort 0x012c
+# dfHorizRes 300=012Ch
+#>>>72 uleshort 0x012c
+# dfDriverInfo points to postscript information section
+>>(101.l) string/c Postscript Printer Font Metrics
+# above labeled "PFM data" by ./msdos (version 5.28) or "Adobe Printer Font Metrics" by TrID
+!:mime application/x-font-pfm
+# AppleShare Print Server
+#!:apple ASPS????
+!:ext pfm
+# dfCopyright 60 byte null padded Copyright string. uncomment it to get old looking
+#>>>6 string >\060 - %-.60s
+# dfDriverInfo
+>>>139 ulelong >0
+# often abbreviated and same as filename
+>>>>(139.l) string x %s
+# dfSize
+>>>2 ulelong x \b, %d bytes
+# dfFace 210=D2h 9Eh
+>>>105 ulelong >0
+# Windows font name
+>>>>(105.l) string x \b, %s
+# dfItalic
+>>>80 ubyte 1 italic
+# dfUnderline
+>>>81 ubyte 1 underline
+# dfStrikeOut
+>>>82 ubyte 1 strikeout
+# dfWeight 400=0x0190 300=0x012c 500=0x01f4 600=0x0258 700=0x02bc
+>>>83 uleshort >699 bold
+# dfPitchAndFamily 16 17 48 49 64 65
+>>>90 ubyte 16 serif
+>>>90 ubyte 17 serif proportional
+#>>>90 ubyte 48 other
+>>>90 ubyte 49 proportional
+>>>90 ubyte 64 script
+>>>90 ubyte 65 script proportional
+
+# X11 font files in SNF (Server Natural Format) format
+# updated by Joerg Jenderek at Feb 2013 and Nov 2021
+# http://computer-programming-forum.com/51-perl/8f22fb96d2e34bab.htm
+# URL: http://fileformats.archiveteam.org/wiki/SNF
+# Reference: https://cgit.freedesktop.org/xorg/lib/libXfont/tree/src/bitmap/snfstr.h
+0 belong 00000004
+# version2 same as version1 in struct _snfFontInfo
+>104 belong 00000004 X11 SNF font data, MSB first
+# GRR: line above is too general as it catches also DEGAS low-res bitmap like:
+# http://cd.textfiles.com/geminiatari/FILES/GRAPHICS/ANIMAT/SPID_PAT/BIGSPID.PI1
+!:mime application/x-font-sfn
+!:ext snf
+# GRR: line below is too general as it catches also Xbase index file t3-CHAR.NDX
+0 lelong 00000004
+>104 lelong 00000004 X11 SNF font data, LSB first
+!:mime application/x-font-sfn
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/s/snf-x11-lsb.trid.xml
+!:ext snf
+
+# X11 Bitmap Distribution Format, from Daniel Quinlan (quinlan@yggdrasil.com)
+0 search/1 STARTFONT\ X11 BDF font text
+
+# From: Joerg Jenderek
+# URL: https://grub.gibibit.com/New_font_format
+# Reference: util/grub-mkfont.c
+# include/grub/fontformat.h
+# FONT_FORMAT_SECTION_NAMES_FILE
+0 string FILE
+# FONT_FORMAT_PFF2_MAGIC
+>8 string PFF2
+# leng 4 only at the moment
+>>4 ubelong 4
+# FONT_FORMAT_SECTION_NAMES_FONT_NAME
+>>>12 string NAME GRUB2 font
+!:mime application/x-font-pf2
+!:ext pf2
+# length of font_name
+>>>>16 ubelong >0
+# font_name
+>>>>>20 string >\0 "%-s"
+
+# X11 fonts, from Daniel Quinlan (quinlan@yggdrasil.com)
+# PCF must come before SGI additions ("MIPSEL MIPS-II COFF" collides)
+0 string \001fcp X11 Portable Compiled Font data,
+>12 lelong ^0x08 bit: LSB,
+>12 lelong &0x08 bit: MSB,
+>12 lelong ^0x04 byte: LSB first
+>12 lelong &0x04 byte: MSB first
+0 string D1.0\015 X11 Speedo font data
+
+#------------------------------------------------------------------------------
+# FIGlet fonts and controlfiles
+# From figmagic supplied with Figlet version 2.2
+# "David E. O'Brien" <obrien@FreeBSD.ORG>
+0 string flf FIGlet font
+>3 string >2a version %-2.2s
+0 string flc FIGlet controlfile
+>3 string >2a version %-2.2s
+
+# libGrx graphics lib fonts, from Albert Cahalan (acahalan@cs.uml.edu)
+# Used with djgpp (DOS Gnu C++), sometimes Linux or Turbo C++
+0 belong 0x14025919 libGrx font data,
+>8 leshort x %dx
+>10 leshort x \b%d
+>40 string x %s
+# Misc. DOS VGA fonts, from Albert Cahalan (acahalan@cs.uml.edu)
+# Update: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/CPI
+# Reference: http://www.delorie.com/djgpp/doc/rbinter/it/58/17.html
+0 belong 0xff464f4e DOS code page font data collection
+!:mime font/x-dos-cpi
+!:ext cpi
+0 string \x7fDRFONT DR-DOS code page font data collection
+!:mime font/x-drdos-cpi
+!:ext cpi
+7 belong 0x00454741 DOS code page font data
+7 belong 0x00564944 DOS code page font data (from Linux?)
+4098 string DOSFONT DOSFONT2 encrypted font data
+
+# From: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/GEM_bitmap_font
+# Reference: http://cd.textfiles.com/ataricompendium/BOOK/HTML/APPENDC.HTM#cnt
+#
+# usual case with lightening mask and skewing mask 5555h~UU
+#62 ulelong 0x55555555
+# skip cl8m8ocofedso.testfile by looking for face size lower/equal 72
+#>2 uleshort <73
+#>>0 use gdos-font
+# BOX18.GFT COWBOY30.GFT ROYALK30.GFT
+#62 ulelong 0
+# skip ISO 9660 CD-ROM ./filesystem by looking for low positive face size
+#>2 uleshort >2
+# skip DOS 2.0 backup id file ./msdos by looking for face size lower/equal 72
+#>>2 uleshort <73
+# skip MS oem.hlp, some Windows ICO ./msdos by looking for valid long name like WYE
+#>>>4 ulelong >0x001F1f1F
+# skip Microsoft WinWord 2.0 ./msdos by looking for positive offset to font data
+#>>>>76 ulelong >83
+#>>>>>0 use gdos-font
+0 name gdos-font
+>0 uleshort x GEM GDOS font
+!:mime application/x-font-gdos
+# also .eps found like AA070GEP.EPS AI360GEP.EPS
+!:ext fnt/gtf
+# font name like Big&Tall, Celtic #s, Courier, University Bold, WYE
+>4 string x %.32s
+# face size in points 3-72 SLSS03CG.FNT H1CELT72.FNT
+>2 uleshort x %u
+# face ID (must be unique)
+>0 uleshort x \b, ID %#4.4x
+# lowest character index in face (4 but usually 32 for disk-loaded fonts)
+#>36 uleshort !32 \b, unusual character index %u
+# width of the widest character like 0 8 10 12 16 24 32
+#>50 uleshort x \b, %u char width
+# width of the widest character cell like 8 11 12 14 15 16 33 67
+#>52 uleshort x \b, %u cell width
+# thickening size in pixel like 0 1 2 3 4 5 6 7 8
+#>58 uleshort x \b, %u thick
+# lightening mask to eliminate pixels, usually 5555h
+>62 uleshort !0x5555 \b, lightening mask %#x
+# skewing mask to determine when to perform additional rotation when skewing, usually 5555h
+>64 uleshort !0x5555 \b, skewing mask %#x
+# offset to optional horizontal offset table 0 58h~88 5eh 252h
+#>68 ulelong x \b, %#x horizontal table offset
+# offset of character offset table 54h for many *.GFT 55h 58h 5Eh 120h 1D4h 202h 220h
+#>72 ulelong x \b, %#x coffset
+# offset to font data like 116h 118h 158 20Ah 20Eh
+>76 ulelong x \b, %#x foffset
+# form width in bytes like 58 67 156 190 227 317 345
+#>80 uleshort x \b, %u fwidth
+# form height in bytes like 4 8 11 17 26 56 70 90 120 146 150
+#>82 uleshort x \b, %u fheight
+# pointer to the next font like 0 10000h 20000h 30000h 40000h 60000h 80000h E0000h D0000h
+#>84 ulelong x \b, %#x noffset
+
+# downloadable fonts for browser (prints type) anthon@mnt.org
+# https://tools.ietf.org/html/rfc3073
+0 string PFR1 Portable Font Resource font data (new)
+>102 string >0 \b: %s
+0 string PFR0 Portable Font Resource font data (old)
+>4 beshort >0 version %d
+
+# True Type fonts
+# Modified by: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/TrueType
+# Reference: https://developer.apple.com/fonts/TrueType-Reference-Manual/
+#
+# sfnt version "typ1" used by some Apple, but no example found
+0 string typ1
+>0 use sfnt-font
+>0 use sfnt-names
+# sfnt version "true" used by some Apple
+0 string true
+>0 use sfnt-font
+>0 use sfnt-names
+# GRR: below test is too general
+# sfnt version often 0x00010000
+0 string \000\001\000\000
+>0 use sfnt-font
+>0 use sfnt-names
+# validate and display sfnt font data like number of tables
+0 name sfnt-font
+# file 5.30 version assumes 00FFh as maximal number of tables
+#>4 ubeshort <0x0100
+# maximal 27 tables found like in Skia.ttf
+# 46 different table names mentioned on Apple specification
+# skip 1st sequence of DOS 2 backup with path separator (\~92 or /~47) misinterpreted as table number
+>4 ubeshort <47
+# skip bad examples with garbage table names like in a5.show HYPERC MAC
+# tag names consist of up to four characters padded with spaces at end like
+# BASE DSIG OS/2 Zapf acnt glyf cvt vmtx xref ...
+>>12 regex/4l \^[A-Za-z][A-Za-z][A-Za-z/][A-Za-z2\ ]
+#>>>0 ubelong x \b, sfnt version %#x
+>>>0 ubelong !0x4f54544f TrueType
+!:mime font/sfnt
+!:apple ????tfil
+# .ttf for TrueType font
+# EUDC.tte created by privat character editor %WINDIR%\system32\eudcedit.exe
+!:ext ttf/tte
+# sfnt version 4F54544Fh~OTTO
+>>>0 ubelong =0x4f54544f OpenType
+!:mime font/otf
+!:apple ????OTTO
+!:ext otf
+>>>0 ubelong x Font data
+# DSIG=44454947h table name implies a digitally signed font
+# search range = number of tables * 16 =< maximal number of tables * 16 = 27 * 16 = 432
+>>>12 search/432 DSIG \b, digitally signed
+>>>4 ubeshort x \b, %d tables
+# minimal 9 tables found like in NISC18030.ttf
+#>>>4 ubeshort <10 TMIN
+#>>>4 ubeshort >24 TBIG
+# table directory entries
+>>>12 string x \b, 1st "%4.4s"
+
+# search and display 1st name in sfnt font which is often copyright text
+# does not work inside font collections
+0 name sfnt-names
+# search for naming table
+>12 search/432/s name
+# biggest offset 0x0100bd28 like Windows10 Fonts\simsunb.ttf
+#>>>>&8 ubelong >0x0100bd27 BIGGEST OFFSET
+>>&8 ubelong >0x00100000
+# offset of name table
+>>>&-4 ubelong x \b, name offset %#x
+# GRR: pointer to name table only works if offset ~< FILE_BYTES_MAX = 100000h defined in src\file.h
+>>&8 ubelong <0x00100000
+>>>&-16 ubelong x
+# name table
+>>>>(&8.L) ubequad x
+# invalid format selector
+#>>>>>&-8 ubeshort !0 \b, invalid selector %x
+# minimal 3 name records found like in c:\Program Files (x86)\Tesseract-OCR\tessdata\pdf.ttf
+# maximal 1227 name records found like in Apple Chancery.ttf
+#>>>>>&-6 ubeshort <0x4 mincount
+#>>>>>&-6 ubeshort >130 maxcount
+>>>>>&-6 ubeshort x \b, %d names
+# offset to start of string storage from start of table
+#>>>>>&-4 ubeshort x \b, record offset %d
+# 1st name record
+# string offset from start of storage area
+#>>>>>&8 ubeshort x \b, string offset %d
+# string length
+#>>>>>&6 ubeshort x \b, string length %d
+# minimal name string 7 like in c:\Program Files (x86)\Kodi\addons\webinterface.default\lib\video-js\font\VideoJS.ttf
+# also found 0 like in SWZCONLN.TTF
+#>>>>>&6 ubeshort <8 MIN STRING
+# maximal name string 806 like in c:\Windows\Fonts\palabi.ttf
+#>>>>>&6 ubeshort >805 MAX STRING
+# platform identifier: 0~Apple Unicode, 1~Macintosh, 3~Microsoft
+#>>>>>&-2 ubeshort >3 BAD PLATFORM
+>>>>>&-2 ubeshort 0 \b, Unicode
+>>>>>&-2 ubeshort 1 \b, Macintosh
+>>>>>&-2 ubeshort 3 \b, Microsoft
+# languageID (0~english Macintosh, 0409h~english Microsoft, ...)
+>>>>>&2 ubeshort >0 \b, language %#x
+# name identifiers
+# often 0~copyright, 1~font, 2~font subfamily, 5~version, 13~license, 19~sample, ...
+>>>>>&4 ubeshort >0 \b, type %d string
+# platform specific encoding:
+# 0~undefined character set, 1~UGL set with Unicode, 3~Unicode 2.0 BMP only, 4~Unicode 2.0
+#>>>>>&0 ubeshort x \b, %d encoding
+>>>>>&0 ubeshort 0
+# handle only name string offset 0 because do not know how to add 2 relative offsets
+>>>>>>&6 ubeshort 0
+>>>>>>>&(&-14.S-18) ubyte !0
+# GRR: instead 806 only first MAXstring = 96 characters are displayed as defined in src\file.h
+# often copyright string that starts like \251 2006 The Monotype Corporation
+>>>>>>>>&-1 string x \b, %-11.96s
+# test for unicode string
+>>>>>>>&(&-14.S-18) ubyte 0
+>>>>>>>>&0 lestring16 x \b, %-11.96s
+# unicode encoding
+>>>>>&0 ubeshort >0
+>>>>>>&6 ubeshort 0
+>>>>>>>&(&-14.S-17) lestring16 x \b, %-11.96s
+
+0 string \007\001\001\000Copyright\ (c)\ 199 Adobe Multiple Master font
+0 string \012\001\001\000Copyright\ (c)\ 199 Adobe Multiple Master font
+
+# TrueType/OpenType font collections (.ttc)
+# URL: https://en.wikipedia.org/wiki/OpenType
+# https://www.microsoft.com/typography/otspec/otff.htm
+# Modified by: Joerg Jenderek
+# Note: container for TrueType, OpenType font
+0 string ttcf
+# skip ASCII text
+>4 ubyte 0
+# sfnt version often 0x00010000 of 1st table is TrueType
+>>(12.L) ubelong !0x4f54544f TrueType
+!:mime font/ttf
+!:apple ????tfil
+!:ext ttc
+# sfnt version 4F54544Fh~OTTO of 1st table is OpenType font
+>>(12.L) ubelong =0x4f54544f OpenType
+!:mime font/otf
+!:apple ????OTTO
+# no example found for otc
+!:ext ttc/otc
+>>4 ubyte x font collection data
+#!:mime font/collection
+# TCC version
+>>4 belong 0x00010000 \b, 1.0
+>>4 belong 0x00020000 \b, 2.0
+>>8 ubelong >0 \b, %d fonts
+# array offset size = fonts * offsetsize = fonts * 4
+>>(8.L*4) ubequad x
+# 0x44454947 = 'DSIG'
+>>>&4 belong 0x44534947 \b, digitally signed
+# offset to 1st font
+>>12 ubelong x \b, at %#x
+# point to 1st font that starts with sfnt version
+>>(12.L) use sfnt-font
+
+# Opentype font data from Avi Bercovich
+0 string OTTO OpenType font data
+!:mime application/vnd.ms-opentype
+
+# From: Alex Myczko <alex@aiei.ch>
+0 string SplineFontDB: Spline Font Database
+!:mime application/vnd.font-fontforge-sfd
+>14 string x version %s
+
+# EOT
+0x40 string \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
+>0x22 string LP Embedded OpenType (EOT)
+# workaround until there's lepstring16
+# >>0x52 lepstring16/h >\0 \b, %s family
+>>0x52 short !0
+>>>0x54 lestring16 x \b, %s family
+!:mime application/vnd.ms-fontobject
+
+# Web Open Font Format (.woff)
+0 name woff
+>4 belong 0x00010000 \b, TrueType
+>4 belong 0x4F54544F \b, CFF
+>4 belong 0x74727565 \b, TrueType
+>4 default x
+>>4 belong x \b, flavor %d
+>8 belong x \b, length %d
+#>12 beshort x \b, numTables %d
+#>14 beshort x \b, reserved %d
+#>16 belong x \b, totalSfntSize %d
+
+# https://www.w3.org/TR/WOFF/
+0 string wOFF Web Open Font Format
+!:mime font/woff
+>0 use woff
+>20 beshort x \b, version %d
+>22 beshort x \b.%d
+# https://www.w3.org/TR/WOFF2/
+0 string wOF2 Web Open Font Format (Version 2)
+!:mime font/woff2
+!:ext woff2
+>0 use woff
+#>20 belong x \b, totalCompressedSize %d
+>24 beshort x \b, version %d
+>26 beshort x \b.%d
diff --git a/magic/Magdir/forth b/magic/Magdir/forth
new file mode 100644
index 0000000..34c9181
--- /dev/null
+++ b/magic/Magdir/forth
@@ -0,0 +1,82 @@
+
+#------------------------------------------------------------------------------
+# $File: forth,v 1.4 2021/04/26 15:56:00 christos Exp $
+# forth: file(1) magic for various Forth environments
+# From: Lubomir Rintel <lkundrak@v3.sk>
+#
+
+# Has a FORTH stack diagram and something that looks very much like a FORTH
+# multi-line word definition. Probably a FORTH source.
+0 regex \[[:space:]]\\(([[:space:]].*)?\ --\ (.*[[:space:]])?\\)
+>0 regex \^:\[[:space:]]
+>>0 regex \^;$ FORTH program
+!:mime text/x-forth
+
+# Inline word definition complete with a stack diagram
+0 regex \^:[[:space:]].*[[:space:]]\\(([[:space:]].*)?\ --\ (.*[[:space:]])?\\)[[:space:]].*[[:space:]];$ FORTH program
+!:mime text/x-forth
+
+# Various dictionary images used by OpenFirware FORTH environment
+
+0 lelong 0xe1a00000
+>8 lelong 0xe1a00000
+# skip raspberry pi kernel image kernel7.img by checking for positive text length
+>>24 lelong >0 ARM OpenFirmware FORTH Dictionary,
+>>>24 lelong x Text length: %d bytes,
+>>>28 lelong x Data length: %d bytes,
+>>>32 lelong x Text Relocation Table length: %d bytes,
+>>>36 lelong x Data Relocation Table length: %d bytes,
+>>>40 lelong x Entry Point: %#08X,
+>>>44 lelong x BSS length: %d bytes
+
+0 string MP
+>28 lelong 1 x86 OpenFirmware FORTH Dictionary,
+>>4 leshort x %d blocks
+>>2 leshort x + %d bytes,
+>>6 leshort x %d relocations,
+>>8 leshort x Header length: %d paragraphs,
+>>10 leshort x Data Size: %d
+>>12 leshort x - %d 4K pages,
+>>14 lelong x Initial Stack Pointer: %#08X,
+>>20 lelong x Entry Point: %#08X,
+>>24 lelong x First Relocation Item: %d,
+>>26 lelong x Overlay Number: %d,
+>>18 leshort x Checksum: %#08X
+
+0 belong 0x48000020 PowerPC OpenFirmware FORTH Dictionary,
+>4 belong x Text length: %d bytes,
+>8 belong x Data length: %d bytes,
+>12 belong x BSS length: %d bytes,
+>16 belong x Symbol Table length: %d bytes,
+>20 belong x Entry Point: %#08X,
+>24 belong x Text Relocation Table length: %d bytes,
+>28 belong x Data Relocation Table length: %d bytes
+
+0 lelong 0x10000007 MIPS OpenFirmware FORTH Dictionary,
+>4 lelong x Text length: %d bytes,
+>8 lelong x Data length: %d bytes,
+>12 lelong x BSS length: %d bytes,
+>16 lelong x Symbol Table length: %d bytes,
+>20 lelong x Entry Point: %#08X,
+>24 lelong x Text Relocation Table length: %d bytes,
+>28 lelong x Data Relocation Table length: %d bytes
+
+# Dictionary images used by minimal C FORTH environments, any platform,
+# using native byte order.
+
+# Weak.
+#0 short 0x5820 cForth 16-bit Dictionary,
+#>2 short x Serial: %#08X,
+#>4 short x Dictionary Start: %#08X,
+#>6 short x Dictionary Size: %d bytes,
+#>8 short x User Area Start: %#08X,
+#>10 short x User Area Size: %d bytes,
+#>12 short x Entry Point: %#08X
+
+0 long 0x581120 cForth 32-bit Dictionary,
+>4 long x Serial: %#08X,
+>8 long x Dictionary Start: %#08X,
+>12 long x Dictionary Size: %d bytes,
+>16 long x User Area Start: %#08X,
+>20 long x User Area Size: %d bytes,
+>24 long x Entry Point: %#08X
diff --git a/magic/Magdir/fortran b/magic/Magdir/fortran
new file mode 100644
index 0000000..6abc2f7
--- /dev/null
+++ b/magic/Magdir/fortran
@@ -0,0 +1,9 @@
+
+#------------------------------------------------------------------------------
+# $File: fortran,v 1.10 2015/11/05 18:47:16 christos Exp $
+# FORTRAN source
+# Check that the first 100 lines start with C or whitespace first.
+0 regex/100l !\^[^Cc\ \t].*$
+>0 regex/100l \^[Cc][\ \t] FORTRAN program text
+!:mime text/x-fortran
+!:strength - 5
diff --git a/magic/Magdir/frame b/magic/Magdir/frame
new file mode 100644
index 0000000..c0fd840
--- /dev/null
+++ b/magic/Magdir/frame
@@ -0,0 +1,62 @@
+
+#------------------------------------------------------------------------------
+# $File: frame,v 1.14 2019/11/25 00:31:30 christos Exp $
+# frame: file(1) magic for FrameMaker files
+#
+# This stuff came on a FrameMaker demo tape, most of which is
+# copyright, but this file is "published" as witness the following:
+#
+# Note that this is the Framemaker Maker Interchange Format, not the
+# Normal format which would be application/vnd.framemaker.
+#
+0 string \<MakerFile FrameMaker document
+!:mime application/x-mif
+>11 string 5.5 (5.5
+>11 string 5.0 (5.0
+>11 string 4.0 (4.0
+>11 string 3.0 (3.0
+>11 string 2.0 (2.0
+>11 string 1.0 (1.0
+>14 byte x %c)
+# URL: http://fileformats.archiveteam.org/wiki/Maker_Interchange_Format
+# Reference: https://help.adobe.com/en_US/framemaker/mifreference/mifref.pdf
+# Update: Joerg Jenderek 2019 Nov
+0 string \<MIFFile FrameMaker MIF (ASCII) file
+# https://www.iana.org/assignments/media-types/application/vnd.mif
+!:mime application/vnd.mif
+# mif most but also find bookTOC.framemif
+!:ext mif/framemif
+# followed by space~20h
+#>8 ubyte 0x20 \b, space before version
+# 3 characters of version number of the MIF language like 1.0, 2.0 ... 2015 ...
+>9 string x (%.3s
+# if not greater sign then display 4th character of version
+>12 ubyte =0x3e \b)
+>12 ubyte !0x3e \b%c)
+# comment starting with # shows the name+version number of generating program
+>13 search/3 #
+>>&0 string x "%s"
+0 search/1 \<MakerDictionary FrameMaker Dictionary text
+!:mime application/x-mif
+>17 string 3.0 (3.0)
+>17 string 2.0 (2.0)
+>17 string 1.0 (1.x)
+0 string \<MakerScreenFont FrameMaker Font file
+!:mime application/x-mif
+>17 string 1.01 (%s)
+0 string \<MML FrameMaker MML file
+!:mime application/x-mif
+0 string \<BookFile FrameMaker Book file
+!:mime application/x-mif
+>10 string 3.0 (3.0
+>10 string 2.0 (2.0
+>10 string 1.0 (1.0
+>13 byte x %c)
+# XXX - this book entry should be verified, if you find one, uncomment this
+#0 string \<Book\040 FrameMaker Book (ASCII) file
+#!:mime application/x-mif
+#>6 string 3.0 (3.0)
+#>6 string 2.0 (2.0)
+#>6 string 1.0 (1.0)
+0 string \<Maker\040Intermediate\040Print\040File FrameMaker IPL file
+!:mime application/x-mif
diff --git a/magic/Magdir/freebsd b/magic/Magdir/freebsd
new file mode 100644
index 0000000..66aff6c
--- /dev/null
+++ b/magic/Magdir/freebsd
@@ -0,0 +1,164 @@
+
+#------------------------------------------------------------------------------
+# $File: freebsd,v 1.9 2022/01/19 12:44:13 christos Exp $
+# freebsd: file(1) magic for FreeBSD objects
+#
+# All new-style FreeBSD magic numbers are in host byte order (i.e.,
+# little-endian on x86).
+#
+# XXX - this comes from the file "freebsd" in a recent FreeBSD version of
+# "file"; it, and the NetBSD stuff in "netbsd", appear to use different
+# schemes for distinguishing between executable images, shared libraries,
+# and object files.
+#
+# FreeBSD says:
+#
+# Regardless of whether it's pure, demand-paged, or none of the
+# above:
+#
+# if the entry point is < 4096, then it's a shared library if
+# the "has run-time loader information" bit is set, and is
+# position-independent if the "is position-independent" bit
+# is set;
+#
+# if the entry point is >= 4096 (or >4095, same thing), then it's
+# an executable, and is dynamically-linked if the "has run-time
+# loader information" bit is set.
+#
+# On x86, NetBSD says:
+#
+# If it's neither pure nor demand-paged:
+#
+# if it has the "has run-time loader information" bit set, it's
+# a dynamically-linked executable;
+#
+# if it doesn't have that bit set, then:
+#
+# if it has the "is position-independent" bit set, it's
+# position-independent;
+#
+# if the entry point is non-zero, it's an executable, otherwise
+# it's an object file.
+#
+# If it's pure:
+#
+# if it has the "has run-time loader information" bit set, it's
+# a dynamically-linked executable, otherwise it's just an
+# executable.
+#
+# If it's demand-paged:
+#
+# if it has the "has run-time loader information" bit set,
+# then:
+#
+# if the entry point is < 4096, it's a shared library;
+#
+# if the entry point is = 4096 or > 4096 (i.e., >= 4096),
+# it's a dynamically-linked executable);
+#
+# if it doesn't have the "has run-time loader information" bit
+# set, then it's just an executable.
+#
+# (On non-x86, NetBSD does much the same thing, except that it uses
+# 8192 on 68K - except for "68k4k", which is presumably "68K with 4K
+# pages - SPARC, and MIPS, presumably because Sun-3's and Sun-4's
+# had 8K pages; dunno about MIPS.)
+#
+# I suspect the two will differ only in perverse and uninteresting cases
+# ("shared" libraries that aren't demand-paged and whose pages probably
+# won't actually be shared, executables with entry points <4096).
+#
+# I leave it to those more familiar with FreeBSD and NetBSD to figure out
+# what the right answer is (although using ">4095", FreeBSD-style, is
+# probably better than separately checking for "=4096" and ">4096",
+# NetBSD-style). (The old "netbsd" file analyzed FreeBSD demand paged
+# executables using the NetBSD technique.)
+#
+0 lelong&0377777777 041400407 FreeBSD/i386
+>20 lelong <4096
+>>3 byte&0xC0 &0x80 shared library
+>>3 byte&0xC0 0x40 PIC object
+>>3 byte&0xC0 0x00 object
+>20 lelong >4095
+>>3 byte&0x80 0x80 dynamically linked executable
+>>3 byte&0x80 0x00 executable
+>16 lelong >0 not stripped
+
+0 lelong&0377777777 041400410 FreeBSD/i386 pure
+>20 lelong <4096
+>>3 byte&0xC0 &0x80 shared library
+>>3 byte&0xC0 0x40 PIC object
+>>3 byte&0xC0 0x00 object
+>20 lelong >4095
+>>3 byte&0x80 0x80 dynamically linked executable
+>>3 byte&0x80 0x00 executable
+>16 lelong >0 not stripped
+
+0 lelong&0377777777 041400413 FreeBSD/i386 demand paged
+>20 lelong <4096
+>>3 byte&0xC0 &0x80 shared library
+>>3 byte&0xC0 0x40 PIC object
+>>3 byte&0xC0 0x00 object
+>20 lelong >4095
+>>3 byte&0x80 0x80 dynamically linked executable
+>>3 byte&0x80 0x00 executable
+>16 lelong >0 not stripped
+
+0 lelong&0377777777 041400314 FreeBSD/i386 compact demand paged
+>20 lelong <4096
+>>3 byte&0xC0 &0x80 shared library
+>>3 byte&0xC0 0x40 PIC object
+>>3 byte&0xC0 0x00 object
+>20 lelong >4095
+>>3 byte&0x80 0x80 dynamically linked executable
+>>3 byte&0x80 0x00 executable
+>16 lelong >0 not stripped
+
+# XXX gross hack to identify core files
+# cores start with a struct tss; we take advantage of the following:
+# byte 7: highest byte of the kernel stack pointer, always 0xfe
+# 8/9: kernel (ring 0) ss value, always 0x0010
+# 10 - 27: ring 1 and 2 ss/esp, unused, thus always 0
+# 28: low order byte of the current PTD entry, always 0 since the
+# PTD is page-aligned
+#
+7 string \357\020\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0 FreeBSD/i386 a.out core file
+>1039 string >\0 from '%s'
+
+# /var/run/ld.so.hints
+# What are you laughing about?
+0 lelong 011421044151 ld.so hints file (Little Endian
+>4 lelong >0 \b, version %d)
+>4 belong <1 \b)
+0 belong 011421044151 ld.so hints file (Big Endian
+>4 belong >0 \b, version %d)
+>4 belong <1 \b)
+
+#
+# Files generated by FreeBSD scrshot(1)/vidcontrol(1) utilities
+#
+0 string SCRSHOT_ scrshot(1) screenshot,
+>8 byte x version %d,
+>9 byte 2 %d bytes in header,
+>>10 byte x %d chars wide by
+>>11 byte x %d chars high
+
+#
+# FreeBSD kernel minidumps
+#
+0 string minidump\040FreeBSD/ FreeBSD kernel minidump
+# powerpc uses 32-byte magic, followed by 32-byte mmu kind, then version
+>17 string powerpc
+>>17 string >\0 for %s,
+>>>32 string >\0 %s,
+>>>>64 byte 0 big endian,
+>>>>>64 belong x version %d
+>>>>64 default x little endian,
+>>>>>64 lelong x version %d
+# all other architectures use 24-byte magic, followed by version
+>17 default x
+>>17 string >\0 for %s,
+>>>24 byte 0 big endian,
+>>>>24 belong x version %d
+>>>24 default x little endian,
+>>>>24 lelong x version %d
diff --git a/magic/Magdir/fsav b/magic/Magdir/fsav
new file mode 100644
index 0000000..5c1d6e2
--- /dev/null
+++ b/magic/Magdir/fsav
@@ -0,0 +1,128 @@
+
+#------------------------------------------------------------------------------
+# $File: fsav,v 1.22 2021/04/26 15:56:00 christos Exp $
+# fsav: file(1) magic for datafellows fsav virus definition files
+# Anthon van der Neut (anthon@mnt.org)
+
+# ftp://ftp.f-prot.com/pub/{macrdef2.zip,nomacro.def}
+0 beshort 0x1575 fsav macro virus signatures
+>8 leshort >0 (%d-
+>11 byte >0 \b%02d-
+>10 byte >0 \b%02d)
+# ftp://ftp.f-prot.com/pub/sign.zip
+#10 ubyte <12
+#>9 ubyte <32
+#>>8 ubyte 0x0a
+#>>>12 ubyte 0x07
+#>>>>11 uleshort >0 fsav DOS/Windows virus signatures (%d-
+#>>>>10 byte 0 \b01-
+#>>>>10 byte 1 \b02-
+#>>>>10 byte 2 \b03-
+#>>>>10 byte 3 \b04-
+#>>>>10 byte 4 \b05-
+#>>>>10 byte 5 \b06-
+#>>>>10 byte 6 \b07-
+#>>>>10 byte 7 \b08-
+#>>>>10 byte 8 \b09-
+#>>>>10 byte 9 \b10-
+#>>>>10 byte 10 \b11-
+#>>>>10 byte 11 \b12-
+#>>>>9 ubyte >0 \b%02d)
+# ftp://ftp.f-prot.com/pub/sign2.zip
+#0 ubyte 0x62
+#>1 ubyte 0xF5
+#>>2 ubyte 0x1
+#>>>3 ubyte 0x1
+#>>>>4 ubyte 0x0e
+#>>>>>13 ubyte >0 fsav virus signatures
+#>>>>>>11 ubyte x size %#02x
+#>>>>>>12 ubyte x \b%02x
+#>>>>>>13 ubyte x \b%02x bytes
+
+# Joerg Jenderek: joerg dot jenderek at web dot de
+# clamav-0.100.2\docs\html\node60.html
+# https://github.com/vrtadmin/clamav-faq/raw/master/manual/clamdoc.pdf
+# ClamAV virus database files start with a 512 bytes colon separated header
+# ClamAV-VDB:buildDate:version:signaturesNumbers:functionalityLevelRequired:MD5:Signature:builder:buildTime
+# + gzipped (optional) tarball files
+# output can often be verified by `sigtool --info=FILE`
+0 string ClamAV-VDB: Clam AntiVirus
+# padding spaces implies database
+>511 ubyte =0x20 database
+!:mime application/x-clamav-database
+# empty build time
+>>10 string =:: (unsigned)
+# sigtool(1) man page
+!:ext cud
+# display some text to avoid error like:
+# Magdir/fsav, 78: Warning: Current entry does not yet have a description for adding a EXTENSION type
+# file: could not find any valid magic files! (No error)
+>>10 default x (with buildtime)
+#>>10 default x
+# clamtmp is used for temporarily database like update process
+# for pure tar database only cld extension found
+!:ext cld/cvd/clamtmp/cud
+>511 default x file
+!:mime application/x-clamav
+!:ext info
+>11 string >\0
+# buildDate empty or like "22 Mar 2017 12-57 -0400"; verified by `sigtool -i FILE`
+>>11 regex \^[^:]{0,23} \b, %s
+# version like 25170
+>>>&1 regex \^[^:]{1,6} \b, version %s
+# signaturesNumbers like 4566249
+>>>>&1 regex \^[^:]{1,10} \b, %s signatures
+# functionalityLevelRequired like 60
+>>>>>&1 regex \^[^:]{1,4} \b, level %s
+# X for nothing or MD5
+#>>>>>>&1 regex \^[^:]{1,32} \b, MD5 "%s"
+>>>>>>&1 regex \^[^:]{1,32}
+# X for nothing or digital signature starting like AIzk/LYbX
+#>>>>>>>&1 regex \^[^:]{1,255} \b, signature "%s"
+>>>>>>>&1 regex \^[^:]{1,255}
+# builder like neo
+>>>>>>>>&1 regex \^[^:]{1,32} \b, builder %s
+# buildTime like 1506611558
+#>>>>>>>>>&1 regex \^[^:]{1,10} \b, %s
+>>>>>>>>>&1 regex \^[^:]{1,10}
+# padding with spaces
+#>>>>>>>>>>&1 ubequad x \b, padding %#16.16llx
+>510 ubyte =0x20
+# inspect real database content
+#>>512 ubeshort x \b, database MAGIC %#x
+# ./archive handle pure tar archives
+>>1012 quad =0 \b, with
+>>>512 use tar-file
+# not pure tar
+>>1012 quad !0
+# one space at the end of text and then handles gzipped archives by ./compress
+>>>512 string \037\213 \b, with
+>>>>512 indirect x
+
+# Type: Grisoft AVG AntiVirus
+# From: David Newgas <david@newgas.net>
+0 string AVG7_ANTIVIRUS_VAULT_FILE AVG 7 Antivirus vault file data
+
+0 string X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR
+>33 string -STANDARD-ANTIVIRUS-TEST-FILE!$H+H* EICAR virus test files
+
+# From: Joerg Jenderek
+# URL: https://www.avira.com/
+# Note: found in directory %ProgramData%\Avira\Antivirus\INFECTED (Windows)
+# tested with version 15.0.43.23 at November 2019
+0 string AntiVir\ Qua Avira AntiVir quarantined
+!:mime application/x-avira-qua
+#!:mime application/octet-stream
+!:ext qua
+>156 string SUSPICIOUS_FILE
+# file path of suspicious file
+>>220 lestring16 x %s
+>156 string !SUSPICIOUS_FILE
+# file path of virus file
+>>228 lestring16 x %s
+# quarantined date
+>60 ldate x at %s
+# virus/danger name
+>156 string !SUSPICIOUS_FILE
+>>156 string x \b, category "%s"
+
diff --git a/magic/Magdir/fusecompress b/magic/Magdir/fusecompress
new file mode 100644
index 0000000..165cf3c
--- /dev/null
+++ b/magic/Magdir/fusecompress
@@ -0,0 +1,12 @@
+
+#------------------------------------------------------------------------------
+# $File: fusecompress,v 1.2 2011/08/08 09:05:55 christos Exp $
+# fusecompress: file(1) magic for fusecompress
+0 string \037\135\211 FuseCompress(ed) data
+>3 byte 0x00 (none format)
+>3 byte 0x01 (bz2 format)
+>3 byte 0x02 (gz format)
+>3 byte 0x03 (lzo format)
+>3 byte 0x04 (xor format)
+>3 byte >0x04 (unknown format)
+>4 long x uncompressed size: %d
diff --git a/magic/Magdir/games b/magic/Magdir/games
new file mode 100644
index 0000000..0ccb4ac
--- /dev/null
+++ b/magic/Magdir/games
@@ -0,0 +1,696 @@
+
+#------------------------------------------------------------------------------
+# $File: games,v 1.31 2023/03/29 22:57:27 christos Exp $
+# games: file(1) for games
+
+# Fabio Bonelli <fabiobonelli@libero.it>
+# Quake II - III data files
+0 string IDP2 Quake II 3D Model file,
+>20 long x %u skin(s),
+>8 long x (%u x
+>12 long x %u),
+>40 long x %u frame(s),
+>16 long x Frame size %u bytes,
+>24 long x %u vertices/frame,
+>28 long x %u texture coordinates,
+>32 long x %u triangles/frame
+
+0 string IBSP Quake
+>4 long 0x26 II Map file (BSP)
+>4 long 0x2E III Map file (BSP)
+
+0 string IDS2 Quake II SP2 sprite file
+
+#---------------------------------------------------------------------------
+# Doom and Quake
+# submitted by Nicolas Patrois
+
+0 string \xcb\x1dBoom\xe6\xff\x03\x01 Boom or linuxdoom demo
+# some doom lmp files don't match, I've got one beginning with \x6d\x02\x01\x01
+
+24 string LxD\ 203 Linuxdoom save
+>0 string x , name=%s
+>44 string x , world=%s
+
+# Quake
+
+# Update: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/PAK
+# reference: https://quakewiki.org/wiki/.pak
+# GRR: line below is too general as it matches also Acorn PackDir compressed Archive
+# and Git pack ./revision
+0 string PACK
+# real Quake examples like pak0.pak have only some hundreds like 150 files
+# So test for few files
+>8 ulelong <0x01000000
+# in file version 5.32 test for null terminator is only true for
+# offset ~< FILE_BYTES_MAX = 1 MB defined in ../../src/file.h
+# look for null terminator of 1st entry name
+>>(4.l+55) ubyte 0 Quake I or II world or extension
+!:mime application/x-dzip
+!:ext pak
+#>>>8 ulelong x \b, table size %u
+# dividing this by entry size (64) gives number of files
+>>>8 ulelong/64 x \b, %u files
+# offset to the beginning of the file table
+>>>4 ulelong x \b, offset %#x
+# 1st file entry
+>>>(4.l) use pak-entry
+# 2nd file entry
+#>>>4 ulelong+64 x \b, offset %#x
+#>>>(4.l+64) use pak-entry
+#
+# display file table entry of Quake PAK archive
+0 name pak-entry
+# normally entry start after header which implies offset 12 or higher
+>56 ulelong >11
+# the offset from the beginning of pak to beginning of this entry file contents
+>>56 ulelong x at %#x
+# the size of file for this entry
+>>60 ulelong x %u bytes
+# 56 byte null-terminated entry name string includes path like maps/e1m1.bsp
+>>0 string x '%-.56s'
+# inspect entry content by jumping to entry offset
+>>(56) indirect x \b:
+
+#0 string -1\x0a Quake I demo
+#>30 string x version %.4s
+#>61 string x level %s
+
+#0 string 5\x0a Quake I save
+
+# The levels
+
+# Quake 1
+
+0 string 5\x0aIntroduction Quake I save: start Introduction
+0 string 5\x0athe_Slipgate_Complex Quake I save: e1m1 The slipgate complex
+0 string 5\x0aCastle_of_the_Damned Quake I save: e1m2 Castle of the damned
+0 string 5\x0athe_Necropolis Quake I save: e1m3 The necropolis
+0 string 5\x0athe_Grisly_Grotto Quake I save: e1m4 The grisly grotto
+0 string 5\x0aZiggurat_Vertigo Quake I save: e1m8 Ziggurat vertigo (secret)
+0 string 5\x0aGloom_Keep Quake I save: e1m5 Gloom keep
+0 string 5\x0aThe_Door_To_Chthon Quake I save: e1m6 The door to Chthon
+0 string 5\x0aThe_House_of_Chthon Quake I save: e1m7 The house of Chthon
+0 string 5\x0athe_Installation Quake I save: e2m1 The installation
+0 string 5\x0athe_Ogre_Citadel Quake I save: e2m2 The ogre citadel
+0 string 5\x0athe_Crypt_of_Decay Quake I save: e2m3 The crypt of decay (dopefish lives!)
+0 string 5\x0aUnderearth Quake I save: e2m7 Underearth (secret)
+0 string 5\x0athe_Ebon_Fortress Quake I save: e2m4 The ebon fortress
+0 string 5\x0athe_Wizard's_Manse Quake I save: e2m5 The wizard's manse
+0 string 5\x0athe_Dismal_Oubliette Quake I save: e2m6 The dismal oubliette
+0 string 5\x0aTermination_Central Quake I save: e3m1 Termination central
+0 string 5\x0aVaults_of_Zin Quake I save: e3m2 Vaults of Zin
+0 string 5\x0athe_Tomb_of_Terror Quake I save: e3m3 The tomb of terror
+0 string 5\x0aSatan's_Dark_Delight Quake I save: e3m4 Satan's dark delight
+0 string 5\x0athe_Haunted_Halls Quake I save: e3m7 The haunted halls (secret)
+0 string 5\x0aWind_Tunnels Quake I save: e3m5 Wind tunnels
+0 string 5\x0aChambers_of_Torment Quake I save: e3m6 Chambers of torment
+0 string 5\x0athe_Sewage_System Quake I save: e4m1 The sewage system
+0 string 5\x0aThe_Tower_of_Despair Quake I save: e4m2 The tower of despair
+0 string 5\x0aThe_Elder_God_Shrine Quake I save: e4m3 The elder god shrine
+0 string 5\x0athe_Palace_of_Hate Quake I save: e4m4 The palace of hate
+0 string 5\x0aHell's_Atrium Quake I save: e4m5 Hell's atrium
+0 string 5\x0athe_Nameless_City Quake I save: e4m8 The nameless city (secret)
+0 string 5\x0aThe_Pain_Maze Quake I save: e4m6 The pain maze
+0 string 5\x0aAzure_Agony Quake I save: e4m7 Azure agony
+0 string 5\x0aShub-Niggurath's_Pit Quake I save: end Shub-Niggurath's pit
+
+# Quake DeathMatch levels
+
+0 string 5\x0aPlace_of_Two_Deaths Quake I save: dm1 Place of two deaths
+0 string 5\x0aClaustrophobopolis Quake I save: dm2 Claustrophobopolis
+0 string 5\x0aThe_Abandoned_Base Quake I save: dm3 The abandoned base
+0 string 5\x0aThe_Bad_Place Quake I save: dm4 The bad place
+0 string 5\x0aThe_Cistern Quake I save: dm5 The cistern
+0 string 5\x0aThe_Dark_Zone Quake I save: dm6 The dark zone
+
+# Scourge of Armagon
+
+0 string 5\x0aCommand_HQ Quake I save: start Command HQ
+0 string 5\x0aThe_Pumping_Station Quake I save: hip1m1 The pumping station
+0 string 5\x0aStorage_Facility Quake I save: hip1m2 Storage facility
+0 string 5\x0aMilitary_Complex Quake I save: hip1m5 Military complex (secret)
+0 string 5\x0athe_Lost_Mine Quake I save: hip1m3 The lost mine
+0 string 5\x0aResearch_Facility Quake I save: hip1m4 Research facility
+0 string 5\x0aAncient_Realms Quake I save: hip2m1 Ancient realms
+0 string 5\x0aThe_Gremlin's_Domain Quake I save: hip2m6 The gremlin's domain (secret)
+0 string 5\x0aThe_Black_Cathedral Quake I save: hip2m2 The black cathedral
+0 string 5\x0aThe_Catacombs Quake I save: hip2m3 The catacombs
+0 string 5\x0athe_Crypt__ Quake I save: hip2m4 The crypt
+0 string 5\x0aMortum's_Keep Quake I save: hip2m5 Mortum's keep
+0 string 5\x0aTur_Torment Quake I save: hip3m1 Tur torment
+0 string 5\x0aPandemonium Quake I save: hip3m2 Pandemonium
+0 string 5\x0aLimbo Quake I save: hip3m3 Limbo
+0 string 5\x0athe_Edge_of_Oblivion Quake I save: hipdm1 The edge of oblivion (secret)
+0 string 5\x0aThe_Gauntlet Quake I save: hip3m4 The gauntlet
+0 string 5\x0aArmagon's_Lair Quake I save: hipend Armagon's lair
+
+# Malice
+
+0 string 5\x0aThe_Academy Quake I save: start The academy
+0 string 5\x0aThe_Lab Quake I save: d1 The lab
+0 string 5\x0aArea_33 Quake I save: d1b Area 33
+0 string 5\x0aSECRET_MISSIONS Quake I save: d3b Secret missions
+0 string 5\x0aThe_Hospital Quake I save: d10 The hospital (secret)
+0 string 5\x0aThe_Genetics_Lab Quake I save: d11 The genetics lab (secret)
+0 string 5\x0aBACK_2_MALICE Quake I save: d4b Back to Malice
+0 string 5\x0aArea44 Quake I save: d1c Area 44
+0 string 5\x0aTakahiro_Towers Quake I save: d2 Takahiro towers
+0 string 5\x0aA_Rat's_Life Quake I save: d3 A rat's life
+0 string 5\x0aInto_The_Flood Quake I save: d4 Into the flood
+0 string 5\x0aThe_Flood Quake I save: d5 The flood
+0 string 5\x0aNuclear_Plant Quake I save: d6 Nuclear plant
+0 string 5\x0aThe_Incinerator_Plant Quake I save: d7 The incinerator plant
+0 string 5\x0aThe_Foundry Quake I save: d7b The foundry
+0 string 5\x0aThe_Underwater_Base Quake I save: d8 The underwater base
+0 string 5\x0aTakahiro_Base Quake I save: d9 Takahiro base
+0 string 5\x0aTakahiro_Laboratories Quake I save: d12 Takahiro laboratories
+0 string 5\x0aStayin'_Alive Quake I save: d13 Stayin' alive
+0 string 5\x0aB.O.S.S._HQ Quake I save: d14 B.O.S.S. HQ
+0 string 5\x0aSHOWDOWN! Quake I save: d15 Showdown!
+
+# Malice DeathMatch levels
+
+0 string 5\x0aThe_Seventh_Precinct Quake I save: ddm1 The seventh precinct
+0 string 5\x0aSub_Station Quake I save: ddm2 Sub station
+0 string 5\x0aCrazy_Eights! Quake I save: ddm3 Crazy eights!
+0 string 5\x0aEast_Side_Invertationa Quake I save: ddm4 East side invertationa
+0 string 5\x0aSlaughterhouse Quake I save: ddm5 Slaughterhouse
+0 string 5\x0aDOMINO Quake I save: ddm6 Domino
+0 string 5\x0aSANDRA'S_LADDER Quake I save: ddm7 Sandra's ladder
+
+
+0 string MComprHD MAME CHD compressed hard disk image,
+>12 belong x version %u
+
+# MAME input recordings
+
+0 string MAMEINP\0 MAME input recording
+>8 leqdate x at %s,
+>16 leshort x format version %d.
+>18 leshort x \b%d,
+>20 string x %s driver,
+>32 string x %s
+
+# doom - submitted by Jon Dowland
+
+0 string =IWAD doom main IWAD data
+>4 lelong x containing %d lumps
+0 string =PWAD doom patch PWAD data
+>4 lelong x containing %d lumps
+
+# Build engine group files (Duke Nukem, Shadow Warrior, ...)
+# Extension: .grp
+# Created by: "Ganael Laplanche" <ganael.laplanche@martymac.org>
+0 string KenSilverman Build engine group file
+>12 lelong x containing %d files
+
+# Summary: Warcraft 3 save
+# Extension: .w3g
+# Created by: "Nelson A. de Oliveira" <naoliv@gmail.com>
+0 string Warcraft\ III\ recorded\ game %s
+
+
+# Summary: Warcraft 3 map
+# Extension: .w3m
+# Created by: "Nelson A. de Oliveira" <naoliv@gmail.com>
+0 string HM3W Warcraft III map file
+
+
+# Summary: SGF Smart Game Format
+# Extension: .sgf
+# Reference: https://www.red-bean.com/sgf/
+# Created by: Eduardo Sabbatella <eduardo_sabbatella@yahoo.com.ar>
+# Modified by (1): Abel Cheung (regex, more game format)
+# FIXME: Some games don't have GM (game type)
+0 regex \\(;.*GM\\[[0-9]{1,2}\\] Smart Game Format
+>2 search/0x200/b GM[
+>>&0 string 1] (Go)
+>>&0 string 2] (Othello)
+>>&0 string 3] (chess)
+>>&0 string 4] (Gomoku+Renju)
+>>&0 string 5] (Nine Men's Morris)
+>>&0 string 6] (Backgammon)
+>>&0 string 7] (Chinese chess)
+>>&0 string 8] (Shogi)
+>>&0 string 9] (Lines of Action)
+>>&0 string 10] (Ataxx)
+>>&0 string 11] (Hex)
+>>&0 string 12] (Jungle)
+>>&0 string 13] (Neutron)
+>>&0 string 14] (Philosopher's Football)
+>>&0 string 15] (Quadrature)
+>>&0 string 16] (Trax)
+>>&0 string 17] (Tantrix)
+>>&0 string 18] (Amazons)
+>>&0 string 19] (Octi)
+>>&0 string 20] (Gess)
+>>&0 string 21] (Twixt)
+>>&0 string 22] (Zertz)
+>>&0 string 23] (Plateau)
+>>&0 string 24] (Yinsh)
+>>&0 string 25] (Punct)
+>>&0 string 26] (Gobblet)
+>>&0 string 27] (hive)
+>>&0 string 28] (Exxit)
+>>&0 string 29] (Hnefatal)
+>>&0 string 30] (Kuba)
+>>&0 string 31] (Tripples)
+>>&0 string 32] (Chase)
+>>&0 string 33] (Tumbling Down)
+>>&0 string 34] (Sahara)
+>>&0 string 35] (Byte)
+>>&0 string 36] (Focus)
+>>&0 string 37] (Dvonn)
+>>&0 string 38] (Tamsk)
+>>&0 string 39] (Gipf)
+>>&0 string 40] (Kropki)
+
+##############################################
+# NetImmerse/Gamebryo game engine entries
+
+# Summary: Gamebryo game engine file
+# Extension: .nif, .kf
+# Created by: Abel Cheung <abelcheung@gmail.com>
+0 string Gamebryo\ File\ Format,\ Version\ Gamebryo game engine file
+>&0 regex [0-9a-z.]+ \b, version %s
+
+# Summary: Gamebryo game engine file
+# Extension: .kfm
+# Created by: Abel Cheung <abelcheung@gmail.com>
+0 string ;Gamebryo\ KFM\ File\ Version\ Gamebryo game engine animation File
+>&0 regex [0-9a-z.]+ \b, version %s
+
+# Summary: NetImmerse game engine file
+# Extension .nif
+# Created by: Abel Cheung <abelcheung@gmail.com>
+0 string NetImmerse\ File\ Format,\ Version
+>&0 string n\ NetImmerse game engine file
+>>&0 regex [0-9a-z.]+ \b, version %s
+
+# Type: SGF Smart Game Format
+# URL: https://www.red-bean.com/sgf/
+# From: Eduardo Sabbatella <eduardo_sabbatella@yahoo.com.ar>
+2 regex/c \\(;.*GM\\[[0-9]{1,2}\\] Smart Game Format
+>2 regex/c GM\\[1\\] - Go Game
+>2 regex/c GM\\[6\\] - BackGammon Game
+>2 regex/c GM\\[11\\] - Hex Game
+>2 regex/c GM\\[18\\] - Amazons Game
+>2 regex/c GM\\[19\\] - Octi Game
+>2 regex/c GM\\[20\\] - Gess Game
+>2 regex/c GM\\[21\\] - twix Game
+
+# Epic Games/Unreal Engine Package
+# URL: https://docs.unrealengine.com/udk/Three/ContentCooking.html
+# https://eliotvu.com/page/unreal-package-file-format
+# Little-endian version (such as x86 PC)
+0 lelong 0x9E2A83C1 Unreal Engine package (little-endian)
+!:ext xxx/tfc/upk/me1/u
+>4 uleshort !0 \b, version %u
+>>6 uleshort !0 \b/%03u
+>>0 use upk_header
+# Big-endian version (such as PS3)
+0 belong 0x9E2A83C1 Unreal Engine package (big-endian)
+!:ext xxx/tfc
+>6 ubeshort !0 \b, version %u
+>>4 ubeshort !0 \b/%03u
+>>0 use \^upk_header
+
+0 name upk_header
+# Identify game from version and licensee
+>4 ulelong 0x000002b2 (Alice Madness Returns)
+>4 ulelong 0x002f0313 (Aliens: Colonial Marines)
+>4 ulelong 0x005b021b (Alpha Protocol)
+>4 ulelong 0x0000032c (AntiChamber)
+>4 ulelong 0x00200223 (APB: All Points Bulletin)
+>4 ulelong 0x004b02d7 (Bioshock Infinite)
+>4 ulelong 0x00380340 (Borderlands 2)
+>4 ulelong 0x001d02e6 (Bulletstorm)
+>4 ulelong 0x00050240 (CrimeCraft)
+>4 ulelong 0x00000356 (Deadlight)
+>4 ulelong 0x001e0321 (Dishonored)
+>4 ulelong 0x000202a6 (Dungeon Defenders)
+>4 ulelong 0x000901ea (Gears of War)
+>4 ulelong 0x0000023f (Gears of War 2)
+>4 ulelong 0x0000033c (Gears of War 3)
+>4 ulelong 0x0000034e (Gears of War: Judgement)
+>4 ulelong 0x0004035c (Hawken)
+>4 ulelong 0x0001034a (Infinity Blade 2)
+>4 ulelong 0x00000350 (InMomentum)
+>4 ulelong 0x0015037D (Life Is Strange)
+>4 ulelong 0x000b01a5 (Medal of Honor: Airborne)
+>4 ulelong 0x002b0218 (Mirrors Edge)
+>4 ulelong 0x0000027e (Monday Night Combat)
+>4 ulelong 0x0000024b (MoonBase Alpha)
+>4 ulelong 0x002e01d8 (Mortal Kombat Komplete Edition 2605)
+>4 ulelong 0x0000035c (Painkiller HD)
+>4 ulelong 0x0000034d (Q.U.B.E)
+>4 ulelong 0x80660340 (Quantum Conundrum)
+>4 ulelong 0x0000035b (Ravaged)
+>4 ulelong 0x00150340 (Remember Me)
+>4 ulelong 0x00060171 (Roboblitz)
+>4 ulelong 0x00000325 (Rock of Ages)
+>4 ulelong 0x0000032a (Sanctum)
+>4 ulelong 0x00030248 (Saw)
+>4 ulelong 0x007e0248 (Singularity)
+>4 ulelong 0x00090388 (Soldier Front 2)
+>4 ulelong 0x000701e6 (Stargate Worlds)
+>4 ulelong 0x00000334 (Super Monday Night Combat)
+>4 ulelong 0x000002c2 (The Ball)
+>4 ulelong 0x000e0262 (The Exiled Realm of Arborea or TERA)
+>4 ulelong 0x0000035b (The Five Cores)
+>4 ulelong 0x00000349 (The Haunted: Hells Reach)
+>4 ulelong 0x00000354 (Unmechanical)
+>4 ulelong 0x035c0298 (Unreal Development Kit)
+>4 ulelong 0x00000200 (Unreal Tournament 3)
+>4 ulelong 0x0000032d (Waves)
+>4 ulelong 0x003b034d (XCOM: Enemy Unknown)
+# Newer versions insert more headers
+>4 ulelong&0xFFFF <249
+>>12 lelong !0 \b, names: %d
+>>28 lelong !0 \b, imports: %d
+>>20 lelong !0 \b, exports: %d
+>4 ulelong&0xFFFF >248
+>>12 belong&0xFF !0
+>>>12 string x \b, folder "%s"
+>>>>&5 lelong !0 \b, names: %d
+>>>>&21 lelong !0 \b, imports: %d
+>>>>&13 lelong !0 \b, exports: %d
+>>12 belong&0xFF 0
+>>>16 belong&0xFF !0
+>>>>16 string x \b, folder "%s"
+>>>>>&5 lelong !0 \b, names: %d
+>>>>>&21 lelong !0 \b, imports: %d
+>>>>>&13 lelong !0 \b, exports: %d
+>>>16 belong&0xFF 0
+>>>>20 string x \b, folder "%s"
+>>>>>&5 lelong !0 \b, names: %d
+>>>>>&21 lelong !0 \b, imports: %d
+>>>>>&13 lelong !0 \b, exports: %d
+
+0 string ESVG
+>4 lelong 0x00160000
+>10 string TOC\020 Empire Deluxe for DOS saved game
+
+# Sid Meier's Civilization V/VI
+# From: Benjamin Lowry <ben@ben.gmbh>
+0 string CIV5
+>4 byte 0x08 Sid Meier's Civilization V saved game,
+>>12 regex [0-9a-z.]+ saved by game version %s
+>4 byte 0x01 Sid Meier's Civilization V replay data,
+>>12 regex [0-9a-z.]+ saved by game version %s
+
+0 string CIV6 Sid Meier's Civilization VI saved game
+
+# https://syzygy-tables.info/
+# From Michel Van den Bergh
+0 string \327f\f\245 Syzygy DTZ tablebase
+!:mime application/syzygy
+0 string q\350#] Syzygy WDL tablebase
+!:mime application/syzygy
+
+##############################################################################
+# Grand Theft Auto (GTA) file formats.
+#
+# Summary:
+# Includes GTA-specific formats used in all games from 1997 to present. Games
+# and formats were created by Rockstar North, formerly DMA Design. Magic tests
+# were written based on a combination of official and community documentation.
+#
+# Created by: Oliver Galvin <odg@riseup.net>
+#
+# References:
+# * Classic GTA documentation and research:
+# <https://gitlab.com/classic-gta/gta-data>
+# * Official RenderWare documentation available from EA:
+# <https://github.com/electronicarts/RenderWare3Docs>
+# * Lots of community research in the GTAMods wiki:
+# <https://gtamods.com/wiki>
+
+# GTA 2D-Era data - 'Classic' top down games (1/L/2)
+
+## GTA text
+
+0 string \xbf\xf8\xbd\x49\x62\xbe GTA1 in-game text (FXT),
+0 string GBL GTA2 in-game text (GXT),
+>3 string E English,
+>>4 uleshort x version %d
+>3 string F French,
+>>4 uleshort x version %d
+>3 string G German,
+>>4 uleshort x version %d
+>3 string I Italian,
+>>4 uleshort x version %d
+>3 string S Spanish,
+>>4 uleshort x version %d
+>3 string J Japanese,
+>>4 uleshort x version %d
+
+## GTA maps
+
+0 ulelong 331 GTA1 map layout (CMP),
+>4 byte 1 Level 1
+>4 byte 2 Level 2
+>4 byte 3 Level 3
+0 string GBMP GTA2/GBH map layout (GMP),
+>4 uleshort x version %d
+0 string/t [MapFiles] GTA2 multiplayer map metadata (MMP)
+0 string/t MainOrBonus\ =\ MAIN GTA2 single player map listing (test1.seq)
+
+## GTA 2D sprites and textures
+
+0 ulelong 290 GTA1 style data (GRX), 8 bit editor graphics
+0 ulelong 325 GTA1 style data (GRY), 8 bit in-game graphics
+0 ulelong 336 GTA1 style data (G24), 24 bit in-game graphics
+0 string GBST GTA2/GBH style data (STY), in-game graphics,
+>4 uleshort x version %d
+
+## GTA audio index
+
+0 ulelong 0
+>4 ulelong <0x40000
+>>8 ulelong >4500
+>>>8 ulelong <45000 GTA audio index data (SDT)
+
+## GTA scripts
+
+0 ulelong 0x00080000
+>4 uleshort 0x0024 GTA2 binary main script (SCR)
+
+0 uleshort 0x063c GTA2 binary mission script (SCR), Residential area (ste)
+0 uleshort 0x055b GTA2 binary mission script (SCR), Downtown area (wil)
+0 uleshort 0x0469 GTA2 binary mission script (SCR), Industrial area (bil)
+
+0 string v9.6\0\0 GTA2 replay file (REP),
+>8 regex/30c [a-z0-9:\ ]+\0\0 created on %s
+
+# GTA 3D-Era (III/VC/SA/LCS/VCS) - used by the RenderWare engine by Criterion Games
+
+## GTA 3D models and textures - RenderWare binary streams
+
+8 ulelong 0x00000310 RenderWare data, v3.1.0.0, used in GTA III on PS2,
+>0 ulelong 0x00000016 texture archive (TXD)
+>0 ulelong 0x00000010 3D models (DFF)
+8 ulelong 0x0401ffff RenderWare data, v3.1.0.1, used in GTA III on PC/PS2,
+>0 ulelong 0x00000016 texture archive (TXD)
+>0 ulelong 0x00000010 3D models (DFF)
+8 ulelong 0x0800ffff RenderWare data, v3.2.0.0, used in GTA III on PC,
+>0 ulelong 0x00000016 texture archive (TXD)
+>0 ulelong 0x00000010 3D models (DFF)
+8 ulelong 0x0c00ffff RenderWare data, v3.3.0.0,
+>0 ulelong 0x00000016 texture archive (TXD)
+>0 ulelong 0x00000010 3D models (DFF)
+8 ulelong 0x0c02ffff RenderWare data, v3.3.0.2, used in GTA III PC and GTA VC PS2,
+>0 ulelong 0x00000016 texture archive (TXD)
+>0 ulelong 0x00000010 3D models (DFF)
+8 ulelong 0x1000ffff RenderWare data, v3.4.0.0,
+>0 ulelong 0x00000016 texture archive (TXD)
+>0 ulelong 0x00000010 3D models (DFF)
+8 ulelong 0x1003ffff RenderWare data, v3.4.0.3, used in GTA VC PC,
+>0 ulelong 0x00000016 texture archive (TXD)
+>0 ulelong 0x00000010 3D models (DFF)
+8 ulelong 0x1005ffff RenderWare data, v3.4.0.5, used in GTA III/VC on Android,
+>0 ulelong 0x00000016 texture archive (TXD)
+>0 ulelong 0x00000010 3D models (DFF)
+8 ulelong 0x1400ffff RenderWare data, v3.5.0.0, used in GTA III/VC on Xbox,
+>0 ulelong 0x00000016 texture archive (TXD)
+>0 ulelong 0x00000010 3D models (DFF)
+8 ulelong 0x1803ffff RenderWare data, v3.6.0.3, used in GTA SA,
+>0 ulelong 0x00000016 texture archive (TXD)
+>0 ulelong 0x00000010 3D models (DFF)
+
+0 string COL RenderWare collision data (COL),
+>3 string L version 1, used in GTA III/VC/SA
+>3 string 2 version 2, used in GTA SA
+>3 string 3 version 3, used in GTA SA
+>3 string 4 version 4, used in GTA SA
+
+## GTA items and animations
+
+0 string/c #\ ipl\ generated\ from\ max\ file GTA Item Placement data (IPL), used in GTA III/VC
+0 string/b bnry GTA Item Placement data (IPL), used in GTA SA/IV,
+>4 ulelong x %d items
+
+0 string ANP GTA animation data (IFP),
+>3 string K version 1, used in GTA III/VC
+>3 string 3 version 2, used in GTA SA
+
+0 string GtaSA29 GTA Replay data (REP), used in GTA SA
+
+## GTA text
+
+0 string TKEY GTA in-game text (GXT), version 2, used in GTA III
+0 string TABL GTA in-game text (GXT), version 3, used in GTA VC/LS/VCS
+
+## GTA scripts
+
+0 string \x02\x00\x01 GTA script (SCM), used in GTA III/VC/SA
+
+## GTA archives
+
+0 string VER2 GTA archive (IMG), version 2, used in GTA SA,
+>4 ulelong x %d items
+
+# GTA HD-Era (IV/V) - used by the Rockstar Advanced Game Engine (RAGE)
+
+## GTA models and textures - RAGE resources
+# Note: GTA IV formats not yet documented - WAD, WBD, WBN, WHM, WPL
+
+0 ulelong 0x00695254 GTA Drawable data (WDR), model and weapon data, used in GTA IV
+0 ulelong 0x00695238 GTA Windows Frag Type (WFT), vehicle models, used in GTA IV
+0 ulelong 0x006953A4 GTA Ped and LOD models (WDD), used in GTA IV
+0 ulelong 0x00695384 GTA Windows Texture Dictionary (WTD), used in GTA IV
+
+## GTA text
+
+4 string TABL GTA in-game text (GXT),
+>0 uleshort x version %d, used in GTA SA/IV
+0 string 2GXT GTA in-game text (GXT2), used in GTA V
+
+## GTA scripts
+
+0 ulelong 0x0d524353 GTA script (SCO), unencrypted, used in GTA IV,
+>4 ulelong x %d code bytes,
+>>8 ulelong x %d static variables,
+>>>12 ulelong x %d global variables
+0 ulelong 0x0e726373 GTA script (SCO), encrypted, used in GTA IV
+>4 ulelong x %d code bytes,
+>>8 ulelong x %d static variables,
+>>>12 ulelong x %d global variables
+
+## GTA archives
+
+0 ulelong 0xa94e2a52 GTA archive (IMG),
+>4 ulelong x version %d, used in GTA IV,
+>>8 ulelong x %d items
+
+# RPF[0-8]
+0 ulelong&0xfffffff0 =0x52504630
+>0 ulelong&0xf <9 RAGE Package Format (RPF), version %d, used in
+>>0 ulelong&0xf =0 Rockstar Table Tennis,
+>>0 ulelong&0xf =1 *unknown*
+>>0 ulelong&0xf =2 GTA IV,
+>>0 ulelong&0xf =3 GTA IV Audio & Midnight Club: LA,
+>>0 ulelong&0xf =4 Max Payne 3,
+>>0 ulelong&0xf =5 *unknown*
+>>0 ulelong&0xf =6 RDR,
+>>0 ulelong&0xf =7 GTA V,
+>>0 ulelong&0xf =8 RDR 2,
+>>4 ulelong x %d bytes,
+>>>8 ulelong x %d entries
+
+# Blitz3D Model File Format
+# From: Alexandre Iooss <erdnaxe@crans.org>
+# URL: https://github.com/minetest/B3DExport/blob/master/B3DExport.py
+0 string BB3D
+>4 lelong >0
+>>8 lelong >0 Blitz3D Model
+!:ext b3d
+>>>8 lelong x \b, version %d
+
+# Minetest Schematic File Format
+# From: Alexandre Iooss <erdnaxe@crans.org>
+# URL: https://github.com/minetest/minetest/blob/5.6.1/src/mapgen/mg_schematic.h
+0 string MTSM Minetest Schematic
+!:ext mts
+>4 ubeshort x \b, version %d
+>6 ubeshort x \b, size [%d
+>8 ubeshort x \b, %d
+>10 ubeshort x \b, %d]
+
+# MagicaVoxel File Format
+# From: Alexandre Iooss <erdnaxe@crans.org>
+# URL: https://github.com/ephtracy/voxel-model/blob/ee2216c28a78ebb68691dc6cfa9c4ba429117ea2/MagicaVoxel-file-format-vox.txt
+# Note: This format is used in Veloren voxel RPG.
+0 string VOX\x20
+>4 lelong >0 MagicaVoxel model
+!:ext vox
+>>4 lelong x \b, version %d
+
+# Wwise SoundBank
+# From: Alexandre Iooss <erdnaxe@crans.org>
+# URL: https://wiki.xentax.com/index.php/Wwise_SoundBank_(*.bnk)
+0 string BKHD
+# Little-endian version (such as x86 PC)
+>4 ulelong <0x100 Wwise SoundBank (little-endian)
+!:ext bnk
+>>0 use wwise_bkhd
+# Big-endian version (such as PS3)
+>4 ubelong <0x100 Wwise SoundBank (big-endian)
+!:ext bnk
+>>0 use \^wwise_bkhd
+
+0 name wwise_bkhd
+>8 ulelong x \b, version %d
+>12 ulelong x \b, id %08X
+>16 ulelong =0x00 \b, SFX
+>16 ulelong =0x01 \b, arabic
+>16 ulelong =0x02 \b, bulgarian
+>16 ulelong =0x03 \b, chinese (HK)
+>16 ulelong =0x04 \b, chinese (PRC)
+>16 ulelong =0x05 \b, chinese (Taiwan)
+>16 ulelong =0x06 \b, czech
+>16 ulelong =0x07 \b, danish
+>16 ulelong =0x08 \b, dutch
+>16 ulelong =0x09 \b, english (Australia)
+>16 ulelong =0x0A \b, english (India)
+>16 ulelong =0x0B \b, english (UK)
+>16 ulelong =0x0C \b, english (US)
+>16 ulelong =0x0D \b, finnish
+>16 ulelong =0x0E \b, french (Canada)
+>16 ulelong =0x0F \b, french (France)
+>16 ulelong =0x10 \b, german
+>16 ulelong =0x11 \b, greek
+>16 ulelong =0x12 \b, hebrew
+>16 ulelong =0x13 \b, hungarian
+>16 ulelong =0x14 \b, indonesian
+>16 ulelong =0x15 \b, italian
+>16 ulelong =0x16 \b, japanese
+>16 ulelong =0x17 \b, korean
+>16 ulelong =0x18 \b, latin
+>16 ulelong =0x19 \b, norwegian
+>16 ulelong =0x1A \b, polish
+>16 ulelong =0x1B \b, portuguese (Brazil)
+>16 ulelong =0x1C \b, portuguese (Portugal)
+>16 ulelong =0x1D \b, romanian
+>16 ulelong =0x1E \b, russian
+>16 ulelong =0x1F \b, slovenian
+>16 ulelong =0x20 \b, spanish (Mexico)
+>16 ulelong =0x21 \b, spanish (Spain)
+>16 ulelong =0x22 \b, spanish (US)
+>16 ulelong =0x23 \b, swedish
+>16 ulelong =0x24 \b, turkish
+>16 ulelong =0x25 \b, ukrainian
+>16 ulelong =0x26 \b, vietnamese
+
+# Wwise Audio Package
+# From: Alexandre Iooss <erdnaxe@crans.org>
+# URL: https://wiki.xentax.com/index.php/Wwise_Audio_PCK
+0 string AKPK
+# Little-endian version (such as x86 PC)
+>8 ulelong <0x100 Wwise Audio Package (little-endian)
+!:ext pck
+# Big-endian version (such as PS3)
+>8 ubelong <0x100 Wwise Audio Package (big-endian)
+!:ext pck
diff --git a/magic/Magdir/gcc b/magic/Magdir/gcc
new file mode 100644
index 0000000..ae98dc7
--- /dev/null
+++ b/magic/Magdir/gcc
@@ -0,0 +1,17 @@
+
+#------------------------------------------------------------------------------
+# $File: gcc,v 1.5 2016/07/01 23:31:13 christos Exp $
+# gcc: file(1) magic for GCC special files
+#
+0 string gpch GCC precompiled header
+
+# The version field is annoying. It's 3 characters, not zero-terminated.
+>5 byte x (version %c
+>6 byte x \b%c
+>7 byte x \b%c)
+
+# 67 = 'C', 111 = 'o', 43 = '+', 79 = 'O'
+>4 byte 67 for C
+>4 byte 111 for Objective-C
+>4 byte 43 for C++
+>4 byte 79 for Objective-C++
diff --git a/magic/Magdir/gconv b/magic/Magdir/gconv
new file mode 100644
index 0000000..eec5ddc
--- /dev/null
+++ b/magic/Magdir/gconv
@@ -0,0 +1,10 @@
+
+#------------------------------------------------------------------------------
+# $File: gconv
+# gconv: file(1) magic for iconv/gconv module configuration cache
+#
+# Magic number defined in glibc/iconv/iconvconfig.h as GCONVCACHE_MAGIC
+#
+# From: Marek Cermak <macermak@redhat.com>
+#
+0 lelong 0x20010324 gconv module configuration cache data
diff --git a/magic/Magdir/gentoo b/magic/Magdir/gentoo
new file mode 100644
index 0000000..f988047
--- /dev/null
+++ b/magic/Magdir/gentoo
@@ -0,0 +1,85 @@
+#------------------------------------------------------------------------------
+# $File: gentoo,v 1.5 2022/12/26 17:16:55 christos Exp $
+# gentoo: file(1) magic for gentoo specific formats
+#
+# Summary: Gentoo ebuild Manifest files (GLEP 74)
+# Reference: https://www.gentoo.org/glep/glep-0074.html
+# Submitted by: Michal Gorny <mgorny@gentoo.org>
+# Start by doing a fast check for the most common tags.
+0 string AUX
+>0 use gentoo-manifest
+0 string DATA
+>0 use gentoo-manifest
+0 string DIST
+>0 use gentoo-manifest
+0 string EBUILD
+>0 use gentoo-manifest
+0 string MANIFEST
+>0 use gentoo-manifest
+
+# Manifest can be PGP-signed.
+0 string -----BEGIN\040PGP\040SIGNED\040MESSAGE-----
+>34 search/32 \n\n
+>>&0 string AUX
+>>>&0 use gentoo-manifest
+>>&0 string DATA
+>>>&0 use gentoo-manifest
+>>&0 string DIST
+>>>&0 use gentoo-manifest
+>>&0 string EBUILD
+>>>&0 use gentoo-manifest
+>>&0 string MANIFEST
+>>>&0 use gentoo-manifest
+
+# Use a more detailed regex to verify that we were correct.
+# <tag> <filename> <size> <hash-name> <hash-value>...
+# (<tag>'s already been matched prior to calling)
+0 name gentoo-manifest
+>&0 regex [[:space:]]+[[:print:]]+[[:space:]]+[[:digit:]]+[[:space:]]+[[:alnum:]]+[[:space:]]+[[:xdigit:]]{32} Gentoo Manifest (GLEP 74)
+!:mime application/vnd.gentoo.manifest
+
+# Summary: Gentoo ebuild and eclass files
+# Reference: https://projects.gentoo.org/pms/8/pms.html
+# Submitted by: Michal Gorny <mgorny@gentoo.org>
+0 search/512 EAPI=
+>0 regex .*\n[\040\t]*EAPI=["']? Gentoo ebuild
+>>&0 regex [[:alnum:]+_.-]+ \b, EAPI %s
+!:mime application/vnd.gentoo.ebuild
+
+0 search/512 @ECLASS:\040 Gentoo eclass
+>&0 string x %s
+!:mime application/vnd.gentoo.eclass
+
+# Summary: Gentoo supplementary package and category metadata files
+# Reference: https://www.gentoo.org/glep/glep-0068.html
+# Submitted by: Michal Gorny <mgorny@gentoo.org>
+0 string \<?xml
+>0 search/512 \<catmetadata Gentoo category metadata file
+!:mime application/vnd.gentoo.catmetadata+xml
+>0 search/512 \<pkgmetadata Gentoo package metadata file
+!:mime application/vnd.gentoo.pkgmetadata+xml
+
+# Summary: Gentoo GLEP 78 binary package
+# Reference: https://www.gentoo.org/glep/glep-0078.html
+# Note: assumes the strict format
+# Submitted by: Michal Gorny <mgorny@gentoo.org>
+
+# GPKG uses ustar (or ustar-compatible GNU format) that starts with
+# a <directory>/gpkg-1 file
+257 string ustar
+>0 search/100 /gpkg-1\0
+>>0 regex [^/]+ Gentoo GLEP 78 (GPKG) binary package for "%s"
+!:mime application/vnd.gentoo.gpkg
+!:ext tar
+# the logic below requires the gpkg-1 file to be empty
+>>>124 string 00000000000\0
+# determine the compression used by looking at the second member name
+>>>>512 search/100 .tar.
+>>>>>&0 string gz\0 using gzip compression
+>>>>>&0 string bz2\0 using bzip2 compression
+>>>>>&0 string lz\0 using lzip compression
+>>>>>&0 string lz4\0 using lz4 compression
+>>>>>&0 string lzo\0 using lzo compression
+>>>>>&0 string xz\0 using xz compression
+>>>>>&0 string zst\0 using zstd compression
+>>>>(636.o+1024) search/611 .sig\0 \b, signed
diff --git a/magic/Magdir/geo b/magic/Magdir/geo
new file mode 100644
index 0000000..1fde25e
--- /dev/null
+++ b/magic/Magdir/geo
@@ -0,0 +1,166 @@
+
+#------------------------------------------------------------------------------
+# $File: geo,v 1.10 2022/10/31 13:22:26 christos Exp $
+# Geo- files from Kurt Schwehr <schwehr@ccom.unh.edu>
+
+######################################################################
+#
+# Acoustic Doppler Current Profilers (ADCP)
+#
+######################################################################
+
+0 beshort 0x7f7f RDI Acoustic Doppler Current Profiler (ADCP)
+
+######################################################################
+#
+# Metadata
+#
+######################################################################
+
+0 string Identification_Information FGDC ASCII metadata
+
+######################################################################
+#
+# Seimsic / Subbottom
+#
+######################################################################
+
+# Knudsen subbottom chirp profiler - Binary File Format: B9
+# KEB D409-03167 V1.75 Huffman
+0 string KEB\ Knudsen seismic KEL binary (KEB) -
+>4 regex [-A-Z0-9]+ Software: %s
+>>&1 regex V[0-9]+\\.[0-9]+ version %s
+
+######################################################################
+#
+# LIDAR - Laser altimetry or bathy
+#
+######################################################################
+
+
+# Caris LIDAR format for LADS comes as two parts... ascii location file and binary waveform data
+0 string HCA LADS Caris Ascii Format (CAF) bathymetric lidar
+>4 regex [0-9]+\\.[0-9]+ version %s
+
+0 string HCB LADS Caris Binary Format (CBF) bathymetric lidar waveform data
+>3 byte x version %d .
+>4 byte x %d
+
+
+######################################################################
+#
+# MULTIBEAM SONARS https://www.ldeo.columbia.edu/res/pi/MB-System/formatdoc/
+#
+######################################################################
+
+# GeoAcoustics - GeoSwath Plus
+# Update: Joerg Jenderek
+# URL: https://www.mbari.org/products/research-software/mb-system/
+# Reference: http://ccom.unh.edu/sites/default/files/news-and-events/conferences/auv-bootcamp/
+# GS%2B-6063-BB-GS%2B-Broadcast-Raw-Data-File-Format-Command-Specification.pdf
+# Note: All data is written using Intel 80x86 byte ordering (LSB to MSB)
+# raw_header_siz; file header size is 544 bytes
+4 beshort 0x2002
+# GRR: line above is too general as it matches also some Microsoft Event Trace Logs *.ETL
+# skip many (63/753) Microsoft Event Trace Logs (AMSITrace.etl lxcore_kernel.etl NotificationUxBroker.052.etl WindowsBackup.4.etl) with invalid "low" ping header size 0
+>6 leshort >0 GeoSwath RDF
+# skip foo samples with invalid "high" spare bytes
+#>>536 ulequad =0 OK_THIS_IS_GeoSwath_RDF
+#!:mime application/octet-stream
+!:mime application/x-geoswath-rdf
+# http://ccom.unh.edu/sites/default/files/news-and-events/conferences/auv-bootcamp/060116342.rdf
+!:ext rdf
+# filename; original file name like: "C:\GS+\Projects\Default\Raw Data Files\060116342.rdf"
+>>8 string x "%-.512s"
+# version[8]; recording software version number like: 3.16c
+>>527 string x \b, version %-.8s
+# creation; unsigned int file creation time; WHAT time format is this?
+>>0 ulelong x \b, creation time %#8.8x
+# raw_ping_header_size; size of ping header in bytes like: 64
+>>6 leshort !64 \b, ping header size %d
+# frequency; system frequency in hertz like: 500000
+>>520 lelong x \b, frequency %d
+# echo_type; Echosounder type index like: 1
+>>524 leshort x \b, echo type %#x
+# file_mode; file mode mask (0x00 bathy & sidescan, 0x80 bathy, 0x40 sidescan, 0x20 seismic)
+>>526 ubyte !0 \b, file mode %#2.2x
+# pps_mode; PPS synch mode like: 2
+>>535 byte x \b, pps mode %#x
+# char spare[8]; apparently zeroed
+>>536 ubequad !0 \b, spare %#16.16llx
+# Ping_number; 1st ping number like: 4944
+>>544 lelong x \b, 1st ping number %d
+
+0 string Start:- GeoSwatch auf text file
+
+# Seabeam 2100
+# mbsystem code mb41
+0 string SB2100 SeaBeam 2100 multibeam sonar
+0 string SB2100DR SeaBeam 2100 DR multibeam sonar
+0 string SB2100PR SeaBeam 2100 PR multibeam sonar
+
+# This corresponds to MB-System format 94, L-3/ELAC/SeaBeam XSE vendor
+# format. It is the format of our upgraded SeaBeam 2112 on R/V KNORR.
+0 string $HSF XSE multibeam
+
+# mb121 https://www.saic.com/maritime/gsf/
+8 string GSF-v SAIC generic sensor format (GSF) sonar data,
+>&0 regex [0-9]+\\.[0-9]+ version %s
+
+# MGD77 - https://www.ngdc.noaa.gov/mgg/dat/geodas/docs/mgd77.htm
+# mb161
+9 string MGD77 MGD77 Header, Marine Geophysical Data Exchange Format
+
+# MBSystem processing caches the mbinfo output
+1 string Swath\ Data\ File: mbsystem info cache
+
+# Caris John Hughes Clark format
+0 string HDCS Caris multibeam sonar related data
+1 string Start/Stop\ parameter\ header: Caris ASCII project summary
+
+######################################################################
+#
+# Visualization and 3D modeling
+#
+######################################################################
+
+# IVS - IVS3d.com Tagged Data Representation
+0 string %%\ TDR\ 2.0 IVS Fledermaus TDR file
+
+# http://www.ecma-international.org/publications/standards/Ecma-363.htm
+# 3D in PDFs
+0 string U3D ECMA-363, Universal 3D
+
+######################################################################
+#
+# Support files
+#
+######################################################################
+
+# https://midas.psi.ch/elog/
+0 string $@MID@$ elog journal entry
+
+# Geospatial Designs https://www.geospatialdesigns.com/surfer6_format.htm
+0 string DSBB Surfer 6 binary grid file
+>4 leshort x \b, %d
+>6 leshort x \bx%d
+>8 ledouble x \b, minx=%g
+>16 ledouble x \b, maxx=%g
+>24 ledouble x \b, miny=%g
+>32 ledouble x \b, maxy=%g
+>40 ledouble x \b, minz=%g
+>48 ledouble x \b, maxz=%g
+
+# magic for LAS format files
+# alex myczko <alex@aiei.ch>
+# https://www.asprs.org/wp-content/uploads/2010/12/LAS_1_3_r11.pdf
+0 string LASF LIDAR point data records
+>24 byte >0 \b, version %u
+>25 byte >0 \b.%u
+>26 string >\0 \b, SYSID %s
+>58 string >\0 \b, Generating Software %s
+
+# magic for PCD format files
+# alex myczko <alex@aiei.ch>
+# http://pointclouds.org/documentation/tutorials/pcd_file_format.php
+0 string #\ .PCD Point Cloud Data
diff --git a/magic/Magdir/geos b/magic/Magdir/geos
new file mode 100644
index 0000000..66c2bd1
--- /dev/null
+++ b/magic/Magdir/geos
@@ -0,0 +1,20 @@
+
+#------------------------------------------------------------------------------
+# $File: geos,v 1.4 2009/09/19 16:28:09 christos Exp $
+# GEOS files (Vidar Madsen, vidar@gimp.org)
+# semi-commonly used in embedded and handheld systems.
+0 belong 0xc745c153 GEOS
+>40 byte 1 executable
+>40 byte 2 VMFile
+>40 byte 3 binary
+>40 byte 4 directory label
+>40 byte <1 unknown
+>40 byte >4 unknown
+>4 string >\0 \b, name "%s"
+#>44 short x \b, version %d
+#>46 short x \b.%d
+#>48 short x \b, rev %d
+#>50 short x \b.%d
+#>52 short x \b, proto %d
+#>54 short x \br%d
+#>168 string >\0 \b, copyright "%s"
diff --git a/magic/Magdir/gimp b/magic/Magdir/gimp
new file mode 100644
index 0000000..e763cbe
--- /dev/null
+++ b/magic/Magdir/gimp
@@ -0,0 +1,77 @@
+
+#------------------------------------------------------------------------------
+# $File: gimp,v 1.10 2019/10/15 18:19:40 christos Exp $
+# GIMP Gradient: file(1) magic for the GIMP's gradient data files (.ggr)
+# by Federico Mena <federico@nuclecu.unam.mx>
+
+0 string/t GIMP\ Gradient GIMP gradient data
+#!:mime text/plain
+!:mime text/x-gimp-ggr
+!:ext ggr
+
+# GIMP palette (.gpl)
+# From: Markus Heidelberg <markus.heidelberg@web.de>
+0 string/t GIMP\ Palette GIMP palette data
+# URL: https://docs.gimp.org/en/gimp-concepts-palettes.html
+# Reference: http://fileformats.archiveteam.org/wiki/GIMP_Palette
+#!:mime text/plain
+!:mime text/x-gimp-gpl
+!:ext gpl
+
+#------------------------------------------------------------------------------
+# XCF: file(1) magic for the XCF image format used in the GIMP (.xcf) developed
+# by Spencer Kimball and Peter Mattis
+# ('Bucky' LaDieu, nega@vt.edu)
+
+# URL: https://en.wikipedia.org/wiki/XCF_(file_format)
+# Reference: https://gitlab.gnome.org/GNOME/gimp/blob/master/devel-docs/xcf.txt
+0 string gimp\ xcf GIMP XCF image data,
+!:mime image/x-xcf
+!:ext xcf
+>9 string file version 0,
+>9 string v version
+>>10 string >\0 %s,
+>14 belong x %u x
+>18 belong x %u,
+>22 belong 0 RGB Color
+>22 belong 1 Greyscale
+>22 belong 2 Indexed Color
+>22 belong >2 Unknown Image Type.
+
+#------------------------------------------------------------------------------
+# XCF: file(1) magic for the patterns used in the GIMP (.pat), developed
+# by Spencer Kimball and Peter Mattis
+# ('Bucky' LaDieu, nega@vt.edu)
+
+# Reference: http://fileformats.archiveteam.org/wiki/GIMP_Pattern
+20 string GPAT GIMP pattern data,
+>24 string x %s
+!:mime image/x-gimp-pat
+!:ext pat
+
+#------------------------------------------------------------------------------
+# XCF: file(1) magic for the brushes used in the GIMP (.gbr), developed
+# by Spencer Kimball and Peter Mattis
+# ('Bucky' LaDieu, nega@vt.edu)
+
+20 string GIMP GIMP brush data
+# Reference: http://fileformats.archiveteam.org/wiki/GIMP_Brush
+!:mime image/x-gimp-gbr
+# some sources also list gpb
+!:ext gbr
+
+# From: Joerg Jenderek
+# URL: https://docs.gimp.org/en/gimp-using-animated-brushes.html
+# Reference: http://fileformats.archiveteam.org/wiki/GIMP_Animated_Brush
+# share\gimp\2.0\brushes\Legacy\confetti.gih
+0 search/21/b \040ncells: GIMP animated brush data
+!:mime image/x-gimp-gih
+!:ext gih
+
+# GIMP Curves File
+# From: "Nelson A. de Oliveira" <naoliv@gmail.com>
+0 string #\040GIMP\040Curves\040File GIMP curve file
+#!:mime text/plain
+!:mime text/x-gimp-curve
+!:ext /txt
+
diff --git a/magic/Magdir/git b/magic/Magdir/git
new file mode 100644
index 0000000..67eab32
--- /dev/null
+++ b/magic/Magdir/git
@@ -0,0 +1,13 @@
+
+#------------------------------------------------------------------------------
+# $File: git,v 1.2 2020/08/09 16:57:15 christos Exp $
+# git: file(1) magic for Git objects
+
+0 string blob\040
+>5 regex [0-9a-f]+ Git blob %s
+
+0 string tree\040
+>5 regex [0-9a-f]+ Git tree %s
+
+0 string commit\040
+>7 regex [0-9a-f]+ Git commit %s
diff --git a/magic/Magdir/glibc b/magic/Magdir/glibc
new file mode 100644
index 0000000..3b856f3
--- /dev/null
+++ b/magic/Magdir/glibc
@@ -0,0 +1,21 @@
+
+#------------------------------------------------------------------------------
+# $File: glibc,v 1.1 2018/10/11 15:35:43 christos Exp $
+# glibc locale files
+#
+# https://sourceware.org/git/?p=glibc.git;f=locale/localeinfo.h;h=68822a63#l32
+
+0 belong 0x20070920 glibc locale file LC_CTYPE
+0 belong 0x14110320 glibc locale file LC_NUMERIC
+0 belong 0x17110320 glibc locale file LC_TIME
+0 belong 0x17100520 glibc locale file LC_COLLATE
+0 belong 0x11110320 glibc locale file LC_MONETARY
+0 belong 0x10110320 glibc locale file LC_MESSAGES
+0 belong 0x13110320 glibc locale file LC_ALL
+0 belong 0x12110320 glibc locale file LC_PAPER
+0 belong 0x1d110320 glibc locale file LC_NAME
+0 belong 0x1c110320 glibc locale file LC_ADDRESS
+0 belong 0x1f110320 glibc locale file LC_TELEPHONE
+0 belong 0x1e110320 glibc locale file LC_MEASUREMENT
+0 belong 0x19110320 glibc locale file LC_IDENTIFICATION
+
diff --git a/magic/Magdir/gnome b/magic/Magdir/gnome
new file mode 100644
index 0000000..7a45d1d
--- /dev/null
+++ b/magic/Magdir/gnome
@@ -0,0 +1,59 @@
+
+#------------------------------------------------------------------------------
+# $File: gnome,v 1.7 2020/06/23 16:17:08 christos Exp $
+# GNOME related files
+
+# Contributed by Josh Triplett
+# FIXME: Could be simplified if pstring supported two-byte counts
+0 string GnomeKeyring\n\r\0\n GNOME keyring
+>&0 ubyte 0 \b, major version 0
+>>&0 ubyte 0 \b, minor version 0
+>>>&0 ubyte 0 \b, crypto type 0 (AES)
+>>>&0 ubyte >0 \b, crypto type %u (unknown)
+>>>&1 ubyte 0 \b, hash type 0 (MD5)
+>>>&1 ubyte >0 \b, hash type %u (unknown)
+>>>&2 ubelong 0xFFFFFFFF \b, name NULL
+>>>&2 ubelong !0xFFFFFFFF
+>>>>&-4 ubelong >255 \b, name too long for file's pstring type
+>>>>&-4 ubelong <256
+>>>>>&-1 pstring x \b, name "%s"
+>>>>>>&0 ubeqdate x \b, last modified %s
+>>>>>>&8 ubeqdate x \b, created %s
+>>>>>>&16 ubelong &1
+>>>>>>>&0 ubelong x \b, locked if idle for %u seconds
+>>>>>>&16 ubelong ^1 \b, not locked if idle
+>>>>>>&24 ubelong x \b, hash iterations %u
+>>>>>>&28 ubequad x \b, salt %llu
+>>>>>>&52 ubelong x \b, %u item(s)
+
+# From: Alex Beregszaszi <alex@fsn.hu>
+4 string gtktalog GNOME Catalogue (gtktalog)
+>13 string >\0 version %s
+
+# Summary: GStreamer binary registry
+# Extension: .bin
+# Submitted by: Josh Triplett <josh@joshtriplett.org>
+0 belong 0xc0def00d GStreamer binary registry
+>4 string x \b, version %s
+
+# GVariant Database file
+# By Elan Ruusamae <glen@delfi.ee>
+# https://github.com/GNOME/gvdb/blob/master/gvdb-format.h
+# It's always "GVariant", it's byte swapped on incompatible archs
+# See https://github.com/GNOME/gvdb/blob/master/gvdb-builder.c
+# file_builder_serialise()
+# https://developer.gnome.org/glib/2.34/glib-GVariant.html#GVariant
+0 string GVariant GVariant Database file,
+# version is never filled. probably future extension
+>8 lelong x version %d
+# not sure are these usable, so commented out
+#>>16 lelong x start %d,
+#>>>20 lelong x end %d
+
+# G-IR database made by gobject-introspect toolset,
+# https://live.gnome.org/GObjectIntrospection
+0 string GOBJ\nMETADATA\r\n\032 G-IR binary database
+>16 byte x \b, v%d
+>17 byte x \b.%d
+>20 short x \b, %d entries
+>22 short x \b/%d local
diff --git a/magic/Magdir/gnu b/magic/Magdir/gnu
new file mode 100644
index 0000000..761d657
--- /dev/null
+++ b/magic/Magdir/gnu
@@ -0,0 +1,173 @@
+
+#------------------------------------------------------------------------------
+# $File: gnu,v 1.24 2021/04/26 15:56:00 christos Exp $
+# gnu: file(1) magic for various GNU tools
+#
+# GNU nlsutils message catalog file format
+#
+# GNU message catalog (.mo and .gmo files)
+
+# Update: Joerg Jenderek
+# URL: https://www.gnu.org/software/gettext/manual/html_node/MO-Files.html
+# Reference: ftp://ftp.gnu.org/pub/gnu/gettext/gettext-0.19.8.tar.gz/
+# gettext-0.19.8.1/gettext-runtime/intl/gmo.h
+# Note: maybe call it like "GNU translation gettext machine object"
+0 string \336\22\4\225 GNU message catalog (little endian),
+#0 ulelong 0x950412DE GNU-format message catalog data
+# TODO: write lines in such a way that code can also be called for big endian variant
+#>0 use gettext-object
+#0 name gettext-object
+>4 ulelong x revision
+!:mime application/x-gettext-translation
+# mo extension is also used for Easeus Partition Master PE32 executable module
+# like ConvertFatToNTFS.mo
+!:ext gmo/mo
+# only found three revision combinations 0.0 0.1 1.1 as unsigned 32-bit
+# major revision
+>4 ulelong/0xFFff x %u.
+# minor revision
+>4 ulelong&0x0000FFff x \b%u
+>>8 ulelong x \b, %u message
+# plural s
+>>8 ulelong >1 \bs
+# size of hashing table
+#>20 ulelong x \b, %u hash
+#>20 ulelong >1 \bes
+#>24 ulelong x at %#x
+# for revision x.0 offset of table with originals is 1Ch if directly after header
+>4 ulelong&0x0000FFff =0
+>>12 ulelong !0x1C \b, at %#x string table
+# but for x.1 table offset i found is 30h. That means directly after bigger header
+>4 ulelong&0x0000FFff >0
+>>12 ulelong !0x30 \b, at %#x string table
+# The following variables are only used in .mo files with minor revision >= 1
+# number of system dependent segments
+#>>28 ulelong x \b, %u segment
+#>>28 ulelong >1 \bs
+# offset of table describing system dependent segments
+#>>32 ulelong x at %#x
+# number of system dependent strings pairs
+>>36 ulelong x \b, %u sysdep message
+>>36 ulelong >1 \bs
+# offset of table with start offsets of original sysdep strings
+#>>40 ulelong x \b, at %#x sysdep strings
+# offset of table with start offsets of translated sysdep strings
+#>>44 ulelong x \b, at %#x sysdep translations
+# >>(44.l) ulelong x %#x chars
+# >>>&0 ulelong x at %#x
+# >>>>(&-4) string x "%s"
+# string table after big header
+#>>48 ubequad x \b, string table %#llx
+#
+# 0th string length seems to be always 0
+#>(12.l) ulelong x \b, %u chars
+#>>&0 ulelong x at %#x
+# if 1st string length positive inspect offset and string
+#>(12.l+8) ulelong >0 \b, %u chars
+#>>&0 ulelong x at %#x
+# if 2nd string length positive inspect offset and string
+# >(12.l+16) ulelong >0 \b, %u chars
+# >>&0 ulelong x at %#x
+# skip newline byte
+#>>>(&-4) ubyte =0x0A
+#>>>>&0 string x "%s"
+#>>>(&-4) ubyte !0x0A
+#>>>>&-1 string x '%s'
+# offset of table with translation strings
+#>16 ulelong x \b, at %#x translation table
+# check translation 0 length and offset
+>(16.l) ulelong >0
+>>&0 ulelong x
+# translation 0 seems to be often Project-Id with name and version
+>>>(&-4) string x \b, %s
+# trans. 1 with bytes >= 1 unlike icoutils-0.31.0\po\en@boldquot.gmo with 1 NL
+>(16.l+8) ulelong >1
+>>&0 ulelong x
+>>>(&-4) ubyte !0x0A
+>>>>&-1 string x '%s'
+# 1 New Line like in tar-1.29\po\de.gmo
+>>>(&-4) ubyte =0x0A
+>>>>&0 ubyte !0x0A
+>>>>>&-1 string x '%s'
+# 2nd New Line like in parted-3.1\po\de.gmo
+>>>>&0 ubyte =0x0A
+>>>>>&0 string x '%s'
+
+0 string \225\4\22\336 GNU message catalog (big endian),
+#0 ubelong 0x950412DE GNU-format message catalog data
+!:mime application/x-gettext-translation
+!:ext gmo/mo
+# TODO: for big endian use same code as for little endian
+#>0 use \^gettext-object
+# DEBUG code
+#>16 ubelong x \b, at %#x translation table
+#>(16.L) ubelong x %#x chars
+#>>&0 ubelong x at %#x
+# unexpected value HERE!
+#>>>(&-4) ubequad x %#llx
+#
+>4 beshort x revision %d.
+>6 beshort >0 \b%d,
+>>8 belong x %d messages,
+>>36 belong x %d sysdep messages
+>6 beshort =0 \b%d,
+>>8 belong x %d messages
+
+
+# GnuPG
+# The format is very similar to pgp
+0 string \001gpg GPG key trust database
+>4 byte x version %d
+# Note: magic.mime had 0x8501 for the next line instead of 0x8502
+0 beshort 0x8502 GPG encrypted data
+!:mime text/PGP # encoding: data
+
+# Update: Joerg Jenderek
+# Note: PGP and GPG use same data structure.
+# So recognition is now done by ./pgp with start test for byte 0x99
+# This magic is not particularly good, as the keyrings don't have true
+# magic. Nevertheless, it covers many keyrings.
+# 0 ubeshort-0x9901 <2
+# >3 byte 4
+# >>4 bedate x GPG key public ring, created %s
+# !:mime application/x-gnupg-keyring
+
+# Symmetric encryption
+0 leshort 0x0d8c
+>4 leshort 0x0203
+>>2 leshort 0x0204 GPG symmetrically encrypted data (3DES cipher)
+>>2 leshort 0x0304 GPG symmetrically encrypted data (CAST5 cipher)
+>>2 leshort 0x0404 GPG symmetrically encrypted data (BLOWFISH cipher)
+>>2 leshort 0x0704 GPG symmetrically encrypted data (AES cipher)
+>>2 leshort 0x0804 GPG symmetrically encrypted data (AES192 cipher)
+>>2 leshort 0x0904 GPG symmetrically encrypted data (AES256 cipher)
+>>2 leshort 0x0a04 GPG symmetrically encrypted data (TWOFISH cipher)
+>>2 leshort 0x0b04 GPG symmetrically encrypted data (CAMELLIA128 cipher)
+>>2 leshort 0x0c04 GPG symmetrically encrypted data (CAMELLIA192 cipher)
+>>2 leshort 0x0d04 GPG symmetrically encrypted data (CAMELLIA256 cipher)
+
+
+# GnuPG Keybox file
+# <https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=kbx/keybox-blob.c;hb=HEAD>
+# From: Philipp Hahn <hahn@univention.de>
+0 belong 32
+>4 byte 1
+>>8 string KBXf GPG keybox database
+>>>5 byte 1 version %d
+>>>16 bedate x \b, created-at %s
+>>>20 bedate x \b, last-maintained %s
+
+
+# From: James Youngman <jay@gnu.org>
+# gnu find magic
+0 string \0LOCATE GNU findutils locate database data
+>7 string >\0 \b, format %s
+>7 string 02 \b (frcode)
+
+# Files produced by GNU gettext
+
+# gettext message catalogue
+0 search/1024 \nmsgid
+>&0 search/1024 \nmsgstr GNU gettext message catalogue text
+!:strength +100
+!:mime text/x-po
diff --git a/magic/Magdir/gnumeric b/magic/Magdir/gnumeric
new file mode 100644
index 0000000..928ad3e
--- /dev/null
+++ b/magic/Magdir/gnumeric
@@ -0,0 +1,8 @@
+
+#------------------------------------------------------------------------------
+# $File: gnumeric,v 1.4 2009/09/19 16:28:09 christos Exp $
+# gnumeric: file(1) magic for Gnumeric spreadsheet
+# This entry is only semi-helpful, as Gnumeric compresses its files, so
+# they will ordinarily reported as "compressed", but at least -z helps
+39 string =<gmr:Workbook Gnumeric spreadsheet
+!:mime application/x-gnumeric
diff --git a/magic/Magdir/gpt b/magic/Magdir/gpt
new file mode 100644
index 0000000..c2fd51c
--- /dev/null
+++ b/magic/Magdir/gpt
@@ -0,0 +1,240 @@
+
+#------------------------------------------------------------------------------
+# $File: gpt,v 1.5 2020/12/12 20:01:47 christos Exp $
+#
+# GPT Partition table patterns.
+# Author: Rogier Goossens (goossens.rogier@gmail.com)
+# Note that a GPT-formatted disk must contain an MBR as well.
+#
+
+# The initial segment (up to >>>>>>>>422) was copied from the X86
+# partition table code (aka MBR).
+# This is kept separate, so that MBR partitions are not reported as well.
+# (use -k if you do want them as well)
+
+# First, detect the MBR partition table
+# If more than one GPT protective MBR partition exists, don't print anything
+# (the other MBR detection code will then just print the MBR partition table)
+0x1FE leshort 0xAA55
+>3 string !MS
+>>3 string !SYSLINUX
+>>>3 string !MTOOL
+>>>>3 string !NEWLDR
+>>>>>5 string !DOS
+# not FAT (32 bit)
+>>>>>>82 string !FAT32
+#not Linux kernel
+>>>>>>>514 string !HdrS
+#not BeOS
+>>>>>>>>422 string !Be\ Boot\ Loader
+# GPT with protective MBR entry in partition 1 (only)
+>>>>>>>>>450 ubyte 0xee
+>>>>>>>>>>466 ubyte !0xee
+>>>>>>>>>>>482 ubyte !0xee
+>>>>>>>>>>>>498 ubyte !0xee
+#>>>>>>>>>>>>>446 use gpt-mbr-partition
+>>>>>>>>>>>>>(454.l*8192) string EFI\ PART GPT partition table
+>>>>>>>>>>>>>>0 use gpt-mbr-type
+>>>>>>>>>>>>>>&-8 use gpt-table
+>>>>>>>>>>>>>>0 ubyte x of 8192 bytes
+>>>>>>>>>>>>>(454.l*8192) string !EFI\ PART
+>>>>>>>>>>>>>>(454.l*4096) string EFI\ PART GPT partition table
+>>>>>>>>>>>>>>>0 use gpt-mbr-type
+>>>>>>>>>>>>>>>&-8 use gpt-table
+>>>>>>>>>>>>>>>0 ubyte x of 4096 bytes
+>>>>>>>>>>>>>>(454.l*4096) string !EFI\ PART
+>>>>>>>>>>>>>>>(454.l*2048) string EFI\ PART GPT partition table
+>>>>>>>>>>>>>>>>0 use gpt-mbr-type
+>>>>>>>>>>>>>>>>&-8 use gpt-table
+>>>>>>>>>>>>>>>>0 ubyte x of 2048 bytes
+>>>>>>>>>>>>>>>(454.l*2048) string !EFI\ PART
+>>>>>>>>>>>>>>>>(454.l*1024) string EFI\ PART GPT partition table
+>>>>>>>>>>>>>>>>>0 use gpt-mbr-type
+>>>>>>>>>>>>>>>>>&-8 use gpt-table
+>>>>>>>>>>>>>>>>>0 ubyte x of 1024 bytes
+>>>>>>>>>>>>>>>>(454.l*1024) string !EFI\ PART
+>>>>>>>>>>>>>>>>>(454.l*512) string EFI\ PART GPT partition table
+>>>>>>>>>>>>>>>>>>0 use gpt-mbr-type
+>>>>>>>>>>>>>>>>>>&-8 use gpt-table
+>>>>>>>>>>>>>>>>>>0 ubyte x of 512 bytes
+# GPT with protective MBR entry in partition 2 (only)
+>>>>>>>>>450 ubyte !0xee
+>>>>>>>>>>466 ubyte 0xee
+>>>>>>>>>>>482 ubyte !0xee
+>>>>>>>>>>>>498 ubyte !0xee
+#>>>>>>>>>>>>>462 use gpt-mbr-partition
+>>>>>>>>>>>>>(470.l*8192) string EFI\ PART GPT partition table
+>>>>>>>>>>>>>>0 use gpt-mbr-type
+>>>>>>>>>>>>>>&-8 use gpt-table
+>>>>>>>>>>>>>>0 ubyte x of 8192 bytes
+>>>>>>>>>>>>>(470.l*8192) string !EFI\ PART
+>>>>>>>>>>>>>>(470.l*4096) string EFI\ PART GPT partition table
+>>>>>>>>>>>>>>>0 use gpt-mbr-type
+>>>>>>>>>>>>>>>&-8 use gpt-table
+>>>>>>>>>>>>>>>0 ubyte x of 4096 bytes
+>>>>>>>>>>>>>>(470.l*4096) string !EFI\ PART
+>>>>>>>>>>>>>>>(470.l*2048) string EFI\ PART GPT partition table
+>>>>>>>>>>>>>>>>0 use gpt-mbr-type
+>>>>>>>>>>>>>>>>&-8 use gpt-table
+>>>>>>>>>>>>>>>>0 ubyte x of 2048 bytes
+>>>>>>>>>>>>>>>(470.l*2048) string !EFI\ PART
+>>>>>>>>>>>>>>>>(470.l*1024) string EFI\ PART GPT partition table
+>>>>>>>>>>>>>>>>>0 use gpt-mbr-type
+>>>>>>>>>>>>>>>>>&-8 use gpt-table
+>>>>>>>>>>>>>>>>>0 ubyte x of 1024 bytes
+>>>>>>>>>>>>>>>>(470.l*1024) string !EFI\ PART
+>>>>>>>>>>>>>>>>>(470.l*512) string EFI\ PART GPT partition table
+>>>>>>>>>>>>>>>>>>0 use gpt-mbr-type
+>>>>>>>>>>>>>>>>>>&-8 use gpt-table
+>>>>>>>>>>>>>>>>>>0 ubyte x of 512 bytes
+# GPT with protective MBR entry in partition 3 (only)
+>>>>>>>>>450 ubyte !0xee
+>>>>>>>>>>466 ubyte !0xee
+>>>>>>>>>>>482 ubyte 0xee
+>>>>>>>>>>>>498 ubyte !0xee
+#>>>>>>>>>>>>>478 use gpt-mbr-partition
+>>>>>>>>>>>>>(486.l*8192) string EFI\ PART GPT partition table
+>>>>>>>>>>>>>>0 use gpt-mbr-type
+>>>>>>>>>>>>>>&-8 use gpt-table
+>>>>>>>>>>>>>>0 ubyte x of 8192 bytes
+>>>>>>>>>>>>>(486.l*8192) string !EFI\ PART
+>>>>>>>>>>>>>>(486.l*4096) string EFI\ PART GPT partition table
+>>>>>>>>>>>>>>>0 use gpt-mbr-type
+>>>>>>>>>>>>>>>&-8 use gpt-table
+>>>>>>>>>>>>>>>0 ubyte x of 4096 bytes
+>>>>>>>>>>>>>>(486.l*4096) string !EFI\ PART
+>>>>>>>>>>>>>>>(486.l*2048) string EFI\ PART GPT partition table
+>>>>>>>>>>>>>>>>0 use gpt-mbr-type
+>>>>>>>>>>>>>>>>&-8 use gpt-table
+>>>>>>>>>>>>>>>>0 ubyte x of 2048 bytes
+>>>>>>>>>>>>>>>(486.l*2048) string !EFI\ PART
+>>>>>>>>>>>>>>>>(486.l*1024) string EFI\ PART GPT partition table
+>>>>>>>>>>>>>>>>>0 use gpt-mbr-type
+>>>>>>>>>>>>>>>>>&-8 use gpt-table
+>>>>>>>>>>>>>>>>>0 ubyte x of 1024 bytes
+>>>>>>>>>>>>>>>>(486.l*1024) string !EFI\ PART
+>>>>>>>>>>>>>>>>>(486.l*512) string EFI\ PART GPT partition table
+>>>>>>>>>>>>>>>>>>0 use gpt-mbr-type
+>>>>>>>>>>>>>>>>>>&-8 use gpt-table
+>>>>>>>>>>>>>>>>>>0 ubyte x of 512 bytes
+# GPT with protective MBR entry in partition 4 (only)
+>>>>>>>>>450 ubyte !0xee
+>>>>>>>>>>466 ubyte !0xee
+>>>>>>>>>>>482 ubyte !0xee
+>>>>>>>>>>>>498 ubyte 0xee
+#>>>>>>>>>>>>>494 use gpt-mbr-partition
+>>>>>>>>>>>>>(502.l*8192) string EFI\ PART GPT partition table
+>>>>>>>>>>>>>>0 use gpt-mbr-type
+>>>>>>>>>>>>>>&-8 use gpt-table
+>>>>>>>>>>>>>>0 ubyte x of 8192 bytes
+>>>>>>>>>>>>>(502.l*8192) string !EFI\ PART
+>>>>>>>>>>>>>>(502.l*4096) string EFI\ PART GPT partition table
+>>>>>>>>>>>>>>>0 use gpt-mbr-type
+>>>>>>>>>>>>>>>&-8 use gpt-table
+>>>>>>>>>>>>>>>0 ubyte x of 4096 bytes
+>>>>>>>>>>>>>>(502.l*4096) string !EFI\ PART
+>>>>>>>>>>>>>>>(502.l*2048) string EFI\ PART GPT partition table
+>>>>>>>>>>>>>>>>0 use gpt-mbr-type
+>>>>>>>>>>>>>>>>&-8 use gpt-table
+>>>>>>>>>>>>>>>>0 ubyte x of 2048 bytes
+>>>>>>>>>>>>>>>(502.l*2048) string !EFI\ PART
+>>>>>>>>>>>>>>>>(502.l*1024) string EFI\ PART GPT partition table
+>>>>>>>>>>>>>>>>>0 use gpt-mbr-type
+>>>>>>>>>>>>>>>>>&-8 use gpt-table
+>>>>>>>>>>>>>>>>>0 ubyte x of 1024 bytes
+>>>>>>>>>>>>>>>>(502.l*1024) string !EFI\ PART
+>>>>>>>>>>>>>>>>>(502.l*512) string EFI\ PART GPT partition table
+>>>>>>>>>>>>>>>>>>0 use gpt-mbr-type
+>>>>>>>>>>>>>>>>>>&-8 use gpt-table
+>>>>>>>>>>>>>>>>>>0 ubyte x of 512 bytes
+
+# The following code does GPT detection and processing, including
+# sector size detection.
+# It has to be duplicated above because the top-level pattern
+# (i.e. not called using 'use') must print *something* for file
+# to count it as a match. Text only printed in named patterns is
+# not counted, and causes file to continue, and try and match
+# other patterns.
+#
+# Unfortunately, when assuming sector sizes >=16k, if the sector size
+# happens to be 512 instead, we may find confusing data after the GPT
+# table... If the GPT table has less than 128 entries, this may even
+# happen for assumed sector sizes as small as 4k
+# This could be solved by checking for the presence of the backup GPT
+# header as well, but that makes the logic extremely complex
+##0 name gpt-mbr-partition
+##>(8.l*8192) string EFI\ PART
+##>>(8.l*8192) use gpt-mbr-type
+##>>&-8 use gpt-table
+##>>0 ubyte x of 8192 bytes
+##>(8.l*8192) string !EFI\ PART
+##>>(8.l*4096) string EFI\ PART GPT partition table
+##>>>0 use gpt-mbr-type
+##>>>&-8 use gpt-table
+##>>>0 ubyte x of 4096 bytes
+##>>(8.l*4096) string !EFI\ PART
+##>>>(8.l*2048) string EFI\ PART GPT partition table
+##>>>>0 use gpt-mbr-type
+##>>>>&-8 use gpt-table
+##>>>>0 ubyte x of 2048 bytes
+##>>>(8.l*2048) string !EFI\ PART
+##>>>>(8.l*1024) string EFI\ PART GPT partition table
+##>>>>>0 use gpt-mbr-type
+##>>>>>&-8 use gpt-table
+##>>>>>0 ubyte x of 1024 bytes
+##>>>>(8.l*1024) string !EFI\ PART
+##>>>>>(8.l*512) string EFI\ PART GPT partition table
+##>>>>>>0 use gpt-mbr-type
+##>>>>>>&-8 use gpt-table
+##>>>>>>0 ubyte x of 512 bytes
+
+# Print details of MBR type for a GPT-disk
+# Calling code ensures that there is only one 0xee partition.
+0 name gpt-mbr-type
+# GPT with protective MBR entry in partition 1
+>450 ubyte 0xee
+>>454 ulelong 1
+>>>462 string !\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0 \b (with hybrid MBR)
+>>454 ulelong !1 \b (nonstandard: not at LBA 1)
+# GPT with protective MBR entry in partition 2
+>466 ubyte 0xee
+>>470 ulelong 1
+>>>478 string \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
+>>>>446 string !\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0 \b (with hybrid MBR)
+>>>478 string !\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0 \b (with hybrid MBR)
+>>470 ulelong !1 \b (nonstandard: not at LBA 1)
+# GPT with protective MBR entry in partition 3
+>482 ubyte 0xee
+>>486 ulelong 1
+>>>494 string \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
+>>>>446 string !\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0 \b (with hybrid MBR)
+>>>494 string !\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0 \b (with hybrid MBR)
+>>486 ulelong !1 \b (nonstandard: not at LBA 1)
+# GPT with protective MBR entry in partition 4
+>498 ubyte 0xee
+>>502 ulelong 1
+>>>446 string !\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0 \b (with hybrid MBR)
+>>502 ulelong !1 \b (nonstandard: not at LBA 1)
+
+# Print the information from a GPT partition table structure
+0 name gpt-table
+>10 uleshort x \b, version %u
+>8 uleshort x \b.%u
+>56 ulelong x \b, GUID: %08x
+>60 uleshort x \b-%04x
+>62 uleshort x \b-%04x
+>64 ubeshort x \b-%04x
+>66 ubeshort x \b-%04x
+>68 ubelong x \b%08x
+#>80 uleshort x \b, %d partition entries
+>32 ulequad+1 x \b, disk size: %lld sectors
+
+# In case a GPT data-structure is at LBA 0, report it as well
+# This covers systems which are not GPT-aware, and which show
+# and allow access to the protective partition. This code will
+# detect the contents of such a partition.
+0 string EFI\ PART GPT data structure (nonstandard: at LBA 0)
+>0 use gpt-table
+>0 ubyte x (sector size unknown)
+
+
diff --git a/magic/Magdir/gpu b/magic/Magdir/gpu
new file mode 100644
index 0000000..36d7124
--- /dev/null
+++ b/magic/Magdir/gpu
@@ -0,0 +1,28 @@
+
+#------------------------------------------------------------------------------
+# $File: gpu,v 1.3 2021/04/26 15:56:00 christos Exp $
+# gpu: file(1) magic for GPU input files
+
+# Standard Portable Intermediate Representation (SPIR)
+# Documentation: https://www.khronos.org/spir
+# Typical file extension: .spv
+
+0 belong 0x07230203 Khronos SPIR-V binary, big-endian
+>4 belong x \b, version %#08x
+>8 belong x \b, generator %#08x
+
+0 lelong 0x07230203 Khronos SPIR-V binary, little-endian
+>4 lelong x \b, version %#08x
+>8 lelong x \b, generator %#08x
+
+# Vulkan Trace file
+# Documentation:
+# https://github.com/LunarG/VulkanTools/blob/master/vktrace/vktrace_common/\
+# vktrace_trace_packet_identifiers.h
+# Typical file extension: .vktrace
+
+8 lequad 0xABADD068ADEAFD0C Vulkan trace file, little-endian
+>0 leshort x \b, version %d
+
+8 bequad 0xABADD068ADEAFD0C Vulkan trace file, big-endian
+>0 beshort x \b, version %d
diff --git a/magic/Magdir/grace b/magic/Magdir/grace
new file mode 100644
index 0000000..25bd759
--- /dev/null
+++ b/magic/Magdir/grace
@@ -0,0 +1,21 @@
+
+#------------------------------------------------------------------------------
+# $File: grace,v 1.4 2009/09/19 16:28:09 christos Exp $
+# ACE/gr and Grace type files - PLEASE DO NOT REMOVE THIS LINE
+#
+# ACE/gr binary
+0 string \000\000\0001\000\000\0000\000\000\0000\000\000\0002\000\000\0000\000\000\0000\000\000\0003 old ACE/gr binary file
+>39 byte >0 - version %c
+# ACE/gr ascii
+0 string #\ xvgr\ parameter\ file ACE/gr ascii file
+0 string #\ xmgr\ parameter\ file ACE/gr ascii file
+0 string #\ ACE/gr\ parameter\ file ACE/gr ascii file
+# Grace projects
+0 string #\ Grace\ project\ file Grace project file
+>23 string @version\ (version
+>>32 byte >0 %c
+>>33 string >\0 \b.%.2s
+>>35 string >\0 \b.%.2s)
+# ACE/gr fit description files
+0 string #\ ACE/gr\ fit\ description\ ACE/gr fit description file
+# end of ACE/gr and Grace type files - PLEASE DO NOT REMOVE THIS LINE
diff --git a/magic/Magdir/graphviz b/magic/Magdir/graphviz
new file mode 100644
index 0000000..d8bf22d
--- /dev/null
+++ b/magic/Magdir/graphviz
@@ -0,0 +1,12 @@
+
+#------------------------------------------------------------------------------
+# $File: graphviz,v 1.9 2019/04/30 04:01:40 christos Exp $
+# graphviz: file(1) magic for https://www.graphviz.org/
+
+# FIXME: These patterns match too generally. For example, the first
+# line matches a LaTeX file containing the word "graph" (with a {
+# following later) and the second line matches this file.
+#0 regex/100l [\r\n\t\ ]*graph[\r\n\t\ ]+.*\\{ graphviz graph text
+#!:mime text/vnd.graphviz
+#0 regex/100l [\r\n\t\ ]*digraph[\r\n\t\ ]+.*\\{ graphviz digraph text
+#!:mime text/vnd.graphviz
diff --git a/magic/Magdir/gringotts b/magic/Magdir/gringotts
new file mode 100644
index 0000000..b674754
--- /dev/null
+++ b/magic/Magdir/gringotts
@@ -0,0 +1,48 @@
+
+#------------------------------------------------------------------------------
+# $File: gringotts,v 1.6 2017/03/17 21:35:28 christos Exp $
+# gringotts: file(1) magic for Gringotts
+# http://devel.pluto.linux.it/projects/Gringotts/
+# author: Germano Rizzo <mano@pluto.linux.it>
+#GRG3????Y
+0 string GRG Gringotts data file
+#file format 1
+>3 string 1 v.1, MCRYPT S2K, SERPENT crypt, SHA-256 hash, ZLib lvl.9
+#file format 2
+>3 string 2 v.2, MCRYPT S2K,
+>>8 byte&0x70 0x00 RIJNDAEL-128 crypt,
+>>8 byte&0x70 0x10 SERPENT crypt,
+>>8 byte&0x70 0x20 TWOFISH crypt,
+>>8 byte&0x70 0x30 CAST-256 crypt,
+>>8 byte&0x70 0x40 SAFER+ crypt,
+>>8 byte&0x70 0x50 LOKI97 crypt,
+>>8 byte&0x70 0x60 3DES crypt,
+>>8 byte&0x70 0x70 RIJNDAEL-256 crypt,
+>>8 byte&0x08 0x00 SHA1 hash,
+>>8 byte&0x08 0x08 RIPEMD-160 hash,
+>>8 byte&0x04 0x00 ZLib
+>>8 byte&0x04 0x04 BZip2
+>>8 byte&0x03 0x00 lvl.0
+>>8 byte&0x03 0x01 lvl.3
+>>8 byte&0x03 0x02 lvl.6
+>>8 byte&0x03 0x03 lvl.9
+#file format 3
+>3 string 3 v.3, OpenPGP S2K,
+>>8 byte&0x70 0x00 RIJNDAEL-128 crypt,
+>>8 byte&0x70 0x10 SERPENT crypt,
+>>8 byte&0x70 0x20 TWOFISH crypt,
+>>8 byte&0x70 0x30 CAST-256 crypt,
+>>8 byte&0x70 0x40 SAFER+ crypt,
+>>8 byte&0x70 0x50 LOKI97 crypt,
+>>8 byte&0x70 0x60 3DES crypt,
+>>8 byte&0x70 0x70 RIJNDAEL-256 crypt,
+>>8 byte&0x08 0x00 SHA1 hash,
+>>8 byte&0x08 0x08 RIPEMD-160 hash,
+>>8 byte&0x04 0x00 ZLib
+>>8 byte&0x04 0x04 BZip2
+>>8 byte&0x03 0x00 lvl.0
+>>8 byte&0x03 0x01 lvl.3
+>>8 byte&0x03 0x02 lvl.6
+>>8 byte&0x03 0x03 lvl.9
+#file format >3
+>3 string >3 v.%.1s (unknown details)
diff --git a/magic/Magdir/hardware b/magic/Magdir/hardware
new file mode 100644
index 0000000..e92986c
--- /dev/null
+++ b/magic/Magdir/hardware
@@ -0,0 +1,12 @@
+
+#------------------------------------------------------------------------------
+# $File: hardware,v 1.1 2018/08/02 06:32:52 christos Exp $
+# hardware magic
+
+# EDID
+# https://en.wikipedia.org/wiki/Extended_Display_Identification_Data
+0 string \x00\xFF\xFF\xFF\xFF\xFF\xFF\x00
+>19 byte x
+>>18 byte x EDID data, version %u.
+>>19 byte x \b%u
+#>>17 ubyte+1990 <255 \b, manufactured %u
diff --git a/magic/Magdir/hitachi-sh b/magic/Magdir/hitachi-sh
new file mode 100644
index 0000000..f64489f
--- /dev/null
+++ b/magic/Magdir/hitachi-sh
@@ -0,0 +1,30 @@
+
+#------------------------------------------------------------------------------
+# $File: hitachi-sh,v 1.10 2020/12/12 20:01:47 christos Exp $
+# hitach-sh: file(1) magic for Hitachi Super-H
+#
+# Super-H COFF
+#
+# updated by Joerg Jenderek at Oct 2015
+# https://en.wikipedia.org/wiki/COFF
+# https://de.wikipedia.org/wiki/Common_Object_File_Format
+# http://www.delorie.com/djgpp/doc/coff/filhdr.html
+# below test line conflicts with 2nd NTFS filesystem sector
+# 2nd NTFS filesystem sector often starts with 0x05004e00 for unicode string 5 NTLDR
+# and Portable Gaming Notation Compressed format (*.WID http://pgn.freeservers.com/)
+0 beshort 0x0500
+# test for unused flag bits (0x8000,0x0800,0x0400,0x0200,x0080) in f_flags
+>18 ubeshort&0x8E80 0
+# use big endian variant of subroutine to display name+variables+flags
+# for common object formatted files
+>>0 use \^display-coff
+!:strength -10
+
+0 leshort 0x0550
+# test for unused flag bits in f_flags
+>18 uleshort&0x8E80 0
+# use little endian variant of subroutine to
+# display name+variables+flags for common object formatted files
+>>0 use display-coff
+!:strength -10
+
diff --git a/magic/Magdir/hp b/magic/Magdir/hp
new file mode 100644
index 0000000..d57169e
--- /dev/null
+++ b/magic/Magdir/hp
@@ -0,0 +1,433 @@
+
+#------------------------------------------------------------------------------
+# $File: hp,v 1.25 2019/01/13 00:32:38 christos Exp $
+# hp: file(1) magic for Hewlett Packard machines (see also "printer")
+#
+# XXX - somebody should figure out whether any byte order needs to be
+# applied to the "TML" stuff; I'm assuming the Apollo stuff is
+# big-endian as it was mostly 68K-based.
+#
+# I think the 500 series was the old stack-based machines, running a
+# UNIX environment atop the "SUN kernel"; dunno whether it was
+# big-endian or little-endian.
+#
+# Daniel Quinlan (quinlan@yggdrasil.com): hp200 machines are 68010 based;
+# hp300 are 68020+68881 based; hp400 are also 68k. The following basic
+# HP magic is useful for reference, but using "long" magic is a better
+# practice in order to avoid collisions.
+#
+# Guy Harris (guy@netapp.com): some additions to this list came from
+# HP-UX 10.0's "/usr/include/sys/unistd.h" (68030, 68040, PA-RISC 1.1,
+# 1.2, and 2.0). The 1.2 and 2.0 stuff isn't in the HP-UX 10.0
+# "/etc/magic", though, except for the "archive file relocatable library"
+# stuff, and the 68030 and 68040 stuff isn't there at all - are they not
+# used in executables, or have they just not yet updated "/etc/magic"
+# completely?
+#
+# 0 beshort 200 hp200 (68010) BSD binary
+# 0 beshort 300 hp300 (68020+68881) BSD binary
+# 0 beshort 0x20c hp200/300 HP-UX binary
+# 0 beshort 0x20d hp400 (68030) HP-UX binary
+# 0 beshort 0x20e hp400 (68040?) HP-UX binary
+# 0 beshort 0x20b PA-RISC1.0 HP-UX binary
+# 0 beshort 0x210 PA-RISC1.1 HP-UX binary
+# 0 beshort 0x211 PA-RISC1.2 HP-UX binary
+# 0 beshort 0x214 PA-RISC2.0 HP-UX binary
+
+#
+# The "misc" stuff needs a byte order; the archives look suspiciously
+# like the old 177545 archives (0xff65 = 0177545).
+#
+#### Old Apollo stuff
+0 beshort 0627 Apollo m68k COFF executable
+>18 beshort ^040000 not stripped
+>22 beshort >0 - version %d
+0 beshort 0624 apollo a88k COFF executable
+>18 beshort ^040000 not stripped
+>22 beshort >0 - version %d
+0 long 01203604016 TML 0123 byte-order format
+0 long 01702407010 TML 1032 byte-order format
+0 long 01003405017 TML 2301 byte-order format
+0 long 01602007412 TML 3210 byte-order format
+#### PA-RISC 1.1
+0 belong 0x02100106 PA-RISC1.1 relocatable object
+0 belong 0x02100107 PA-RISC1.1 executable
+>168 belong &0x00000004 dynamically linked
+>(144) belong 0x054ef630 dynamically linked
+>96 belong >0 - not stripped
+
+0 belong 0x02100108 PA-RISC1.1 shared executable
+>168 belong&0x4 0x4 dynamically linked
+>(144) belong 0x054ef630 dynamically linked
+>96 belong >0 - not stripped
+
+0 belong 0x0210010b PA-RISC1.1 demand-load executable
+>168 belong&0x4 0x4 dynamically linked
+>(144) belong 0x054ef630 dynamically linked
+>96 belong >0 - not stripped
+
+0 belong 0x0210010e PA-RISC1.1 shared library
+>96 belong >0 - not stripped
+
+0 belong 0x0210010d PA-RISC1.1 dynamic load library
+>96 belong >0 - not stripped
+
+#### PA-RISC 2.0
+0 belong 0x02140106 PA-RISC2.0 relocatable object
+
+0 belong 0x02140107 PA-RISC2.0 executable
+>168 belong &0x00000004 dynamically linked
+>(144) belong 0x054ef630 dynamically linked
+>96 belong >0 - not stripped
+
+0 belong 0x02140108 PA-RISC2.0 shared executable
+>168 belong &0x00000004 dynamically linked
+>(144) belong 0x054ef630 dynamically linked
+>96 belong >0 - not stripped
+
+0 belong 0x0214010b PA-RISC2.0 demand-load executable
+>168 belong &0x00000004 dynamically linked
+>(144) belong 0x054ef630 dynamically linked
+>96 belong >0 - not stripped
+
+0 belong 0x0214010e PA-RISC2.0 shared library
+>96 belong >0 - not stripped
+
+0 belong 0x0214010d PA-RISC2.0 dynamic load library
+>96 belong >0 - not stripped
+
+#### 800
+0 belong 0x020b0106 PA-RISC1.0 relocatable object
+
+0 belong 0x020b0107 PA-RISC1.0 executable
+>168 belong&0x4 0x4 dynamically linked
+>(144) belong 0x054ef630 dynamically linked
+>96 belong >0 - not stripped
+
+0 belong 0x020b0108 PA-RISC1.0 shared executable
+>168 belong&0x4 0x4 dynamically linked
+>(144) belong 0x054ef630 dynamically linked
+>96 belong >0 - not stripped
+
+0 belong 0x020b010b PA-RISC1.0 demand-load executable
+>168 belong&0x4 0x4 dynamically linked
+>(144) belong 0x054ef630 dynamically linked
+>96 belong >0 - not stripped
+
+0 belong 0x020b010e PA-RISC1.0 shared library
+>96 belong >0 - not stripped
+
+0 belong 0x020b010d PA-RISC1.0 dynamic load library
+>96 belong >0 - not stripped
+
+#### 500
+0 long 0x02080106 HP s500 relocatable executable
+>16 long >0 - version %d
+
+0 long 0x02080107 HP s500 executable
+>16 long >0 - version %d
+
+0 long 0x02080108 HP s500 pure executable
+>16 long >0 - version %d
+
+#### 200
+0 belong 0x020c0108 HP s200 pure executable
+>4 beshort >0 - version %d
+>8 belong &0x80000000 save fp regs
+>8 belong &0x40000000 dynamically linked
+>8 belong &0x20000000 debuggable
+>36 belong >0 not stripped
+
+0 belong 0x020c0107 HP s200 executable
+>4 beshort >0 - version %d
+>8 belong &0x80000000 save fp regs
+>8 belong &0x40000000 dynamically linked
+>8 belong &0x20000000 debuggable
+>36 belong >0 not stripped
+
+0 belong 0x020c010b HP s200 demand-load executable
+>4 beshort >0 - version %d
+>8 belong &0x80000000 save fp regs
+>8 belong &0x40000000 dynamically linked
+>8 belong &0x20000000 debuggable
+>36 belong >0 not stripped
+
+0 belong 0x020c0106 HP s200 relocatable executable
+>4 beshort >0 - version %d
+>6 beshort >0 - highwater %d
+>8 belong &0x80000000 save fp regs
+>8 belong &0x20000000 debuggable
+>8 belong &0x10000000 PIC
+
+0 belong 0x020a0108 HP s200 (2.x release) pure executable
+>4 beshort >0 - version %d
+>36 belong >0 not stripped
+
+0 belong 0x020a0107 HP s200 (2.x release) executable
+>4 beshort >0 - version %d
+>36 belong >0 not stripped
+
+0 belong 0x020c010e HP s200 shared library
+>4 beshort >0 - version %d
+>6 beshort >0 - highwater %d
+>36 belong >0 not stripped
+
+0 belong 0x020c010d HP s200 dynamic load library
+>4 beshort >0 - version %d
+>6 beshort >0 - highwater %d
+>36 belong >0 not stripped
+
+#### MISC
+0 long 0x0000ff65 HP old archive
+0 long 0x020aff65 HP s200 old archive
+0 long 0x020cff65 HP s200 old archive
+0 long 0x0208ff65 HP s500 old archive
+
+0 long 0x015821a6 HP core file
+
+0 long 0x4da7eee8 HP-WINDOWS font
+>8 byte >0 - version %d
+0 string Bitmapfile HP Bitmapfile
+
+0 string IMGfile CIS compimg HP Bitmapfile
+# XXX - see "lif"
+#0 short 0x8000 lif file
+0 long 0x020c010c compiled Lisp
+
+0 string msgcat01 HP NLS message catalog,
+>8 long >0 %d messages
+
+# Summary: HP-48/49 calculator
+# Created by: phk@data.fls.dk
+# Modified by (1): AMAKAWA Shuhei <sa264@cam.ac.uk>
+# Modified by (2): Samuel Thibault <samuel.thibault@ens-lyon.org> (HP49 support)
+0 string HPHP HP
+>4 string 48 48 binary
+>4 string 49 49 binary
+>7 byte >64 - Rev %c
+>8 leshort 0x2911 (ADR)
+>8 leshort 0x2933 (REAL)
+>8 leshort 0x2955 (LREAL)
+>8 leshort 0x2977 (COMPLX)
+>8 leshort 0x299d (LCOMPLX)
+>8 leshort 0x29bf (CHAR)
+>8 leshort 0x29e8 (ARRAY)
+>8 leshort 0x2a0a (LNKARRAY)
+>8 leshort 0x2a2c (STRING)
+>8 leshort 0x2a4e (HXS)
+>8 leshort 0x2a74 (LIST)
+>8 leshort 0x2a96 (DIR)
+>8 leshort 0x2ab8 (ALG)
+>8 leshort 0x2ada (UNIT)
+>8 leshort 0x2afc (TAGGED)
+>8 leshort 0x2b1e (GROB)
+>8 leshort 0x2b40 (LIB)
+>8 leshort 0x2b62 (BACKUP)
+>8 leshort 0x2b88 (LIBDATA)
+>8 leshort 0x2d9d (PROG)
+>8 leshort 0x2dcc (CODE)
+>8 leshort 0x2e48 (GNAME)
+>8 leshort 0x2e6d (LNAME)
+>8 leshort 0x2e92 (XLIB)
+
+0 string %%HP: HP text
+>6 string T(0) - T(0)
+>6 string T(1) - T(1)
+>6 string T(2) - T(2)
+>6 string T(3) - T(3)
+>10 string A(D) A(D)
+>10 string A(R) A(R)
+>10 string A(G) A(G)
+>14 string F(.) F(.);
+>14 string F(,) F(,);
+
+
+# Summary: HP-38/39 calculator
+# Created by: Samuel Thibault <samuel.thibault@ens-lyon.org>
+0 string HP3
+>3 string 8 HP 38
+>3 string 9 HP 39
+>4 string Bin binary
+>4 string Asc ASCII
+>7 string A (Directory List)
+>7 string B (Zaplet)
+>7 string C (Note)
+>7 string D (Program)
+>7 string E (Variable)
+>7 string F (List)
+>7 string G (Matrix)
+>7 string H (Library)
+>7 string I (Target List)
+>7 string J (ASCII Vector specification)
+>7 string K (wildcard)
+
+# Summary: HP-38/39 calculator
+# Created by: Samuel Thibault <samuel.thibault@ens-lyon.org>
+0 string HP3
+>3 string 8 HP 38
+>3 string 9 HP 39
+>4 string Bin binary
+>4 string Asc ASCII
+>7 string A (Directory List)
+>7 string B (Zaplet)
+>7 string C (Note)
+>7 string D (Program)
+>7 string E (Variable)
+>7 string F (List)
+>7 string G (Matrix)
+>7 string H (Library)
+>7 string I (Target List)
+>7 string J (ASCII Vector specification)
+>7 string K (wildcard)
+
+# hpBSD magic numbers
+0 beshort 200 hp200 (68010) BSD
+>2 beshort 0407 impure binary
+>2 beshort 0410 read-only binary
+>2 beshort 0413 demand paged binary
+0 beshort 300 hp300 (68020+68881) BSD
+>2 beshort 0407 impure binary
+>2 beshort 0410 read-only binary
+>2 beshort 0413 demand paged binary
+#
+# From David Gero <dgero@nortelnetworks.com>
+# HP-UX 10.20 core file format from /usr/include/sys/core.h
+# Unfortunately, HP-UX uses corehead blocks without specifying the order
+# There are four we care about:
+# CORE_KERNEL, which starts with the string "HP-UX"
+# CORE_EXEC, which contains the name of the command
+# CORE_PROC, which contains the signal number that caused the core dump
+# CORE_FORMAT, which contains the version of the core file format (== 1)
+# The only observed order in real core files is KERNEL, EXEC, FORMAT, PROC
+# but we include all 6 variations of the order of the first 3, and
+# assume that PROC will always be last
+# Order 1: KERNEL, EXEC, FORMAT, PROC
+0x10 string HP-UX
+>0 belong 2
+>>0xC belong 0x3C
+>>>0x4C belong 0x100
+>>>>0x58 belong 0x44
+>>>>>0xA0 belong 1
+>>>>>>0xAC belong 4
+>>>>>>>0xB0 belong 1
+>>>>>>>>0xB4 belong 4 core file
+>>>>>>>>>0x90 string >\0 from '%s'
+>>>>>>>>>0xC4 belong 3 - received SIGQUIT
+>>>>>>>>>0xC4 belong 4 - received SIGILL
+>>>>>>>>>0xC4 belong 5 - received SIGTRAP
+>>>>>>>>>0xC4 belong 6 - received SIGABRT
+>>>>>>>>>0xC4 belong 7 - received SIGEMT
+>>>>>>>>>0xC4 belong 8 - received SIGFPE
+>>>>>>>>>0xC4 belong 10 - received SIGBUS
+>>>>>>>>>0xC4 belong 11 - received SIGSEGV
+>>>>>>>>>0xC4 belong 12 - received SIGSYS
+>>>>>>>>>0xC4 belong 33 - received SIGXCPU
+>>>>>>>>>0xC4 belong 34 - received SIGXFSZ
+# Order 2: KERNEL, FORMAT, EXEC, PROC
+>>>0x4C belong 1
+>>>>0x58 belong 4
+>>>>>0x5C belong 1
+>>>>>>0x60 belong 0x100
+>>>>>>>0x6C belong 0x44
+>>>>>>>>0xB4 belong 4 core file
+>>>>>>>>>0xA4 string >\0 from '%s'
+>>>>>>>>>0xC4 belong 3 - received SIGQUIT
+>>>>>>>>>0xC4 belong 4 - received SIGILL
+>>>>>>>>>0xC4 belong 5 - received SIGTRAP
+>>>>>>>>>0xC4 belong 6 - received SIGABRT
+>>>>>>>>>0xC4 belong 7 - received SIGEMT
+>>>>>>>>>0xC4 belong 8 - received SIGFPE
+>>>>>>>>>0xC4 belong 10 - received SIGBUS
+>>>>>>>>>0xC4 belong 11 - received SIGSEGV
+>>>>>>>>>0xC4 belong 12 - received SIGSYS
+>>>>>>>>>0xC4 belong 33 - received SIGXCPU
+>>>>>>>>>0xC4 belong 34 - received SIGXFSZ
+# Order 3: FORMAT, KERNEL, EXEC, PROC
+0x24 string HP-UX
+>0 belong 1
+>>0xC belong 4
+>>>0x10 belong 1
+>>>>0x14 belong 2
+>>>>>0x20 belong 0x3C
+>>>>>>0x60 belong 0x100
+>>>>>>>0x6C belong 0x44
+>>>>>>>>0xB4 belong 4 core file
+>>>>>>>>>0xA4 string >\0 from '%s'
+>>>>>>>>>0xC4 belong 3 - received SIGQUIT
+>>>>>>>>>0xC4 belong 4 - received SIGILL
+>>>>>>>>>0xC4 belong 5 - received SIGTRAP
+>>>>>>>>>0xC4 belong 6 - received SIGABRT
+>>>>>>>>>0xC4 belong 7 - received SIGEMT
+>>>>>>>>>0xC4 belong 8 - received SIGFPE
+>>>>>>>>>0xC4 belong 10 - received SIGBUS
+>>>>>>>>>0xC4 belong 11 - received SIGSEGV
+>>>>>>>>>0xC4 belong 12 - received SIGSYS
+>>>>>>>>>0xC4 belong 33 - received SIGXCPU
+>>>>>>>>>0xC4 belong 34 - received SIGXFSZ
+# Order 4: EXEC, KERNEL, FORMAT, PROC
+0x64 string HP-UX
+>0 belong 0x100
+>>0xC belong 0x44
+>>>0x54 belong 2
+>>>>0x60 belong 0x3C
+>>>>>0xA0 belong 1
+>>>>>>0xAC belong 4
+>>>>>>>0xB0 belong 1
+>>>>>>>>0xB4 belong 4 core file
+>>>>>>>>>0x44 string >\0 from '%s'
+>>>>>>>>>0xC4 belong 3 - received SIGQUIT
+>>>>>>>>>0xC4 belong 4 - received SIGILL
+>>>>>>>>>0xC4 belong 5 - received SIGTRAP
+>>>>>>>>>0xC4 belong 6 - received SIGABRT
+>>>>>>>>>0xC4 belong 7 - received SIGEMT
+>>>>>>>>>0xC4 belong 8 - received SIGFPE
+>>>>>>>>>0xC4 belong 10 - received SIGBUS
+>>>>>>>>>0xC4 belong 11 - received SIGSEGV
+>>>>>>>>>0xC4 belong 12 - received SIGSYS
+>>>>>>>>>0xC4 belong 33 - received SIGXCPU
+>>>>>>>>>0xC4 belong 34 - received SIGXFSZ
+# Order 5: FORMAT, EXEC, KERNEL, PROC
+0x78 string HP-UX
+>0 belong 1
+>>0xC belong 4
+>>>0x10 belong 1
+>>>>0x14 belong 0x100
+>>>>>0x20 belong 0x44
+>>>>>>0x68 belong 2
+>>>>>>>0x74 belong 0x3C
+>>>>>>>>0xB4 belong 4 core file
+>>>>>>>>>0x58 string >\0 from '%s'
+>>>>>>>>>0xC4 belong 3 - received SIGQUIT
+>>>>>>>>>0xC4 belong 4 - received SIGILL
+>>>>>>>>>0xC4 belong 5 - received SIGTRAP
+>>>>>>>>>0xC4 belong 6 - received SIGABRT
+>>>>>>>>>0xC4 belong 7 - received SIGEMT
+>>>>>>>>>0xC4 belong 8 - received SIGFPE
+>>>>>>>>>0xC4 belong 10 - received SIGBUS
+>>>>>>>>>0xC4 belong 11 - received SIGSEGV
+>>>>>>>>>0xC4 belong 12 - received SIGSYS
+>>>>>>>>>0xC4 belong 33 - received SIGXCPU
+>>>>>>>>>0xC4 belong 34 - received SIGXFSZ
+# Order 6: EXEC, FORMAT, KERNEL, PROC
+>0 belong 0x100
+>>0xC belong 0x44
+>>>0x54 belong 1
+>>>>0x60 belong 4
+>>>>>0x64 belong 1
+>>>>>>0x68 belong 2
+>>>>>>>0x74 belong 0x2C
+>>>>>>>>0xB4 belong 4 core file
+>>>>>>>>>0x44 string >\0 from '%s'
+>>>>>>>>>0xC4 belong 3 - received SIGQUIT
+>>>>>>>>>0xC4 belong 4 - received SIGILL
+>>>>>>>>>0xC4 belong 5 - received SIGTRAP
+>>>>>>>>>0xC4 belong 6 - received SIGABRT
+>>>>>>>>>0xC4 belong 7 - received SIGEMT
+>>>>>>>>>0xC4 belong 8 - received SIGFPE
+>>>>>>>>>0xC4 belong 10 - received SIGBUS
+>>>>>>>>>0xC4 belong 11 - received SIGSEGV
+>>>>>>>>>0xC4 belong 12 - received SIGSYS
+>>>>>>>>>0xC4 belong 33 - received SIGXCPU
+>>>>>>>>>0xC4 belong 34 - received SIGXFSZ
+
+
diff --git a/magic/Magdir/human68k b/magic/Magdir/human68k
new file mode 100644
index 0000000..707c740
--- /dev/null
+++ b/magic/Magdir/human68k
@@ -0,0 +1,26 @@
+
+#------------------------------------------------------------------------------
+# $File: human68k,v 1.6 2021/04/26 15:56:00 christos Exp $
+# human68k: file(1) magic for Human68k (X680x0 DOS) binary formats
+# Magic too short!
+#0 string HU Human68k
+#>68 string LZX LZX compressed
+#>>72 string >\0 (version %s)
+#>(8.L+74) string LZX LZX compressed
+#>>(8.L+78) string >\0 (version %s)
+#>60 belong >0 binded
+#>(8.L+66) string #HUPAIR hupair
+#>0 string HU X executable
+#>(8.L+74) string #LIBCV1 - linked PD LIBC ver 1
+#>4 belong >0 - base address %#x
+#>28 belong >0 not stripped
+#>32 belong >0 with debug information
+#0 beshort 0x601a Human68k Z executable
+#0 beshort 0x6000 Human68k object file
+#0 belong 0xd1000000 Human68k ar binary archive
+#0 belong 0xd1010000 Human68k ar ascii archive
+#0 beshort 0x0068 Human68k lib archive
+#4 string LZX Human68k LZX compressed
+#>8 string >\0 (version %s)
+#>4 string LZX R executable
+#2 string #HUPAIR Human68k hupair R executable
diff --git a/magic/Magdir/ibm370 b/magic/Magdir/ibm370
new file mode 100644
index 0000000..dc976f8
--- /dev/null
+++ b/magic/Magdir/ibm370
@@ -0,0 +1,52 @@
+
+#------------------------------------------------------------------------------
+# $File: ibm370,v 1.11 2021/03/14 16:51:45 christos Exp $
+# ibm370: file(1) magic for IBM 370 and compatibles.
+#
+# "ibm370" said that 0x15d == 0535 was "ibm 370 pure executable".
+# What the heck *is* "USS/370"?
+# AIX 4.1's "/etc/magic" has
+#
+# 0 short 0535 370 sysV executable
+# >12 long >0 not stripped
+# >22 short >0 - version %d
+# >30 long >0 - 5.2 format
+# 0 short 0530 370 sysV pure executable
+# >12 long >0 not stripped
+# >22 short >0 - version %d
+# >30 long >0 - 5.2 format
+#
+# instead of the "USS/370" versions of the same magic numbers.
+#
+0 beshort 0537 370 XA sysV executable
+>12 belong >0 not stripped
+>22 beshort >0 - version %d
+>30 belong >0 - 5.2 format
+0 beshort 0532 370 XA sysV pure executable
+>12 belong >0 not stripped
+>22 beshort >0 - version %d
+>30 belong >0 - 5.2 format
+0 beshort 054001 370 sysV pure executable
+>12 belong >0 not stripped
+0 beshort 055001 370 XA sysV pure executable
+>12 belong >0 not stripped
+0 beshort 056401 370 sysV executable
+>12 belong >0 not stripped
+0 beshort 057401 370 XA sysV executable
+>12 belong >0 not stripped
+0 beshort 0531 SVR2 executable (Amdahl-UTS)
+>12 belong >0 not stripped
+>24 belong >0 - version %d
+0 beshort 0534 SVR2 pure executable (Amdahl-UTS)
+>12 belong >0 not stripped
+>24 belong >0 - version %d
+0 beshort 0530 SVR2 pure executable (USS/370)
+>12 belong >0 not stripped
+>24 belong >0 - version %d
+0 beshort 0535 SVR2 executable (USS/370)
+>12 belong >0 not stripped
+>24 belong >0 - version %d
+
+# NETDATA (https://en.wikipedia.org/wiki/NETDATA)
+# -\INMR01 In EBCDIC
+0 string \x60\xe0\xc9\xd5\xd4\xd9\xf0\xf1 IBM NETDATA file
diff --git a/magic/Magdir/ibm6000 b/magic/Magdir/ibm6000
new file mode 100644
index 0000000..724b64d
--- /dev/null
+++ b/magic/Magdir/ibm6000
@@ -0,0 +1,35 @@
+
+#------------------------------------------------------------------------------
+# $File: ibm6000,v 1.15 2021/07/03 14:01:46 christos Exp $
+# ibm6000: file(1) magic for RS/6000 and the RT PC.
+#
+0 beshort 0x01df executable (RISC System/6000 V3.1) or obj module
+>12 belong >0 not stripped
+# Breaks sun4 statically linked execs.
+#0 beshort 0x0103 executable (RT Version 2) or obj module
+#>2 byte 0x50 pure
+#>28 belong >0 not stripped
+#>6 beshort >0 - version %ld
+# GRR: line below is too general as it matches also TTComp archive, ASCII, 1K handled by ./archive
+0 beshort 0x0104 shared library
+# GRR: line below is too general as it matches also TTComp archive, ASCII, 2K handled by ./archive
+0 beshort 0x0105 ctab data
+0 beshort 0xfe04 structured file
+0 string 0xabcdef AIX message catalog
+0 belong 0x000001f9 AIX compiled message catalog
+0 string \<aiaff> archive
+0 string \<bigaf> archive (big format)
+0 belong 0x09006bea AIX backup/restore format file
+0 belong 0x09006fea AIX backup/restore format file
+
+0 beshort 0x01f7 64-bit XCOFF executable or object module
+>20 belong 0 not stripped
+# GRR: this test is still too general as it catches also many FATs of DOS filesystems
+4 belong &0x0feeddb0
+# real core dump could not be 32-bit and 64-bit together
+>7 byte&0x03 !3 AIX core file
+>>1 byte &0x01 fulldump
+>>7 byte &0x01 32-bit
+>>>0x6e0 string >\0 \b, %s
+>>7 byte &0x02 64-bit
+>>>0x524 string >\0 \b, %s
diff --git a/magic/Magdir/icc b/magic/Magdir/icc
new file mode 100644
index 0000000..15fd76b
--- /dev/null
+++ b/magic/Magdir/icc
@@ -0,0 +1,214 @@
+
+#------------------------------------------------------------------------------
+# $File: icc,v 1.7 2021/04/26 15:56:00 christos Exp $
+# icc: file(1) magic for International Color Consortium file formats
+
+#
+# Color profiles as per the ICC's "Image technology colour management -
+# Architecture, profile format, and data structure" specification.
+# See
+#
+# http://www.color.org/specification/ICC1v43_2010-12.pdf
+#
+# for Specification ICC.1:2010 (Profile version 4.3.0.0).
+# URL: http://fileformats.archiveteam.org/wiki/ICC_profile
+# Reference: http://www.color.org/iccmax/ICC.2-2016-7.pdf
+# Update: Joerg Jenderek
+#
+# Bytes 36 to 39 contain a generic profile file signature of "acsp";
+# bytes 40 to 43 "may be used to identify the primary platform/operating
+# system framework for which the profile was created".
+#
+# check and display ICC/ICM color profile
+0 name color-profile
+>36 string acsp
+# skip ASCII like Cognacspirit.txt by month <= 12
+>>26 ubeshort <13
+# platform/operating system. Only 5 mentioned
+
+#
+# This appears to be what's used for Apple ColorSync profiles.
+# Instead of adding that, Apple just changed the generic "acsp" entry
+# to be for "ColorSync ICC Color Profile" rather than "Kodak Color
+# Management System, ICC Profile".
+# Yes, it's "APPL", not "AAPL"; see the spec.
+>>>40 string APPL ColorSync
+
+# Microsoft ICM color profile
+>>>40 string MSFT Microsoft
+
+# Yes, that's a blank after "SGI".
+>>>40 string SGI\ SGI
+
+# XXX - is this what's used for the Sun KCMS or not? The standard file
+# uses just "acsp" for that, but Apple's file uses it for "ColorSync",
+# and there *is* an identified "primary platform" value of SUNW.
+>>>40 string SUNW Sun KCMS
+
+# 5th platform
+>>>40 string TGNT Taligent
+
+# remaining "l" "e" of "color profile" printed later to avoid error
+>>>40 string x color profi
+#>>>40 string x (%.4s)
+!:mime application/vnd.iccprofile
+# for "ICM" extension only versions 2.x and for Kodak "CC" 2.0 is found
+>>>8 ubyte =2
+# do not use empty message text to avoid error like
+# icc, 82: Warning: Current entry does not yet have a description for adding a EXTENSION type
+# file.exe: could not find any valid magic files!
+>>>>9 ubyte !0 \ble
+!:ext icc/icm
+# minor version
+>>>>9 ubyte =0 \bl
+# Kodak colour management system
+>>>>>4 string =KCMS \be
+!:ext icc/icm/cc
+>>>>>4 string !KCMS \be
+!:ext icc/icm
+>>>8 ubyte !2 \ble
+!:ext icc
+# Profile version major.4bit-minor.sub1.sub2 like 4.3.0.0 (04300000h)
+>>>8 ubyte x %u
+>>>9 ubyte/16 x \b.%u
+# reserved and shall be null but 205.205 in umx1220u.icm
+>>>10 ubyte >0 \b.%u
+>>>>11 ubyte >0 \b.%u
+# preferred colour management module like appl CCMS KCMS Lino UCCM "Win " "FF "
+# skip space like in brmsl08f.icm and null like in brmsl09f.icm, brmsl07f.icm
+>>>4 string >\ \b, type %.2s
+>>>>6 string >\ \b%.1s
+>>>>>7 string >\ \b%.1s
+# colour space "XYZ " "Lab " "RGB " CMYK GRAY ...
+>>>16 string x \b, %.3s
+>>>19 string >\ \b%.1s
+# Profile Connection Space (PCS) field usually "XYZ " or "Lab " but sometimes
+# null or CMYK like in ISOcoated_v2_to_PSOcoated_v3_DeviceLink.icc
+>>>20 string >\0 \b/%.3s
+>>>>23 string >\ \b%.1s
+# eleven device classes
+>>>12 string x \b-%.4s device
+# skip 00001964h in hpf69000.icc or 0h in XRDC50Q.ICM or " ROT" in brmsl05f.icm
+>>>52 string >\040
+# skip "none" model like in "Trinitron Compatible 9300K G2.2.icm"
+>>>>52 ubelong !0x6e6f6e65
+# device manufacturer field like "HP " "IBM " EPSO
+>>>>>48 string x \b, %.2s
+>>>>>50 string >\ \b%.1s
+>>>>>51 string >\ \b%.1s
+# model like "ADI " "A265" and skip 20000404h in IS330.icm for RICOH RUSSIAN-SC
+>>>>>52 string >\ \ \b/%.3s
+>>>>>>55 string >\ \b%.1s
+>>>>>52 string x model
+# creator (often same as manufacture) like HP SONY XROX or null like in A925A.icm
+>>>80 string >\0 by %.2s
+>>>>82 string >\ \b%.1s
+>>>>>83 string >\ \b%.1s
+# profile size
+>>>0 ubelong x \b, %u bytes
+# skip invalid date 0 like in linearSRGB.icc
+>>>24 ubequad !0
+# datetime dd-mm-yyyy hh:mm:ss
+>>>>28 ubeshort x \b, %u
+# month <= 12
+>>>>26 ubeshort x \b-%u
+# year
+>>>>24 ubeshort x \b-%u
+# do not display midnight time like in CNHP8308.ICC
+>>>>30 ubequad&0xFFffFFffFFff0000 !0
+# hour <= 24
+>>>>>30 ubeshort x %u
+# minutes <= 59
+>>>>>32 ubeshort x \b:%.2u
+# seconds <= 59
+>>>>>34 ubeshort x \b:%.2u
+# vendor specific flags like 2 in HPCLJ5.ICM
+>>>44 ubeshort >0 \b, %#x vendor flags
+# profile flags bits 0-2 of least 16 used by ICC
+#>>>44 ubelong >0 \b, %#x flags
+# icEmbeddedProfileTrue
+>>>44 ubelong &1 \b, embedded
+# icEmbeddedProfileFalse
+#>>>44 ubelong ^1 \b, not embedded
+# icUseWithEmbeddedDataOnly
+>>>44 ubelong &2 \b, dependently
+# icUseAnywhere
+#>>>44 ubelong ^2 \b, independently
+>>>44 ubelong &4 \b, MCS
+#>>>44 ubelong ^4 \b, no MCS
+# vendor specific device attributes 1~srgb.icc
+# E000D00h~CNB7QEDA.ICM C000A00h~CNB5FCAA.ICM 01040401h~CNB25PE3.ICM
+>>>56 ubelong >0 \b, %#x vendor attribute
+# ICC device attributes bits 0-7 used
+#>>>60 ubelong x \b, %#x attribute
+# http://www.color.org/icc34.h
+>>>60 ubelong &0x01 \b, transparent
+#>>>60 ubelong ^0x01 \b, reflective
+>>>60 ubelong &0x02 \b, matte
+#>>>60 ubelong ^0x02 \b, glossy
+>>>60 ubelong &0x04 \b, negative
+#>>>60 ubelong ^0x04 \b, positive
+>>>60 ubelong &0x08 \b, black&white
+#>>>60 ubelong ^0x08 \b, colour
+>>>60 ubelong &0x10 \b, non-paper
+#>>>60 ubelong ^0x10 \b, paper
+>>>60 ubelong &0x20 \b, non-textured
+#>>>60 ubelong ^0x20 \b, textured
+>>>60 ubelong &0x40 \b, non-isotropic
+#>>>60 ubelong ^0x40 \b, isotropic
+>>>60 ubelong &0x80 \b, self-luminous
+#>>>60 ubelong ^0x80 \b, non-self-luminous
+# rendering intent 0-3 but 7AEA5027h in EE051__1.ICM 6CB1BCh in EE061__1.ICM
+>>>64 ubelong >3 \b, %#x rendering intent
+#>>>64 ubelong =0 \b, perceptual
+>>>64 ubelong =1 \b, relative colorimetric
+>>>64 ubelong =2 \b, saturation
+>>>64 ubelong =3 \b, absolute colorimetric
+# PCS illuminant (3*s15Fixed16Numbers) often 0000f6d6 00010000 0000d32d
+>>>71 ubequad !0xd6000100000000d3 \b, PCS
+# usually X~0.9642*65536=63189.8112~63190=F6D5h ; but also found
+# often F6D6 in gt5000r.icm, F6B8 in kodakce.icm, F6CA in RSWOP.icm
+>>>>68 ubelong !0x0000f6d5 X=%#x
+# usually Y=1.0~00010000h but Y=0 in brmsl07f.icm
+>>>>72 ubelong !0x00010000 Y=%#x
+# usually Z~0.8249*65536=54060.6464~54061=D32Dh ; but also found
+# D2F7 in hp1200c.icm, often D32C in A925A.icm, D309 in RSWOP.icm , D2F8 in kodak_dc.icm
+>>>>76 ubelong !0x0000d32d Z=%#x
+# Profile ID. MD5 fingerprinting method as defined in Internet RFC 1321.
+>>>84 ubequad >0 \b, %#llx MD5
+# reserved in older versions should be zero but also found CDCDCDCDCDCDCDCD
+#>>100 ubequad x \b %#llx reserved
+# tag table
+# 6 <= tags count <= 43
+#>>>128 ubelong >43 \b, %u tags
+>>>128 ubelong x
+# shall contain the profileDescriptionTag "desc" , copyrightTag "cprt"
+# search range = tags count * 12 -8=< maximal tag count * 12 -8= 43 * 12 -8= 508
+>>>>132 search/508 cprt
+# but no copyright tag in linearSRGB.icc
+# beneath /System/Library/Frameworks/WebKit.framework/
+# Versions/A/Frameworks/WebCore.framework/Versions/A/Resources
+>>>>132 default x \b, no copyright tag
+# 1st tag
+#>>>132 string x \b, 1st tag %.4s
+#>>>136 ubelong x %#x offset
+#>>>140 ubelong x %#x len
+# 2nd tag,...
+# look also for profileDescriptionTag "desc"
+>>>132 search/508 desc
+# look further for TextDescriptionType "desc" signature
+>>>>(&0.L) string =desc
+>>>>>&4 pstring/l x "%s"
+# look alternative for multiLocalizedUnicodeType "mluc" signature like in VideoPAL.icc
+>>>>(&0.L) string =mluc
+>>>>>&(&8.L) ubequad x
+>>>>>>&4 bestring16 x '%s'
+
+# Any other profile.
+# XXX - should we use "acsp\0\0\0\0" for "no primary platform" profiles,
+# and use "acsp" for everything else and dump the "primary platform"
+# string in those cases?
+36 string acsp
+>0 use color-profile
+
+
diff --git a/magic/Magdir/iff b/magic/Magdir/iff
new file mode 100644
index 0000000..258d16a
--- /dev/null
+++ b/magic/Magdir/iff
@@ -0,0 +1,80 @@
+
+#------------------------------------------------------------------------------
+# $File: iff,v 1.18 2022/03/21 19:57:18 christos Exp $
+# iff: file(1) magic for Interchange File Format (see also "audio" & "images")
+#
+# Daniel Quinlan (quinlan@yggdrasil.com) -- IFF was designed by Electronic
+# Arts for file interchange. It has also been used by Apple, SGI, and
+# especially Commodore-Amiga.
+#
+# IFF files begin with an 8 byte FORM header, followed by a 4 character
+# FORM type, which is followed by the first chunk in the FORM.
+
+0 string FORM IFF data
+#>4 belong x \b, FORM is %d bytes long
+# audio formats
+>8 string AIFF \b, AIFF audio
+!:mime audio/x-aiff
+>8 string AIFC \b, AIFF-C compressed audio
+!:mime audio/x-aiff
+>8 string 8SVX \b, 8SVX 8-bit sampled sound voice
+!:mime audio/x-aiff
+>8 string 16SV \b, 16SV 16-bit sampled sound voice
+>8 string SAMP \b, SAMP sampled audio
+>8 string MAUD \b, MAUD MacroSystem audio
+>8 string SMUS \b, SMUS simple music
+>8 string CMUS \b, CMUS complex music
+# image formats
+>8 string ILBMBMHD \b, ILBM interleaved image
+>>20 beshort x \b, %d x
+>>22 beshort x %d
+>8 string RGBN \b, RGBN 12-bit RGB image
+>8 string RGB8 \b, RGB8 24-bit RGB image
+>8 string DEEP \b, DEEP TVPaint/XiPaint image
+>8 string DR2D \b, DR2D 2-D object
+>8 string TDDD \b, TDDD 3-D rendering
+>8 string LWOB \b, LWOB 3-D object
+>8 string LWO2 \b, LWO2 3-D object, v2
+>8 string LWLO \b, LWLO 3-D layered object
+>8 string REAL \b, REAL Real3D rendering
+>8 string MC4D \b, MC4D MaxonCinema4D rendering
+>8 string ANIM \b, ANIM animation
+>8 string YAFA \b, YAFA animation
+>8 string SSA\ \b, SSA super smooth animation
+>8 string FANT \b, Fantavision animation
+>8 string ACBM \b, ACBM continuous image
+>8 string FAXX \b, FAXX fax image
+>8 string STFX \b, ST-Fax image
+>8 string IMAGIHDR \b, CD-i image
+# other formats
+>8 string FTXT \b, FTXT formatted text
+>8 string CTLG \b, CTLG message catalog
+>8 string PREF \b, PREF preferences
+>8 string DTYP \b, DTYP datatype description
+>8 string PTCH \b, PTCH binary patch
+>8 string AMFF \b, AMFF AmigaMetaFile format
+>8 string WZRD \b, WZRD StormWIZARD resource
+>8 string DOC\040 \b, DOC desktop publishing document
+>8 string SWRT \b, SWRT Final Copy/Writer document
+>8 string WORD \b, ProWrite document
+>8 string WTXT \b, WTXT Wordworth document
+>8 string WOWO \b, WOWO Wordworth document
+>8 string WVQA \b, Westwood Studios VQA Multimedia,
+>>24 leshort x %d video frames,
+>>26 leshort x %d x
+>>28 leshort x %d
+>8 string MOVE \b, Wing Commander III Video
+>>12 string _PC_ \b, PC version
+>>12 string 3DO_ \b, 3DO version
+
+# These go at the end of the iff rules
+#
+# David Griffith <dave@661.org>
+# I don't see why these might collide with anything else.
+#
+# Interactive Fiction related formats
+#
+>8 string IFRS \b, Blorb Interactive Fiction
+>>24 string Exec with executable chunk
+>8 string IFZS \b, Z-machine or Glulx saved game file (Quetzal)
+!:mime application/x-blorb
diff --git a/magic/Magdir/images b/magic/Magdir/images
new file mode 100644
index 0000000..48e9f6d
--- /dev/null
+++ b/magic/Magdir/images
@@ -0,0 +1,4219 @@
+
+#------------------------------------------------------------------------------
+# $File: images,v 1.243 2023/07/17 16:49:09 christos Exp $
+# images: file(1) magic for image formats (see also "iff", and "c-lang" for
+# XPM bitmaps)
+#
+# originally from jef@helios.ee.lbl.gov (Jef Poskanzer),
+# additions by janl@ifi.uio.no as well as others. Jan also suggested
+# merging several one- and two-line files into here.
+#
+# little magic: PCX (first byte is 0x0a)
+
+# Targa - matches `povray', `ppmtotga' and `xv' outputs
+# by Philippe De Muyter <phdm@macqel.be>
+# URL: http://justsolve.archiveteam.org/wiki/TGA
+# Reference: http://www.dca.fee.unicamp.br/~martino/disciplinas/ea978/tgaffs.pdf
+# Update: Joerg Jenderek
+# at 2, byte ImgType must be 1, 2, 3, 9, 10 or 11
+# ,32 or 33 (both not observed)
+# at 1, byte CoMapType must be 1 if ImgType is 1 or 9, 0 otherwise
+# or theoretically 2-128 reserved for use by Truevision or 128-255 may be used for developer applications
+# at 3, leshort Index is 0 for povray, ppmtotga and xv outputs
+# `xv' recognizes only a subset of the following (RGB with pixelsize = 24)
+# `tgatoppm' recognizes a superset (Index may be anything)
+#
+# test of Color Map Type 0~no 1~color map
+# and Image Type 1 2 3 9 10 11 32 33
+# and Color Map Entry Size 0 15 16 24 32
+0 ubequad&0x00FeC400000000C0 0
+# Conflict with MPEG sequences.
+!:strength -40
+# Prevent conflicts with CRI ADX.
+#>(2.S-2) belong !0x28632943
+# above line does not work for rgb32_top_left_rle.tga
+# skip some MPEG sequence *.vob and some CRI ADX audio with improbable interleave bits
+>17 ubyte&0xC0 !0xC0
+# skip more garbage like *.iso by looking for positive image type
+>>2 ubyte >0
+# skip some compiled terminfo like xterm+tmux by looking for image type less equal 33
+>>>2 ubyte <34
+# skip some MPEG sequence *.vob HV001T01.EVO winnicki.mpg with unacceptable alpha channel depth 11
+>>>>17 ubyte&0x0F !11
+# skip arches.3200 , Finder.Root , Slp.1 by looking for low pixel depth 1 8 15 16 24 32
+>>>>>16 ubyte 1
+>>>>>>0 use tga-image
+>>>>>16 ubyte 8
+>>>>>>0 use tga-image
+>>>>>16 ubyte 15
+>>>>>>0 use tga-image
+>>>>>16 ubyte 16
+>>>>>>0 use tga-image
+>>>>>16 ubyte 24
+>>>>>>0 use tga-image
+>>>>>16 ubyte 32
+>>>>>>0 use tga-image
+# display tga bitmap image information
+0 name tga-image
+>2 ubyte <34 Targa image data
+!:mime image/x-tga
+!:apple ????TPIC
+# normal extension .tga but some Truevision products used others:
+# tpic (Apple),icb (Image Capture Board),vda (Video Display Adapter),vst (NuVista),win (UNSURE about that)
+!:ext tga/tpic/icb/vda/vst
+# image type 1 2 3 9 10 11 32 33
+>2 ubyte&0xF7 1 - Map
+>2 ubyte&0xF7 2 - RGB
+# alpha channel
+>>17 ubyte&0x0F >0 \bA
+>2 ubyte&0xF7 3 - Mono
+# type not found, but by http://www.fileformat.info/format/tga/corion.htm
+# Compressed color-mapped data, using Huffman, Delta, and runlength encoding
+>2 ubyte 32 - Color
+# Compressed color-mapped data, using Huffman, Delta, and RLE. 4-pass quadtree- type process
+>2 ubyte 33 - Color
+# Color Map Type 0~no 1~color map
+>1 ubyte 1 (
+# first color map entry, 0 normal
+>>3 uleshort >0 \b%d-
+# color map length 0 2 1dh 3bh d9h 100h
+>>5 uleshort x \b%d)
+# 8~run length encoding bit
+>2 ubyte&0x08 8 - RLE
+# gimp can create big pictures!
+>12 uleshort >0 %d x
+>12 uleshort =0 65536 x
+# image height. 0 interpreted as 65536
+>14 uleshort >0 %d
+>14 uleshort =0 65536
+# Image Pixel depth 1 8 15 16 24 32
+>16 ubyte x x %d
+# X origin of image. 0 normal
+>8 uleshort >0 +%d
+# Y origin of image. 0 normal; positive for top
+>10 uleshort >0 +%d
+# Image descriptor: bits 3-0 give the alpha channel depth, bits 5-4 give direction
+# alpha depth like: 1 8
+>17 ubyte&0x0F >0 - %d-bit alpha
+# bits 5-4 give direction. normal bottom left
+>17 ubyte &0x20 - top
+#>17 ubyte ^0x20 - bottom
+>17 ubyte &0x10 - right
+#>17 ubyte ^0x10 - left
+# some info say other bits 6-7 should be zero
+# but data storage interleave by http://www.fileformat.info/format/tga/corion.htm
+# 00 - no interleave;01 - even/odd interleave; 10 - four way interleave; 11 - reserved
+#>17 ubyte&0xC0 0x00 - no interleave
+>17 ubyte&0xC0 0x40 - interleave
+>17 ubyte&0xC0 0x80 - four way interleave
+>17 ubyte&0xC0 0xC0 - reserved
+# positive length implies identification field
+>0 ubyte >0
+>>18 string x "%s"
+# last 18 bytes of newer tga file footer signature
+>18 search/4261301/s TRUEVISION-XFILE.\0
+# extension area offset if not 0
+>>&-8 ulelong >0
+# length of the extension area. normal 495 for version 2.0
+>>>(&-4.l) uleshort 0x01EF
+# AuthorName[41]
+>>>>&0 string >\0 - author "%-.40s"
+# Comment[324]=4 * 80 null terminated
+>>>>&41 string >\0 - comment "%-.80s"
+# date
+>>>>&365 ubequad&0xffffFFFFffff0000 !0
+# Day
+>>>>>&-6 uleshort x %d
+# Month
+>>>>>&-8 uleshort x \b-%d
+# Year
+>>>>>&-4 uleshort x \b-%d
+# time
+>>>>&371 ubequad&0xffffFFFFffff0000 !0
+# hour
+>>>>>&-8 uleshort x %d
+# minutes
+>>>>>&-6 uleshort x \b:%.2d
+# second
+>>>>>&-4 uleshort x \b:%.2d
+# JobName[41]
+>>>>&377 string >\0 - job "%-.40s"
+# JobHour Jobminute Jobsecond
+>>>>&418 ubequad&0xffffFFFFffff0000 !0
+>>>>>&-8 uleshort x %d
+>>>>>&-6 uleshort x \b:%.2d
+>>>>>&-4 uleshort x \b:%.2d
+# SoftwareId[41]
+>>>>&424 string >\0 - %-.40s
+# SoftwareVersionNumber
+>>>>&424 ubyte >0
+>>>>>&40 uleshort/100 x %d
+>>>>>&40 uleshort%100 x \b.%d
+# VersionLetter
+>>>>>&42 ubyte >0x20 \b%c
+# KeyColor
+>>>>&468 ulelong >0 - keycolor %#8.8x
+# Denominator of Pixel ratio. 0~no pixel aspect
+>>>>&474 uleshort >0
+# Numerator
+>>>>>&-4 uleshort >0 - aspect %d
+>>>>>&-2 uleshort x \b/%d
+# Denominator of Gamma ratio. 0~no Gamma value
+>>>>&478 uleshort >0
+# Numerator
+>>>>>&-4 uleshort >0 - gamma %d
+>>>>>&-2 uleshort x \b/%d
+# ColorOffset
+#>>>>&480 ulelong x - col offset %#8.8x
+# StampOffset
+#>>>>&484 ulelong x - stamp offset %#8.8x
+# ScanOffset
+#>>>>&488 ulelong x - scan offset %#8.8x
+# AttributesType
+#>>>>&492 ubyte x - Attributes %#x
+## EndOfTGA
+
+# PBMPLUS images
+# URL: https://en.wikipedia.org/wiki/Netpbm
+# The next byte following the magic is always whitespace.
+# adding 65 to strength so that Netpbm images comes before "x86 boot sector" or
+# "DOS/MBR boot sector" identified by ./filesystems
+0 name netpbm
+>3 regex/s =\^[0-9]{1,50}[\040\t\f\r\n]+[0-9]{1,50} Netpbm image data
+>>&0 regex =[0-9]{1,50} \b, size = %s x
+>>>&0 regex =[0-9]{1,50} \b %s
+
+0 search/1 P1
+# test for whitespace after 2 byte magic
+>2 regex/2 [\040\t\f\r\n]
+# skip DROID x-fmt-164-signature-id-583.pbm with ten 0 digits
+>>3 string !000000000
+>>>0 use netpbm
+>>>0 string x \b, bitmap
+!:strength + 65
+!:mime image/x-portable-bitmap
+!:ext pbm
+# check for character # starting a comment line
+>>>3 ubyte =0x23
+>>>>4 string x %s
+
+0 search/1 P2
+>0 regex/4 P2[\040\t\f\r\n]
+>>0 use netpbm
+>>0 string x \b, greymap
+!:strength + 65
+# american spelling gray
+!:mime image/x-portable-graymap
+!:ext pgm
+
+0 search/1 P3
+>0 regex/4 P3[\040\t\f\r\n]
+>>0 use netpbm
+>>0 string x \b, pixmap
+!:strength + 65
+!:mime image/x-portable-pixmap
+!:ext ppm
+
+0 string P4
+>0 regex/4 P4[\040\t\f\r\n]
+>>0 use netpbm
+>>0 string x \b, rawbits, bitmap
+!:strength + 65
+!:mime image/x-portable-bitmap
+!:ext pbm
+
+0 string P5
+>0 regex/4 P5[\040\t\f\r\n]
+>>0 use netpbm
+>>0 string x \b, rawbits, greymap
+!:strength + 65
+!:mime image/x-portable-greymap
+!:ext pgm
+
+0 string P6
+>0 regex/4 P6[\040\t\f\r\n]
+>>0 use netpbm
+>>0 string x \b, rawbits, pixmap
+!:strength + 65
+!:mime image/x-portable-pixmap
+!:ext ppm/pnm
+
+# URL: https://en.wikipedia.org/wiki/Netpbm#PAM_graphics_format
+# Reference: http://fileformats.archiveteam.org/wiki/Portable_Arbitrary_Map
+# Update: Joerg Jenderek
+0 string P7
+# skip DROID fmt-405-signature-id-589.pam by looking for character like New Line
+>2 ubyte !0xAB
+#>2 ubyte =0x0A
+>>3 search/256/b WIDTH Netpbm PAM image file, size =
+!:mime image/x-portable-arbitrarymap
+!:ext pam
+!:strength + 65
+>>>&1 string x %s
+>>>3 search/256/b HEIGHT x
+>>>>&1 string x %s
+# at offset 2 a New Line character (0xA) should appear
+>>>2 ubyte !0x0A \b, %#x at offset 2 instead new line
+
+# From: bryanh@giraffe-data.com (Bryan Henderson)
+0 string \117\072 Solitaire Image Recorder format
+>4 string \013 MGI Type 11
+>4 string \021 MGI Type 17
+0 string .MDA MicroDesign data
+>21 ubyte 48 version 2
+>21 ubyte 51 version 3
+0 string .MDP MicroDesign page data
+>21 ubyte 48 version 2
+>21 ubyte 51 version 3
+
+# NIFF (Navy Interchange File Format, a modification of TIFF) images
+# [GRR: this *must* go before TIFF]
+0 string IIN1 NIFF image data
+!:mime image/x-niff
+
+# Canon RAW version 1 (CRW) files are a type of Canon Image File Format
+# (CIFF) file. These are apparently all little-endian.
+# From: Adam Buchbinder <adam.buchbinder@gmail.com>
+# URL: https://www.sno.phy.queensu.ca/~phil/exiftool/canon_raw.html
+0 string II\x1a\0\0\0HEAPCCDR Canon CIFF raw image data
+!:mime image/x-canon-crw
+>16 uleshort x \b, version %d.
+>14 uleshort x \b%d
+
+# Canon RAW version 2 (CR2) files are a kind of TIFF with an extra magic
+# number. Put this above the TIFF test to make sure we detect them.
+# These are apparently all little-endian.
+# From: Adam Buchbinder <adam.buchbinder@gmail.com>
+# URL: https://libopenraw.freedesktop.org/wiki/Canon_CR2
+0 string II\x2a\0\x10\0\0\0CR Canon CR2 raw image data
+!:mime image/x-canon-cr2
+!:strength +80
+>10 ubyte x \b, version %d.
+>11 ubyte x \b%d
+
+# Fujifilm RAF RAW image files with embedded JPEG data and compressed
+# or uncompressed CFA RAW data. Byte order: Big Endian.
+# URL: https://libopenraw.freedesktop.org/formats/raf/
+# Useful info from http://fileformats.archiveteam.org/wiki/Fujifilm_RAF.
+# File extension: RAF
+# Works for both the FinePix S2 Pro and the X-T3. Anybody have some more Fuji
+# raw samples available?
+# -- David Dyer-Bennet <dd-b@dd-b.net> 9-Sep-2021
+0 string FUJIFILMCCD-RAW Fujifilm RAF raw image data
+!:mime image/x-fuji-raf
+!:ext raf
+>0x10 string x \b, format version %4.4s
+>0x1C string x \b, camera %s
+
+# Tag Image File Format, from Daniel Quinlan (quinlan@yggdrasil.com)
+# The second word of TIFF files is the TIFF version number, 42, which has
+# never changed. The TIFF specification recommends testing for it.
+0 string MM\x00\x2a TIFF image data, big-endian
+!:strength +70
+!:mime image/tiff
+!:ext tif/tiff
+>(4.L) use \^tiff_ifd
+0 string II\x2a\x00 TIFF image data, little-endian
+!:mime image/tiff
+!:strength +70
+!:ext tif/tiff
+>(4.l) use tiff_ifd
+
+0 name tiff_ifd
+>0 uleshort x \b, direntries=%d
+>2 use tiff_entry
+
+0 name tiff_entry
+# NewSubFileType
+>0 uleshort 0xfe
+>>12 use tiff_entry
+>0 uleshort 0x100
+>>4 ulelong 1
+>>>12 use tiff_entry
+>>>8 uleshort x \b, width=%d
+>0 uleshort 0x101
+>>4 ulelong 1
+>>>8 uleshort x \b, height=%d
+>>>12 use tiff_entry
+>0 uleshort 0x102
+>>8 uleshort x \b, bps=%d
+>>12 use tiff_entry
+>0 uleshort 0x103
+>>4 ulelong 1 \b, compression=
+>>>8 uleshort 1 \bnone
+>>>8 uleshort 2 \bhuffman
+>>>8 uleshort 3 \bbi-level group 3
+>>>8 uleshort 4 \bbi-level group 4
+>>>8 uleshort 5 \bLZW
+>>>8 uleshort 6 \bJPEG (old)
+>>>8 uleshort 7 \bJPEG
+>>>8 uleshort 8 \bdeflate
+>>>8 uleshort 9 \bJBIG, ITU-T T.85
+>>>8 uleshort 0xa \bJBIG, ITU-T T.43
+>>>8 uleshort 0x7ffe \bNeXT RLE 2-bit
+>>>8 uleshort 0x8005 \bPackBits (Macintosh RLE)
+>>>8 uleshort 0x8029 \bThunderscan RLE
+>>>8 uleshort 0x807f \bRasterPadding (CT or MP)
+>>>8 uleshort 0x8080 \bRLE (Line Work)
+>>>8 uleshort 0x8081 \bRLE (High-Res Cont-Tone)
+>>>8 uleshort 0x8082 \bRLE (Binary Line Work)
+>>>8 uleshort 0x80b2 \bDeflate (PKZIP)
+>>>8 uleshort 0x80b3 \bKodak DCS
+>>>8 uleshort 0x8765 \bJBIG
+>>>8 uleshort 0x8798 \bJPEG2000
+>>>8 uleshort 0x8799 \bNikon NEF Compressed
+>>>8 default x
+>>>>8 uleshort x \b(unknown %#x)
+>>>12 use tiff_entry
+>0 uleshort 0x106 \b, PhotometricInterpretation=
+>>8 clear x
+>>8 uleshort 0 \bWhiteIsZero
+>>8 uleshort 1 \bBlackIsZero
+>>8 uleshort 2 \bRGB
+>>8 uleshort 3 \bRGB Palette
+>>8 uleshort 4 \bTransparency Mask
+>>8 uleshort 5 \bCMYK
+>>8 uleshort 6 \bYCbCr
+>>8 uleshort 8 \bCIELab
+>>8 default x
+>>>8 uleshort x \b(unknown=%#x)
+>>12 use tiff_entry
+# FillOrder
+>0 uleshort 0x10a
+>>4 ulelong 1
+>>>12 use tiff_entry
+# DocumentName
+>0 uleshort 0x10d
+>>(8.l) string x \b, name=%s
+>>>12 use tiff_entry
+# ImageDescription
+>0 uleshort 0x10e
+>>(8.l) string x \b, description=%s
+>>>12 use tiff_entry
+# Make
+>0 uleshort 0x10f
+>>(8.l) string x \b, manufacturer=%s
+>>>12 use tiff_entry
+# Model
+>0 uleshort 0x110
+>>(8.l) string x \b, model=%s
+>>>12 use tiff_entry
+# StripOffsets
+>0 uleshort 0x111
+>>12 use tiff_entry
+# Orientation
+>0 uleshort 0x112 \b, orientation=
+>>8 uleshort 1 \bupper-left
+>>8 uleshort 3 \blower-right
+>>8 uleshort 6 \bupper-right
+>>8 uleshort 8 \blower-left
+>>8 uleshort 9 \bundefined
+>>8 default x
+>>>8 uleshort x \b[*%d*]
+>>12 use tiff_entry
+# XResolution
+>0 uleshort 0x11a
+>>8 ulelong x \b, xresolution=%d
+>>12 use tiff_entry
+# YResolution
+>0 uleshort 0x11b
+>>8 ulelong x \b, yresolution=%d
+>>12 use tiff_entry
+# ResolutionUnit
+>0 uleshort 0x128
+>>8 uleshort x \b, resolutionunit=%d
+>>12 use tiff_entry
+# Software
+>0 uleshort 0x131
+>>(8.l) string x \b, software=%s
+>>12 use tiff_entry
+# Datetime
+>0 uleshort 0x132
+>>(8.l) string x \b, datetime=%s
+>>12 use tiff_entry
+# HostComputer
+>0 uleshort 0x13c
+>>(8.l) string x \b, hostcomputer=%s
+>>12 use tiff_entry
+# WhitePoint
+>0 uleshort 0x13e
+>>12 use tiff_entry
+# PrimaryChromaticities
+>0 uleshort 0x13f
+>>12 use tiff_entry
+# YCbCrCoefficients
+>0 uleshort 0x211
+>>12 use tiff_entry
+# YCbCrPositioning
+>0 uleshort 0x213
+>>12 use tiff_entry
+# ReferenceBlackWhite
+>0 uleshort 0x214
+>>12 use tiff_entry
+# Copyright
+>0 uleshort 0x8298
+>>(8.l) string x \b, copyright=%s
+>>12 use tiff_entry
+# ExifOffset
+>0 uleshort 0x8769
+>>12 use tiff_entry
+# GPS IFD
+>0 uleshort 0x8825 \b, GPS-Data
+>>12 use tiff_entry
+
+#>0 uleshort x \b, unknown=%#x
+#>>12 use tiff_entry
+
+0 string MM\x00\x2b Big TIFF image data, big-endian
+!:mime image/tiff
+0 string II\x2b\x00 Big TIFF image data, little-endian
+!:mime image/tiff
+
+# PNG [Portable Network Graphics, or "PNG's Not GIF"] images
+# (Greg Roelofs, newt@uchicago.edu)
+# (Albert Cahalan, acahalan@cs.uml.edu)
+#
+# 137 P N G \r \n ^Z \n [4-byte length] I H D R [HEAD data] [HEAD crc] ...
+#
+
+# IHDR parser
+0 name png-ihdr
+>0 ubelong x \b, %d x
+>4 ubelong x %d,
+>8 ubyte x %d-bit
+>9 ubyte 0 grayscale,
+>9 ubyte 2 \b/color RGB,
+>9 ubyte 3 colormap,
+>9 ubyte 4 gray+alpha,
+>9 ubyte 6 \b/color RGBA,
+#>10 ubyte 0 deflate/32K,
+>12 ubyte 0 non-interlaced
+>12 ubyte 1 interlaced
+
+# Standard PNG image.
+0 string \x89PNG\x0d\x0a\x1a\x0a\x00\x00\x00\x0DIHDR PNG image data
+!:mime image/png
+!:ext png
+!:strength +10
+>16 use png-ihdr
+
+# Apple CgBI PNG image.
+0 string \x89PNG\x0d\x0a\x1a\x0a\x00\x00\x00\x04CgBI
+>24 string \x00\x00\x00\x0DIHDR PNG image data (CgBI)
+!:mime image/png
+!:ext png
+!:strength +10
+>>32 use png-ihdr
+
+# possible GIF replacements; none yet released!
+# (Greg Roelofs, newt@uchicago.edu)
+#
+# GRR 950115: this was mine ("Zip GIF"):
+0 string GIF94z ZIF image (GIF+deflate alpha)
+!:mime image/x-unknown
+#
+# GRR 950115: this is Jeremy Wohl's Free Graphics Format (better):
+#
+0 string FGF95a FGF image (GIF+deflate beta)
+!:mime image/x-unknown
+#
+# GRR 950115: this is Thomas Boutell's Portable Bitmap Format proposal
+# (best; not yet implemented):
+#
+0 string PBF PBF image (deflate compression)
+!:mime image/x-unknown
+
+# GIF
+# Strength set up to beat 0x55AA DOS/MBR signature word lookups (+65)
+0 string GIF8 GIF image data
+!:strength +80
+!:mime image/gif
+!:apple 8BIMGIFf
+!:ext gif
+>4 string 7a \b, version 8%s,
+>4 string 9a \b, version 8%s,
+>6 uleshort >0 %d x
+>8 uleshort >0 %d
+#>10 ubyte &0x80 color mapped,
+#>10 ubyte&0x07 =0x00 2 colors
+#>10 ubyte&0x07 =0x01 4 colors
+#>10 ubyte&0x07 =0x02 8 colors
+#>10 ubyte&0x07 =0x03 16 colors
+#>10 ubyte&0x07 =0x04 32 colors
+#>10 ubyte&0x07 =0x05 64 colors
+#>10 ubyte&0x07 =0x06 128 colors
+#>10 ubyte&0x07 =0x07 256 colors
+
+# ITC (CMU WM) raster files. It is essentially a byte-reversed Sun raster,
+# 1 plane, no encoding.
+0 string \361\0\100\273 CMU window manager raster image data
+>4 ulelong >0 %d x
+>8 ulelong >0 %d,
+>12 ulelong >0 %d-bit
+
+# Magick Image File Format
+# URL: https://imagemagick.org/script/miff.php
+# Reference: http://fileformats.archiveteam.org/wiki/MIFF
+# Update: Joerg Jenderek
+# http://www.nationalarchives.gov.uk/pronom/fmt/930
+0 search/256/bc id=imagemagick
+# skip bad ASCII text by following new line~0x0A or space~0x20 character
+#>&0 ubyte x \b, next character %#x
+# called by TriD ImageMagick Machine independent File Format bitmap
+>&0 ubyte&0xD5 0 MIFF image data
+# https://reposcope.com/mimetype/image/miff
+#!:mime image/miff
+!:mime image/x-miff
+!:ext miff/mif
+# examples with standard file(1) magic
+#>>0 string =id=ImageMagick with standard magic
+# examples with unusual file(1) magic like
+>>0 string !id=ImageMagick starting with
+# start with comment (brace) like http://samples.fileformat.info/.../AQUARIUM.MIF
+>>>0 ubyte =0x7b comment
+# skip second character which is often a newline and show comment
+>>>>2 string x "%s"
+# does not start with comment, probably letters with other case like Id=ImageMagick
+# ImageMagick-7.0.9-2/Magick++/demo/smile_anim.miff
+>>>0 ubyte !0x7b
+>>>>0 string >\0 '%-.14s'
+# URL: https://imagemagick.org/
+# Reference: https://imagemagick.org/script/magick-vector-graphics.php
+# From: Joerg Jenderek
+# Note: all white-spaces between commands are ignored
+0 string push
+# skip some white spaces
+>5 search/3 graphic-context ImageMagick Vector Graphic
+# TODO: look for dangerous commands like CVE-2016-3715
+#!:mime text/plain
+!:mime image/x-mvg
+!:ext mvg
+
+# Artisan
+0 long 1123028772 Artisan image data
+>4 long 1 \b, rectangular 24-bit
+>4 long 2 \b, rectangular 8-bit with colormap
+>4 long 3 \b, rectangular 32-bit (24-bit with matte)
+
+# FIG (Facility for Interactive Generation of figures), an object-based format
+# URL: http://fileformats.archiveteam.org/wiki/Fig
+# https://en.wikipedia.org/wiki/Xfig
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/f/fig.trid.xml
+# https://web.archive.org/web/20070920204655/http://epb.lbl.gov/xfig/fig-format.html
+# Update: Joerg Jenderek
+# Note: called "FIG vector drawing" by TrID,
+# 4 byte magic is assumed to be always at offset 0 and
+# verified by `fig2mpdf -v bootloader.fig && file bootloader.pdf`
+#0 search/1/tb #FIG FIG image text
+# GRR: with --keep-going option the line above gives duplicate messages
+0 search/1/ts #FIG
+>&0 use image-xfig
+# binary data variant with non ASCII text characters like Control-A or °C in thermostat.fig
+0 search/1/bs #FIG
+>&0 use image-xfig
+# display XFIG image describing text, mime type, file name extension and version
+0 name image-xfig
+>8 ubyte x FIG image text
+#!:mime text/plain
+# https://reposcope.com/mimetype/image/x-xfig
+!:mime image/x-xfig
+!:ext fig
+# version string like: 1.4 2.1 3.1 3.2
+>5 string x \b, version %.3s
+# some times after version text like: "Produced by xfig version 3.2.5-alpha5"
+>8 ubyte >0x0D
+>>8 string x "%s"
+# should be point character (2Eh) of version string according to TrID
+#>6 ubyte !0x2E \b, at 6 %#x
+# caret character (23h) at the beginning in most or probably all examples
+#>0 ubyte !0x23 \b, starting with character %#x
+# URL: http://fileformats.archiveteam.org/wiki/DeskMate_Draw
+# http://en.wikipedia.org/wiki/Deskmate
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/d/dm-fig.trid.xml
+# From: Joerg Jenderek
+# Note: called "DeskMate Draw drawing" by TrID
+0 string \x14FIG DeskMate Drawing
+#!:mime application/octet-stream
+!:mime image/x-deskmate-fig
+!:ext fig
+# TODO:
+# "Cabri 3D Figure" by TrID fig-cabri.trid.xml
+# "Playmation Figure" by TrID fig-playmation.trid.xml
+
+# PHIGS
+0 string ARF_BEGARF PHIGS clear text archive
+0 string @(#)SunPHIGS SunPHIGS
+# version number follows, in the form m.n
+>40 string SunBin binary
+>32 string archive archive
+
+# GKS (Graphics Kernel System)
+0 string GKSM GKS Metafile
+>24 string SunGKS \b, SunGKS
+
+# CGM image files
+# Update: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/CGM
+# https://en.wikipedia.org/wiki/Computer_Graphics_Metafile
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/c/cgm-ct.trid.xml
+# http://standards.iso.org/ittf/PubliclyAvailableStandards/c032381_ISO_IEC_8632-4_1999(E).zip
+# Note: called "Computer Graphics Metafile (Clear Text)" by TrID and
+# "Computer Graphics Metafile ASCII" by DROID or CGM by XnView
+# verified by LibreOffice and partly by XnView `nconvert -info *.CGM`
+# According to TrID only letter B and M are always upcased and by DROID often only B is upcased for command BEGIN METAFILE
+0 string/c begmf
+# skip SOME DROID fmt-301-signature-id-359.cgm fmt-301-signature-id-361.cgm fmt-302-signature-id-364.cgm
+# fmt-302-signature-id-365.cgm x-fmt-142-signature-id-350.cgm x-fmt-142-signature-id-351.cgm
+>5 short !0
+# skip other versions of DROID fmt-301-signature-id-359.cgm fmt-301-signature-id-361.cgm fmt-302-signature-id-364.cgm
+# fmt-302-signature-id-365.cgm x-fmt-142-signature-id-350.cgm x-fmt-142-signature-id-351.cgm
+>>5 short !0xABab clear text Computer Graphics Metafile
+# https://reposcope.com/mimetype/image/cgm
+!:mime image/cgm
+!:ext cgm
+# SF:NAME like: 'metafile example';
+>>>5 string x %s
+# look for command METAFILE VERSION (MFVERSION <SOFTSEP> <I:VERSION>)
+>>>2 search/128/c mfversion
+#>>>>&0 ubyte x SOFTSEP=%#x
+# version like: 1 3 4
+>>>>&1 ubyte >0x31 \b, version %c
+# Summary: Computer Graphics Metafile (binary)
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/c/cgm-bin.trid.xml
+# https://standards.iso.org/ittf/PubliclyAvailableStandards/c032380_ISO_IEC_8632-3_1999(E).zip
+# Note: called "Computer Graphics Metafile (binary)" by TrID and DROID or CGM by XnView
+# verified by LibreOffice and partly by XnView `nconvert -info *.CGM`
+# look for BEGIN METAFILE (element Class 0 and ID 1 and "random" Parameter) that is binary C C C C 0 0 0 0 0 0 1 P P P P P
+0 ubeshort&0xFFe0 0x0020
+# skip SOME DROID fmt-303-signature-id-368.cgm fmt-304-signature-id-369.cgm fmt-305-signature-id-370.cgm fmt-306-signature-id-371.cgm
+# with containing only 28 bytes
+>28 ubyte x
+# look for METAFILE VERSION (element class 1 and id 1 and parameter P1 with length 2) that is binary 0 0 0 1 i i i i i i 1 P P P 1 P
+# with "low" version; 2nd worst case argentin.cgm with parameter length 56
+# worst MS.CGM
+#>>2 search/73/b \x10\x22\0 binary Computer Graphics Metafile
+>>2 search/128/b \x10\x22\0 binary Computer Graphics Metafile
+!:mime image/cgm
+!:ext cgm
+# metafile 2 byte version number like: 1 (most) 2 3 4
+>>>&-1 ubeshort >1 \b, version %u
+# length number of 1st parameter octets in range 0 to 30 implies short command
+>>>0 ubeshort&0x001F <31 \b, parameter length %u
+# length of string like: 8 9 10 11 12 29
+#>>>>2 ubyte x \b, %u BYTES (SHORT)
+# string like: 'HiJaak 2' 'Example 1' 'sahara.cgm' 'MASTERCLIPS--Art Of Business '
+>>>>2 pstring >\0 '%s'
+# after 1st short command with even parameter length comes 2nd command like: 1022h 0010h (EAF00010.CGM 'HiJaak 2' FLOPPY2.CGM TIGER.CGM 'B:\TIGER.CGM')
+>>>>0 ubeshort&0x0001 =0
+>>>>>(2.b+3) ubeshort !0x1022 \b, 2nd command %#4.4x (short even)
+# after 1st short command with odd parameter length comes nil padding byte followed 2nd command like: 1022h
+>>>>0 ubeshort&0x0001 =1
+#>>>>>(2.b+3) ubyte !0 \b, PADDING %#x
+>>>>>(2.b+4) ubeshort !0x1022 \b, 2nd command %#4.4x (short odd)
+# 11111 binary (decimal 31) in the parameter field indicates that the command is in long-form
+>>>0 ubeshort&0x001F =0x1F
+# bit 15 is partition flag with 1 for 'not-last' partition and 0 for 'last' partition
+>>>>2 ubeshort&0x8000 !0 \b, partition flag %#4.4x
+# bits 0 to 14 is parameter list length; the number of following parameter octets; range 0 to 32767
+# length of 1st long command parameter like: 53
+>>>>2 ubeshort&0x7Fff x \b, parameter length %u (long)
+# The two header words are then followed by lenghth of 1st string like: 52
+#>>>>4 ubyte x \b, %u BYTES
+# string like: 'K:\PROJECTS\GRAPHICS\DWKS3.5\CLIPART\FLAGS\Italy.cgm'
+>>>>4 pstring/B x '%s'
+# odd long parameter length implies single null padding octet to start command on word boundary
+>>>>2 ubeshort&0x0001 =1
+# after 1st long command with odd parameter length comes nil padding byte followed by 2nd command like: 1022h
+#>>>>>(4.b+5) ubyte !0 \b, PADDING %#x
+>>>>>(4.b+6) ubeshort !0x1022 \b, 2nd command %#4.4x (long odd)
+# even long parameter length implies next command directly is following
+>>>>2 ubeshort&0x0001 =0
+# after 1st long command with even parameter length comes 2nd command like: 1022h 0x1054 (MS.CGM)
+>>>>>(4.b+5) ubeshort !0x1022 \b, 2nd command %#4.4x (long even)
+# look for END METAFILE (element class 0 and id 2 and 0 parameter) that is binary 0 0 0 0 i i i i i 1 i P P P P P
+>>>-2 ubeshort !0x0040 \b, NOT_FOUND_END_METAFILE
+
+# MGR bitmaps (Michael Haardt, u31b3hs@pool.informatik.rwth-aachen.de)
+0 string yz MGR bitmap, modern format, 8-bit aligned
+0 string zz MGR bitmap, old format, 1-bit deep, 16-bit aligned
+0 string xz MGR bitmap, old format, 1-bit deep, 32-bit aligned
+0 string yx MGR bitmap, modern format, squeezed
+
+# Fuzzy Bitmap (FBM) images
+0 string %bitmap\0 FBM image data
+>30 long 0x31 \b, mono
+>30 long 0x33 \b, color
+
+# facsimile data
+1 string PC\ Research,\ Inc group 3 fax data
+>29 ubyte 0 \b, normal resolution (204x98 DPI)
+>29 ubyte 1 \b, fine resolution (204x196 DPI)
+# From: Herbert Rosmanith <herp@wildsau.idv.uni.linz.at>
+0 string Sfff structured fax file
+
+# From: Joerg Jenderek <joerg.jen.der.ek@gmx.net>
+# URL: http://fileformats.archiveteam.org/wiki/Award_BIOS_logo
+# Note: verified by XnView command `nconvert -fullinfo *.EPA`
+0 string \x11\x06 Award BIOS Logo, 136 x 84
+!:mime image/x-award-bioslogo
+!:ext epa
+0 string \x11\x09 Award BIOS Logo, 136 x 126
+!:mime image/x-award-bioslogo
+!:ext epa
+# https://telparia.com/fileFormatSamples/image/epa/IO.EPA
+# Note: by bitmap-awbm-v1x1009.trid.xml called "Award BIOS logo bitmap (128x126) (v1)"
+# verified by RECOIL `recoil2png -o tmp.png IO.EPA; file tmp.png`
+0 string \x10\x09 Award BIOS Logo, 128 x 126
+!:mime image/x-award-bioslogo
+!:ext epa
+#0 string \x07\x1f BIOS Logo corrupted?
+# http://www.blackfiveservices.co.uk/awbmtools.shtml
+# http://biosgfx.narod.ru/v3/
+# http://biosgfx.narod.ru/abr-2/
+0 string AWBM
+# Note: by bitmap-awbm.trid.xml called "Award BIOS logo bitmap (v2)"
+>4 uleshort <1981 Award BIOS Logo, version 2
+#>4 uleshort <1981 Award BIOS bitmap
+!:mime image/x-award-bioslogo2
+#!:mime image/x-award-bmp
+!:ext epa/bmp
+# image width is a multiple of 4
+>>4 uleshort&0x0003 0
+>>>4 uleshort x \b, %d
+>>>6 uleshort x x %d
+>>4 uleshort&0x0003 >0 \b,
+>>>4 uleshort&0x0003 =1
+>>>>4 uleshort x %d+3
+>>>4 uleshort&0x0003 =2
+>>>>4 uleshort x %d+2
+>>>4 uleshort&0x0003 =3
+>>>>4 uleshort x %d+1
+>>>6 uleshort x x %d
+# at offset 8 starts imagedata followed by "RGB " marker
+
+# PC bitmaps (OS/2, Windows BMP files) (Greg Roelofs, newt@uchicago.edu)
+# https://en.wikipedia.org/wiki/BMP_file_format#DIB_header_.\
+# 28bitmap_information_header.29
+# Note: variant starting direct with DIB header see
+# http://fileformats.archiveteam.org/wiki/BMP
+# verified by ImageMagick version 6.8.9-8 command `identify *.dib`
+0 uleshort 40
+# skip bad samples like GAME by looking for valid number of color planes
+>12 uleshort 1 Device independent bitmap graphic
+!:mime image/x-ms-bmp
+!:apple ????BMPp
+!:ext dib
+>>4 ulelong x \b, %d x
+>>8 ulelong x %d x
+>>14 uleshort x %d
+# number of color planes (must be 1)
+#>>12 uleshort >1 \b, %u color planes
+# compression method: 0~no 1~RLE 8-bit/pixel 3~Huffman 1D
+#>>16 ulelong 3 \b, Huffman 1D compression
+>>16 ulelong >0 \b, %u compression
+# image size is the size of raw bitmap; a dummy 0 can be given for BI_RGB bitmaps
+>>20 ulelong x \b, image size %u
+# horizontal and vertical resolution of the image (pixel per metre, signed integer)
+>>24 ulelong >0 \b, resolution %d x
+>>>28 ulelong x %d px/m
+# number of colors in palette, or 0 to default to 2**n
+#>>32 ulelong >0 \b, %u colors
+# number of important colors used, or 0 when every color is important
+>>36 ulelong >0 \b, %u important colors
+# From: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/VBM_(VDC_BitMap)
+# Reference: http://csbruce.com/cbm/postings/csc19950906-1.txt
+# http://mark0.net/download/triddefs_xml.7z
+# defs/b/bitmap-vbm.trid.xml
+# defs/b/bitmap-vbm-v3.trid.xml
+# Note: called "VDC BitMap" by TrID
+# verified by RECOIL `recoil2png -o tmp.png coke_can.vbm; file tmp.png`
+# begin with a signature of 'B' 'M' 0xCB, followed by a version byte 2 or 3
+# Similar to the unrelated Windows BMP format
+# check for VDC bitmap and then display image dimension and version
+0 name bitmap-vbm
+>2 ubyte 0xCB VDC bitmap
+!:mime image/x-commodore-vbm
+# http://recoil.sourceforge.net/formats.html
+!:ext bm/vbm
+# the VBM format version number: 2 or 3
+>>3 ubyte x \b, version %u
+# width of the image in Hi/Lo format
+>>4 ubeshort x \b, %u
+# height of the image
+>>6 ubeshort x x %u
+# version 3 images have the following additional header information
+>>3 ubyte =3
+# data-encoding type: 0~uncompressed 1~RLE-compressed
+>>>8 ubyte 0 \b, uncompressed
+>>>8 ubyte 1 \b, RLE-compressed
+# byte code for general RLE repetitions
+#>>>9 ubyte x \b, RLE repetition code 0x%x
+# reserved := 0
+#>>>14 short >0 \b, reserved 0x%x
+# length of comment text; 0~no comment text
+#>>>16 ubeshort >0 \b, comment length %u
+>>>16 pstring/H >0 \b, comment "%s"
+#
+0 string BM
+# check for magic and version 2 of VDC bitmap or BMP with cbSize=715=CB02
+>2 ubeshort 0xCB02
+>>6 short =0
+>>>0 use bitmap-bmp
+# VDC bitmap height or maybe a few OS/2 BMP with nonzero "hotspot coordinates"
+>>6 short !0
+>>>0 use bitmap-vbm
+# check for magic and version 3 of VDC bitmap or BMP with cbSize=971=CB03
+>2 ubeshort 0xCB03
+# check for reserved value (=0) of VDC bitmap
+>>14 short =0
+>>>0 use bitmap-vbm
+# BMP with cbSize=????03CBh and dib header size != 0
+>>14 short !0
+>>>0 use bitmap-bmp
+# cbSize is size of header or file size of Windows BMP bitmap
+>2 default x
+>>0 use bitmap-bmp
+0 name bitmap-bmp
+>14 ulelong 12 PC bitmap, OS/2 1.x format
+!:mime image/bmp
+!:ext bmp
+>>18 uleshort x \b, %d x
+>>20 uleshort x %d
+# number of color planes (must be 1)
+#>>22 uleshort !1 \b, %u color planes
+# number of bits per pixel (color depth); found 4 8
+>>24 uleshort x x %d
+# x, y coordinates of the hotspot
+>>6 uleshort >0 \b, hotspot %ux
+>>>8 uleshort x \b%u
+# cbSize; size of file or header like 1Ah 228C8h
+>>2 ulelong x \b, cbSize %u
+#>>2 ulelong x \b, cbSize 0x%8.8x
+# offBits; offset to bitmap data like:
+>>10 ulelong x \b, bits offset %u
+# http://fileformats.archiveteam.org/wiki/BMP#OS.2F2_BMP_2.0 no examples found
+>14 ulelong 48 PC bitmap, OS/2 2.x format (DIB header size=48)
+>14 ulelong 24 PC bitmap, OS/2 2.x format (DIB header size=24)
+# http://entropymine.com/jason/bmpsuite/bmpsuite/q/pal8os2v2-16.bmp
+# Note: by bitmap-bmp-v2o.trid.xml called "Windows Bitmap (v2o)"
+>14 ulelong 16 PC bitmap, OS/2 2.x format (DIB header size=16)
+!:mime image/bmp
+!:apple ????BMPp
+!:ext bmp
+# image width and height fields are unsigned integers for OS/2
+>>18 ulelong x \b, %u x
+>>22 ulelong x %u
+# number of bits per pixel (color depth); found 8
+>>28 uleshort >1 x %u
+# x, y coordinates of the hotspot
+>>6 uleshort >0 \b, hotspot %ux
+>>>8 uleshort x \b%u
+# number of color planes (must be 1)
+#>>26 uleshort >1 \b, %u color planes
+# cbSize; size of file like: 241E
+>>2 ulelong x \b, cbSize %u
+#>>2 ulelong x \b, cbSize 0x%x
+# offBits; offset to bitmap data like: 41E
+>>10 ulelong x \b, bits offset %u
+#>>10 ulelong x \b, bits offset 0x%x
+>14 ulelong 64 PC bitmap, OS/2 2.x format
+!:mime image/bmp
+!:apple ????BMPp
+!:ext bmp
+# image width and height fields are unsigned integers for OS/2
+>>18 ulelong x \b, %u x
+>>22 ulelong x %u
+# number of bits per pixel (color depth); found 1 4 8
+>>28 uleshort >1 x %u
+# x, y coordinates of the hotspot
+>>6 uleshort >0 \b, hotspot %ux
+>>>8 uleshort x \b%u
+>>26 uleshort >1 \b, %u color planes
+# cbSize; size of file or headers
+>>2 ulelong x \b, cbSize %u
+# BMP with cbSize 000002CBh=715 or 000003CBh=971 maybe misinterpreted as VDC bitmap
+#>>2 ulelong x \b, cbSize %#x
+# offBits; offset to bitmap data like 56h 5Eh 8Eh 43Eh
+>>10 ulelong x \b, bits offset %u
+#>>10 ulelong x \b, bits offset %#x
+#>>(10.l) ubequad !0 \b, bits %#16.16llx
+# BITMAPV2INFOHEADER adds RGB bit masks
+>14 ulelong 52 PC bitmap, Adobe Photoshop
+!:mime image/bmp
+!:apple ????BMPp
+!:ext bmp
+>>18 ulelong x \b, %d x
+>>22 ulelong x %d x
+# number of bits per pixel (color depth); found 16 32
+>>28 uleshort x %d
+# x, y coordinates of the hotspot; should be zero for Windows variant
+>>6 uleshort >0 \b, hotspot %ux
+>>>8 uleshort x \b%u
+# cbSize; size of file like: 14A 7F42
+>>2 ulelong x \b, cbSize %u
+#>>2 ulelong x \b, cbSize 0x%x
+# offBits; offset to bitmap data like: 42h
+>>10 ulelong x \b, bits offset %u
+#>>10 ulelong x \b, bits offset 0x%x
+# BITMAPV3INFOHEADER adds alpha channel bit mask
+>14 ulelong 56 PC bitmap, Adobe Photoshop with alpha channel mask
+!:mime image/bmp
+!:apple ????BMPp
+!:ext bmp
+>>18 ulelong x \b, %d x
+>>22 ulelong x %d x
+# number of bits per pixel (color depth); found 16 32
+>>28 uleshort x %d
+# x, y coordinates of the hotspot; should be zero for Windows variant
+>>6 uleshort >0 \b, hotspot %ux
+>>>8 uleshort x \b%u
+# cbSize; size of file like: 4E 7F46 131DE 14046h
+>>2 ulelong x \b, cbSize %u
+#>>2 ulelong x \b, cbSize 0x%x
+# offBits; offset to bitmap data like: 46h
+>>10 ulelong x \b, bits offset %u
+#>>10 ulelong x \b, bits offset 0x%x
+>14 ulelong 40
+# jump 4 bytes before end of file/header to skip fmt-116-signature-id-118.dib
+# broken for large bitmaps
+#>>(2.l-4) ulong x PC bitmap, Windows 3.x format
+>>14 ulelong 40 PC bitmap, Windows 3.x format
+!:mime image/bmp
+!:apple ????BMPp
+>>>18 ulelong x \b, %d x
+>>>22 ulelong x %d
+# 320 x 400 https://en.wikipedia.org/wiki/LOGO.SYS
+>>>18 ulequad =0x0000019000000140 x
+!:ext bmp/sys
+>>>18 ulequad !0x0000019000000140
+# compression method 2~RLE 4-bit/pixel implies also extension rle
+>>>>30 ulelong 2 x
+!:ext bmp/rle
+# not RLE compressed and not 320x400 dimension
+>>>>30 default x
+# "small" dimensions like: 14x15 15x16 16x14 16x16 32x32
+# https://en.wikipedia.org/wiki/Favicon
+>>>>>18 ulequad&0xffFFffC0ffFFffC0 =0 x
+# https://www.politi-kdigital.de/favicon.ico
+# http://forum.rpc1.org/favicon.ico
+!:ext bmp/ico
+# "big" dimensions > 63
+>>>>>18 default x x
+!:ext bmp
+# number of bits per pixel (color depth); found 1 2 4 8 16 24 32
+>>>28 uleshort x %d
+# x, y coordinates of the hotspot; there is no hotspot in bitmaps, so values 0
+#>>>6 uleshort >0 \b, hotspot %ux
+#>>>>8 uleshort x \b%u
+# number of color planes (must be 1), except badplanes.bmp for testing
+#>>>26 uleshort >1 \b, %u color planes
+# compression method: 0~no 1~RLE 8-bit/pixel 2~RLE 4-bit/pixel 3~Huffman 1D 6~RGBA bit field masks
+#>>>30 ulelong 3 \b, Huffman 1D compression
+>>>30 ulelong >0 \b, %u compression
+# image size is the size of raw bitmap; a dummy 0 can be given for BI_RGB bitmaps
+>>>34 ulelong >0 \b, image size %u
+# horizontal and vertical resolution of the image (pixel per metre, signed integer)
+>>>38 ulelong >0 \b, resolution %d x
+>>>>42 ulelong x %d px/m
+# number of colors in palette 16 256, or 0 to default to 2**n
+#>>>46 ulelong >0 \b, %u colors
+# number of important colors used, or 0 when every color is important
+>>>50 ulelong >0 \b, %u important colors
+# cbSize; often size of file
+>>>2 ulelong x \b, cbSize %u
+#>>>2 ulelong x \b, cbSize %#x
+# offBits; offset to bitmap data like 36h 76h BEh 236h 406h 436h 4E6h
+>>>10 ulelong x \b, bits offset %u
+#>>>10 ulelong x \b, bits offset %#x
+#>>>(10.l) ubequad !0 \b, bits %#16.16llxd
+>14 ulelong 124 PC bitmap, Windows 98/2000 and newer format
+!:mime image/bmp
+!:ext bmp
+>>18 ulelong x \b, %d x
+>>22 ulelong x %d x
+# color planes; must be 1
+#>>>26 uleshort >1 \b, %u color planes
+# number of bits per pixel (color depth); found 4 8 16 24 32 1 (fmt-119-signature-id-121.bmp) 0 (rgb24jpeg.bmp rgb24png.bmp)
+>>28 uleshort x %d
+# x, y coordinates of the hotspot; should be zero for Windows variant
+>>6 uleshort >0 \b, hotspot %ux
+>>>8 uleshort x \b%u
+# cbSize; size of file like: 8E AA 48A 999 247A 4F02 7F8A 3F88E B216E 1D4C8A 100008A
+>>2 ulelong x \b, cbSize %u
+#>>2 ulelong x \b, cbSize 0x%x
+# offBits; offset to bitmap data like: 8A 47A ABABABAB (fmt-119-signature-id-121.bmp)
+>>10 ulelong x \b, bits offset %u
+#>>10 ulelong x \b, bits offset 0x%x
+>14 ulelong 108 PC bitmap, Windows 95/NT4 and newer format
+!:mime image/bmp
+!:ext bmp
+>>18 ulelong x \b, %d x
+>>22 ulelong x %d x
+# number of bits per pixel (color depth); found 8 24 32
+>>28 uleshort x %d
+# x, y coordinates of the hotspot; should be zero for Windows variant
+>>6 uleshort >0 \b, hotspot %ux
+>>>8 uleshort x \b%u
+# cbSize; size of file like: 82 8A 9A 9F86 1E07A 3007A 88B7A C007A
+>>2 ulelong x \b, cbSize %u
+#>>2 ulelong x \b, cbSize 0x%x
+# offBits; offset to bitmap data like: 7A 7E 46A
+>>10 ulelong x \b, bits offset %u
+#>>10 ulelong x \b, bits offset 0x%x
+# Update: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/OS/2_Icon
+# Reference: http://www.fileformat.info
+# /format/os2bmp/spec/902d5c253f2a43ada39c2b81034f27fd/view.htm
+# Note: verified by command like `deark -l -d3 OS2MEMU.ICO`
+0 string IC
+# skip Lotus smart icon *.smi by looking for valid hotspot coordinates
+>6 ulelong&0xFF00FF00 =0 OS/2 icon
+# jump 4 bytes before end of header/file and test for accessibility
+#>>(2.l-4) ubelong x End of header is OK!
+!:mime image/x-os2-ico
+!:ext ico
+# cbSize; size of header or file in bytes like 1ah 120h 420h
+>>2 ulelong x \b, cbSize %u
+# xHotspot, yHotspot; coordinates of the hotspot for icons like 16 32
+>>6 uleshort x \b, hotspot %ux
+>>8 uleshort x \b%u
+# offBits; offset in bytes to the beginning of the bit-map pel data like 20h
+>>10 ulelong x \b, bits offset %u
+#>>(10.l) ubequad x \b, bits %#16.16llx
+#0 string PI PC pointer image data
+#0 string CI PC color icon data
+0 string CI
+# test also for valid dib header sizes 12 or 64
+>14 ulelong <65 OS/2
+# test also for valid hotspot coordinates
+#>>6 ulelong&0xFE00FE00 =0 OS/2
+!:mime image/x-os2-ico
+!:ext ico
+>>14 ulelong 12 1.x color icon
+# image width and height fields are unsigned integers for OS/2
+>>>18 uleshort x %u x
+# stored height = 2 * real height
+>>>20 uleshort/2 x %u
+# number of bits per pixel (color depth). Typical 32 24 16 8 4 but only 1 found
+>>>24 uleshort >1 x %u
+# color planes; must be 1
+#>>>22 uleshort >1 \b, %u color planes
+>>14 ulelong 64 2.x color icon
+# image width and height
+>>>18 ulelong x %u x
+# stored height = 2 * real height
+>>>22 ulelong/2 x %u
+# number of bits per pixel (color depth). only 1 found
+>>>28 uleshort >1 x %u
+#>>>26 uleshort >1 \b, %u color planes
+# compression method: 0~no 3~Huffman 1D
+>>>30 ulelong 3 \b, Huffman 1D compression
+#>>>30 ulelong >0 \b, %u compression
+# xHotspot, yHotspot; coordinates of the hotspot like 0 1 16 20 32 33 63 64
+>>6 uleshort x \b, hotspot %ux
+>>8 uleshort x \b%u
+# cbSize; size of header or maybe file in bytes like 1Ah 4Eh 84Eh
+>>2 ulelong x \b, cbSize %u
+#>>2 ulelong x \b, cbSize %x
+# offBits; offset to bitmap data (pixel array) like E4h 3Ah 66h 6Ah 33Ah 4A4h
+>>10 ulelong x \b, bits offset %u
+#>>10 ulelong x \b, bits offset %#x
+#>>(10.l) ubequad !0 \b, bits %#16.16llx
+# dib header size: 12~Ch~OS/2 1.x 64~40h~OS/2 2.x
+#>>14 ulelong x \b, dib header size %u
+#0 string CP PC color pointer image data
+# URL: http://fileformats.archiveteam.org/wiki/OS/2_Pointer
+# Reference: http://www.fileformat.info/format/os2bmp/egff.htm
+0 string CP
+# skip many Corel Photo-Paint image "CPT9FILE" by checking for positive bits offset
+>10 ulelong >0
+# skip CPU-Z Report by checking for valid dib header sizes 12 or 64
+>>14 ulelong =12
+>>>0 use os2-ptr
+>>14 ulelong =64
+>>>0 use os2-ptr
+# display information of OS/2 pointer bitmaps
+0 name os2-ptr
+>14 ulelong x OS/2
+# http://extension.nirsoft.net/PTR
+!:mime image/x-ibm-pointer
+!:ext ptr
+>>14 ulelong 12 1.x color pointer
+# image width and height fields are unsigned integers for OS/2
+>>>18 uleshort x %u x
+# stored height = 2 * real height
+>>>20 uleshort/2 x %u
+# number of bits per pixel (color depth). Typical 32 24 16 8 4 but only 1 found
+>>>24 uleshort >1 x %u
+# color planes; must be 1
+#>>>22 uleshort >1 \b, %u color planes
+>>14 ulelong 64 2.x color pointer
+# image width and height
+>>>18 ulelong x %u x
+# stored height = 2 * real height
+>>>22 ulelong/2 x %u
+# number of bits per pixel (color depth). only 1 found
+>>>28 uleshort >1 x %u
+#>>>26 uleshort >1 \b, %u color planes
+# compression method: 0~no 3~Huffman 1D
+>>>30 ulelong 3 \b, Huffman 1D compression
+#>>>30 ulelong >0 \b, %u compression
+# xHotspot, yHotspot; coordinates of the hotspot like 0 3 4 8 15 16 23 27 31
+>>6 uleshort x \b, hotspot %ux
+>>8 uleshort x \b%u
+# cbSize; size of header or maybe file in bytes like 1Ah 4Eh
+>>2 ulelong x \b, cbSize %u
+#>>2 ulelong x \b, cbSize %x
+# offBits; offset to bitmap data (pixel array) like 6Ah A4h E4h 4A4h
+>>10 ulelong x \b, bits offset %u
+#>>10 ulelong x \b, bits offset %#x
+#>>(10.l) ubequad !0 \b, bits %#16.16llx
+# dib header size: 12~Ch~OS/2 1.x 64~40h~OS/2 2.x
+#>>14 ulelong x \b, dib header size %u
+# Conflicts with other entries [BABYL]
+# URL: http://fileformats.archiveteam.org/wiki/BMP#OS.2F2_Bitmap_Array
+# Note: container for OS/2 icon "IC", color icon "CI", color pointer "CP" or bitmap "BM"
+#0 string BA PC bitmap array data
+0 string BA
+# skip old Emacs RMAIL BABYL ./mail.news by checking for low header size
+>2 ulelong <0x004c5942 OS/2 graphic array
+!:mime image/x-os2-graphics
+#!:apple ????BMPf
+# cbSize; size of header like 28h 5Ch
+>>2 ulelong x \b, cbSize %u
+#>>2 ulelong x \b, cbSize %#x
+# offNext; offset to data like 0 48h F2h 4Eh 64h C6h D2h D6h DAh E6h EAh 348h
+>>6 ulelong >0 \b, data offset %u
+#>>6 ulelong >0 \b, data offset %#x
+#>>(6.l) ubequad !0 \b, data %#16.16llx
+# dimensions of the intended device like 640 x 480 for VGA or 1024 x 768
+>>10 uleshort >0 \b, display %u
+>>>12 uleshort >0 x %u
+# usType of first array element
+#>>14 string x \b, usType %2.2s
+# 1 space char after "1st"
+# no *.bga examples found https://www.openwith.org/file-extensions/bga/1342
+>>14 string BM \b; 1st
+!:ext bmp/bga
+>>14 string CI \b; 1st
+!:ext ico
+>>14 string CP \b; 1st
+!:ext ico
+>>14 string IC \b; 1st
+!:ext ico
+# no white-black pointer found
+#>>14 string PT \b; 1st
+#!:ext
+>>14 indirect x
+
+# XPM icons (Greg Roelofs, newt@uchicago.edu)
+# Update: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/XPM
+# Reference: http://www.x.org/docs/XPM/xpm.pdf
+# http://mark0.net/download/triddefs_xml.7z/defs/b/bitmap-xpm.trid.xml
+# Note: called "X PixMap bitmap" by TrID and "X-Windows Pixmap Image" by DROID via PUID x-fmt/208
+# starting with c comment like: logo.xpm
+0 string /*\040
+# 9 byte c-comment "/* XPM */" not at the beginning like: mozicon16.xpm mozicon50.xpm (thunderbird)
+>0 search/0xCE /*\ XPM\ */
+# skip DROID x-fmt-208-signature-id-620.xpm by looking for char array without explict length
+# and match mh-logo.xpm (emacs)
+>>&0 search/1249 []
+>>>0 use xpm-image
+# non standard because no 9 byte c-comment "/* XPM */" like: logo.xpm in qemu package
+>0 default x
+# words are separated by a white space which can be composed of space and tabulation characters
+>>0 search/0x52 static\040char\040
+# skip debug.c testmlc.c by looking for char array without explict length
+# https://www.clamav.net/downloads/production/clamav-0.104.2.tar.gz
+# clamav-0.104.2\libclammspack\mspack\debug.c
+>>>&0 search/64 []
+>>>>0 use xpm-image
+# display X pixmap image information
+0 name xpm-image
+>0 string x X pixmap image text
+#!:mime text/plain
+# https://reposcope.com/mimetype/image/x-xpixmap
+# alias
+#!:mime image/x-xpm
+!:mime image/x-xpixmap
+!:ext xpm
+# NO pm example found!
+#!:ext xpm/pm
+# look for start of character array at beginning of a line like: psetupl.xpm (OpenOffice 4.1.7)
+>0 search/0x406 \n"
+# DEBUG VALUES string
+#>>&0 string x '%s'
+# width with optional white space before like: 16 24 32 48 1280
+>>&0 regex/8 [0-9]{1,5} \b, %s
+# height with white space like: 15 16 17 24 32 48 1024
+>>>&0 regex/8 [0-9]{1,5} x %s
+# number of colors with white space like: 1 2 3 4 5 8 11 14 162 255 but unrelistic 4294967295 by hardcopy tool
+>>>>&0 regex/12 [0-9]{1,9} x %s
+# chars_per_pixel with white space like: 1 2
+>>>>>&0 regex/14 [0-9]{1,2} \b, %s chars/pixel
+# non standard because not starting with 9 byte c-comment "/* XPM */"
+>0 string !/*\ XPM\ */
+>>0 string x \b, 1st line "%s"
+
+# Utah Raster Toolkit RLE images (janl@ifi.uio.no)
+0 uleshort 0xcc52 RLE image data,
+>6 uleshort x %d x
+>8 uleshort x %d
+>2 uleshort >0 \b, lower left corner: %d
+>4 uleshort >0 \b, lower right corner: %d
+>10 ubyte&0x1 =0x1 \b, clear first
+>10 ubyte&0x2 =0x2 \b, no background
+>10 ubyte&0x4 =0x4 \b, alpha channel
+>10 ubyte&0x8 =0x8 \b, comment
+>11 ubyte >0 \b, %d color channels
+>12 ubyte >0 \b, %d bits per pixel
+>13 ubyte >0 \b, %d color map channels
+
+# image file format (Robert Potter, potter@cs.rochester.edu)
+0 string Imagefile\ version- iff image data
+# this adds the whole header (inc. version number), informative but longish
+>10 string >\0 %s
+
+# Sun raster images, from Daniel Quinlan (quinlan@yggdrasil.com)
+0 ubelong 0x59a66a95 Sun raster image data
+>4 ubelong >0 \b, %d x
+>8 ubelong >0 %d,
+>12 ubelong >0 %d-bit,
+#>16 ubelong >0 %d bytes long,
+>20 ubelong 0 old format,
+#>20 ubelong 1 standard,
+>20 ubelong 2 compressed,
+>20 ubelong 3 RGB,
+>20 ubelong 4 TIFF,
+>20 ubelong 5 IFF,
+>20 ubelong 0xffff reserved for testing,
+>24 ubelong 0 no colormap
+>24 ubelong 1 RGB colormap
+>24 ubelong 2 raw colormap
+#>28 ubelong >0 colormap is %d bytes long
+
+# SGI image file format, from Daniel Quinlan (quinlan@yggdrasil.com)
+#
+# See
+# http://reality.sgi.com/grafica/sgiimage.html
+#
+0 ubeshort 474 SGI image data
+#>2 ubyte 0 \b, verbatim
+>2 ubyte 1 \b, RLE
+#>3 ubyte 1 \b, normal precision
+>3 ubyte 2 \b, high precision
+>4 ubeshort x \b, %d-D
+>6 ubeshort x \b, %d x
+>8 ubeshort x %d
+>10 ubeshort x \b, %d channel
+>10 ubeshort !1 \bs
+>80 string >0 \b, "%s"
+
+0 string IT01 FIT image data
+>4 ubelong x \b, %d x
+>8 ubelong x %d x
+>12 ubelong x %d
+#
+0 string IT02 FIT image data
+>4 ubelong x \b, %d x
+>8 ubelong x %d x
+>12 ubelong x %d
+#
+2048 string PCD_IPI Kodak Photo CD image pack file
+>0xe02 ubyte&0x03 0x00 , landscape mode
+>0xe02 ubyte&0x03 0x01 , portrait mode
+>0xe02 ubyte&0x03 0x02 , landscape mode
+>0xe02 ubyte&0x03 0x03 , portrait mode
+0 string PCD_OPA Kodak Photo CD overview pack file
+
+# FITS format. Jeff Uphoff <juphoff@tarsier.cv.nrao.edu>
+# FITS is the Flexible Image Transport System, the de facto standard for
+# data and image transfer, storage, etc., for the astronomical community.
+# (FITS floating point formats are big-endian.)
+0 string SIMPLE\ \ = FITS image data
+!:mime image/fits
+!:ext fits/fts
+>109 string 8 \b, 8-bit, character or unsigned binary integer
+>108 string 16 \b, 16-bit, two's complement binary integer
+>107 string \ 32 \b, 32-bit, two's complement binary integer
+>107 string -32 \b, 32-bit, floating point, single precision
+>107 string -64 \b, 64-bit, floating point, double precision
+
+# other images
+0 string This\ is\ a\ BitMap\ file Lisp Machine bit-array-file
+
+# From SunOS 5.5.1 "/etc/magic" - appeared right before Sun raster image
+# stuff.
+#
+0 ubeshort 0x1010 PEX Binary Archive
+
+# DICOM medical imaging data
+# URL: https://en.wikipedia.org/wiki/DICOM#Data_format
+# Note: "dcm" is the official file name extension
+# XnView mention also "dc3" and "acr" as file name extension
+128 string DICM DICOM medical imaging data
+!:mime application/dicom
+!:ext dcm/dicom/dic
+
+# XWD - X Window Dump file.
+# URL: http://fileformats.archiveteam.org/wiki/XWD
+# Reference: https://wiki.multimedia.cx/index.php?title=XWD
+# http://mark0.net/download/triddefs_xml.7z/defs/x/xdm-x11.trid.xml
+# Note: called "X-Windows Screen Dump (X11)" by TrID and
+# "X-Windows Screen Dump" version X11 by DROID via PUID fmt/483
+# verfied by XnView `nconvert -in xwd -info *`
+# and ImageMagick 6.9.11 `identify -verbose *` as XWD X Windows system window dump
+# and `xwud -in fig41.wxd -dumpheader`
+# As described in /usr/X11R6/include/X11/XWDFile.h
+# used by the xwd program.
+# Bradford Castalia, idaeim, 1/01
+# updated by Adam Buchbinder, 2/09 and Joerg Jenderek, May 2022
+# The following assumes version 7 of the format; the first long is the length
+# of the header, which is at least 25 4-byte longs, and the one at offset 8
+# is a constant which is always either 1 or 2. Offset 12 is the pixmap depth,
+# which is a maximum of 32.
+# Size of the entire file header (bytes) like: 100 104 105 106 107 109 110 113 114 115 118 172
+0 ubelong >99
+# pixmap_format; Pixmap format; 0~1-bit (XYBitmap) format 1~single-plane (XYPixmap) 2~bitmap with two or more planes (ZPixmap)
+>8 ubelong <3
+# pixmap_depth; Pixmap depth; value 1 - 32
+>>12 ubelong <33
+# file_version; XWD_FILE_VERSION=7
+>>>4 ubelong 7
+# skip DROID fmt-401-signature-id-618.xwd by test for existing border field
+>>>>96 ubelong x X-Window screen dump image data, version X11
+# ./images (version 1.205) labeled the above entry as "XWD X Window Dump image data"
+# https://reposcope.com/mimetype/image/x-xwindowdump
+!:mime image/x-xwindowdump
+#!:ext xwd
+!:ext xwd/dmp
+# https://www.xnview.com/en/image_formats/ NO example with x11 suffix FOUND!
+#!:ext xwd/dmp/x11
+# https://www.nationalarchives.gov.uk/PRONOM/fmt/401 NO example with xdm suffix FOUND!
+#!:ext xwd/dmp/x11/xmd
+# file comment if header > 100; so not in MARBLES.XWD and hardcopy-x-window-v11.xwd
+>>>>>0 ubelong >100
+# comment or windows name
+>>>>>>100 string >\0 \b, "%s"
+# pixmap_width; pixmap width like: 576 800 1014 1280 1419 NOT -1414812757=abABabABh
+>>>>>16 ubelong x \b, %dx
+# pixmap_height; pixmap height like: 449 454 600 704 720 1001 1024 NOT -1414812757=abABabABh
+>>>>>20 ubelong x \b%dx
+# pixmap_depth; pixmap depth
+>>>>>12 ubelong x \b%d
+# XOffset; Bitmap X offset; pixel numbers to ignore at the beginning of each scan-line
+#>>>>>24 ubelong x \b, %u ignore
+# ByteOrder; byte order of image data: 0~least significant byte first 1~most significant byte first
+>>>>>28 ubelong >0 \b, order %u
+# BitmapUnit; bitmap base data size unit in each scan line like: 8 16 32
+#>>>>>32 ubelong x \b, unit %u
+# BitmapBitOrder; bit-order of image data; apparently same as ByteOrder
+#>>>>>36 ubelong x \b, bit order %u
+# BitmapPad; number of padding bits added to each scan line like: 8 16 32
+#>>>>>40 ubelong x \b, pad %u
+# BitsPerPixel; Bits per pixel: 1~StaticGray and GrayScale 2-15~StaticColor and PseudoColor 16,24,32~TrueColor and DirectColor
+#>>>>>44 ubelong x \b, %u bits/pixel
+# BytesPerLine; size of each scan line in bytes
+#>>>>>48 ubelong x \b, %u bytes/line
+# VisualClass; class of the image: 0~StaticGray 1~GrayScale 2~StaticColor 3~PseudoColor 4~TrueColor 5~DirectColor
+#>>>>>52 ubelong x \b, %u Class
+# RedMask; red RGB mask values used by ZPixmaps like: 0 0xff0000
+#>>>>>56 ubelong !0 \b, %#x red
+# GreenMask; green mask like: 0
+#>>>>>60 ubelong !0 \b, %#x green
+# BlueMask; blue mask like: 0 0xff
+#>>>>>64 ubelong !0 \b, %#x blue
+# BitsPerRgb; Size of each color mask in bits like: 0 1 8 24
+#>>>>>68 ubelong x \b, %u bits/RGB
+# NumberOfColors; number of colors in image like: 256 4 2 0 (WHAT DOES THIS MEAN?)
+>>>>>72 ubelong x \b, %u colors
+# ColorMapEntries; number of entries in color map like: 256 16 2 0~no color map
+>>>>>76 ubelong x %u entries
+# WindowWidth; window width
+#>>>>>80 ubelong x \b, %u width
+# WindowHeight; window height
+#>>>>>84 ubelong x \b, %u height
+# WindowX; Window upper left X coordinate like: 0 24 32 80 237 290 422 466 568 (lenna.dmp)
+>>>>>88 ubelong !0 \b, x=%d
+# WindowY; Window upper left Y coordinate like: 0 8 18 26 60 73 107 (fig41.xwd) 128
+>>>>>92 ubelong !0 \b, y=%d
+# WindowBorderWidth; Window border width; apparently pixmap_width=WindowWidth+2*WindowBorderWidth
+# like: 1 (fig41.xwd) 2 (maze.dmp) 3 (lenna.dmp mandrill.dmp)
+>>>>>96 ubelong >0 \b, %u border
+# From: Joerg Jenderek
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/x/xdm-x10.trid.xml
+# Note: called "X-Windows Screen Dump (X10)" by TrID and
+# "X-Windows Screen Dump" version X10 by DROID via PUID x-fmt/300
+# verfied by XnView `nconvert -in xwd -info *`
+# HeaderSize is the size of the header in bytes; always 40 for X10 variant
+0 ubelong =0x000000028
+# FileVersion; always 6 for X10 variant
+>4 ubelong =6
+# skip DROID x-fmt-300-signature-id-619.xdm by test existing border field
+>>36 ubeshort x X-Window screen dump image data, version X10
+!:mime image/x-xwindowdump
+!:ext xwd
+# http://www.nationalarchives.gov.uk/pronom/fmt/401 NO example with xdm suffix FOUND!
+#!:ext xwd/xdm
+# PixmapWidth; pixmap width like: 127 1280
+>>>20 ubelong x \b, %d
+# PixmapHeight; pixmap height like: 64 1024
+>>>24 ubelong x \bx%d
+# DisplayPlanes; number of display planes like: 1 4 8
+>>>12 ubelong x \bx%u
+# DisplayType; display type like: 1 3
+#>>>8 ubelong x \b, type %u
+# PixmapFormat; pixmap format like: 1~bitmap with two or more planes (ZPixmap) 0~single-plane bitmap (XYBitmap)
+#>>>16 ubelong x \b, %u format
+# WindowWidth; window width; probably PixmapWidth=WindowWidth+2*WindowBorderWidth
+#>>>28 ubeshort x \b, width %u
+# WindowHeight; window height; probably PixmapWidth=PixmapHeight+2*WindowBorderWidth
+#>>>30 ubeshort x \b, height %u
+# WindowX; window upper left X coordinate like: 0
+>>>32 ubeshort !0 \b, x=%d
+# WindowY; window upper left Y coordinate like: 0
+>>>34 ubeshort !0 \b, y=%d
+# WindowBorderWidth; window border width like: 0
+>>>36 ubeshort !0 \b, %u border
+# WindowNumColors; Number of color entries in window like: 2 16 256
+#>>>38 ubeshort x \b, %u colors
+# if the image is a PseudoColor image, a color map immediately follows the header. X10COLORMAP[WindowNumColors];
+# EntryNumber; number of the color-map entry like: 0
+#>>>40 ubeshort x \b, colors #%u
+# Red; red-channel value
+#>>>42 ubeshort !0 \b, red %#x
+# Green; green-channel value
+#>>>44 ubeshort !0 \b, green %#x
+# Blue; blue-channel value
+#>>>46 ubeshort !0 \b, blue %#x
+# 2ND Entry like: 2
+#>>>48 ubeshort x \b, colors #%u
+
+# PDS - Planetary Data System
+# These files use Parameter Value Language in the header section.
+# Unfortunately, there is no certain magic, but the following
+# strings have been found to be most likely.
+0 string NJPL1I00 PDS (JPL) image data
+2 string NJPL1I PDS (JPL) image data
+0 string CCSD3ZF PDS (CCSD) image data
+2 string CCSD3Z PDS (CCSD) image data
+0 string PDS_ PDS image data
+0 string LBLSIZE= PDS (VICAR) image data
+
+# pM8x: ATARI STAD compressed bitmap format
+#
+# from Oskar Schirmer <schirmer@scara.com> Feb 2, 2001
+# p M 8 5/6 xx yy zz data...
+# Atari ST STAD bitmap is always 640x400, bytewise runlength compressed.
+# bytes either run horizontally (pM85) or vertically (pM86). yy is the
+# most frequent byte, xx and zz are runlength escape codes, where xx is
+# used for runs of yy.
+#
+0 string pM85 Atari ST STAD bitmap image data (hor)
+>5 ubyte 0x00 (white background)
+>5 ubyte 0xFF (black background)
+0 string pM86 Atari ST STAD bitmap image data (vert)
+>5 ubyte 0x00 (white background)
+>5 ubyte 0xFF (black background)
+
+# From: Alex Myczko <alex@aiei.ch>
+# https://www.atarimax.com/jindroush.atari.org/afmtatr.html
+0 uleshort 0x0296 Atari ATR image
+
+# URL: http://fileformats.archiveteam.org/wiki/DEGAS_image
+# Reference: https://wiki.multimedia.cx/index.php?title=Degas
+# From: Joerg Jenderek
+# http://mark0.net/download/triddefs_xml.7z/defs/b
+# bitmap-pi2-degas.trid.xml bitmap-pi3-degas.trid.xml
+# bitmap-pc1-degas.trid.xml bitmap-pc2-degas.trid.xml bitmap-pc3-degas.trid.xml
+# Note: verified by NetPBM `pi3topbm sigirl1.pi3 | file`
+# `deark -m degas -l -d2 ataribak.pi1`
+# XnView `nconvert -fullinfo *.p??`
+# DEGAS low-res uncompressed bitmap *.pi1
+0 beshort 0x0000
+# skip some ISO 9660 CD-ROM filesystems like plpbt.iso by test for 4 non black colors in palette entries
+>2 quad !0
+# skip g3test.g3 by test for unused bits of 2nd color entry
+>>4 ubeshort&0xF000 0
+#>>>0 beshort x 1ST_VALUE=%x
+#>>>-0 offset x FILE_SIZE=%lld
+# standard DEGAS low-res uncompressed bitmap *.pi1 with file size 32034
+>>>-0 offset =32034
+#>>>>0 beshort x 1st_VALUE=%x
+# like: 8ball.pi1 teddy.pi1 sonic01.pi1
+>>>>0 use degas-bitmap
+# about 61 DEGAS Elite low-res uncompressed bitmap *.pi1 with file size 32066
+>>>-0 offset =32066
+# like: spider.pi1 pinkgirl.pi1 frog3.pi1
+>>>>0 use degas-bitmap
+# about 55 DEGAS Elite low-res uncompressed bitmap *.pi1 with file size 32128
+>>>-0 offset =32128
+# like: mountain.pi1 bigspid.pi1 alf33.pi1
+>>>>0 use degas-bitmap
+# 1 DEGAS Elite low-res uncompressed bitmap *.pi1 with file size 44834
+>>>-0 offset =44834
+# like: kenshin.pi1
+>>>>0 use degas-bitmap
+# DEGAS mid-res uncompressed bitmap *.pi2 (strength=50) after GEM Images like:
+# BEETHVEN.IMG CHURCH.IMG GAMEOVR4.IMG TURKEY.IMG clinton.img
+0 beshort 0x0001
+#!:strength +0
+# skip many control files like gnucash-4.8.setup.exe.aria2 by test for non black in 4 palette entries
+>2 quad !0
+# skip control file load-v0001.aria2 and many GEM Image data like
+# GAMEOVR4.IMG BEETHVEN.IMG CHURCH.IMG TURKEY.IMG clinton.img
+# by test for valid file sizes
+# standard DEGAS mid-res uncompressed bitmap *.pi2 with file size 32034
+>>-0 offset =32034
+# (39/41) like: GEMINI03.PI2 ST_TOOLS.PI2 TBX_DEMO.PI2
+>>>0 use degas-bitmap
+# few DEGAS Elite mid-res uncompressed bitmap *.pi2 with file size 32066
+>>-0 offset =32066
+# (2/41) like: medres.pi2
+>>>0 use degas-bitmap
+# DEGAS high-res uncompressed bitmap *.pi3
+0 beshort 0x0002
+# skip Intel ia64 COFF msvcrt.lib by test for unused bits of 1st atari color palette entry
+>2 ubeshort&0xF000 0
+# skip few Adobe PhotoShop Brushes like Faux-Spitzen.abr by check
+# for invalid Adobe PhotoShop Brush UTF16-LE string length
+>>19 ubyte =0
+# many like: 4th_ofj2.pi3 GEMINI03.PI3 PEOPLE18.PI3 POWERFIX.PI3 abydos.pi3 highres.pi3 sigirl1.pi3 vanna5.pi3
+>>>0 use degas-bitmap
+# Adobe PhotoShop Brush UTF16-LE string length 15 "Gitter - klein " 8 "Kreis 1 "
+>>19 ubyte !0
+#>>19 ubyte !0 \b, NOTE LENGTH %u
+#>>>21 lestring16 x \b, BRUSH NOTE "%s"
+>>>(19.b*2) ubequad x
+# maybe last character of Adobe PhotoShop Brush UTF16-LE string and terminating nul char like
+# 006e0000 for n in "Faux-Spitzen.abr" 00310000 for 1 in "Verschiedene Spitzen.abr"
+# 00000000 "LEREDACT.PI3" 03730773 "TBX_DEMO.PI3"
+#>>>>&8 ubelong x \b, LAST CHAR+NIL %8.8x
+>>>>&8 ubelong&0xff00ffFF !0
+# skip many Adobe Photoshop Color swatch (ANPA-Farben.aco TOYO-Farbsystem.aco) with invalid 3rd color entry (1319 2201 2206 21f5 2480 24db 25fd)
+>>>>>6 ubeshort&0xF000 0
+# skip few Adobe Photoshop Color swatch (FOCOLTONE-Farben.aco "PANTONE process coated.aco") with invalid 4th color entry (ffff)
+>>>>>>8 ubeshort&0xF000 0
+# many DEGAS bitmap like: ARABDEMO.PI3 ELMRSESN.PI3 GEMVIEW.PI3 LEREDACT.PI3 PICCOLO.PI3 REPRO_JR.PI3 ST_TOOLS.PI3 TBX_DEMO.PI3 evgem7.pi3
+>>>>>>>0 use degas-bitmap
+# test for last character of Adobe PhotoShop Brush UTF16-LE string and terminating nul char
+>>>>&8 ubelong&0xff00ffFF =0
+# select last DEGAS bitmaps by invalid last char of brush note like BASICNES.PI3 DB_HELP.PI3 DB_WRITR.PI3 LEREDACT.PI3
+>>>>>&-4 ubelong&0x00FF0000 <0x00200000
+>>>>>>0 use degas-bitmap
+# last character of Adobe PhotoShop Brush UTF16-LE note
+#>>>>>&-4 ubelong&0x00FF0000 >0x001F0000 \b, THAT IS ABR
+# DEGAS low-res compressed bitmap *.pc1 like: BATTLSHP.PC1 GNUCHESS.PC1 MEDUSABL.PC1 MOONLORD.PC1 WILDROSE.PC1
+0 beshort 0x8000
+# skip lif files handled via ./lif by test for unused bits of 1st palette entry
+>2 ubeshort&0xF000 0
+# skip CRI ADX ADPCM audio (R04HT.adx R03T-15552.adx) with 44100 Hz misinterpreted as 5th color entry value AC44h
+>>10 ubeshort&0xF000 0
+# skip few (fmt-840-signature-id-1195.adx fmt-840-signature-id-1199.adx) by test for 4 first non black colors in palette entries
+>>>2 quad !0
+>>>>0 use degas-bitmap
+# DEGAS mid-res compressed bitmap *.pc2 like: abydos.pc2 ARTIS3.PC2 SMTHDRAW.PC2 STAR_2K.PC2 TX2_DEMO.PC2
+0 beshort 0x8001
+# skip many (1274/1369) PostScript Type 1 font (DarkGardenMK.pfb coupbi.pfb MONOBOLD.PFB) with invalid 1st atari color palette entry 5506 5b06 6906 7906 7e06 fb15
+>2 ubeshort&0xF000 0
+# skip some (95/1369) PostScript Type 1 font (fmt-525-signature-id-816.pfb LUXEMBRG.PFB) with invalid 3rd atari color palette entry 2521
+>>6 ubeshort&0xF000 0
+>>>0 use degas-bitmap
+# DEGAS high-res compressed bitmap *.pc3 like: abydos.pc3 COYOTE.PC3 ELEPHANT.PC3 TX2_DEMO.PC3 SMTHDRAW.PC3
+0 beshort 0x8002
+# skip some (36/212) Python Pickle (factor_cache.pickle environment.pickle) with invalid 1st atari color entry (2863 6363 7d71)
+>2 ubeshort&0xF000 0
+>>0 use degas-bitmap
+# display information of Atari DEGAS and DEGAS Elite bitmap images
+0 name degas-bitmap
+>0 ubyte x Atari DEGAS
+#!:mime application/octet-stream
+!:mime image/x-atari-degas
+# compressed
+>0 ubyte =0x80 Elite compressed
+# uncompressed
+#>0 ubyte =0x00 uncompressed
+#>0 ubyte =0x00 un.
+>0 ubyte =0x00
+# check for existence of footer for DEGAS Elite images
+>>32042 ubequad x Elite
+>0 beshort 0x0000 bitmap
+!:ext pi1
+>0 beshort 0x0001 bitmap
+!:ext pi2
+>0 beshort 0x0002 bitmap
+# no example with SUH extension found
+#!:ext pi3/suh
+!:ext pi3
+>0 beshort 0x8000 bitmap
+!:ext pc1
+>0 beshort 0x8001 bitmap
+!:ext pc2
+>0 beshort 0x8002 bitmap
+!:ext pc3
+# low resolution; 320x200, 16 colors
+>1 ubyte =0 320 x 200 x 16
+# medium resolution; 640x200, 4 colors
+>1 ubyte =1 640 x 200 x 4
+# high resolution; 640x400, 2 colors
+>1 ubyte =2 640 x 400 x 2
+# http://fileformats.archiveteam.org/wiki/Atari_ST_color_palette
+# hardware_palette[16]; 9 bit ?????RRR?GGG?BBB; 12 bit ????RRRRGGGGBBBB for Atari STE
+# for Atari DEGAS apparently no Spectrum 512 Enhanced 15 bit palette RGB?RRRRGGGGBBBB
+# Red Green Blue unused bit ? often 0 but not bilboule.pi1; color_value (examples or numbers)
+# 1st color palette entry like: 0777 (61) 0fff (LEREDACT.PI3) 0fcf (devgem7.pi3) 0001 (9)
+>2 ubeshort x \b, color palette %4.4x
+# 2nd palette entry like: 0000 (32) 0700 (38) 0f00 (LEREDACT.PI3 devgem7.pi3)
+>4 ubeshort x %4.4x
+# 3rd palette entry
+>6 ubeshort x %4.4x
+# 4th palette entry like: 0000 (72)
+>8 ubeshort x %4.4x
+# 5th palette entry
+>10 ubeshort x %4.4x
+>2 ubeshort x ...
+# 6th palette entry
+#>12 ubeshort x %4.4x
+# 7th palette entry like: 0000 (16) 0001 (ELMRSESN.PI3 elmrsesn.pi3) 0070 (51) 00f0 (BASICNES.PI3 LEREDACT.PI3) 00f8 (devgem7.pi3)
+#>14 ubeshort x %4.4x
+# 8th palette entry
+#>16 ubeshort x %4.4x
+# 9 palette entry
+#>18 ubeshort x %4.4x
+# 10 palette entry
+#>20 ubeshort x %4.4x
+# 11 palette entry
+#>22 ubeshort x %4.4x
+# 12 palette entry
+#>24 ubeshort x %4.4x
+# 13 palette entry
+#>26 ubeshort x %4.4x
+# 14th palette entry
+#>28 ubeshort x %4.4x
+# 15th palette entry
+#>30 ubeshort x %4.4x
+# 16th palette entry
+#>32 ubeshort x %4.4x
+# data[16000] for uncompressed images; pixel data
+#>34 ubequad x \b, DATA %#16.16llx...
+# footer for Elite variant images
+# https://www.fileformat.info/format/atari/egff.htm
+# https://pulkomandy.tk/projects/GrafX2/wiki/Develop/FileFormats/Atari
+# left_color_animation[4]; like: 0000000000000000 0000000100020003 fffafff000000030 (bigspid.pi1)
+#>32034 ubequad !0 \b, color animations %16.16llx (left)
+# right_color_animation[4]; like: 0000000000000000 0000000100020003
+#>>32042 ubequad !0 %16.16llx (right)
+# channel_direction[4]; 0~left 1~none 2~right like: 0001000100010001 0002000000010001 (cycle2.pi1)
+# sometimes unexpected like: feaafc0000000000 (bigspid.pi1)
+#>32050 ubequad !0 \b, channel directions %16.16llx
+# channel_delay[4]; 128 - channel delay, timebase 1/60 s
+#>32058 ubequad !0 \b, channel delays %16.16llx
+
+# From: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/GED
+# https://recoil.sourceforge.net/formats.html#Atari-8-bit
+# Reference: https://sourceforge.net/projects/recoil/files/recoil/6.3.4/recoil-6.3.4.tar.gz
+# recoil-6.3.4/recoil.c
+# http://mark0.net/download/triddefs_xml.7z/defs/b/bitmap-ged.trid.xml
+# Note: called "Atari GED bitmap" by TrID; file size 11302
+# and verified by RECOIL graphic tool
+0 string \xFF\xFF0SO\x7F Atari GED bitmap, 160x200
+#!:mime application/octet-stream
+!:mime image/x-atari-ged
+!:ext ged
+
+# From: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/ImageLab/PrintTechnic
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/b/bitmap-b_w.trid.xml
+# Note: called "ImageLab bitmap" by TrID
+# verfied by XnView `nconvert -fullinfo "MAEDCHEN.B&W"`
+0 string B&W256 ImageLab bitmap
+!:mime image/x-ilab
+# https://www.xnview.com/de/image_formats/
+# GRR: add char & inside parse_ext in ../../src/apprentice.c to avoid in file version 5.40 error like:
+# Magdir\images, 1090: Warning: EXTENSION type ` b_w/b&w' has bad char '&'
+!:ext b_w/b&w
+# Width
+>6 ubeshort x \b, %u
+# Height
+>8 ubeshort x x %u
+
+# XXX:
+# This is bad magic 0x5249 == 'RI' conflicts with RIFF and other
+# magic.
+# SGI RICE image file <mpruett@sgi.com>
+#0 ubeshort 0x5249 RICE image
+#>2 ubeshort x v%d
+#>4 ubeshort x (%d x
+#>6 ubeshort x %d)
+#>8 ubeshort 0 8 bit
+#>8 ubeshort 1 10 bit
+#>8 ubeshort 2 12 bit
+#>8 ubeshort 3 13 bit
+#>10 ubeshort 0 4:2:2
+#>10 ubeshort 1 4:2:2:4
+#>10 ubeshort 2 4:4:4
+#>10 ubeshort 3 4:4:4:4
+#>12 ubeshort 1 RGB
+#>12 ubeshort 2 CCIR601
+#>12 ubeshort 3 RP175
+#>12 ubeshort 4 YUV
+
+# PCX image files
+# From: Dan Fandrich <dan@coneharvesters.com>
+# updated by Joerg Jenderek at Feb 2013 by https://de.wikipedia.org/wiki/PCX
+# https://web.archive.org/web/20100206055706/http://www.qzx.com/pc-gpe/pcx.txt
+# GRR: original test was still too general as it catches xbase examples T5.DBT,T6.DBT with 0xa000000
+# test for bytes 0x0a,version byte (0,2,3,4,5),compression byte flag(0,1), bit depth (>0) of PCX or T5.DBT,T6.DBT
+0 ubelong&0xffF8fe00 0x0a000000
+# for PCX bit depth > 0
+>3 ubyte >0
+# test for valid versions
+>>1 ubyte <6
+>>>1 ubyte !1 PCX
+!:mime image/x-pcx
+#!:mime image/pcx
+>>>>1 ubyte 0 ver. 2.5 image data
+>>>>1 ubyte 2 ver. 2.8 image data, with palette
+>>>>1 ubyte 3 ver. 2.8 image data, without palette
+>>>>1 ubyte 4 for Windows image data
+>>>>1 ubyte 5 ver. 3.0 image data
+>>>>4 uleshort x bounding box [%d,
+>>>>6 uleshort x %d] -
+>>>>8 uleshort x [%d,
+>>>>10 uleshort x %d],
+>>>>65 ubyte >1 %d planes each of
+>>>>3 ubyte x %d-bit
+>>>>68 ubyte 1 colour,
+>>>>68 ubyte 2 grayscale,
+# this should not happen
+>>>>68 default x image,
+>>>>12 uleshort >0 %d x
+>>>>>14 uleshort x %d dpi,
+>>>>2 ubyte 0 uncompressed
+>>>>2 ubyte 1 RLE compressed
+
+# Adobe Photoshop
+# From: Asbjoern Sloth Toennesen <asbjorn@lila.io>
+# URL: http://fileformats.archiveteam.org/wiki/PSD
+# Reference: https://www.adobe.com/devnet-apps/photoshop/fileformatashtml/
+# Note: verfied by XnView `nconvert -fullinfo *.psd *.psb *.pdd`
+# and ImageMagick `identify -verbose *.pdd`
+0 string 8BPS
+# skip DROID x-fmt-92-signature-id-277.psd by checking valid width
+>18 ubelong >0 Adobe Photoshop
+!:mime image/vnd.adobe.photoshop
+!:apple ????8BPS
+# version: always equal to 1, but 2 for PSB
+>>4 beshort 1
+# URL: http://fileformats.archiveteam.org/wiki/PhotoDeluxe
+# EXTRAS/PHOTOS/DEMOPIX/ORIGINAL.PDD
+>>>34 search/0xC0d7 PHUT Image (PhotoDeluxe)
+!:ext pdd
+>>>34 default x Image
+!:ext psd
+# URL: http://fileformats.archiveteam.org/wiki/PSB
+>>4 beshort 2 Image (PSB)
+!:ext psb
+# width in pixels: 1-30000 1-300000 for PSB
+>>18 belong x \b, %d x
+>>14 belong x %d,
+# The color mode; 0~Bitmap 1~Grayscale 2~Indexed 3~RGB 4~CMYK 7~Multichannel 9~Duotone 9~Lab
+>>24 beshort 0 bitmap
+>>24 beshort 1 grayscale
+# the number of channels; range is 1 to 56
+>>>12 beshort 2 with alpha
+>>24 beshort 2 indexed
+>>24 beshort 3 RGB
+>>>12 beshort 4 \bA
+>>24 beshort 4 CMYK
+>>>12 beshort 5 \bA
+>>24 beshort 7 multichannel
+>>24 beshort 8 duotone
+>>24 beshort 9 lab
+>>12 beshort > 1
+>>>12 beshort x \b, %dx
+>>12 beshort 1 \b,
+>>22 beshort x %d-bit channel
+>>12 beshort > 1 \bs
+# 6 reserved bytes; must be zero, but spaces inside ImageMagick input.psd
+# https://download.imagemagick.org/ImageMagick/download/ImageMagick-7.0.11-11.zip
+# ImageMagick-7.0.11-11\PerlMagick\t\input.psd
+>>6 bequad&0xFFffFFffFFff0000 !0 \b, at offset 6
+>>>6 belong x 0x%8.8x
+>>>6 beshort x \b%4.4x
+
+# From: Joerg Jenderek
+# URL: https://www.adobe.com/devnet-apps/photoshop/fileformatashtml/
+# http://fileformats.archiveteam.org/wiki/Photoshop
+# Reference: http://www.nomodes.com/aco.html
+# Note: registers as Photoshop.SwatchesFile for Photoshop.exe on Windows
+# check for valid versions like: 2 (newest) 1 (old) 0 (oldest no examples)
+0 ubeshort <3
+# skip few Atari DEGAS med-res bitmap (DIAGRAM1.PI2) and many ISO 9660 CD-ROM by check for invalid low color numbers (0)
+>2 ubeshort >0
+# skip few Targa (bmpsuite-15col.tga rgb24_top_left_colormap.tga) by check for invalid high color space ID (F0 1D)
+>>4 ubeshort <16
+# skip many (69/327) Targa image *.TGA by check of accessing near the ending of first color space section (size=nc*5*2)
+>>>(2.S*10) ubelong x
+# RGB branch for Adobe Photoshop Color swatch
+>>>>4 ubeshort =0
+# skip many (220/327) Targa by check of for invalid high RGB color z value (hexadecimal 2 3 2e03 4600 5e04 7502 8002 8b05 c700)
+>>>>>12 ubeshort =0
+# RGB branch for Adobe Photoshop Color swatch for older versions
+>>>>>>0 ubeshort <2
+>>>>>>>0 use adobe-aco
+# RGB branch for Adobe Photoshop Color swatch for newer version 2
+>>>>>>0 ubeshort =2
+# skip many (74/176) Atari DEGAS hi-res bitmap (*.PI3) by check for invalid low color name length (0)
+>>>>>>>16 ubeshort >0
+>>>>>>>>0 use adobe-aco
+# non RGB branch for Adobe Photoshop Color swatch
+>>>>4 ubeshort !0
+# non RGB branch for Adobe Photoshop Color swatch for older versions
+>>>>>0 ubeshort <2
+# skip many GEM Image (CHURCH.IMG TIGER.IMG) by check for invalid second high color space ID (55 114 143 157 256 288 450)
+>>>>>>14 ubeshort <16
+>>>>>>>0 use adobe-aco
+# non RGB branch for Adobe Photoshop Color swatch for newer version 2
+>>>>>0 ubeshort =2
+# skip few Atari DEGAS hi-res bitmap (pal1wb-blue.pi3) and few ABR by check for invalid "high" nil bytes (7) before color name length
+>>>>>>14 ubeshort =0
+>>>>>>>0 use adobe-aco
+# display Adobe Photoshop Color swatch file information (version, number of colors, color spaces, coordinates, names)
+0 name adobe-aco
+>0 ubeshort x Adobe Photoshop Color swatch, version %u
+#!:mime application/octet-stream
+!:mime application/x-adobe-aco
+!:apple ????8BCO
+!:ext aco
+>0 ubeshort <2
+>>(2.S*10) ubelong x
+# version 2 section after version 1 section
+>>>&0 ubeshort 2 and 2
+# nc; number of colors like: 20 50 86 88 126 204 300 1050 1137 1280 2092 3010 4096
+>2 ubeshort x \b, %u colors
+# maybe last 4 bytes of first section (probably y z color value) like: 0 0x66660000 0xfe700000 0xffff0000
+#>(2.S*10) ubelong x 1ST_SECTION_END=%#8.8x
+>0 ubeshort <2 \b; 1st
+# first older Adobe Photoshop Color entry
+>>4 use aco-color
+>>>2 ubeshort >1 \b; 2nd
+# second older Adobe Photoshop Color entry
+>>>>14 use aco-color
+>0 ubeshort =2 \b; 1st
+# first new Adobe Photoshop Color entry
+>>4 use aco-color-v2
+>>>2 ubeshort >1 \b; 2nd
+# jump first color name length words
+>>>>(16.S*2) ubequad x
+# second new Adobe Photoshop Color entry
+>>>>>&10 use aco-color-v2
+# display Adobe Photoshop Color entry (color space, color coordinates)
+0 name aco-color
+# each color spec entry occupies five words
+# color space: 0~RGB 1~HSB 2~CMYK 3~Pantone 4~Focoltone 5~Trumatch 6~Toyo 7~Lab 8~Grayscale 9?~wideCMYK 10~HKS ...
+#>0 ubeshort x COLOR_ENTRY
+>0 ubeshort 0 RGB
+>0 ubeshort 1 HSB
+>0 ubeshort 2 CMYK
+>0 ubeshort 3 Pantone
+>0 ubeshort 4 Focoltone
+>0 ubeshort 5 Trumatch
+>0 ubeshort 6 Toyo
+>0 ubeshort 7 Lab
+>0 ubeshort 8 Grayscale
+>0 ubeshort 9 wide CMYK
+>0 ubeshort 10 HKS
+# unofficial
+# >0 ubeshort 12 foo
+# >0 ubeshort 13 bar
+# >0 ubeshort 14 FOO
+# >0 ubeshort 15 BAR
+>0 ubeshort x space (%u)
+# color coordinate w
+>2 ubeshort x \b, w %#x
+# color coordinate x
+>4 ubeshort x \b, x %#x
+# color coordinate y
+>6 ubeshort x \b, y %#x
+# color coordinate z; zero for RGB space
+>8 ubeshort x \b, z %#x
+# display Adobe Photoshop Color entry version 2 (color space, color coordinates names)
+0 name aco-color-v2
+>0 use aco-color
+#>10 ubeshort x \b, NUL_BYTES %#x
+# color name length plus one (len+1) like: 7 8 9 13 14 15 16 17 22 26
+#>>12 ubeshort x \b, LENGTH %u
+>>12 ubeshort-1 x \b, %u chars
+# len words; UTF-16 representation of the color name like: "DIC 1s" "PANTONE Process Yellow PC"
+>>14 bestring16 x "%s"
+# followed by nil word
+
+# XV thumbnail indicator (ThMO)
+# URL: https://en.wikipedia.org/wiki/Xv_(software)
+# Reference: http://fileformats.archiveteam.org/wiki/XV_thumbnail
+# Update: Joerg Jenderek
+0 string P7\ 332 XV thumbnail image data
+#0 string P7\ 332 XV "thumbnail file" (icon) data
+!:mime image/x-xv-thumbnail
+# thumbnail .xvpic/foo.bar for graphic foo.bar
+!:ext p7/gif/tif/xpm/jpg
+
+# NITF is defined by United States MIL-STD-2500A
+0 string NITF National Imagery Transmission Format
+>25 string >\0 dated %.14s
+
+# GEM Image: Version 1, Headerlen 8 (Wolfram Kleff)
+# Format variations from: Bernd Nuernberger <bernd.nuernberger@web.de>
+# Update: Joerg Jenderek
+# See http://fileformats.archiveteam.org/wiki/GEM_Raster
+# For variations, also see:
+# https://www.seasip.info/Gem/ff_img.html (Ventura)
+# http://www.atari-wiki.com/?title=IMG_file (XIMG, STTT)
+# http://www.fileformat.info/format/gemraster/spec/index.htm (XIMG, STTT)
+# http://sylvana.net/1stguide/1STGUIDE.ENG (TIMG)
+0 beshort 0x0001
+# header_size
+>2 beshort 0x0008
+>>0 use gem_info
+>2 beshort 0x0009
+>>0 use gem_info
+# no example for NOSIG
+>2 beshort 24
+>>0 use gem_info
+# no example for HYPERPAINT
+>2 beshort 25
+>>0 use gem_info
+16 string XIMG\0
+>0 use gem_info
+# no example
+16 string STTT\0\x10
+>0 use gem_info
+# no example or description
+16 string TIMG\0
+>0 use gem_info
+
+0 name gem_info
+# version is 2 for some XIMG and 1 for all others
+>0 ubeshort <0x0003 GEM
+# https://www.snowstone.org.uk/riscos/mimeman/mimemap.txt
+!:mime image/x-gem
+# header_size 24 25 27 59 779 words for colored bitmaps
+>>2 ubeshort >9
+>>>16 string STTT\0\x10 STTT
+>>>16 string TIMG\0 TIMG
+# HYPERPAINT or NOSIG variant
+>>>16 string \0\x80
+>>>>2 ubeshort =24 NOSIG
+>>>>2 ubeshort !24 HYPERPAINT
+# NOSIG or XIMG variant
+>>>16 default x
+>>>>16 string !XIMG\0 NOSIG
+>>16 string =XIMG\0 XIMG Image data
+!:ext img/ximg
+# to avoid Warning: Current entry does not yet have a description for adding a EXTENSION type
+>>16 string !XIMG\0 Image data
+!:ext img
+# header_size is 9 for Ventura files and 8 for other GEM Paint files
+>>2 ubeshort 9 (Ventura)
+#>>2 ubeshort 8 (Paint)
+>>12 ubeshort x %d x
+>>14 ubeshort x %d,
+# 1 4 8
+>>4 ubeshort x %d planes,
+# in tenths of a millimetre
+>>8 ubeshort x %d x
+>>10 ubeshort x %d pixelsize
+# pattern_size 1-8. 2 for GEM Paint
+>>6 ubeshort !2 \b, pattern size %d
+
+# GEM Metafile (Wolfram Kleff)
+0 ulelong 0x0018FFFF GEM Metafile data
+>4 uleshort x version %d
+
+#
+# SMJPEG. A custom Motion JPEG format used by Loki Entertainment
+# Software Torbjorn Andersson <d91tan@Update.UU.SE>.
+#
+0 string \0\nSMJPEG SMJPEG
+>8 ubelong x %d.x data
+# According to the specification you could find any number of _TXT
+# headers here, but I can't think of any way of handling that. None of
+# the SMJPEG files I tried it on used this feature. Even if such a
+# file is encountered the output should still be reasonable.
+>16 string _SND \b,
+>>24 ubeshort >0 %d Hz
+>>26 ubyte 8 8-bit
+>>26 ubyte 16 16-bit
+>>28 string NONE uncompressed
+# >>28 string APCM ADPCM compressed
+>>27 ubyte 1 mono
+>>28 ubyte 2 stereo
+# Help! Isn't there any way to avoid writing this part twice?
+# Yes, use a name/use
+>>32 string _VID \b,
+# >>>48 string JFIF JPEG
+>>>40 ubelong >0 %d frames
+>>>44 ubeshort >0 (%d x
+>>>46 ubeshort >0 %d)
+>16 string _VID \b,
+# >>32 string JFIF JPEG
+>>24 ubelong >0 %d frames
+>>28 ubeshort >0 (%d x
+>>30 ubeshort >0 %d)
+
+0 string Paint\ Shop\ Pro\ Image\ File Paint Shop Pro Image File
+
+# taken from fkiss: (<yav@mte.biglobe.ne.jp> ?)
+0 string KiSS KISS/GS
+>4 ubyte 16 color
+>>5 ubyte x %d bit
+>>8 uleshort x %d colors
+>>10 uleshort x %d groups
+>4 ubyte 32 cell
+>>5 ubyte x %d bit
+>>8 uleshort x %d x
+>>10 uleshort x %d
+>>12 uleshort x +%d
+>>14 uleshort x +%d
+
+# Webshots (www.webshots.com), by John Harrison
+0 string C\253\221g\230\0\0\0 Webshots Desktop .wbz file
+
+# Hercules DASD image files
+# From Jan Jaeger <jj@septa.nl> and Jay Maynard <jaymaynard@gmail.com>
+0 string CKD_P370 Hercules CKD DASD image file
+>8 lelong x \b, %d heads per cylinder
+>12 lelong x \b, track size %d bytes
+>16 byte x \b, device type 33%2.2X
+
+0 string CKD_C370 Hercules compressed CKD DASD image file
+>8 lelong x \b, %d heads per cylinder
+>12 lelong x \b, track size %d bytes
+>16 byte x \b, device type 33%2.2X
+>552 lelong x \b, %d total cylinders
+>>557 byte 0 \b, no compression
+>>557 byte 1 \b, ZLIB compression
+>>557 byte 2 \b, BZ2 compression
+
+0 string CKD_S370 Hercules CKD DASD shadow file
+>8 lelong x \b, %d heads per cylinder
+>12 lelong x \b, track size %d bytes
+>16 byte x \b, device type 33%2.2X
+
+0 string CKD_P064 Hercules CKD64 DASD image file
+>8 lelong x \b, %d heads per cylinder
+>12 lelong x \b, track size %d bytes
+>16 byte x \b, device type 33%2.2X
+
+0 string CKD_C064 Hercules compressed CKD64 DASD image file
+>8 lelong x \b, %d heads per cylinder
+>12 lelong x \b, track size %d bytes
+>16 byte x \b, device type 33%2.2X
+>524 lelong x \b, %d total cylinders
+>>585 byte 0 \b, no compression
+>>585 byte 1 \b, ZLIB compression
+>>585 byte 2 \b, BZ2 compression
+
+0 string CKD_S064 Hercules CKD64 DASD shadow file
+>8 lelong x \b, %d heads per cylinder
+>12 lelong x \b, track size %d bytes
+>16 byte x \b, device type 33%2.2X
+
+# Squeak images and programs - etoffi@softhome.net
+0 string \146\031\0\0 Squeak image data
+0 search/1 'From\040Squeak Squeak program text
+
+# partimage: file(1) magic for PartImage files (experimental, incomplete)
+# Author: Hans-Joachim Baader <hjb@pro-linux.de>
+0 string PaRtImAgE-VoLuMe PartImage
+>0x0020 string 0.6.1 file version %s
+>>0x0060 ulelong >-1 volume %d
+#>>0x0064 8 byte identifier
+#>>0x007c reserved
+>>0x0200 string >\0 type %s
+>>0x1400 string >\0 device %s,
+>>0x1600 string >\0 original filename %s,
+# Some fields omitted
+>>0x2744 ulelong 0 not compressed
+>>0x2744 ulelong 1 gzip compressed
+>>0x2744 ulelong 2 bzip2 compressed
+>>0x2744 ulelong >2 compressed with unknown algorithm
+>0x0020 string >0.6.1 file version %s
+>0x0020 string <0.6.1 file version %s
+
+# DCX is multi-page PCX, using a simple header of up to 1024
+# offsets for the respective PCX components.
+# From: Joerg Wunsch <joerg_wunsch@uriah.heep.sax.de>
+# Update: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/DCX
+0 ulelong 987654321 DCX multi-page
+# http://www.nationalarchives.gov.uk/pronom/x-fmt/348
+!:mime image/x-dcx
+!:ext dcx
+# The first file offset usually starts at file offset 0x1004
+# print 1 space after 0x100? offset and then handles PCX images by ./images
+>4 ulelong x \b, at %#x
+>(4.l) indirect x
+# possible 2nd PCX image
+#>8 ulelong !0 \b, at %#x
+#>>(8.l) indirect x
+# possible 3rd PCX image
+#>12 ulelong !0 \b, at %#x
+#>>(12.l) indirect x
+
+# Simon Walton <simonw@matteworld.com>
+# Kodak Cineon format for scanned negatives
+# http://www.kodak.com/US/en/motion/support/dlad/
+0 ulelong 0xd75f2a80 Cineon image data
+>200 ubelong >0 \b, %d x
+>204 ubelong >0 %d
+
+
+# Bio-Rad .PIC is an image format used by microscope control systems
+# and related image processing software used by biologists.
+# From: Vebjorn Ljosa <vebjorn@ljosa.com>
+# BOOL values are two-byte integers; use them to rule out false positives.
+# https://web.archive.org/web/20050317223257/www.cs.ubc.ca/spider/ladic/text/biorad.txt
+# Samples: https://www.loci.wisc.edu/software/sample-data
+14 uleshort <2
+>62 uleshort <2
+>>54 uleshort 12345 Bio-Rad .PIC Image File
+>>>0 uleshort >0 %d x
+>>>2 uleshort >0 %d,
+>>>4 uleshort =1 1 image in file
+>>>4 uleshort >1 %d images in file
+
+# From Jan "Yenya" Kasprzak <kas@fi.muni.cz>
+# The description of *.mrw format can be found at
+# http://www.dalibor.cz/minolta/raw_file_format.htm
+0 string \000MRM Minolta Dimage camera raw image data
+
+# Summary: DjVu image / document
+# Extension: .djvu
+# Reference: http://djvu.org/docs/DjVu3Spec.djvu
+# Submitted by: Stephane Loeuillet <stephane.loeuillet@tiscali.fr>
+# Modified by (1): Abel Cheung <abelcheung@gmail.com>
+0 string AT&TFORM
+>12 string DJVM DjVu multiple page document
+!:mime image/vnd.djvu
+>12 string DJVU DjVu image or single page document
+!:mime image/vnd.djvu
+>12 string DJVI DjVu shared document
+!:mime image/vnd.djvu
+>12 string THUM DjVu page thumbnails
+!:mime image/vnd.djvu
+
+# Originally by Marc Espie
+# Modified by Robert Minsk <robertminsk at yahoo.com>
+# https://www.openexr.com/openexrfilelayout.pdf
+0 ulelong 20000630 OpenEXR image data,
+!:mime image/x-exr
+>4 ulelong&0x000000ff x version %d,
+>4 ulelong ^0x00000200 storage: scanline
+>4 ulelong &0x00000200 storage: tiled
+>8 search/0x1000 compression\0 \b, compression:
+>>&16 ubyte 0 none
+>>&16 ubyte 1 rle
+>>&16 ubyte 2 zips
+>>&16 ubyte 3 zip
+>>&16 ubyte 4 piz
+>>&16 ubyte 5 pxr24
+>>&16 ubyte 6 b44
+>>&16 ubyte 7 b44a
+>>&16 ubyte 8 dwaa
+>>&16 ubyte 9 dwab
+>>&16 ubyte >9 unknown
+>8 search/0x1000 dataWindow\0 \b, dataWindow:
+>>&10 ulelong x (%d
+>>&14 ulelong x %d)-
+>>&18 ulelong x \b(%d
+>>&22 ulelong x %d)
+>8 search/0x1000 displayWindow\0 \b, displayWindow:
+>>&10 ulelong x (%d
+>>&14 ulelong x %d)-
+>>&18 ulelong x \b(%d
+>>&22 ulelong x %d)
+>8 search/0x1000 lineOrder\0 \b, lineOrder:
+>>&14 ubyte 0 increasing y
+>>&14 ubyte 1 decreasing y
+>>&14 ubyte 2 random y
+>>&14 ubyte >2 unknown
+
+# SMPTE Digital Picture Exchange Format, SMPTE DPX
+#
+# ANSI/SMPTE 268M-1994, SMPTE Standard for File Format for Digital
+# Moving-Picture Exchange (DPX), v1.0, 18 February 1994
+# Robert Minsk <robertminsk at yahoo.com>
+# Modified by Harry Mallon <hjmallon at gmail.com>
+0 string SDPX DPX image data, big-endian,
+!:mime image/x-dpx
+>0 use dpx_info
+0 string XPDS DPX image data, little-endian,
+!:mime image/x-dpx
+>0 use \^dpx_info
+
+0 name dpx_info
+>768 ubeshort <4
+>>772 ubelong x %dx
+>>776 ubelong x \b%d,
+>768 ubeshort >3
+>>776 ubelong x %dx
+>>772 ubelong x \b%d,
+>768 ubeshort 0 left to right/top to bottom
+>768 ubeshort 1 right to left/top to bottom
+>768 ubeshort 2 left to right/bottom to top
+>768 ubeshort 3 right to left/bottom to top
+>768 ubeshort 4 top to bottom/left to right
+>768 ubeshort 5 top to bottom/right to left
+>768 ubeshort 6 bottom to top/left to right
+>768 ubeshort 7 bottom to top/right to left
+
+# From: Tom Hilinski <tom.hilinski@comcast.net>
+# Update: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/NetCDF
+# http://fileformats.archiveteam.org/wiki/NetCDF
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/n/netcdf.trid.xml
+# https://www.loc.gov/preservation/digital/formats/fdd/fdd000330.shtml
+# Note: called "NetCDF Network Common Data Form" by TrID and
+# "netCDF-3 Classic" by DROID via PUID fmt/282
+# https://www.unidata.ucar.edu/packages/netcdf/
+0 string CDF\001
+# skip DROID fmt-282-signature-id-298.nc by test for more content bytes
+>3 uleshort >0 NetCDF Data Format data
+#!:mime application/netcdf
+# https://reposcope.com/mimetype/application/x-netcdf
+!:mime application/x-netcdf
+!:ext nc
+# https://fileinfo.com/extension/cdf
+# https://www.file-extensions.org/cdf-file-extension-unidata-network-common-data-form
+# in 1994 changed from CDF to NC file extension avoid a clash with other file formats
+#!:ext nc/cdf
+# 64-bit offset netcdf Classic https://www.unidata.ucar.edu/software/netcdf/docs/file_format_specifications
+# Note: called "netCDF-3 64-bit" by DROID via PUID fmt/283
+0 string CDF\002
+# skip DROID fmt-283-signature-id-299.nc by test for more content bytes
+>3 uleshort >0 NetCDF Data Format data (64-bit offset)
+#!:mime application/netcdf
+!:mime application/x-netcdf
+!:ext nc
+
+# From: Michael Liu
+# https://en.wikipedia.org/wiki/Common_Data_Format
+0 ubelong 0xCDF30001 Common Data Format (Version 3 or later) data
+!:mime application/x-cdf
+
+0 ubelong 0xCDF26002 Common Data Format (Version 2.6 or 2.7) data
+!:mime application/x-cdf
+
+0 ubelong 0x0000FFFF Common Data Format (Version 2.5 or earlier) data
+!:mime application/x-cdf
+
+# Hierarchical Data Format, used to facilitate scientific data exchange
+# specifications at http://hdf.ncsa.uiuc.edu/
+# URL: http://fileformats.archiveteam.org/wiki/HDF
+# https://en.wikipedia.org/wiki/Hierarchical_Data_Format
+# Reference: https://portal.hdfgroup.org/download/attachments/52627880/HDF5_File_Format_Specification_Version-3.0.pdf
+0 ubelong 0x0e031301 Hierarchical Data Format (version 4) data
+!:mime application/x-hdf
+!:ext hdf/hdf4/h4
+0 string \211HDF\r\n\032\n Hierarchical Data Format (version 5) data
+#!:mime application/x-hdf
+!:mime application/x-hdf5
+!:ext h5/hdf5/hdf/he5
+512 string \211HDF\r\n\032\n
+# skip Matlab v5 mat-file testhdf5_7.4_GLNX86.mat handled by ./mathematica
+>0 string !MATLAB Hierarchical Data Format (version 5) with 512 bytes user block
+#!:mime application/x-hdf
+!:mime application/x-hdf5
+!:ext h5/hdf5/hdf/he5
+1024 string \211HDF\r\n\032\n Hierarchical Data Format (version 5) with 1k user block
+#!:mime application/x-hdf
+!:mime application/x-hdf5
+!:ext h5/hdf5/hdf/he5
+2048 string \211HDF\r\n\032\n Hierarchical Data Format (version 5) with 2k user block
+#!:mime application/x-hdf
+!:mime application/x-hdf5
+!:ext h5/hdf5/hdf/he5
+4096 string \211HDF\r\n\032\n Hierarchical Data Format (version 5) with 4k user block
+#!:mime application/x-hdf
+!:mime application/x-hdf5
+!:ext h5/hdf5/hdf/he5
+
+# From: Tobias Burnus <burnus@net-b.de>
+# Xara (for a while: Corel Xara) is a graphic package, see
+# http://www.xara.com/ for Windows and as GPL application for Linux
+0 string XARA\243\243 Xara graphics file
+
+# From: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/Corel_Gallery
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/b/bmf-corel.trid.xml
+# Note: called "Corel Binary Material Format" by TrID and
+# "Corel Flow" by XnView
+0 string @CorelBMF\n\rCorel\040Corporation Corel GALLERY Clipart
+!:mime image/x-corel-bmf
+!:ext bmf
+
+# https://www.cartesianinc.com/Tech/
+# Reference: http://fileformats.archiveteam.org/wiki/Cartesian_Perceptual_Compression
+0 string CPC\262 Cartesian Perceptual Compression image
+!:mime image/x-cpi
+!:ext cpi/cpc
+
+# From Albert Cahalan <acahalan@gmail.com>
+# puredigital used it for the CVS disposable camcorder
+#8 lelong 4 ZBM bitmap image data
+#>4 uleshort x %u x
+#>6 uleshort x %u
+
+# From Albert Cahalan <acahalan@gmail.com>
+# uncompressed 5:6:5 HighColor image for OLPC XO firmware icons
+0 string C565 OLPC firmware icon image data
+>4 uleshort x %u x
+>6 uleshort x %u
+
+# Applied Images - Image files from Cytovision
+# Gustavo Junior Alves <gjalves@gjalves.com.br>
+0 string \xce\xda\xde\xfa Cytovision Metaphases file
+0 string \xed\xad\xef\xac Cytovision Karyotype file
+0 string \x0b\x00\x03\x00 Cytovision FISH Probe file
+0 string \xed\xfe\xda\xbe Cytovision FLEX file
+0 string \xed\xab\xed\xfe Cytovision FLEX file
+0 string \xad\xfd\xea\xad Cytovision RATS file
+
+# Wavelet Scalar Quantization format used in gray-scale fingerprint images
+# From Tano M Fotang <mfotang@quanteq.com>
+0 string \xff\xa0\xff\xa8\x00 Wavelet Scalar Quantization image data
+
+# Type: PCO B16 image files
+# URL: http://www.pco.de/fileadmin/user_upload/db/download/MA_CWDCOPIE_0412b.pdf
+# From: Florian Philipp <florian.philipp@binarywings.net>
+# Extension: .b16
+# Description: Pixel image format produced by PCO Camware, typically used
+# together with PCO cameras.
+# Note: Different versions exist for e.g. 8 bit and 16 bit images.
+# Documentation is incomplete.
+0 string/b PCO- PCO B16 image data
+>12 ulelong x \b, %dx
+>16 ulelong x \b%d
+>20 ulelong 0 \b, short header
+>20 ulelong -1 \b, extended header
+>>24 ulelong 0 \b, grayscale
+>>>36 ulelong 0 linear LUT
+>>>36 ulelong 1 logarithmic LUT
+>>>28 ulelong x [%d
+>>>32 ulelong x \b,%d]
+>>24 ulelong 1 \b, color
+>>>64 ulelong 0 linear LUT
+>>>64 ulelong 1 logarithmic LUT
+>>>40 ulelong x r[%d
+>>>44 ulelong x \b,%d]
+>>>48 ulelong x g[%d
+>>>52 ulelong x \b,%d]
+>>>56 ulelong x b[%d
+>>>60 ulelong x \b,%d]
+
+# Polar Monitor Bitmap (.pmb) used as logo for Polar Electro watches
+# From: Markus Heidelberg <markus.heidelberg at web.de>
+0 string/t [BitmapInfo2] Polar Monitor Bitmap text
+!:mime image/x-polar-monitor-bitmap
+
+# From: Rick Richardson <rickrich@gmail.com>
+# updated by: Joerg Jenderek
+# URL: http://techmods.net/nuvi/
+0 string GARMIN\ BITMAP\ 01 Garmin Bitmap file
+# extension is also used for
+# Sony SRF raw image (image/x-sony-srf)
+# SRF map
+# Terragen Surface Map (https://www.planetside.co.uk/terragen)
+# FileLocator Pro search criteria file (https://www.mythicsoft.com/filelocatorpro)
+!:ext srf
+#!:mime image/x-garmin-srf
+# version 1.00,2.00,2.10,2.40,2.50
+>0x2f string >0 \b, version %4.4s
+# width (2880,2881,3240)
+>0x55 uleshort >0 \b, %dx
+# height (80,90)
+>>0x53 uleshort x \b%d
+
+# From: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/Imageiio/imaginfo_(Ulead)
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/p/pe3.trid.xml
+# Note: called "Ulead Imageiio/Imaginfo thumbnail" by TrID
+0 string IIO1$ Ulead Photo Explorer 3
+#!:mime application/octet-stream
+!:mime image/x-ulead-pe3
+# IMAGEIIO.PE3
+!:ext pe3
+# look for DOS/Windows drive letter
+>5 search/192/s :\\
+# directory or full name of corresponding imaginfo.pe3 like: "T:\SAMPLES\TEXTURES\SKY_SNOW\IIOE371.TMP "S:\PI3\PIMPACT3\PROGRAMS\PATTERNS\imaginfo.pe3"
+>>&-1 string x "%s"
+# look for DOS/Windows network path if no drive letter part
+>5 default x
+>>5 search/192/s \x5c\x5c
+# full name of corresponding imaginfo.pe3 like: "\\Lionking\upi\SAMPLES\IMAGES\ANIMALS\imaginfo.pe3"
+>>>&0 string x "%s"
+# Type: Ulead Photo Explorer5 (.pe5)
+# URL: http://fileformats.archiveteam.org/wiki/Imageiio/imaginfo_(Ulead)
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/p/pe4.trid.xml
+# From: Simon Horman <horms@debian.org>
+# Update: Joerg Jenderek
+# Note: some called "Ulead Imageiio/Imaginfo thumbnail" by TrID
+# and used in various Ulead applications
+0 string IIO2H Ulead Photo Explorer 4 or 5
+#!:mime application/octet-stream
+!:mime image/x-ulead-pe4
+# IMAGEIIO.PE4
+!:ext pe4/pe5
+# look in most samples for JPEG signature like: SAMPLES/IMAGES/SCENES/IMAGINFO.PE4
+>0x4c2 search/0xE02/s JFIF with JPEG image data
+>>&-6 use jpeg
+# near the end list of image names like: Img0001.pcd 1116012L.JPG NCARD4.TPL
+#
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/p/pe3-imaginfo.trid.xml
+11 string \001\0\0\0\0
+# check for version 3 part
+>19 string \0\001\0\003\0
+>>0 use ulead-imaginfo
+# From: Joerg Jenderek
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/p/pe4-imaginfo.trid.xml
+11 string \001\0\0\0\0
+# check for version 4 part
+>19 string \0\0\0\004\0
+>>0 use ulead-imaginfo
+# display information about Ulead Imaginfo thumbnail (version, directory, image extension)
+0 name ulead-imaginfo
+>22 ubyte x Ulead Imaginfo thumbnail
+#!:mime application/octet-stream
+!:mime image/x-ulead-imaginfo
+>22 ubyte =3 \b, version 3
+# IMAGINFO.PE3
+!:ext pe3
+>22 ubyte =4 \b, version 4
+# IMAGINFO.PE4
+!:ext pe4
+# MAYBE ALSO VERSION 5 ?
+#>22 ubyte =5 \b, version 5
+#!:ext pe5
+>22 ubyte x
+# look for DOS/Windows driver letter
+>>4 search/192/s :\x5c
+# skip f:\Programme\iPhoto Plus 4\Template\Business Cards\IMAGINFO.PE4
+# by looking for driver letter in range A-Z
+>>>&-1 ubyte >0x40
+# directory path like: "E:\iPE\CDSample\Images\Scenes" "D:\XmasCard\Samples" "C:\TEMP\PLANTS"
+>>>>&-5 pstring/l >0 \b, "%s"
+# look for DOS/Windows network path if no valid drive letter part
+>>>&-1 default x
+>>>>4 search/192/s \x5c\x5c
+# directory path like: "\\FSX\SYS\OPPS\IPE.ENG\TEMPLATE\BUSINESS" "\\Lionking\upi\SAMPLES\IMAGES\ANIMALS"
+>>>>>&-4 pstring/l >0 \b, "%s"
+# look for DOS/Windows network path if no drive letter part
+>>4 default x
+>>>4 search/192/s \x5c\x5c
+# directory path like: "\\FSX\SYS\opps\ipe.eng\samples" "\\DANIEL\IPE_CD\IPE.ITA"
+>>>>&-4 pstring/l >0 \b, "%s"
+# look for point character inside image names
+>56 search/38/s .
+# image name extension like: bmp jpg pcd tpl
+>>&1 string x with %-.3s images
+# Summary: Ulead Pattern image (Corel Corporation)
+# URL: https://en.wikipedia.org/wiki/Ulead_Systems
+# https://www.file-extensions.org/pst-file-extension-ulead-pattern-image-format
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/p/pst-ulead.trid.xml
+# From: Joerg Jenderek
+# Note: used also by CorelDraw Essentials 3 version 13.0.0.800
+# there seems to exist other versions
+0 ubelong 0xFFFF0100
+>8 search/21 PresetInfo Ulead pattern image
+#!:mime application/octet-stream
+!:mime image/x-ulead-pst
+!:ext pst
+# string length like: 16 18 19 21 24
+#>>4 uleshort x n=%u
+# like: BlendPresetInfo DropShadowPresetInfo FileNewPresetInfo VectorExtrudePresetInfo EnvelopePresetInfo ContourPresetInfo DistortionPresetInfo
+>>4 pstring/h x "%s"
+
+# Type: X11 cursor
+# URL: http://webcvs.freedesktop.org/mime/shared-mime-info/freedesktop.org.xml.in?view=markup
+# From: Mathias Brodala <info@noctus.net>
+0 string Xcur X11 cursor
+
+# Type: Olympus ORF raw images.
+# URL: https://libopenraw.freedesktop.org/wiki/Olympus_ORF
+# From: Adam Buchbinder <adam.buchbinder@gmail.com>
+0 string MMOR Olympus ORF raw image data, big-endian
+!:mime image/x-olympus-orf
+0 string IIRO Olympus ORF raw image data, little-endian
+!:mime image/x-olympus-orf
+0 string IIRS Olympus ORF raw image data, little-endian
+!:mime image/x-olympus-orf
+
+# Type: files used in modern AVCHD camcoders to store clip information
+# Extension: .cpi
+# From: Alexander Danilov <alexander.a.danilov@gmail.com>
+0 string HDMV0100 AVCHD Clip Information
+
+# From: Adam Buchbinder <adam.buchbinder@gmail.com>
+# URL: http://local.wasp.uwa.edu.au/~pbourke/dataformats/pic/
+# Radiance HDR; usually has .pic or .hdr extension.
+0 string #?RADIANCE\n Radiance HDR image data
+!:mime image/vnd.radiance
+
+# From: Adam Buchbinder <adam.buchbinder@gmail.com>
+# URL: https://www.mpi-inf.mpg.de/resources/pfstools/pfs_format_spec.pdf
+# Used by the pfstools packages. The regex matches for the image size could
+# probably use some work. The MIME type is made up; if there's one in
+# actual common use, it should replace the one below.
+0 string PFS1\x0a PFS HDR image data
+#!mime image/x-pfs
+>1 regex [0-9]*\ \b, %s
+>>1 regex \ [0-9]{4} \bx%s
+
+# Type: Foveon X3F
+# URL: https://www.photofo.com/downloads/x3f-raw-format.pdf
+# From: Adam Buchbinder <adam.buchbinder@gmail.com>
+# Note that the MIME type isn't defined anywhere that I can find; if
+# there's a canonical type for this format, it should replace this one.
+0 string FOVb Foveon X3F raw image data
+!:mime image/x-x3f
+>6 uleshort x \b, version %d.
+>4 uleshort x \b%d
+>28 ulelong x \b, %dx
+>32 ulelong x \b%d
+
+# Paint.NET file
+# From Adam Buchbinder <adam.buchbinder@gmail.com>
+0 string PDN3 Paint.NET image data
+!:mime image/x-paintnet
+
+# Not really an image.
+# From: "Tano M. Fotang" <mfotang@quanteq.com>
+0 string \x46\x4d\x52\x00 ISO/IEC 19794-2 Format Minutiae Record (FMR)
+
+# doc: https://www.shikino.co.jp/eng/products/images/FLOWER.jpg.zip
+# example: https://www.shikino.co.jp/eng/products/images/FLOWER.wdp.zip
+90 ubequad 0x574D50484F544F00 JPEG-XR Image
+>98 ubyte&0x08 =0x08 \b, hard tiling
+>99 ubyte&0x80 =0x80 \b, tiling present
+>99 ubyte&0x40 =0x40 \b, codestream present
+>99 ubyte&0x38 x \b, spatial xform=
+>99 ubyte&0x38 0x00 \bTL
+>99 ubyte&0x38 0x08 \bBL
+>99 ubyte&0x38 0x10 \bTR
+>99 ubyte&0x38 0x18 \bBR
+>99 ubyte&0x38 0x20 \bBT
+>99 ubyte&0x38 0x28 \bRB
+>99 ubyte&0x38 0x30 \bLT
+>99 ubyte&0x38 0x38 \bLB
+>100 ubyte&0x80 =0x80 \b, short header
+>>102 ubeshort+1 x \b, %d
+>>104 ubeshort+1 x \bx%d
+>100 ubyte&0x80 =0x00 \b, long header
+>>102 ubelong+1 x \b, %x
+>>106 ubelong+1 x \bx%x
+>101 ubeshort&0xf x \b, bitdepth=
+>>101 ubeshort&0xf 0x0 \b1-WHITE=1
+>>101 ubeshort&0xf 0x1 \b8
+>>101 ubeshort&0xf 0x2 \b16
+>>101 ubeshort&0xf 0x3 \b16-SIGNED
+>>101 ubeshort&0xf 0x4 \b16-FLOAT
+>>101 ubeshort&0xf 0x5 \b(reserved 5)
+>>101 ubeshort&0xf 0x6 \b32-SIGNED
+>>101 ubeshort&0xf 0x7 \b32-FLOAT
+>>101 ubeshort&0xf 0x8 \b5
+>>101 ubeshort&0xf 0x9 \b10
+>>101 ubeshort&0xf 0xa \b5-6-5
+>>101 ubeshort&0xf 0xb \b(reserved %d)
+>>101 ubeshort&0xf 0xc \b(reserved %d)
+>>101 ubeshort&0xf 0xd \b(reserved %d)
+>>101 ubeshort&0xf 0xe \b(reserved %d)
+>>101 ubeshort&0xf 0xf \b1-BLACK=1
+>101 ubeshort&0xf0 x \b, colorfmt=
+>>101 ubeshort&0xf0 0x00 \bYONLY
+>>101 ubeshort&0xf0 0x10 \bYUV240
+>>101 ubeshort&0xf0 0x20 \bYWV422
+>>101 ubeshort&0xf0 0x30 \bYWV444
+>>101 ubeshort&0xf0 0x40 \bCMYK
+>>101 ubeshort&0xf0 0x50 \bCMYKDIRECT
+>>101 ubeshort&0xf0 0x60 \bNCOMPONENT
+>>101 ubeshort&0xf0 0x70 \bRGB
+>>101 ubeshort&0xf0 0x80 \bRGBE
+>>101 ubeshort&0xf0 >0x80 \b(reserved %#x)
+
+# From: Johan van der Knijff <johan.vanderknijff@kb.nl>
+#
+# BPG (Better Portable Graphics) format
+# https://bellard.org/bpg/
+# http://fileformats.archiveteam.org/wiki/BPG
+#
+0 string \x42\x50\x47\xFB BPG (Better Portable Graphics)
+!:mime image/bpg
+
+# From: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/Apple_Icon_Image_format
+0 string icns Mac OS X icon
+!:mime image/x-icns
+!:apple ????icns
+!:ext icns
+>4 ubelong >0
+# file size
+>>4 ubelong x \b, %d bytes
+# icon type
+>>8 string x \b, "%4.4s" type
+
+# TIM images
+# URL: http://fileformats.archiveteam.org/wiki/TIM_(PlayStation_graphics)
+# Reference: https://mrclick.zophar.net/TilEd/download/timgfx.txt
+# Update: Joerg Jenderek
+# Note: called as "PSX TIM *bpp bitmap" by bitmap-tim-*.trid.xml
+# verified as "TIM PSX" by XnView `nconvert -fullinfo *.tim` and
+# by RECOIL `recoil2png -o TMP.PNG input.tim; file TMP.PNG` and often
+# as "PSX TIM" by ImageMagick version 7.1.0-10 command `identify *.tim`
+# here signed integers are used but according to Kaitai unsigned
+0 ulelong 0x00000010
+# 32 Flag bits *cttt; c~CLUT flag t~type 000~4BPP 001~8BPP 010~16BPP 011~24BPP 100~Mixed
+#>4 ulelong x FLAGS=%#x
+# 12+Size of CLUT (2Ch for 4BPP; 20Ch 40Ch 60Ch 80Ch C0Ch for 8BPP) or
+# +image data size (800Ch 2000Ch 2580C for 16BPP) (02000003h for dBase memo test.dbt)
+#>8 ulelong x \b, 12+CLUT or data size=%#8.8x
+# CLUT or data size remainder is 12 (Ch), but 03 for dBase memo test.dbt
+#>8 ubyte&0x0F =0x0C \b, SIZE REMAINDER IS 12
+# skip dBase III memo test.dbt with invalid flags 22D10189h
+>4 ulelong&0xffFFffF0 =0 Sony PlayStation PSX image,
+# file (version 5.40) labeled the above entry as "TIM image"
+!:mime image/x-sony-tim
+!:ext tim
+#>>4 ulelong&0x00000007 x \b, BPP~%u
+# 4BPP and 8BPP examples exist with CLUT or without CLUT
+>>4 ulelong&0x07 0x0 4-Bit,
+>>4 ulelong&0x07 0x1 8-Bit,
+# 16BPP and 24BPP examples have no CLUT
+>>4 ulelong 0x2 15-Bit,
+>>4 ulelong 0x3 24-Bit,
+# no example
+>>4 ulelong&0x07 0x4 Mixed-Bit,
+# CLUT flag set
+>>4 ulelong &8
+# 12 + size of CLUT like: 1000Ch 800Ch 400Ch 40Ch and 2FEh (KAGE.TIM)
+#>>>(8.l+8) ulelong x \b, 12+CLUT SIZE=%#8.8x
+>>>(8.l+12) uleshort x Pixel at (%d,
+>>>(8.l+14) uleshort x \b%d) Size=
+# image width (to get actual width multiply by 4 for 4BPP and by 2 for 8BPP)
+>>>>4 ulelong 0x8
+>>>>>(8.l+16) uleshort*4 x \b%d
+>>>>4 ulelong 0x9
+>>>>>(8.l+16) uleshort*2 x \b%d
+# image height like: 32 64 128 144 160 208 256
+>>>(8.l+18) uleshort x \bx%d,
+>>>4 ulelong 0x8 16 CLUT Entries at
+>>>4 ulelong 0x9 256 CLUT Entries at
+>>>12 uleshort x (%d,
+>>>14 uleshort x \b%d)
+# no Color LookUp Table (CLUT)
+>>4 ulelong ^8
+# image origin X Y
+>>>12 uleshort x Pixel at (%d,
+>>>14 uleshort x \b%d) Size=
+# real image width = multiply by 4 (4BPP) 2 (8BPP) 1 (16BPP) 2/3 (24BPP)
+>>>>4 ulelong 0x0
+>>>>>16 uleshort*4 x \b%d
+>>>>4 ulelong 0x1
+>>>>>16 uleshort*2 x \b%d
+>>>>4 ulelong 0x2
+>>>>>16 uleshort x \b%d
+>>>>4 ulelong 0x3
+# GRR: NOT working
+#>>>>>16 uleshort*2/3 x \b%d
+>>>>>16 uleshort x \b2/3*%d
+# mixed format width not explained!
+>>>>4 ulelong 0x4
+>>>>>16 uleshort x \b%d
+# image height like: 64 240 256
+>>>18 uleshort x \bx%d
+# TIM image data
+
+# MDEC streams
+0 ulelong 0x80010160 MDEC video stream,
+>16 uleshort x %dx
+>18 uleshort x \b%d
+#>8 ulelong x %d frames
+#>4 uleshort x secCount=%d;
+#>6 uleshort x nSectors=%d;
+#>12 ulelong x frameSize=%d;
+
+# BS encoded bitstreams
+2 uleshort 0x3800 BS image,
+# GRR: the above line is also true for binary Computer Graphics Metafile SAB00012.CGM with long parameter length 56 (=38h)
+>6 uleshort x Version %d,
+>4 uleshort x Quantization %d,
+>0 uleshort x (Decompresses to %d words)
+
+# Type: farbfeld image.
+# Url: http://tools.suckless.org/farbfeld/
+# From: Ian D. Scott <ian@iandouglasscott.com>
+#
+0 string farbfeld farbfeld image data,
+>8 ubelong x %dx
+>12 ubelong x \b%d
+
+# Type: Microsoft DirectDraw Surface (DXGI formats)
+# URL: https://msdn.microsoft.com/library/default.asp?url=/library/en-us/directx9_c/directx/graphics/reference/DDSFileReference/ddsfileformat.asp
+# From: Morten Hustveit <morten@debian.org>
+# Updated by: David Korth <gerbilsoft@gerbilsoft.com>
+0 name ms-directdraw-dx10
+>0 ulelong x \b, DXGI format:
+>0 ulelong 1 R32G32B32A32_TYPELESS
+>0 ulelong 2 R32G32B32A32_FLOAT
+>0 ulelong 3 R32G32B32A32_UINT
+>0 ulelong 4 R32G32B32A32_SINT
+>0 ulelong 5 R32G32B32_TYPELESS
+>0 ulelong 6 R32G32B32_FLOAT
+>0 ulelong 7 R32G32B32_UINT
+>0 ulelong 8 R32G32B32_SINT
+>0 ulelong 9 R16G16B16A16_TYPELESS
+>0 ulelong 10 R16G16B16A16_FLOAT
+>0 ulelong 11 R16G16B16A16_UNORM
+>0 ulelong 12 R16G16B16A16_UINT
+>0 ulelong 13 R16G16B16A16_SNORM
+>0 ulelong 14 R16G16B16A16_SINT
+>0 ulelong 15 R32G32_TYPELESS
+>0 ulelong 16 R32G32_FLOAT
+>0 ulelong 17 R32G32_UINT
+>0 ulelong 18 R32G32_SINT
+>0 ulelong 19 R32G8X24_TYPELESS
+>0 ulelong 20 D32_FLOAT_S8X24_UINT
+>0 ulelong 21 R32_FLOAT_X8X24_TYPELESS
+>0 ulelong 22 X32_TYPELESS_G8X24_UINT
+>0 ulelong 23 R10G10B10A2_TYPELESS
+>0 ulelong 24 R10G10B10A2_UNORM
+>0 ulelong 25 R10G10B10A2_UINT
+>0 ulelong 26 R11G11B10_FLOAT
+>0 ulelong 27 R8G8B8A8_TYPELESS
+>0 ulelong 28 R8G8B8A8_UNORM
+>0 ulelong 29 R8G8B8A8_UNORM_SRGB
+>0 ulelong 30 R8G8B8A8_UINT
+>0 ulelong 31 R8G8B8A8_SNORM
+>0 ulelong 32 R8G8B8A8_SINT
+>0 ulelong 33 R16G16_TYPELESS
+>0 ulelong 34 R16G16_FLOAT
+>0 ulelong 35 R16G16_UNORM
+>0 ulelong 36 R16G16_UINT
+>0 ulelong 37 R16G16_SNORM
+>0 ulelong 38 R16G16_SINT
+>0 ulelong 39 R32_TYPELESS
+>0 ulelong 40 D32_FLOAT
+>0 ulelong 41 R32_FLOAT
+>0 ulelong 42 R32_UINT
+>0 ulelong 43 R32_SINT
+>0 ulelong 44 R24G8_TYPELESS
+>0 ulelong 45 D24_UNORM_S8_UINT
+>0 ulelong 46 R24_UNORM_X8_TYPELESS
+>0 ulelong 47 X24_TYPELESS_G8_UINT
+>0 ulelong 48 R8G8_TYPELESS
+>0 ulelong 49 R8G8_UNORM
+>0 ulelong 50 R8G8_UINT
+>0 ulelong 51 R8G8_SNORM
+>0 ulelong 52 R8G8_SINT
+>0 ulelong 53 R16_TYPELESS
+>0 ulelong 54 R16_FLOAT
+>0 ulelong 55 D16_UNORM
+>0 ulelong 56 R16_UNORM
+>0 ulelong 57 R16_UINT
+>0 ulelong 58 R16_SNORM
+>0 ulelong 59 R16_SINT
+>0 ulelong 60 R8_TYPELESS
+>0 ulelong 61 R8_UNORM
+>0 ulelong 62 R8_UINT
+>0 ulelong 63 R8_SNORM
+>0 ulelong 64 R8_SINT
+>0 ulelong 65 A8_UNORM
+>0 ulelong 66 R1_UNORM
+>0 ulelong 67 R9G9B9E5_SHAREDEXP
+>0 ulelong 68 R8G8_B8G8_UNORM
+>0 ulelong 69 G8R8_G8B8_UNORM
+>0 ulelong 70 BC1_TYPELESS
+>0 ulelong 71 BC1_UNORM
+>0 ulelong 72 BC1_UNORM_SRGB
+>0 ulelong 73 BC2_TYPELESS
+>0 ulelong 74 BC2_UNORM
+>0 ulelong 75 BC2_UNORM_SRGB
+>0 ulelong 76 BC3_TYPELESS
+>0 ulelong 77 BC3_UNORM
+>0 ulelong 78 BC3_UNORM_SRGB
+>0 ulelong 79 BC4_TYPELESS
+>0 ulelong 80 BC4_UNORM
+>0 ulelong 81 BC4_SNORM
+>0 ulelong 82 BC5_TYPELESS
+>0 ulelong 83 BC5_UNORM
+>0 ulelong 84 BC5_SNORM
+>0 ulelong 85 B5G6R5_UNORM
+>0 ulelong 86 B5G5R5A1_UNORM
+>0 ulelong 87 B8G8R8A8_UNORM
+>0 ulelong 88 B8G8R8X8_UNORM
+>0 ulelong 89 R10G10B10_XR_BIAS_A2_UNORM
+>0 ulelong 90 B8G8R8A8_TYPELESS
+>0 ulelong 91 B8G8R8A8_UNORM_SRGB
+>0 ulelong 92 B8G8R8X8_TYPELESS
+>0 ulelong 93 B8G8R8X8_UNORM_SRGB
+>0 ulelong 94 BC6H_TYPELESS
+>0 ulelong 95 BC6H_UF16
+>0 ulelong 96 BC6H_SF16
+>0 ulelong 97 BC7_TYPELESS
+>0 ulelong 98 BC7_UNORM
+>0 ulelong 99 BC7_UNORM_SRGB
+>0 ulelong 100 AYUV
+>0 ulelong 101 Y410
+>0 ulelong 102 Y416
+>0 ulelong 103 NV12
+>0 ulelong 104 P010
+>0 ulelong 105 P016
+>0 ulelong 106 420_OPAQUE
+>0 ulelong 107 YUY2
+>0 ulelong 108 Y210
+>0 ulelong 109 Y216
+>0 ulelong 110 NV11
+>0 ulelong 111 AI44
+>0 ulelong 112 IA44
+>0 ulelong 113 P8
+>0 ulelong 114 A8P8
+>0 ulelong 115 B4G4R4A4_UNORM
+
+>0 ulelong 116 XBOX_R10G10B10_7E3_A2_FLOAT
+>0 ulelong 117 XBOX_R10G10B10_6E4_A2_FLOAT
+>0 ulelong 118 XBOX_D16_UNORM_S8_UINT
+>0 ulelong 119 XBOX_R16_UNORM_X8_TYPELESS
+>0 ulelong 120 XBOX_X16_TYPELESS_G8_UINT
+
+>0 ulelong 130 DXGI_FORMAT_P208
+>0 ulelong 131 DXGI_FORMAT_V208
+>0 ulelong 132 DXGI_FORMAT_V408
+
+>0 ulelong 133 ASTC_4X4_TYPELESS
+>0 ulelong 134 ASTC_4X4_UNORM
+>0 ulelong 135 ASTC_4X4_UNORM_SRGB
+>0 ulelong 137 ASTC_5X4_TYPELESS
+>0 ulelong 138 ASTC_5X4_UNORM
+>0 ulelong 139 ASTC_5X4_UNORM_SRGB
+>0 ulelong 141 ASTC_5X5_TYPELESS
+>0 ulelong 142 ASTC_5X5_UNORM
+>0 ulelong 143 ASTC_5X5_UNORM_SRGB
+>0 ulelong 145 ASTC_6X5_TYPELESS
+>0 ulelong 146 ASTC_6X5_UNORM
+>0 ulelong 147 ASTC_6X5_UNORM_SRGB
+>0 ulelong 149 ASTC_6X6_TYPELESS
+>0 ulelong 150 ASTC_6X6_UNORM
+>0 ulelong 151 ASTC_6X6_UNORM_SRGB
+>0 ulelong 153 ASTC_8X5_TYPELESS
+>0 ulelong 154 ASTC_8X5_UNORM
+>0 ulelong 155 ASTC_8X5_UNORM_SRGB
+>0 ulelong 157 ASTC_8X6_TYPELESS
+>0 ulelong 158 ASTC_8X6_UNORM
+>0 ulelong 159 ASTC_8X6_UNORM_SRGB
+>0 ulelong 161 ASTC_8X8_TYPELESS
+>0 ulelong 162 ASTC_8X8_UNORM
+>0 ulelong 163 ASTC_8X8_UNORM_SRGB
+>0 ulelong 165 ASTC_10X5_TYPELESS
+>0 ulelong 166 ASTC_10X5_UNORM
+>0 ulelong 167 ASTC_10X5_UNORM_SRGB
+>0 ulelong 169 ASTC_10X6_TYPELESS
+>0 ulelong 170 ASTC_10X6_UNORM
+>0 ulelong 171 ASTC_10X6_UNORM_SRGB
+>0 ulelong 173 ASTC_10X8_TYPELESS
+>0 ulelong 174 ASTC_10X8_UNORM
+>0 ulelong 175 ASTC_10X8_UNORM_SRGB
+>0 ulelong 177 ASTC_10X10_TYPELESS
+>0 ulelong 178 ASTC_10X10_UNORM
+>0 ulelong 179 ASTC_10X10_UNORM_SRGB
+>0 ulelong 181 ASTC_12X10_TYPELESS
+>0 ulelong 182 ASTC_12X10_UNORM
+>0 ulelong 183 ASTC_12X10_UNORM_SRGB
+>0 ulelong 185 ASTC_12X12_TYPELESS
+>0 ulelong 186 ASTC_12X12_UNORM
+>0 ulelong 187 ASTC_12X12_UNORM_SRGB
+
+>0 ulelong 190 XBOX_R10G10B10_SNORM_A2_UNORM
+>0 ulelong 189 XBOX_R4G4_UNORM
+>0 ulelong 0xFFFFFFFF DXGI_FORMAT_FORCE_UINT
+
+# Type: Microsoft DirectDraw Surface (common data)
+# URL: https://msdn.microsoft.com/library/default.asp?url=/library/en-us/directx9_c/directx/graphics/reference/DDSFileReference/ddsfileformat.asp
+# From: Morten Hustveit <morten@debian.org>
+# Updated by: David Korth <gerbilsoft@gerbilsoft.com>
+0 name ms-directdraw-surface
+>0x10 ulelong x %u x
+>0x0C ulelong x %u
+# Color depth.
+>0x58 ulelong >0 \b, %u-bit color
+# Determine the pixel format.
+>0x50 ulelong&0x4 4
+# FIXME: Handle DX10 and XBOX formats.
+>>0x54 string DX10
+>>>0x80 use ms-directdraw-dx10
+>>0x54 string !DX10 \b, compressed using %.4s
+>0x50 ulelong&0x2 0x2 \b, alpha only
+>0x50 ulelong&0x200 0x200 \b, YUV
+>0x50 ulelong&0x20000 0x20000 \b, luminance
+# RGB pixel format
+>0x50 ulelong&0x40 0x40
+
+# Determine the RGB format using the color masks.
+# ulequad order: 0xGGGGGGGGRRRRRRRR, 0xAAAAAAAABBBBBBBB
+
+>>0x58 ulelong 16
+
+# NOTE: 15-bit color formats usually have 16-bit listed as the color depth.
+>>>0x5C ulequad 0x000003E000007C00
+>>>>0x64 ulequad 0x000000000000001F \b, RGB555
+>>>0x5C ulequad 0x000003E000001F00
+>>>>0x64 ulequad 0x000000000000007C \b, BGR555
+
+>>>0x5C ulequad 0x000007E00000F800
+>>>>0x64 ulequad 0x000000000000001F \b, RGB565
+>>>0x5C ulequad 0x000007E000001F00
+>>>>0x64 ulequad 0x00000000000000F8 \b, BGR565
+
+>>>0x5C ulequad 0x000000F000000F00
+>>>>0x64 ulequad 0x0000F0000000000F \b, ARGB4444
+>>>0x5C ulequad 0x000000F00000000F
+>>>>0x64 ulequad 0x0000F00000000F00 \b, ABGR4444
+
+>>>0x5C ulequad 0x00000F000000F000
+>>>>0x64 ulequad 0x0000000F000000F0 \b, RGBA4444
+>>>0x5C ulequad 0x00000F00000000F0
+>>>>0x64 ulequad 0x0000000F0000F000 \b, BGRA4444
+
+>>>0x5C ulequad 0x000000F000000F00
+>>>>0x64 ulequad 0x000000000000000F \b, xRGB4444
+>>>0x5C ulequad 0x000000F00000000F
+>>>>0x64 ulequad 0x0000000000000F00 \b, xBGR4444
+
+>>>0x5C ulequad 0x00000F000000F000
+>>>>0x64 ulequad 0x00000000000000F0 \b, RGBx4444
+>>>0x5C ulequad 0x00000F00000000F0
+>>>>0x64 ulequad 0x000000000000F000 \b, BGRx4444
+
+>>>0x5C ulequad 0x000003E000007C00
+>>>>0x64 ulequad 0x000080000000001F \b, ARGB1555
+>>>0x5C ulequad 0x000003E000001F00
+>>>>0x64 ulequad 0x000080000000007C \b, ABGR1555
+>>>0x5C ulequad 0x000007C00000F800
+>>>>0x64 ulequad 0x000000010000003E \b, RGBA5551
+>>>0x5C ulequad 0x000007C00000003E
+>>>>0x64 ulequad 0x000000010000F800 \b, BGRA5551
+
+>>88 ulelong 24
+>>>0x5C ulequad 0x0000FF0000FF0000
+>>>>0x64 ulequad 0x00000000000000FF \b, RGB888
+>>>0x5C ulequad 0x0000FF00000000FF
+>>>>0x64 ulequad 0x0000000000FF0000 \b, BGR888
+
+>>88 ulelong 32
+>>>0x5C ulequad 0x0000FF0000FF0000
+>>>>0x64 ulequad 0xFF000000000000FF \b, ARGB8888
+>>>0x5C ulequad 0x0000FF00000000FF
+>>>>0x64 ulequad 0xFF00000000FF0000 \b, ABGR8888
+
+>>>0x5C ulequad 0x00FF0000FF000000
+>>>>0x64 ulequad 0x000000FF0000FF00 \b, RGBA8888
+>>>0x5C ulequad 0x00FF00000000FF00
+>>>>0x64 ulequad 0x000000FFFF000000 \b, BGBA8888
+
+>>>0x5C ulequad 0x0000FF0000FF0000
+>>>>0x64 ulequad 0x00000000000000FF \b, xRGB8888
+>>>0x5C ulequad 0x0000FF00000000FF
+>>>>0x64 ulequad 0x0000000000FF0000 \b, xBGR8888
+
+>>>0x5C ulequad 0x00FF0000FF000000
+>>>>0x64 ulequad 0x000000000000FF00 \b, RGBx8888
+>>>0x5C ulequad 0x00FF00000000FF00
+>>>>0x64 ulequad 0x00000000FF000000 \b, BGBx8888
+
+# Less common 32-bit color formats.
+>>>0x5C ulequad 0xFFFF00000000FFFF
+>>>>0x64 ulequad 0x0000000000000000 \b, G16R16
+>>>0x5C ulequad 0x0000FFFFFFFF0000
+>>>>0x64 ulequad 0x0000000000000000 \b, R16G16
+
+>>>0x5C ulequad 0x000FFC003FF00000
+>>>>0x64 ulequad 0xC0000000000003FF \b, A2R10G10B10
+>>>0x5C ulequad 0x000FFC00000003FF
+>>>>0x64 ulequad 0xC00000003FF00000 \b, A2B10G10R10
+
+# Type: Microsoft DirectDraw Surface
+# URL: https://msdn.microsoft.com/library/default.asp?url=/library/en-us/directx9_c/directx/graphics/reference/DDSFileReference/ddsfileformat.asp
+# From: Morten Hustveit <morten@debian.org>
+# Updated by: David Korth <gerbilsoft@gerbilsoft.com>
+0 string/b DDS\040\174\000\000\000 Microsoft DirectDraw Surface (DDS):
+>0 use ms-directdraw-surface
+
+# Type: Sega PVR image.
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+# References:
+# - https://fabiensanglard.net/Mykaruga/tools/segaPVRFormat.txt
+# - https://github.com/yazgoo/pvrx2png
+# - https://github.com/nickworonekin/puyotools
+
+# Sega PVR header.
+0 name sega-pvr-image-header
+>0x0C uleshort x %u x
+>0x0E uleshort x %u
+# Image format.
+>0x08 ubyte 0 \b, ARGB1555
+>0x08 ubyte 1 \b, RGB565
+>0x08 ubyte 2 \b, ARGB4444
+>0x08 ubyte 3 \b, YUV442
+>0x08 ubyte 4 \b, Bump
+>0x08 ubyte 5 \b, 4bpp
+>0x08 ubyte 6 \b, 8bpp
+# Image data type.
+>0x09 ubyte 0x01 \b, square twiddled
+>0x09 ubyte 0x02 \b, square twiddled & mipmap
+>0x09 ubyte 0x03 \b, VQ
+>0x09 ubyte 0x04 \b, VQ & mipmap
+>0x09 ubyte 0x05 \b, 8-bit CLUT twiddled
+>0x09 ubyte 0x06 \b, 4-bit CLUT twiddled
+>0x09 ubyte 0x07 \b, 8-bit direct twiddled
+>0x09 ubyte 0x08 \b, 4-bit direct twiddled
+>0x09 ubyte 0x09 \b, rectangle
+>0x09 ubyte 0x0B \b, rectangular stride
+>0x09 ubyte 0x0D \b, rectangular twiddled
+>0x09 ubyte 0x10 \b, small VQ
+>0x09 ubyte 0x11 \b, small VQ & mipmap
+>0x09 ubyte 0x12 \b, square twiddled & mipmap
+
+# Sega PVR image.
+0 string PVRT
+>0x10 string DDS\040\174\000\000\000 Sega PVR (Xbox) image:
+>>0x20 use ms-directdraw-surface
+>0x10 ubelong !0x44445320 Sega PVR image:
+>>0 use sega-pvr-image-header
+
+# Sega PVR image with GBIX.
+0 string GBIX
+>0x10 string PVRT
+>>0x10 string DDS\040\174\000\000\000 Sega PVR (Xbox) image:
+>>>0x20 use ms-directdraw-surface
+>>0x10 ubelong !0x44445320 Sega PVR image:
+>>>0x10 use sega-pvr-image-header
+>>0x08 ulelong x \b, global index = %u
+
+# Sega GVR header.
+0 name sega-gvr-image-header
+>0x0C ubeshort x %u x
+>0x0E ubeshort x %u
+# Image data format.
+>0x0B ubyte 0 \b, I4
+>0x0B ubyte 1 \b, I8
+>0x0B ubyte 2 \b, IA4
+>0x0B ubyte 3 \b, IA8
+>0x0B ubyte 4 \b, RGB565
+>0x0B ubyte 5 \b, RGB5A3
+>0x0B ubyte 6 \b, ARGB8888
+>0x0B ubyte 8 \b, CI4
+>0x0B ubyte 9 \b, CI8
+>0x0B ubyte 14 \b, DXT1
+
+# Sega GVR image.
+0 string GVRT Sega GVR image:
+>0x10 use sega-gvr-image-header
+
+# Sega GVR image with GBIX.
+0 string GBIX
+>0x10 string GVRT Sega GVR image:
+>>0x10 use sega-gvr-image-header
+>>0x08 ubelong x \b, global index = %u
+
+# Sega GVR image with GCIX. (Wii)
+0 string GCIX
+>0x10 string GVRT Sega GVR image:
+>>0x10 use sega-gvr-image-header
+>>0x08 ubelong x \b, global index = %u
+
+# Light Field Picture
+# Documentation: http://optics.miloush.net/lytro/TheFileFormat.aspx
+# Typical file extensions: .lfp .lfr .lfx
+
+0 ubelong 0x894C4650
+>4 ubelong 0x0D0A1A0A
+>12 ubelong 0x00000000 Lytro Light Field Picture
+>8 ubelong x \b, version %d
+
+# Type: Vision Research Phantom CINE Format
+# URL: https://www.phantomhighspeed.com/
+# URL2: http://phantomhighspeed.force.com/vriknowledge/servlet/fileField?id=0BEU0000000Cfyk
+# From: Harry Mallon <hjmallon at gmail.com>
+#
+# This has a short "CI" code but the 44 is the size of the struct which is
+# stable
+0 string CI
+>2 uleshort 44 Vision Research CINE Video,
+>>4 uleshort 0 Grayscale,
+>>4 uleshort 1 JPEG Compressed,
+>>4 uleshort 2 RAW,
+>>6 uleshort x version %d,
+>>20 ulelong x %d frames,
+>>48 ulelong x %dx
+>>52 ulelong x \b%d
+
+# Type: ARRI Raw Image
+# Info: SMPTE RDD30:2014
+# From: Harry Mallon <hjmallon at gmail.com>
+0 string ARRI ARRI ARI image data,
+>4 ulelong 0x78563412 little-endian,
+>4 ulelong 0x12345678 big-endian,
+>12 ulelong x version %d,
+>20 ulelong x %dx
+>24 ulelong x \b%d
+
+# Type: Khronos KTX texture.
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+# Reference: https://www.khronos.org/opengles/sdk/tools/KTX/file_format_spec/
+
+# glEnum decoding.
+# NOTE: Only the most common formats are listed here.
+0 name khronos-ktx-glEnum
+>0 ulelong 0x1907 \b, RGB
+>0 ulelong 0x1908 \b, RGBA
+>0 ulelong 0x1909 \b, LUMINANCE
+>0 ulelong 0x190A \b, LUMINANCE_ALPHA
+>0 ulelong 0x80E1 \b, BGR
+>0 ulelong 0x80E2 \b, BGRA
+>0 ulelong 0x83A0 \b, RGB_S3TC
+>0 ulelong 0x83A1 \b, RGB4_S3TC
+>0 ulelong 0x83A2 \b, RGBA_S3TC
+>0 ulelong 0x83A3 \b, RGBA4_S3TC
+>0 ulelong 0x83A4 \b, RGBA_DXT5_S3TC
+>0 ulelong 0x83A5 \b, RGBA4_DXT5_S3TC
+>0 ulelong 0x83F0 \b, COMPRESSED_RGB_S3TC_DXT1_EXT
+>0 ulelong 0x83F1 \b, COMPRESSED_RGBA_S3TC_DXT1_EXT
+>0 ulelong 0x83F2 \b, COMPRESSED_RGBA_S3TC_DXT3_EXT
+>0 ulelong 0x83F3 \b, COMPRESSED_RGBA_S3TC_DXT5_EXT
+>0 ulelong 0x8D64 \b, ETC1_RGB8_OES
+>0 ulelong 0x9270 \b, COMPRESSED_R11_EAC
+>0 ulelong 0x9271 \b, COMPRESSED_SIGNED_R11_EAC
+>0 ulelong 0x9272 \b, COMPRESSED_RG11_EAC
+>0 ulelong 0x9273 \b, COMPRESSED_SIGNED_RG11_EAC
+>0 ulelong 0x9274 \b, COMPRESSED_RGB8_ETC2
+>0 ulelong 0x9275 \b, COMPRESSED_SRGB8_ETC2
+>0 ulelong 0x9276 \b, COMPRESSED_RGB8_PUNCHTHROUGH_ALPHA1_ETC2
+>0 ulelong 0x9277 \b, COMPRESSED_SRGB8_PUNCHTHROUGH_ALPHA1_ETC2
+>0 ulelong 0x9278 \b, COMPRESSED_RGBA2_ETC2_EAC
+>0 ulelong 0x9279 \b, COMPRESSED_SRGB8_ALPHA8_ETC2_EAC
+>0 ulelong 0x93B0 \b, COMPRESSED_RGBA_ASTC_4x4_KHR
+>0 ulelong 0x93B1 \b, COMPRESSED_RGBA_ASTC_5x4_KHR
+>0 ulelong 0x93B2 \b, COMPRESSED_RGBA_ASTC_5x5_KHR
+>0 ulelong 0x93B3 \b, COMPRESSED_RGBA_ASTC_6x5_KHR
+>0 ulelong 0x93B4 \b, COMPRESSED_RGBA_ASTC_6x6_KHR
+>0 ulelong 0x93B5 \b, COMPRESSED_RGBA_ASTC_8x5_KHR
+>0 ulelong 0x93B6 \b, COMPRESSED_RGBA_ASTC_8x6_KHR
+>0 ulelong 0x93B7 \b, COMPRESSED_RGBA_ASTC_8x8_KHR
+>0 ulelong 0x93B8 \b, COMPRESSED_RGBA_ASTC_10x5_KHR
+>0 ulelong 0x93B9 \b, COMPRESSED_RGBA_ASTC_10x6_KHR
+>0 ulelong 0x93BA \b, COMPRESSED_RGBA_ASTC_10x8_KHR
+>0 ulelong 0x93BB \b, COMPRESSED_RGBA_ASTC_10x10_KHR
+>0 ulelong 0x93BC \b, COMPRESSED_RGBA_ASTC_12x10_KHR
+>0 ulelong 0x93BD \b, COMPRESSED_RGBA_ASTC_12x12_KHR
+>0 ulelong 0x93D0 \b, COMPRESSED_SRGB8_ALPHA8_ASTC_4x4_KHR
+>0 ulelong 0x93D1 \b, COMPRESSED_SRGB8_ALPHA8_ASTC_5x4_KHR
+>0 ulelong 0x93D2 \b, COMPRESSED_SRGB8_ALPHA8_ASTC_5x5_KHR
+>0 ulelong 0x93D3 \b, COMPRESSED_SRGB8_ALPHA8_ASTC_6x5_KHR
+>0 ulelong 0x93D4 \b, COMPRESSED_SRGB8_ALPHA8_ASTC_6x6_KHR
+>0 ulelong 0x93D5 \b, COMPRESSED_SRGB8_ALPHA8_ASTC_8x5_KHR
+>0 ulelong 0x93D6 \b, COMPRESSED_SRGB8_ALPHA8_ASTC_8x6_KHR
+>0 ulelong 0x93D7 \b, COMPRESSED_SRGB8_ALPHA8_ASTC_8x8_KHR
+>0 ulelong 0x93D8 \b, COMPRESSED_SRGB8_ALPHA8_ASTC_10x5_KHR
+>0 ulelong 0x93D9 \b, COMPRESSED_SRGB8_ALPHA8_ASTC_10x6_KHR
+>0 ulelong 0x93DA \b, COMPRESSED_SRGB8_ALPHA8_ASTC_10x8_KHR
+>0 ulelong 0x93DB \b, COMPRESSED_SRGB8_ALPHA8_ASTC_10x10_KHR
+>0 ulelong 0x93DC \b, COMPRESSED_SRGB8_ALPHA8_ASTC_12x10_KHR
+>0 ulelong 0x93DD \b, COMPRESSED_SRGB8_ALPHA8_ASTC_12x12_KHR
+
+# Endian-specific KTX header.
+# TODO: glType (all textures I've seen so far are GL_UNSIGNED_BYTE)
+0 name khronos-ktx-endian-header
+>20 ulelong x \b, %u
+>24 ulelong >1 x %u
+>28 ulelong >1 x %u
+>8 ulelong >0
+>>8 use khronos-ktx-glEnum
+>8 ulelong 0
+>>12 use khronos-ktx-glEnum
+
+# Main KTX header.
+# Determine endianness, then check the rest of the header.
+0 string \xABKTX\ 11\xBB\r\n\x1A\n Khronos KTX texture
+>12 ulelong 0x04030201 (little-endian)
+>>16 use khronos-ktx-endian-header
+>12 ubelong 0x04030201 (big-endian)
+>>16 use \^khronos-ktx-endian-header
+
+# Type: Khronos KTX2 texture.
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+# Based on draft19.
+# Reference: http://github.khronos.org/KTX-Specification/
+
+# Supercompression enum.
+0 name khronos-ktx2-supercompression
+>0 ulelong 1 BasisLZ
+>0 ulelong 2 Zstandard
+>0 ulelong 3 ZLIB
+
+# Vulkan format identifier.
+# NOTE: Formats prohibited from KTX2 are commented out.
+0 name khronos-ktx2-vkFormat
+>0 ulelong 0 UNDEFINED
+>0 ulelong 1 R4G4_UNORM_PACK8
+>0 ulelong 2 R4G4B4A4_UNORM_PACK16
+>0 ulelong 3 B4G4R4A4_UNORM_PACK16
+>0 ulelong 4 R5G6B5_UNORM_PACK16
+>0 ulelong 5 B5G6R5_UNORM_PACK16
+>0 ulelong 6 R5G5B5A1_UNORM_PACK16
+>0 ulelong 7 B5G5R5A1_UNORM_PACK16
+>0 ulelong 8 A1R5G5B5_UNORM_PACK16
+>0 ulelong 9 R8_UNORM
+>0 ulelong 10 R8_SNORM
+#>0 ulelong 11 R8_USCALED
+#>0 ulelong 12 R8_SSCALED
+>0 ulelong 13 R8_UINT
+>0 ulelong 14 R8_SINT
+>0 ulelong 15 R8_SRGB
+>0 ulelong 16 R8G8_UNORM
+>0 ulelong 17 R8G8_SNORM
+#>0 ulelong 18 R8G8_USCALED
+#>0 ulelong 19 R8G8_SSCALED
+>0 ulelong 20 R8G8_UINT
+>0 ulelong 21 R8G8_SINT
+>0 ulelong 22 R8G8_SRGB
+>0 ulelong 23 R8G8B8_UNORM
+>0 ulelong 24 R8G8B8_SNORM
+#>0 ulelong 25 R8G8B8_USCALED
+#>0 ulelong 26 R8G8B8_SSCALED
+>0 ulelong 27 R8G8B8_UINT
+>0 ulelong 28 R8G8B8_SINT
+>0 ulelong 29 R8G8B8_SRGB
+>0 ulelong 30 B8G8R8_UNORM
+>0 ulelong 31 B8G8R8_SNORM
+#>0 ulelong 32 B8G8R8_USCALED
+#>0 ulelong 33 B8G8R8_SSCALED
+>0 ulelong 34 B8G8R8_UINT
+>0 ulelong 35 B8G8R8_SINT
+>0 ulelong 36 B8G8R8_SRGB
+>0 ulelong 37 R8G8B8A8_UNORM
+>0 ulelong 38 R8G8B8A8_SNORM
+#>0 ulelong 39 R8G8B8A8_USCALED
+#>0 ulelong 40 R8G8B8A8_SSCALED
+>0 ulelong 41 R8G8B8A8_UINT
+>0 ulelong 42 R8G8B8A8_SINT
+>0 ulelong 43 R8G8B8A8_SRGB
+>0 ulelong 44 B8G8R8A8_UNORM
+>0 ulelong 45 B8G8R8A8_SNORM
+#>0 ulelong 46 B8G8R8A8_USCALED
+#>0 ulelong 47 B8G8R8A8_SSCALED
+>0 ulelong 48 B8G8R8A8_UINT
+>0 ulelong 49 B8G8R8A8_SINT
+>0 ulelong 50 B8G8R8A8_SRGB
+#>0 ulelong 51 A8B8G8R8_UNORM_PACK32
+#>0 ulelong 52 A8B8G8R8_SNORM_PACK32
+#>0 ulelong 53 A8B8G8R8_USCALED_PACK32
+#>0 ulelong 54 A8B8G8R8_SSCALED_PACK32
+#>0 ulelong 55 A8B8G8R8_UINT_PACK32
+#>0 ulelong 56 A8B8G8R8_SINT_PACK32
+#>0 ulelong 57 A8B8G8R8_SRGB_PACK32
+>0 ulelong 58 A2R10G10B10_UNORM_PACK32
+>0 ulelong 59 A2R10G10B10_SNORM_PACK32
+#>0 ulelong 60 A2R10G10B10_USCALED_PACK32
+#>0 ulelong 61 A2R10G10B10_SSCALED_PACK32
+>0 ulelong 62 A2R10G10B10_UINT_PACK32
+>0 ulelong 63 A2R10G10B10_SINT_PACK32
+>0 ulelong 64 A2B10G10R10_UNORM_PACK32
+>0 ulelong 65 A2B10G10R10_SNORM_PACK32
+#>0 ulelong 66 A2B10G10R10_USCALED_PACK32
+#>0 ulelong 67 A2B10G10R10_SSCALED_PACK32
+>0 ulelong 68 A2B10G10R10_UINT_PACK32
+>0 ulelong 69 A2B10G10R10_SINT_PACK32
+>0 ulelong 70 R16_UNORM
+>0 ulelong 71 R16_SNORM
+#>0 ulelong 72 R16_USCALED
+#>0 ulelong 73 R16_SSCALED
+>0 ulelong 74 R16_UINT
+>0 ulelong 75 R16_SINT
+>0 ulelong 76 R16_SFLOAT
+>0 ulelong 77 R16G16_UNORM
+>0 ulelong 78 R16G16_SNORM
+#>0 ulelong 79 R16G16_USCALED
+#>0 ulelong 80 R16G16_SSCALED
+>0 ulelong 81 R16G16_UINT
+>0 ulelong 82 R16G16_SINT
+>0 ulelong 83 R16G16_SFLOAT
+>0 ulelong 84 R16G16B16_UNORM
+>0 ulelong 85 R16G16B16_SNORM
+#>0 ulelong 86 R16G16B16_USCALED
+#>0 ulelong 87 R16G16B16_SSCALED
+>0 ulelong 88 R16G16B16_UINT
+>0 ulelong 89 R16G16B16_SINT
+>0 ulelong 90 R16G16B16_SFLOAT
+>0 ulelong 91 R16G16B16A16_UNORM
+>0 ulelong 92 R16G16B16A16_SNORM
+#>0 ulelong 93 R16G16B16A16_USCALED
+#>0 ulelong 94 R16G16B16A16_SSCALED
+>0 ulelong 95 R16G16B16A16_UINT
+>0 ulelong 96 R16G16B16A16_SINT
+>0 ulelong 97 R16G16B16A16_SFLOAT
+>0 ulelong 98 R32_UINT
+>0 ulelong 99 R32_SINT
+>0 ulelong 100 R32_SFLOAT
+>0 ulelong 101 R32G32_UINT
+>0 ulelong 102 R32G32_SINT
+>0 ulelong 103 R32G32_SFLOAT
+>0 ulelong 104 R32G32B32_UINT
+>0 ulelong 105 R32G32B32_SINT
+>0 ulelong 106 R32G32B32_SFLOAT
+>0 ulelong 107 R32G32B32A32_UINT
+>0 ulelong 108 R32G32B32A32_SINT
+>0 ulelong 109 R32G32B32A32_SFLOAT
+>0 ulelong 110 R64_UINT
+>0 ulelong 111 R64_SINT
+>0 ulelong 112 R64_SFLOAT
+>0 ulelong 113 R64G64_UINT
+>0 ulelong 114 R64G64_SINT
+>0 ulelong 115 R64G64_SFLOAT
+>0 ulelong 116 R64G64B64_UINT
+>0 ulelong 117 R64G64B64_SINT
+>0 ulelong 118 R64G64B64_SFLOAT
+>0 ulelong 119 R64G64B64A64_UINT
+>0 ulelong 120 R64G64B64A64_SINT
+>0 ulelong 121 R64G64B64A64_SFLOAT
+>0 ulelong 122 B10G11R11_UFLOAT_PACK32
+>0 ulelong 123 E5B9G9R9_UFLOAT_PACK32
+>0 ulelong 124 D16_UNORM
+>0 ulelong 125 X8_D24_UNORM_PACK32
+>0 ulelong 126 D32_SFLOAT
+>0 ulelong 127 S8_UINT
+>0 ulelong 128 D16_UNORM_S8_UINT
+>0 ulelong 129 D24_UNORM_S8_UINT
+>0 ulelong 130 D32_SFLOAT_S8_UINT
+
+>0 ulelong 131 BC1_RGB_UNORM_BLOCK
+>0 ulelong 132 BC1_RGB_SRGB_BLOCK
+>0 ulelong 133 BC1_RGBA_UNORM_BLOCK
+>0 ulelong 134 BC1_RGBA_SRGB_BLOCK
+>0 ulelong 135 BC2_UNORM_BLOCK
+>0 ulelong 136 BC2_SRGB_BLOCK
+>0 ulelong 137 BC3_UNORM_BLOCK
+>0 ulelong 138 BC3_SRGB_BLOCK
+>0 ulelong 139 BC4_UNORM_BLOCK
+>0 ulelong 140 BC4_SNORM_BLOCK
+>0 ulelong 141 BC5_UNORM_BLOCK
+>0 ulelong 142 BC5_SNORM_BLOCK
+>0 ulelong 143 BC6H_UFLOAT_BLOCK
+>0 ulelong 144 BC6H_SFLOAT_BLOCK
+>0 ulelong 145 BC7_UNORM_BLOCK
+>0 ulelong 146 BC7_SRGB_BLOCK
+
+>0 ulelong 147 ETC2_R8G8B8_UNORM_BLOCK
+>0 ulelong 148 ETC2_R8G8B8_SRGB_BLOCK
+>0 ulelong 149 ETC2_R8G8B8A1_UNORM_BLOCK
+>0 ulelong 150 ETC2_R8G8B8A1_SRGB_BLOCK
+>0 ulelong 151 ETC2_R8G8B8A8_UNORM_BLOCK
+>0 ulelong 152 ETC2_R8G8B8A8_SRGB_BLOCK
+
+>0 ulelong 153 EAC_R11_UNORM_BLOCK
+>0 ulelong 154 EAC_R11_SNORM_BLOCK
+>0 ulelong 155 EAC_R11G11_UNORM_BLOCK
+>0 ulelong 156 EAC_R11G11_SNORM_BLOCK
+
+>0 ulelong 157 ASTC_4x4_UNORM_BLOCK
+>0 ulelong 158 ASTC_4x4_SRGB_BLOCK
+>0 ulelong 159 ASTC_5x4_UNORM_BLOCK
+>0 ulelong 160 ASTC_5x4_SRGB_BLOCK
+>0 ulelong 161 ASTC_5x5_UNORM_BLOCK
+>0 ulelong 162 ASTC_5x5_SRGB_BLOCK
+>0 ulelong 163 ASTC_6x5_UNORM_BLOCK
+>0 ulelong 164 ASTC_6x5_SRGB_BLOCK
+>0 ulelong 165 ASTC_6x6_UNORM_BLOCK
+>0 ulelong 166 ASTC_6x6_SRGB_BLOCK
+>0 ulelong 167 ASTC_8x5_UNORM_BLOCK
+>0 ulelong 168 ASTC_8x5_SRGB_BLOCK
+>0 ulelong 169 ASTC_8x6_UNORM_BLOCK
+>0 ulelong 170 ASTC_8x6_SRGB_BLOCK
+>0 ulelong 171 ASTC_8x8_UNORM_BLOCK
+>0 ulelong 172 ASTC_8x8_SRGB_BLOCK
+>0 ulelong 173 ASTC_10x5_UNORM_BLOCK
+>0 ulelong 174 ASTC_10x5_SRGB_BLOCK
+>0 ulelong 175 ASTC_10x6_UNORM_BLOCK
+>0 ulelong 176 ASTC_10x6_SRGB_BLOCK
+>0 ulelong 177 ASTC_10x8_UNORM_BLOCK
+>0 ulelong 178 ASTC_10x8_SRGB_BLOCK
+>0 ulelong 179 ASTC_10x10_UNORM_BLOCK
+>0 ulelong 180 ASTC_10x10_SRGB_BLOCK
+>0 ulelong 181 ASTC_12x10_UNORM_BLOCK
+>0 ulelong 182 ASTC_12x10_SRGB_BLOCK
+>0 ulelong 183 ASTC_12x12_UNORM_BLOCK
+>0 ulelong 184 ASTC_12x12_SRGB_BLOCK
+
+>0 ulelong 1000156000 G8B8G8R8_422_UNORM
+>0 ulelong 1000156001 B8G8R8G8_422_UNORM
+>0 ulelong 1000156002 G8_B8_R8_3PLANE_420_UNORM
+>0 ulelong 1000156003 G8_B8R8_2PLANE_420_UNORM
+>0 ulelong 1000156004 G8_B8_R8_3PLANE_422_UNORM
+>0 ulelong 1000156005 G8_B8R8_2PLANE_422_UNORM
+>0 ulelong 1000156006 G8_B8_R8_3PLANE_444_UNORM
+>0 ulelong 1000156007 R10X6_UNORM_PACK16
+>0 ulelong 1000156008 R10X6G10X6_UNORM_2PACK16
+>0 ulelong 1000156009 R10X6G10X6B10X6A10X6_UNORM_4PACK16
+>0 ulelong 1000156010 G10X6B10X6G10X6R10X6_422_UNORM_4PACK16
+>0 ulelong 1000156011 B10X6G10X6R10X6G10X6_422_UNORM_4PACK16
+>0 ulelong 1000156012 G10X6_B10X6_R10X6_3PLANE_420_UNORM_3PACK16
+>0 ulelong 1000156013 G10X6_B10X6R10X6_2PLANE_420_UNORM_3PACK16
+>0 ulelong 1000156014 G10X6_B10X6_R10X6_3PLANE_422_UNORM_3PACK16
+>0 ulelong 1000156015 G10X6_B10X6R10X6_2PLANE_422_UNORM_3PACK16
+>0 ulelong 1000156016 G10X6_B10X6_R10X6_3PLANE_444_UNORM_3PACK16
+>0 ulelong 1000156017 R12X4_UNORM_PACK16
+>0 ulelong 1000156018 R12X4G12X4_UNORM_2PACK16
+>0 ulelong 1000156019 R12X4G12X4B12X4A12X4_UNORM_4PACK16
+>0 ulelong 1000156020 G12X4B12X4G12X4R12X4_422_UNORM_4PACK16
+>0 ulelong 1000156021 B12X4G12X4R12X4G12X4_422_UNORM_4PACK16
+>0 ulelong 1000156022 G12X4_B12X4_R12X4_3PLANE_420_UNORM_3PACK16
+>0 ulelong 1000156023 G12X4_B12X4R12X4_2PLANE_420_UNORM_3PACK16
+>0 ulelong 1000156024 G12X4_B12X4_R12X4_3PLANE_422_UNORM_3PACK16
+>0 ulelong 1000156025 G12X4_B12X4R12X4_2PLANE_422_UNORM_3PACK16
+>0 ulelong 1000156026 G12X4_B12X4_R12X4_3PLANE_444_UNORM_3PACK16
+>0 ulelong 1000156027 G16B16G16R16_422_UNORM
+>0 ulelong 1000156028 B16G16R16G16_422_UNORM
+>0 ulelong 1000156029 G16_B16_R16_3PLANE_420_UNORM
+>0 ulelong 1000156030 G16_B16R16_2PLANE_420_UNORM
+>0 ulelong 1000156031 G16_B16_R16_3PLANE_422_UNORM
+>0 ulelong 1000156032 G16_B16R16_2PLANE_422_UNORM
+>0 ulelong 1000156033 G16_B16_R16_3PLANE_444_UNORM
+
+>0 ulelong 1000054000 PVRTC1_2BPP_UNORM_BLOCK_IMG
+>0 ulelong 1000054001 PVRTC1_4BPP_UNORM_BLOCK_IMG
+>0 ulelong 1000054002 PVRTC2_2BPP_UNORM_BLOCK_IMG
+>0 ulelong 1000054003 PVRTC2_4BPP_UNORM_BLOCK_IMG
+>0 ulelong 1000054004 PVRTC1_2BPP_SRGB_BLOCK_IMG
+>0 ulelong 1000054005 PVRTC1_4BPP_SRGB_BLOCK_IMG
+>0 ulelong 1000054006 PVRTC2_2BPP_SRGB_BLOCK_IMG
+>0 ulelong 1000054007 PVRTC2_4BPP_SRGB_BLOCK_IMG
+
+>0 ulelong 1000066000 ASTC_4x4_SFLOAT_BLOCK_EXT
+>0 ulelong 1000066001 ASTC_5x4_SFLOAT_BLOCK_EXT
+>0 ulelong 1000066002 ASTC_5x5_SFLOAT_BLOCK_EXT
+>0 ulelong 1000066003 ASTC_6x5_SFLOAT_BLOCK_EXT
+>0 ulelong 1000066004 ASTC_6x6_SFLOAT_BLOCK_EXT
+>0 ulelong 1000066005 ASTC_8x5_SFLOAT_BLOCK_EXT
+>0 ulelong 1000066006 ASTC_8x6_SFLOAT_BLOCK_EXT
+>0 ulelong 1000066007 ASTC_8x8_SFLOAT_BLOCK_EXT
+>0 ulelong 1000066008 ASTC_10x5_SFLOAT_BLOCK_EXT
+>0 ulelong 1000066009 ASTC_10x6_SFLOAT_BLOCK_EXT
+>0 ulelong 1000066010 ASTC_10x8_SFLOAT_BLOCK_EXT
+>0 ulelong 1000066011 ASTC_10x10_SFLOAT_BLOCK_EXT
+>0 ulelong 1000066012 ASTC_12x10_SFLOAT_BLOCK_EXT
+>0 ulelong 1000066013 ASTC_12x12_SFLOAT_BLOCK_EXT
+
+# Main KTX2 header.
+0 string \xABKTX\ 20\xBB\r\n\x1A\n Khronos KTX2 texture
+>20 ulelong x \b, %u
+>24 ulelong >1 x %u
+>28 ulelong >1 x %u
+>32 ulelong >1 \b, %u layers
+>36 ulelong >1 \b, %u faces
+>40 ulelong >1 \b, %u mipmaps
+>44 ulelong >0 \b,
+>>44 use khronos-ktx2-supercompression
+>12 ulelong >0 \b,
+>>12 use khronos-ktx2-vkFormat
+
+# Type: Valve VTF texture.
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+# References:
+# - https://developer.valvesoftware.com/wiki/Valve_Texture_Format
+
+# VTF image formats.
+0 name vtf-image-format
+>0 ulelong 0 RGBA8888
+>0 ulelong 1 ABGR8888
+>0 ulelong 2 RGB888
+>0 ulelong 3 BGR888
+>0 ulelong 4 RGB565
+>0 ulelong 5 I8
+>0 ulelong 6 IA88
+>0 ulelong 7 P8
+>0 ulelong 8 A8
+>0 ulelong 9 RGB888 (bluescreen)
+>0 ulelong 10 BGR888 (bluescreen)
+>0 ulelong 11 ARGB8888
+>0 ulelong 12 BGRA8888
+>0 ulelong 13 DXT1
+>0 ulelong 14 DXT3
+>0 ulelong 15 DXT5
+>0 ulelong 16 BGRx8888
+>0 ulelong 17 BGR565
+>0 ulelong 18 BGRx5551
+>0 ulelong 19 BGRA4444
+>0 ulelong 20 DXT1+A1
+>0 ulelong 21 BGRA5551
+>0 ulelong 22 UV88
+>0 ulelong 23 UVWQ8888
+>0 ulelong 24 RGBA16161616F
+>0 ulelong 25 RGBA16161616
+>0 ulelong 26 UVLX8888
+
+# Main VTF header.
+0 string VTF\0 Valve Texture Format
+>4 ulelong x v%u
+>8 ulelong x \b.%u
+>0x10 uleshort x \b, %u
+>0x12 uleshort >1 x %u
+>4 lequad 0x0000000700000002
+>>0x3F uleshort >1 x %u
+>0x18 uleshort >1 \b, %u frames
+>0x38 ubyte x \b, mipmaps: %u
+>0x34 ulelong >-1 \b,
+>>0x34 use vtf-image-format
+
+# Type: Valve VTF3 (PS3) texture.
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+0 string VTF3 Valve Texture Format (PS3)
+>0x14 ubeshort x \b, %u
+>0x16 ubeshort x \b x %u
+>0x10 ubelong&0x2000 0 \b, DXT1
+>0x10 ubelong&0x2000 0x2000 \b, DXT5
+
+# Type: ASTC texture.
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+# References:
+# - https://stackoverflow.com/questions/22600678/determine-internal-format-of-given-astc-compressed-image-through-its-header
+# - https://stackoverflow.com/a/22682244
+0 ulelong 0x5ca1ab13 ASTC
+>4 ubyte x %u
+>5 ubyte x \bx%u
+>6 ubyte >1 \bx%u
+# X, Y, and Z dimensions are stored as 24-bit LE.
+# Pretend it's 32-bit and mask off the high byte.
+>7 ulelong&0x00FFFFFF x texture, %u
+>10 ulelong&0x00FFFFFF x x %u
+>13 ulelong&0x00FFFFFF >1 x %u
+
+# Zebra Metafile graphic
+# http://www.fileformat.info/format/zbr/egff.htm
+0 ubeshort 0x9a02 Zebra Metafile graphic
+>2 uleshort 1 (version 1.x)
+>2 uleshort 2 (version 1.1x or 1.2x)
+>2 uleshort 3 (version 1.49)
+>2 uleshort 4 (version 1.50)
+>4 string x (comment = %s)
+
+# Microsoft Paint graphic
+# http://www.fileformat.info/format/mspaint/egff.htm
+0 string DanM icrosoft Paint image data (version 1.x)
+>4 uleshort x (%d
+>>6 uleshort x x %d)
+0 string LinS Microsoft Paint image data (version 2.0)
+>4 uleshort x (%d
+>>6 uleshort x x %d)
+
+# reMarkable tablet internal file format (https://www.remarkable.com/)
+# https://github.com/ax3l/lines-are-beautiful
+# https://plasma.ninja/blog/devices/remarkable/binary/format/2017/12/26/\
+# reMarkable-lines-file-format.html#what-to-do-next
+# from Axel Huebl
+0 string reMarkable
+>11 string lines
+>>17 string with
+>>>22 string selections
+>>>>33 string and
+>>>>>37 string layers
+>>>>>>43 ulelong x reMarkable tablet notebook lines, 1404 x 1872, %x page(s)
+
+# newer per-page files for the reMarkable
+0 string reMarkable
+>11 string .lines
+>>18 string file,
+>>>24 string version=
+>>>>32 ubyte x reMarkable tablet page (v%c), 1404 x 1872,
+>>>>>43 ulelong x %d layer(s)
+
+# Type: PVR3 texture.
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+# References:
+# - http://cdn.imgtec.com/sdk-documentation/PVR+File+Format.Specification.pdf
+
+# PVR3 pixel formats.
+0 name pvr3-pixel-format
+>0 ulelong 0 PVRTC 2bpp RGB
+>0 ulelong 1 PVRTC 2bpp RGBA
+>0 ulelong 2 PVRTC 4bpp RGB
+>0 ulelong 3 PVRTC 4bpp RGBA
+>0 ulelong 4 PVRTC-II 2bpp
+>0 ulelong 5 PVRTC-II 4bpp
+>0 ulelong 6 ETC1
+>0 ulelong 7 DXT1
+>0 ulelong 8 DXT2
+>0 ulelong 9 DXT3
+>0 ulelong 10 DXT4
+>0 ulelong 11 DXT5
+>0 ulelong 12 BC4
+>0 ulelong 13 BC5
+>0 ulelong 14 BC6
+>0 ulelong 15 BC7
+>0 ulelong 16 UYVY
+>0 ulelong 17 YUY2
+>0 ulelong 18 BW1bpp
+>0 ulelong 19 R9G9B9E5 Shared Exponent
+>0 ulelong 20 RGBG8888
+>0 ulelong 21 GRGB8888
+>0 ulelong 22 ETC2 RGB
+>0 ulelong 23 ETC2 RGBA
+>0 ulelong 24 ETC2 RGB A1
+>0 ulelong 25 EAC R11
+>0 ulelong 26 EAC RG11
+>0 ulelong 27 ASTC_4x4
+>0 ulelong 28 ASTC_5x4
+>0 ulelong 29 ASTC_5x5
+>0 ulelong 30 ASTC_6x5
+>0 ulelong 31 ASTC_6x6
+>0 ulelong 32 ASTC_8x5
+>0 ulelong 33 ASTC_8x6
+>0 ulelong 34 ASTC_8x8
+>0 ulelong 35 ASTC_10x5
+>0 ulelong 36 ASTC_10x6
+>0 ulelong 37 ASTC_10x8
+>0 ulelong 38 ASTC_10x10
+>0 ulelong 39 ASTC_12x10
+>0 ulelong 40 ASTC_12x12
+>0 ulelong 41 ASTC_3x3x3
+>0 ulelong 42 ASTC_4x3x3
+>0 ulelong 43 ASTC_4x4x3
+>0 ulelong 44 ASTC_4x4x4
+>0 ulelong 45 ASTC_5x4x4
+>0 ulelong 46 ASTC_5x5x4
+>0 ulelong 47 ASTC_5x5x5
+>0 ulelong 48 ASTC_6x5x5
+>0 ulelong 49 ASTC_6x6x5
+>0 ulelong 50 ASTC_6x6x6
+
+0 string PVR\x03 PowerVR 3.0 texture:
+>0x18 ulelong x %u x
+>0x1C ulelong x %u
+>0x20 ulelong >1 x %u
+>0x08 ubyte x \b,
+>0x0C ulelong 0
+>>0x08 use pvr3-pixel-format
+>0x0C ulelong !0
+>>0x08 ubyte !0 %c
+>>>0x0C ubyte !0 \b%u
+>>0x09 ubyte !0 \b%c
+>>>0x0D ubyte !0 \b%u
+>>0x0A ubyte !0 \b%c
+>>>0x0E ubyte !0 \b%u
+>>0x0B ubyte !0 \b%c
+>>>0x0F ubyte !0 \b%u
+>0x10 ulelong 1 \b, sRGB
+>0x04 ulelong&0x02 0x02 \b, premultiplied alpha
+
+0 string \x03RVP PowerVR 3.0 texture: BE,
+>0x18 ubelong x %u x
+>0x1C ubelong x %u
+>0x20 ubelong >1 x %u
+>0x08 ubyte x \b,
+>0x0C ubelong 0
+>>0x08 use pvr3-pixel-format
+>0x0C ubelong !0
+>>0x0B ubyte !0 %c
+>>>0x0F ubyte !0 \b%u
+>>0x0A ubyte !0 \b%c
+>>>0x0E ubyte !0 \b%u
+>>0x09 ubyte !0 \b%c
+>>>0x0D ubyte !0 \b%u
+>>0x08 ubyte !0 \b%c
+>>>0x0C ubyte !0 \b%u
+>0x10 ubelong 1 \b, sRGB
+>0x04 ubelong&0x02 0x02 \b, premultiplied alpha
+
+# Type: Microsoft Xbox XPR0 texture.
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+# References:
+# - https://github.com/Cxbx-Reloaded/Cxbx-Reloaded/blob/develop/src/core/hle/D3D8/XbD3D8Types.h
+
+# XPR pixel formats.
+0 name xbox-xpr-pixel-format
+>0 ubyte 0x00 L8
+>0 ubyte 0x01 AL8
+>0 ubyte 0x02 ARGB1555
+>0 ubyte 0x03 RGB555
+>0 ubyte 0x04 ARGB4444
+>0 ubyte 0x05 RGB565
+>0 ubyte 0x06 ARGB8888
+>0 ubyte 0x07 xRGB8888
+>0 ubyte 0x0B P8
+>0 ubyte 0x0C DXT1
+>0 ubyte 0x0E DXT2
+>0 ubyte 0x0F DXT4
+>0 ubyte 0x10 Linear ARGB1555
+>0 ubyte 0x11 Linear RGB565
+>0 ubyte 0x12 Linear ARGB8888
+>0 ubyte 0x13 Linear L8
+>0 ubyte 0x16 Linear R8B8
+>0 ubyte 0x17 Linear G8B8
+>0 ubyte 0x19 A8
+>0 ubyte 0x1A A8L8
+>0 ubyte 0x1B Linear AL8
+>0 ubyte 0x1C Linear RGB555
+>0 ubyte 0x1D Linear ARGB4444
+>0 ubyte 0x1E Linear xRGB8888
+>0 ubyte 0x1F Linear A8
+>0 ubyte 0x20 Linear A8L8
+>0 ubyte 0x24 YUY2
+>0 ubyte 0x25 UYVY
+>0 ubyte 0x27 L6V5U5
+>0 ubyte 0x28 V8U8
+>0 ubyte 0x29 R8B8
+>0 ubyte 0x2A D24S8
+>0 ubyte 0x2B F24S8
+>0 ubyte 0x2C D16
+>0 ubyte 0x2D F16
+>0 ubyte 0x2E Linear D24S8
+>0 ubyte 0x2F Linear F24S8
+>0 ubyte 0x30 Linear D16
+>0 ubyte 0x31 Linear F16
+>0 ubyte 0x32 L16
+>0 ubyte 0x33 V16U16
+>0 ubyte 0x35 Linear L16
+>0 ubyte 0x36 Linear V16U16
+>0 ubyte 0x37 Linear L6V5U5
+>0 ubyte 0x38 RGBA5551
+>0 ubyte 0x39 RGBA4444
+>0 ubyte 0x3A QWVU8888
+>0 ubyte 0x3B BGRA8888
+>0 ubyte 0x3C RGBA8888
+>0 ubyte 0x3D Linear RGBA5551
+>0 ubyte 0x3E Linear RGBA4444
+>0 ubyte 0x3F Linear ABGR8888
+>0 ubyte 0x40 Linear BGRA8888
+>0 ubyte 0x41 Linear RGBA8888
+>0 ubyte 0x64 Vertex Data
+
+0 string XPR0 Microsoft Xbox XPR0 texture
+>0x19 ubyte x \b, format:
+>>0x19 use xbox-xpr-pixel-format
+
+# ILDA Image Data Transfer Format
+# https://www.ilda.com/resources/StandardsDocs/ILDA_IDTF14_rev011.pdf
+#
+# Updated by Chuck Hein (laser@geekdude.com)
+#
+0 string ILDA ILDA Image Data Transfer Format
+>7 ubyte 0x00 3D Coordinates with Indexed Color
+>7 ubyte 0x01 2D Coordinates with Indexed Color
+>7 ubyte 0x02 Color Palette
+>7 ubyte 0x04 3D Coordinates with True Color
+>7 ubyte 0x05 2D Coordinates with True Color
+>8 string >0 \b, palette %s
+>16 string >0 \b, company %s
+>24 ubeshort >0 \b, number of records %d
+>>26 ubeshort x \b, palette number %d
+>>28 ubeshort >0 \b, number of frames %d
+>>30 ubyte >0 \b, projector number %d
+
+# Dropbox "lepton" compressed jpeg format
+# https://github.com/dropbox/lepton
+0 ubelong&0xfffff0ff 0xcf84005a Lepton image file
+>2 ubyte x (version %d)
+
+# Apple QuickTake camera raw images
+# https://en.wikipedia.org/wiki/Apple_QuickTake
+# dcraw can decode them
+0 name quicktake
+>4 ubelong 8
+>>544 ubeshort x \b, %dx
+>>546 ubeshort x \b%d
+>4 ubelong 4
+>>546 ubeshort x \b, %dx
+>>544 ubeshort x \b%d
+
+0 string qktk Apple QuickTake 100 Raw Image
+>0 use quicktake
+
+0 string qktn
+>4 ubyte 0 Apple QuickTake 150 Raw Image
+>4 ubyte >0 Apple QuickTake 200 Raw Image
+>0 use quicktake
+
+# From: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/Corel_Photo-Paint_image
+# Reference: http://blog.argasinski.eu/wp-content/uploads/2011/08/cpt-specification-0.01.pdf
+0 string CPT
+>4 string FILE Corel Photo-Paint image, version
+# version like 7, 9 or 8
+>>3 ubyte x %c,
+!:mime image/x-corel-cpt
+!:ext cpt
+# if blocks_array_offset available jump blockNumber*8 bytes
+>>0x34 ulelong >0
+>>>(0x28.l*8) ubyte x
+# jump additional stored blocks_array_offset bytes forward to object block
+>>>>&(0x34.l-1) ulelong x %u
+# object height in pixels
+>>>>>&0 ulelong x x %u
+# if no blocks_array_offset available jump blockNumber*8 bytes
+>>0x34 ulelong =0
+>>>(0x28.l*8) ubyte x
+# jump additional 0x13C bytes forward to object block
+>>>>&0x13B ulelong x %u
+>>>>>&0 ulelong x x %u
+# image color model used
+>>0x8 ulelong x
+>>>0x8 ulelong 0x1 RGB 24 bits
+>>>0x8 ulelong 0x3 CMYK 24 bits
+>>>0x8 ulelong 0x5 greyscale 8 bits
+>>>0x8 ulelong 0x6 black and white 1 bit
+>>>0x8 ulelong 0xA RGB 8 bits
+# palette_length number of colors * 3 in case of 8-bit RGB paletted image
+# 0 otherwise. Allowed values: 0 or [1..256] * 3
+#>>0xC ulelong >0 \b, palette length %u
+>>>>0xC ulelong/3 <256 \b, %u colors
+>>>0x8 ulelong 0xB LAB
+>>>0x8 ulelong 0xC RGB 48 bits
+>>>0x8 ulelong 0xE greyscale 16 bits
+# this should not happen
+>>>0x8 default x color model
+>>>>0x8 ulelong x %#x
+# bit 1 in CPT file flags: UCS-2 file comment present
+>>0x31 ubyte &0x02
+# look for comment marker
+>>>0x100 search/0xc9d \4\2\0\0
+# UCS-2 file comment
+>>>>&0 lestring16 x "%s"
+# if no UCS-2 is present show ANSI file comment[112] if available
+>>0x31 ubyte&0x02 =0
+>>>0x3C string >\0 "%-.112s"
+# reserved seems to be always 0
+#>>0x10 ulelong >0 \b, reserved1 %u
+# horizontal real dpi = dpi_h * 25.4 / 10**6
+>>0x18 ulelong x \b, %u micro dots/mm
+# image vertical DPI in CPT DPI unit
+#>>0x1C ulelong x \b, %u micro dots/mm
+# reserved seems to be always 0
+#>>0x20 ulelong >0 \b, reserved2 %u
+#>>0x24 ulelong >0 \b, reserved3 %u
+# blocks_count; number of CPT_Block blocks. Allowed values: > 0
+>>0x28 ulelong x \b, %u block
+# plural s
+>>0x28 ulelong !1 \bs
+# CPT file flags
+# lower byte of CPT file flags: 0x94~CPT9FILE 0x01~often CPT7FILE 0x8C~CPT8FILE
+#>>0x30 ubyte x \b, lower flags %#x
+# upper byte of CPT file flags:
+#>>0x31 ubyte >0 \b, upper flags %#x
+# bit 2 in CPT file flags: unknown
+#>>0x31 ubyte &0x04 \b, with UNKNOWN
+# bits 3-7 in CPT file flags: unknown, seem to be often 0
+# show unusual flag combinations
+>>0x31 ubyte&0xFC >0
+>>>0x30 uleshort x \b, flags %#4.4x
+# reserved seems to be always 0
+#>>0x32 uleshort >0 \b, reserved4 %#x
+# blocks_array_offset is always 0 for CPT7 and CPT8 files created by PP7-PP8
+# typical values like: 13Ch 154h 43Ch 4F0h DA8h
+>>0x34 ulelong x \b, array offset %#x
+# reserved seems to be often 0
+>>0x38 ulelong >0 \b, reserved5 %#x
+# possible next master block
+#>>0x100 ubequad !0 \b, next block=%#llx...
+# bit 0: ICC profile block present
+>>0x31 ubyte &0x01 \b, with ICC profile
+# check for characteristic string acsp of color profile for DEBUGGING
+#>>>0x178 string x icc=%.4s
+# display ICC/ICM color profile by ./icc
+#>>>0x154 use color-profile
+
+# URL: http://fileformats.archiveteam.org/wiki/CorelDRAW
+# https://en.wikipedia.org/wiki/CorelDRAW
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/c/cdr-gen.trid.xml
+# Note: called "CorelDRAW drawing (generic)" by TrID
+# version til 2 WL-based; from version 3 til 13 handled by ./riff and from 14 zip based handled by ./archive
+0 ubelong&0xFFffF7ff 0x574C6500 Corel Draw Picture
+#!:mime image/x-coreldraw
+!:mime application/vnd.corel-draw
+!:ext cdr
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/c/cdr-corel-10.trid.xml
+# Note: called "CorelDRAW drawing (v1.0)" by TrID and
+# "CorelDraw Drawing" with version "1.0" by DROID via PUID fmt/467
+# only DROID fmt-467-signature-id-726.cdr example
+>2 ubyte 0x65 \b, version 1.0
+#>>4 ubelong !0x45000000 \b, at 4 %#8.8x
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/c/cdr-corel-20.trid.xml
+# Note: called "CorelDRAW drawing (v2.0)" by TrID and
+# "CorelDraw Drawing" with version "2.0" by DROID via PUID fmt/466
+>2 ubyte 0x6D \b, version 2.0
+# According to DROID 0xed080000 or 0x25050000
+#>>4 ubelong !0xed080000
+#>>>4 ubelong !0x25050000 \b, at 4 %#8.8x
+
+# Type: Crunch compressed texture.
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+# References:
+# - https://github.com/BinomialLLC/crunch/blob/44c8402e24441c7524ca364941fd224ab3b971e9/inc/crn_decomp.h#L267
+0 ubelong 0x4878004A Crunch compressed texture:
+>0x0C ubeshort x %u x
+>0x0E ubeshort x %u
+>0x12 ubyte 0 \b, DXT1
+>0x12 ubyte 1 \b, DXT3
+>0x12 ubyte 2 \b, DXT5
+>0x12 ubyte 3 \b, DXT5 CCxY
+>0x12 ubyte 4 \b, DXT5 xGxR
+>0x12 ubyte 5 \b, DXT5 xGBR
+>0x12 ubyte 6 \b, DXT5 AGBR
+>0x12 ubyte 7 \b, DXn XY
+>0x12 ubyte 8 \b, DXn YX
+>0x12 ubyte 9 \b, DXT5 Alpha
+>0x12 ubyte 10 \b, ETC1
+>0x10 ubyte >1 \b, %u images
+>0x11 ubyte >1 \b, %u faces
+# TODO: Flags at 0x13? (ubeshort)
+
+# Type: BasisLZ compressed texture.
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+# References:
+# - https://github.com/BinomialLLC/basis_universal/blob/master/spec/basis_spec.txt
+0 uleshort 0x4273
+>0x04 uleshort 0x4D BasisLZ
+>>0x02 uleshort x v%x compressed texture:
+>>0x14 ubyte 0 ETC1S
+>>0x14 ubyte 1 UASTC 4x4
+>>0x0E ulelong&0xFFFFFF >1 \b, %u slices
+>>0x11 ulelong&0xFFFFFF >1 \b, %u images
+>>0x15 uleshort&0x02 2 \b, Y-flipped
+
+# MIME registration: https://www.iana.org/assignments/media-types/model/e57
+# Sample files: http://www.libe57.org/data.html
+# Reference implementation: http://www.libe57.org/
+# https://www.ri.cmu.edu/pub_files/2011/1/2011-huber-e57-v3.pdf
+0 string ASTM-E57 ASTM E57 three-dimensional model
+!:mime model/e57
+!:ext e57
+
+# QOI [Quite OK Image Format] images
+# (Horia Mihai David, mihaidavid@posteo.net)
+#
+# QOI format by Dominic Szablewski <http://phoboslab.org/>
+# <https://qoiformat.org/>
+#
+# Based on spec v1.0 (2022.01.05) <https://qoiformat.org/qoi-specification.pdf>
+
+0 string qoif QOI image data
+!:ext qoi
+!:mime image/x-qoi
+# See <https://github.com/phoboslab/qoi/issues/167>
+>4 ubelong x %ux
+>8 ubelong x \b%u,
+>>13 ubyte 0 s
+>>>12 ubyte 3 \bRGB
+>>>12 ubyte 4 \bRGBA
+>>>12 default x
+>>>>12 ubyte x \b*bad channels %u*
+>>>13 ubyte 0 (linear alpha)
+>>13 ubyte 1
+>>>12 ubyte 3 RGB
+>>>12 ubyte 4 RGBA
+>>>13 ubyte 1 (all channels linear)
+>>13 default x
+>>>13 ubyte x *bad colorspace %u*
+
+
+# Type: Godot 3, 4 texture (pixel format)
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+0 name godot-pixel-format
+>0 ulelong&0xFFFFF 0 L8
+>0 ulelong&0xFFFFF 1 LA8
+>0 ulelong&0xFFFFF 2 R8
+>0 ulelong&0xFFFFF 3 RG8
+>0 ulelong&0xFFFFF 4 RGB8
+>0 ulelong&0xFFFFF 5 RGBA8
+>0 ulelong&0xFFFFF 6 RGBA4444
+>0 ulelong&0xFFFFF 7 RGB565
+>0 ulelong&0xFFFFF 8 RF
+>0 ulelong&0xFFFFF 9 RGF
+>0 ulelong&0xFFFFF 10 RGBF
+>0 ulelong&0xFFFFF 11 RGBAF
+>0 ulelong&0xFFFFF 12 RH
+>0 ulelong&0xFFFFF 13 RGH
+>0 ulelong&0xFFFFF 14 RGBH
+>0 ulelong&0xFFFFF 15 RGBAH
+>0 ulelong&0xFFFFF 16 RGBE9995
+>0 ulelong&0xFFFFF 17 DXT1
+>0 ulelong&0xFFFFF 18 DXT3
+>0 ulelong&0xFFFFF 19 DXT5
+>0 ulelong&0xFFFFF 20 RGTC_R
+>0 ulelong&0xFFFFF 21 RGTC_RG
+>0 ulelong&0xFFFFF 22 BPTC_RGBA
+>0 ulelong&0xFFFFF 23 BPTC_RGBF
+>0 ulelong&0xFFFFF 24 BPTC_RGBFU
+>0 ulelong&0xFFFFF 25 PVRTC1_2
+>0 ulelong&0xFFFFF 26 PVRTC1_2A
+>0 ulelong&0xFFFFF 27 PVRTC1_4
+>0 ulelong&0xFFFFF 28 PVRTC1_4A
+>0 ulelong&0xFFFFF 29 ETC
+>0 ulelong&0xFFFFF 30 ETC2_R11
+>0 ulelong&0xFFFFF 31 ETC2_R11S
+>0 ulelong&0xFFFFF 32 ETC2_RG11
+>0 ulelong&0xFFFFF 33 ETC2_RG11S
+>0 ulelong&0xFFFFF 34 ETC2_RGB8
+>0 ulelong&0xFFFFF 35 ETC2_RGBA8
+>0 ulelong&0xFFFFF 36 ETC2_RGB8A1
+>0 ulelong&0xFFFFF 37 ASTC_8x8
+
+# Type: Godot 3, 4 texture (rescale display, width)
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+# Shows rescale value if it's not a power of 2.
+0 name godot-rescale-display-w
+>0 uleshort 0
+>0 uleshort 1
+>0 uleshort 2
+>0 uleshort 4
+>0 uleshort 8
+>0 uleshort 16
+>0 uleshort 32
+>0 uleshort 64
+>0 uleshort 128
+>0 uleshort 256
+>0 uleshort 512
+>0 uleshort 1024
+>0 uleshort 2048
+>0 uleshort 4096
+>0 uleshort 8192
+>0 uleshort 16384
+>0 uleshort 32768
+>0 default x
+>>0 uleshort x (rescale to %u x
+
+# Type: Godot 3, 4 texture (rescale display, height)
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+# Shows rescale value if it's not a power of 2.
+0 name godot-rescale-display-h
+>0 clear x
+>0 uleshort 0
+>0 uleshort 1
+>0 uleshort 2
+>0 uleshort 4
+>0 uleshort 8
+>0 uleshort 16
+>0 uleshort 32
+>0 uleshort 64
+>0 uleshort 128
+>0 uleshort 256
+>0 uleshort 512
+>0 uleshort 1024
+>0 uleshort 2048
+>0 uleshort 4096
+>0 uleshort 8192
+>0 uleshort 16384
+>0 uleshort 32768
+>0 default x
+>>0 uleshort x %u)
+
+# Type: Godot 3 texture
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+# References:
+# - https://github.com/godotengine/godot/blob/3.3/core/image.h
+# - https://github.com/godotengine/godot/blob/3.3/scene/resources/texture.cpp
+# - https://github.com/godotengine/godot/blob/3.3/scene/resources/texture.h
+# TODO: Don't show "rescale to" if it matches the image size.
+0 string GDST Godot 3 texture:
+!:ext stex
+!:mime image/x-godot-stex
+>4 uleshort x %u x
+>8 uleshort x %u
+>6 uleshort 0 \b,
+>6 uleshort !0
+>>6 use godot-rescale-display-w
+>>10 use godot-rescale-display-h
+>>10 uleshort x \b,
+>16 ulelong&0x800000 !0 has mipmaps,
+>16 ulelong&0x100000 0x100000 lossless encoding
+>16 ulelong&0x200000 0x200000 lossy encoding
+>16 ulelong&0x300000 0
+>>16 use godot-pixel-format
+
+# Type: Godot 4 texture
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+# References:
+# - https://github.com/godotengine/godot/blob/master/core/io/image.h
+# - https://github.com/godotengine/godot/blob/master/scene/resources/texture.cpp
+# - https://github.com/godotengine/godot/blob/master/scene/resources/texture.h
+# TODO: Don't show "rescale to" if it matches the image size.
+0 string GST2 Godot 4 texture
+!:ext stex
+!:mime image/x-godot-stex
+>4 ulelong x v%u:
+>0x28 uleshort x %u x
+>0x2A uleshort x %u
+>8 use godot-rescale-display-w
+>12 use godot-rescale-display-h
+>12 uleshort x \b,
+>0x2C ulelong >1 %u mipmaps,
+>0x30 use godot-pixel-format
+>0x24 ulelong 1 \b, embedded PNG image
+>0x24 ulelong 2 \b, embedded WebP image
+>0x24 ulelong 3 \b, Basis Universal
+
+# Summary: iCEDraw graphic *.IDF
+# URL: http://fileformats.archiveteam.org/wiki/ICEDraw
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/i/idf-icedraw.trid.xml
+# From: Joerg Jenderek
+# Note: called "iCEDraw graphic" by TrID, "iCEDraw text" by FFmpeg and "iCE Draw" by Ansilove
+# verified by FFmpeg command `ffprobe ICE-9605.IDF` and `ansilove -s SQ-FORCE.IDF`
+0 string \0041.4\0\0\0\0O\0 iCEDraw graphic
+#!:mime application/octet-stream
+!:mime image/x-idf
+!:ext idf
+
+# Type: ColoRIX VGA Paint Image File (.rix/.sci/.scX)
+# From: Eddy Jansson <github.com/eloj>
+# Reference: https://www.fileformat.info/format/rix/spec/
+#
+0 name rix-header
+>0 uleshort x \b, %u x
+>2 uleshort x %u
+# palette type:
+# .. if direct color, low bits encode bpp
+>4 ubyte&128 0
+>>4 ubyte&127 x \b %u bpp (direct color)
+# .. else palette
+>4 ubyte&128 128
+>>4 ubyte&7 0 \b x 2
+>>4 ubyte&7 1 \b x 4
+>>4 ubyte&7 2 \b x 8
+>>4 ubyte&7 3 \b x 16
+>>4 ubyte&7 4 \b x 32
+>>4 ubyte&7 5 \b x 64
+>>4 ubyte&7 6 \b x 128
+>>4 ubyte&7 7 \b x 256
+# storage type
+#>5 ubyte&15 0 \b, Linear
+>5 ubyte&15 1 \b, Planar (0213)
+>5 ubyte&15 2 \b, Planar
+>5 ubyte&15 3 \b, Text
+>5 ubyte&15 4 \b, Planar lines
+>5 ubyte&128 128 \b (compressed)
+>5 ubyte&64 64 \b (extension)
+>5 ubyte&32 32 \b (encrypted)
+
+0 string RIX3 ColoRIX Image
+>4 use rix-header
+
+0 string RIX7 ColoRIX Slideshow
+
+# http://fileformats.archiveteam.org/wiki/PaperPort_(MAX)
+0 string ViG Visioneer PaperPort
+>3 string Ae 2
+>3 string Be 2
+>3 string Cj 3-4
+>3 string Em 5-7
+>3 string Fk 8-12
+>3 default x MAX
diff --git a/magic/Magdir/inform b/magic/Magdir/inform
new file mode 100644
index 0000000..fe518ec
--- /dev/null
+++ b/magic/Magdir/inform
@@ -0,0 +1,9 @@
+
+#------------------------------------------------------------------------------
+# $File: inform,v 1.5 2009/09/19 16:28:09 christos Exp $
+# inform: file(1) magic for Inform interactive fiction language
+
+# URL: http://www.inform-fiction.org/
+# From: Reuben Thomas <rrt@sc3d.org>
+
+0 search/100/cW constant\ story Inform source text
diff --git a/magic/Magdir/intel b/magic/Magdir/intel
new file mode 100644
index 0000000..5177fea
--- /dev/null
+++ b/magic/Magdir/intel
@@ -0,0 +1,310 @@
+
+#------------------------------------------------------------------------------
+# $File: intel,v 1.23 2022/10/31 13:22:26 christos Exp $
+# intel: file(1) magic for x86 Unix
+#
+# Various flavors of x86 UNIX executable/object (other than Xenix, which
+# is in "microsoft"). DOS is in "msdos"; the ambitious soul can do
+# Windows as well.
+#
+# Windows NT belongs elsewhere, as you need x86 and MIPS and Alpha and
+# whatever comes next (HP-PA Hummingbird?). OS/2 may also go elsewhere
+# as well, if, as, and when IBM makes it portable.
+#
+# The `versions' should be un-commented if they work for you.
+# (Was the problem just one of endianness?)
+#
+0 leshort 0502 basic-16 executable
+>12 lelong >0 not stripped
+#>22 leshort >0 - version %d
+0 leshort 0503 basic-16 executable (TV)
+>12 lelong >0 not stripped
+#>22 leshort >0 - version %d
+0 leshort 0510 x86 executable
+>12 lelong >0 not stripped
+0 leshort 0511 x86 executable (TV)
+>12 lelong >0 not stripped
+0 leshort =0512 iAPX 286 executable small model (COFF)
+>12 lelong >0 not stripped
+#>22 leshort >0 - version %d
+0 leshort =0522 iAPX 286 executable large model (COFF)
+>12 lelong >0 not stripped
+#>22 leshort >0 - version %d
+# updated by Joerg Jenderek at Oct 2015
+# https://de.wikipedia.org/wiki/Common_Object_File_Format
+# http://www.delorie.com/djgpp/doc/coff/filhdr.html
+# ./msdos (version 5.25) labeled the next entry as "MS Windows COFF Intel 80386 object file"
+# ./intel (version 5.25) label labeled the next entry as "80386 COFF executable"
+# SGI labeled the next entry as "iAPX 386 executable" --Dan Quinlan
+0 leshort =0514
+# use subroutine to display name+flags+variables for common object formatted files
+>0 use display-coff
+#>12 lelong >0 not stripped
+# no hint found, that at offset 22 is version
+#>22 leshort >0 - version %d
+0 leshort 0x0200
+# no F_EXEC flag bit implies Intel ia64 COFF object file without optional header
+>18 leshort ^0x0002
+# skip some DEGAS high-res uncompressed bitmap *.pi3 handled by ./images like
+# GEMINI03.PI3 MODEM2.PI3 POWERFIX.PI3 sigirl1.pi3 vanna5.pi3
+# by test for valid starting character (often point 0x2E) of 1st section name
+>>20 ubyte >0x1F
+>>>0 use display-coff
+# F_EXEC flag bit implies Intel ia64 COFF executable
+>18 leshort &0x0002
+>>0 use display-coff
+0 leshort 0x8664
+>0 use display-coff
+
+# rom: file(1) magic for BIOS ROM Extensions found in intel machines
+# mapped into memory between 0xC0000 and 0xFFFFF
+# From: Alex Myczko <alex@aiei.ch>
+# updated by Joerg Jenderek
+# https://en.wikipedia.org/wiki/Option_ROM
+# URL: http://fileformats.archiveteam.org/wiki/BIOS
+# Reference: http://www.lejabeach.com/sisubb/BIOS_Disassembly_Ninjutsu_Uncovered.pdf
+0 beshort 0x55AA
+# skip misidentified raspberry pi pieeprom-*.bin by check for
+# unlikely high ROM size (0xF0*512=240*512) and not observed start instruction 0x0F
+>2 ubeshort !0xF00F
+# skip 2 byte sized eof.bin with start magic
+>>0 use rom-x86
+0 name rom-x86
+>0 beshort x BIOS (ia32) ROM Ext.
+#!:mime application/octet-stream
+!:mime application/x-ibm-rom
+!:ext rom/bin
+################################################################################
+# not Plug aNd Play ($PnP) like 00000000 (ide_xtp.bin kvmvapic.bin V7VGA.ROM) 000000fc (MCT-VGA.bin)
+# 55aaf00f (pieeprom-*.bin) 55aa40e9 (Trm3x5.bin) 24506f4f (sgabios-bin.rom)
+# 55aa4be9 (vgabios-stdvga.rom vgabios-cirrus-bin.rom vgabios-vmware-bin.rom)
+>(26.s) ubelong !0x24506e50
+#>(26.s) ubelong !0x24506e50 NOT PNP=%8.8x
+# also not PCI (PCIR) implies "old" ISA cards or foo like: 8a168404 (MCT-VGA.bin)
+# 55aaf00f (pieeprom*.bin)
+>>(24.s) ubelong !0x50434952
+#>>(24.s) ubelong !0x50434952 ISA CARD=%8.8x
+# "old" identification strings used in file version 5.41 and earlier
+# probably an USB controller
+>>>5 string USB USB
+# probably https://en.wikipedia.org/wiki/Preboot_Execution_Environment
+>>>7 string LDR UNDI image
+# probably another Adaptec SCSI controller
+>>>26 string Adaptec Adaptec
+# http://minuszerodegrees.net/rom/bin/adaptec_aha1542cp_bios_908501-00.bin
+# already done by PNP variant
+#>>>28 string Adaptec Adaptec
+# probably Promise SCSI controller
+>>>42 string PROMISE Promise
+# old test for IBM compatible Video cards; INTERNAL FACTS WHY IS THIS WORKING?
+>30 string IBM IBM comp. Video
+# display exact text for IBM compatible Video cards with longer text
+>>33 ubyte !0
+>>>30 string x "%s"
+# http://minuszerodegrees.net/rom/bin/unknown/MCT-VGA-16%20-%20TDVGA%203588%20BIOS%20Version%20V1.04A.zip
+# "IBM COMPATIBLETDVGA 3588 BIOS Version V1.04A2+" "MCT-VGA-16 - TDVGA 3588 BIOS Version V1.04A.bin"
+# "IBM VGA Compatible\001" NVidia44.bin
+# "IBM EGA ROM Video Seven BIOS Code, Version 1.04" V7VGA.ROM
+# "IBM" vgabios-stdvga.rom
+# "IBM" vgabios-vmware-bin.rom:
+# "IBM" vgabios-cirrus-bin.rom
+# "IBM" vgabios-virtio-bin.rom
+################################################################################
+# ROM size in 512B blocks must be interpreted as unsigned for ROM of network cards
+# like: efi-eepro100.rom efi-rtl8139.rom pxe-e1000.rom
+>2 ubyte x (%u*512)
+# file name file size calculated size remark
+# eof.bin 2 - with start magic nothing is shown here
+# orchid.bin 188 0 =0*512 on window 95 CD in Drivers\audio\orchid3d
+# multiboot.bin 1024 1024 =2*512 QEMU emulator
+# loader1.bin 512 2048 =4*512
+# ide_xtp.bin 8192 8192 =16*512
+# kvmvapic.bin 9216 9216 =18*512
+# V7VGA.ROM 18832 16384 =32*512
+# adaptec1542.bin 32768 16384 =32*512
+# MCT-VGA.bin 32768 24576 =48*512
+# 2975BIOS.BIN 32768 32256 =63*512
+# efi-e1000.rom 196608 64000 =125*512
+# efi-rtl8139.rom 176640 66048 =129*512
+# pieeprom*.bin 524288 122880 =240*512
+################################################################################
+# initialization vector with executable code; often near JuMP instruction E9 yy zz
+>3 ubyte =0xE9 jmp
+# jmp offset like: 008fh 0093h 009fh 00afh 0143h 3ad7h 5417h 54ech 594dh 895fh
+>>4 uleshort x %#4.4x
+# for initialization vector samples without 3 byte jump instruction
+>3 ubyte !0xE9 instruction
+# eb4b3734h NVidia44.bin
+# 00003234h V7VGA.ROM
+# 060e0731h kvmvapic.bin
+# cb000000h linuxboot-bin.rom
+# e80d0fcbh PXE-Intel.rom
+# b8004875h orchid.bin
+>>3 ubelong x %#8.8x
+# For misidentified raspberry pi pieeprom-*.bin like: 0xf00f
+#>2 ubeshort x \b, AT 2 %#4.4x
+################################################################################
+# new sections for BIOS (ia32) ROM Extension
+# 4 bytes ASCII Signature "$PnP" for Plug aNd Play expansion header
+>(26.s) string =$PnP \b;
+#>(26.s) string =$PnP FOUND $PnP
+# at 1Ah possible offset to expansion header structure; new for Plug aNd Play
+>>26 uleshort x at %#x PNP
+# Plug and Play vendor+device ID like: 0 0x000f1000 (2975BIOS.BIN) 0x31121095 (4243.bin) 0x04904215 (adaptec1542.bin)
+#>>(26.s+0x0A) ulelong !0 NOT-nullID=%8.8x
+>>(26.s+0x0A) uleshort !0
+# show PnP Vendor identification in human readable text form instead of numeric
+# For adaptec_ava1515_bios_585201-00.bin reverted endian! BUT IS THIS ALWAYS TRUE?
+>>>(26.s+0x0C) use \^PCI-vendor
+>>>(26.s+0x0A) ubeshort x device=%#4.4x
+# 3 byte Device type code; probably the same meaning as in PCI section?
+# OK for storage controller SCSI (2975BIOS.BIN adaptec1542.bin)
+# and network controller ethernet (efi-e1000.rom efi-rtl8139.rom)
+>>(26.s+0x12) use PCI-class
+# structure revision like: 01h
+>>(26.s+4) ubyte !1 \b, revision %u
+# PnP Header structure length in multiple of 16 bytes like: 2
+>>(26.s+5) uleshort !2 \b, length %u*16
+# offset to next header; 0 if none
+>>(26.s+7) uleshort !0 \b, at %#x next header
+# reserved byte; seems to be zero
+>>(26.s+8) ubyte !0 \b, reserved %#x
+# 8-bit checksum for this header; calculated and patched by patch2pnprom
+>>(26.s+9) ubyte !0 \b, CRC %#x
+# pointer to optional manufacturer string; like: 0 (4243.bin) 59h 5ch 60h c7h 14eh 27ch 296h 324h 3662h
+>>(26.s+0x0E) uleshort >0 \b, at %#x
+>>>(26.s+0x0C) uleshort x
+# manufacturer ASCII-Z string like "http://ipxe.org" "Plop - Elmar Hanlhofer www.plop.at" "QEMU"
+>>>>(&0.s) string x "%s"
+# pointer to optional product string; like: 0 (2975BIOS.BIN) 6ch 70h 7ch d9h 160h 281h 29bh 329h
+>>(26.s+0x10) uleshort >0 \b, at %#x
+>>>(26.s+0x0E) uleshort x
+# often human readable product ASCII-Z string like "iPXE" "Plop Boot Manager"
+# "multiboot loader" "Intel UNDI, PXE-2.0 (build 082)"
+>>>>(&0.s) string x "%s"
+# PnP Device indicators; contains bits that identify the device as being capable of bootable
+#>>(26.s+0x15) ubyte x \b, INDICATORS %#x
+# device is a display device
+>>(26.s+0x15) ubyte &0x01 \b, display
+# device is an input device
+>>(26.s+0x15) ubyte &0x02 \b, input
+# device is an IPL device
+>>(26.s+0x15) ubyte &0x04 \b, IPL
+#>>(26.s+0x15) ubyte &0x08 reserved
+# ROM is only required if this device is selected as a boot device
+>>(26.s+0x15) ubyte &0x10 \b, bootable
+# indicates ROM is read cacheable
+>>(26.s+0x15) ubyte &0x20 \b, cacheable
+# ROM may be shadowed in RAM
+>>(26.s+0x15) ubyte &0x40 \b, shadowable
+# ROM supports the device driver initialization model
+>>(26.s+0x15) ubyte &0x80 \b, InitialModel
+# boot connection vector; an offset to a routine that hook into INT 9h, INT 10h, or INT 13h
+# 0 means disabled 0x0429 (4650_sr5.bin) 0x0072 (adaptec1542.bin)
+>>(26.s+0x16) uleshort !0 \b, boot vector offset %#x
+# disconnect vector; offset to routine that do cleanup from an unsuccessful boot attempt
+>>(26.s+0x18) uleshort !0 \b, disconnect offset %#x
+# bootstrap entry point/vector (BEV); offset to a routine (like RPL) that hook into INT 19h
+# 0 means disabled 0x3c (multiboot.bin) 0x358 (efi-rtl8139.rom) 0xae7 (PXE-Intel.rom)
+>>(26.s+0x1A) uleshort !0 \b, bootstrap offset %#x
+# 2nd reserved area; seems to be zero
+>>(26.s+0x1C) uleshort !0 \b, 2nd reserved %#x
+# static resource information vector; 0 means disabled
+>>(26.s+0x1E) uleshort !0 \b, static offset %#4.4x
+################################################################################
+# 4 bytes ASCII Signature "PCIR" for PCI Data Structure
+#>(24.s) string =PCIR FOUND PCIR
+>(24.s) string =PCIR \b;
+# pointer to PCI data structure like: 1Ch 38h 104h 8E44h
+>>24 uleshort x at %#x PCI
+# Vendor identification (ID) https://pci-ids.ucw.cz/v2.2/pci.ids
+#>>(24.s+4) uleshort x ID=%4.4x
+# show Vendor identification in human readable text form instead of numeric
+>>(24.s+4) use PCI-vendor
+# device identification (ID)
+>>(24.s+6) uleshort x device=%#4.4x
+# Base+sub class code https://wiki.osdev.org/PCI
+>>(24.s+0x0D) use PCI-class
+# pointer to vital product data (VPD); 0 indicates no VPD; WHAT EXACTLY iS VPD?
+>>(24.s+8) uleshort !0 \b, at %#x VPD
+# PCI data structure length like: 24h 28h
+>>(24.s+0xA) uleshort >0x28 \b, length %u
+# PCI data structure revision like: 0 3
+>>(24.s+0xC) ubyte >0 \b, revision %u
+# image length (hexadecimal) in multiple of 512 bytes like: 54 56 68 6a 76 78 7c 7d 7e 7f 80 81 83
+# Apparently this gives the same information as given by byte at offset 2 but as 16-bit
+#>>(24.s+0x10) uleshort x \b, length %u*512
+# revision level of code/data like: 0 1 201h 502h
+>>(24.s+0xC) ubyte >1 \b, code revision %#x
+# code type: 0~Intel x86/PC-AT compatible 1~Open firmware standard for PCI42 FF~Reserved
+>>(24.s+0x14) ubyte >0 \b, code type %#x
+# last image indicator; bit 7 indicates "last image"; bits 0-6 are reserved
+>>(24.s+0x15) ubyte >0
+>>>(24.s+0x15) ubyte =0x80 \b, last ROM
+# THIS SHOULD NOT HAPPEN!
+>>>(24.s+0x15) ubyte !0x80 \b, indicator %x
+# 3rd reserved area; seems to be zero in most cases but not for
+# efi-e1000.rom efi-rtl8139.rom
+>>(24.s+0x16) ubeshort !0 \b, 3rd reserved %#x
+
+# Flash descriptors for Intel SPI flash roms.
+# From Dr. Jesus <j@hug.gs>
+0 lelong 0x0ff0a55a Intel serial flash for ICH/PCH ROM <= 5 or 3400 series A-step
+16 lelong 0x0ff0a55a Intel serial flash for PCH ROM
+
+# From: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/Advanced_Configuration_and_Power_Interface
+# Reference: https://uefi.org/sites/default/files/resources/ACPI_6_3_final_Jan30.pdf
+# Note: generated for example by `cat /sys/firmware/acpi/tables/DSDT MyDSDT.aml`
+0 string DSDT
+>0 use acpi-table
+# not tested or other file format
+0 string APIC
+>0 use acpi-table
+#0 string ASF!
+#>0 use acpi-table
+0 string FACP
+>0 use acpi-table
+#0 string FACS
+#>0 use acpi-table
+0 string MCFG
+>0 use acpi-table
+0 string SLIC
+>0 use acpi-table
+0 string SSDT
+>0 use acpi-table
+0 name acpi-table
+# skip ASCII text starting with DSDT by looking for valid "low" revision
+>8 ubyte <17 ACPI Machine Language file
+# assume that ACPI tables size are lower than 16 MiB
+#>4 ulelong <0x01000000
+# DSDT for Differentiated System Description Table
+>>0 string x '%.4s'
+#!:mime application/octet-stream
+!:mime application/x-intel-aml
+!:ext aml
+# the manufacture model ID like: VBOXBIOS BXDSDT
+>>16 string >\0 %.8s
+# OEM revision of DSDT for supplied OEM Table ID like: 0 1 2 20090511
+>>>24 ulelong x %x
+# OEM ID like: INTEL VBOX (VirtualBox) BXDSDT (qemu) MEDION or \030\001\0\0 for s3pt.aml
+>>10 ubyte >040 by %c
+>>>11 ubyte >040 \b%c
+>>>>12 ubyte >040 \b%c
+>>>>>13 ubyte >040 \b%c
+>>>>>>14 ubyte >040 \b%c
+>>>>>>>15 ubyte >040 \b%c
+# This field also sets the global integer width for the AML interpreter.
+# Values less than two will cause the interpreter to use 32-bit.
+# Values of two and greater will cause the interpreter to use full 64-bit.
+# 16 for asf!.aml, 67 fo rsdp.aml
+>>8 ubyte x \b, revision %u
+# length, in bytes, of the entire DSDT (including the header)
+>>4 ulelong x \b, %u bytes
+# entire table must sum to zero
+#>>9 ubyte x \b, checksum %#x
+# vendor ID for the ASL Compiler like: INTL MSFT ...
+>>28 string >\0 \b, created by %.4s
+# revision number of the ASL Compiler like: 20051117 20140724 20190703 20200110 ...
+>>>32 ulelong x %x
+
diff --git a/magic/Magdir/interleaf b/magic/Magdir/interleaf
new file mode 100644
index 0000000..8e3aaf5
--- /dev/null
+++ b/magic/Magdir/interleaf
@@ -0,0 +1,9 @@
+
+#------------------------------------------------------------------------------
+# $File: interleaf,v 1.10 2009/09/19 16:28:10 christos Exp $
+# interleaf: file(1) magic for InterLeaf TPS:
+#
+0 string =\210OPS Interleaf saved data
+0 string =<!OPS Interleaf document text
+>5 string ,\ Version\ = \b, version
+>>17 string >\0 %.3s
diff --git a/magic/Magdir/island b/magic/Magdir/island
new file mode 100644
index 0000000..f40521a
--- /dev/null
+++ b/magic/Magdir/island
@@ -0,0 +1,10 @@
+
+#------------------------------------------------------------------------------
+# $File: island,v 1.5 2009/09/19 16:28:10 christos Exp $
+# island: file(1) magic for IslandWite/IslandDraw, from SunOS 5.5.1
+# "/etc/magic":
+# From: guy@netapp.com (Guy Harris)
+#
+4 string pgscriptver IslandWrite document
+13 string DrawFile IslandDraw document
+
diff --git a/magic/Magdir/ispell b/magic/Magdir/ispell
new file mode 100644
index 0000000..57a6e9e
--- /dev/null
+++ b/magic/Magdir/ispell
@@ -0,0 +1,63 @@
+
+#------------------------------------------------------------------------------
+# $File: ispell,v 1.8 2009/09/19 16:28:10 christos Exp $
+# ispell: file(1) magic for ispell
+#
+# Ispell 3.0 has a magic of 0x9601 and ispell 3.1 has 0x9602. This magic
+# will match 0x9600 through 0x9603 in *both* little endian and big endian.
+# (No other current magic entries collide.)
+#
+# Updated by Daniel Quinlan (quinlan@yggdrasil.com)
+#
+0 leshort&0xFFFC 0x9600 little endian ispell
+>0 byte 0 hash file (?),
+>0 byte 1 3.0 hash file,
+>0 byte 2 3.1 hash file,
+>0 byte 3 hash file (?),
+>2 leshort 0x00 8-bit, no capitalization, 26 flags
+>2 leshort 0x01 7-bit, no capitalization, 26 flags
+>2 leshort 0x02 8-bit, capitalization, 26 flags
+>2 leshort 0x03 7-bit, capitalization, 26 flags
+>2 leshort 0x04 8-bit, no capitalization, 52 flags
+>2 leshort 0x05 7-bit, no capitalization, 52 flags
+>2 leshort 0x06 8-bit, capitalization, 52 flags
+>2 leshort 0x07 7-bit, capitalization, 52 flags
+>2 leshort 0x08 8-bit, no capitalization, 128 flags
+>2 leshort 0x09 7-bit, no capitalization, 128 flags
+>2 leshort 0x0A 8-bit, capitalization, 128 flags
+>2 leshort 0x0B 7-bit, capitalization, 128 flags
+>2 leshort 0x0C 8-bit, no capitalization, 256 flags
+>2 leshort 0x0D 7-bit, no capitalization, 256 flags
+>2 leshort 0x0E 8-bit, capitalization, 256 flags
+>2 leshort 0x0F 7-bit, capitalization, 256 flags
+>4 leshort >0 and %d string characters
+0 beshort&0xFFFC 0x9600 big endian ispell
+>1 byte 0 hash file (?),
+>1 byte 1 3.0 hash file,
+>1 byte 2 3.1 hash file,
+>1 byte 3 hash file (?),
+>2 beshort 0x00 8-bit, no capitalization, 26 flags
+>2 beshort 0x01 7-bit, no capitalization, 26 flags
+>2 beshort 0x02 8-bit, capitalization, 26 flags
+>2 beshort 0x03 7-bit, capitalization, 26 flags
+>2 beshort 0x04 8-bit, no capitalization, 52 flags
+>2 beshort 0x05 7-bit, no capitalization, 52 flags
+>2 beshort 0x06 8-bit, capitalization, 52 flags
+>2 beshort 0x07 7-bit, capitalization, 52 flags
+>2 beshort 0x08 8-bit, no capitalization, 128 flags
+>2 beshort 0x09 7-bit, no capitalization, 128 flags
+>2 beshort 0x0A 8-bit, capitalization, 128 flags
+>2 beshort 0x0B 7-bit, capitalization, 128 flags
+>2 beshort 0x0C 8-bit, no capitalization, 256 flags
+>2 beshort 0x0D 7-bit, no capitalization, 256 flags
+>2 beshort 0x0E 8-bit, capitalization, 256 flags
+>2 beshort 0x0F 7-bit, capitalization, 256 flags
+>4 beshort >0 and %d string characters
+# ispell 4.0 hash files kromJx <kromJx@crosswinds.net>
+# Ispell 4.0
+0 string ISPL ispell
+>4 long x hash file version %d,
+>8 long x lexletters %d,
+>12 long x lexsize %d,
+>16 long x hashsize %d,
+>20 long x stblsize %d
diff --git a/magic/Magdir/isz b/magic/Magdir/isz
new file mode 100644
index 0000000..4d9c030
--- /dev/null
+++ b/magic/Magdir/isz
@@ -0,0 +1,15 @@
+
+#------------------------------------------------------------------------------
+# $File: isz,v 1.5 2019/04/19 00:42:27 christos Exp $
+# ISO Zipped file format
+# https://www.ezbsystems.com/isz/iszspec.txt
+0 string IsZ! ISO Zipped file
+>4 byte x \b, header size %u
+>5 byte x \b, version %u
+>8 lelong x \b, serial %u
+#12 leshort x \b, sector size %u
+#>16 lelong x \b, total sectors %u
+>17 byte >0 \b, password protected
+#>24 lequad x \b, segment size %llu
+#>32 lelong x \b, blocks %u
+#>36 lelong x \b, block size %u
diff --git a/magic/Magdir/java b/magic/Magdir/java
new file mode 100644
index 0000000..d361275
--- /dev/null
+++ b/magic/Magdir/java
@@ -0,0 +1,52 @@
+
+#------------------------------------------------------------
+# $File: java,v 1.22 2023/01/11 23:59:49 christos Exp $
+# Java ByteCode and Mach-O binaries (e.g., Mac OS X) use the
+# same magic number, 0xcafebabe, so they are both handled
+# in the entry called "cafebabe".
+#------------------------------------------------------------
+# Java serialization
+# From Martin Pool (m.pool@pharos.com.au)
+0 beshort 0xaced Java serialization data
+>2 beshort >0x0004 \b, version %d
+
+0 belong 0xfeedfeed Java KeyStore
+!:mime application/x-java-keystore
+0 belong 0xcececece Java JCE KeyStore
+!:mime application/x-java-jce-keystore
+
+# Java source
+0 regex \^import.*;$ Java source
+!:mime text/x-java
+
+# Java HPROF dumps
+# https://java.net/downloads/heap-snapshot/hprof-binary-format.html
+0 string JAVA\x20PROFILE\x201.0.
+>0x12 byte 0
+>>0x11 ubyte-0x31 <2 Java HPROF dump,
+>>>0x17 beqdate/1000 x created %s
+
+# Java jmod module
+# See https://hg.openjdk.java.net/jdk9/jdk9/jdk/file/tip/src/java.base/share/classes/jdk/internal/jmod/JmodFile.java
+# Grr. 2 byte magic "JM", really? In 2019?
+0 belong 0x4a4d0100 Java jmod module version 1.0
+!:mime application/x-java-jmod
+
+# Java jlinked image
+# See https://hg.openjdk.java.net/jdk9/jdk9/jdk/file/tip/src/java.base/share/native/libjimage/imageFile.hpp
+0 belong 0xcafedada Java module image (big endian)
+>4 beshort >0x00 \b, version %d
+>6 beshort x \b.%d
+!:mime application/x-java-image
+
+0 lelong 0xcafedada Java module image (little endian)
+>6 leshort >0x00 \b, version %d
+>4 leshort x \b.%d
+!:mime application/x-java-image
+
+# JAR Manifest & Signature File
+# Reference: https://docs.oracle.com/javase/8/docs/technotes/guides/jar/jar.html
+0 string/t Manifest-Version:\x201.0 JAR Manifest
+!:ext MF
+0 string/t Signature-Version:\x201.0 JAR Signature File
+!:ext SF
diff --git a/magic/Magdir/javascript b/magic/Magdir/javascript
new file mode 100644
index 0000000..90a09cc
--- /dev/null
+++ b/magic/Magdir/javascript
@@ -0,0 +1,171 @@
+
+#------------------------------------------------------------------------------
+# $File: javascript,v 1.5 2023/01/12 00:02:16 christos Exp $
+# javascript: magic for javascript and node.js scripts.
+#
+0 string/tw #!/bin/node Node.js script executable
+!:mime application/javascript
+0 string/tw #!/usr/bin/node Node.js script executable
+!:mime application/javascript
+0 string/tw #!/bin/nodejs Node.js script executable
+!:mime application/javascript
+0 string/tw #!/usr/bin/nodejs Node.js script executable
+!:mime application/javascript
+0 string/t #!/usr/bin/env\ node Node.js script executable
+!:mime application/javascript
+0 string/t #!/usr/bin/env\ nodejs Node.js script executable
+!:mime application/javascript
+
+# JavaScript
+# The strength is increased to beat the C++ & HTML rules
+0 search "use\x20strict" JavaScript source
+!:strength +30
+!:mime application/javascript
+!:ext js
+0 search 'use\x20strict' JavaScript source
+!:strength +30
+!:mime application/javascript
+!:ext js
+0 regex module(\\.|\\[["'])exports.*= JavaScript source
+!:strength +30
+!:mime application/javascript
+!:ext js
+0 regex \^(const|var|let).*=.*require\\( JavaScript source
+!:strength +30
+!:mime application/javascript
+!:ext js
+0 regex \^export\x20(function|class|default|const|var|let|async)\x20 JavaScript source
+!:strength +30
+!:mime application/javascript
+!:ext js
+0 regex \\((async\x20)?function[(\x20] JavaScript source
+!:strength +30
+!:mime application/javascript
+!:ext js
+0 regex \^(import|export).*\x20from\x20 JavaScript source
+!:strength +30
+!:mime application/javascript
+!:ext js
+0 regex \^(import|export)\x20["']\\./ JavaScript source
+!:strength +30
+!:mime application/javascript
+!:ext js
+0 regex \^require\\(["'] JavaScript source
+!:strength +30
+!:mime application/javascript
+!:ext js
+0 regex typeof.*[!=]== JavaScript source
+!:strength +30
+!:mime application/javascript
+!:ext js
+
+# React Native minified JavaScript
+0 search/128 __BUNDLE_START_TIME__= React Native minified JavaScript
+!:strength +30
+!:mime application/javascript
+!:ext bundle/jsbundle
+
+# Hermes by Facebook https://hermesengine.dev/
+# https://github.com/facebook/hermes/blob/master/include/hermes/\
+# BCGen/HBC/BytecodeFileFormat.h#L24
+0 lequad 0x1F1903C103BC1FC6 Hermes JavaScript bytecode
+>8 lelong x \b, version %d
+
+# v8 JavaScript engine bytecode
+# From: Alexandre Iooss <erdnaxe@crans.org>
+# URL: https://v8.dev/docs/ignition
+# Note: used in bytenode and NW.js protected source code
+# V8 bytecode extraction was added in NodeJS v5.7.0 (V8 4.6.85.31).
+# Version information is provided for some v8 versions found in NodeJS releases.
+2 uleshort =0xC0DE
+>0 ulelong^0xC0DE0000 >0
+# Reservation table starts at 40
+>>40 ulelong&0xFFFFFF00 =0x80000000
+# Stub keys present
+>>>24 ulelong >0
+>>>>0 ulelong^0xC0DE0000 x v8 bytecode, external reference table size: %u bytes,
+>>>>4 ulelong =0xEE4BF478 version 5.1.281.111,
+>>>>4 ulelong =0xC4A0100C version 5.5.372.43,
+>>>>8 ulelong x source size: %u bytes,
+>>>>12 ulelong x cpu features: %#08X,
+>>>>16 ulelong x flag hash: %#08X,
+>>>>20 ulelong x %u reservations,
+>>>>28 ulelong x payload size: %u bytes,
+>>>>32 ulelong x checksum1: %#08X,
+>>>>36 ulelong x checksum2: %#08X
+# No stub keys
+>>>24 ulelong =0
+>>>>0 ulelong^0xC0DE0000 x v8 bytecode, external reference table size: %u bytes,
+>>>>4 ulelong =0x54F0AD81 version 6.2.414.46,
+>>>>4 ulelong =0X7D1BF182 version 6.2.414.54,
+>>>>4 ulelong =0x35BA122E version 6.2.414.77,
+>>>>4 ulelong =0X9319F9C2 version 6.2.414.78,
+>>>>4 ulelong =0xB1240060 version 6.6.346.32,
+>>>>4 ulelong =0x2B757060 version 6.7.288.46,
+>>>>4 ulelong =0x09D147AA version 6.7.288.49,
+>>>>4 ulelong =0xF4D4F48A version 6.8.275.32,
+>>>>4 ulelong =0xD3961326 version 7.0.276.38,
+>>>>8 ulelong x source size: %u bytes,
+>>>>12 ulelong x cpu features: %#08X,
+>>>>16 ulelong x flag hash: %#08X,
+>>>>20 ulelong x %u reservations,
+>>>>28 ulelong x payload size: %u bytes,
+>>>>32 ulelong x checksum1: %#08X,
+>>>>36 ulelong x checksum2: %#08X
+# Reservation table starts at 32
+>>32 ulelong&0xFFFFFF00 =0x80000000
+# Second checksum present
+>>>28 ulelong >0
+>>>>0 ulelong^0xC0DE0000 x v8 bytecode, external reference table size: %u bytes,
+>>>>4 ulelong =0x21DDF627 version 7.4.288.21,
+>>>>4 ulelong =0x1FC9FE84 version 7.4.288.27,
+>>>>4 ulelong =0x60A99E8B version 7.5.288.22,
+>>>>4 ulelong =0x4F665E90 version 7.6.303.29,
+>>>>4 ulelong =0xC7ACFCDE version 7.7.299.11,
+>>>>4 ulelong =0x7F641D8F version 7.7.299.13,
+>>>>4 ulelong =0xFD9A4F2E version 7.8.279.17,
+>>>>4 ulelong =0x3A845324 version 7.8.279.23,
+>>>>4 ulelong =0xFF52FEAF version 7.9.317.25,
+>>>>8 ulelong x source size: %u bytes,
+>>>>12 ulelong x flag hash: %#08X,
+>>>>16 ulelong x %u reservations,
+>>>>20 ulelong x payload size: %u bytes,
+>>>>24 ulelong x checksum1: %#08X,
+>>>>28 ulelong x checksum2: %#08X
+# No second checksum
+>>>28 ulelong =0
+>>>>0 ulelong^0xC0DE0000 x v8 bytecode, external reference table size: %u bytes,
+>>>>4 ulelong =0x8725E0F8 version 8.1.307.30,
+>>>>4 ulelong =0x09ED1289 version 8.1.307.31,
+>>>>4 ulelong =0xA5728C87 version 8.3.110.9,
+>>>>4 ulelong =0xB45C5D30 version 8.4.371.23,
+>>>>4 ulelong =0xED9C278B version 8.4.371.19,
+>>>>4 ulelong =0xD27BFF42 version 8.6.395.16,
+>>>>8 ulelong x source size: %u bytes,
+>>>>12 ulelong x flag hash: %#08X,
+>>>>16 ulelong x %u reservations,
+>>>>20 ulelong x payload size: %u bytes,
+>>>>24 ulelong x payload checksum: %#08X
+# No reservation table and code starts at 24
+>>32 ulelong =0
+>>>0 ulelong^0xC0DE0000 x v8 bytecode, external reference table size: %u bytes,
+>>>4 ulelong =0x9A6F0B0F version 9.0.257.17,
+>>>4 ulelong =0x271D5D1E version 9.0.257.24,
+>>>4 ulelong =0x4EEA75DF version 9.0.257.25,
+>>>4 ulelong =0x80809479 version 9.1.269.36,
+>>>4 ulelong =0x55C46F65 version 9.1.269.38,
+>>>4 ulelong =0x8A9C758A version 9.2.230.21,
+>>>4 ulelong =0x9712F0E1 version 9.3.345.16,
+>>>4 ulelong =0x29593715 version 9.4.146.19,
+>>>4 ulelong =0xCD991825 version 9.4.146.24,
+>>>4 ulelong =0xACDD64EE version 9.4.146.26,
+>>>4 ulelong =0xC96B4CD5 version 9.5.172.21,
+>>>4 ulelong =0xBCCE4578 version 9.5.172.25,
+>>>4 ulelong =0xA2EEA077 version 9.6.180.15,
+>>>4 ulelong =0xFD350011 version 10.1.124.8,
+>>>4 ulelong =0xBEF4028F version 10.2.154.13,
+>>>4 ulelong =0xAF632352 version 10.2.154.4,
+>>>8 ulelong x source size: %u bytes,
+>>>12 ulelong x flag hash: %#08X,
+>>>16 ulelong x payload size: %u bytes,
+>>>20 ulelong x payload checksum: %#08X
diff --git a/magic/Magdir/jpeg b/magic/Magdir/jpeg
new file mode 100644
index 0000000..9cebada
--- /dev/null
+++ b/magic/Magdir/jpeg
@@ -0,0 +1,252 @@
+
+#------------------------------------------------------------------------------
+# $File: jpeg,v 1.38 2022/12/02 17:42:04 christos Exp $
+# JPEG images
+# SunOS 5.5.1 had
+#
+# 0 string \377\330\377\340 JPEG file
+# 0 string \377\330\377\356 JPG file
+#
+# both of which turn into "JPEG image data" here.
+#
+0 belong 0xffd8fff7 JPEG-LS image data
+!:mime image/jls
+!:ext jls
+>0 use jpeg
+
+0 belong&0xffffff00 0xffd8ff00 JPEG image data
+!:mime image/jpeg
+!:apple 8BIMJPEG
+!:strength *3
+!:ext jpeg/jpg/jpe/jfif
+>0 use jpeg
+
+0 name jpeg
+>6 string JFIF \b, JFIF standard
+# The following added by Erik Rossen <rossen@freesurf.ch> 1999-09-06
+# in a vain attempt to add image size reporting for JFIF. Note that these
+# tests are not fool-proof since some perfectly valid JPEGs are currently
+# impossible to specify in magic(4) format.
+# First, a little JFIF version info:
+>>11 byte x \b %d.
+>>12 byte x \b%02d
+# Next, the resolution or aspect ratio of the image:
+>>13 byte 0 \b, aspect ratio
+>>13 byte 1 \b, resolution (DPI)
+>>13 byte 2 \b, resolution (DPCM)
+>>14 beshort x \b, density %dx
+>>16 beshort x \b%d
+>>4 beshort x \b, segment length %d
+# Next, show thumbnail info, if it exists:
+>>18 byte !0 \b, thumbnail %dx
+>>>19 byte x \b%d
+>6 string Exif \b, Exif standard: [
+>>12 indirect/r x
+>>12 string x \b]
+
+# Jump to the first segment
+>(4.S+4) use jpeg_segment
+
+# This uses recursion...
+0 name jpeg_segment
+>0 beshort 0xFFFE
+# Recursion handled by FFE0
+#>>(2.S+2) use jpeg_segment
+>>2 pstring/HJ x \b, comment: "%s"
+
+>0 beshort 0xFFC0
+>>(2.S+2) use jpeg_segment
+>>4 byte x \b, baseline, precision %d
+>>7 beshort x \b, %dx
+>>5 beshort x \b%d
+>>9 byte x \b, components %d
+
+>0 beshort 0xFFC1
+>>(2.S+2) use jpeg_segment
+>>4 byte x \b, extended sequential, precision %d
+>>7 beshort x \b, %dx
+>>5 beshort x \b%d
+>>9 byte x \b, components %d
+
+>0 beshort 0xFFC2
+>>(2.S+2) use jpeg_segment
+>>4 byte x \b, progressive, precision %d
+>>7 beshort x \b, %dx
+>>5 beshort x \b%d
+>>9 byte x \b, components %d
+
+# Define Huffman Tables
+>0 beshort 0xFFC4
+>>(2.S+2) use jpeg_segment
+
+>0 beshort 0xFFE1
+# Recursion handled by FFE0
+#>>(2.S+2) use jpeg_segment
+>>4 string Exif \b, Exif Standard: [
+>>>10 indirect/r x
+>>>10 string x \b]
+
+# Application specific markers
+>0 beshort&0xFFE0 =0xFFE0
+>>(2.S+2) use jpeg_segment
+
+# DB: Define Quantization tables
+# DD: Define Restart interval [XXX: wrong here, it is 4 bytes]
+# D8: Start of image
+# D9: End of image
+# Dn: Restart
+>0 beshort&0xFFD0 =0xFFD0
+>>0 beshort&0xFFE0 !0xFFE0
+>>>(2.S+2) use jpeg_segment
+
+#>0 beshort x unknown %#x
+#>>(2.S+2) use jpeg_segment
+
+# HSI is Handmade Software's proprietary JPEG encoding scheme
+# Update: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/HSI_JPEG
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/b/bitmap-hsi1.trid.xml
+# Note: called by TrID "HSI JPEG bitmap"
+0 string hsi1 JPEG image data, HSI proprietary
+#!:mime application/octet-stream
+!:mime image/x-hsi
+!:ext hsi/jpg
+
+# From: David Santinoli <david@santinoli.com>
+0 string \x00\x00\x00\x0C\x6A\x50\x20\x20\x0D\x0A\x87\x0A JPEG 2000
+# delete from ./animation (version 1.87) with jP (=6A50h) magic at offset 4
+# From: Johan van der Knijff <johan.vanderknijff@kb.nl>
+# Added sub-entries for JP2, JPX, JPM and MJ2 formats; added mimetypes
+# https://github.com/bitsgalore/jp2kMagic
+#
+# Now read value of 'Brand' field, which yields a few possibilities:
+# Update: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/JP2
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/b/bitmap-jpeg2k.trid.xml
+# Note: called by TrID "JPEG 2000 bitmap"
+>20 string \x6a\x70\x32\x20 Part 1 (JP2)
+# aliases image/jpeg2000, image/jpeg2000-image, image/x-jpeg2000-image
+!:mime image/jp2
+!:ext jp2
+# URL: http://fileformats.archiveteam.org/wiki/JPX
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/b/bitmap-jpx.trid.xml
+# Note: called by TrID "JPEG 2000 eXtended bitmap"
+>20 string \x6a\x70\x78\x20 Part 2 (JPX)
+!:mime image/jpx
+!:ext jpf/jpx
+# URL: http://fileformats.archiveteam.org/wiki/JPM
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/b/bitmap-jpm.trid.xml
+# Note: called by TrID "JPEG 2000 eXtended bitmap"
+>20 string \x6a\x70\x6d\x20 Part 6 (JPM)
+!:mime image/jpm
+!:ext jpm
+# URL: http://fileformats.archiveteam.org/wiki/MJ2
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/v/video-mj2.trid.xml
+# Note: called by TrID "Motion JPEG 2000 video"
+>20 string \x6d\x6a\x70\x32 Part 3 (MJ2)
+!:mime video/mj2
+!:ext mj2/mjp2
+
+# Type: JPEG 2000 codesream
+# From: Mathieu Malaterre <mathieu.malaterre@gmail.com>
+# Update: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/JPEG_2000_codestream
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/b/bitmap-jpc.trid.xml
+# Note: called by TrID "JPEG-2000 Code Stream bitmap"
+0 belong 0xff4fff51 JPEG 2000 codestream
+# value like: 0701h FF50h
+#>45 ubeshort x \b, at 45 %#4.4x
+#!:mime application/octet-stream
+# https://reposcope.com/mimetype/image/x-jp2-codestream
+!:mime image/x-jp2-codestream
+!:ext jpc/j2c/j2k
+# MAYBE also JHC like in byte_causal.jhc ?
+# WHAT IS THAT? DEAD ENTRY?
+#45 beshort 0xff52
+
+# JPEG extended range
+# URL: http://fileformats.archiveteam.org/wiki/JPEG_XR
+# Reference: https://www.itu.int/rec/T-REC-T.832
+# http://mark0.net/download/triddefs_xml.7z/defs/b/bitmap-wmp.trid.xml
+# Note: called by TrID "JPEG XR bitmap"
+0 string \x49\x49\xbc
+# FILE_VERSION_ID; shall be equal to 1; other values are reserved for future use
+>3 byte 1
+# FIRST_IFD_OFFSET; shall be an integer multiple of 2; so skip DROID fmt-590-signature-id-931.wdp
+>>4 lelong%2 0 JPEG-XR
+#!:mime image/vnd.ms-photo
+!:mime image/jxr
+# NO example for HDP !
+!:ext jxr/wdp/hdp
+# MAYBE also WMP ?
+#!:ext jxr/wdp/hdp/wmp
+# moved from ./images (version 1.205 ), merged and
+# partly verified by XnView `nconvert -info abydos.jxr FLOWER.wdp`
+# example: https://web.archive.org/web/20160403012904/
+# http://shikino.co.jp/solution/upfile/FLOWER.wdp.zip
+>90 bequad 0x574D50484F544F00
+>>98 byte&0x08 =0x08 \b, hard tiling
+>>99 byte&0x80 =0x80 \b, tiling present
+>>99 byte&0x40 =0x40 \b, codestream present
+>>99 byte&0x38 x \b, spatial xform=
+>>99 byte&0x38 0x00 \bTL
+>>99 byte&0x38 0x08 \bBL
+>>99 byte&0x38 0x10 \bTR
+>>99 byte&0x38 0x18 \bBR
+>>99 byte&0x38 0x20 \bBT
+>>99 byte&0x38 0x28 \bRB
+>>99 byte&0x38 0x30 \bLT
+>>99 byte&0x38 0x38 \bLB
+>>100 byte&0x80 =0x80 \b, short header
+>>>102 beshort+1 x \b, %d
+>>>104 beshort+1 x \bx%d
+>>100 byte&0x80 =0x00 \b, long header
+>>>102 belong+1 x \b, %x
+>>>106 belong+1 x \bx%x
+>>101 beshort&0xf x \b, bitdepth=
+>>>101 beshort&0xf 0x0 \b1-WHITE=1
+>>>101 beshort&0xf 0x1 \b8
+>>>101 beshort&0xf 0x2 \b16
+>>>101 beshort&0xf 0x3 \b16-SIGNED
+>>>101 beshort&0xf 0x4 \b16-FLOAT
+>>>101 beshort&0xf 0x5 \b(reserved 5)
+>>>101 beshort&0xf 0x6 \b32-SIGNED
+>>>101 beshort&0xf 0x7 \b32-FLOAT
+>>>101 beshort&0xf 0x8 \b5
+>>>101 beshort&0xf 0x9 \b10
+>>>101 beshort&0xf 0xa \b5-6-5
+>>>101 beshort&0xf 0xb \b(reserved %d)
+>>>101 beshort&0xf 0xc \b(reserved %d)
+>>>101 beshort&0xf 0xd \b(reserved %d)
+>>>101 beshort&0xf 0xe \b(reserved %d)
+>>>101 beshort&0xf 0xf \b1-BLACK=1
+>>101 beshort&0xf0 x \b, colorfmt=
+>>>101 beshort&0xf0 0x00 \bYONLY
+>>>101 beshort&0xf0 0x10 \bYUV240
+>>>101 beshort&0xf0 0x20 \bYWV422
+>>>101 beshort&0xf0 0x30 \bYWV444
+>>>101 beshort&0xf0 0x40 \bCMYK
+>>>101 beshort&0xf0 0x50 \bCMYKDIRECT
+>>>101 beshort&0xf0 0x60 \bNCOMPONENT
+>>>101 beshort&0xf0 0x70 \bRGB
+>>>101 beshort&0xf0 0x80 \bRGBE
+>>>101 beshort&0xf0 >0x80 \b(reserved %#x)
+
+# JPEG XL
+# From: Ian Tester
+# Update: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/JPEG_XL
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/b/bitmap-jxl.trid.xml
+# Note: called by TrID "JPEG XL bitmap"
+0 string \xff\x0a JPEG XL codestream
+!:mime image/jxl
+!:ext jxl
+
+# JPEG XL (transcoded JPEG file)
+# Update: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/JPEG_XL
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/b/bitmap-jxl-iso.trid.xml
+# Note: called by TrID "JPEG XL bitmap (ISOBMFF)"
+0 string \x00\x00\x00\x0cJXL\x20\x0d\x0a\x87\x0a JPEG XL container
+!:mime image/jxl
+!:ext jxl
diff --git a/magic/Magdir/karma b/magic/Magdir/karma
new file mode 100644
index 0000000..938a51d
--- /dev/null
+++ b/magic/Magdir/karma
@@ -0,0 +1,9 @@
+
+#------------------------------------------------------------------------------
+# $File: karma,v 1.8 2015/08/29 07:10:35 christos Exp $
+# karma: file(1) magic for Karma data files
+#
+# From <rgooch@atnf.csiro.au>
+
+0 string KarmaRHD\040Version Karma Data Structure Version
+>16 belong x %u
diff --git a/magic/Magdir/kde b/magic/Magdir/kde
new file mode 100644
index 0000000..dda5819
--- /dev/null
+++ b/magic/Magdir/kde
@@ -0,0 +1,11 @@
+
+#------------------------------------------------------------------------------
+# $File: kde,v 1.5 2010/11/25 15:00:12 christos Exp $
+# kde: file(1) magic for KDE
+
+0 string/t [KDE\ Desktop\ Entry] KDE desktop entry
+!:mime application/x-kdelnk
+0 string/t #\ KDE\ Config\ File KDE config file
+!:mime application/x-kdelnk
+0 string/t #\ xmcd xmcd database file for kscd
+!:mime text/x-xmcd
diff --git a/magic/Magdir/keepass b/magic/Magdir/keepass
new file mode 100644
index 0000000..3d26efa
--- /dev/null
+++ b/magic/Magdir/keepass
@@ -0,0 +1,20 @@
+
+#------------------------------------------------------------------------------
+# $File: keepass,v 1.2 2019/04/19 00:42:27 christos Exp $
+# keepass: file(1) magic for KeePass file
+#
+# Keepass Password Safe:
+# * original one: https://keepass.info/
+# * *nix port: https://www.keepassx.org/
+# * android port: https://code.google.com/p/keepassdroid/
+
+0 lelong 0x9AA2D903 Keepass password database
+>4 lelong 0xB54BFB65 1.x KDB
+>>48 lelong >0 \b, %d groups
+>>52 lelong >0 \b, %d entries
+>>8 lelong&0x0f 1 \b, SHA-256
+>>8 lelong&0x0f 2 \b, AES
+>>8 lelong&0x0f 4 \b, RC4
+>>8 lelong&0x0f 8 \b, Twofish
+>>120 lelong >0 \b, %d key transformation rounds
+>4 lelong 0xB54BFB67 2.x KDBX
diff --git a/magic/Magdir/kerberos b/magic/Magdir/kerberos
new file mode 100644
index 0000000..df6dc52
--- /dev/null
+++ b/magic/Magdir/kerberos
@@ -0,0 +1,45 @@
+
+#------------------------------------------------------------------------------
+# $File: kerberos,v 1.3 2019/04/19 00:42:27 christos Exp $
+# kerberos: MIT kerberos file binary formats
+#
+
+# This magic entry is for demonstration purposes and could be improved
+# if the following features were implemented in file:
+#
+# Strings inside [[ .. ]] in the descriptions have special meanings and
+# are not printed.
+#
+# - Provide some form of iteration in number of components
+# [[${counter}=%d]] in the description
+# then append
+# [${counter}--] in the offset of the entries
+# - Provide a way to round the next offset
+# Add [R:4] after the offset?
+# - Provide a way to have optional entries
+# XXX: Syntax:
+# - Provide a way to "save" entries to print them later.
+# if the description is [[${name}=%s]], then nothing is
+# printed and a subsequent entry in the same magic file
+# can refer to ${name}
+# - Provide a way to format strings as hex values
+#
+# https://www.gnu.org/software/shishi/manual/html_node/\
+# The-Keytab-Binary-File-Format.html
+#
+
+0 name keytab_entry
+#>0 beshort x \b, size=%d
+#>2 beshort x \b, components=%d
+>4 pstring/H x \b, realm=%s
+>>&0 pstring/H x \b, principal=%s/
+>>>&0 pstring/H x \b%s
+>>>>&0 belong x \b, type=%d
+>>>>>&0 bedate x \b, date=%s
+>>>>>>&0 byte x \b, kvno=%u
+#>>>>>>>&0 pstring/H x
+#>>>>>>>>&0 belong x
+#>>>>>>>>>>&0 use keytab_entry
+
+0 belong 0x05020000 Kerberos Keytab file
+>4 use keytab_entry
diff --git a/magic/Magdir/kicad b/magic/Magdir/kicad
new file mode 100644
index 0000000..212a550
--- /dev/null
+++ b/magic/Magdir/kicad
@@ -0,0 +1,85 @@
+
+#------------------------------------------------------------------------------
+# $File: kicad,v 1.2 2020/05/06 14:03:28 christos Exp $
+# kicad: file(1) magic for KiCad files
+#
+# See
+#
+# http://kicad-pcb.org
+#
+
+# KiCad Schematic Document
+0 string (kicad_sch
+>10 byte 0x20 KiCad Schematic Document
+!:ext kicad_sch/kicad_sch-bak
+>>11 string (version
+>>>19 byte 0x20
+>>>>20 regex [0-9.]+ (Version %s)
+
+# KiCad Schematic Document (Legacy)
+0 string EESchema
+>8 byte 0x20
+>>9 string Schematic
+>>>18 byte 0x20 KiCad Schematic Document (Legacy)
+!:ext sch/bak
+>>>>24 string Version
+>>>>>31 byte 0x20
+>>>>>>32 string x (Version %s)
+
+# KiCad Symbol Library
+0 string (kicad_symbol_lib
+>17 byte 0x20 KiCad Symbol Library
+!:ext kicad_sym
+>>18 string (version
+>>>26 byte 0x20
+>>>>27 regex [0-9.]+ (Version %s)
+
+# KiCad Symbol Library (Legacy)
+0 string EESchema-LIBRARY
+>16 byte 0x20 KiCad Symbol Library (Legacy)
+!:ext lib
+>>17 string Version
+>>>24 byte 0x20
+>>>>25 string x (Version %s)
+
+# KiCad Symbol Library Documentation (Legacy)
+0 string EESchema-DOCLIB
+>15 byte 0x20 KiCad Symbol Library Documentation (Legacy)
+!:ext dcm
+>>17 string Version
+>>>24 byte 0x20
+>>>>25 string x (Version %s)
+
+# KiCad Board Layout
+0 string (kicad_pcb
+>10 byte 0x20 KiCad Board Layout
+!:ext kicad_pcb/kicad_pcb-bak
+>>11 string (version
+>>>19 byte 0x20
+>>>>20 regex [0-9.]+ (Version %s)
+
+# KiCad Footprint
+0 string (module
+>7 byte 0x20 KiCad Footprint
+!:ext kicad_mod
+
+# KiCad Footprint (Legacy)
+0 string PCBNEW-LibModule-V1 KiCad Footprint (Legacy)
+!:ext mod
+
+# KiCad Netlist
+0 string (export
+>7 byte 0x20 KiCad Netlist
+!:ext net
+
+# KiCad Symbol Library Table
+0 string (sym_lib_table
+>14 byte 0xA KiCad Symbol Library Table
+>14 byte 0xD KiCad Symbol Library Table
+>14 byte 0x20 KiCad Symbol Library Table
+
+# KiCad Footprint Library Table
+0 string (fp_lib_table
+>13 byte 0xA KiCad Footprint Library Table
+>13 byte 0xD KiCad Footprint Library Table
+>13 byte 0x20 KiCad Footprint Library Table
diff --git a/magic/Magdir/kml b/magic/Magdir/kml
new file mode 100644
index 0000000..904f3b5
--- /dev/null
+++ b/magic/Magdir/kml
@@ -0,0 +1,34 @@
+
+#------------------------------------------------------------------------------
+# $File: kml,v 1.6 2019/05/21 04:50:10 christos Exp $
+# Type: Google KML, formerly Keyhole Markup Language
+# Future development of this format has been handed
+# over to the Open Geospatial Consortium.
+# https://www.opengeospatial.org/standards/kml/
+# From: Asbjoern Sloth Toennesen <asbjorn@lila.io>
+0 string/t \<?xml
+>20 search/400 \ xmlns=
+>>&0 regex ['"]http://earth.google.com/kml Google KML document
+!:mime application/vnd.google-earth.kml+xml
+>>>&1 string 2.0' \b, version 2.0
+>>>&1 string 2.1' \b, version 2.1
+>>>&1 string 2.2' \b, version 2.2
+
+#------------------------------------------------------------------------------
+# Type: OpenGIS KML, formerly Keyhole Markup Language
+# This standard is maintained by the
+# Open Geospatial Consortium.
+# https://www.opengeospatial.org/standards/kml/
+# From: Asbjoern Sloth Toennesen <asbjorn@lila.io>
+>>&0 regex ['"]http://www.opengis.net/kml OpenGIS KML document
+!:mime application/vnd.google-earth.kml+xml
+>>>&1 string/t 2.2 \b, version 2.2
+
+#------------------------------------------------------------------------------
+# Type: Google KML Archive (ZIP based)
+# https://code.google.com/apis/kml/documentation/kml_tut.html
+# From: Asbjoern Sloth Toennesen <asbjorn@lila.io>
+0 string PK\003\004
+>4 byte 0x14
+>>30 string doc.kml Compressed Google KML Document, including resources.
+!:mime application/vnd.google-earth.kmz
diff --git a/magic/Magdir/lammps b/magic/Magdir/lammps
new file mode 100644
index 0000000..5424383
--- /dev/null
+++ b/magic/Magdir/lammps
@@ -0,0 +1,64 @@
+#------------------------------------------------------------------------------
+# $File: lammps,v 1.1 2021/03/14 16:24:18 christos Exp $
+#
+
+# Magic file patterns for use with file(1) for the
+# LAMMPS molecular dynamics simulation software.
+# https://lammps.sandia.gov
+#
+# Updated: 2021-03-14 by akohlmey@gmail.com
+
+# Binary restart file for the LAMMPS MD code
+0 string LammpS\ RestartT LAMMPS binary restart file
+>0x14 long x (rev %d),
+>>0x20 string x Version %s,
+>>>0x10 lelong 0x0001 Little Endian
+>>>0x10 lelong 0x1000 Big Endian
+
+# Atom style binary dump file for the LAMMPS MD code
+# written on a little endian machine
+0 lequad -8
+>0x08 string DUMPATOM LAMMPS atom style binary dump
+>>0x14 long x (rev %d),
+>>>0x10 lelong 0x0001 Little Endian,
+>>>>0x18 lequad x First time step: %lld
+
+# written on a big endian machine
+0 bequad -8
+>0x08 string DUMPATOM LAMMPS atom style binary dump
+>>0x14 belong x (rev %d),
+>>>0x10 lelong 0x1000 Big Endian,
+>>>>0x18 bequad x First time step: %lld
+
+# Atom style binary dump file for the LAMMPS MD code
+# written on a little endian machine
+0 lequad -10
+>0x08 string DUMPCUSTOM LAMMPS custom style binary dump
+>>0x16 lelong x (rev %d),
+>>>0x12 lelong 0x0001 Little Endian,
+>>>>0x1a lequad x First time step: %lld
+
+# written on a big endian machine
+0 bequad -10
+>0x08 string DUMPCUSTOM LAMMPS custom style binary dump
+>>0x16 belong x (rev %d),
+>>>0x12 lelong 0x1000 Big Endian,
+>>>>0x1a bequad x First time step: %lld
+
+# LAMMPS log file
+0 string LAMMPS\ ( LAMMPS log file
+>8 regex/16 [0-9]+\ [A-Za-z]+\ [0-9]+ written by version %s
+
+# Data file written either by LAMMPS, msi2lmp or VMD/TopoTools
+0 string LAMMPS\ data\ file LAMMPS data file
+>0x12 string CGCMM\ style written by TopoTools
+>0x12 string msi2lmp written by msi2lmp
+>0x11 string via\ write_data written by LAMMPS
+
+# LAMMPS data file written by OVITO
+0 string #\ LAMMPS\ data\ file LAMMPS data file
+>0x13 string written\ by\ OVITO written by OVITO
+
+# LAMMPS text mode dump file
+0 string ITEM:\ TIMESTEP LAMMPS text mode dump,
+>15 regex/16 [0-9]+ First time step: %s
diff --git a/magic/Magdir/lecter b/magic/Magdir/lecter
new file mode 100644
index 0000000..6ae87c1
--- /dev/null
+++ b/magic/Magdir/lecter
@@ -0,0 +1,6 @@
+
+#------------------------------------------------------------------------------
+# $File: lecter,v 1.4 2009/09/19 16:28:10 christos Exp $
+# DEC SRC Virtual Paper: Lectern files
+# Karl M. Hegbloom <karlheg@inetarena.com>
+0 string lect DEC SRC Virtual Paper Lectern file
diff --git a/magic/Magdir/lex b/magic/Magdir/lex
new file mode 100644
index 0000000..cc9fac5
--- /dev/null
+++ b/magic/Magdir/lex
@@ -0,0 +1,12 @@
+
+#------------------------------------------------------------------------------
+# $File: lex,v 1.6 2009/09/19 16:28:10 christos Exp $
+# lex: file(1) magic for lex
+#
+# derived empirically, your offsets may vary!
+0 search/100 yyprevious C program text (from lex)
+>3 search/1 >\0 for %s
+# C program text from GNU flex, from Daniel Quinlan <quinlan@yggdrasil.com>
+0 search/100 generated\ by\ flex C program text (from flex)
+# lex description file, from Daniel Quinlan <quinlan@yggdrasil.com>
+0 search/1 %{ lex description text
diff --git a/magic/Magdir/lif b/magic/Magdir/lif
new file mode 100644
index 0000000..3474a48
--- /dev/null
+++ b/magic/Magdir/lif
@@ -0,0 +1,50 @@
+
+#------------------------------------------------------------------------------
+# $File: lif,v 1.11 2022/10/19 20:15:16 christos Exp $
+# lif: file(1) magic for lif
+#
+# (Daniel Quinlan <quinlan@yggdrasil.com>)
+#
+# Modified by: Joerg Jenderek
+# URL: https://www.hp9845.net/9845/projects/hpdir/
+# https://github.com/bug400/lifutils
+# Reference: https://www.hp9845.net/9845/downloads/manuals/LIF_excerpt_64941-90906_flpRef_Jan84.pdf
+# Note: called by TrID "HP Logical Interchange Format disk image"
+0 beshort 0x8000
+# GRR: line above is too general as it catches also compressed DEGAS low-res bitmap *.pc1
+# skip many compressed DEGAS low-res bitmap *.pc1 by test for unused bytes
+>14 beshort =0
+# skip MUNCHIE.PC1 BOARD.PC1 ENEMIES.PC1 by test for low version number
+>>20 ubeshort <0x0100
+# skip DROID fmt-840-signature-id-1195.adx fmt-840-signature-id-1199.adx by test for ASCII like volume name
+>>>2 ubelong >0x2020201F
+>>>>0 use lif-file
+0 name lif-file
+# LIF ID
+>0 beshort x lif file
+!:mime application/x-lif-disk
+# lif used by Tony Duell LIF utilities; enhanced version by Joachim Siebold use also dat; hpi used by hpdir
+!:ext lif/hpi/dat
+# volume label; A-Z 0-9 _ ; default are 6 spaces
+>2 string x "%.6s"
+#>2 ubelong x LABEL=%8.8x
+# version number; 0 for systems without extensions or 1 for model 64000
+>20 ubeshort x \b, version %u
+# LIF identifier; 010000 for system 3000
+>12 beshort !0x1000 \b, LIF identifier %#x
+# directory start address in units like: 2
+>8 ubelong x \b, directory
+>8 ubelong !2 start address %u
+# length of directory like: 2 4 7 10 12 14 (for model 64000) 16 18 20 24 30 50 57 77 80
+>16 ubelong x length %u
+# level 1 extensions
+>20 beshort =0
+>>24 ubequad !0 \b, for extensions %#llx...
+>20 beshort >0
+>>24 ubequad !0 \b, extensions %#llx...
+# word 21-126 reserved for extensions and future use; set to nil
+>42 ubequad !0 \b, RESERVED %#llx
+# lif first file name for standard directory; 0xffff... means uninitialized
+>8 ubelong 2
+>>512 string <\xff\xff \b, 1st file %-.10s
+
diff --git a/magic/Magdir/linux b/magic/Magdir/linux
new file mode 100644
index 0000000..ae18114
--- /dev/null
+++ b/magic/Magdir/linux
@@ -0,0 +1,627 @@
+
+#------------------------------------------------------------------------------
+# $File: linux,v 1.85 2023/07/17 14:40:09 christos Exp $
+# linux: file(1) magic for Linux files
+#
+# Values for Linux/i386 binaries, from Daniel Quinlan <quinlan@yggdrasil.com>
+# The following basic Linux magic is useful for reference, but using
+# "long" magic is a better practice in order to avoid collisions.
+#
+# 2 leshort 100 Linux/i386
+# >0 leshort 0407 impure executable (OMAGIC)
+# >0 leshort 0410 pure executable (NMAGIC)
+# >0 leshort 0413 demand-paged executable (ZMAGIC)
+# >0 leshort 0314 demand-paged executable (QMAGIC)
+#
+0 lelong 0x00640107 Linux/i386 impure executable (OMAGIC)
+>16 lelong 0 \b, stripped
+0 lelong 0x00640108 Linux/i386 pure executable (NMAGIC)
+>16 lelong 0 \b, stripped
+0 lelong 0x0064010b Linux/i386 demand-paged executable (ZMAGIC)
+>16 lelong 0 \b, stripped
+0 lelong 0x006400cc Linux/i386 demand-paged executable (QMAGIC)
+>16 lelong 0 \b, stripped
+#
+0 string \007\001\000 Linux/i386 object file
+>20 lelong >0x1020 \b, DLL library
+# Linux-8086 stuff:
+0 string \01\03\020\04 Linux-8086 impure executable
+>28 long !0 not stripped
+0 string \01\03\040\04 Linux-8086 executable
+>28 long !0 not stripped
+#
+0 string \243\206\001\0 Linux-8086 object file
+#
+0 string \01\03\020\20 Minix-386 impure executable
+>28 long !0 not stripped
+0 string \01\03\040\20 Minix-386 executable
+>28 long !0 not stripped
+0 string \01\03\04\20 Minix-386 NSYM/GNU executable
+>28 long !0 not stripped
+# core dump file, from Bill Reynolds <bill@goshawk.lanl.gov>
+216 lelong 0421 Linux/i386 core file
+!:strength / 2
+>220 string >\0 of '%s'
+>200 lelong >0 (signal %d)
+#
+# LILO boot/chain loaders, from Daniel Quinlan <quinlan@yggdrasil.com>
+# this can be overridden by the DOS executable (COM) entry
+2 string LILO Linux/i386 LILO boot/chain loader
+#
+# Linux make config build file, from Ole Aamot <oka@oka.no>
+# Updated by Ken Sharp
+28 string make\ config Linux make config build file (old)
+49 search/70 Kernel\ Configuration Linux make config build file
+
+#
+# PSF fonts, from H. Peter Anvin <hpa@yggdrasil.com>
+# Updated by Adam Buchbinder <adam.buchbinder@gmail.com>
+# See: https://www.win.tue.nl/~aeb/linux/kbd/font-formats-1.html
+0 leshort 0x0436 Linux/i386 PC Screen Font v1 data,
+>2 byte&0x01 0 256 characters,
+>2 byte&0x01 !0 512 characters,
+>2 byte&0x02 0 no directory,
+>2 byte&0x02 !0 Unicode directory,
+>3 byte >0 8x%d
+0 string \x72\xb5\x4a\x86\x00\x00 Linux/i386 PC Screen Font v2 data,
+>16 lelong x %d characters,
+>12 lelong&0x01 0 no directory,
+>12 lelong&0x01 !0 Unicode directory,
+>28 lelong x %d
+>24 lelong x \bx%d
+
+# Linux swap and hibernate files
+# Linux kernel: include/linux/swap.h
+# util-linux: libblkid/src/superblocks/swap.c
+
+# format v0, unsupported since 2002
+0xff6 string SWAP-SPACE Linux old swap file, 4k page size
+0x1ff6 string SWAP-SPACE Linux old swap file, 8k page size
+0x3ff6 string SWAP-SPACE Linux old swap file, 16k page size
+0x7ff6 string SWAP-SPACE Linux old swap file, 32k page size
+0xfff6 string SWAP-SPACE Linux old swap file, 64k page size
+
+# format v1, supported since 1998
+0 name linux-swap
+>0x400 lelong 1 little endian, version %u,
+>>0x404 lelong x size %u pages,
+>>0x408 lelong x %u bad pages,
+>0x400 belong 1 big endian, version %u,
+>>0x404 belong x size %u pages,
+>>0x408 belong x %u bad pages,
+>0x41c string \0 no label,
+>0x41c string >\0 LABEL=%s,
+>0x40c ubelong x UUID=%08x
+>0x410 ubeshort x \b-%04x
+>0x412 ubeshort x \b-%04x
+>0x414 ubeshort x \b-%04x
+>0x416 ubelong x \b-%08x
+>0x41a ubeshort x \b%04x
+
+0xff6 string SWAPSPACE2 Linux swap file, 4k page size,
+>0 use linux-swap
+0x1ff6 string SWAPSPACE2 Linux swap file, 8k page size,
+>0 use linux-swap
+0x3ff6 string SWAPSPACE2 Linux swap file, 16k page size,
+>0 use linux-swap
+0x7ff6 string SWAPSPACE2 Linux swap file, 32k page size,
+>0 use linux-swap
+0xfff6 string SWAPSPACE2 Linux swap file, 64k page size,
+>0 use linux-swap
+
+0 name linux-hibernate
+>0 string S1SUSPEND \b, with SWSUSP1 image
+>0 string S2SUSPEND \b, with SWSUSP2 image
+>0 string ULSUSPEND \b, with uswsusp image
+>0 string LINHIB0001 \b, with compressed hibernate image
+>0 string \xed\xc3\x02\xe9\x98\x56\xe5\x0c \b, with tuxonice image
+>0 default x \b, with unknown hibernate image
+
+0xfec string SWAPSPACE2 Linux swap file, 4k page size,
+>0 use linux-swap
+>0xff6 use linux-hibernate
+0x1fec string SWAPSPACE2 Linux swap file, 8k page size,
+>0 use linux-swap
+>0x1ff6 use linux-hibernate
+0x3fec string SWAPSPACE2 Linux swap file, 16k page size,
+>0 use linux-swap
+>0x3ff6 use linux-hibernate
+0x7fec string SWAPSPACE2 Linux swap file, 32k page size,
+>0 use linux-swap
+>0x7ff6 use linux-hibernate
+0xffec string SWAPSPACE2 Linux swap file, 64k page size,
+>0 use linux-swap
+>0xfff6 use linux-hibernate
+
+#
+# Linux kernel boot images, from Albert Cahalan <acahalan@cs.uml.edu>
+# and others such as Axel Kohlmeyer <akohlmey@rincewind.chemie.uni-ulm.de>
+# and Nicolas Lichtmaier <nick@debian.org>
+# All known start with: b8 c0 07 8e d8 b8 00 90 8e c0 b9 00 01 29 f6 29
+# Linux kernel boot images (i386 arch) (Wolfram Kleff)
+# URL: https://www.kernel.org/doc/Documentation/x86/boot.txt
+514 string HdrS Linux kernel
+!:strength + 55
+# often no extension like in linux, vmlinuz, bzimage or memdisk but sometimes
+# Acronis Recovery kernel64.dat and Plop Boot Manager plpbtrom.bin
+# DamnSmallLinux 1.5 damnsmll.lnx
+!:ext /dat/bin/lnx
+>510 leshort 0xAA55 x86 boot executable
+>>518 leshort >0x1ff
+>>>529 byte 0 zImage,
+>>>529 byte 1 bzImage,
+>>>526 lelong >0
+>>>>(526.s+0x200) string >\0 version %s,
+>>498 leshort 1 RO-rootFS,
+>>498 leshort 0 RW-rootFS,
+>>508 leshort >0 root_dev %#X,
+>>502 leshort >0 swap_dev %#X,
+>>504 leshort >0 RAMdisksize %u KB,
+>>506 leshort 0xFFFF Normal VGA
+>>506 leshort 0xFFFE Extended VGA
+>>506 leshort 0xFFFD Prompt for Videomode
+>>506 leshort >0 Video mode %d
+# This also matches new kernels, which were caught above by "HdrS".
+0 belong 0xb8c0078e Linux kernel
+>0x1e3 string Loading version 1.3.79 or older
+>0x1e9 string Loading from prehistoric times
+
+# System.map files - Nicolas Lichtmaier <nick@debian.org>
+8 search/1 \ A\ _text Linux kernel symbol map text
+
+# LSM entries - Nicolas Lichtmaier <nick@debian.org>
+0 search/1 Begin3 Linux Software Map entry text
+0 search/1 Begin4 Linux Software Map entry text (new format)
+
+# From Matt Zimmerman, enhanced for v3 by Matthew Palmer
+0 belong 0x4f4f4f4d User-mode Linux COW file
+>4 belong <3 \b, version %d
+>>8 string >\0 \b, backing file %s
+>4 belong >2 \b, version %d
+>>32 string >\0 \b, backing file %s
+
+############################################################################
+# Linux kernel versions
+
+0 string \xb8\xc0\x07\x8e\xd8\xb8\x00\x90 Linux
+>497 leshort 0 x86 boot sector
+>>514 belong 0x8e of a kernel from the dawn of time!
+>>514 belong 0x908ed8b4 version 0.99-1.1.42
+>>514 belong 0x908ed8b8 for memtest86
+
+>497 leshort !0 x86 kernel
+>>504 leshort >0 RAMdisksize=%u KB
+>>502 leshort >0 swap=%#X
+>>508 leshort >0 root=%#X
+>>>498 leshort 1 \b-ro
+>>>498 leshort 0 \b-rw
+>>506 leshort 0xFFFF vga=normal
+>>506 leshort 0xFFFE vga=extended
+>>506 leshort 0xFFFD vga=ask
+>>506 leshort >0 vga=%d
+>>514 belong 0x908ed881 version 1.1.43-1.1.45
+>>514 belong 0x15b281cd
+>>>0xa8e belong 0x55AA5a5a version 1.1.46-1.2.13,1.3.0
+>>>0xa99 belong 0x55AA5a5a version 1.3.1,2
+>>>0xaa3 belong 0x55AA5a5a version 1.3.3-1.3.30
+>>>0xaa6 belong 0x55AA5a5a version 1.3.31-1.3.41
+>>>0xb2b belong 0x55AA5a5a version 1.3.42-1.3.45
+>>>0xaf7 belong 0x55AA5a5a version 1.3.46-1.3.72
+>>514 string HdrS
+>>>518 leshort >0x1FF
+>>>>529 byte 0 \b, zImage
+>>>>529 byte 1 \b, bzImage
+>>>>(526.s+0x200) string >\0 \b, version %s
+
+# Linux boot sector thefts.
+0 belong 0xb8c0078e Linux
+>0x1e6 belong 0x454c4b53 ELKS Kernel
+>0x1e6 belong !0x454c4b53 style boot sector
+
+############################################################################
+# Linux S390 kernel image
+# Created by: Jan Kaluza <jkaluza@redhat.com>
+8 string \x02\x00\x00\x18\x60\x00\x00\x50\x02\x00\x00\x68\x60\x00\x00\x50\x40\x40\x40\x40\x40\x40\x40\x40 Linux S390
+>0x00010000 search/b/4096 \x00\x0a\x00\x00\x8b\xad\xcc\xcc
+# 64bit
+>>&0 string \xc1\x00\xef\xe3\xf0\x68\x00\x00 Z10 64bit kernel
+>>&0 string \xc1\x00\xef\xc3\x00\x00\x00\x00 Z9-109 64bit kernel
+>>&0 string \xc0\x00\x20\x00\x00\x00\x00\x00 Z990 64bit kernel
+>>&0 string \x00\x00\x00\x00\x00\x00\x00\x00 Z900 64bit kernel
+# 32bit
+>>&0 string \x81\x00\xc8\x80\x00\x00\x00\x00 Z10 32bit kernel
+>>&0 string \x81\x00\xc8\x80\x00\x00\x00\x00 Z9-109 32bit kernel
+>>&0 string \x80\x00\x20\x00\x00\x00\x00\x00 Z990 32bit kernel
+>>&0 string \x80\x00\x00\x00\x00\x00\x00\x00 Z900 32bit kernel
+
+############################################################################
+# Linux ARM compressed kernel image
+# From: Kevin Cernekee <cernekee@gmail.com>
+# Update: Joerg Jenderek
+0x24 lelong 0x016f2818 Linux kernel ARM boot executable zImage
+# There are three possible situations: LE, BE with LE bootloader and pure BE.
+# In order to aid telling these apart a new endian flag was added. In order
+# to support kernels before the flag and BE with LE bootloader was added we'll
+# do a negative check against the BE variant of the flag when we see a LE magic.
+>0x30 belong !0x04030201 (little-endian)
+# raspian "kernel7.img", Vu+ Ultimo4K "kernel_auto.bin"
+!:ext img/bin
+>0x30 belong 0x04030201 (big-endian)
+0x24 belong 0x016f2818 Linux kernel ARM boot executable zImage (big-endian)
+
+############################################################################
+# Linux AARCH64 kernel image
+0x38 lelong 0x644d5241 Linux kernel ARM64 boot executable Image
+>0x18 lelong ^1 \b, little-endian
+>0x18 lelong &1 \b, big-endian
+>0x18 lelong &2 \b, 4K pages
+>0x18 lelong &4 \b, 16K pages
+>0x18 lelong &6 \b, 32K pages
+
+############################################################################
+# Linux 8086 executable
+0 lelong&0xFF0000FF 0xC30000E9 Linux-Dev86 executable, headerless
+>5 string .
+>>4 string >\0 \b, libc version %s
+
+0 lelong&0xFF00FFFF 0x4000301 Linux-8086 executable
+>2 byte&0x01 !0 \b, unmapped zero page
+>2 byte&0x20 0 \b, impure
+>2 byte&0x20 !0
+>>2 byte&0x10 !0 \b, A_EXEC
+>2 byte&0x02 !0 \b, A_PAL
+>2 byte&0x04 !0 \b, A_NSYM
+>2 byte&0x08 !0 \b, A_STAND
+>2 byte&0x40 !0 \b, A_PURE
+>2 byte&0x80 !0 \b, A_TOVLY
+>28 long !0 \b, not stripped
+>37 string .
+>>36 string >\0 \b, libc version %s
+
+# 0 lelong&0xFF00FFFF 0x10000301 ld86 I80386 executable
+# 0 lelong&0xFF00FFFF 0xB000301 ld86 M68K executable
+# 0 lelong&0xFF00FFFF 0xC000301 ld86 NS16K executable
+# 0 lelong&0xFF00FFFF 0x17000301 ld86 SPARC executable
+
+# SYSLINUX boot logo files (from 'ppmtolss16' sources)
+# https://www.syslinux.org/wiki/index.php/SYSLINUX#Display_graphic_from_filename:
+# file extension .lss .16
+0 lelong =0x1413f33d SYSLINUX' LSS16 image data
+# syslinux-4.05/mime/image/x-lss16.xml
+!:mime image/x-lss16
+>4 leshort x \b, width %d
+>6 leshort x \b, height %d
+
+0 string OOOM User-Mode-Linux's Copy-On-Write disk image
+>4 belong x version %d
+
+# SE Linux policy database
+# From: Mike Frysinger <vapier@gentoo.org>
+0 lelong 0xf97cff8c SE Linux policy
+>16 lelong x v%d
+>20 lelong 1 MLS
+>24 lelong x %d symbols
+>28 lelong x %d ocons
+
+# Linux Logical Volume Manager (LVM)
+# Emmanuel VARAGNAT <emmanuel.varagnat@guzu.net>
+#
+# System ID, UUID and volume group name are 128 bytes long
+# but they should never be full and initialized with zeros...
+#
+# LVM1
+#
+0x0 string/b HM\001 LVM1 (Linux Logical Volume Manager), version 1
+>0x12c string/b >\0 , System ID: %s
+
+0x0 string/b HM\002 LVM1 (Linux Logical Volume Manager), version 2
+>0x12c string/b >\0 , System ID: %s
+
+# LVM2
+#
+# It seems that the label header can be in one the four first sector
+# of the disk... (from _find_labeller in lib/label/label.c of LVM2)
+#
+# 0x200 seems to be the common case
+0 name lvm2
+# display UUID in LVM format + display all 32 bytes (instead of max string length: 31)
+>0x0 string >\x2f \b, UUID: %.6s
+>0x6 string >\x2f \b-%.4s
+>0xa string >\x2f \b-%.4s
+>0xe string >\x2f \b-%.4s
+>0x12 string >\x2f \b-%.4s
+>0x16 string >\x2f \b-%.4s
+>0x1a string >\x2f \b-%.6s
+>0x20 lequad x \b, size: %lld
+
+
+# read the offset to add to the start of the header, and the header
+# start in 0x200
+0x218 string/b LVM2\ 001 LVM2 PV (Linux Logical Volume Manager)
+>&(&-12.l-0x20) use lvm2
+
+0x018 string/b LVM2\ 001 LVM2 PV (Linux Logical Volume Manager)
+>&(&-12.l-0x20) use lvm2
+
+0x418 string/b LVM2\ 001 LVM2 PV (Linux Logical Volume Manager)
+>&(&-12.l-0x20) use lvm2
+
+0x618 string/b LVM2\ 001 LVM2 PV (Linux Logical Volume Manager)
+>&(&-12.l-0x20) use lvm2
+
+# LVM snapshot
+# from Jason Farrel
+0 string SnAp LVM Snapshot (CopyOnWrite store)
+>4 lelong !0 - valid,
+>4 lelong 0 - invalid,
+>8 lelong x version %d,
+>12 lelong x chunk_size %d
+
+# SE Linux policy database
+0 lelong 0xf97cff8c SE Linux policy
+>16 lelong x v%d
+>20 lelong 1 MLS
+>24 lelong x %d symbols
+>28 lelong x %d ocons
+
+# Summary: Xen saved domain file
+# Created by: Radek Vokal <rvokal@redhat.com>
+0 string LinuxGuestRecord Xen saved domain
+>20 search/256 (name
+>>&1 string x (name %s)
+
+# Type: Xen, the virtual machine monitor
+# From: Radek Vokal <rvokal@redhat.com>
+0 string LinuxGuestRecord Xen saved domain
+#>2 regex \(name\ [^)]*\) %s
+>20 search/256 (name (name
+>>&1 string x %s...)
+
+# Systemd journald files
+# See https://www.freedesktop.org/wiki/Software/systemd/journal-files/.
+# From: Zbigniew Jedrzejewski-Szmek <zbyszek@in.waw.pl>
+# Update: Joerg Jenderek
+# URL: https://systemd.io/JOURNAL_FILE_FORMAT/
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/j/journal-sysd.trid.xml
+# Note: called "systemd journal" by TrID
+# verified by `journalctl --file=user-1000.journal`
+# check magic signature[8]
+0 string LPKSHHRH
+# check that state is one of known values
+# STATE_OFFLINE~0 STATE_ONLINE~1 STATE_ARCHIVED~2
+>16 ubyte&252 0
+# check that each half of three unique id128s is non-zero
+# file_id
+>>24 ubequad >0
+>>>32 ubequad >0
+# machine_id
+>>>>40 ubequad >0
+>>>>>48 ubequad >0
+# boot_id; last writer
+>>>>>>56 ubequad >0
+>>>>>>>64 ubequad >0 Journal file
+#!:mime application/octet-stream
+!:mime application/x-linux-journal
+# provide more info
+# head_entry_realtime; contains a POSIX timestamp stored in microseconds
+>>>>>>>>184 leqdate/1000000 !0 \b, %s
+>>>>>>>>184 leqdate 0 empty
+# If a file is closed after writing the state field should be set to STATE_OFFLINE
+>>>>>>>>16 ubyte 0 \b,
+# for offline and empty only journal~ extension found
+>>>>>>>>>184 leqdate 0 offline
+# https://man7.org/linux/man-pages/man8/systemd-journald.service.8.html
+# GRR: add char ~ inside parse_ext in ../../src/apprentice.c to avoid in file version 5.44 error like:
+# Magdir/linux, 463: Warning: EXTENSION type ` journal~' has bad char '~'
+!:ext journal~
+# for offline and non empty often *.journal~ but also user-1001.journal
+>>>>>>>>>184 leqdate !0 offline
+!:ext journal/journal~
+# if a file is opened for writing the state field should be set to STATE_ONLINE
+>>>>>>>>16 ubyte 1 \b,
+# for online and empty only journal~ extension found
+>>>>>>>>>184 leqdate 0 online
+# system@0005febee06e2ff2-f7ea54d10e4346ff.journal~
+!:ext journal~
+# for online and non empty only journal extension found
+>>>>>>>>>184 leqdate !0 online
+# system.journal user-1000.journal
+!:ext journal
+# after a file has been rotated it should be set to STATE_ARCHIVED
+>>>>>>>>16 ubyte 2 \b, archived
+!:ext journal
+# no *.journal~ found
+#!:ext journal/journal~
+# compatible_flags
+>>>>>>>>8 ulelong&1 1 \b, sealed
+# incompatible_flags; COMPRESSED_XZ~1 COMPRESSED_LZ4~2 KEYED_HASH~4 COMPRESSED_ZSTD~8 COMPACT~16
+#>>>>>>>>12 ulelong x FLAGS=%#x
+>>>>>>>>12 ulelong&1 1 \b, compressed
+>>>>>>>>12 ulelong&2 !0 \b, compressed lz4
+>>>>>>>>12 ulelong&4 !0 \b, keyed hash siphash24
+>>>>>>>>12 ulelong&8 !0 \b, compressed zstd
+>>>>>>>>12 ulelong&16 !0 \b, compact
+# uint8_t reserved[7]; apparently nil
+#>>17 long !0 \b, reserved %#8.8x
+# seqnum_id; like: 0 e623691afec94b5aa968ae2d726c49cc f98b2af481924b29 8d6816ca3639edc6
+#>>>>>>>>72 ubequad x \b, seqnum_id %#16.16llx
+#>>>>>>>>80 ubequad x b%16.16llx
+# header_size like: 100h
+>>>>>>>>88 ulequad !0x100h \b, header size %#llx
+# arena_size like: 0 7fff00h ffff00h 17fff00h
+#>>>>>>>>96 ulequad >0 \b, arena size %#llx
+# data_hash_table_offset like: 0 15f0h 15f0h
+#>>>>>>>>104 ulequad >0 \b, hash table offset %#llx
+# data_hash_table_size like: 0 38e380h
+#>>>>>>>>112 ulequad >0 \b, hash table size %#llx
+# field_hash_table_offset like: 0 110h
+#>>>>>>>>120 ulequad >0 \b, field hash table offset %#llx
+# field_hash_table_size like: 0 14d0h
+#>>>>>>>>128 ulequad >0 \b, field hash table size %#llx
+# tail_object_offset like: 0 43edd8h 511278h c68968h d487d0h efaa98h
+#>>>>>>>>136 ulequad >0 \b, tail object offset %#llx
+# n_objects like: 0 1032h 5a2eh 92bdh a8b5h aa75h 112adh 40c23h 4714eh
+#>>>>>>>>144 ulequad >0 \b, objects %#llx
+# n_entries like: 0 3aeh 235ah 2dc4h 3125h 16129h 187a1h
+>>>>>>>>152 ulequad >0 \b, entries %#llx
+# tail_entry_seqnum like: 0 1988h 16249h 24c12h 24c12h 41e64h 9fefdh
+#>>>>>>>>160 ulequad >0 \b, tail entry seqnum %#llx
+# head_entry_seqnum like: 0 1h 15dbh 6552h 213bfh 213bfh 3e672h 9a28ah
+#>>>>>>>>168 ulequad >0 \b, head entry seqnum %#llx
+# entry_array_offset like: 0 390058h 3909d8h 3909e0h
+#>>>>>>>>176 ulequad >0 \b, entry array offset %#llx
+
+# BCache backing and cache devices
+# From: Gabriel de Perthuis <g2p.code@gmail.com>
+0x1008 lequad 8
+>0x1018 string \xc6\x85\x73\xf6\x4e\x1a\x45\xca\x82\x65\xf5\x7f\x48\xba\x6d\x81 BCache
+>>0x1010 ulequad 0 cache device
+>>0x1010 ulequad 1 backing device
+>>0x1010 ulequad 3 cache device
+>>0x1010 ulequad 4 backing device
+>>0x1048 string >0 \b, label "%.32s"
+>>0x1028 ubelong x \b, uuid %08x
+>>0x102c ubeshort x \b-%04x
+>>0x102e ubeshort x \b-%04x
+>>0x1030 ubeshort x \b-%04x
+>>0x1032 ubelong x \b-%08x
+>>0x1036 ubeshort x \b%04x
+>>0x1038 ubelong x \b, set uuid %08x
+>>0x103c ubeshort x \b-%04x
+>>0x103e ubeshort x \b-%04x
+>>0x1040 ubeshort x \b-%04x
+>>0x1042 ubelong x \b-%08x
+>>0x1046 ubeshort x \b%04x
+
+# Linux device tree:
+# File format description can be found in the Linux kernel sources at
+# Documentation/devicetree/booting-without-of.txt
+# From Christoph Biedl
+0 belong 0xd00dfeed
+# structure must be within blob, strings are omitted to handle devicetrees > 1M
+>&(8.L) byte x
+>>20 belong >1 Device Tree Blob version %d
+>>>4 belong x \b, size=%d
+>>>20 belong >1
+>>>>28 belong x \b, boot CPU=%d
+>>>20 belong >2
+>>>>32 belong x \b, string block size=%d
+>>>20 belong >16
+>>>>36 belong x \b, DT structure block size=%d
+
+# glibc locale archive as defined in glibc locale/locarchive.h
+0 lelong 0xde020109 locale archive
+>24 lelong x %d strings
+
+# Linux Software RAID (mdadm)
+# Russell Coker <russell@coker.com.au>
+0 name linuxraid
+>16 belong x UUID=%8x:
+>20 belong x \b%8x:
+>24 belong x \b%8x:
+>28 belong x \b%8x
+>32 string x name=%s
+>72 lelong x level=%d
+>92 lelong x disks=%d
+
+4096 lelong 0xa92b4efc Linux Software RAID
+>4100 lelong x version 1.2 (%d)
+>4096 use linuxraid
+
+0 lelong 0xa92b4efc Linux Software RAID
+>4 lelong x version 1.1 (%d)
+>0 use linuxraid
+
+# Summary: Database file for mlocate
+# Description: A database file as used by mlocate, a fast implementation
+# of locate/updatedb. It uses merging to reuse the existing
+# database and avoid rereading most of the filesystem. It's
+# the default version of locate on Arch Linux (and others).
+# File path: /var/lib/mlocate/mlocate.db by default (but configurable)
+# Site: https://fedorahosted.org/mlocate/
+# Format docs: https://linux.die.net/man/5/mlocate.db
+# Type: mlocate database file
+# URL: https://fedorahosted.org/mlocate/
+# From: Wander Nauta <info@wandernauta.nl>
+0 string \0mlocate mlocate database
+>12 byte x \b, version %d
+>13 byte 1 \b, require visibility
+>16 string x \b, root %s
+
+# Dump files for iproute2 tool. Generated by the "ip r|a save" command. URL:
+# https://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2
+# From: Pavel Emelyanov <xemul@parallels.com>
+0 lelong 0x45311224 iproute2 routes dump
+0 lelong 0x47361222 iproute2 addresses dump
+
+# Image and service files for CRIU tool.
+# URL: https://criu.org
+# From: Pavel Emelyanov <xemul@parallels.com>
+0 lelong 0x54564319 CRIU image file v1.1
+0 lelong 0x55105940 CRIU service file
+0 lelong 0x58313116 CRIU inventory
+
+# Kdump compressed dump files
+# https://github.com/makedumpfile/makedumpfile/blob/master/IMPLEMENTATION
+
+0 string KDUMP\x20\x20\x20 Kdump compressed dump
+>0 use kdump-compressed-dump
+
+0 name kdump-compressed-dump
+>8 long x v%d
+>12 string >\0 \b, system %s
+>77 string >\0 \b, node %s
+>142 string >\0 \b, release %s
+>207 string >\0 \b, version %s
+>272 string >\0 \b, machine %s
+>337 string >\0 \b, domain %s
+
+# Flattened format
+0 string makedumpfile
+>16 bequad 1
+>>0x1010 string KDUMP\x20\x20\x20 Flattened kdump compressed dump
+>>>0x1010 use kdump-compressed-dump
+
+# Device Tree files
+0 search/1024 /dts-v1/ Device Tree File (v1)
+# beat c code
+!:strength +14
+
+
+# e2fsck undo file
+# David Gilman <davidgilman1@gmail.com>
+0 string E2UNDO02 e2fsck undo file, version 2
+>44 lelong x \b, undo file is
+>>44 lelong&1 0 not finished
+>>44 lelong&1 1 finished
+>48 lelong x \b, undo file features:
+>>48 lelong&1 0 lacks filesystem offset
+>>48 lelong&1 1 has filesystem offset
+>>>64 lequad x at %#llx
+
+# ansible vault (does not really belong here)
+0 string $ANSIBLE_VAULT; Ansible Vault
+>&0 regex [0-9]+\\.[0-9]+ \b, version %s
+>>&0 string ;
+>>>&0 regex [A-Z0-9]+ \b, encryption %s
+
+# From: Joerg Jenderek
+# URL: https://www.gnu.org/software/grub
+# Reference: https://ftp.gnu.org/gnu/grub/grub-2.06.tar.gz
+# grub-2.06/include/grub/keyboard_layouts.h
+# grub-2.06/grub-core/commands/keylayouts.c
+# GRUB_KEYBOARD_LAYOUTS_FILEMAGIC
+0 string GRUBLAYO GRUB Keyboard
+!:mime application/x-grub-keyboard
+!:ext gkb
+# GRUB_KEYBOARD_LAYOUTS_VERSION like: 10
+>8 ulelong !10 \b, version %u
+# 4 grub_uint32_t grub_keyboard_layout[160]
+# for normal french keyboard this is letter a
+>92 ubyte !0x71
+>>92 ubyte >0x40 \b, english q is %c
+#>732 ubyte x \b, english Q is %c
+# for normal german keyboard this is letter z
+>124 ubyte !0x79
+>>124 ubyte >0x40 \b, english y is %c
+#>764 ubyte x \b, english Y is %c
diff --git a/magic/Magdir/lisp b/magic/Magdir/lisp
new file mode 100644
index 0000000..c854fb7
--- /dev/null
+++ b/magic/Magdir/lisp
@@ -0,0 +1,78 @@
+
+#------------------------------------------------------------------------------
+# $File: lisp,v 1.27 2020/08/14 19:23:39 christos Exp $
+# lisp: file(1) magic for lisp programs
+#
+# various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com)
+
+# updated by Joerg Jenderek
+# GRR: This lot is too weak
+#0 string ;;
+# windows INF files often begin with semicolon and use CRLF as line end
+# lisp files are mainly created on unix system with LF as line end
+#>2 search/4096 !\r Lisp/Scheme program text
+#>2 search/4096 \r Windows INF file
+
+0 search/4096 (setq\ Lisp/Scheme program text
+!:mime text/x-lisp
+0 search/4096 (defvar\ Lisp/Scheme program text
+!:mime text/x-lisp
+0 search/4096 (defparam\ Lisp/Scheme program text
+!:mime text/x-lisp
+0 search/4096 (defun\ Lisp/Scheme program text
+!:mime text/x-lisp
+0 search/4096 (autoload\ Lisp/Scheme program text
+!:mime text/x-lisp
+0 search/4096 (custom-set-variables\ Lisp/Scheme program text
+!:mime text/x-lisp
+
+# URL: https://en.wikipedia.org/wiki/Emacs_Lisp
+# Reference: https://ftp.gnu.org/old-gnu/emacs/elisp-manual-18-1.03.tar.gz
+# Update: Joerg Jenderek
+# Emacs 18 - this is always correct, but not very magical.
+0 string \012(
+# look for emacs lisp keywords
+# GRR: split regex because it is too long or get error like
+# lisp, 36: Warning: cannot get string from `^(defun|defvar|defconst|defmacro|setq|fset|put|provide|require|'
+>&0 regex \^(defun|defvar|defconst|defmacro|setq|fset) Emacs v18 byte-compiled Lisp data
+!:mime application/x-elc
+# https://searchcode.com/codesearch/view/2173420/
+# not really pure text
+!:apple EMAxTEXT
+!:ext elc
+# remaining regex
+>&0 regex \^(put|provide|require|random) Emacs v18 byte-compiled Lisp data
+!:mime application/x-elc
+!:apple EMAxTEXT
+!:ext elc
+# missed cl.elc dbx.elc simple.elc look like normal lisp starting with ;;;
+
+# Emacs 19+ - ver. recognition added by Ian Springer
+# Also applies to XEmacs 19+ .elc files; could tell them apart with regexs
+# - Chris Chittleborough <cchittleborough@yahoo.com.au>
+# Update: Joerg Jenderek
+0 string ;ELC
+# version\0\0\0
+>4 byte >18 Emacs/XEmacs v%d byte-compiled Lisp data
+# why less than 32 ? does not make sense to me. GNU Emacs version is 24.5 at April 2015
+#>4 byte <32 Emacs/XEmacs v%d byte-compiled Lisp data
+!:mime application/x-elc
+!:apple EMAxTEXT
+!:ext elc
+
+# Files produced by GNU/Emacs pdumper
+0 string DUMPEDGNUEMACS GNU/Emacs pdumper image
+
+# Files produced by CLISP Common Lisp From: Bruno Haible <haible@ilog.fr>
+0 string (SYSTEM::VERSION\040' CLISP byte-compiled Lisp program (pre 2004-03-27)
+0 string (|SYSTEM|::|VERSION|\040' CLISP byte-compiled Lisp program text
+
+0 long 0x70768BD2 CLISP memory image data
+0 long 0xD28B7670 CLISP memory image data, other endian
+
+#.com and .bin for MIT scheme
+0 string \372\372\372\372 MIT scheme (library?)
+
+# From: David Allouche <david@allouche.net>
+0 search/1 \<TeXmacs| TeXmacs document text
+!:mime text/texmacs
diff --git a/magic/Magdir/llvm b/magic/Magdir/llvm
new file mode 100644
index 0000000..6befe7a
--- /dev/null
+++ b/magic/Magdir/llvm
@@ -0,0 +1,22 @@
+
+#------------------------------------------------------------------------------
+# $File: llvm,v 1.10 2023/03/11 17:54:17 christos Exp $
+# llvm: file(1) magic for LLVM byte-codes
+# URL: https://llvm.org/docs/BitCodeFormat.html
+# From: Al Stone <ahs3@fc.hp.com>
+
+0 string llvm LLVM byte-codes, uncompressed
+0 string llvc0 LLVM byte-codes, null compression
+0 string llvc1 LLVM byte-codes, gzip compression
+0 string llvc2 LLVM byte-codes, bzip2 compression
+0 string CPCH LLVM Pre-compiled header file
+
+0 lelong 0x0b17c0de LLVM bitcode, wrapper
+# Are these Mach-O ABI values? They appear to be.
+>16 lelong 0x01000007 x86_64
+>16 lelong 0x00000007 i386
+>16 lelong 0x00000012 ppc
+>16 lelong 0x01000012 ppc64
+>16 lelong 0x0000000c arm
+
+0 string BC\xc0\xde LLVM IR bitcode
diff --git a/magic/Magdir/locoscript b/magic/Magdir/locoscript
new file mode 100644
index 0000000..87771cc
--- /dev/null
+++ b/magic/Magdir/locoscript
@@ -0,0 +1,12 @@
+
+#------------------------------------------------------------------------------
+# $File: locoscript,v 1.1 2021/01/03 20:56:25 christos Exp $
+# locoscript: file(1) magic for LocoScript documents and related files
+#
+# See http://fileformats.archiveteam.org/wiki/LocoScript
+0 string JOY\x01\x01 LocoScript 1 document
+0 string JOY\x01\x02 LocoScript 2 document
+0 string JOY\x01\x04 LocoScript 3 document
+0 string JOY\x01\x06 LocoScript 4 document
+0 string DOC\x01\x01 LocoScript PC document
+0 string DOC\x01\x03 LocoScript Professional document
diff --git a/magic/Magdir/lua b/magic/Magdir/lua
new file mode 100644
index 0000000..ab17374
--- /dev/null
+++ b/magic/Magdir/lua
@@ -0,0 +1,31 @@
+
+#------------------------------------------------------------------------------
+# $File: lua,v 1.8 2020/10/08 23:23:56 christos Exp $
+# lua: file(1) magic for Lua scripting language
+# URL: https://www.lua.org/
+# From: Reuben Thomas <rrt@sc3d.org>, Seo Sanghyeon <tinuviel@sparcs.kaist.ac.kr>
+
+# Lua scripts
+0 search/1/w #!\ /usr/bin/lua Lua script text executable
+!:mime text/x-lua
+0 search/1/w #!\ /usr/local/bin/lua Lua script text executable
+!:mime text/x-lua
+0 search/1 #!/usr/bin/env\ lua Lua script text executable
+!:mime text/x-lua
+0 search/1 #!\ /usr/bin/env\ lua Lua script text executable
+!:mime text/x-lua
+
+# Lua bytecode
+0 string \033Lua Lua bytecode,
+# 2.4 uses 0x23 as its version byte because it shares the format
+# with 2.3 (which was never released publicly).
+>4 byte 0x23 version 2.4
+>4 byte 0x25 version 2.5/3.0
+>4 byte 0x31 version 3.1
+>4 byte 0x32 version 3.2
+>4 byte 0x40 version 4.0
+>4 byte 0x50 version 5.0
+>4 byte 0x51 version 5.1
+>4 byte 0x52 version 5.2
+>4 byte 0x53 version 5.3
+>4 byte 0x54 version 5.4
diff --git a/magic/Magdir/luks b/magic/Magdir/luks
new file mode 100644
index 0000000..1604251
--- /dev/null
+++ b/magic/Magdir/luks
@@ -0,0 +1,126 @@
+
+#------------------------------------------------------------------------------
+# $File: luks,v 1.5 2022/09/07 11:23:44 christos Exp $
+# luks: file(1) magic for Linux Unified Key Setup
+# URL: https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup
+# http://fileformats.archiveteam.org/wiki/LUKS
+# From: Anthon van der Neut <anthon@mnt.org>
+# Update: Joerg Jenderek
+# Note: verfied by command like `cryptsetup luksDump /dev/sda3`
+
+0 string LUKS\xba\xbe LUKS encrypted file,
+# https://reposcope.com/mimetype/application/x-raw-disk-image
+!:mime application/x-raw-disk-image
+#!:mime application/x-luks-volume
+# img is the generic extension; no suffix for partitions; luksVolumeHeaderBackUp via zuluCrypt
+!:ext /luks/img/luksVolumeHeaderBackUp
+# version like: 1 2
+>6 beshort x ver %d
+# test for version 1 variant
+>6 beshort 1
+>>0 use luks-v1
+# test for version 2 variant
+>6 beshort >1
+>>0 use luks-v2
+# Reference: https://mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/LUKS_docs/on-disk-format.pdf
+# http://mark0.net/download/triddefs_xml.7z/defs/l/luks.trid.xml
+# display information about LUKS version 1
+0 name luks-v1
+# cipher-name like: aes twofish
+>8 string x [%s,
+# cipher-mode like: xts-plain64 cbc-essiv
+>40 string x %s,
+# hash specification like: sha256 sha1 ripemd160
+>72 string x %s]
+>168 string x UUID: %s
+# NEW PART!
+# payload-offset; start offset of the bulk data
+>104 ubelong x \b, at %#x data
+# key-bytes; number of key bytes; key-bytes*8=MK-bits
+>108 ubelong x \b, %u key bytes
+# mk-digest[20]; master key checksum from PBKDF2
+>112 ubequad x \b, MK digest %#16.16llx
+>>120 ubequad x \b%16.16llx
+>>128 ubelong x \b%8.8x
+# mk-digest-salt[32]; salt parameter for master key PBKDF2
+>132 ubequad x \b, MK salt %#16.16llx
+>>140 ubequad x \b%16.16llx
+>>148 ubequad x \b%16.16llx
+>>156 ubequad x \b%16.16llx
+# mk-digest-iter; iterations parameter for master key PBKDF2
+>164 ubelong x \b, %u MK iterations
+# key slot 1
+>208 ubelong =0x00AC71F3 \b; slot #0
+>>208 use luks-slot
+# key slot 2
+>256 ubelong =0x00AC71F3 \b; slot #1
+>>256 use luks-slot
+# key slot 3
+>304 ubelong =0x00AC71F3 \b; slot #2
+>>304 use luks-slot
+# key slot 4
+>352 ubelong =0x00AC71F3 \b; slot #3
+>>352 use luks-slot
+# key slot 5
+>400 ubelong =0x00AC71F3 \b; slot #4
+>>400 use luks-slot
+# key slot 6
+>448 ubelong =0x00AC71F3 \b; slot #5
+>>448 use luks-slot
+# key slot 7
+>496 ubelong =0x00AC71F3 \b; slot #6
+>>496 use luks-slot
+# key slot 8
+>544 ubelong =0x00AC71F3 \b; slot #7
+>>544 use luks-slot
+# Reference: https://gitlab.com/cryptsetup/LUKS2-docs/-/raw/master/luks2_doc_wip.pdf
+# http://mark0.net/download/triddefs_xml.7z/defs/l/luks2.trid.xml
+# display information about LUKS version 2
+0 name luks-v2
+# hdr_size; size including JSON area called Metadata area by cryptsetup with value like: 16384
+>8 ubequad x \b, header size %llu
+# possible check for MAGIC_2ND after header
+#>(8.Q) string SKUL\xba\xbe \b, 2nd_HEADER_OK
+# seqid; sequence ID, increased on update; called Epoch by cryptsetup with value like: 3 4 8 10
+>16 ubequad x \b, ID %llu
+# label[48]; optional ASCII label or empty; called Label by cryptsetup with value like: "LUKS2_EXT4_ROOT"
+>24 string >\0 \b, label %s
+# csum_alg[32]; checksum algorithm like: sha256 sha1 sha512 wirlpool ripemd160
+>72 string x \b, algo %s
+# salt[64]; salt , unique for every header
+>104 ubequad x \b, salt %#llx...
+# uuid[40]; UID of device as string like: 242256c6-396e-4a35-af5f-5b70cb7af9a7
+>168 string x \b, UUID: %-.40s
+# subsystem[48]; optional owner subsystem label or empty
+>208 string >\0 \b, sub label %-.48s
+# hdr_offset; offset from device start [ bytes ] like: 0
+>256 ubequad !0 \b, offset %llx
+# char _padding [184]; must be zeroed
+#>264 ubequad x \b, padding %#16.16llx
+#>440 ubequad x \b...%16.16llx
+# csum[64]; header checksum
+>448 ubequad x \b, crc %#llx...
+# char _padding4096 [7*512]; Padding , must be zeroed
+#>512 ubequad x \b, more padding %#16.16llx
+#>4088 ubequad x \b...%16.16llx
+# JSON text data terminated by the zero character; unused remainder empty and filled with zeroes like:
+# {"keyslots":{"0":{"type":"luks2","key_size":64,"af":{"type":"luks1","stripes":4000,"hash":"sha256"},"area":{"type":"raw","offse"
+>0x1000 string x \b, at 0x1000 %s
+#>0x1000 indirect x
+# display information (like active) about LUKS1 slot
+0 name luks-slot
+# state of keyslot; 0x00AC71F3~active 0x0000DEAD~inactive
+#>0 ubelong x \b, status %#8.8x
+>0 ubelong =0x00AC71F3 active
+>0 ubelong =0x0000DEAD inactive
+# iteration parameter for PBKDF2
+#>4 ubelong x \b, %u iterations
+# salt parameter for PBKDF2
+#>8 ubequad x \b, salt %#16.16llx
+#>>16 ubequad x \b%16.16llx
+#>>24 ubequad x \b%16.16llx
+#>>32 ubequad x \b%16.16llx
+# start sector of key material like: 8 0x200 0x3f8 0x5f0 0xdd0
+>40 ubelong x \b, %#x material offset
+# number of anti-forensic stripes like: 4000
+>44 ubelong !4000 \b, %u stripes
diff --git a/magic/Magdir/m4 b/magic/Magdir/m4
new file mode 100644
index 0000000..587ebe8
--- /dev/null
+++ b/magic/Magdir/m4
@@ -0,0 +1,11 @@
+#------------------------------------------------------------------------------
+# $File: m4,v 1.3 2019/02/27 16:46:23 christos Exp $
+# make: file(1) magic for M4 scripts
+#
+0 search/8192 dnl
+>0 regex \^dnl\ M4 macro processor script text
+!:mime text/x-m4
+0 search/8192 AC_DEFUN
+>0 regex \^AC_DEFUN\\(\\[ M4 macro processor script text
+!:strength + 15
+!:mime text/x-m4
diff --git a/magic/Magdir/mach b/magic/Magdir/mach
new file mode 100644
index 0000000..7eb98ff
--- /dev/null
+++ b/magic/Magdir/mach
@@ -0,0 +1,303 @@
+
+#------------------------------------------------------------
+# $File: mach,v 1.29 2021/04/26 15:56:00 christos Exp $
+# Mach has two magic numbers, 0xcafebabe and 0xfeedface.
+# Unfortunately the first, cafebabe, is shared with
+# Java ByteCode, so they are both handled in the file "cafebabe".
+# The "feedface" ones are handled herein.
+#------------------------------------------------------------
+# if set, it's for the 64-bit version of the architecture
+# yes, this is separate from the low-order magic number bit
+# it's also separate from the "64-bit libraries" bit in the
+# upper 8 bits of the CPU subtype
+
+# Reference: https://opensource.apple.com/source/cctools/cctools-949.0.1/
+# include/mach-o/loader.h
+# display CPU type as string like: i386 x86_64 ... armv7 armv7k ...
+0 name mach-o-cpu
+>0 belong&0xff000000 0
+#
+# 32-bit ABIs.
+#
+# 1 vax
+>>0 belong&0x00ffffff 1
+>>>4 belong&0x00ffffff 0 vax
+>>>4 belong&0x00ffffff 1 vax11/780
+>>>4 belong&0x00ffffff 2 vax11/785
+>>>4 belong&0x00ffffff 3 vax11/750
+>>>4 belong&0x00ffffff 4 vax11/730
+>>>4 belong&0x00ffffff 5 uvaxI
+>>>4 belong&0x00ffffff 6 uvaxII
+>>>4 belong&0x00ffffff 7 vax8200
+>>>4 belong&0x00ffffff 8 vax8500
+>>>4 belong&0x00ffffff 9 vax8600
+>>>4 belong&0x00ffffff 10 vax8650
+>>>4 belong&0x00ffffff 11 vax8800
+>>>4 belong&0x00ffffff 12 uvaxIII
+>>>4 belong&0x00ffffff >12 vax subarchitecture=%d
+>>0 belong&0x00ffffff 2 romp
+>>0 belong&0x00ffffff 3 architecture=3
+>>0 belong&0x00ffffff 4 ns32032
+>>0 belong&0x00ffffff 5 ns32332
+>>0 belong&0x00ffffff 6 m68k
+# 7 x86
+>>0 belong&0x00ffffff 7
+>>>4 belong&0x0000000f 3 i386
+>>>4 belong&0x0000000f 4 i486
+>>>>4 belong&0x00fffff0 0
+>>>>4 belong&0x00fffff0 0x80 \bsx
+>>>4 belong&0x0000000f 5 i586
+>>>4 belong&0x0000000f 6
+>>>>4 belong&0x00fffff0 0 p6
+>>>>4 belong&0x00fffff0 0x10 pentium_pro
+>>>>4 belong&0x00fffff0 0x20 pentium_2_m0x20
+>>>>4 belong&0x00fffff0 0x30 pentium_2_m3
+>>>>4 belong&0x00fffff0 0x40 pentium_2_m0x40
+>>>>4 belong&0x00fffff0 0x50 pentium_2_m5
+>>>>4 belong&0x00fffff0 >0x50 pentium_2_m%#x
+>>>4 belong&0x0000000f 7 celeron
+>>>>4 belong&0x00fffff0 0x00 \b_m%#x
+>>>>4 belong&0x00fffff0 0x10 \b_m%#x
+>>>>4 belong&0x00fffff0 0x20 \b_m%#x
+>>>>4 belong&0x00fffff0 0x30 \b_m%#x
+>>>>4 belong&0x00fffff0 0x40 \b_m%#x
+>>>>4 belong&0x00fffff0 0x50 \b_m%#x
+>>>>4 belong&0x00fffff0 0x60
+>>>>4 belong&0x00fffff0 0x70 \b_mobile
+>>>>4 belong&0x00fffff0 >0x70 \b_m%#x
+>>>4 belong&0x0000000f 8 pentium_3
+>>>>4 belong&0x00fffff0 0x00
+>>>>4 belong&0x00fffff0 0x10 \b_m
+>>>>4 belong&0x00fffff0 0x20 \b_xeon
+>>>>4 belong&0x00fffff0 >0x20 \b_m%#x
+>>>4 belong&0x0000000f 9 pentiumM
+>>>>4 belong&0x00fffff0 0x00
+>>>>4 belong&0x00fffff0 >0x00 \b_m%#x
+>>>4 belong&0x0000000f 10 pentium_4
+>>>>4 belong&0x00fffff0 0x00
+>>>>4 belong&0x00fffff0 0x10 \b_m
+>>>>4 belong&0x00fffff0 >0x10 \b_m%#x
+>>>4 belong&0x0000000f 11 itanium
+>>>>4 belong&0x00fffff0 0x00
+>>>>4 belong&0x00fffff0 0x10 \b_2
+>>>>4 belong&0x00fffff0 >0x10 \b_m%#x
+>>>4 belong&0x0000000f 12 xeon
+>>>>4 belong&0x00fffff0 0x00
+>>>>4 belong&0x00fffff0 0x10 \b_mp
+>>>>4 belong&0x00fffff0 >0x10 \b_m%#x
+>>>4 belong&0x0000000f >12 ia32 family=%d
+>>>>4 belong&0x00fffff0 0x00
+>>>>4 belong&0x00fffff0 >0x00 model=%x
+>>0 belong&0x00ffffff 8 mips
+>>>4 belong&0x00ffffff 1 R2300
+>>>4 belong&0x00ffffff 2 R2600
+>>>4 belong&0x00ffffff 3 R2800
+>>>4 belong&0x00ffffff 4 R2000a
+>>>4 belong&0x00ffffff 5 R2000
+>>>4 belong&0x00ffffff 6 R3000a
+>>>4 belong&0x00ffffff 7 R3000
+>>>4 belong&0x00ffffff >7 subarchitecture=%d
+>>0 belong&0x00ffffff 9 ns32532
+>>0 belong&0x00ffffff 10 mc98000
+>>0 belong&0x00ffffff 11 hppa
+>>>4 belong&0x00ffffff 0 7100
+>>>4 belong&0x00ffffff 1 7100LC
+>>>4 belong&0x00ffffff >1 subarchitecture=%d
+>>0 belong&0x00ffffff 12 arm
+>>>4 belong&0x00ffffff 0
+>>>4 belong&0x00ffffff 1 subarchitecture=%d
+>>>4 belong&0x00ffffff 2 subarchitecture=%d
+>>>4 belong&0x00ffffff 3 subarchitecture=%d
+>>>4 belong&0x00ffffff 4 subarchitecture=%d
+>>>4 belong&0x00ffffff 5 \bv4t
+>>>4 belong&0x00ffffff 6 \bv6
+>>>4 belong&0x00ffffff 7 \bv5tej
+>>>4 belong&0x00ffffff 8 \bxscale
+>>>4 belong&0x00ffffff 9 \bv7
+>>>4 belong&0x00ffffff 10 \bv7f
+>>>4 belong&0x00ffffff 11 \bv7s
+>>>4 belong&0x00ffffff 12 \bv7k
+>>>4 belong&0x00ffffff 13 \bv8
+>>>4 belong&0x00ffffff 14 \bv6m
+>>>4 belong&0x00ffffff 15 \bv7m
+>>>4 belong&0x00ffffff 16 \bv7em
+>>>4 belong&0x00ffffff >16 subarchitecture=%d
+# 13 m88k
+>>0 belong&0x00ffffff 13
+>>>4 belong&0x00ffffff 0 mc88000
+>>>4 belong&0x00ffffff 1 mc88100
+>>>4 belong&0x00ffffff 2 mc88110
+>>>4 belong&0x00ffffff >2 mc88000 subarchitecture=%d
+>>0 belong&0x00ffffff 14 SPARC
+>>0 belong&0x00ffffff 15 i860g
+>>0 belong&0x00ffffff 16 alpha
+>>0 belong&0x00ffffff 17 rs6000
+>>0 belong&0x00ffffff 18 ppc
+>>>4 belong&0x00ffffff 0
+>>>4 belong&0x00ffffff 1 \b_601
+>>>4 belong&0x00ffffff 2 \b_602
+>>>4 belong&0x00ffffff 3 \b_603
+>>>4 belong&0x00ffffff 4 \b_603e
+>>>4 belong&0x00ffffff 5 \b_603ev
+>>>4 belong&0x00ffffff 6 \b_604
+>>>4 belong&0x00ffffff 7 \b_604e
+>>>4 belong&0x00ffffff 8 \b_620
+>>>4 belong&0x00ffffff 9 \b_750
+>>>4 belong&0x00ffffff 10 \b_7400
+>>>4 belong&0x00ffffff 11 \b_7450
+>>>4 belong&0x00ffffff 100 \b_970
+>>>4 belong&0x00ffffff >100 subarchitecture=%d
+>>0 belong&0x00ffffff >18 architecture=%d
+>0 belong&0xff000000 0x01000000
+#
+# 64-bit ABIs.
+#
+>>0 belong&0x00ffffff 0 64-bit architecture=%d
+>>0 belong&0x00ffffff 1 64-bit architecture=%d
+>>0 belong&0x00ffffff 2 64-bit architecture=%d
+>>0 belong&0x00ffffff 3 64-bit architecture=%d
+>>0 belong&0x00ffffff 4 64-bit architecture=%d
+>>0 belong&0x00ffffff 5 64-bit architecture=%d
+>>0 belong&0x00ffffff 6 64-bit architecture=%d
+>>0 belong&0x00ffffff 7 x86_64
+>>>4 belong&0x00ffffff 0 subarchitecture=%d
+>>>4 belong&0x00ffffff 1 subarchitecture=%d
+>>>4 belong&0x00ffffff 2 subarchitecture=%d
+>>>4 belong&0x00ffffff 3
+>>>4 belong&0x00ffffff 4 \b_arch1
+>>>4 belong&0x00ffffff 8 \b_haswell
+>>>4 belong&0x00ffffff >4 subarchitecture=%d
+>>0 belong&0x00ffffff 8 64-bit architecture=%d
+>>0 belong&0x00ffffff 9 64-bit architecture=%d
+>>0 belong&0x00ffffff 10 64-bit architecture=%d
+>>0 belong&0x00ffffff 11 64-bit architecture=%d
+>>0 belong&0x00ffffff 12 arm64
+>>>4 belong&0x00ffffff 0
+>>>4 belong&0x00ffffff 1 \bv8
+>>>4 belong&0x00ffffff 2 \be
+>>>>7 ubyte&0xff >0 (caps:
+>>>>7 ubyte&0xff <0x80 %#02x
+>>>>7 ubyte&0xc0 0x80 PAC
+>>>>>7 ubyte&0x3f x \b%02d
+>>>>7 ubyte&0xc0 0xc0 PAK
+>>>>>7 ubyte&0x3f x \b%02d
+>>>>7 ubyte&0xff x \b)
+>>>4 belong&0x00ffffff >2 subarchitecture=%d
+>>0 belong&0x00ffffff 13 64-bit architecture=%d
+>>0 belong&0x00ffffff 14 64-bit architecture=%d
+>>0 belong&0x00ffffff 15 64-bit architecture=%d
+>>0 belong&0x00ffffff 16 64-bit architecture=%d
+>>0 belong&0x00ffffff 17 64-bit architecture=%d
+>>0 belong&0x00ffffff 18 ppc64
+>>>4 belong&0x00ffffff 0
+>>>4 belong&0x00ffffff 1 \b_601
+>>>4 belong&0x00ffffff 2 \b_602
+>>>4 belong&0x00ffffff 3 \b_603
+>>>4 belong&0x00ffffff 4 \b_603e
+>>>4 belong&0x00ffffff 5 \b_603ev
+>>>4 belong&0x00ffffff 6 \b_604
+>>>4 belong&0x00ffffff 7 \b_604e
+>>>4 belong&0x00ffffff 8 \b_620
+>>>4 belong&0x00ffffff 9 \b_650
+>>>4 belong&0x00ffffff 10 \b_7400
+>>>4 belong&0x00ffffff 11 \b_7450
+>>>4 belong&0x00ffffff 100 \b_970
+>>>4 belong&0x00ffffff >100 subarchitecture=%d
+>>0 belong&0x00ffffff >18 64-bit architecture=%d
+>0 belong&0xff000000 0x02000000
+#
+# 64_32-bit ABIs.
+#
+>>0 belong&0x00ffffff 0 64_32-bit architecture=%d
+>>0 belong&0x00ffffff 1 64_32-bit architecture=%d
+>>0 belong&0x00ffffff 2 64_32-bit architecture=%d
+>>0 belong&0x00ffffff 3 64_32-bit architecture=%d
+>>0 belong&0x00ffffff 4 64_32-bit architecture=%d
+>>0 belong&0x00ffffff 5 64_32-bit architecture=%d
+>>0 belong&0x00ffffff 6 64_32-bit architecture=%d
+>>0 belong&0x00ffffff 7 64_32-bit architecture=%d
+>>0 belong&0x00ffffff 8 64_32-bit architecture=%d
+>>0 belong&0x00ffffff 9 64_32-bit architecture=%d
+>>0 belong&0x00ffffff 10 64_32-bit architecture=%d
+>>0 belong&0x00ffffff 11 64_32-bit architecture=%d
+>>0 belong&0x00ffffff 12 64_32-bit arm
+>>>4 belong&0x00ffffff 0
+>>>4 belong&0x00ffffff 1 \bv8
+>>>4 belong&0x00ffffff >1 subarchitecture=%d
+>>0 belong&0x00ffffff 13 64_32-bit architecture=%d
+>>0 belong&0x00ffffff 14 64_32-bit architecture=%d
+>>0 belong&0x00ffffff 15 64_32-bit architecture=%d
+>>0 belong&0x00ffffff 16 64_32-bit architecture=%d
+>>0 belong&0x00ffffff 17 64_32-bit architecture=%d
+>>0 belong&0x00ffffff 18 64_32-bit architecture=%d
+>>0 belong&0x00ffffff >18 64_32-bit architecture=%d
+
+0 name mach-o-be
+>0 byte 0xcf 64-bit
+>4 use mach-o-cpu
+>12 belong 1 object
+# GRR: Does not work for Mach-O with 2 architectures; instead display oo
+#!:ext o
+!:ext o/
+>12 belong 2 executable
+# the executables normally have no file extension like perl,
+# but exceptions like perl5.18 perl5.16
+!:ext 16/18/
+>12 belong 3 fixed virtual memory shared library
+>12 belong 4 core
+>12 belong 5 preload executable
+>12 belong 6 dynamically linked shared library
+# GRR: Does not work for Mach-O with 2 architectures; instead display dylibdylib
+#!:ext dylib
+!:ext dylib/
+>12 belong 7 dynamic linker
+>12 belong 8 bundle
+# normally name extension bundle; but exceptions like: AMDil_r700.dylib
+!:ext bundle/dylib/
+>12 belong 9 dynamically linked shared library stub
+>12 belong 10 dSYM companion file
+>12 belong 11 kext bundle
+>12 belong >11
+>>12 belong x filetype=%d
+>24 belong >0 \b, flags:<
+>>24 belong &0x00000001 \bNOUNDEFS
+>>24 belong &0x00000002 \b|INCRLINK
+>>24 belong &0x00000004 \b|DYLDLINK
+>>24 belong &0x00000008 \b|BINDATLOAD
+>>24 belong &0x00000010 \b|PREBOUND
+>>24 belong &0x00000020 \b|SPLIT_SEGS
+>>24 belong &0x00000040 \b|LAZY_INIT
+>>24 belong &0x00000080 \b|TWOLEVEL
+>>24 belong &0x00000100 \b|FORCE_FLAT
+>>24 belong &0x00000200 \b|NOMULTIDEFS
+>>24 belong &0x00000400 \b|NOFIXPREBINDING
+>>24 belong &0x00000800 \b|PREBINDABLE
+>>24 belong &0x00001000 \b|ALLMODSBOUND
+>>24 belong &0x00002000 \b|SUBSECTIONS_VIA_SYMBOLS
+>>24 belong &0x00004000 \b|CANONICAL
+>>24 belong &0x00008000 \b|WEAK_DEFINES
+>>24 belong &0x00010000 \b|BINDS_TO_WEAK
+>>24 belong &0x00020000 \b|ALLOW_STACK_EXECUTION
+>>24 belong &0x00040000 \b|ROOT_SAFE
+>>24 belong &0x00080000 \b|SETUID_SAFE
+>>24 belong &0x00100000 \b|NO_REEXPORTED_DYLIBS
+>>24 belong &0x00200000 \b|PIE
+>>24 belong &0x00400000 \b|DEAD_STRIPPABLE_DYLIB
+>>24 belong &0x00800000 \b|HAS_TLV_DESCRIPTORS
+>>24 belong &0x01000000 \b|NO_HEAP_EXECUTION
+>>24 belong &0x02000000 \b|APP_EXTENSION_SAFE
+>>24 belong &0x04000000 \b|NLIST_OUTOFSYNC_WITH_DYLDINFO
+>>24 belong &0x08000000 \b|SIM_SUPPORT
+>>24 belong &0x80000000 \b|DYLIB_IN_CACHE
+>>24 belong x \b>
+
+#
+0 lelong&0xfffffffe 0xfeedface Mach-O
+!:strength +1
+!:mime application/x-mach-binary
+>0 use \^mach-o-be
+
+0 belong&0xfffffffe 0xfeedface Mach-O
+!:strength +1
+!:mime application/x-mach-binary
+>0 use mach-o-be
diff --git a/magic/Magdir/macintosh b/magic/Magdir/macintosh
new file mode 100644
index 0000000..a74aac4
--- /dev/null
+++ b/magic/Magdir/macintosh
@@ -0,0 +1,505 @@
+
+#------------------------------------------------------------------------------
+# $File: macintosh,v 1.36 2022/12/06 18:45:20 christos Exp $
+# macintosh description
+#
+# BinHex is the Macintosh ASCII-encoded file format (see also "apple")
+# Daniel Quinlan, quinlan@yggdrasil.com
+# Update: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/BinHex
+# Reference: http://fileformats.archiveteam.org/wiki/BinHex
+# Note: only tested with version 4.0 and hqx extension
+# Any text/binary before the characteristic comment sentence is to be ignored like in
+# http://ftp.vim.org/pub/ftp/ftp/infomac/disk/mac-update-40b7.hqx
+0 search/1602 (This\ file\
+>&0 use binhex
+# http://ftp.vim.org/pub/ftp/ftp/infomac/_Disk_&_File/zap-res-forks-101.hqx
+0 search/2652/b (This\ file\
+>&0 use binhex
+0 name binhex
+# keep split search string format similar like in version 5.37
+>0 string must\ be\ converted\ with\ BinHex\ BinHex binary text, version
+# http://www.macdisk.com/binhexen.php3
+!:apple BNHQTEXT
+# http://www.faqs.org/faqs/macintosh/comm-faq/part1/
+>>&0 string 1.0 1.0
+!:mime application/mac-binhex
+!:ext hex
+>>&0 string 2.0 2.0
+!:mime application/mac-binhex
+!:ext hcx
+# BinHex 3.0 never existed
+>>&0 string 4.0 4.0
+!:mime application/mac-binhex40
+!:ext hqx
+# BinHex 5.0 also MacBinary I
+>>&0 string 5.0 5.0
+!:mime application/mac-binhex40
+!:ext hqx
+# this should never happen
+>>&0 default x
+>>>&0 string x %.3s
+!:mime application/mac-binhex
+!:ext hqx
+
+# Stuffit archives are the de facto standard of compression for Macintosh
+# files obtained from most archives. (franklsm@tuns.ca)
+0 string SIT! StuffIt Archive (data)
+!:mime application/x-stuffit
+!:apple SIT!SIT!
+>2 string x : %s
+0 string SITD StuffIt Deluxe (data)
+>2 string x : %s
+0 string Seg StuffIt Deluxe Segment (data)
+>2 string x : %s
+
+# Newer StuffIt archives (grant@netbsd.org)
+0 string StuffIt StuffIt Archive
+!:mime application/x-stuffit
+!:apple SIT!SIT!
+#>162 string >0 : %s
+
+# Macintosh Applications and Installation binaries (franklsm@tuns.ca)
+# GRR: Too weak
+#0 string APPL Macintosh Application (data)
+#>2 string x \b: %s
+
+# Macintosh System files (franklsm@tuns.ca)
+# GRR: Too weak
+#0 string zsys Macintosh System File (data)
+#0 string FNDR Macintosh Finder (data)
+#0 string libr Macintosh Library (data)
+#>2 string x : %s
+#0 string shlb Macintosh Shared Library (data)
+#>2 string x : %s
+#0 string cdev Macintosh Control Panel (data)
+#>2 string x : %s
+#0 string INIT Macintosh Extension (data)
+#>2 string x : %s
+#0 string FFIL Macintosh Truetype Font (data)
+#>2 string x : %s
+#0 string LWFN Macintosh Postscript Font (data)
+#>2 string x : %s
+
+# Additional Macintosh Files (franklsm@tuns.ca)
+# GRR: Too weak
+#0 string PACT Macintosh Compact Pro Archive (data)
+#>2 string x : %s
+#0 string ttro Macintosh TeachText File (data)
+#>2 string x : %s
+#0 string TEXT Macintosh TeachText File (data)
+#>2 string x : %s
+#0 string PDF Macintosh PDF File (data)
+#>2 string x : %s
+
+# MacBinary format (Eric Fischer, enf@pobox.com)
+# Update: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/MacBinary
+# http://fileformats.archiveteam.org/wiki/MacBinary
+# Reference: https://files.stairways.com/other/macbinaryii-standard-info.txt
+# Note: verified by macutils `macunpack -i -v BBEdit4.0.sit.bin` and
+# `deark -l -d -m macbinary G3FirmwareUpdate1.1.smi.bin`
+#
+# Unfortunately MacBinary doesn't really have a magic number prior
+# to the MacBinary III format.
+#
+
+# old version number, must be kept at zero for compatibility
+0 byte 0
+# length of filename (must be in the range 1-63)
+>1 ubyte >0
+# skip T.PIC.LZ INSTRUMENT.7T INVENTORY
+>>1 ubyte <64
+# skip Docs.MWII ReadMe.MacWrite "Notes (MacWrite II)"
+# by looking for printable characters at beginning of file name
+>>>2 ubelong >0x1F000000
+# zero fill, must be zero for compatibility
+>>>>74 byte 0
+# zero fill, must be zero for compatibility
+>>>>>82 byte 0
+# skip few DEGAS mid-res uncompressed bitmap (GEMINI03.PI2 CODE_RAM.PI2) with "too high" file names ffffff88 ffff4f00
+>>>>>>2 ubelong <0xffff0000
+# MacBinary I test for valid version numbers
+>>>>>>>122 ubeshort 0
+# additional check for undefined header fields in MacBinary I
+#>>>>>>>>101 ulong 0
+>>>>>>>>0 use mac-bin
+# MacBinary II the newer versions begins at 129
+>>>>>>>122 ubeshort 0x8181
+>>>>>>>>0 use mac-bin
+# MacBinary III with MacBinary II to read
+>>>>>>122 ubeshort 0x8281
+>>>>>>>0 use mac-bin
+
+# display information of MacBinary file
+0 name mac-bin
+>122 ubyte x MacBinary
+# versions for MacBinary II/III
+>122 ubyte 129 II
+>122 ubyte 130 III
+# only in MacBinary III
+>>102 string !mBIN with surprising version
+!:mime application/x-macbinary
+!:apple PSPTBINA
+!:ext bin/macbin
+# THIS SHOULD NEVER HAPPEN! Maybe another file type is misidentified as MacBinary
+#>1 ubyte >63 \b, name length %u too BIG!
+#>122 ubeshort x \b, version %#x
+# Finder flags if not 0
+# >73 byte !0 \b, flags 0x
+# >73 byte =0
+# >>101 byte !0 \b, flags 0x
+# # original Finder flags (Bits 8-15)
+# >73 byte !0 \b%x
+# # finder flags, bits 0-7
+# >101 byte !0 \b%x
+>73 byte &0x01 \b, inited
+>73 byte &0x02 \b, changed
+>73 byte &0x04 \b, busy
+>73 byte &0x08 \b, bozo
+>73 byte &0x10 \b, system
+>73 byte &0x20 \b, bundle
+>73 byte &0x40 \b, invisible
+>73 byte &0x80 \b, locked
+
+# 75 beshort # vertical posn in window
+#>75 beshort !0 \b, v.pos %u
+# 77 beshort # horiz posn in window
+#>77 beshort !0 \b, h.pos %u
+# 79 beshort # window or folder ID
+>79 ubeshort !0 \b, ID %#x
+# protected flag
+>81 byte !0 \b, protected %#x
+# length of comment after resource
+>99 ubeshort !0 \b, comment length %u
+# char. code of file name
+>106 ubyte !0 \b, char. code %#x
+# still more Finder flags
+>107 ubyte !0 \b, more flags %#x
+# length of total files when unpacked only used when pack and unpack on the fly
+>116 ubelong !0 \b, total length %u
+# 120 beshort # length of add'l header
+>120 ubeshort !0 \b, 2nd header length %u
+# 124 beshort # checksum
+#>124 ubeshort !0 \b, CRC %#x
+# creation date in seconds since MacOS epoch start. So 1 Jan 1970 ~ 7C25B080
+# few (31/1247) examples (hinkC4.0.sitx.bin InternetExplorer5.1.smi.bin G3FirmwareUpdate1.1.smi.bin Firewire2.3.3.smi.bin LR2image.bin) contain zeroed date fields
+>91 long !0
+>>91 beldate-0x7C25B080 x \b, %s
+# THIS SHOULD NEVER HAPPEN! Maybe another file type is misidentified or time overflow
+>91 ubelong <0x7c25b080 INVALID date
+# reported date seconds by deark
+#>91 ubelong x deark-DATE=%u
+# last modified date
+>95 long !0
+>>95 beldate-0x7C25B080 x \b, modified %s
+# Apple creator+typ if not null
+# file creator (normally expressed as four characters)
+>69 ulong !0 \b, creator
+# instead 4 character code display full creator name
+>>69 use apple-creator
+# file type (normally expressed as four characters)
+>65 ulong !0 \b, type
+>>65 use apple-type
+# length of data segment
+>83 ubelong !0 \b, %u bytes
+# filename (in the range 1-63)
+# like "BBEdit4.0.sit" "Archive.sitx" "MacPGP 2.2 (.sea)"
+>1 pstring x "%s"
+# print 1 space and then at offset 128 inspect data fork content if it has one
+>83 ubelong !0 \b
+>>128 indirect x
+# Afterwards resource fork if length of resource segment not zero
+>87 ubelong !0
+# calculate resource fork offset
+>>83 ubelong+128 x \b, at %#x
+# length of resource segment
+>>87 ubelong !0 %u bytes
+>>(83.S+128) ubequad x resource
+# further resource fork content inspection
+>>>&-8 indirect x
+
+# Apple Type/Creator Database
+# URL: https://en.wikipedia.org/wiki/Type_code
+# Reference: https://www.lacikam.co.il/tcdb/
+# https://www.macdisk.com/macsigen.php
+# Note: classic Mac OS files have two 4 character codes for type and creator.
+# Thereby the Finder attach documents types to applications.
+
+#>65 string x \b, type "%4.4s"
+
+# display information about apple type
+0 name apple-type
+>0 string 8BIM PhotoShop
+>0 string ALB3 PageMaker 3
+>0 string ALB4 PageMaker 4
+>0 string ALT3 PageMaker 3
+>0 string APPL application
+>0 string AWWP AppleWorks word processor
+>0 string CIRC simulated circuit
+>0 string DRWG MacDraw
+>0 string EPSF Encapsulated PostScript
+>0 string FFIL font suitcase
+>0 string FKEY function key
+>0 string FNDR Macintosh Finder
+>0 string GIFf GIF image
+>0 string Gzip GNU gzip
+>0 string INIT system extension
+>0 string LIB\ library
+>0 string LWFN PostScript font
+>0 string MSBC Microsoft BASIC
+>0 string PACT Compact Pro archive
+>0 string PDF\ Portable Document Format
+>0 string PICT picture
+>0 string PNTG MacPaint picture
+>0 string PREF preferences
+>0 string PROJ Think C project
+>0 string QPRJ Think Pascal project
+>0 string SCFL Defender scores
+>0 string SCRN startup screen
+>0 string SITD StuffIt Deluxe
+>0 string SPn3 SuperPaint
+>0 string STAK HyperCard stack
+>0 string Seg\ StuffIt segment
+>0 string TARF Unix tar archive
+>0 string TEXT ASCII
+>0 string TIFF TIFF image
+>0 string TOVF Eudora table of contents
+>0 string WDBN Microsoft Word word processor
+>0 string WORD MacWrite word processor
+>0 string XLS\ Microsoft Excel
+>0 string ZIVM compress (.Z)
+>0 string ZSYS Pre-System 7 system file
+>0 string acf3 Aldus FreeHand
+>0 string cdev control panel
+>0 string dfil Desk Accessory suitcase
+>0 string libr library
+>0 string nX^d WriteNow word processor
+>0 string nX^w WriteNow dictionary
+>0 string rsrc resource
+>0 string scbk Scrapbook
+>0 string shlb shared library
+>0 string ttro SimpleText read-only
+>0 string zsys system file
+
+# additional types added in Dec 2017
+>0 string BINA binary file
+>0 string BMPp BMP image
+>0 string JPEG JPEG image
+#>0 string W4BN Microsoft Word x.y word processor?
+# if type name is not known display 4 character identifier
+>0 default x
+>>0 string x '%4.4s'
+
+#>69 string x \b, creator "%4.4s"
+
+# Now Apple has no repository of registered Creator IDs any more. These are
+# just the ones that I happened to have files from and was able to identify.
+
+# display information about apple creator
+0 name apple-creator
+>0 string 8BIM Adobe Photoshop
+>0 string ALD3 PageMaker 3
+>0 string ALD4 PageMaker 4
+>0 string ALFA Alpha editor
+>0 string APLS Apple Scanner
+>0 string APSC Apple Scanner
+>0 string BRKL Brickles
+>0 string BTFT BitFont
+>0 string CCL2 Common Lisp 2
+>0 string CCL\ Common Lisp
+>0 string CDmo The Talking Moose
+>0 string CPCT Compact Pro
+>0 string CSOm Eudora
+>0 string DMOV Font/DA Mover
+>0 string DSIM DigSim
+>0 string EDIT Macintosh Edit
+>0 string ERIK Macintosh Finder
+>0 string EXTR self-extracting archive
+>0 string Gzip GNU gzip
+>0 string KAHL Think C
+>0 string LWFU LaserWriter Utility
+>0 string LZIV compress
+>0 string MACA MacWrite
+>0 string MACS Macintosh operating system
+>0 string MAcK MacKnowledge terminal emulator
+>0 string MLND Defender
+>0 string MPNT MacPaint
+>0 string MSBB Microsoft BASIC (binary)
+>0 string MSWD Microsoft Word
+>0 string NCSA NCSA Telnet
+>0 string PJMM Think Pascal
+>0 string PSAL Hunt the Wumpus
+#>0 string PSI2 Apple File Exchange
+>0 string R*ch BBEdit
+>0 string RMKR Resource Maker
+>0 string RSED Resource Editor
+>0 string Rich BBEdit
+>0 string SIT! StuffIt
+>0 string SPNT SuperPaint
+>0 string Unix NeXT Mac filesystem
+>0 string VIM! Vim editor
+>0 string WILD HyperCard
+>0 string XCEL Microsoft Excel
+>0 string aCa2 Fontographer
+>0 string aca3 Aldus FreeHand
+>0 string dosa Macintosh MS-DOS file system
+>0 string movr Font/DA Mover
+>0 string nX^n WriteNow
+>0 string pdos Apple ProDOS file system
+>0 string scbk Scrapbook
+>0 string ttxt SimpleText
+>0 string ufox Foreign File Access
+# additional creators added in Dec 2017
+# Claris/Apple Works
+>0 string BOBO Apple Works
+# CU-SeeMe_0.87b3_(68K).bin
+#>0 string CUce bar
+>0 string PSPT Apple File Exchange
+# Disk_Copy_4.2.sea.bin
+#>0 string NCse foo
+# probably StuffIt/Aladdin by Smith Micro Software, Inc.
+>0 string STi0 stuffit
+# MacGzip-1.1.3.sea.bin
+#>0 string aust bar
+# D-Disk_Copy_6.3.3.smi.bin
+>0 string oneb Disk Copy Self Mounting
+# if creator name is not known display 4 character identifier
+>0 default x
+>>0 string x '%4.4s'
+
+# sas magic from Bruce Foster (bef@nwu.edu)
+#
+#0 string SAS SAS
+#>8 string x %s
+0 string SAS SAS
+>24 string DATA data file
+>24 string CATALOG catalog
+>24 string INDEX data file index
+>24 string VIEW data view
+# sas 7+ magic from Reinhold Koch (reinhold.koch@roche.com)
+#
+0x54 string SAS SAS 7+
+>0x9C string DATA data file
+>0x9C string CATALOG catalog
+>0x9C string INDEX data file index
+>0x9C string VIEW data view
+
+# spss magic for SPSS system and portable files,
+# from Bruce Foster (bef@nwu.edu).
+
+0 long 0xc1e2c3c9 SPSS Portable File
+>40 string x %s
+
+0 string $FL2 SPSS System File
+>24 string x %s
+
+0 string $FL3 SPSS System File
+>24 string x %s
+
+# Macintosh filesystem data
+# From "Tom N Harris" <telliamed@mac.com>
+# Fixed HFS+ and Partition map magic: Ethan Benson <erbenson@alaska.net>
+# The MacOS epoch begins on 1 Jan 1904 instead of 1 Jan 1970, so these
+# entries depend on the data arithmetic added after v.35
+# There's also some Pascal strings in here, ditto...
+
+# The boot block signature, according to IM:Files, is
+# "for HFS volumes, this field always contains the value 0x4C4B."
+# But if this is true for MFS or HFS+ volumes, I don't know.
+# Alternatively, the boot block is supposed to be zeroed if it's
+# unused, so a simply >0 should suffice.
+
+0x400 beshort 0xD2D7 Macintosh MFS data
+>0 beshort 0x4C4B (bootable)
+>0x40a beshort &0x8000 (locked)
+>0x402 beldate-0x7C25B080 x created: %s,
+>0x406 beldate-0x7C25B080 >0 last backup: %s,
+>0x414 belong x block size: %d,
+>0x412 beshort x number of blocks: %d,
+>0x424 pstring x volume name: %s
+
+# *.hfs updated by Joerg Jenderek
+# https://en.wikipedia.org/wiki/Hierarchical_File_System
+# "BD" gives many false positives
+0x400 beshort 0x4244
+# ftp://ftp.mars.org/pub/hfs/hfsutils-3.2.6.tar.gz/hfsutils-3.2.6/libhfs/apple.h
+# first block of volume bit map (always 3)
+>0x40e ubeshort 0x0003
+# maximal length of volume name is 27
+>>0x424 ubyte <28 Macintosh HFS data
+!:mime application/x-apple-diskimage
+#!:apple hfsdINIT
+#!:apple MACSdisk
+# https://www.macdisk.com/macsigen.php
+#!:apple ddskdevi
+!:apple ????devi
+# https://en.wikipedia.org/wiki/Apple_Disk_Image
+!:ext hfs/dmg
+>>>0 beshort 0x4C4B (bootable)
+#>>>0 beshort 0x0000 (not bootable)
+>>>0x40a beshort &0x8000 (locked)
+>>>0x40a beshort ^0x0100 (mounted)
+>>>0x40a beshort &0x0200 (spared blocks)
+>>>0x40a beshort &0x0800 (unclean)
+>>>0x47C beshort 0x482B (Embedded HFS+ Volume)
+# https://www.epochconverter.com/
+# 0x7C245F00 seconds ~ 2082758400 ~ 01 Jan 2036 00:00:00 ~ 66 years to 1970
+# 0x7C25B080 seconds ~ 2082844800 ~ 02 Jan 2036 00:00:00
+# construct not working
+#>>>0x402 beldate-0x7C25B080 x created: %s,
+#>>>0x406 beldate-0x7C25B080 x last modified: %s,
+#>>>0x440 beldate-0x7C25B080 >0 last backup: %s,
+# found block sizes 200h,1200h,2800h
+>>>0x414 belong x block size: %d,
+>>>0x412 beshort x number of blocks: %d,
+>>>0x424 pstring x volume name: %s
+
+0 name hfsplus
+>&0 beshort x version %d data
+>0 beshort 0x4C4B (bootable)
+>0x404 belong ^0x00000100 (mounted)
+>&2 belong &0x00000200 (spared blocks)
+>&2 belong &0x00000800 (unclean)
+>&2 belong &0x00008000 (locked)
+>&6 string x last mounted by: '%.4s',
+# really, that should be treated as a belong and we print a string
+# based on the value. TN1150 only mentions '8.10' for "MacOS 8.1"
+>&14 beldate-0x7C25B080 x created: %s,
+# only the creation date is local time, all other timestamps in HFS+ are UTC.
+>&18 bedate-0x7C25B080 x last modified: %s,
+>&22 bedate-0x7C25B080 >0 last backup: %s,
+>&26 bedate-0x7C25B080 >0 last checked: %s,
+>&38 belong x block size: %d,
+>&42 belong x number of blocks: %d,
+>&46 belong x free blocks: %d
+
+0x400 beshort 0x482B Apple HFS Plus
+>&0 use hfsplus
+0x400 beshort 0x4858 Apple HFS Plus Extended
+>&0 use hfsplus
+
+## AFAIK, only the signature is different
+# same as Apple Partition Map
+# GRR: This magic is too weak, it is just "TS"
+#0x200 beshort 0x5453 Apple Old Partition data
+#>0x2 beshort x block size: %d,
+#>0x230 string x first type: %s,
+#>0x210 string x name: %s,
+#>0x254 belong x number of blocks: %d,
+#>0x400 beshort 0x504D
+#>>0x430 string x second type: %s,
+#>>0x410 string x name: %s,
+#>>0x454 belong x number of blocks: %d,
+#>>0x800 beshort 0x504D
+#>>>0x830 string x third type: %s,
+#>>>0x810 string x name: %s,
+#>>>0x854 belong x number of blocks: %d,
+#>>>0xa00 beshort 0x504D
+#>>>>0xa30 string x fourth type: %s,
+#>>>>0xa10 string x name: %s,
+#>>>>0xa54 belong x number of blocks: %d
+
+# From: Remi Mommsen <mommsen@slac.stanford.edu>
+0 string BOMStore Mac OS X bill of materials (BOM) file
+
diff --git a/magic/Magdir/macos b/magic/Magdir/macos
new file mode 100644
index 0000000..0bacc13
--- /dev/null
+++ b/magic/Magdir/macos
@@ -0,0 +1,7 @@
+
+#------------------------------------------------------------------------------
+# $File: macos,v 1.1 2012/12/21 16:41:07 christos Exp $
+# MacOS files
+#
+
+0 string book\0\0\0\0mark\0\0\0\0 MacOS Alias file
diff --git a/magic/Magdir/magic b/magic/Magdir/magic
new file mode 100644
index 0000000..c8aa054
--- /dev/null
+++ b/magic/Magdir/magic
@@ -0,0 +1,71 @@
+
+#------------------------------------------------------------------------------
+# $File: magic,v 1.11 2023/06/27 13:42:49 christos Exp $
+# magic: file(1) magic for magic files
+#
+# Update: Joerg Jenderek
+# skip Magicsee_R1.cfg found on retropie starting with # Magicsee R1 one-handed controller
+0 string/t #\ Magic\ magic text file for file(1) cmd
+#!:mime text/plain
+!:mime text/x-file
+# no suffix in ../Header
+!:ext /
+#
+# some samples start with a comment line
+0 ubyte =0x23
+# many samples start with separator line
+>4 string --------
+>>0 use magic-fragment
+# few samples with 1st comment line and without seperator comment line
+>4 default x
+# few sample with 1st comment line and without seperator comment line and regular expression like: sisu
+>>1 search/112 regex\x09
+>>>0 use magic-fragment
+>>1 default x
+# few samples with 1st comment line and without seperator comment line and string value like:
+# blcr bsi selinux ssh (file 3.34) digital gnu wordperfect
+>>>1 search/471 string\x09
+>>>>0 use magic-fragment
+>>>1 default x
+# few samples with 1st comment line and without seperator comment line and short value like:
+# (file 3.34) os9 osf1
+>>>>1 search/1716 short\x09
+>>>>>0 use magic-fragment
+# but many samples start with an empty first line
+0 ubyte =0x0A
+# many samples sttart with separator comment line
+>4 string --------
+>>0 use magic-fragment
+# few samples with 1st empty line and without seperator comment line like: biosig espressif
+>4 default x
+>>1 search/581 \041:mime
+>>>0 use magic-fragment
+# display information (lines) about magic text fragment
+0 name magic-fragment
+>0 string x magic text fragment for file(1) cmd
+!:mime text/x-file
+# most without suffix but mail.news varied.out varied.script
+!:ext /news/out/script
+# next lines are mainly for control reasons
+# some (34/339) samples start comment line
+>0 ubyte !0x0A
+>>0 string x \b, 1st line "%s"
+>>>&1 string x \b, 2nd line "%s"
+# but most (305/339) samples start with an empty first line
+>0 ubyte =0x0A
+>>1 string x \b, 2nd line "%s"
+>>>&1 string x \b, 3rd line "%s"
+#
+# URL: http://en.wikipedia.org/wiki/File_(command)
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/m/mgc.trid.xml
+# Note: called "magic compiled data (LE)" by TrID
+0 lelong 0xF11E041C magic binary file for file(1) cmd
+#!:mime application/octet-stream
+!:mime application/x-file
+!:ext mgc
+>4 lelong x (version %d) (little endian)
+0 belong 0xF11E041C magic binary file for file(1) cmd
+#!:mime application/octet-stream
+!:mime application/x-file
+!:ext mgc
+>4 belong x (version %d) (big endian)
diff --git a/magic/Magdir/mail.news b/magic/Magdir/mail.news
new file mode 100644
index 0000000..3ca3b40
--- /dev/null
+++ b/magic/Magdir/mail.news
@@ -0,0 +1,132 @@
+#------------------------------------------------------------------------------
+# $File: mail.news,v 1.30 2022/10/31 13:22:26 christos Exp $
+# mail.news: file(1) magic for mail and news
+#
+# Unfortunately, saved netnews also has From line added in some news software.
+#0 string From mail text
+0 string/t Relay-Version: old news text
+!:mime message/rfc822
+0 string/t #!\ rnews batched news text
+!:mime message/rfc822
+0 string/t N#!\ rnews mailed, batched news text
+!:mime message/rfc822
+0 string/t Forward\ to mail forwarding text
+!:mime message/rfc822
+0 string/t Pipe\ to mail piping text
+!:mime message/rfc822
+0 string/tc delivered-to: SMTP mail text
+!:mime message/rfc822
+0 string/tc return-path: SMTP mail text
+!:mime message/rfc822
+0 string/t Path: news text
+!:mime message/news
+0 string/t Xref: news text
+!:mime message/news
+0 string/t From: news or mail text
+!:mime message/rfc822
+0 string/t Date: news or mail text
+!:mime message/rfc822
+0 string/t Article saved news text
+!:mime message/news
+# Reference: http://quimby.gnus.org/notes/BABYL
+# Update: Joerg Jenderek
+# Note: used by Rmail in Emacs version 22 and before
+# is not text because of characters like Control-L Control-_
+0 string/b BABYL\ OPTIONS: Emacs RMAIL
+#0 string/t BABYL Emacs RMAIL text
+# https://reposcope.com/mimetype/message/x-gnu-rmail
+!:mime message/x-gnu-rmail
+# ~/RMAIL
+!:ext /
+0 string/t Received: RFC 822 mail text
+!:mime message/rfc822
+0 string/t MIME-Version: MIME entity text
+#0 string/t Content- MIME entity text
+
+# TNEF files...
+# URL: http://fileformats.archiveteam.org/wiki/Transport_Neutral_Encapsulation_Format
+# https://en.wikipedia.org/wiki/Transport_Neutral_Encapsulation_Format
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/t/tnef.trid.xml
+# https://interoperability.blob.core.windows.net/files/MS-OXTNEF/%5bMS-OXTNEF%5d-210817.pdf
+# Update: Joerg Jenderek
+# Note: moved and merged from ./msdos (version 1.154) there just called "TNEF"
+# partly verified by `tnef --list -v -f voice.tnef` and `ytnef -v triples.tnef`
+# TNEF magic From "Joomy" <joomy@se-ed.net>
+# TNEF_SIGNATURE
+0 lelong 0x223E9F78 Transport Neutral Encapsulation Format (TNEF)
+!:mime application/vnd.ms-tnef
+# winmail.dat or win.dat by Microsoft Outlook
+!:ext tnef/dat
+# https://docs.microsoft.com/en-us/openspecs/exchange_server_protocols/ms-oxtnef/7fdb64ee-7f63-4d95-9af1-c672e7475c3a
+# LegacyKey
+#>4 uleshort x \b, key %#4.4x
+# attrLevelMessage; Level where attribute applies like: 1~attrLevelMessage 2~attrLevelAttachment
+>6 ubyte !1 \b, 1st level %#2.2x
+# other ID (like 02900000h) or TnefVersion ID (idTnefVersion=06900800h)
+>7 ubelong !0x06900800 \b, 1st id %#8.8x
+>7 ubelong =0x06900800
+# TnefVersion length like: 4
+>>11 ulelong !4 \b, TnefVersion length %x
+# TNEFVersionData; TnefVersion data like: 00010000h
+>>15 ulelong !0x00010000h \b, version %#8.8x
+# Checksum like: 1
+>>19 uleshort !1 \b, checksum %#4.4x
+# attrLevelMessage; level of attOemCodepage like: 1
+>>21 ubyte !1 \b, level %#2.2x
+# idOEMCodePage; OEMCodePage ID like: 07900600h
+>>22 ubelong =0x07900600 \b, OEM codepage
+# OEMCodePage length like: 8
+>>>26 ulelong =8
+# OEMCodePageData; PrimaryCodePage like: 1251 1252
+>>>>30 ulelong x %u
+# OEMCodePageData; SecondaryCodePage; unused and SHOULD contain zero
+>>>>34 ulelong !0 and %u
+# OEMCodePageData Checksum like: E7h E8h
+>>>>38 uleshort x (checksum %#x)
+# attrLevelMessage of attMessageClass like: 1
+>>40 ubyte !1 \b, level %u
+# idMessageClass; ID of attMessageClass like: 08800700h
+>>41 ubelong =0x08800700 \b, MessageAttribute
+# attMessageClass length like: 16 24 25
+#>>>45 ulelong x (length %u)
+# attMessageClass data like: "IPM.Microsoft Mail.Note" "IPM.Note.Portada Newseum"
+# "IPM.Appointment" "IPM.Note.Microsoft.Voicemail.UM.CA"
+>>>45 pstring/l x "%s"
+
+# From: Kevin Sullivan <ksulliva@psc.edu>
+0 string *mbx* MBX mail folder
+
+# From: Simon Matter <simon.matter@invoca.ch>
+0 string \241\002\213\015skiplist\ file\0\0\0 Cyrus skiplist DB
+0 string \241\002\213\015twoskip\ file\0\0\0\0 Cyrus twoskip DB
+
+# JAM(mbp) Fidonet message area databases
+# JHR file
+0 string JAM\0 JAM message area header file
+>12 leshort >0 (%d messages)
+
+# Squish Fidonet message area databases
+# SQD file (requires at least one message in the area)
+# XXX: Weak magic
+#256 leshort 0xAFAE4453 Squish message area data file
+#>4 leshort >0 (%d messages)
+
+#0 string \<!--\ MHonArc text/html; x-type=mhonarc
+
+# Cyrus: file(1) magic for compiled Cyrus sieve scripts
+# URL: https://www.cyrusimap.org/docs/cyrus-imapd/2.4.6/internal/bytecode.php
+# URL: http://git.cyrusimap.org/cyrus-imapd/tree/sieve/bytecode.h?h=master
+# From: Philipp Hahn <hahn@univention.de>
+
+# Compiled Cyrus sieve script
+0 string CyrSBytecode Cyrus sieve bytecode data,
+>12 belong =1 version 1, big-endian
+>12 lelong =1 version 1, little-endian
+>12 belong x version %d, network-endian
+
+# Dovecot mail server, version 2.2 and later.
+# Dovecot mailing list: dovecot@dovecot.org
+# File format spec: https://wiki.dovecot.org/Design/Dcrypt/#File_format
+# From: Stephen Gildea
+0 string CRYPTED\003\007 Dovecot encrypted message
+>9 byte x \b, dcrypt version %d
diff --git a/magic/Magdir/make b/magic/Magdir/make
new file mode 100644
index 0000000..1abdf7a
--- /dev/null
+++ b/magic/Magdir/make
@@ -0,0 +1,21 @@
+#------------------------------------------------------------------------------
+# $File: make,v 1.5 2022/03/12 15:09:47 christos Exp $
+# make: file(1) magic for makefiles
+#
+# URL: https://en.wikipedia.org/wiki/Make_(software)
+0 regex/100l \^(CFLAGS|VPATH|LDFLAGS|all:|\\.PRECIOUS) makefile script text
+!:mime text/x-makefile
+!:strength -15
+# Update: Joerg Jenderek
+# Reference: https://www.freebsd.org/cgi/man.cgi?make(1)
+# exclude grub-core\lib\libgcrypt\mpi\Makefile.am with "#BEGIN_ASM_LIST"
+# by additional escaping point character
+# exclude MS Windows help file CoNtenT with ":include FOOBAR.CNT"
+# and NSIS script with "!include" by additional escaping point character
+0 regex/100l \^\\.(BEGIN|endif|include) BSD makefile script text
+!:mime text/x-makefile
+!:ext /mk
+!:strength -10
+0 regex/100l \^SUBDIRS[[:space:]]+= automake makefile script text
+!:mime text/x-makefile
+!:strength -15
diff --git a/magic/Magdir/map b/magic/Magdir/map
new file mode 100644
index 0000000..2d56df0
--- /dev/null
+++ b/magic/Magdir/map
@@ -0,0 +1,413 @@
+
+
+#------------------------------------------------------------------------------
+# $File: map,v 1.10 2023/02/03 20:41:57 christos Exp $
+# map: file(1) magic for Map data
+#
+
+# Garmin .FIT files https://pub.ks-and-ks.ne.jp/cycling/edge500_fit.shtml
+8 string .FIT FIT Map data
+>15 byte 0
+>>35 belong x \b, unit id %d
+>>39 lelong x \b, serial %u
+# https://pub.ks-and-ks.ne.jp/cycling/edge500_fit.shtml
+# 20 years after unix epoch
+# TZ=GMT date -d '1989-12-31 0:00' +%s
+>>43 leldate+631065600 x \b, %s
+
+>>47 leshort x \b, manufacturer %d
+>>47 leshort 1 \b (garmin)
+>>49 leshort x \b, product %d
+>>53 byte x \b, type %d
+>>53 byte 1 \b (Device)
+>>53 byte 2 \b (Settings)
+>>53 byte 3 \b (Sports/Cycling)
+>>53 byte 4 \b (Activity)
+>>53 byte 8 \b (Elevations)
+>>53 byte 10 \b (Totals)
+
+# Summary: Garmin map
+# From: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/Garmin_.img
+# Reference: https://wiki.openstreetmap.org/wiki/OSM_Map_On_Garmin/IMG_File_Format
+# sourceforge.net/projects/garmin-img/files/IMG%20File%20Format/1.0/imgformat-1.0.pdf
+# GRR: similar to MBR boot sector handled by ./filesystems
+0x1FE leshort =0xAA55
+# look for valid map signature
+>0x13 string =IMG\0
+>>0 use garmin-map
+0 name garmin-map
+>0 ubyte x Garmin
+!:mime application/x-garmin-map
+# If non-zero, every byte of the entire .img file is to be XORed with this value
+>0 ubyte !0 \b, %#x XORed
+# goto block before FAT
+>(0x40.b*512) ubyte x
+# 1st fat name "DLLINFO TXT" only found for vpm
+>>&512 string =DLLINFO\ TXT map (Voice Processing)
+# there exist 2 other Garmin VPM formats; see ./audio
+!:ext vpm
+# Deutsch__Yannick_D4481-00_0210.vpm
+#>>>512 search/0x0116da60/s RIFF \b; with
+# determine type voice type by ./riff
+#>>>>&0 indirect x \b
+>>&512 string !DLLINFO\ TXT map
+!:ext img
+# 9 zeros
+>1 ubelong !0 \b, zeroes %#x
+# Map's version major
+>8 ubyte x v%u
+# Map's version minor
+>9 ubyte x \b.%.2u
+# Map description[20], 0x20 padded
+>0x49 string x %.20s
+# Map name, continued (0x20 padded, \0 terminated)
+>0x65 string >\ \b%.31s
+# Update year (+1900 for val >= 0x63, +2000 for val <= 0x62)
+>0xB ubyte x \b, updated
+>>0xB ubyte >0x62
+>>>0xB ubyte-100 x 20%.2u
+>>0xB ubyte <0x63
+>>>0xB ubyte x 20%.2u
+# Update month (0-11)
+>0xA ubyte x \b-%.2u
+# All zeroes
+>0xc uleshort !0 \b, zeroes %#x
+# Mapsource flag, 1 - file created by Mapsource, 0 - Garmin map visible in Basecamp and Homeport
+#>0xE ubyte !0 \b, Mapsource flag %#x
+>0xE ubyte 1 \b, Mapsource
+# Checksum, sum of all bytes modulo 256 should be 0
+#>0xF ubyte x \b, Checksum %#x
+# Signature: DSKIMG 0x00 or DSDIMG 0x00 for demo map
+>0x10 string !DSKIMG \b, signature "%.7s"
+>0x39 use garmin-date
+# Map file identifier like GARMIN\0
+>0x41 string !GARMIN \b, id "%.7s"
+# Block size exponent, E1; appears to always be 0x09; minimum block size 512 bytes
+>0x61 ubyte !0x09 \b, E1=%u
+# Block size exponent, E2 ; file blocksize=2**(E1+E2)
+>>0x62 ubyte x \b, E2=%u
+>0x61 ubyte =0x09 \b, blocksize
+>>0x62 ubyte 0 512
+>>0x62 ubyte 1 1024
+>>0x62 ubyte 2 2048
+>>0x62 ubyte 3 4096
+>>0x62 ubyte 4 8192
+>>0x62 ubyte 5 16384
+>>0x62 default x
+>>>0x62 ubyte x E2=%u
+# MBR signature
+>0x1FE leshort !0xAA55 \b, invalid MBR
+# 512 zeros
+>0x200 uquad !0 \b, zeroes %#llx
+# First sub-file offset (absolute); sometimes NO/UNKNOWN sub file!
+>0x40C ulelong >0 \b, at %#x
+# sub-file Header length
+#>>(0x40C.l) uleshort x \b, header len %#x
+>>(0x40C.l) uleshort x %u bytes
+# sub-file Type[10] like "GARMIN RGN" "GARMIN TRE", "GARMIN TYP", etc.
+>>(0x40C.l+2) ubyte >0x1F
+>>>(0x40C.l+2) ubyte <0xFF
+>>>>(0x40C.l+2) string x "%.10s"
+# 0x00 for most maps, 0x80 for locked maps (City Nav, City Select, etc.)
+>>>>(0x40C.l+13) ubyte >0 \b, locked %#x
+# Block sequence numbers like 0000 0100 0200 ... FFFF
+# >0x420 ubequad >0 \b, seq. %#16.16llx
+# >>0x428 ubequad >0 \b%16.16llx
+# >>>0x430 ubequad >0 \b%16.16llx
+# >>>>0x438 ubequad >0 \b%16.16llx
+# >>>>>0x440 ubequad >0 \b%16.16llx
+# >>>>>>0x448 ubequad >0 \b%16.16llx
+# >>>>>>>0x450 ubequad >0 \b%16.16llx
+# >>>>>>>>0x458 ubequad >0 \b%16.16llx
+# >>>>>>>>>0x460 ubequad >0 \b%16.16llx
+# >>>>>>>>>>0x468 ubequad >0 \b%16.16llx
+# >>>>>>>>>>>0x470 ubequad >0 \b%16.16llx
+# >>>>>>>>>>>>0x478 ubequad >0 \b%16.16llx
+# >>>>>>>>>>>>>0x480 ubequad >0 \b%16.16llx
+# >>>>>>>>>>>>>>0x488 ubequad >0 \b%16.16llx
+# >>>>>>>>>>>>>>>0x490 ubequad >0 \b%16.16llx
+# >>>>>>>>>>>>>>>>0x498 ubequad >0 \b%16.16llx
+# >>>>>>>>>>>>>>>>>0x4A0 ubequad >0 \b%16.16llx
+# >>>>>>>>>>>>>>>>>>0x4A8 ubequad >0 \b%16.16llx
+# look for end of FAT
+#>>0x420 search/512/s \xff\xff FAT END
+# Physical block number of FAT header
+#>0x40 ubyte x \b, FAT at phy. block %u
+>0x40 ubyte x
+>>(0x40.b*512) ubyte x
+# 1st FAT block
+>>>&511 use garmin-fat
+# 2nd FAT block
+>>>&1023 use garmin-fat
+# 3th FAT block
+>>>&1535 use garmin-fat
+# 4th FAT block
+>>>&2047 use garmin-fat
+# ... xth FAT block
+#
+# 314 zeros but not in vpm and also gmaptz.img
+>0x84 uquad !0 \b, at 0x84 %#llx
+# display FileAllocationTable block entry in garmin map
+0 name garmin-fat
+>0 ubyte x \b;
+# sub file part; 0x0003 seems to be garbage
+>0x10 uleshort !0 next %#4.4x
+>0x10 uleshort =0
+# fat flag 0~dummy block 1~true sub file
+>>0 ubyte !1 flag %u
+>>0 ubyte =1
+# sub-file name like MAKEGMAP 12345678
+>>>0x1 string x %.8s
+# sub-file typ like RGN TRE MDR LBL
+>>>0x9 string x \b.%.3s
+# size of sub file
+>>>0xC ulelong x \b, %u bytes
+# 32-bit block sequence numbers
+#>>>0x20 ubequad x \b, seq. %#16.16llx
+
+# display date stored inside Garmin maps like yyyy-mm-dd h:mm:ss
+0 name garmin-date
+# year like 2018
+>0 uleshort x \b, created %u
+# month (0-11)
+>2 ubyte x \b-%.2u
+# day (1-31)
+>3 ubyte x \b-%.2u
+# hour (0-23)
+>4 ubyte x %u
+# minute (0-59)
+>5 ubyte x \b:%.2u
+# second (0-59)
+>6 ubyte x \b:%.2u
+
+# Summary: Garmin Map subfiles
+# From: Joerg Jenderek
+# URL: https://wiki.openstreetmap.org/wiki/OSM_Map_On_Garmin/IMG_File_Format
+# Garmin Common Header
+2 string GARMIN\
+# skip ASCII text by checking for low header length
+>0 uleshort <0x1000 Garmin map,
+# URL: https://wiki.openstreetmap.org/wiki/OSM_Map_On_Garmin/GMP_Subfile_Format
+>>9 string GMP subtile
+!:mime application/x-garmin-gpm
+!:ext gmp
+# copyright message
+>>>(0.s) string x %s
+>>>0x0E use garmin-date
+# URL: https://wiki.openstreetmap.org/wiki/OSM_Map_On_Garmin/MDR_Subfile_Format
+# This contains the searchable address table used for finding routing destinations
+>>9 string MDR address table
+!:mime application/x-garmin-mdr
+!:ext mdr
+# URL: https://wiki.openstreetmap.org/wiki/OSM_Map_On_Garmin/NOD_Subfile_Format
+# http://svn.parabola.me.uk/display/trunk/doc/nod.txt
+# This contains the routing information
+>>9 string NOD routing
+!:mime application/x-garmin-nod
+!:ext nod
+>>>0x0E use garmin-date
+#>>>0x15 ulelong x \b, at %#x
+#>>>0x19 ulelong x %#x bytes NOD1
+#>>>0x25 ulelong x \b, at %#x
+#>>>0x29 ulelong x %#x bytes NOD2
+#>>>0x31 ulelong x \b, at %#x
+#>>>0x35 ulelong x %#x bytes NOD3
+# URL: http://www.pinns.co.uk/osm/net.html
+# routable highways (length, direction, allowed speed,house address information)
+>>9 string NET highways
+!:mime application/x-garmin-net
+!:ext net
+#>>>0x15 ulelong x \b, at %#x
+#>>>0x19 ulelong x %#x bytes NET1
+#>>>0x22 ulelong >0
+#>>>>0x1E ulelong x \b, at %#x
+#>>>>0x22 ulelong x %#x bytes NET2
+#>>>0x2B ulelong >0
+#>>>>0x27 ulelong x \b, at %#x
+#>>>>0x2B ulelong x %#x bytes NET3
+# URL: https://wiki.openstreetmap.org/wiki/OSM_Map_On_Garmin/LBL_Subfile_Format
+>>9 string LBL labels
+!:mime application/x-garmin-lbl
+!:ext lbl
+>>>(0.s) string x %s
+# Label coding type 6h 9h and ah
+>>>0x1E ubyte x \b, coding type %#x
+#>>>0x15 ulelong x \b, at %#x
+#>>>0x19 ulelong x %#x bytes LBL1
+#>>>0x1F ulelong x \b, at %#x
+#>>>0x23 ulelong x %#x bytes LBL2
+#>>>0x2D ulelong x \b, at %#x
+#>>>0x31 ulelong x %#x bytes LBL3
+# URL: https://wiki.openstreetmap.org/wiki/OSM_Map_On_Garmin/SRT_Subfile_Format
+# A lookup table of the chars in the map's codepage, and their collating sequence
+>>9 string SRT sort table
+!:mime application/x-garmin-srt
+!:ext srt
+>>>0x0E use garmin-date
+# URL: https://wiki.openstreetmap.org/wiki/OSM_Map_On_Garmin/TRE_Subfile_Format
+>>9 string TRE tree
+!:mime application/x-garmin-tre
+!:ext tre
+# title like City Nav Europe NTU 2019.2 Basemap
+# or OSM Street map
+>>>(0.s) string x %s
+# 2nd title like Copyright 1995-2018 by GARMIN Corporation.
+# or http://www.openstreetmap.org/
+>>>>&1 string x %s
+>>>0x0E use garmin-date
+#>>>0x21 ulelong x \b, at %#x
+#>>>0x25 ulelong x %#x bytes TRE1
+#>>>0x29 ulelong x \b, at %#x
+#>>>0x2D ulelong x %#x bytes TRE2
+#>>>0x31 ulelong x \b, at %#x
+#>>>0x35 ulelong x %#x bytes TRE3
+# Copyright record size
+#>>>0x39 uleshort x \b, copyright record size %u
+# Map ID
+>>>0x74 ulelong x \b, ID %#x
+# URL: https://www.gpspower.net/garmin-tutorials/353310-basecamp-installing-free-desktop-map.html
+# For road traffic information service (RDS/TMS/TMC). Commonly seen in City Navigator maps
+>>9 string TRF traffic,
+!:mime application/x-garmin-trf
+!:ext trf
+# city/region like Preitenegg
+>>>(0.s+1) string x 1st %s
+# highway part like L606/L148
+>>>>&1 string x %s
+# URL: https://wiki.openstreetmap.org/wiki/OSM_Map_On_Garmin/Format
+# Reference: http://www.pinns.co.uk/osm/typformat.html
+# customize the appearance of objects. For GPS and MapSource/Qlandkarte better looking maps
+>>9 string TYP types
+!:mime application/x-garmin-typ
+!:ext typ
+>>>0x0E use garmin-date
+# character set 1252 65001~UTF8
+>>>0x15 uleshort x \b, code page %u
+# POIs
+#>>>0x17 ulelong x \b, at %#x
+#>>>0x1B ulelong x %#x bytes TYP1
+# extra pois
+#>>>0x5B ulelong x \b, at %#x
+#>>>0x5F ulelong x %#x bytes TYP8
+# URL: https://wiki.openstreetmap.org/wiki/OSM_Map_On_Garmin/RGN_Subfile_Format
+# http://www.pinns.co.uk/osm/RGN.html
+# region data used by the Garmin software
+>>9 string RGN region
+!:mime application/x-garmin-rgn
+!:ext rgn
+# POIs,Indexed POIs,Polylines or Polygons or first map level
+#>>>0x15 ulelong x \b, at %#x
+#>>>0x19 ulelong x %#x bytes RGN1
+# polygons with extended types
+#>>>0x21 ulelong >0
+#>>>>0x1D ulelong x \b, at %#x
+#>>>>0x21 ulelong x %#x bytes RGN2
+# polylines with extended types
+#>>>0x3D ulelong >0
+#>>>>0x39 ulelong x \b, at %#x
+#>>>>0x3D ulelong x %#x bytes RGN3
+# extended POIs
+#>>>0x59 ulelong >0
+#>>>>0x55 ulelong x \b, at %#x
+#>>>>0x59 ulelong x %#x bytes RGN3
+#>>9 default x unknown map type
+# Header length; GMP:31h 35h 3Dh,MDR:11Eh 238h 2C4h 310h,NOD:3Fh 7Fh,NET:64h,
+# LBL:2A9h,SRT:1Dh 25h 27h,TRE:CFh 135h,TRF:5Ah,TYP:5Bh 6Eh 7Ch AEh,RGN:7Dh
+>>0 uleshort x \b, header length %#x
+
+# URL: https://www.memotech.franken.de/FileFormats/
+# Reference: https://www.memotech.franken.de/FileFormats/Garmin_RGN_Format.pdf
+# From: Joerg Jenderek
+0 string KpGr Garmin update
+# format version like: 0064h~1.0
+>0x4 uleshort !0x0064
+>>4 uleshort/100 x \b, version %u
+>>4 uleshort%100 x \b.%u
+# 1st Garmin entry
+>6 use garmin-entry
+# 2nd Garmin entry
+>(0x6.l+10) ubyte x
+>>&0 use garmin-entry
+# 3rd entry
+>(0x6.l+10) ubyte x
+>>&(&0.l+4) ubyte x
+>>>&0 use garmin-entry
+# look again at version to use default clause
+>0x4 uleshort x
+# test for region content by looking for
+# Garmin *.srf by ./images with normal builder name "SQA" or longer "hales"
+# 1 space after equal sign
+>>0x3a search/5/s GARMIN\ BITMAP \b=
+!:mime image/x-garmin-exe
+!:ext exe
+>>>&0 indirect x
+# if not bitmap *.srf then region; 1 space after equal sign
+>>0x3a default x \b=
+!:mime application/x-garmin-rgn
+!:ext rgn
+# recursiv embedded
+>>>0x3a search/5/s KpGrd
+>>>>&0 indirect x
+# look for ZIP or JAR archive by ./archive and ./zip
+>>>0x3a search/5/s PK\003\004
+>>>>&0 indirect x
+# TODO: other garmin RGN record content like foo
+#>>0x3a search/5/s bar BAR
+# display information of Garmin RGN record
+0 name garmin-entry
+# record length: 2 for Data, for Application often 1Bh sometimes 1Dh, "big" for Region
+#>0 ulelong x \b, length %#x
+# data record (ID='D') with version content like 0064h~1.0
+>4 ubyte =0x44
+>>5 uleshort !0x0064 \b; Data
+>>>5 uleshort/100 x \b, version %u
+>>>5 uleshort%100 x \b.%u
+# Application Record (ID='A')
+>4 ubyte =0x41 \b; App
+# version content like 00c8h~2.0
+>>5 uleshort !0x00C8
+>>>5 uleshort/100 x \b, version %u
+>>>5 uleshort%100 x \b.%u
+# builder name like: SQA sqa build hales
+>>7 string x \b, build by %s
+# build date like: Oct 25 1999, Oct 1 2008, Feb 23 2009, Dec 15 2009
+>>>&1 string x %s
+# build time like: 11:26:12, 11:45:54, 14:16:13, 18:23:01
+>>>>&1 string x %s
+# region record (ID='R')
+>4 ubyte =0x52 \b; Region
+# region ID:14~fw_all.bin: 78~ZIP, RGN or SRF bitmap; 148~ZIP or JAR; 249~display firmware; 251~WiFi or GCD firmware; 255~ZIP
+>>5 uleshort x ID=%u
+# delay in ms: like 0, 500
+>>7 ulelong !0 \b, %u ms
+# region size (is record length - 10)
+#>>11 ulelong x \b, length %#x
+# region content like:
+# "KpGr"~recursiv embedded,"GARMIN BITMAP"~Garmin Bitmap *.srf, "PK"~ZIP archive
+#>>15 string x \b, content "%s"
+>>15 ubequad x \b, content %#llx...
+# This does NOT WORK!
+#>>15 indirect x \b; contains
+>4 default x \b; other
+# garmin Record ID Identifies the record content like: D A R
+>>4 ubyte x ID '%c'
+
+# TOM TOM GPS watches ttbin files:
+# https://github.com/ryanbinns/ttwatch/tree/master/ttbin
+# From: Daniel Lenski
+0 byte 0x20
+>1 leshort 0x0007
+>>0x76 byte 0x20
+>>>0x77 leshort 0x0075 TomTom activity file, v7
+>>>>8 leldate x (%s,
+>>>>3 byte x device firmware %d.
+>>>>4 byte x \b%d.
+>>>>5 byte x \b%d,
+>>>>6 leshort x product ID %04d)
+
+# Garmin firmware:
+# https://www.memotech.franken.de/FileFormats/Garmin_GCD_Format.pdf
+# https://www.gpsrchive.com/GPSMAP/GPSMAP%2066sr/Firmware.html
+0 string GARMIN
+>6 uleshort 100 GARMIN firmware (version 1.0)
diff --git a/magic/Magdir/maple b/magic/Magdir/maple
new file mode 100644
index 0000000..80cf9f2
--- /dev/null
+++ b/magic/Magdir/maple
@@ -0,0 +1,109 @@
+
+#------------------------------------------------------------------------------
+# $File: maple,v 1.10 2021/08/30 13:31:25 christos Exp $
+# maple: file(1) magic for maple files
+# "H. Nanosecond" <aldomel@ix.netcom.com>
+# Maple V release 4, a multi-purpose math program
+#
+
+# maple library .lib
+# URL: https://en.wikipedia.org/wiki/Maple_(software)
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/l/lib-maple-v-r4.trid.xml
+# Update: Joerg Jenderek
+0 string \000MVR4\nI Maple Vr4 library
+#!:mime application/octet-stream
+!:mime application/x-maple-lib
+!:ext lib
+
+# URL: https://en.wikipedia.org/wiki/Maple_(software)
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/l/lib-maple-v-r5.trid.xml
+# From: Joerg Jenderek
+0 string \000MVR5\n Maple Vr5 library
+#!:mime application/octet-stream
+!:mime application/x-maple-lib
+!:ext lib
+
+# From: Joerg Jenderek
+0x400 string M7R0\nI Maple Vr7 library
+#!:mime application/octet-stream
+!:mime application/x-maple-lib
+!:ext lib
+# null terminated library name like: C:\Maple12/Cliffordlib\maple.lib ../Maplets/Tutors.lib
+>5 string x %s
+# probably library name padding with nil or points (0x2E)
+#>0xF8 uquad x \b, PADDING 0x%16.16llx
+# null terminated strings like: Exterior Clifford FunctionArithmetics
+# like: 1 20 40
+>0x115 ulelong x \b, %u string
+# plural s
+>0x115 ulelong >1 \bs
+>0x119 string x 1st '%s'
+# probably second name section padding with nil or points (0x2E)
+#>0x3F0 uquad x \b, 2nd PADDING 0x%16.16llx
+# line feed separated ASCII string with maximal 79 length
+#>0x407 string x \b, section "%s"
+>0x454 ubyte !0x0a \b, at 0x454 0x%x
+
+# .ind
+# no magic for these :-(
+# they are compiled indexes for maple files
+
+# .hdb
+# Update: Joerg Jenderek
+# URL: https://www.maplesoft.com/support/help/maple/view.aspx?path=Formats/HDB
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/h/hdb-maple.trid.xml
+# Note: This format was replaced in Maple 18 by the Maple Help format (*.help)
+0 string \000\004\000\000
+# skip xBASE Compound Index file *.CDX by looking for version
+>1028 string version Maple help database
+# length of string version
+#>>1024 ulelong !7 \b, at 0x400 unexpected %u
+#!:mime application/octet-stream
+!:mime application/x-maple-hdb
+!:ext hdb
+>1028 default x
+# skip more xBASE Compound Index file *.CDX by looking for keyword Maple
+# like hsum.hdb
+>>4 search/0xCC41 Maple Maple help database
+!:mime application/x-maple-hdb
+!:ext hdb
+
+# .mhp
+# this has the form <PACKAGE=name>
+0 string \<PACKAGE= Maple help file
+0 string \<HELP\ NAME= Maple help file
+0 string \n\<HELP\ NAME= Maple help file with extra carriage return at start (yuck)
+#0 string #\ Newton Maple help file, old style
+0 string #\ daub Maple help file, old style
+#0 string #=========== Maple help file, old style
+
+# .mws
+0 string \000\000\001\044\000\221 Maple worksheet
+#this is anomalous
+0 string WriteNow\000\002\000\001\000\000\000\000\100\000\000\000\000\000 Maple worksheet, but weird
+# this has the form {VERSION 2 3 "IBM INTEL NT" "2.3" }\n
+# that is {VERSION major_version miunor_version computer_type version_string}
+0 string {VERSION\ Maple worksheet
+>9 string >\0 version %.1s.
+>>11 string >\0 %.1s
+
+# .mps
+0 string \0\0\001$ Maple something
+# from byte 4 it is either 'nul E' or 'soh R'
+# I think 'nul E' means a file that was saved as a different name
+# a sort of revision marking
+# 'soh R' means new
+>4 string \000\105 An old revision
+>4 string \001\122 The latest save
+
+# .mpl
+# some of these are the same as .mps above
+#0000000 000 000 001 044 000 105 same as .mps
+#0000000 000 000 001 044 001 122 same as .mps
+
+0 string #\n##\ <SHAREFILE= Maple something
+0 string \n#\n##\ <SHAREFILE= Maple something
+0 string ##\ <SHAREFILE= Maple something
+0 string #\r##\ <SHAREFILE= Maple something
+0 string \r#\r##\ <SHAREFILE= Maple something
+0 string #\ \r##\ <DESCRIBE> Maple something anomalous.
diff --git a/magic/Magdir/marc21 b/magic/Magdir/marc21
new file mode 100644
index 0000000..bb4998e
--- /dev/null
+++ b/magic/Magdir/marc21
@@ -0,0 +1,30 @@
+#--------------------------------------------
+# marc21: file(1) magic for MARC 21 Format
+#
+# Kevin Ford (kefo@loc.gov)
+#
+# MARC21 formats are for the representation and communication
+# of bibliographic and related information in machine-readable
+# form. For more info, see https://www.loc.gov/marc/
+
+
+# leader position 20-21 must be 45
+# and 22-23 also 00 so far, but we check that later.
+20 string 45
+>0 search/2048 \x1e
+
+# leader starts with 5 digits, followed by codes specific to MARC format
+>>0 regex/1l (^[0-9]{5})[acdnp][^bhlnqsu-z] MARC21 Bibliographic
+!:mime application/marc
+>>0 regex/1l (^[0-9]{5})[acdnosx][z] MARC21 Authority
+!:mime application/marc
+>>0 regex/1l (^[0-9]{5})[cdn][uvxy] MARC21 Holdings
+!:mime application/marc
+>>0 regex/1l (^[0-9]{5})[acdn][w] MARC21 Classification
+!:mime application/marc
+>>0 regex/1l (^[0-9]{5})[cdn][q] MARC21 Community
+!:mime application/marc
+
+# leader position 22-23, should be "00" but is it?
+>>0 regex/1l (^.{21})([^0]{2}) (non-conforming)
+!:mime application/marc
diff --git a/magic/Magdir/mathcad b/magic/Magdir/mathcad
new file mode 100644
index 0000000..b186641
--- /dev/null
+++ b/magic/Magdir/mathcad
@@ -0,0 +1,8 @@
+
+#------------------------------------------------------------------------------
+# $File: mathcad,v 1.5 2009/09/19 16:28:10 christos Exp $
+# mathcad: file(1) magic for Mathcad documents
+# URL: http://www.mathsoft.com/
+# From: Josh Triplett <josh@freedesktop.org>
+
+0 string .MCAD\t Mathcad document
diff --git a/magic/Magdir/mathematica b/magic/Magdir/mathematica
new file mode 100644
index 0000000..dda71e8
--- /dev/null
+++ b/magic/Magdir/mathematica
@@ -0,0 +1,192 @@
+
+#------------------------------------------------------------------------------
+# $File: mathematica,v 1.17 2023/06/16 19:33:58 christos Exp $
+# mathematica: file(1) magic for mathematica files
+# "H. Nanosecond" <aldomel@ix.netcom.com>
+# Mathematica a multi-purpose math program
+# versions 2.2 and 3.0
+
+0 name wolfram
+>0 string x Mathematica notebook version 2.x
+!:ext mb
+!:mime application/vnd.wolfram.mathematica
+
+#mathematica .mb
+0 string \064\024\012\000\035\000\000\000
+>0 use wolfram
+0 string \064\024\011\000\035\000\000\000
+>0 use wolfram
+
+#
+0 search/1000 Content-type:\040application/mathematica Mathematica notebook version 2.x
+!:ext nb
+!:mime application/mathematica
+
+
+# .ma
+# multiple possibilities:
+
+0 string (*^\n\n::[\011frontEndVersion\ =
+#>41 string >\0 %s
+>0 use wolfram
+
+#0 string (*^\n\n::[\011palette
+
+#0 string (*^\n\n::[\011Information
+#>675 string >\0 %s #doesn't work well
+
+# there may be 'cr' instead of 'nl' in some does this matter?
+
+# generic:
+0 string (*^\r\r::[\011
+>0 use wolfram
+0 string (*^\r\n\r\n::[\011
+>0 use wolfram
+0 string (*^\015
+>0 use wolfram
+0 string (*^\n\r\n\r::[\011
+>0 use wolfram
+0 string (*^\r::[\011
+>0 use wolfram
+0 string (*^\r\n::[\011
+>0 use wolfram
+0 string (*^\n\n::[\011
+>0 use wolfram
+0 string (*^\n::[\011
+>0 use wolfram
+
+
+# Mathematica .mx files
+
+#0 string (*This\ is\ a\ Mathematica\ binary\ dump\ file.\ It\ can\ be\ loaded\ with\ Get.*) Mathematica binary file
+0 string (*This\ is\ a\ Mathematica\ binary\ Mathematica binary file
+#>71 string \000\010\010\010\010\000\000\000\000\000\000\010\100\010\000\000\000
+# >71... is optional
+>88 string >\0 from %s
+
+
+# Mathematica files PBF:
+# 115 115 101 120 102 106 000 001 000 000 000 203 000 001 000
+0 string MMAPBF\000\001\000\000\000\203\000\001\000 Mathematica PBF (fonts I think)
+
+# .ml files These are menu resources I think
+# these start with "[0-9][0-9][0-9]\ A~[0-9][0-9][0-9]\
+# how to put that into a magic rule?
+4 string \ A~ MAthematica .ml file
+
+# .nb files
+#too long 0 string (***********************************************************************\n\n\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ Mathematica-Compatible Notebook Mathematica 3.0 notebook
+0 string (*********************** Mathematica 3.0 notebook
+
+# other (* matches it is a comment start in these langs
+# GRR: Too weak; also matches other languages e.g. ML
+#0 string (* Mathematica, or Pascal, Modula-2 or 3 code text
+
+#########################
+# MatLab v5
+# URL: http://fileformats.archiveteam.org/wiki/MAT
+# Reference: https://www.mathworks.com/help/pdf_doc/matlab/matfile_format.pdf
+# first 116 bytes of header contain text in human-readable form
+0 string MATLAB Matlab v
+#>11 string/T x \b, at 11 "%.105s"
+#!:mime application/octet-stream
+!:mime application/x-matlab-data
+!:ext mat
+# https://de.mathworks.com/help/matlab/import_export/mat-file-versions.html
+# level of the MAT-file like: 5.0 7.0 or maybe 7.3
+#>7 string x LEVEL "%.3s"
+>7 ubyte =0x35 \b5 mat-file
+>7 ubyte !0x35
+>>7 string x \b%.3s mat-file
+>126 short 0x494d (big endian)
+>>124 beshort x version %#04x
+>126 short 0x4d49 (little endian)
+# 0x0100 for level 5.0 and 0x0200 for level 7.0
+>>124 leshort x version %#04x
+# test again so that default clause works
+>126 short x
+# created by MATLAB include Platform sometimes without leading comma (0x2C) or missing
+# like: GLNX86 PCWIN PCWIN64 SOL2 Windows\0407 nt posix
+>>20 search/2 Platform:\040 \b, platform
+>>>&0 string x %-0.2s
+>>>&2 ubyte !0x2C \b%c
+>>>>&0 ubyte !0x2C \b%c
+>>>>>&0 ubyte !0x2C \b%c
+>>>>>>&0 ubyte !0x2C \b%c
+>>>>>>>&0 ubyte !0x2C \b%c
+>>>>>>>>&0 ubyte !0x2C \b%c
+>>>>>>>>>&0 ubyte !0x2C \b%c
+# examples without Platform tag like one_by_zero_char.mat
+>>20 default x
+>>>11 string x "%s"
+# created by MATLAB include time like: Fri Feb 20 15:26:59 2009
+>34 search/9/c created\040on:\040 \b, created
+>>&0 string x %-.24s
+# MatLab v4
+# From: Joerg Jenderek
+# check for valid imaginary flag of Matlab matrix version 4
+13 ushort 0
+# check for valid ASCII matrix name
+>20 ubyte >0x1F
+# skip PreviousEntries.dat with "invalid high" name \304P\344@\001
+>>20 ubyte <0304
+# skip some Netwfw*.dat and $I3KREPH.dat by checking for non zero number of rows
+>>>4 ulong !0
+# skip some CD-ROM filesystem like test-hfs.iso by looking for valid big endian type flag
+>>>>0 ubelong&0xFFffFF00 0x00000300
+>>>>>0 use matlab4
+# no example for 8-bit and 16-bit integers matrix
+>>>>0 ubelong&0xFFffFF00 0x00000400
+>>>>>0 use matlab4
+# branch for Little-Endian variant of Matlab MATrix version 4
+# skip big endian variant by looking for valid low lttle endian type flag
+>>>>0 ulelong <53
+# skip tokens.dat and some Netwfw*.dat by check for valid imaginary flag value of MAT version 4
+>>>>>12 ulelong <2
+# no misidentified little endian MATrix example with "short" matrix name
+>>>>>>16 ulelong <3
+# skip radeon firmware BONAIRE_sdma.bin HAWAII_sdma.bin KABINI_sdma.bin KAVERI_sdma.bin MULLINS_sdma.bin
+# by check for non zero matrix name length
+>>>>>>>16 ubelong >0
+>>>>>>>>0 use \^matlab4
+# little endian MATrix with "long" matrix name or some misidentified samples
+>>>>>>16 ulelong >2
+# skip TileCacheLogo-*.dat with invalid 2nd character \001 of matrix name with length 96
+>>>>>>>21 ubyte >0x1F
+>>>>>>>>0 use \^matlab4
+# Note: called "MATLAB Mat File" with version "Level 4" by DROID via PUID fmt/1550
+# display information of Matlab v4 mat-file
+0 name matlab4 Matlab v4 mat-file
+#!:mime application/octet-stream
+!:mime application/x-matlab-data
+!:ext mat
+# 20-byte header with 5 long integers that contains information describing certain attributes of the Matrix
+# type flag decimal MOPT; maximal 4052=FD4h; maximal 52=34h for little endian
+#>0 ubelong x \b, type flag %u
+#>0 ubelong x (%#x)
+# M: 0~little endian 1~Big Endian 2~VAX D-float 3~VAX G-float 4~Cray
+#>0 ubelong/1000 x \b, M=%u
+>0 ubelong/1000 0 (little endian)
+>0 ubelong/1000 1 (big endian)
+>0 ubelong/1000 2 (VAX D-float)
+>0 ubelong/1000 3 (VAX G-float)
+>0 ubelong/1000 4 (Cray)
+# namlen; the length of the matrix name
+#>16 ubelong x \b, name length %u
+#>(16.L+19) ubyte x \b, TERMINATING NAME CHARACTER=%#x
+# nul terminated matrix name like: fit_params testmatrix testsparsecomplex teststringarray
+#>20 string x \b, MATRIX NAME="%s"
+#>21 ubyte x \b, MAYBE 2ND CHAR=%c
+>16 pstring/L x %s
+# T indicates the matrix type: 0~numeric 1~text 2~sparse
+#>0 ubelong%10 x \b, T=%u
+>0 ubelong%10 0 \b, numeric
+>0 ubelong%10 1 \b, text
+>0 ubelong%10 2 \b, sparse
+# mrows; number of rows in the matrix like: 1 3 8
+>4 ubelong x \b, rows %u
+# ncols; number of columns in the matrix like: 1 3 4 5 9 43
+>8 ubelong x \b, columns %u
+# imagf; imaginary flag; 1~matrix has an imaginary part 0~only real data
+>12 ubelong !0 \b, imaginary (%u)
+# real; Real part of the matrix consists of mrows * ncols numbers
diff --git a/magic/Magdir/matroska b/magic/Magdir/matroska
new file mode 100644
index 0000000..271af55
--- /dev/null
+++ b/magic/Magdir/matroska
@@ -0,0 +1,17 @@
+
+#------------------------------------------------------------------------------
+# $File: matroska,v 1.9 2019/04/19 00:42:27 christos Exp $
+# matroska: file(1) magic for Matroska files
+#
+# See https://www.matroska.org/
+#
+
+# EBML id:
+0 belong 0x1a45dfa3
+# DocType id:
+>4 search/4096 \x42\x82
+# DocType contents:
+>>&1 string webm WebM
+!:mime video/webm
+>>&1 string matroska Matroska data
+!:mime video/x-matroska
diff --git a/magic/Magdir/mcrypt b/magic/Magdir/mcrypt
new file mode 100644
index 0000000..f2edd08
--- /dev/null
+++ b/magic/Magdir/mcrypt
@@ -0,0 +1,52 @@
+
+#------------------------------------------------------------------------------
+# $File: mcrypt,v 1.6 2022/02/08 18:51:45 christos Exp $
+# Mavroyanopoulos Nikos <nmav@hellug.gr>
+# mcrypt: file(1) magic for mcrypt 2.2.x;
+# URL: https://en.wikipedia.org/wiki/Mcrypt
+# http://fileformats.archiveteam.org/wiki/MCrypt
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/n/nc-mcrypt.trid.xml
+# Update: Joerg Jenderek
+# Note: called by TrID "mcrypt encrypted (v2.5)"
+0 string \0m\3 mcrypt 2.5 encrypted data,
+#!:mime application/octet-stream
+!:mime application/x-crypt-nc
+!:ext nc
+>4 string >\0 algorithm: %s,
+>>&1 leshort >0 keysize: %d bytes,
+>>>&0 string >\0 mode: %s,
+
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/n/nc-mcrypt-22.trid.xml
+# Note: called by TrID "mcrypt encrypted (v2.2)"
+0 string \0m\2 mcrypt 2.2 encrypted data,
+#!:mime application/octet-stream
+!:mime application/x-crypt-nc
+# no example
+!:ext nc
+>3 byte 0 algorithm: blowfish-448,
+>3 byte 1 algorithm: DES,
+>3 byte 2 algorithm: 3DES,
+>3 byte 3 algorithm: 3-WAY,
+>3 byte 4 algorithm: GOST,
+>3 byte 6 algorithm: SAFER-SK64,
+>3 byte 7 algorithm: SAFER-SK128,
+>3 byte 8 algorithm: CAST-128,
+>3 byte 9 algorithm: xTEA,
+>3 byte 10 algorithm: TWOFISH-128,
+>3 byte 11 algorithm: RC2,
+>3 byte 12 algorithm: TWOFISH-192,
+>3 byte 13 algorithm: TWOFISH-256,
+>3 byte 14 algorithm: blowfish-128,
+>3 byte 15 algorithm: blowfish-192,
+>3 byte 16 algorithm: blowfish-256,
+>3 byte 100 algorithm: RC6,
+>3 byte 101 algorithm: IDEA,
+>4 byte 0 mode: CBC,
+>4 byte 1 mode: ECB,
+>4 byte 2 mode: CFB,
+>4 byte 3 mode: OFB,
+>4 byte 4 mode: nOFB,
+>5 byte 0 keymode: 8bit
+>5 byte 1 keymode: 4bit
+>5 byte 2 keymode: SHA-1 hash
+>5 byte 3 keymode: MD5 hash
diff --git a/magic/Magdir/measure b/magic/Magdir/measure
new file mode 100644
index 0000000..42e7186
--- /dev/null
+++ b/magic/Magdir/measure
@@ -0,0 +1,44 @@
+
+#------------------------------------------------------------------------------
+# $File: measure,v 1.3 2021/03/25 17:30:10 christos Exp $
+# measure: file(1) magic for measurement data
+
+# DIY-Thermocam raw data
+0 name diy-thermocam-parser
+>0 beshort x scale %d-
+>2 beshort x \b%d,
+>4 lefloat x spot sensor temperature %f,
+>9 ubyte 0 unit celsius,
+>9 ubyte 1 unit fahrenheit,
+>8 ubyte x color scheme %d
+>10 ubyte 1 \b, show spot sensor
+>11 ubyte 1 \b, show scale bar
+>12 ubyte &1 \b, minimum point enabled
+>12 ubyte &2 \b, maximum point enabled
+>13 lefloat x \b, calibration: offset %f,
+>17 lefloat x slope %f
+
+0 name diy-thermocam-checker
+>9 ubyte <2
+>>10 ubyte <2
+>>>11 ubyte <2
+>>>>12 ubyte <4
+>>>>>17 lefloat >0.0001 DIY-Thermocam raw data
+
+# V2 and Leption 3.x:
+38408 ubyte <19
+>38400 use diy-thermocam-checker
+>>38400 default x (Lepton 3.x),
+>>>38400 use diy-thermocam-parser
+
+# V1 or Lepton 2.x
+9608 ubyte <19
+>9600 use diy-thermocam-checker
+>>9600 default x (Lepton 2.x),
+>>>9600 use diy-thermocam-parser
+
+# Becker & Hickl Photon Counting (PMS) data file
+# format documentation: https://www.becker-hickl.com/wp-content/uploads/2018/11/opm-pms400-v01.pdf (page 57)
+(0x02.l) string *IDENTIFICATION Becker & Hickl PMS Data File
+>0x12 short x (%d data blocks)
+!:ext sdt
diff --git a/magic/Magdir/mercurial b/magic/Magdir/mercurial
new file mode 100644
index 0000000..b8f3cdd
--- /dev/null
+++ b/magic/Magdir/mercurial
@@ -0,0 +1,13 @@
+
+#------------------------------------------------------------------------------
+# $File: mercurial,v 1.5 2019/04/19 00:42:27 christos Exp $
+# mercurial: file(1) magic for Mercurial changeset bundles
+# https://www.selenic.com/mercurial/wiki/
+#
+# Jesse Glick (jesse.glick@sun.com)
+#
+
+0 string HG10 Mercurial changeset bundle
+>4 string UN (uncompressed)
+>4 string GZ (gzip compressed)
+>4 string BZ (bzip2 compressed)
diff --git a/magic/Magdir/metastore b/magic/Magdir/metastore
new file mode 100644
index 0000000..e64e704
--- /dev/null
+++ b/magic/Magdir/metastore
@@ -0,0 +1,8 @@
+
+#------------------------------------------------------------------------------
+# $File: metastore,v 1.3 2019/04/19 00:42:27 christos Exp $
+# metastore: file(1) magic for metastore files
+# From: Thomas Wissen
+# see https://david.hardeman.nu/software.php#metastore
+0 string MeTaSt00r3 Metastore data file,
+>10 bequad x version %0llx
diff --git a/magic/Magdir/meteorological b/magic/Magdir/meteorological
new file mode 100644
index 0000000..725982f
--- /dev/null
+++ b/magic/Magdir/meteorological
@@ -0,0 +1,53 @@
+
+#------------------------------------------------------------------------------
+# $File: meteorological,v 1.4 2022/12/09 18:02:09 christos Exp $
+# rinex: file(1) magic for RINEX files
+# http://igscb.jpl.nasa.gov/igscb/data/format/rinex210.txt
+# ftp://cddis.gsfc.nasa.gov/pub/reports/formats/rinex300.pdf
+# data for testing: ftp://cddis.gsfc.nasa.gov/pub/gps/data
+60 string RINEX
+>80 search/256 XXRINEXB RINEX Data, GEO SBAS Broadcast
+>>&32 string x \b, date %15.15s
+>>5 string x \b, version %6.6s
+!:mime rinex/broadcast
+>80 search/256 XXRINEXD RINEX Data, Observation (Hatanaka comp)
+>>&32 string x \b, date %15.15s
+>>5 string x \b, version %6.6s
+!:mime rinex/observation
+>80 search/256 XXRINEXC RINEX Data, Clock
+>>&32 string x \b, date %15.15s
+>>5 string x \b, version %6.6s
+!:mime rinex/clock
+>80 search/256 XXRINEXH RINEX Data, GEO SBAS Navigation
+>>&32 string x \b, date %15.15s
+>>5 string x \b, version %6.6s
+!:mime rinex/navigation
+>80 search/256 XXRINEXG RINEX Data, GLONASS Navigation
+>>&32 string x \b, date %15.15s
+>>5 string x \b, version %6.6s
+!:mime rinex/navigation
+>80 search/256 XXRINEXL RINEX Data, Galileo Navigation
+>>&32 string x \b, date %15.15s
+>>5 string x \b, version %6.6s
+!:mime rinex/navigation
+>80 search/256 XXRINEXM RINEX Data, Meteorological
+>>&32 string x \b, date %15.15s
+>>5 string x \b, version %6.6s
+!:mime rinex/meteorological
+>80 search/256 XXRINEXN RINEX Data, Navigation
+>>&32 string x \b, date %15.15s
+>>5 string x \b, version %6.6s
+!:mime rinex/navigation
+>80 search/256 XXRINEXO RINEX Data, Observation
+>>&32 string x \b, date %15.15s
+>>5 string x \b, version %6.6s
+!:mime rinex/observation
+
+# https://en.wikipedia.org/wiki/GRIB
+0 string GRIB
+>7 byte =1 Gridded binary (GRIB) version 1
+!:mime application/x-grib
+!:ext grb/grib
+>7 byte =2 Gridded binary (GRIB) version 2
+!:mime application/x-grib2
+!:ext grb2/grib2
diff --git a/magic/Magdir/microfocus b/magic/Magdir/microfocus
new file mode 100644
index 0000000..93e39aa
--- /dev/null
+++ b/magic/Magdir/microfocus
@@ -0,0 +1,21 @@
+
+#------------------------------------------------------------------------------
+# $File: microfocus,v 1.3 2019/04/19 00:42:27 christos Exp $
+# Micro Focus COBOL data files.
+
+# https://documentation.microfocus.com/help/index.jsp?topic=\
+# %2FGUID-0E0191D8-C39A-44D1-BA4C-D67107BAF784%2FHRFLRHFILE05.html
+# http://www.cobolproducts.com/datafile/data-viewer.html
+# https://github.com/miracle2k/mfcobol-export
+
+0 string \x30\x00\x00\x7C
+>36 string \x00\x3E Micro Focus File with Header (DAT)
+!:mime application/octet-stream
+
+0 string \x30\x7E\x00\x00
+>36 string \x00\x3E Micro Focus File with Header (DAT)
+!:mime application/octet-stream
+
+39 string \x02
+>136 string \x02\x02\x04\x04 Micro Focus Index File (IDX)
+!:mime application/octet-stream
diff --git a/magic/Magdir/mime b/magic/Magdir/mime
new file mode 100644
index 0000000..57b2dd5
--- /dev/null
+++ b/magic/Magdir/mime
@@ -0,0 +1,9 @@
+
+#------------------------------------------------------------------------------
+# $File: mime,v 1.8 2017/03/17 22:20:22 christos Exp $
+# mime: file(1) magic for MIME encoded files
+#
+0 string/t Content-Type:\040
+>14 string >\0 %s
+0 string/t Content-Type:
+>13 string >\0 %s
diff --git a/magic/Magdir/mips b/magic/Magdir/mips
new file mode 100644
index 0000000..fe83614
--- /dev/null
+++ b/magic/Magdir/mips
@@ -0,0 +1,120 @@
+
+#------------------------------------------------------------------------------
+# $File: mips,v 1.10 2014/04/30 21:41:02 christos Exp $
+# mips: file(1) magic for MIPS ECOFF and Ucode, as used in SGI IRIX
+# and DEC Ultrix
+#
+0 beshort 0x0160 MIPSEB ECOFF executable
+>20 beshort 0407 (impure)
+>20 beshort 0410 (swapped)
+>20 beshort 0413 (paged)
+>8 belong >0 not stripped
+>8 belong 0 stripped
+>22 byte x - version %d
+>23 byte x \b.%d
+#
+0 beshort 0x0162 MIPSEL-BE ECOFF executable
+>20 beshort 0407 (impure)
+>20 beshort 0410 (swapped)
+>20 beshort 0413 (paged)
+>8 belong >0 not stripped
+>8 belong 0 stripped
+>23 byte x - version %d
+>22 byte x \b.%d
+#
+0 beshort 0x6001 MIPSEB-LE ECOFF executable
+>20 beshort 03401 (impure)
+>20 beshort 04001 (swapped)
+>20 beshort 05401 (paged)
+>8 belong >0 not stripped
+>8 belong 0 stripped
+>23 byte x - version %d
+>22 byte x \b.%d
+#
+0 beshort 0x6201 MIPSEL ECOFF executable
+>20 beshort 03401 (impure)
+>20 beshort 04001 (swapped)
+>20 beshort 05401 (paged)
+>8 belong >0 not stripped
+>8 belong 0 stripped
+>23 byte x - version %d
+>22 byte x \b.%d
+#
+# MIPS 2 additions
+#
+0 beshort 0x0163 MIPSEB MIPS-II ECOFF executable
+>20 beshort 0407 (impure)
+>20 beshort 0410 (swapped)
+>20 beshort 0413 (paged)
+>8 belong >0 not stripped
+>8 belong 0 stripped
+>22 byte x - version %d
+>23 byte x \b.%d
+#
+0 beshort 0x0166 MIPSEL-BE MIPS-II ECOFF executable
+>20 beshort 0407 (impure)
+>20 beshort 0410 (swapped)
+>20 beshort 0413 (paged)
+>8 belong >0 not stripped
+>8 belong 0 stripped
+>22 byte x - version %d
+>23 byte x \b.%d
+#
+0 beshort 0x6301 MIPSEB-LE MIPS-II ECOFF executable
+>20 beshort 03401 (impure)
+>20 beshort 04001 (swapped)
+>20 beshort 05401 (paged)
+>8 belong >0 not stripped
+>8 belong 0 stripped
+>23 byte x - version %d
+>22 byte x \b.%d
+#
+0 beshort 0x6601 MIPSEL MIPS-II ECOFF executable
+>20 beshort 03401 (impure)
+>20 beshort 04001 (swapped)
+>20 beshort 05401 (paged)
+>8 belong >0 not stripped
+>8 belong 0 stripped
+>23 byte x - version %d
+>22 byte x \b.%d
+#
+# MIPS 3 additions
+#
+0 beshort 0x0140 MIPSEB MIPS-III ECOFF executable
+>20 beshort 0407 (impure)
+>20 beshort 0410 (swapped)
+>20 beshort 0413 (paged)
+>8 belong >0 not stripped
+>8 belong 0 stripped
+>22 byte x - version %d
+>23 byte x \b.%d
+#
+0 beshort 0x0142 MIPSEL-BE MIPS-III ECOFF executable
+>20 beshort 0407 (impure)
+>20 beshort 0410 (swapped)
+>20 beshort 0413 (paged)
+>8 belong >0 not stripped
+>8 belong 0 stripped
+>22 byte x - version %d
+>23 byte x \b.%d
+#
+0 beshort 0x4001 MIPSEB-LE MIPS-III ECOFF executable
+>20 beshort 03401 (impure)
+>20 beshort 04001 (swapped)
+>20 beshort 05401 (paged)
+>8 belong >0 not stripped
+>8 belong 0 stripped
+>23 byte x - version %d
+>22 byte x \b.%d
+#
+0 beshort 0x4201 MIPSEL MIPS-III ECOFF executable
+>20 beshort 03401 (impure)
+>20 beshort 04001 (swapped)
+>20 beshort 05401 (paged)
+>8 belong >0 not stripped
+>8 belong 0 stripped
+>23 byte x - version %d
+>22 byte x \b.%d
+#
+0 beshort 0x180 MIPSEB Ucode
+0 beshort 0x182 MIPSEL-BE Ucode
diff --git a/magic/Magdir/mirage b/magic/Magdir/mirage
new file mode 100644
index 0000000..cdeb3fc
--- /dev/null
+++ b/magic/Magdir/mirage
@@ -0,0 +1,8 @@
+
+#------------------------------------------------------------------------------
+# $File: mirage,v 1.7 2009/09/19 16:28:10 christos Exp $
+# mirage: file(1) magic for Mirage executables
+#
+# XXX - byte order?
+#
+0 long 31415 Mirage Assembler m.out executable
diff --git a/magic/Magdir/misctools b/magic/Magdir/misctools
new file mode 100644
index 0000000..dc1542a
--- /dev/null
+++ b/magic/Magdir/misctools
@@ -0,0 +1,140 @@
+
+#-----------------------------------------------------------------------------
+# $File: misctools,v 1.21 2023/02/03 20:43:48 christos Exp $
+# misctools: file(1) magic for miscellaneous UNIX tools.
+#
+0 search/1 %%!! X-Post-It-Note text
+# URL: http://fileformats.archiveteam.org/wiki/ICalendar
+# https://en.wikipedia.org/wiki/ICalendar
+# Update: Joerg Jenderek
+# Reference: https://www.rfc-editor.org/rfc/rfc5545
+# http://mark0.net/download/triddefs_xml.7z/defs/v/vcs.trid.xml
+# Note: called "iCalendar - vCalendar" by TrID
+0 string/c BEGIN:vcalendar
+# skip DROID fmt-387-signature-id-572.vcs fmt-388-signature-id-573.ics
+# with invalid separator 0x0 or 0xAB instead of CarriageReturn (0x0D) or LineFeed (0x0A)
+>15 ubyte&0xF8 =0x08
+# look for VERSION keyword often on second line but sometimes later as in holidays_NRW_2014.ics
+>>0 search/188 VERSION
+# after VERSION keword :1.0 or often :2.0 but sometimes also ;VALUE=TEXT:2.0 like in Jewish religious Juish.ics
+# http://www.webcal.guru/de-DE/kalender_herunterladen?calendar_instance_id=217
+# \n\040:2.0 like in import-real-world-2004-11-19.ics found at
+# https://ftp.gnu.org/gnu/emacs/emacs-28.1.tar.xz
+# emacs-28.1/test/lisp/calendar/icalendar-resources/import-real-world-2004-11-19.ics
+#>>>&0 string x AFTER_VERSION=%.15s
+# Note: called "Internet Calendar and Scheduling format" by DROID via PUID fmt/388
+# skip optional verparam=;other-param like ;VALUE=TEXT and look for version 2.0 that implies iCalendar variant
+>>>&0 search/81 :2.0 iCalendar calendar
+# look for Free/Busy component
+>>>>15 search/278 :VFREEBUSY file, with Free/Busy component
+!:mime text/calendar
+!:apple ????iFBf
+# no real examples found but only example on Wikipedia page
+!:ext ifb
+# iCalendar calendar without Free/Busy component
+>>>>15 default x
+# look for ALARM component
+>>>>>15 search/154 :VALARM file, with ALARM component
+!:mime text/calendar
+!:apple ????iCal
+# found on macOS beneath /Users/$USER/Library/Calendars/ as EventAllDayAlarms.icsalarm or EventTimedAlarms.icsalarm
+# no isc examples found
+!:ext icsalarm/ics
+# iCalendar calendar without Free/Busy component and ALARM component
+>>>>>15 default x file
+!:mime text/calendar
+!:apple ????iCal
+# no examples found with .ical .icalender suffix
+!:ext ics
+# if no VERSION 2.0 is found then assume it is VERSION 1.0, that is older vCalendar
+# URL: http://fileformats.archiveteam.org/wiki/VCalendar
+# Note: called "VCalendar format" by DROID via fmt/387
+>>>&0 default x vCalendar calendar file
+# deprecated
+!:mime text/x-vcalendar
+!:ext vcs
+# GRR: without VERSION keyword violates specification but accepted by Thunderbird like
+# https://ftp.gnu.org/gnu/emacs/emacs-28.1.tar.xz
+# emacs-28.1/test/lisp/calendar/icalendar-resources/import-with-timezone.ics
+>>0 default x vCalendar calendar file, without VERSION
+!:mime text/x-vcalendar
+#!:mime text/calendar
+# no vcs example found
+!:ext ics/vcs
+# GRR: According to newest specification CarriageReturn (0xD) and LineFeed (0xA) should be used as separator but others accepted by Thunderbird
+# like CRLF,LF in Sport Today.vcs created by calendar plugin of TV-Browser https://enwiki.tvbrowser.org/index.php/Calendar_Export
+# or LF like https://www.schulferien.org/media/ical/deutschland/ferien_nordrhein-westfalen_2023.ics?k=foo
+>>15 ubeshort !0x0D0A \b, without CRLF
+
+# updated by Joerg Jenderek at Apr 2015, May 2021
+# https://en.wikipedia.org/wiki/VCard
+# URL: http://fileformats.archiveteam.org/wiki/VCard
+# https://datatracker.ietf.org/doc/html/rfc6350
+# the value is case-insensitive
+0 string/c begin:vcard
+# skip DROID fmt-395-signature-id-634.vcf
+>13 string !VERSION:END vCard visiting card
+# deprecated
+#!:mime text/x-vcard
+!:mime text/vcard
+!:apple ????vCrd
+!:ext vcf/vcard
+# VERSION must come right after BEGIN for 3.0 or 4.0 except in 2.1 , where it can be anywhere
+# Joerg_Jenderek_67.vcf
+>>12 search/0x113b4/c version:
+# VERSION 2.1 , 3.0 or 4.0
+>>>&0 string x \b, version %-.3s
+>>>&0 string !2.1
+>>>>13 string !VERSION: \b, 2nd line does not start with VERSION:
+# downcase violates RFC 6350, but some "bad" software produce such vcards
+>>0 string !BEGIN \b, not up case
+# http://ftp.mozilla.org/pub/thunderbird/candidates/
+# 78.10.1-candidates/build1/source/thunderbird-78.10.1.source.tar.xz
+# thunderbird-78.10.1/comm/mailnews/import/test/unit/resources/basic_vcard_addressbook.vcf
+>>11 beshort !0x0D0A \b, lines not separated by CRLF
+
+# Summary: Libtool library file
+# Extension: .la
+# Submitted by: Tomasz Trojanowski <tomek@uninet.com.pl>
+0 search/80 .la\ -\ a\ libtool\ library\ file libtool library file
+
+# Summary: Libtool object file
+# Extension: .lo
+# Submitted by: Abel Cheung <abelcheung@gmail.com>
+0 search/80 .lo\ -\ a\ libtool\ object\ file libtool object file
+
+# From: Daniel Novotny <dnovotny@redhat.com>
+# Update: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/Core_dump#User-mode_memory_dumps
+# Reference: https://msdn.microsoft.com/en-us/library/ms680378%28VS.85%29.aspx
+#
+# "Windows Minidump" by TrID
+# ./misctools (version 5.25) labeled the entry as "MDMP crash report data"
+0 string MDMP Mini DuMP crash report
+# https://filext.com/file-extension/DMP
+!:mime application/x-dmp
+!:ext dmp/mdmp
+# The high-order word is an internal value that is implementation specific.
+# The low-order word is MINIDUMP_VERSION 0xA793
+>4 ulelong&0x0000FFFF !0xA793 \b, version %#4.4x
+# NumberOfStreams 8,9,10,13
+>8 ulelong x \b, %d streams
+# StreamDirectoryRva 0x20
+>12 ulelong !0x20 \b, %#8.8x RVA
+# CheckSum 0
+>16 ulelong !0 \b, CheckSum %#8.8x
+# Reserved or TimeDateStamp
+>20 ledate x \b, %s
+# https://msdn.microsoft.com/en-us/library/windows/desktop/ms680519%28v=vs.85%29.aspx
+# Flags MINIDUMP_TYPE enumeration type 0 0x121 0x800
+>24 ulelong x \b, %#x type
+# >24 ulelong >0 \b; include
+# >>24 ulelong &0x00000001 \b data sections,
+# >>24 ulelong &0x00000020 \b list of unloaded modules,
+# >>24 ulelong &0x00000100 \b process and thread information,
+# >>24 ulelong &0x00000800 \b memory information,
+
+# Summary: abook addressbook file
+# Submitted by: Mark Schreiber <mark7@alumni.cmu.edu>
+0 string #\x20abook\x20addressbook\x20file abook address book
+!:mime application/x-abook-addressbook
diff --git a/magic/Magdir/mkid b/magic/Magdir/mkid
new file mode 100644
index 0000000..faad396
--- /dev/null
+++ b/magic/Magdir/mkid
@@ -0,0 +1,11 @@
+
+#------------------------------------------------------------------------------
+# $File: mkid,v 1.6 2009/09/19 16:28:10 christos Exp $
+# mkid: file(1) magic for mkid(1) databases
+#
+# ID is the binary tags database produced by mkid(1).
+#
+# XXX - byte order?
+#
+0 string \311\304 ID tags data
+>2 short >0 version %d
diff --git a/magic/Magdir/mlssa b/magic/Magdir/mlssa
new file mode 100644
index 0000000..3c8875e
--- /dev/null
+++ b/magic/Magdir/mlssa
@@ -0,0 +1,8 @@
+
+#------------------------------------------------------------------------------
+# $File: mlssa,v 1.4 2009/09/19 16:28:10 christos Exp $
+# mlssa: file(1) magic for MLSSA datafiles
+#
+0 lelong 0xffffabcd MLSSA datafile,
+>4 leshort x algorithm %d,
+>10 lelong x %d samples
diff --git a/magic/Magdir/mmdf b/magic/Magdir/mmdf
new file mode 100644
index 0000000..5576a66
--- /dev/null
+++ b/magic/Magdir/mmdf
@@ -0,0 +1,6 @@
+
+#------------------------------------------------------------------------------
+# $File: mmdf,v 1.6 2009/09/19 16:28:10 christos Exp $
+# mmdf: file(1) magic for MMDF mail files
+#
+0 string \001\001\001\001 MMDF mailbox
diff --git a/magic/Magdir/modem b/magic/Magdir/modem
new file mode 100644
index 0000000..5d59401
--- /dev/null
+++ b/magic/Magdir/modem
@@ -0,0 +1,92 @@
+
+#------------------------------------------------------------------------------
+# $File: modem,v 1.11 2022/10/19 20:15:16 christos Exp $
+# modem: file(1) magic for modem programs
+#
+# From: Florian La Roche <florian@knorke.saar.de>
+1 string PC\ Research,\ Inc Digifax-G3-File
+>29 byte 1 \b, fine resolution
+>29 byte 0 \b, normal resolution
+
+# Summary: CCITT Group 3 Facsimile in "raw" form (i.e. no header).
+# Modified by: Joerg Jenderek
+# URL: https://de.wikipedia.org/wiki/Fax
+# http://fileformats.archiveteam.org/wiki/CCITT_Group_3
+# Reference: https://web.archive.org/web/20020628195336/http://www.netnam.vn/unescocourse/computervision/104.htm
+# GRR: EOL of G3 is too general as it catches also TrueType fonts, Postscript PrinterFontMetric, others
+0 short 0x0100
+# 16 0-bits near beginning like True Type fonts *.ttf, Postscript PrinterFontMetric *.pfm, FTYPE.HYPERCARD, XFER
+>2 search/9 \0\0
+# maximal 7 0-bits for pixel sequences or 11 0-bits for EOL in G3
+>2 default x
+# skip IRCAM file (VAX big-endian) ./audio
+>>0 belong !0x0001a364
+# skip GEM Image data ./images
+>>>2 beshort !0x0008
+# look for first keyword of Panorama database *.pan
+>>>>11 search/262 \x06DESIGN
+# skip Panorama database
+>>>>11 default x
+# old Apple DreamWorld DreamGrafix *.3200 with keyword at end of g3 looking files
+>>>>>27118 search/1864 DreamWorld
+>>>>>27118 default x
+# skip MouseTrap/Mt.Defaults with file size 16 found on Golden Orchard Apple II CD Rom
+>>>>>>8 ubequad !0x2e01010454010203
+# skip PICTUREH.SML found on Golden Orchard Apple II CD Rom
+>>>>>>>8 ubequad !0x5dee74ad1aa56394
+# skip few (5/41) DEGAS mid-res bitmap (GEMINI01.PI2 GEMINI02.PI2 GEMINI03.PI2 CODE_RAM.PI2 TBX_DEMO.PI2)
+# with file size 32034
+>>>>>>>>-0 offset !32034 raw G3 (Group 3) FAX, byte-padded
+# version 5.25 labeled the entry above "raw G3 data, byte-padded"
+!:mime image/g3fax
+#!:apple ????TIFF
+!:ext g3
+# unusual image starting with black pixel
+#0 short 0x1300 raw G3 (Group 3) FAX
+0 short 0x1400
+# 16 0-bits near beginning like PicturePuzzler found on Golden Orchard Apple CD Rom
+>2 search/9 \0\0
+# maximal 7 0-bits for pixel sequences or 11 0-bits for EOL in G3
+>2 default x
+# skip some (84/1246) MacBinary II/III (Cyberdog2.068k.smi.bin FileMakerPro4.img.bin Hypercard1.25.image.bin UsbStorage1.3.5.smi.bin) with "non random" numbers by versions values 81h/82h + 81h
+>>122 ubeshort&0xFcFf !0x8081 raw G3 (Group 3) FAX
+# version 5.25 labeled the above entry as "raw G3 data"
+!:mime image/g3fax
+!:ext g3
+# unusual image with black pixel near beginning
+#0 short 0x1900 raw G3 (Group 3) FAX
+
+#
+# Magic data for vgetty voice formats
+# (Martin Seine & Marc Eberhard)
+
+#
+# raw modem data version 1
+#
+0 string RMD1 raw modem data
+>4 string >\0 (%s /
+>20 short >0 compression type %#04x)
+
+#
+# portable voice format 1
+#
+0 string PVF1\n portable voice format
+>5 string >\0 (binary %s)
+
+#
+# portable voice format 2
+#
+0 string PVF2\n portable voice format
+>5 string >\0 (ascii %s)
+
+# From: Bernd Nuernberger <bernd.nuernberger@web.de>
+# Brooktrout G3 fax data incl. 128 byte header
+# Common suffixes: 3??, BRK, BRT, BTR
+0 leshort 0x01bb
+>2 leshort 0x0100 Brooktrout 301 fax image,
+>>9 leshort x %d x
+>>0x2d leshort x %d
+>>6 leshort 200 \b, fine resolution
+>>6 leshort 100 \b, normal resolution
+>>11 byte 1 \b, G3 compression
+>>11 byte 2 \b, G32D compression
diff --git a/magic/Magdir/modulefile b/magic/Magdir/modulefile
new file mode 100644
index 0000000..46c3baf
--- /dev/null
+++ b/magic/Magdir/modulefile
@@ -0,0 +1,9 @@
+
+#------------------------------------------------------------------------------
+# $File: modulefile,v 1.1 2019/10/15 18:04:40 christos Exp $
+# modulefile: file(1) magic for user's environment modulefile
+# URL: http://modules.sourceforge.net/
+# Reference: https://modules.readthedocs.io/en/stable/modulefile.html
+# From: Xavier Delaruelle <xavier.delaruelle@cea.fr>
+0 string #%Module modulefile
+!:mime text/x-modulefile
diff --git a/magic/Magdir/motorola b/magic/Magdir/motorola
new file mode 100644
index 0000000..af93720
--- /dev/null
+++ b/magic/Magdir/motorola
@@ -0,0 +1,71 @@
+
+#------------------------------------------------------------------------------
+# $File: motorola,v 1.12 2021/04/26 15:56:00 christos Exp $
+# motorola: file(1) magic for Motorola 68K and 88K binaries
+#
+# 68K
+#
+0 beshort 0520 mc68k COFF
+>18 beshort ^00000020 object
+>18 beshort &00000020 executable
+>12 belong >0 not stripped
+>168 string .lowmem Apple toolbox
+>20 beshort 0407 (impure)
+>20 beshort 0410 (pure)
+>20 beshort 0413 (demand paged)
+>20 beshort 0421 (standalone)
+0 beshort 0521 mc68k executable (shared)
+>12 belong >0 not stripped
+0 beshort 0522 mc68k executable (shared demand paged)
+>12 belong >0 not stripped
+#
+# Motorola/UniSoft 68K Binary Compatibility Standard (BCS)
+#
+0 beshort 0554 68K BCS executable
+#
+# 88K
+#
+# Motorola/88Open BCS
+#
+0 beshort 0555 88K BCS executable
+#
+# Motorola S-Records, from Gerd Truschinski <gt@freebsd.first.gmd.de>
+0 string S0 Motorola S-Record; binary data in text format
+
+# ATARI ST relocatable PRG
+#
+# from Oskar Schirmer <schirmer@scara.com> Feb 3, 2001
+# (according to Roland Waldi, Oct 21, 1987)
+# besides the magic 0x601a, the text segment size is checked to be
+# not larger than 1 MB (which is a lot on ST).
+# The additional 0x601b distinction I took from Doug Lee's magic.
+0 belong&0xFFFFFFF0 0x601A0000 Atari ST M68K contiguous executable
+>2 belong x (txt=%d,
+>6 belong x dat=%d,
+>10 belong x bss=%d,
+>14 belong x sym=%d)
+0 belong&0xFFFFFFF0 0x601B0000 Atari ST M68K non-contig executable
+>2 belong x (txt=%d,
+>6 belong x dat=%d,
+>10 belong x bss=%d,
+>14 belong x sym=%d)
+
+# Atari ST/TT... program format (sent by Wolfram Kleff <kleff@cs.uni-bonn.de>)
+0 beshort 0x601A Atari 68xxx executable,
+>2 belong x text len %u,
+>6 belong x data len %u,
+>10 belong x BSS len %u,
+>14 belong x symboltab len %u,
+>18 belong 0
+>22 belong &0x01 fastload flag,
+>22 belong &0x02 may be loaded to alternate RAM,
+>22 belong &0x04 malloc may be from alternate RAM,
+>22 belong x flags: %#X,
+>26 beshort 0 no relocation tab
+>26 beshort !0 + relocation tab
+>30 string SFX [Self-Extracting LZH SFX archive]
+>38 string SFX [Self-Extracting LZH SFX archive]
+>44 string ZIP! [Self-Extracting ZIP SFX archive]
+
+0 beshort 0x0064 Atari 68xxx CPX file
+>8 beshort x (version %04x)
diff --git a/magic/Magdir/mozilla b/magic/Magdir/mozilla
new file mode 100644
index 0000000..32f3bb7
--- /dev/null
+++ b/magic/Magdir/mozilla
@@ -0,0 +1,37 @@
+
+#------------------------------------------------------------------------------
+# $File: mozilla,v 1.12 2021/04/26 15:56:00 christos Exp $
+# mozilla: file(1) magic for Mozilla XUL fastload files
+# (XUL.mfasl and XPC.mfasl)
+# URL: https://www.mozilla.org/
+# From: Josh Triplett <josh@freedesktop.org>
+
+0 string XPCOM\nMozFASL\r\n\x1A Mozilla XUL fastload data
+# Probably the next magic line contains misspelled "mozLz40\0"
+0 string mozLz4a Mozilla lz4 compressed bookmark data
+# From: Joerg Jenderek
+# URL: https://lz4.github.io/lz4/
+# Reference: https://github.com/avih/dejsonlz4/archive/master.zip/
+# dejsonlz4-master\src\dejsonlz4.c
+# Note: mostly JSON compressed with a non-standard LZ4 header
+# can be unpacked by dejsonlz4 but not lz4 program.
+0 string mozLz40\0 Mozilla lz4 compressed data
+!:mime application/x-lz4+json
+# mozlz4 extension seems to be used for search/store, while jsonlz4 for bookmarks
+!:ext jsonlz4/mozlz4
+# decomp_size
+>8 ulelong x \b, originally %u bytes
+# lz4 data
+#>12 ubequad x \b, lz4 data %#16.16llx
+
+# From: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/Firefox_4
+# Reference: https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT
+# Note: Most ZIP utilities are able to extract such archives
+# maybe only partly or after some warnings. Example:
+# zip -FF omni.ja --out omni.zip
+4 string PK\001\002 Mozilla archive omni.ja
+!:mime application/x-zip
+!:ext ja
+# TODO:
+#>4 use zip-dir-entry
diff --git a/magic/Magdir/msdos b/magic/Magdir/msdos
new file mode 100644
index 0000000..aacf859
--- /dev/null
+++ b/magic/Magdir/msdos
@@ -0,0 +1,2304 @@
+
+#------------------------------------------------------------------------------
+# $File: msdos,v 1.169 2023/04/17 16:39:19 christos Exp $
+# msdos: file(1) magic for MS-DOS files
+#
+
+# .BAT files (Daniel Quinlan, quinlan@yggdrasil.com)
+# updated by Joerg Jenderek at Oct 2008,Apr 2011
+0 string/t @
+>1 string/cW \ echo\ off DOS batch file text
+!:mime text/x-msdos-batch
+!:ext bat
+>1 string/cW echo\ off DOS batch file text
+!:mime text/x-msdos-batch
+!:ext bat
+>1 string/cW rem DOS batch file text
+!:mime text/x-msdos-batch
+!:ext bat
+>1 string/cW set\ DOS batch file text
+!:mime text/x-msdos-batch
+!:ext bat
+
+
+# OS/2 batch files are REXX. the second regex is a bit generic, oh well
+# the matched commands seem to be common in REXX and uncommon elsewhere
+100 search/0xffff rxfuncadd
+>100 regex/c =^[\ \t]{0,10}call[\ \t]{1,10}rxfunc OS/2 REXX batch file text
+100 search/0xffff say
+>100 regex/c =^[\ \t]{0,10}say\ ['"] OS/2 REXX batch file text
+
+# updated by Joerg Jenderek at Oct 2015
+# https://de.wikipedia.org/wiki/Common_Object_File_Format
+# http://www.delorie.com/djgpp/doc/coff/filhdr.html
+# ./intel already labeled COFF type 0x14c=0514 as "80386 COFF executable"
+#0 leshort 0x14c MS Windows COFF Intel 80386 object file
+#>4 ledate x stamp %s
+0 leshort 0x166 MS Windows COFF MIPS R4000 object file
+#>4 ledate x stamp %s
+0 leshort 0x184 MS Windows COFF Alpha object file
+#>4 ledate x stamp %s
+0 leshort 0x268 MS Windows COFF Motorola 68000 object file
+#>4 ledate x stamp %s
+0 leshort 0x1f0 MS Windows COFF PowerPC object file
+#>4 ledate x stamp %s
+0 leshort 0x290 MS Windows COFF PA-RISC object file
+#>4 ledate x stamp %s
+
+# Tests for various EXE types.
+#
+# Many of the compressed formats were extracted from IDARC 1.23 source code.
+#
+# e_magic
+0 string/b MZ
+# TODO
+# FLT: Syntrillium CoolEdit Filter https://en.wikipedia.org/wiki/Adobe_Audition
+# FMX64:FileMaker Pro 64-bit plug-in https://en.wikipedia.org/wiki/FileMaker
+# FMX: FileMaker Pro 32-bit plug-in https://en.wikipedia.org/wiki/FileMaker
+# FOD: WIFE Font Driver
+# GAU: MS Flight Simulator Gauge
+# IFS: OS/2 Installable File System https://en.wikipedia.org/wiki/OS/2
+# MEXW32:MATLAB Windows 32bit compiled function https://en.wikipedia.org/wiki/MATLAB
+# MEXW64:MATLAB Windows 64bit compiled function https://en.wikipedia.org/wiki/MATLAB
+# MLL: Maya plug-in (generic) http://en.wikipedia.org/wiki/Autodesk_Maya
+# PFL: PhotoFilter plugin http://photofiltre.free.fr
+# 8*: PhotoShop plug-in (generic) http://www.adobe.com/products/photoshop/main.html
+# PLG: Aston Shell plugin http://www.astonshell.com/
+# QLB: Microsoft Basic Quick library https://en.wikipedia.org/wiki/QuickBASIC
+# SKL: WinLIFT skin http://www.zapsolution.com/winlift/index.htm
+# TBK: Asymetrix ToolBook application http://www.toolbook.com
+# TBP: The Bat! plugin http://www.ritlabs.com
+# UPC: Ultimate Paint Graphics Editor plugin http://ultimatepaint.j-t-l.com
+# XFM: Syntrillium Cool Edit Transform Effect bad http://www.cooledit.com
+# XPL: X-Plane plugin http://www.xsquawkbox.net/xpsdk/
+# ZAP: ZoneLabs Zone Alarm data http://www.zonelabs.com
+#
+# NEXT LINES FOR DEBUGGING!
+# e_cblp; bytes on last page of file
+# e_cp; pages in file
+#>4 uleshort x \b, e_cp 0x%x
+# e_lfanew; file address of new exe header
+#>0x3c ulelong x \b, e_lfanew 0x%x
+# e_lfarlc; address of relocation table
+#>0x18 uleshort x \b, e_lfarlc=0x%x
+# e_ovno; overlay number. If zero, this is the main executable foo
+#>0x1a uleshort !0 \b, e_ovno 0x%x
+#>0x1C ubequad !0 \b, e_res 0x%16.16llx
+# e_oemid; often 0
+#>0x24 uleshort !0 \b, e_oemid 0x%x
+# e_oeminfo; typically zeroes, but 13Dh (WORDSTAR.CNV WPFT5.CNV) 143h (WRITWIN.CNV)
+# 1A3h (DBASE.CNV LOTUS123.CNV RFTDCA.CNV WORDDOS.CNV WORDMAC.CNV WORDWIN1.CNVXLBIFF.CNV)
+#>0x26 uleshort !0 \b, e_oeminfo 0x%x
+# e_res2; typically zeroes, but 000006006F082D2Ah SCSICFG.EXE 00009A0300007C03h de.exe
+# 0000CA0000000002h country.exe dosxmgr.exe 421E0A00421EA823h QMC.EXE
+#>0x28 ubequad !0 \b, e_res2 0x%16.16llx
+# https://web.archive.org/web/20171116024937/http://www.ctyme.com/intr/rb-2939.htm#table1593
+# https://github.com/uxmal/reko/blob/master/src/ImageLoaders/MzExe/ExeImageLoader.cs
+# new exe header magic like: PE NE LE LX W3 W4
+# no examples found for ZM DL MP P2 P3
+#>(0x3c.l) string x \b, at [0x3c] %.2s
+#>(0x3c.l) ubelong x \b, at [0x3c] %#8.8x
+#>(0x3c.l+4) ubelong x \b, at [0x3c+4] %#8.8x
+#
+# Most non-DOS MZ-executable extensions have the relocation table more than 0x40 bytes into the file.
+# http://www.mitec.cz/Downloads/EXE.zip/EXE64.exe e_lfarlc=0x8ead
+# OS/2 ECS\INSTALL\DETECTEI\PCISCAN.EXE e_lfarlc=0x1c
+# some EFI apps Shell_Full.efi ext4_x64_signed.efi e_lfarlc=0
+# Icon library WORD60.ICL e_lfarlc=0
+# Microsoft compiled help format 2.0 WINWORD.DEV.HXS e_lfarlc=0
+>0x18 uleshort <0x40
+# check magic of new second header
+# NE executable with low e_lfarlc like: WORD60.ICL
+# ICL: Icons Library 16-bit http://fileformats.archiveteam.org/wiki/Icon_library
+>>(0x3c.l) string NE Windows Icons Library 16-bit
+!:mime image/x-ms-icl
+!:ext icl
+# handle LX executable with low e_lfarlc like: PCISCAN.EXE
+>>(0x3c.l) string LX
+>>>(0x3c.l) use lx-executable
+# skip Portable Executable (PE) with low e_lfarlc here, because handled later
+# like: ext4_x64_signed.efi Shell_Full.efi WINWORD.DEV.HXS
+>>(0x3c.l) string PE
+# not New Executable (NE) and not PE with low e_lfarlc like:
+# MACCNV55.EXE WORK_RTF.EXE TELE200.EXE NDD.EXE iflash.exe
+>>(0x3c.l) default x MS-DOS executable, MZ for MS-DOS
+!:mime application/x-dosexec
+# Windows and later versions of DOS will allow .EXEs to be named with a .COM
+# extension, mostly for compatibility's sake.
+# like: EDIT.COM 4DOS.COM CMD8086.COM CMD-FR.COM SYSLINUX.COM
+# URL: https://en.wikipedia.org/wiki/Personal_NetWare#VLM
+# Reference: https://mark0.net/download/triddefs_xml.7z/defs/e/exe-vlm-msg.trid.xml
+# also like: BGISRV.DRV
+!:ext exe/com/vlm/drv
+# These traditional tests usually work but not always. When test quality support is
+# implemented these can be turned on.
+#>>0x18 leshort 0x1c (Borland compiler)
+#>>0x18 leshort 0x1e (MS compiler)
+
+# Maybe it's a PE?
+# URL: http://fileformats.archiveteam.org/wiki/Portable_Executable
+# Reference: https://docs.microsoft.com/de-de/windows/win32/debug/pe-format
+>(0x3c.l) string PE\0\0 PE
+!:mime application/vnd.microsoft.portable-executable
+# https://docs.microsoft.com/de-de/windows/win32/debug/pe-format#characteristics
+# DLL Characteristics
+#>>(0x3c.l+22) uleshort x \b, CHARACTERISTICS %#4.4x,
+# 0x0200~IMAGE_FILE_DEBUG_STRIPPED Debugging information is removed from the image file
+# 0x1000~IMAGE_FILE_SYSTEM The image file is a system file, not a user program.
+# 0x2000~IMAGE_FILE_DLL The image file is a dynamic-link library (DLL)
+>>(0x3c.l+24) leshort 0x010b \b32 executable
+# https://learn.microsoft.com/en-us/windows/win32/debug/pe-format#windows-subsystem
+#>>>(0x3c.l+92) leshort x \b, SUBSYSTEM %u
+>>(0x3c.l+24) leshort 0x020b \b32+ executable
+#>>>(0x3c.l+92) leshort x \b, SUBSYSTEM %u
+>>(0x3c.l+24) leshort 0x0107 ROM image
+>>(0x3c.l+24) default x Unknown PE signature
+>>>&0 leshort x %#x
+>>(0x3c.l+22) leshort&0x2000 >0 (DLL)
+# 0~IMAGE_SUBSYSTEM_UNKNOWN An unknown subsystem
+>>(0x3c.l+92) leshort 0 (
+# Summary: Microsoft compiled help *.HXS format 2.0
+# URL: https://en.wikipedia.org/wiki/Microsoft_Help_2
+# Reference: http://www.russotto.net/chm/itolitlsformat.html
+# https://mark0.net/download/triddefs_xml.7z/defs/h/hxs.trid.xml
+# Note: 2 PE sections (.rsrc, .its) implies Microsoft compiled help format; the .its section contains the help content ITOLITLS
+# verified by command like `pelook.exe -d WINWORD.HXS & pelook.exe -h WINWORD.HXS`
+>>>(0x3c.l+6) uleshort =2 \bMicrosoft compiled help format 2.0)
+!:ext hxs
+# 3 PE sections (.text, .reloc, .rsrc) implies some Control Panel Item like:
+# CPL: Control Panel item for WINE 1.7.28 https://www.winehq.org/
+>>>(0x3c.l+6) uleshort !2 \bControl Panel Item)
+!:ext cpl
+# 1~IMAGE_SUBSYSTEM_NATIVE device drivers and native Windows processes
+>>(0x3c.l+92) leshort 1
+# Native PEs include ntoskrnl.exe, hal.dll, smss.exe, autochk.exe, and all the
+# drivers in Windows/System32/drivers/*.sys.
+>>>(0x3c.l+22) leshort&0x2000 >0 (native)
+!:ext dll/sys
+>>>(0x3c.l+22) leshort&0x2000 0 (native)
+!:ext exe/sys
+# 2~IMAGE_SUBSYSTEM_WINDOWS_GUI The Windows graphical user interface (GUI) subsystem
+>>(0x3c.l+92) leshort 2
+>>>(0x3c.l+22) leshort&0x2000 >0 (GUI)
+# These could probably be at least partially distinguished from one another by
+# looking for specific exported functions.
+# CPL: Control Panel item
+# TLB: Type library
+# OCX: OLE/ActiveX control
+# ACM: Audio compression manager codec
+# AX: DirectShow source filter
+# IME: Input method editor
+!:ext dll/cpl/tlb/ocx/acm/ax/ime
+>>>(0x3c.l+22) leshort&0x2000 0 (GUI)
+# Screen savers typically include code from the scrnsave.lib static library, but
+# that's not guaranteed.
+!:ext exe/scr
+# 3~IMAGE_SUBSYSTEM_WINDOWS_CUI The Windows character subsystem
+>>(0x3c.l+92) leshort 3
+>>>(0x3c.l+22) leshort&0x2000 >0 (console)
+!:ext dll/cpl/tlb/ocx/acm/ax/ime
+>>>(0x3c.l+22) leshort&0x2000 0 (console)
+!:ext exe/com
+# NO Windows Subsystem number 4!
+>>(0x3c.l+92) leshort 4 (Unknown subsystem 4)
+# 5~IMAGE_SUBSYSTEM_OS2_CUI The OS/2 character subsystem
+>>(0x3c.l+92) leshort 5 (OS/2)
+# GRR: No examples found by Joerg Jenderek
+#!:ext foo-exe-os2
+# NO Windows Subsystem number 6!
+>>(0x3c.l+92) leshort 6 (Unknown subsystem 6)
+# 7~IMAGE_SUBSYSTEM_POSIX_CUI The Posix character subsystem
+>>(0x3c.l+92) leshort 7 (POSIX
+>>>(0x3c.l+22) leshort&0x2000 >0 \b)
+# like: PSXDLL.DLL
+!:ext dll
+>>>(0x3c.l+22) leshort&0x2000 0 \b)
+# like: PAX.EXE
+!:ext exe
+# 8~IMAGE_SUBSYSTEM_NATIVE_WINDOWS Native Win9x driver
+>>(0x3c.l+92) leshort 8 (Win9x)
+# GRR: No examples found by Joerg Jenderek
+#!:ext foo-exe-win98
+# 9~IMAGE_SUBSYSTEM_WINDOWS_CE_GUI Windows CE
+>>(0x3c.l+92) leshort 9 (Windows CE
+>>>(0x3c.l+22) leshort&0x2000 >0 \b)
+# like: MCS9900Ce50.dll Mosiisr99x.dll TMCGPS.DLL
+!:ext dll
+>>>(0x3c.l+22) leshort&0x2000 0 \b)
+# like: NNGStart.exe navigator.exe
+!:ext exe
+# 10~IMAGE_SUBSYSTEM_EFI_APPLICATION An Extensible Firmware Interface (EFI) application
+>>(0x3c.l+92) leshort 10 (EFI application)
+# like: bootmgfw.efi grub.efi gdisk_x64.efi Shell_Full.efi shim.efi syslinux.efi
+!:ext efi
+# 11~IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER An EFI driver with boot services
+>>(0x3c.l+92) leshort 11 (EFI boot service driver)
+# like: ext2_x64_signed.efi Fat_x64.efi iso9660_x64_signed.efi
+!:ext efi
+>>(0x3c.l+92) leshort 12 (EFI runtime driver)
+# no sample found
+!:ext efi
+# 13~IMAGE_SUBSYSTEM_EFI_ROM An EFI ROM image
+>>(0x3c.l+92) leshort 13 (EFI ROM)
+# no sample found
+!:ext efi
+# 14~IMAGE_SUBSYSTEM_XBOX XBOX
+>>(0x3c.l+92) leshort 14 (XBOX)
+#!:ext foo-xbox
+# NO Windows Subsystem number 15!
+>>(0x3c.l+92) leshort 15 (Unknown subsystem 15)
+# 16~IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION Windows boot application
+>>(0x3c.l+92) leshort 16 (Windows boot application
+>>>(0x3c.l+22) leshort&0x2000 >0 \b)
+# like: bootvhd.dll bootuwf.dll hvloader.dll tcbloader.dll bootspaces.dll
+!:ext dll
+>>>(0x3c.l+22) leshort&0x2000 0 \b)
+# like: bootmgr.efi memtest.efi shellx64.efi memtest.exe winload.exe winresume.exe bootvhd.dll hvloader.dll
+!:ext efi/exe
+# GRR: the next 2 lines are not executed!
+#>>(0x3c.l+92) default x (Unknown subsystem
+#>>>&0 leshort x %#x)
+>>(0x3c.l+92) leshort >16 (Unknown subsystem
+>>>&0 leshort x %#x)
+>>(0x3c.l+4) leshort 0x14c Intel 80386
+>>(0x3c.l+4) leshort 0x166 MIPS R4000
+>>(0x3c.l+4) leshort 0x168 MIPS R10000
+>>(0x3c.l+4) leshort 0x184 Alpha
+>>(0x3c.l+4) leshort 0x1a2 Hitachi SH3
+>>(0x3c.l+4) leshort 0x1a3 Hitachi SH3 DSP
+>>(0x3c.l+4) leshort 0x1a8 Hitachi SH5
+>>(0x3c.l+4) leshort 0x169 MIPS WCE v2
+>>(0x3c.l+4) leshort 0x1a6 Hitachi SH4
+>>(0x3c.l+4) leshort 0x1c0 ARM
+>>(0x3c.l+4) leshort 0x1c2 ARM Thumb
+>>(0x3c.l+4) leshort 0x1c4 ARMv7 Thumb
+>>(0x3c.l+4) leshort 0x1d3 Matsushita AM33
+>>(0x3c.l+4) leshort 0x1f0 PowerPC
+>>(0x3c.l+4) leshort 0x1f1 PowerPC with FPU
+>>(0x3c.l+4) leshort 0x1f2 PowerPC (big-endian)
+>>(0x3c.l+4) leshort 0x200 Intel Itanium
+>>(0x3c.l+4) leshort 0x266 MIPS16
+>>(0x3c.l+4) leshort 0x268 Motorola 68000
+>>(0x3c.l+4) leshort 0x290 PA-RISC
+>>(0x3c.l+4) leshort 0x366 MIPSIV
+>>(0x3c.l+4) leshort 0x466 MIPS16 with FPU
+>>(0x3c.l+4) leshort 0xebc EFI byte code
+>>(0x3c.l+4) leshort 0x5032 RISC-V 32-bit
+>>(0x3c.l+4) leshort 0x5064 RISC-V 64-bit
+>>(0x3c.l+4) leshort 0x5128 RISC-V 128-bit
+>>(0x3c.l+4) leshort 0x6232 LoongArch 32-bit
+>>(0x3c.l+4) leshort 0x6264 LoongArch 64-bit
+>>(0x3c.l+4) leshort 0x9041 Mitsubishi M32R
+>>(0x3c.l+4) leshort 0x8664 x86-64
+>>(0x3c.l+4) leshort 0xaa64 Aarch64
+>>(0x3c.l+4) leshort 0xc0ee MSIL
+# GRR: the next 2 lines are not executed!
+>>(0x3c.l+4) default x Unknown processor type
+>>>&0 leshort x %#x
+>>(0x3c.l+22) leshort&0x0200 >0 (stripped to external PDB)
+>>(0x3c.l+22) leshort&0x1000 >0 system file
+>>(0x3c.l+24) leshort 0x010b
+>>>(0x3c.l+232) lelong >0 Mono/.Net assembly
+>>(0x3c.l+24) leshort 0x020b
+>>>(0x3c.l+248) lelong >0 Mono/.Net assembly
+
+# hooray, there's a DOS extender using the PE format, with a valid PE
+# executable inside (which just prints a message and exits if run in win)
+>>(8.s*16) string 32STUB \b, 32rtm DOS extender
+>>(8.s*16) string !32STUB \b, for MS Windows
+>>(0x3c.l+0xf8) string UPX0 \b, UPX compressed
+>>(0x3c.l+0xf8) search/0x140 PEC2 \b, PECompact2 compressed
+>>(0x3c.l+0xf8) search/0x140 UPX2
+>>>(&0x10.l+(-4)) string PK\3\4 \b, ZIP self-extracting archive (Info-Zip)
+>>(0x3c.l+0xf8) search/0x140 .idata
+>>>(&0xe.l+(-4)) string PK\3\4 \b, ZIP self-extracting archive (Info-Zip)
+>>>(&0xe.l+(-4)) string ZZ0 \b, ZZip self-extracting archive
+>>>(&0xe.l+(-4)) string ZZ1 \b, ZZip self-extracting archive
+>>(0x3c.l+0xf8) search/0x140 .rsrc
+>>>(&0x0f.l+(-4)) string a\\\4\5 \b, WinHKI self-extracting archive
+>>>(&0x0f.l+(-4)) string Rar! \b, RAR self-extracting archive
+>>>(&0x0f.l+(-4)) search/0x3000 MSCF \b, InstallShield self-extracting archive
+>>>(&0x0f.l+(-4)) search/32 Nullsoft \b, Nullsoft Installer self-extracting archive
+>>(0x3c.l+0xf8) search/0x140 .data
+>>>(&0x0f.l) string WEXTRACT \b, MS CAB-Installer self-extracting archive
+>>(0x3c.l+0xf8) search/0x140 .petite\0 \b, Petite compressed
+>>>(0x3c.l+0xf7) byte x
+>>>>(&0x104.l+(-4)) string =!sfx! \b, ACE self-extracting archive
+>>(0x3c.l+0xf8) search/0x140 .WISE \b, WISE installer self-extracting archive
+>>(0x3c.l+0xf8) search/0x140 .dz\0\0\0 \b, Dzip self-extracting archive
+>>&(0x3c.l+0xf8) search/0x100 _winzip_ \b, ZIP self-extracting archive (WinZip)
+>>&(0x3c.l+0xf8) search/0x100 SharedD \b, Microsoft Installer self-extracting archive
+>>0x30 string Inno \b, InnoSetup self-extracting archive
+# NumberOfSections; Normal Dynamic Link libraries have a few sections for code, data and resource etc.
+# PE used as container have less sections
+>>(0x3c.l+6) leshort >1 \b, %u sections
+# do not display for 1 section to get output like in version 5.43 and to keep output columns low
+#>>(0x3c.l+6) leshort =1 \b, %u section
+
+# If the relocation table is 0x40 or more bytes into the file, it's definitely
+# not a DOS EXE.
+>0x18 uleshort >0x3f
+
+# Hmm, not a PE but the relocation table is too high for a traditional DOS exe,
+# must be one of the unusual subformats.
+>>(0x3c.l) string !PE\0\0 MS-DOS executable
+#!:mime application/x-dosexec
+
+>>(0x3c.l) string NE \b, NE
+#!:mime application/x-dosexec
+!:mime application/x-ms-ne-executable
+# FOR DEBUGGING!
+# Reference: https://wiki.osdev.org/NE
+# ProgFlags; Program flags, bitmapped
+#>>>(0x3c.l+0x0C) ubyte x \b, ProgFlags 0x%2.2x
+# >>>(0x3c.l+0x0c) ubyte&0x03 =0 \b, none
+# >>>(0x3c.l+0x0c) ubyte&0x03 =1 \b, single shared
+# >>>(0x3c.l+0x0c) ubyte&0x03 =2 \b, multiple
+# >>>(0x3c.l+0x0c) ubyte&0x03 =3 \b, (null)
+# >>>(0x3c.l+0x0c) ubyte &0x04 \b, Global initialization
+# >>>(0x3c.l+0x0c) ubyte &0x08 \b, Protected mode only
+# >>>(0x3c.l+0x0c) ubyte &0x10 \b, 8086 instructions
+# >>>(0x3c.l+0x0c) ubyte &0x20 \b, 80286 instructions
+# >>>(0x3c.l+0x0c) ubyte &0x40 \b, 80386 instructions
+# >>>(0x3c.l+0x0c) ubyte &0x80 \b, 80x87 instructions
+# ApplFlags; Application flags, bitmapped
+# https://www.fileformat.info/format/exe/corion-ne.htm
+#>>>(0x3c.l+0x0D) ubyte x \b, ApplFlags 0x%2.2x
+# Application type (bits 0-2); 1~Full screen (not aware of Windows/P.M. API)
+# 2~Compatible with Windows/P.M. API 3~Uses Windows/P.M. API
+#>>>(0x3c.l+0x0D) ubyte&0x07 =1 \b, Full screen
+#>>>(0x3c.l+0x0D) ubyte&0x07 =2 \b, Compatible with Windows/P.M. API
+#>>>(0x3c.l+0x0D) ubyte&0x07 =3 \b, use Windows/P.M. API
+# bit 7; DLL or driver (SS:SP info invalid, CS:IP points at FAR init routine called with AX handle
+#>>>(0x3c.l+0x0D) ubyte &0x80 \b, DLL or driver
+# AutoDataSegIndex; automatic data segment index like: 0 2 3 22
+# zero if the SINGLEDATA and MULTIPLEDATA bits are cleared
+#>>>(0x3c.l+0x0e) uleshort x \b, AutoDataSegIndex %u
+# InitHeapSize; intial local heap size like; 0 400h 1400h
+# zero if there is no local allocation
+#>>>(0x3c.l+0x10) uleshort !0 \b, InitHeapSize 0x%x
+# InitStackSize; inital stack size like: 0 10h A00h 7D0h A8Ch FA0h 1000h 1388h
+# 1400h (CBT) 1800h 2000h 2800h 2EE0h 2F3Ch 3258h 3E80h 4000h 4E20h 5000h 6000h
+# 6D60h 8000h 40000h
+# zero if the SS register value does not equal the DS register value
+#>>>(0x3c.l+0x12) uleshort !0 \b, InitStackSize 0x%x
+# EntryPoint; segment offset value of CS:IP like: 0 10000h 18A84h 11C1Ah 307F1h
+#>>>(0x3c.l+0x14) ulelong !0 \b, EntryPoint 0x%x
+# InitStack; specifies the segment offset value of stack pointer SS:SP
+# like: 0 20000h 160000h
+#>>>(0x3c.l+0x18) ulelong !0 \b, InitStack 0x%x
+# SegCount; number of segments in segment table like: 0 1 2 3 16h
+#>>>(0x3c.l+0x1C) uleshort x \b, SegCount 0x%x
+# ModRefs; number of module references (DLLs) like; 0 1 3
+#>>>(0x3c.l+0x1E) uleshort !0 \b, ModRefs %u
+# NoResNamesTabSiz; size in bytes of non-resident names table
+# like: Bh 16h B4h B9h 2Ch 18Fh 16AAh
+#>>>(0x3c.l+0x20) uleshort x \b, NoResNamesTabSiz 0x%x
+# SegTableOffset; offset of Segment table like: 40h
+#>>>(0x3c.l+0x22) uleshort !0x40 \b, SegTableOffset 0x%x
+# ResTableOffset; offset of resources table like: 40h 50h 58h F0h
+# 40h for most fonts likedos737.fon FMFONT.FOT but 60h for L1WBASE.FON
+#>>>(0x3c.l+0x24) uleshort x \b, ResTableOffset 0x%x
+# ResidNamTable; offset of resident names table
+# like: 58h 5Ch 60h 68h 74h 98h 2E3h 2E7h 2F0h
+#>>>(0x3c.l+0x26) uleshort x \b, ResidNamTable 0x%x
+# ImportNameTable; offset of imported names table (array of counted strings, terminated with string of length 00h)
+# like: 77h 7Eh 80h C6h A7h ACh 2F8h 3FFh
+#>>>(0x3c.l+0x2a) uleshort x \b, ImportNameTable 0x%x
+# OffStartNonResTab; offset from start of file to non-resident names table
+# like: 110h 11Dh 19Bh 1A5h 3F5h 4C8h 4EEh D93h
+#>>>(0x3c.l+0x2c) ulelong x \b, OffStartNonResTab 0x%x
+# MovEntryCount; number of movable entry points like: 0 4 5 6 16 17 24 312 355 446
+#>>>(0x3c.l+0x30) uleshort !0 \b, MovEntryCount %u
+# FileAlnSzShftCnt; log2 of the segment sector size; 4~16 0~9~512 (default)
+#>>>(0x3c.l+0x32) uleshort !9 \b, FileAlnSzShftCnt %u
+# nResTabEntries; number of resource table entries like: 0 2
+#>>>(0x3c.l+0x34) uleshort !0 \b, nResTabEntries %u
+# targOS; Target OS; 0~unknown~OS/2 1.0 or MS Windows 1-2
+# OS/2 1.0 like: DTM.DLL SHELL11F.EXE HELPMSG.EXE CREATEDD.EXE
+# or Windows 1.03 - 2.1 like: MSDOSD.EXE KARTEI.EXE KALENDER.EXE
+#>>>(0x3c.l+0x36) byte x TARGOS %x
+>>>(0x3c.l+0x36) byte 0 for OS/2 1.0 or MS Windows 1-2
+>>>(0x3c.l+0x36) byte 1 for OS/2 1.x
+>>>(0x3c.l+0x36) byte 2 for MS Windows 3.x
+>>>(0x3c.l+0x36) byte 3 for MS-DOS
+>>>(0x3c.l+0x36) byte 4 for Windows 386
+>>>(0x3c.l+0x36) byte 5 for Borland Operating System Services
+# http://downloads.sourceforge.net/dfendreloaded/D-Fend-Reloaded-1.4.4.zip
+# D-Fend Reloaded/VirtualHD/FREEDOS/DPMILD32.EXE
+# GRR: WHAT OS is this?
+#>>>(0x3c.l+0x36) byte 6 for TARGET SIX
+# https://en.wikipedia.org/wiki/Phar_Lap_(company)
+>>>(0x3c.l+0x36) byte 0x81 for MS-DOS, Phar Lap DOS extender, OS/2
+# like: CVP7.EXE
+>>>(0x3c.l+0x36) byte 0x82 for MS-DOS, Phar Lap DOS extender, Windows
+>>>(0x3c.l+0x36) default x
+>>>>(0x3c.l+0x36) ubyte x (unknown OS %#x)
+# expctwinver; expected Windows version (minor first) like:
+# 0.0~DTM.DLL 203.4~Windows 1.03 GDI.EXE 2.1~TTY.DRV 3.0~dos737.fon FMFONT.FOT THREED.VBX 3.10~GDI.EXE 4.0~(ME) VGAFULL.3GR
+>>>(0x3c.l+0x3F) ubyte x (%u
+>>>(0x3c.l+0x3E) ubyte x \b.%u)
+# OS2EXEFlags; other EXE flags
+# 0~Long filename support 1~2.x protected mode 4~2.x proportional fonts 8~Executable has gangload area
+#>>>(0x3c.l+0x37) byte !0 \b, OS2EXEFlags 0x%x
+# retThunkOffset; offset to return thunks or start of gangload area like: 0 34h 58h 246h
+#>>>(0x3c.l+0x38) uleshort !0 \b, retThunkOffset 0x%x
+# segrefthunksoff; offset to segment reference thunks or size of gangload area
+# like: 0 33Eh 39Ah AEEh
+#>>>(0x3c.l+0x3A) uleshort !0 \b, segrefthunksoff 0x%x
+# mincodeswap; minimum code swap area size like 0 620Ch
+#>>>(0x3c.l+0x3C) uleshort !0 \b, mincodeswap 0x%x
+>>>(0x3c.l+0x0c) leshort&0x8000 0x8000 (DLL or font)
+# DRV: Driver
+# 3GR: Grabber device driver
+# CPL: Control Panel Item
+# VBX: Visual Basic Extension https://en.wikipedia.org/wiki/Visual_Basic
+# FON: Bitmap font http://fileformats.archiveteam.org/wiki/FON
+# FOT: Font resource file
+# EXE: WINSPOOL.EXE USER.EXE krnl386.exe GDI.EXE
+# CNV: Microsoft Word text conversion https://www.file-extensions.org/cnv-file-extension-microsoft-word-text-conversion-data
+!:ext dll/drv/3gr/cpl/vbx/fon/fot
+>>>(0x3c.l+0x0c) leshort&0x8000 0 (EXE)
+!:ext exe/scr
+>>>&(&0x24.s-1) string ARJSFX \b, ARJ self-extracting archive
+>>>(0x3c.l+0x70) search/0x80 WinZip(R)\ Self-Extractor \b, ZIP self-extracting archive (WinZip)
+
+>>(0x3c.l) string LX\0\0 \b, LX
+!:mime application/x-dosexec
+>>>(0x3c.l+0x0a) leshort <1 (unknown OS)
+>>>(0x3c.l+0x0a) leshort 1 for OS/2
+>>>(0x3c.l+0x0a) leshort 2 for MS Windows
+>>>(0x3c.l+0x0a) leshort 3 for DOS
+>>>(0x3c.l+0x0a) leshort >3 (unknown OS)
+>>>(0x3c.l+0x10) lelong&0x28000 =0x8000 (DLL)
+>>>(0x3c.l+0x10) lelong&0x20000 >0 (device driver)
+>>>(0x3c.l+0x10) lelong&0x300 0x300 (GUI)
+>>>(0x3c.l+0x10) lelong&0x28300 <0x300 (console)
+>>>(0x3c.l+0x08) leshort 1 i80286
+>>>(0x3c.l+0x08) leshort 2 i80386
+>>>(0x3c.l+0x08) leshort 3 i80486
+>>>(8.s*16) string emx \b, emx
+>>>>&1 string x %s
+>>>&(&0x54.l-3) string arjsfx \b, ARJ self-extracting archive
+
+# MS Windows system file, supposedly a collection of LE executables
+# like vmm32.vxd WIN386.EXE
+>>(0x3c.l) string W3 \b, W3 for MS Windows
+#!:mime application/x-dosexec
+!:mime application/x-ms-w3-executable
+!:ext vxd/exe
+# W4 executable
+>>(0x3c.l) string W4 \b, W4 for MS Windows
+#!:mime application/x-dosexec
+!:mime application/x-ms-w4-executable
+# windows 98 VMM32.VXD
+!:ext vxd
+
+>>(0x3c.l) string LE\0\0 \b, LE executable
+!:mime application/x-dosexec
+>>>(0x3c.l+0x0a) leshort 1
+# some DOS extenders use LE files with OS/2 header
+>>>>0x240 search/0x100 DOS/4G for MS-DOS, DOS4GW DOS extender
+>>>>0x240 search/0x200 WATCOM\ C/C++ for MS-DOS, DOS4GW DOS extender
+>>>>0x440 search/0x100 CauseWay\ DOS\ Extender for MS-DOS, CauseWay DOS extender
+>>>>0x40 search/0x40 PMODE/W for MS-DOS, PMODE/W DOS extender
+>>>>0x40 search/0x40 STUB/32A for MS-DOS, DOS/32A DOS extender (stub)
+>>>>0x40 search/0x80 STUB/32C for MS-DOS, DOS/32A DOS extender (configurable stub)
+>>>>0x40 search/0x80 DOS/32A for MS-DOS, DOS/32A DOS extender (embedded)
+# this is a wild guess; hopefully it is a specific signature
+>>>>&0x24 lelong <0x50
+>>>>>(&0x4c.l) string \xfc\xb8WATCOM
+>>>>>>&0 search/8 3\xdbf\xb9 \b, 32Lite compressed
+# another wild guess: if real OS/2 LE executables exist, they probably have higher start EIP
+#>>>>(0x3c.l+0x1c) lelong >0x10000 for OS/2
+# fails with DOS-Extenders.
+>>>(0x3c.l+0x0a) leshort 2 for MS Windows
+>>>(0x3c.l+0x0a) leshort 3 for DOS
+>>>(0x3c.l+0x0a) leshort 4 for MS Windows (VxD)
+# VXD: VxD for Windows 95/98/Me
+# 386: VxD for Windows 2.10, 3.0, 3.1x
+# PDR: Port driver
+# MPD: Miniport driver (?)
+!:ext vxd/386/pdr/mpd
+>>>(&0x7c.l+0x26) string UPX \b, UPX compressed
+>>>&(&0x54.l-3) string UNACE \b, ACE self-extracting archive
+
+# looks like ASCII, probably some embedded copyright message.
+# and definitely not NE/LE/LX/PE
+>>0x3c lelong >0x20000000
+>>>(4.s*512) leshort !0x014c \b, MZ for MS-DOS
+!:mime application/x-dosexec
+!:ext exe/com
+# header data too small for extended executable
+>2 long !0
+>>0x18 uleshort <0x40
+>>>(4.s*512) leshort !0x014c
+
+>>>>&(2.s-514) string !LE
+>>>>>&-2 string !BW
+#>>>>>>(0x3c.l) string x \b, 2ND MAGIC %.2s
+# but some LX executable appear here also like: PCISCAN.EXE
+>>>>>>(0x3c.l) string !LX
+# because Portable Executable (PE) already done skip many here like:
+# xcopy32.exe stinger64.exe WimUtil.exe
+# NO such DOS examples found and
+# DOS examples seems to be already handled by e_lfarlc <0x40 like: CMD8086.COM CMD-FR.COM
+>>>>>>>(0x3c.l) string !PE \b, MZ for MS-DOS
+!:mime application/x-dosexec
+>>>>&(2.s-514) string LE \b, LE
+>>>>>0x240 search/0x100 DOS/4G for MS-DOS, DOS4GW DOS extender
+# educated guess since indirection is still not capable enough for complex offset
+# calculations (next embedded executable would be at &(&2*512+&0-2)
+# I suspect there are only LE executables in these multi-exe files
+>>>>&(2.s-514) string BW
+>>>>>0x240 search/0x100 DOS/4G \b, LE for MS-DOS, DOS4GW DOS extender (embedded)
+>>>>>0x240 search/0x100 !DOS/4G \b, BW collection for MS-DOS
+
+# This sequence skips to the first COFF segment, usually .text
+>(4.s*512) leshort 0x014c \b, COFF
+!:mime application/x-dosexec
+>>(8.s*16) string go32stub for MS-DOS, DJGPP go32 DOS extender
+>>(8.s*16) string emx
+>>>&1 string x for DOS, Win or OS/2, emx %s
+>>&(&0x42.l-3) byte x
+>>>&0x26 string UPX \b, UPX compressed
+# and yet another guess: small .text, and after large .data is unusual, could be 32lite
+>>&0x2c search/0xa0 .text
+>>>&0x0b lelong <0x2000
+>>>>&0 lelong >0x6000 \b, 32lite compressed
+
+>(8.s*16) string $WdX \b, WDos/X DOS extender
+
+# By now an executable type should have been printed out. The executable
+# may be a self-uncompressing archive, so look for evidence of that and
+# print it out.
+#
+# Some signatures below from Greg Roelofs, newt@uchicago.edu.
+#
+>0x35 string \x8e\xc0\xb9\x08\x00\xf3\xa5\x4a\x75\xeb\x8e\xc3\x8e\xd8\x33\xff\xbe\x30\x00\x05 \b, aPack compressed
+>0xe7 string LH/2\ Self-Extract \b, %s
+>0x1c string UC2X \b, UCEXE compressed
+>0x1c string WWP\ \b, WWPACK compressed
+>0x1c string RJSX \b, ARJ self-extracting archive
+>0x1c string diet \b, diet compressed
+>0x1c string LZ09 \b, LZEXE v0.90 compressed
+>0x1c string LZ91 \b, LZEXE v0.91 compressed
+>0x1c string tz \b, TinyProg compressed
+>0x1e string Copyright\ 1989-1990\ PKWARE\ Inc. Self-extracting PKZIP archive
+!:mime application/zip
+# Yes, this really is "Copr", not "Corp."
+>0x1e string PKLITE\ Copr. Self-extracting PKZIP archive
+!:mime application/zip
+# winarj stores a message in the stub instead of the sig in the MZ header
+>0x20 search/0xe0 aRJsfX \b, ARJ self-extracting archive
+>0x20 string AIN
+>>0x23 string 2 \b, AIN 2.x compressed
+>>0x23 string <2 \b, AIN 1.x compressed
+>>0x23 string >2 \b, AIN 1.x compressed
+>0x24 string LHa's\ SFX \b, LHa self-extracting archive
+!:mime application/x-lha
+>0x24 string LHA's\ SFX \b, LHa self-extracting archive
+!:mime application/x-lha
+>0x24 string \ $ARX \b, ARX self-extracting archive
+>0x24 string \ $LHarc \b, LHarc self-extracting archive
+>0x20 string SFX\ by\ LARC \b, LARC self-extracting archive
+>0x40 string aPKG \b, aPackage self-extracting archive
+>0x64 string W\ Collis\0\0 \b, Compack compressed
+>0x7a string Windows\ self-extracting\ ZIP \b, ZIP self-extracting archive
+>>&0xf4 search/0x140 \x0\x40\x1\x0
+>>>(&0.l+(4)) string MSCF \b, WinHKI CAB self-extracting archive
+>1638 string -lh5- \b, LHa self-extracting archive v2.13S
+>0x17888 string Rar! \b, RAR self-extracting archive
+
+# Skip to the end of the EXE. This will usually work fine in the PE case
+# because the MZ image is hardcoded into the toolchain and almost certainly
+# won't match any of these signatures.
+>(4.s*512) long x
+>>&(2.s-517) byte x
+>>>&0 string PK\3\4 \b, ZIP self-extracting archive
+>>>&0 string Rar! \b, RAR self-extracting archive
+>>>&0 string =!\x11 \b, AIN 2.x self-extracting archive
+>>>&0 string =!\x12 \b, AIN 2.x self-extracting archive
+>>>&0 string =!\x17 \b, AIN 1.x self-extracting archive
+>>>&0 string =!\x18 \b, AIN 1.x self-extracting archive
+>>>&7 search/400 **ACE** \b, ACE self-extracting archive
+>>>&0 search/0x480 UC2SFX\ Header \b, UC2 self-extracting archive
+
+# a few unknown ZIP sfxes, no idea if they are needed or if they are
+# already captured by the generic patterns above
+>(8.s*16) search/0x20 PKSFX \b, ZIP self-extracting archive (PKZIP)
+# TODO: how to add this? >FileSize-34 string Windows\ Self-Installing\ Executable \b, ZIP self-extracting archive
+#
+
+# TELVOX Teleinformatica CODEC self-extractor for OS/2:
+>49801 string \x79\xff\x80\xff\x76\xff \b, CODEC archive v3.21
+>>49824 leshort =1 \b, 1 file
+>>49824 leshort >1 \b, %u files
+
+# Summary: OS/2 LX Library and device driver (no DOS stub)
+# From: Joerg Jenderek
+# URL: http://en.wikipedia.org/wiki/EXE
+# Reference: http://www.textfiles.com/programming/FORMATS/lxexe.txt
+# https://github.com/open-watcom/open-watcom-v2/blob/master/bld/watcom/h/exeflat.h
+# Note: by dll-os2-no-dos-stub.trid.xml called "OS/2 Dynamic Link Library (no DOS stub)"
+# TODO: unify with DOS stub variant (MZ magic)
+0 string/b LX
+>2 ushort =0
+>>0 use lx-executable
+# no examples found for big endian variant
+>2 ushort =0x0101
+>>0 use \^lx-executable
+0 name lx-executable
+# similar looking like variant with MS-DOS stub (MZ magic): "MS-DOS executable, LX"
+#>0x00 uleshort x executable,
+# signature OSF_FLAT_LX_SIGNATURE~0x584C~LX OSF_FLAT_SIGNATURE~0x454C~LE
+>0x00 uleshort =0x584c LX
+>0x00 uleshort =0x454C LE
+>0x00 uleshort x executable
+#!:mime application/x-msdownload
+!:mime application/x-lx-executable
+!:ext exe
+# byte order: 00h~little-endian non-zero=1~big-endian
+#>0x02 ubyte =0 (little-endian)
+>0x02 ubyte !0 (big-endian)
+# FOR DEBUGGING!
+# word order: 00h~little-endian non-zero=1~big-endian
+#>0x03 ubyte =0 \b, little-endian word order
+#>0x03 ubyte !0 \b, big-endian word order
+# cpu_type; CPU type like: 1~286 2~386 3~486 4 20h~i860 21h~Intel N11 40h~MIPS R2000,R3000 41h~MIPS R6000 42h~MIPS R4000
+#>0x08 uleshort x \b, CPU %u
+# os_type; target operating system like: 0~unknown 1~OS/2 2~Windows 3~DOS 4.x 4~Windows 386
+#>0x0A leshort x \b, OS %u
+# flags; module type flags
+#>0x10 ulelong x \b, FLAGS %#8.8x
+# 00000002h ~Reserved for system use
+#>0x10 ulelong &0x00000002 \b, 2h reserved
+# OSF_INIT_INSTANCE=00000004h ~Per-Process Library Initialization; setting this bit for EXE file is invalid
+#>0x10 ulelong &0x00000004 \b, per-process library Initialization
+# OSF_INTERNAL_FIXUPS_DONE=00000010h ~Internal fixups for the module have been applied
+#>0x10 ulelong &0x00000010 \b, int. fixup
+# OSF_EXTERNAL_FIXUPS_DONE=00000020h ~External fixups for the module have been applied
+#>0x10 ulelong &0x00000020 \b, ext. fixup
+# OSF_NOT_PM_COMPATIBLE=00000100h ~Incompatible with PM windowing
+#>0x10 ulelong&0x00000100 =0x00000100 \b, incompatible with PM windowing
+# OSF_PM_COMPATIBLE=00000200h ~Compatible with PM windowing
+#>0x10 ulelong&0x00000200 =0x00000200 \b, compatible with PM windowing
+# bit 17; device driver
+#>0x10 ulelong&0x00020000 >0 \b, device driver
+# Per-process Library Termination; setting this bit for EXE file is invalid
+#>0x10 ulelong&0x40000000 =0x40000000 \b, per-process library termination
+>0x0a leshort 1 for OS/2
+# no example found
+>0x0a leshort 3 for DOS
+# http://www.ctyme.com/intr/rb-2939.htm#Table1610
+# library by module type mask 00038000h (bits 15-17);
+# 0h ~executable Program module
+>0x10 ulelong&0x00038000 =0x00000000 (program)
+#!:ext exe
+# OSF_IS_DLL=8000h ~Library module (DLL)
+>0x10 ulelong&0x00038000 >0x00000000
+# OSF_PHYS_DEVICE=00020000h ~device driver
+>>0x10 ulelong&0x00020000 >0 (device driver)
+!:ext sys
+# if not device driver it is library (DLL)
+>>0x10 ulelong&0x00020000 =0 (library)
+!:ext dll
+# bits 8-10; OSF_PM_APP=300h in flags ~Uses PM windowing API; either it is GUI or console
+>0x10 ulelong&0x00000300 =0x00000300 (GUI)
+>0x10 ulelong&0x00000300 !0x00000300 (console)
+# CPU type
+>0x08 uleshort 1 i80286
+# all inspected examples
+>0x08 uleshort 2 i80386
+>0x08 uleshort 3 i80486
+>0x08 uleshort 4 i80586
+# 21h Intel "N11" or compatible
+# 40h MIPS Mark I ( R2000, R3000) or compatible
+# 41h MIPS Mark II ( R6000 ) or compatible
+# 42h MIPS Mark III ( R4000 ) or compatible
+
+# added by Joerg Jenderek of https://www.freedos.org/software/?prog=kc
+# and https://www.freedos.org/software/?prog=kpdos
+# for FreeDOS files like KEYBOARD.SYS, KEYBRD2.SYS, KEYBRD3.SYS, *.KBD
+0 string/b KCF FreeDOS KEYBoard Layout collection
+# only version=0x100 found
+>3 uleshort x \b, version %#x
+# length of string containing author,info and special characters
+>6 ubyte >0
+#>>6 pstring x \b, name=%s
+>>7 string >\0 \b, author=%-.14s
+>>7 search/254 \xff \b, info=
+#>>>&0 string x \b%-s
+>>>&0 string x \b%-.15s
+# for FreeDOS *.KL files
+0 string/b KLF FreeDOS KEYBoard Layout file
+# only version=0x100 or 0x101 found
+>3 uleshort x \b, version %#x
+# stringlength
+>5 ubyte >0
+>>8 string x \b, name=%-.2s
+0 string \xffKEYB\ \ \ \0\0\0\0
+>12 string \0\0\0\0`\004\360 MS-DOS KEYBoard Layout file
+
+# DOS device driver updated by Joerg Jenderek at May 2011,Mar 2017,Aug 2020,Mar 2023
+# URL: http://fileformats.archiveteam.org/wiki/DOS_device_driver
+# Reference: http://www.delorie.com/djgpp/doc/rbinter/it/46/16.html
+# http://www.o3one.org/hwdocs/bios_doc/dosref22.html
+0 ulequad&0x07a0ffffffff 0xffffffff
+# skip OS/2 INI ./os2
+>4 ubelong !0x14000000
+#>>10 ubequad x MAYBE_DRIVER_NAME=%16.16llx
+# https://bugs.astron.com/view.php?id=434
+# skip OOXML document fragment 0000.dat where driver name is "empty" instead of "ASCII like"
+>>10 ubequad !0
+>>>0 use msdos-driver
+0 name msdos-driver DOS executable (
+#!:mime application/octet-stream
+!:mime application/x-dosdriver
+# also found FreeDOS print driver SPOOL.DEV and disc compression driver STACLOAD.BIN
+# and IBM Token-Ring adapter IBMTOK.DOS. Why and when DOS instead SYS is used?
+# PROTMAN.DOS ELNKPL.DOS
+!:ext sys/dev/bin/dos
+# 1 space char after "UPX compressed" to get phrase like "UPX compressed character device"
+>40 search/7 UPX! \bUPX compressed
+# DOS device driver attributes
+>4 uleshort&0x8000 0x0000 \bblock device driver
+# character device
+>4 uleshort&0x8000 0x8000 \b
+# 1 space char after "clock" to get phrase like "clock character device driver CLOCK$"
+>>4 uleshort&0x0008 0x0008 \bclock
+# fast video output by int 29h
+# 1 space char after "fast" to get phrase like "fast standard input/output character device driver"
+>>4 uleshort&0x0010 0x0010 \bfast
+# standard input/output device
+# 1 space char after "standard" to get phrase like "standard input/output character device driver"
+>>4 uleshort&0x0003 >0 \bstandard
+>>>4 uleshort&0x0001 0x0001 \binput
+>>>4 uleshort&0x0003 0x0003 \b/
+# 1 space char after "output" to get phrase like "input/output character device driver"
+>>>4 uleshort&0x0002 0x0002 \boutput
+>>4 uleshort&0x8000 0x8000 \bcharacter device driver
+>0 ubyte x
+# upx compressed device driver has garbage instead of real in name field of header
+>>40 search/7 UPX!
+>>40 default x
+# leading/trailing nulls, zeros or non ASCII characters in 8-byte name field at offset 10 are skipped
+# 1 space char before device driver name to get phrase like "device driver PROTMAN$" "device driver HP-150II" "device driver PC$MOUSE"
+>>>12 ubyte >0x23 \b
+>>>>10 ubyte >0x20
+>>>>>10 ubyte !0x2E
+>>>>>>10 ubyte !0x2A \b%c
+>>>>11 ubyte >0x20
+>>>>>11 ubyte !0x2E \b%c
+>>>>12 ubyte >0x20
+>>>>>12 ubyte !0x39
+>>>>>>12 ubyte !0x2E \b%c
+>>>13 ubyte >0x20
+>>>>13 ubyte !0x2E \b%c
+>>>>14 ubyte >0x20
+>>>>>14 ubyte !0x2E \b%c
+>>>>15 ubyte >0x20
+>>>>>15 ubyte !0x2E \b%c
+>>>>16 ubyte >0x20
+>>>>>16 ubyte !0x2E
+>>>>>>16 ubyte <0xCB \b%c
+>>>>17 ubyte >0x20
+>>>>>17 ubyte !0x2E
+>>>>>>17 ubyte <0x90 \b%c
+# some character device drivers like ASPICD.SYS, btcdrom.sys and Cr_atapi.sys contain only spaces or points in name field
+>>>12 ubyte <0x2F
+# they have their real name at offset 22
+# also block device drivers like DUMBDRV.SYS
+>>>>22 string >\056 %-.6s
+>4 uleshort&0x8000 0x0000
+# 32 bit sector addressing ( > 32 MB) for block devices
+>>4 uleshort&0x0002 0x0002 \b,32-bit sector-
+# support by driver functions 13h, 17h, 18h
+>4 uleshort&0x0040 0x0040 \b,IOCTL-
+# open, close, removable media support by driver functions 0Dh, 0Eh, 0Fh
+>4 uleshort&0x0800 0x0800 \b,close media-
+# output until busy support by int 10h for character device driver
+>4 uleshort&0x8000 0x8000
+>>4 uleshort&0x2000 0x2000 \b,until busy-
+# direct read/write support by driver functions 03h,0Ch
+>4 uleshort&0x4000 0x4000 \b,control strings-
+>4 uleshort&0x8000 0x8000
+>>4 uleshort&0x6840 >0 \bsupport
+>4 uleshort&0x8000 0x0000
+>>4 uleshort&0x4842 >0 \bsupport
+>0 ubyte x \b)
+>0 ulelong !0xffffffff with pointer %#x
+# DOS driver cmd640x.sys has 0x12 instead of 0xffffffff for pointer field to next device header
+0 ulequad 0x0513c00000000012
+>0 use msdos-driver
+# DOS drivers DC2975.SYS, DUMBDRV.SYS, ECHO.SYS has also none 0xffffffff for pointer field
+0 ulequad 0x32f28000ffff0016
+>0 use msdos-driver
+0 ulequad 0x007f00000000ffff
+>0 use msdos-driver
+# https://www.uwe-sieber.de/files/cfg_echo.zip
+0 ulequad 0x001600000000ffff
+>0 use msdos-driver
+# DOS drivers LS120.SYS, MKELS120.SYS use reserved bits of attribute field
+0 ulequad 0x0bf708c2ffffffff
+>0 use msdos-driver
+0 ulequad 0x07bd08c2ffffffff
+>0 use msdos-driver
+# 3Com EtherLink 3C501 CID\SERVER\IBMLS\IBM500D1\DLSNETDR.ZIP\ELNK.DOS
+0 ulequad 0x027ac0c0ffffffff
+>0 use msdos-driver
+# IBM Streamer CID\SERVER\IBMLS\IBM500D1\DLSNETDR.ZIP\IBMMPC.DOS
+0 ulequad 0x00228880ffffffff
+>0 use msdos-driver
+
+# updated by Joerg Jenderek
+# GRR: line below too general as it catches also
+# rt.lib DYADISKS.PIC and many more
+# start with assembler instruction MOV
+0 ubyte 0x8c
+# skip "AppleWorks word processor data" like ARTICLE.1 ./apple
+>4 string !O====
+# skip some unknown basic binaries like RocketRnger.SHR
+>>5 string !MAIN
+# skip "GPG symmetrically encrypted data" ./gnu
+# skip "PGP symmetric key encrypted data" ./pgp
+# openpgpdefs.h: fourth byte < 14 indicate cipher algorithm type
+>>>4 ubyte >13
+>>>>0 use msdos-com
+# the remaining files should be DOS *.COM executables
+# dosshell.COM 8cc0 2ea35f07 e85211 e88a11 b80058 cd
+# hmload.COM 8cc8 8ec0 bbc02b 89dc 83c30f c1eb04 b4
+# UNDELETE.COM 8cca 2e8916 6503 b430 cd21 8b 2e0200 8b
+# BOOTFIX.COM 8cca 2e8916 9603 b430 cd21 8b 2e0200 8b
+# RAWRITE3.COM 8cca 2e8916 d602 b430 cd21 8b 2e0200 8b
+# SHARE.COM 8cca 2e8916 d602 b430 cd21 8b 2e0200 8b
+# validchr.COM 8cca 2e8916 9603 b430 cd21 8b 2e028b1e
+# devload.COM 8cca 8916ad01 b430 cd21 8b2e0200 892e
+
+0 name msdos-com
+# URL: http://fileformats.archiveteam.org/wiki/DOS_executable_(.com)
+>0 byte x DOS executable (
+# DOS executable with JuMP 16-bit instruction
+>0 byte =0xE9
+# check for probably nil padding til offset 64 of Lotus driver name
+>>56 quad =0
+# check for "long" alphabetic Lotus driver name like:
+# Diablo "COMPAQ Text Display" "IBM Monochrome Display" "Plantronics ColorPlus"
+>>>24 regex =^[A-Z][A-Za-z\040]{5,21} \bLotus driver) %s
+!:mime application/x-dosexec
+# like: CPQ0TD.DRV IBM0MONO.DRV (Lotus 123 10a) SDIAB4.DRV SPL0CPLS.DRV (Lotus Symphony 2)
+!:ext drv
+# COM with nils like MODE.COM IBMDOS.COM (pcdos 3.31 ru Compaq) RSSTUB.COM (PC-DOS 2000 de) ACCESS.COM (Lotus Symphony 1)
+>>>24 default x \bCOM)
+!:mime application/x-dosexec
+!:ext com
+# DOS executable with JuMP 16-bit and without nil padding
+>>56 quad !0
+# https://wiki.syslinux.org/wiki/index.php?title=Doc/comboot
+# TODO: HOWTO distinguish COMboot from pure DOS executables?
+# look for unreliable Syslinux specific api call INTerrupt 22h for 16-bit COMBOOT program
+>>>1 search/0xc088 \xcd\x22 \bCOM or COMBOOT 16-bit)
+!:mime application/x-dosexec
+# like: sbm.cbt command.com (Windows XP) UNI2ASCI.COM (FreeDOS 1.2)
+!:ext com/cbt
+>>>1 default x \bCOM)
+!:mime application/x-dosexec
+!:ext com
+# DOS executable without JuMP 16-bit instruction
+>0 byte !0xE9
+# SCREATE.SYS https://en.wikipedia.org/wiki/Stac_Electronics
+>>10 string =?STACVOL \bSCREATE.SYS)
+!:mime application/x-dosexec
+!:ext sys
+# COM executable without JuMP 16-bit instruction and not SCREATE.SYS
+>>10 string !?STACVOL \bCOM)
+!:mime application/x-dosexec
+!:ext com
+>6 string SFX\ of\ LHarc \b, %s
+>0x1FE leshort 0xAA55 \b, boot code
+>85 string UPX \b, UPX compressed
+>4 string \ $ARX \b, ARX self-extracting archive
+>4 string \ $LHarc \b, LHarc self-extracting archive
+>0x20e string SFX\ by\ LARC \b, LARC self-extracting archive
+# like: E30ODI.COM MADGEODI.COM UNI2ASCI.COM RECOVER.COM (DOS 2) COMMAND.COM (DOS 2)
+>1 search/0xc088 \xcd\x22 \b, maybe with interrupt 22h
+>0 ubelong x \b, start instruction %#8.8x
+# show more instructions but not in samples like: rem.com (DJGPP)
+>4 ubelong x %8.8x
+
+# JMP 8bit
+0 byte 0xeb
+# byte 0xeb conflicts with magic leshort 0xn2eb of "SYMMETRY i386" handled by ./sequent
+# allow forward jumps only
+>1 byte >-1
+# that offset must be accessible
+# with hexadecimal values like: 0e 2e 50 8c 8d ba bc bd be e8 fb fc
+>>(1.b+2) byte x
+# if look like COM executable with x86 boot signature then this
+# implies FAT volume with x86 real mode code already handled by ./filesystems
+#
+# No x86 boot signature implies often DOS executable
+# check for unrealistic high number of FATs. Then it is an unusual disk image or often a DOS executable
+# like: FIXBIOS.COM (50 bytes)
+>>>16 ubyte >3
+# https://www.drivedroid.io/
+# skip MBR disk image drivedroid.img version 12 July 2013 by start message
+>>>>2 string !DriveDroid
+# ftp://old-dos.ru/OSCollect/OS/MS-DOS/Final Releases/
+# skip unusual floppy image disk1.img of MS-DOS 1.25 (Corona Data Systems OEM)
+# by check for characteristic message text near the beginning
+>>>>>15 string !Non\040System\040disk
+# "ftp://old-dos.ru/OSCollect/OS/BeOS/BeOS 4.0.rar"
+# skip BeOS 4 bootfloppy.img done as "Linux kernel x86 boot executable" by ./linux
+# by check for characteristic message text near the beginning
+>>>>>>6 string !read\040error\015
+# https://github.com/ventoy/Ventoy/releases/download/v1.0.78/ventoy-1.0.78-windows.zip
+# skip ventoy 1.0.78 boot_hybrid.img
+>>>>>>>24 string !\220\220\353I$\022\017
+# "ftp://old-dos.ru/OSCollect/OS/MS-DOS/Final Releases/PC-DOS 1.0 (5.25).rar"
+# skip unusual floppy image PCDOS100.IMG of DOS 1.0
+# by check for characteristic message text near the beginning
+>>>>>>>>9 string !7-May-81
+# "ftp://old-dos.ru/OSCollect/OS/BeOS/BeOS 5.0 Personal (BA).rar"
+# skip BeOS 5 floppy_1.44.00.ima done as "DOS/MBR boot sector" by ./filesystems
+# by check for characteristic message near the beginning
+>>>>>>>>>3 string !\370sdfS\270
+# like: FIXBIOS.COM (50 bytes)
+>>>>>>>>>>0 use msdos-com
+# check for unrealistic low number of FATs. Then it is an unusual FAT disk image or often a DOS executable
+# like: DEVICE.COM INSTALL.COM (GAG 4.10) WORD.COM (Word 1.15)
+>>>16 ubyte =0
+# if low FATs with x86 boot signature it can be unusual disk image like: boot.img (Ventoy 1.0.27) geodspms.img (Syslinux)
+>>>>0x1FE leshort =0xAA55
+>>>>0x1FE default x
+# https://thestarman.pcministry.com/tool/hxd/dimtut.htm
+# skip unusual floppy image TK-DOS11.img IBMDOS11.img of IBM DOS 1.10
+# by check for characteristic bootloader names near end of boot sector
+>>>>>395 string !ibmbio\040\040com
+>>>>>>0 use msdos-com
+# 8-bit jump with valid number of FAT implies FAT volume already handled by ./filesystems
+# like: balder.img
+>>>16 default x
+# skip disk images with boot signature at end of 1st sector
+# like: TDSK-64b.img
+>>>>(11.s-2) uleshort !0xAA55
+# skip unusual floppy image without boot signature like 360k-256.img (mtools 4.0.18)
+# by check for characteristic file system type text for FAT (12 bit or 16 bit)
+>>>>>54 string !FAT
+# "ftp://old-dos.ru/OSCollect/OS/MS-DOS/Final Releases/Microsoft MS-DOS 3.31 (Compaq OEM) (3.5).rar"
+# skip unusual floppy image Disk4.img without boot signature and file system type text
+# by check for characteristic OEM-ID text
+>>>>>>3 string !COMPAQ\040\040
+# no such DOS COM executables found
+>>>>>>>0 use msdos-com
+# JMP 16bit
+0 byte 0xe9
+# 16-bit offset; for DEBUGGING!; can be negative like: USBDRIVE.COM
+#>1 leshort x \b, OFFSET %d
+# forward jumps
+>1 leshort >-1
+# that offset must be accessible
+# with hexadecimal values like: 06 1e 0e 2e 60 8c 8d b4 ba be e8 fc
+>>(1.s+3) byte x
+# check for unrealistic high number of FATs. Then it is not a disk image and it is a DOS executable
+# like: CALLVER.COM CPUCACHE.COM K437_EUR.COM SHSUCDX.COM UMBFILL.COM (183 bytes)
+>>>16 ubyte >3
+>>>>0 use msdos-com
+# check for unrealistic low number of FATs. Then it is not a disk image and it is a DOS executable
+# like: GAG.COM DRMOUSE.COM NDN.COM CPQ0TD.DRV
+>>>16 ubyte =0
+>>>>0 use msdos-com
+# maybe disc image with valid number of FATs or DOS executable
+# like: IPXODI.COM PERUSE.COM TASKID.COM
+>>>16 default x
+# invalid low media descriptor. Then it is not a disk image and it is a DOS executable
+>>>>21 ubyte <0xE5
+>>>>>0 use msdos-com
+# valid media descriptor. Then it is maybe disk image or DOS executable
+>>>>21 ubyte >0xE4
+# invalid sectorsize not a power of 2 from 32-32768. Then it is not a disk image and it must be DOS executable
+# like: LEARN.COM (Word 1.15)
+>>>>>11 uleshort&0x001f !0
+>>>>>>0 use msdos-com
+# negative offset, must not lead into PSP
+# like: BASICA.COM (PC dos 3.20) FORMAT.COM SMC8100.COM WORD.COM (word4)
+# HIDSUPT1.COM USBDRIVE.COM USBSUPT1.COM USBUHCI.COM (FreeDOS USBDOS)
+>1 leshort <-259
+# that offset must be accessible
+# add 10000h to jump at end of 64 KiB segment, add 1 for jump instruction and 2 for 16-bit offset
+>>(1,s+65539) byte x
+# after jump next instruction for DEBUGGING!
+#>>>&-1 ubelong x \b, NEXT instruction %#8.8x
+>>>0 use msdos-com
+
+# updated by Joerg Jenderek at Oct 2008,2015,2022
+# following line is too general
+0 ubyte 0xb8
+# skip 2 linux kernels like memtest.bin with "\xb8\xc0\x07\x8e" in ./linux
+>0 string !\xb8\xc0\x07\x8e
+# modified by Joerg Jenderek
+# syslinux COM32 or COM32R executable
+>>1 lelong&0xFFFFFFFe 0x21CD4CFe COM executable (32-bit COMBOOT
+# https://www.syslinux.org/wiki/index.php/Comboot_API
+# Since version 5.00 c32 modules switched from the COM32 object format to ELF
+!:mime application/x-c32-comboot-syslinux-exec
+!:ext c32
+# https://syslinux.zytor.com/comboot.php
+# older syslinux version ( <4 )
+# (32-bit COMBOOT) programs *.C32 contain 32-bit code and run in flat-memory 32-bit protected mode
+# start with assembler instructions mov eax,21cd4cffh
+>>>1 lelong 0x21CD4CFf \b)
+# syslinux:doc/comboot.txt
+# A COM32R program must start with the byte sequence B8 FE 4C CD 21 (mov
+# eax,21cd4cfeh) as a magic number.
+# syslinux version (4.x)
+# "COM executable (COM32R)" or "Syslinux COM32 module" by TrID
+>>>1 lelong 0x21CD4CFe \b, relocatable)
+>>1 default x
+# look for interrupt instruction like in rem.com (DJGPP) LOADER.COM (DR-DOS 7.x)
+>>>3 search/118 \xCD
+# FOR DEBUGGING; possible hexadecimal interrupt number like: 10~BANNER.COM 13~bcdw_cl.com 15~poweroff.com (Syslinux)
+# 1A~BERNDPCI.COM 20~SETENHKB.COM 21~mostly 22~gfxboot.com (Syslinux) 2F~SHUTDOWN.COM (GEMSYS)
+#>>>>&0 ubyte x \b, INTERUPT %#x
+# few examples with interrupt 0x13 instruction
+>>>>&0 ubyte =0x13
+# FOR DEBUGGING!
+#>>>>>3 ubequad x \b, 2nd INSTRUCTION %#16.16llx
+# skip Gpt.com Mbr.com (edk2-UDK2018 bootsector) described as "DOS/MBR boot sector" by ./filesystems
+# by check for assembler instructions: mov es,ax ; mov ax,07c0h ; mov ds,ax
+>>>>>3 ubequad !0x8ec0b8c0078ed88d
+# few COM executables with interrupt 0x13 instruction like: Bootable CD Wizard executables bcdw_cl.com fdemuoff.com
+# http://bootcd.narod.ru/bcdw150z_en.zip
+>>>>>>0 use msdos-com
+# few examples with interrupt 0x16 instruction like flashimg.img
+>>>>&0 ubyte =0x16
+# skip Syslinux 3.71 flashimg.img done as "DOS/MBR boot sector" by ./filesystems
+# by check for assembler instructions: cmp ax 0xE4E4 (magic); jnz
+>>>>>8 ubelong !0x3DE4E475
+# no DOS executable with interrupt 0x16 found
+>>>>>>0 use msdos-com
+# most examples with interrupt instruction unequal 0x13 and 0x16
+>>>>&0 default x
+#>>>>>&-1 ubyte x \b, INTERUPT %#x
+# like: LOADER.COM SETENHKB.COM banner.com copybs.com gif2raw.com poweroff.com rem.com
+>>>>>0 use msdos-com
+# few COM executables without interrupt instruction like RESTART.COM (DOS 7.10) REBOOT.COM
+# or some EUC-KR text files or one Ulead Imaginfo thumbnail
+>>>3 default x
+# FOR DEBUGGING; 2nd instruction like 0x50 (RESTART.COM) 0x8e (REBOOT.COM)
+# or random like: 0x0 (IMAGINFO.PE3 sky_snow) 0xb1 (euckr_.txt)
+#>>>>3 ubyte x \b, 2nd INSTRUCTION %#x
+# skip 1 Ulead Imaginfo thumbnail (IMAGINFO.PE3 sky_snow)
+# inside SAMPLES/TEXTURES/SKY_SNOW
+# from https://archive.org/download/PI3CANON/PI3CANON.iso
+>>>>3 ubyte !0x0
+# skip some EUC-KR text files like: euckr_falsepositive.txt
+# https://bugs.astron.com/view.php?id=186
+>>>>>3 ubyte !0xb1
+# like: RESTART.COM (DOS 7.10) REBOOT.COM
+>>>>>>0 use msdos-com
+
+# URL: https://en.wikipedia.org/wiki/UPX
+# Reference: https://github.com/upx/upx/archive/v3.96.zip/upx-3.96/
+# src/stub/src/i086-dos16.com.S
+# Update: Joerg Jenderek
+# assembler instructions: cmp sp, offset sp_limit
+0 string/b \x81\xfc
+#>2 uleshort x \b, sp_limit=%#x
+# assembler instructions: jump above +2; int 0x20; mov cx, offset bytes_to_copy
+>4 string \x77\x02\xcd\x20\xb9
+#>9 uleshort x \b, [bytes_to_copy]=%#x
+# at different offsets assembler instructions: push di; jump decomp_start_n2b
+>0x1e search/3 \x57\xe9
+#>>&0 uleshort x \b, decomp_start_n2b=%#x
+# src/stub/src/include/header.S; UPX_MAGIC_LE32
+>>&2 string UPX! FREE-DOS executable (COM), UPX
+!:mime application/x-dosexec
+# UPX compressed *.CPI; See ./fonts
+>>>&21 string =FONT compressed DOS code page font
+!:ext cpx
+>>>&21 string !FONT compressed
+!:ext com
+# compressed size?
+#>>>&14 uleshort+152 x \b, %u bytes
+# uncompressed len
+>>>&12 uleshort x \b, uncompressed %u bytes
+252 string Must\ have\ DOS\ version DR-DOS executable (COM)
+!:mime application/x-dosexec
+!:ext com
+# GRR search is not working
+#2 search/28 \xcd\x21 COM executable for MS-DOS
+#WHICHFAT.cOM
+2 string \xcd\x21 COM executable for DOS
+!:mime application/x-dosexec
+!:ext com
+#DELTREE.cOM DELTREE2.cOM
+4 string \xcd\x21 COM executable for DOS
+!:mime application/x-dosexec
+!:ext com
+#IFMEMDSK.cOM ASSIGN.cOM COMP.cOM
+5 string \xcd\x21 COM executable for DOS
+!:mime application/x-dosexec
+!:ext com
+#DELTMP.COm HASFAT32.cOM
+7 string \xcd\x21
+>0 byte !0xb8 COM executable for DOS
+!:mime application/x-dosexec
+!:ext com
+#COMP.cOM MORE.COm
+10 string \xcd\x21
+>5 string !\xcd\x21 COM executable for DOS
+!:mime application/x-dosexec
+!:ext com
+#comecho.com
+13 string \xcd\x21 COM executable for DOS
+!:mime application/x-dosexec
+!:ext com
+#HELP.COm EDIT.coM
+18 string \xcd\x21
+# not printable before it?
+>17 byte >32
+>>17 byte <126
+>>17 default x COM executable for MS-DOS
+!:mime application/x-dosexec
+!:ext com
+#NWRPLTRM.COm
+23 string \xcd\x21 COM executable for MS-DOS
+!:mime application/x-dosexec
+!:ext com
+#LOADFIX.cOm LOADFIX.cOm
+30 string \xcd\x21 COM executable for MS-DOS
+!:mime application/x-dosexec
+!:ext com
+#syslinux.com 3.11
+70 string \xcd\x21 COM executable for DOS
+!:mime application/x-dosexec
+!:ext com
+# many compressed/converted COMs start with a copy loop instead of a jump
+0x6 search/0xa \xfc\x57\xf3\xa5\xc3 COM executable for MS-DOS
+!:mime application/x-dosexec
+!:ext com
+0x6 search/0xa \xfc\x57\xf3\xa4\xc3 COM executable for DOS
+!:mime application/x-dosexec
+!:ext com
+>0x18 search/0x10 \x50\xa4\xff\xd5\x73 \b, aPack compressed
+0x3c string W\ Collis\0\0 COM executable for MS-DOS, Compack compressed
+!:mime application/x-dosexec
+!:ext com
+# FIXME: missing diet .com compression
+
+# miscellaneous formats
+0 string/b LZ MS-DOS executable (built-in)
+#0 byte 0xf0 MS-DOS program library data
+#
+
+# AAF files:
+# <stuartc@rd.bbc.co.uk> Stuart Cunningham
+0 string/b \320\317\021\340\241\261\032\341AAFB\015\000OM\006\016\053\064\001\001\001\377 AAF legacy file using MS Structured Storage
+>30 byte 9 (512B sectors)
+>30 byte 12 (4kB sectors)
+0 string/b \320\317\021\340\241\261\032\341\001\002\001\015\000\002\000\000\006\016\053\064\003\002\001\001 AAF file using MS Structured Storage
+>30 byte 9 (512B sectors)
+>30 byte 12 (4kB sectors)
+
+# Popular applications
+#
+# Update: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/DOC
+# Reference: https://web.archive.org/web/20170206041048/
+# http://www.msxnet.org/word2rtf/formats/ffh-dosword5
+# wIdent+dty
+0 belong 0x31be0000
+# skip droid skeleton like x-fmt-274-signature-id-488.doc
+>128 ubyte >0 Microsoft
+>>96 uleshort =0 Word
+!:mime application/msword
+!:apple MSWDWDBN
+# DCX is used in the Unix version.
+!:ext doc/dcx
+>>>0x6E ulequad =0 1.0-4.0
+>>>0x6E ulequad !0 5.0-6.0
+>>>0x6E ulequad x (DOS) Document
+# https://web.archive.org/web/20130831064118/http://msxnet.org/word2rtf/formats/write.txt
+>>96 uleshort !0 Write 3.0 (Windows) Document
+!:mime application/x-mswrite
+!:apple MSWDWDBN
+# sometimes also doc like in splitter.doc srchtest.doc
+!:ext wri/doc
+# wTool must be 0125400 octal
+#>>4 uleshort !0xAB00 \b, wTool %o
+# reserved; must be zero
+#>>6 ulelong !0 \b, reserved %u
+# block pointer to the block containing optional file manager information
+#>>0x1C uleshort x \b, at %#x info block
+# jump to File manager information block
+>>(0x1C.s*128) uleshort x
+# test for valid information start; maybe also 0012h
+>>>&-2 uleshort =0x0014
+# Document ASCIIZ name
+>>>>&0x12 string x %s
+# author name
+>>>>>&1 string x \b, author %s
+# reviser name
+>>>>>>&1 string x \b, reviser %s
+# keywords
+>>>>>>>&1 string x \b, keywords %s
+# comment
+>>>>>>>>&1 string x \b, comment %s
+# version number
+>>>>>>>>>&1 string x \b, version %s
+# date of last change MM/DD/YY
+>>>>>>>>>>&1 string x \b, %-.8s
+# creation date MM/DD/YY
+>>>>>>>>>>&9 string x created %-.8s
+# file name of print format like NORMAL.STY
+>>0x1E string >0 \b, formatted by %-.66s
+# count of pages in whole file for write variant; maybe some times wrong
+>>96 uleshort >0 \b, %u pages
+# name of the printer driver like HPLASMS
+>>0x62 string >0 \b, %-.8s printer
+# number of blocks used in the file; seems to be 0 for Word 4.0 and Write 3.0
+>>0x6A uleshort >0 \b, %u blocks
+# bit field for corrected text areas
+#>>0x6C uleshort x \b, %#x bit field
+# text of document; some times start with 4 non printable characters like CR LF
+>>128 ubyte x \b,
+>>>128 ubyte >0x1F
+>>>>128 string x %s
+>>>128 ubyte <0x20
+>>>>129 ubyte >0x1F
+>>>>>129 string x %s
+>>>>129 ubyte <0x20
+>>>>>130 ubyte >0x1F
+>>>>>>130 string x %s
+>>>>>130 ubyte <0x20
+>>>>>>131 ubyte >0x1F
+>>>>>>>131 string x %s
+>>>>>>131 ubyte <0x20
+>>>>>>>132 ubyte >0x1F
+>>>>>>>>132 string x %s
+>>>>>>>132 ubyte <0x20
+>>>>>>>>133 ubyte >0x1F
+>>>>>>>>>133 string x %s
+#
+0 string/b PO^Q` Microsoft Word 6.0 Document
+!:mime application/msword
+#
+4 long 0
+>0 belong 0xfe320000 Microsoft Word for Macintosh 1.0
+!:mime application/msword
+!:ext mcw
+>0 belong 0xfe340000 Microsoft Word for Macintosh 3.0
+!:mime application/msword
+!:ext mcw
+>0 belong 0xfe37001c Microsoft Word for Macintosh 4.0
+!:mime application/msword
+!:ext mcw
+>0 belong 0xfe370023 Microsoft Word for Macintosh 5.0
+!:mime application/msword
+!:ext mcw
+
+0 string/b \333\245-\0\0\0 Microsoft Word 2.0 Document
+!:mime application/msword
+!:ext doc
+# Note: seems already recognized as "OLE 2 Compound Document" in ./ole2compounddocs
+#512 string/b \354\245\301 Microsoft Word Document
+#!:mime application/msword
+
+#
+0 string/b \xDB\xA5\x2D\x00 Microsoft WinWord 2.0 Document
+!:mime application/msword
+#
+0 string/b \xDB\xA5\x2D\x00 Microsoft WinWord 2.0 Document
+!:mime application/msword
+
+#
+0 string/b \x09\x04\x06\x00\x00\x00\x10\x00 Microsoft Excel Worksheet
+!:mime application/vnd.ms-excel
+# https://www.macdisk.com/macsigen.php
+!:apple XCELXLS4
+!:ext xls
+#
+# Update: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/Lotus_1-2-3
+# Reference: http://www.aboutvb.de/bas/formate/pdf/wk3.pdf
+# Note: newer Lotus versions >2 use longer BOF record
+# record type (BeginningOfFile=0000h) + length (001Ah)
+0 belong 0x00001a00
+# reserved should be 0h but 8c0dh for TUTMAC.WK3, 5h for SAMPADNS.WK3, 1h for a_readme.wk3, 1eh for K&G86.WK3
+#>18 uleshort&0x73E0 0
+# Lotus Multi Byte Character Set (LMBCS=1-31)
+>20 ubyte >0
+>>20 ubyte <32 Lotus 1-2-3
+#!:mime application/x-123
+!:mime application/vnd.lotus-1-2-3
+!:apple ????L123
+# (version 5.26) labeled the entry as "Lotus 1-2-3 wk3 document data"
+>>>4 uleshort 0x1000 WorKsheet, version 3
+!:ext wk3
+# (version 5.26) labeled the entry as "Lotus 1-2-3 wk4 document data"
+>>>4 uleshort 0x1002 WorKsheet, version 4
+# also worksheet template 4 (.wt4)
+!:ext wk4/wt4
+# no example or documentation for wk5
+#>>4 uleshort 0x???? WorKsheet, version 4
+#!:ext wk5
+# only MacrotoScript.123 example
+>>>4 uleshort 0x1003 WorKsheet, version 97
+# also worksheet template Smartmaster (.12M)?
+!:ext 123
+# only Set_Y2K.123 example
+>>>4 uleshort 0x1005 WorKsheet, version 9.8 Millennium
+!:ext 123
+# no example for this version
+>>>4 uleshort 0x8001 FoRMatting data
+!:ext frm
+# (version 5.26) labeled the entry as "Lotus 1-2-3 fm3 or fmb document data"
+# TrID labeles the entry as "Formatting Data for Lotus 1-2-3 worksheet"
+>>>4 uleshort 0x8007 ForMatting data, version 3
+!:ext fm3
+>>>4 default x unknown
+# file revision sub code 0004h for worksheets
+>>>>6 uleshort =0x0004 worksheet
+!:ext wXX
+>>>>6 uleshort !0x0004 formatting data
+!:ext fXX
+# main revision number
+>>>>4 uleshort x \b, revision %#x
+>>>6 uleshort =0x0004 \b, cell range
+# active cellcoord range (start row, page,column ; end row, page, column)
+# start values normally 0~1st sheet A1
+>>>>8 ulelong !0
+>>>>>10 ubyte >0 \b%d*
+>>>>>8 uleshort x \b%d,
+>>>>>11 ubyte x \b%d-
+# end page mostly 0
+>>>>14 ubyte >0 \b%d*
+# end raw, column normally not 0
+>>>>12 uleshort x \b%d,
+>>>>15 ubyte x \b%d
+# Lotus Multi Byte Character Set (1~cp850,2~cp851,...,16~japan,...,31~??)
+>>>>20 ubyte >1 \b, character set %#x
+# flags
+>>>>21 ubyte x \b, flags %#x
+>>>6 uleshort !0x0004
+# record type (FONTNAME=00AEh)
+>>>>30 search/29 \0\xAE
+# variable length m (2) + entries (1) + ?? (1) + LCMBS string (n)
+>>>>>&4 string >\0 \b, 1st font "%s"
+#
+# Update: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/Lotus_1-2-3
+# Reference: http://www.schnarff.com/file-formats/lotus-1-2-3/WSFF2.TXT
+# Note: Used by both old Lotus 1-2-3 and Lotus Symphony (DOS) til version 2.x
+# record type (BeginningOfFile=0000h) + length (0002h)
+0 belong 0x00000200
+# GRR: line above is too general as it catches also MS Windows CURsor
+# to display MS Windows cursor (strength=70) before Lotus 1-2-3 (strength=70-1)
+!:strength -1
+# skip Windows cursors with image height <256 and keep Lotus with low opcode 0001-0083h
+>7 ubyte 0
+# skip Windows cursors with image width 256 and keep Lotus with positive opcode
+>>6 ubyte >0 Lotus
+# !:mime application/x-123
+!:mime application/vnd.lotus-1-2-3
+!:apple ????L123
+# revision number (0404h = 123 1A, 0405h = Lotus Symphony , 0406h = 123 2.x wk1 , 8006h = fmt , ...)
+# undocumented; (version 5.26) labeled the configurations as "Lotus 1-2-3"
+>>>4 uleshort 0x0007 1-2-3 CoNFiguration, version 2.x (PGRAPH.CNF)
+!:ext cnf
+>>>4 uleshort 0x0C05 1-2-3 CoNFiguration, version 2.4J
+!:ext cnf
+>>>4 uleshort 0x0801 1-2-3 CoNFiguration, version 1-2.1
+!:ext cnf
+>>>4 uleshort 0x0802 Symphony CoNFiguration
+!:ext cnf
+>>>4 uleshort 0x0804 1-2-3 CoNFiguration, version 2.2
+!:ext cnf
+>>>4 uleshort 0x080A 1-2-3 CoNFiguration, version 2.3-2.4
+!:ext cnf
+>>>4 uleshort 0x1402 1-2-3 CoNFiguration, version 3.x
+!:ext cnf
+>>>4 uleshort 0x1450 1-2-3 CoNFiguration, version 4.x
+!:ext cnf
+# (version 5.26) labeled the entry as "Lotus 123"
+# TrID labeles the entry as "Lotus 123 Worksheet (generic)"
+>>>4 uleshort 0x0404 1-2-3 WorKSheet, version 1
+# extension "wks" also for Microsoft Works document
+!:ext wks
+# (version 5.26) labeled the entry as "Lotus 123"
+# TrID labeles the entry as "Lotus 123 Worksheet (generic)"
+>>>4 uleshort 0x0405 Symphony WoRksheet, version 1.0
+!:ext wrk/wr1
+# (version 5.26) labeled the entry as "Lotus 1-2-3 wk1 document data"
+# TrID labeles the entry as "Lotus 123 Worksheet (V2)"
+>>>4 uleshort 0x0406 1-2-3/Symphony worksheet, version 2
+# Symphony (.wr1)
+!:ext wk1/wr1
+# no example for this japan version
+>>>4 uleshort 0x0600 1-2-3 WorKsheet, version 1.xJ
+!:ext wj1
+# no example or documentation for wk2
+#>>>4 uleshort 0x???? 1-2-3 WorKsheet, version 2
+#!:ext wk2
+# undocumented japan version
+>>>4 uleshort 0x0602 1-2-3 worksheet, version 2.4J
+!:ext wj3
+# (version 5.26) labeled the entry as "Lotus 1-2-3 fmt document data"
+>>>4 uleshort 0x8006 1-2-3 ForMaTting data, version 2.x
+# japan version 2.4J (fj3)
+!:ext fmt/fj3
+# no example for this version
+>>>4 uleshort 0x8007 1-2-3 FoRMatting data, version 2.0
+!:ext frm
+# (version 5.26) labeled the entry as "Lotus 1-2-3"
+>>>4 default x unknown worksheet or configuration
+!:ext cnf
+>>>>4 uleshort x \b, revision %#x
+# 2nd record for most worksheets describes cells range
+>>>6 use lotus-cells
+# 3rd record for most japan worksheets describes cells range
+>>>(8.s+10) use lotus-cells
+# check and then display Lotus worksheet cells range
+0 name lotus-cells
+# look for type (RANGE=0006h) + length (0008h) at record begin
+>0 ubelong 0x06000800 \b, cell range
+# cell range (start column, row, end column, row) start values normally 0,0~A1 cell
+>>4 ulong !0
+>>>4 uleshort x \b%d,
+>>>6 uleshort x \b%d-
+# end of cell range
+>>8 uleshort x \b%d,
+>>10 uleshort x \b%d
+# EndOfLotus123
+0 string/b WordPro\0 Lotus WordPro
+!:mime application/vnd.lotus-wordpro
+0 string/b WordPro\r\373 Lotus WordPro
+!:mime application/vnd.lotus-wordpro
+
+
+# Summary: Script used by InstallScield to uninstall applications
+# Extension: .isu
+# Submitted by: unknown
+# Modified by (1): Abel Cheung <abelcheung@gmail.com> (replace useless entry)
+0 string \x71\xa8\x00\x00\x01\x02
+>12 string Stirling\ Technologies, InstallShield Uninstall Script
+
+# Winamp .avs
+#0 string Nullsoft\ AVS\ Preset\ \060\056\061\032 A plug in for Winamp ms-windows Freeware media player
+0 string/b Nullsoft\ AVS\ Preset\ Winamp plug in
+
+# Windows Metafile .WMF
+# URL: http://fileformats.archiveteam.org/wiki/Windows_Metafile
+# http://en.wikipedia.org/wiki/Windows_Metafile
+# Reference: https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-WMF/%5bMS-WMF%5d.pdf
+# http://mark0.net/download/triddefs_xml.7z/defs/w/wmf.trid.xml
+# Note: called "Windows Metafile" by TrID and
+# verified by ImageMagick `identify -verbose *.wmf` as WMF (Windows Meta File)
+# META_PLACEABLE Record (Aldus Placeable Metafile signature)
+0 string/b \327\315\306\232
+# Note: called "Windows Metafile Image with Placeable File Header" by DROID via PUID x-fmt/119
+# and verified by XnView `nconvert -info abydos.wmf SPA_FLAG.wmf hardcopy-windows-meta.wmf` as "Windows Placeable metafile"
+# skip failed libreoffice-7.3.2.2 ofz35149-1.wmf with invalid version 2020h and exttextout-2.wmf with invalid version 3a02h
+# and x-fmt-119-signature-id-609.wmf without version instead of 0100h=METAVERSION100 or 0300h=METAVERSION300
+>26 uleshort&0xFDff =0x0100 Windows metafile
+# HWmf; resource handle to the metafile; When the metafile is on disk, this field MUST contain 0
+# seems to be always true but in failed samples 2020h ofz35149-1.wmf 56f8h exttextout-2.wmf
+>>4 uleshort !0 \b, resource handle %#x
+# BoundingBox; the rectangle in the playback context measured in logical units for displaying
+# sometimes useful like: hardcopy-windows-meta.wmf (0,0 / 1280,1024)
+# but garbage in x-fmt-119-signature-id-609.wmf (-21589,-21589 / -21589,-21589)
+#>>6 ubequad x \b, bounding box %#16.16llx
+# Left; x-coordinate of the upper-left corner of the rectangle
+>>6 leshort x \b, bounding box (%d
+# Top; y-coordinate upper-left corner
+>>8 leshort x \b,%d
+# Right; x-coordinate lower-right corner
+>>10 leshort x / %d
+# Bottom; y-coordinate lower-right corner
+>>12 leshort x \b,%d)
+# Inch; number of logical units per inch like: 72 96 575 576 1000 1200 1439 1440 2540
+>>14 uleshort x \b, dpi %u
+# Reserved; field is not used and MUST be set to 0; but ababababh in x-fmt-119-signature-id-609.wmf
+>>16 ulelong !0 \b, reserved %#x
+# Checksum; checksum for the previous 10 words
+>>20 uleshort x \b, checksum %#x
+# META_HEADER Record after META_PLACEABLE Record
+>>22 use wmf-head
+# GRR: no example for type 2 (DISKMETAFILE) variant found under few thousands WMF
+0 string/b \002\000\011\000 Windows metafile
+>0 use wmf-head
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/w/wmf-16.trid.xml
+# Note: called "Windows Metafile (old Win 3.x format)" by TrID and
+# "Windows Metafile Image without Placeable File Header" by DROID via PUID x-fmt/119
+# verified by XnView `nconvert -info *.wmf` as Windows metafile
+# variant with type=1=MEMORYMETAFILE and valid HeaderSize 9
+0 string/b \001\000\011\000
+# skip DROID x-fmt-119-signature-id-1228.wmf by looking for content after header (18 bytes=2*011)
+>18 ulelong >0 Windows metafile
+# GRR: in version 5.44 unequal and not endian variant not working!
+#>18 ulelong !0 THIS_SHOULD_NOT_HAPPEN
+#>18 long !0 THIS_SHOULD_NOT_HAPPEN
+>>0 use wmf-head
+# display information of Windows metafile header (type, size, objects)
+0 name wmf-head
+# MetafileType: 0001h=MEMORYMETAFILE~Metafile is stored in memory 0002h=DISKMETAFILE~Metafile is stored on disk
+>0 uleshort !0x0001 \b, type %#x
+# HeaderSize; the number of WORDs in header record; seems to be always 9 (18 bytes)
+>2 uleshort*2 !18 \b, header size %u
+# MetafileVersion: 0100h=METAVERSION100~DIBs (device-independent bitmaps) not supported 0300h=METAVERSION300~DIBs are supported
+# but in failed samples 2020h ofz35149-1.wmf 3a02h exttextout-2.wmf
+>4 uleshort =0x0100 \b, DIBs not supported
+>4 uleshort =0x0300
+#>4 uleshort =0x0300 \b, DIBs supported
+# this should not happen!
+>4 default x \b, version
+>>4 uleshort x %#x
+# Size; the number of WORDs in the entire metafile
+>6 ulelong x \b, size %u words
+#>6 ulelong*2 x \b, size %u bytes
+!:mime image/wmf
+!:ext wmf
+# NumberOfObjects: the number of graphics objects like: 0 hardcopy-windows-meta.wmf 1 2 3 4 5 6 7 8 9 12 13 14 16 17 20 27 110 PERSGRID.WMF
+>10 uleshort x \b, %u objects
+# MaxRecord: the size of the largest record in the metafile in WORDs like: 78h b0h 1f4h 310h 63fh 1e0022h 3fcc21h
+>12 ulelong x \b, largest record size %#x
+# NumberOfMembers: It SHOULD be 0x0000, but 5 TestBitBltStretchBlt.wmf 13 TestPalette.wmf and in failed samples 4254 bitcount-1.wmf 8224 ofz5942-1.wmf 56832 exttextout-2.wmf
+>16 uleshort !0 \b, %u members
+
+#tz3 files whatever that is (MS Works files)
+0 string/b \003\001\001\004\070\001\000\000 tz3 ms-works file
+0 string/b \003\002\001\004\070\001\000\000 tz3 ms-works file
+0 string/b \003\003\001\004\070\001\000\000 tz3 ms-works file
+
+# PGP sig files .sig
+#0 string \211\000\077\003\005\000\063\237\127 065 to \027\266\151\064\005\045\101\233\021\002 PGP sig
+0 string \211\000\077\003\005\000\063\237\127\065\027\266\151\064\005\045\101\233\021\002 PGP sig
+0 string \211\000\077\003\005\000\063\237\127\066\027\266\151\064\005\045\101\233\021\002 PGP sig
+0 string \211\000\077\003\005\000\063\237\127\067\027\266\151\064\005\045\101\233\021\002 PGP sig
+0 string \211\000\077\003\005\000\063\237\127\070\027\266\151\064\005\045\101\233\021\002 PGP sig
+0 string \211\000\077\003\005\000\063\237\127\071\027\266\151\064\005\045\101\233\021\002 PGP sig
+0 string \211\000\225\003\005\000\062\122\207\304\100\345\042 PGP sig
+
+# windows zips files .dmf
+0 string/b MDIF\032\000\010\000\000\000\372\046\100\175\001\000\001\036\001\000 MS Windows special zipped file
+
+# Windows icons
+# Update: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/CUR_(file_format)
+# Note: similar to Windows CURsor. container for BMP (only DIB part) or PNG
+0 belong 0x00000100
+>9 byte 0
+>>0 byte x
+>>0 use cur-ico-dir
+>9 ubyte 0xff
+>>0 byte x
+>>0 use cur-ico-dir
+# displays number of icons and information for icon or cursor
+0 name cur-ico-dir
+# skip some Lotus 1-2-3 worksheets, CYCLE.PIC and keep Windows cursors with
+# 1st data offset = dir header size + n * dir entry size = 6 + n * 10h = ?6h
+>18 ulelong &0x00000006
+# skip remaining worksheets, because valid only for DIB image (40) or PNG image (\x89PNG)
+>>(18.l) ulelong x MS Windows
+>>>0 ubelong 0x00000100 icon resource
+# https://www.iana.org/assignments/media-types/image/vnd.microsoft.icon
+!:mime image/vnd.microsoft.icon
+#!:mime image/x-icon
+!:ext ico
+>>>>4 uleshort x - %d icon
+# plural s
+>>>>4 uleshort >1 \bs
+# 1st icon
+>>>>0x06 use ico-entry
+# 2nd icon
+>>>>4 uleshort >1
+>>>>>0x16 use ico-entry
+>>>0 ubelong 0x00000200 cursor resource
+#!:mime image/x-cur
+!:mime image/x-win-bitmap
+!:ext cur
+>>>>4 uleshort x - %d icon
+>>>>4 uleshort >1 \bs
+# 1st cursor
+>>>>0x06 use cur-entry
+#>>>>0x16 use cur-entry
+# display information of one cursor entry
+0 name cur-entry
+>0 use cur-ico-entry
+>4 uleshort x \b, hotspot @%dx
+>6 uleshort x \b%d
+# display information of one icon entry
+0 name ico-entry
+>0 use cur-ico-entry
+# normally 0 1 but also found 14
+>4 uleshort >1 \b, %d planes
+# normally 0 1 but also found some 3, 4, some 6, 8, 24, many 32, two 256
+>6 uleshort >1 \b, %d bits/pixel
+# display shared information of cursor or icon entry
+0 name cur-ico-entry
+>0 byte =0 \b, 256x
+>0 byte !0 \b, %dx
+>1 byte =0 \b256
+>1 byte !0 \b%d
+# number of colors in palette
+>2 ubyte !0 \b, %d colors
+# reserved 0 FFh
+#>3 ubyte x \b, reserved %x
+#>8 ulelong x \b, image size %d
+# offset of PNG or DIB image
+#>12 ulelong x \b, offset %#x
+# PNG header (\x89PNG)
+>(12.l) ubelong =0x89504e47
+# 1 space char after "with" to get phrase "with PNG image" by magic in ./images
+>>&-4 indirect x \b with
+# DIB image
+>(12.l) ubelong !0x89504e47
+#>>&-4 use dib-image
+
+# Windows non-animated cursors
+# Update: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/CUR_(file_format)
+# Note: similar to Windows ICOn. container for BMP ( only DIB part)
+# GRR: line below is too general as it catches also Lotus 1-2-3 files
+0 belong 0x00000200
+>9 byte 0
+>>0 use cur-ico-dir
+>9 ubyte 0xff
+>>0 use cur-ico-dir
+
+# .chr files
+0 string/b PK\010\010BGI Borland font
+>4 string >\0 %s
+# then there is a copyright notice
+
+
+# .bgi files
+0 string/b pk\010\010BGI Borland device
+>4 string >\0 %s
+# then there is a copyright notice
+
+
+# Windows Recycle Bin record file (named INFO2)
+# By Abel Cheung (abelcheung AT gmail dot com)
+# Version 4 always has 280 bytes (0x118) per record, version 5 has 800 bytes
+# Since Vista uses another structure, INFO2 structure probably won't change
+# anymore. Detailed analysis in:
+# http://www.cybersecurityinstitute.biz/downloads/INFO2.pdf
+0 lelong 0x00000004
+>12 lelong 0x00000118 Windows Recycle Bin INFO2 file (Win98 or below)
+
+0 lelong 0x00000005
+>12 lelong 0x00000320 Windows Recycle Bin INFO2 file (Win2k - WinXP)
+
+# From Doug Lee via a FreeBSD pr
+9 string GERBILDOC First Choice document
+9 string GERBILDB First Choice database
+9 string GERBILCLIP First Choice database
+0 string GERBIL First Choice device file
+9 string RABBITGRAPH RabbitGraph file
+0 string DCU1 Borland Delphi .DCU file
+0 string =!<spell> MKS Spell hash list (old format)
+0 string =!<spell2> MKS Spell hash list
+# Too simple - MPi
+#0 string AH Halo(TM) bitmapped font file
+0 lelong 0x08086b70 TurboC BGI file
+0 lelong 0x08084b50 TurboC Font file
+
+# Debian#712046: The magic below identifies "Delphi compiled form data".
+# An additional source of information is available at:
+# http://www.woodmann.com/fravia/dafix_t1.htm
+0 string TPF0
+>4 pstring >\0 Delphi compiled form '%s'
+
+# tests for DBase files moved, updated and merged to database
+
+0 string PMCC Windows 3.x .GRP file
+1 string RDC-meg MegaDots
+>8 byte >0x2F version %c
+>9 byte >0x2F \b.%c file
+
+# .PIF files added by Joerg Jenderek from https://smsoft.ru/en/pifdoc.htm
+# only for windows versions equal or greater 3.0
+0x171 string MICROSOFT\ PIFEX\0 Windows Program Information File
+!:mime application/x-dosexec
+!:ext pif
+#>2 string >\0 \b, Title:%.30s
+>0x24 string >\0 \b for %.63s
+>0x65 string >\0 \b, directory=%.64s
+>0xA5 string >\0 \b, parameters=%.64s
+#>0x181 leshort x \b, offset %x
+#>0x183 leshort x \b, offsetdata %x
+#>0x185 leshort x \b, section length %x
+>0x187 search/0xB55 WINDOWS\ VMM\ 4.0\0
+>>&0x5e ubyte >0
+>>>&-1 string <PIFMGR.DLL \b, icon=%s
+#>>>&-1 string PIFMGR.DLL \b, icon=%s
+>>>&-1 string >PIFMGR.DLL \b, icon=%s
+>>&0xF0 ubyte >0
+>>>&-1 string <Terminal \b, font=%.32s
+#>>>&-1 string =Terminal \b, font=%.32s
+>>>&-1 string >Terminal \b, font=%.32s
+>>&0x110 ubyte >0
+>>>&-1 string <Lucida\ Console \b, TrueTypeFont=%.32s
+#>>>&-1 string =Lucida\ Console \b, TrueTypeFont=%.32s
+>>>&-1 string >Lucida\ Console \b, TrueTypeFont=%.32s
+#>0x187 search/0xB55 WINDOWS\ 286\ 3.0\0 \b, Windows 3.X standard mode-style
+#>0x187 search/0xB55 WINDOWS\ 386\ 3.0\0 \b, Windows 3.X enhanced mode-style
+>0x187 search/0xB55 WINDOWS\ NT\ \ 3.1\0 \b, Windows NT-style
+#>0x187 search/0xB55 WINDOWS\ NT\ \ 4.0\0 \b, Windows NT-style
+>0x187 search/0xB55 CONFIG\ \ SYS\ 4.0\0 \b +CONFIG.SYS
+#>>&06 string x \b:%s
+>0x187 search/0xB55 AUTOEXECBAT\ 4.0\0 \b +AUTOEXEC.BAT
+#>>&06 string x \b:%s
+
+# Norton Guide (.NG , .HLP) files added by Joerg Jenderek from source NG2HTML.C
+# of http://www.davep.org/norton-guides/ng2h-105.tgz
+# https://en.wikipedia.org/wiki/Norton_Guides
+0 string NG\0\001
+# only value 0x100 found at offset 2
+>2 ulelong 0x00000100 Norton Guide
+!:mime application/x-norton-guide
+# often like NORTON.NG but some times like NC.HLP
+!:ext ng/hlp
+# Title[40]
+>>8 string >\0 "%-.40s"
+#>>6 uleshort x \b, MenuCount=%u
+# szCredits[5][66]
+>>48 string >\0 \b, %-.66s
+>>114 string >\0 %-.66s
+
+# URL: https://en.wikipedia.org/wiki/Norton_Commander
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/m/msg-nc-eng.trid.xml
+# From: Joerg Jenderek
+# Note: Message file is used by executable with same main name.
+# Only tested with version 5.50 (english) and 2.01 (Windows)
+0 string Abort
+# \0 or i
+#>5 ubyte x %x
+# skip ASCII Abort text by looking for error message like in NCVIEW.MSG
+>6 search/7089 Non-DOS\ disk Norton Commander module message
+!:mime application/x-norton-msg
+!:ext msg
+
+# URL: http://www.antonis.de/dos/dos-tuts/mpdostip/html/nwdostip.htm
+# Reference: https://mark0.net/download/triddefs_xml.7z/defs/m/msg-netware-dos.trid.xml
+# From: Joerg Jenderek
+0 string DOS\ Client\ Message\ File: Novell DOS client message
+#!:mime application/octet-stream
+#!:mime application/x-novell-msg
+!:ext msg
+# look for second letter instead space character
+>26 ubyte >0x20
+# digit 1 or often main or program name like: IPXODI.COM TASKID pnwtrap DOSRqstr
+>>25 ubyte !0x20 %c
+>>>26 ubyte !0x20 \b%c
+>>>>27 ubyte !0x20 \b%c
+>>>>>28 ubyte !0x20 \b%c
+>>>>>>29 ubyte !0x20 \b%c
+>>>>>>>30 ubyte !0x20 \b%c
+>>>>>>>>31 ubyte !0x20 \b%c
+>>>>>>>>>32 ubyte !0x20 \b%c
+>>>>>>>>>>33 ubyte !0x20 \b%c
+>>>>>>>>>>>34 ubyte !0x20 \b%c
+>>>>>>>>>>>>35 ubyte !0x20 \b%c
+>>>>>>>>>>>>>36 ubyte !0x20 \b%c
+# followed by string like: 0 v.10 V1.20
+#
+# followed by ,\040Tran
+>28 search/14 ,\040Tran
+# probably translated version string like: 0 v1.00
+>>&0 string x \b, tran version %s
+# followed by Ctrl-J Ctrl-Z
+>>>&0 ubyte !0xa \b, terminated by %#2.2x
+>>>>&0 ubyte x \b%2.2x
+# Ctrl-Z
+>0x65 ubyte !0x1A \b, at 0x65 %#x
+# one
+>0x66 ubyte !0x01 \b, at 0x66 %#x
+# URL: https://en.wikipedia.org/wiki/NetWare
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/d/dat-novell-msg.trid.xml
+# ftp://ftp.iitb.ac.in/LDP/en/NLM-HOWTO/NLM-HOWTO-single.html
+# From: Joerg Jenderek
+0 string Novell\ Message\ Librarian\ Data\ File Novell message librarian data
+#>35 string Version\ 1.00
+#>49 string COPYRIGHT\ (c)\ 1985\ by\ Novell,\ Inc.
+#>83 string \ \ All\ Rights\ Reserved
+#!:mime application/octet-stream
+#!:mime application/x-novell-msg
+!:ext msg
+#!:ext msg/dat
+# 4DOS help (.HLP) files added by Joerg Jenderek from source TPHELP.PAS
+# of https://www.4dos.info/
+# pointer,HelpID[8]=4DHnnnmm
+0 ulelong 0x48443408 4DOS help file
+>4 string x \b, version %-4.4s
+
+# old binary Microsoft (.HLP) files added by Joerg Jenderek from http://file-extension.net/seeker/file_extension_hlp
+0 ulequad 0x3a000000024e4c MS Advisor help file
+
+# HtmlHelp files (.chm)
+0 string/b ITSF\003\000\000\000\x60\000\000\000 MS Windows HtmlHelp Data
+!:mime application/vnd.ms-htmlhelp
+!:ext chm
+
+# GFA-BASIC (Wolfram Kleff)
+2 string/b GFA-BASIC3 GFA-BASIC 3 data
+
+#------------------------------------------------------------------------------
+# From Stuart Caie <kyzer@4u.net> (developer of cabextract)
+# Update: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/Cabinet_(file_format)
+# Reference: https://msdn.microsoft.com/en-us/library/bb267310.aspx
+# Note: verified by `7z l *.cab`
+# Microsoft Cabinet files
+0 string/b MSCF\0\0\0\0 Microsoft Cabinet archive data
+#
+# https://support.microsoft.com/en-us/help/973559/frequently-asked-questions-about-the-microsoft-support-diagnostic-tool
+# CAB with *.{diagcfg,diagpkg} is used by Microsoft Support Diagnostic Tool MSDT.EXE
+# because some archive does not have *.diag* as 1st or 2nd archive member like
+# O15CTRRemove.diagcab or AzureStorageAnalyticsLogs_global.DiagCab
+# brute looking after header for filenames with diagcfg or diagpkg extension in CFFILE section
+>0x2c search/980/c .diag \b, Diagnostic
+!:mime application/vnd.ms-cab-compressed
+!:ext diagcab
+# http://fileformats.archiveteam.org/wiki/PUZ
+# Microsoft Publisher version about 2003 has a "Pack and Go" feature that
+# bundles a Publisher document *PNG.pub with all links into a CAB
+>0x2c search/300/c png.pub\0 \b, Publisher Packed and Go
+!:mime application/vnd.ms-cab-compressed
+!:ext puz
+# ppz variant with Microsoft PowerPoint Viewer ppview32.exe to play PowerPoint presentation
+>0x2c search/17/c ppview32.exe\0 \b, PowerPoint Viewer Packed and Go
+!:mime application/vnd.ms-powerpoint
+#!:mime application/mspowerpoint
+!:ext ppz
+# URL: https://en.wikipedia.org/wiki/Windows_Desktop_Gadgets
+# Reference: https://docs.microsoft.com/en-us/previous-versions/windows/desktop/sidebar/
+# http://win10gadgets.com/download/273/ All_CPU_Meter1.zip/All_CPU_Meter_V4.7.3.gadget
+>0x2c search/968/c gadget.xml \b, Windows Desktop Gadget
+#!:mime application/vnd.ms-cab-compressed
+# http://extension.nirsoft.net/gadget
+!:mime application/x-windows-gadget
+!:ext gadget
+# http://www.incredimail.com/
+# IncrediMail CAB contains an initialisation file "content.ini" like in im2.ims
+>0x2c search/3369/c content.ini\0 \b, IncrediMail
+!:mime application/x-incredimail
+# member Flavor.htm implies IncrediMail ecard like in tell_a_friend.imf
+>>0x2c search/83/c Flavor.htm\0 ecard
+!:ext imf
+# member Macromedia Flash data *.swf implies IncrediMail skin like in im2.ims
+>>0x2c search/211/c .swf\0 skin
+!:ext ims
+# member anim.im3 implies IncrediMail animation like in letter_fold.ima
+>>0x2c search/92/c anim.im3\0 animation
+!:ext ima
+# other IncrediMail cab archive
+>>0x2c default x
+>>>0x2c search/116/c thumb ecard, image, notifier or skin
+!:ext imf/imi/imn/ims
+# http://file-extension.net/seeker/file_extension_ime
+>>>0x2c default x emoticons or sound
+!:ext ime/imw
+# no Diagnostic, Packed and Go, Windows Desktop Gadget, IncrediMail
+>0x2c default x
+# look for 1st member name
+>>(16.l+16) ubyte x
+# From: Joerg Jenderek
+# URL: https://docs.microsoft.com/en-us/windows-hardware/drivers/install/building-device-metadata-packages
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/d/devicemetadata-ms.trid.xml
+>>>&-1 string PackageInfo.xml \b, Device Metadata Package
+!:mime application/vnd.ms-cab-compressed
+!:ext devicemetadata-ms
+# https://en.wikipedia.org/wiki/SNP_file_format
+>>>&-1 string/c _accrpt_.snp \b, Access report snapshot
+!:mime application/msaccess
+!:ext snp
+# https://en.wikipedia.org/wiki/Microsoft_InfoPath
+>>>&-1 string manifest.xsf \b, InfoPath Form Template
+!:mime application/vnd.ms-cab-compressed
+#!:mime application/vnd.ms-infopath
+!:ext xsn
+# https://www.cabextract.org.uk/wince_cab_format/
+# extension of DOS 8+3 name with ".000" of 1st archive member name implies Windows CE installer
+>>>&7 string =.000 \b, WinCE install
+!:mime application/vnd.ms-cab-compressed
+!:ext cab
+
+# https://support.microsoft.com/kb/934307/en-US
+# All inspected MSU contain a file with name WSUSSCAN.cab
+# that is called "Windows Update meta data" by Microsoft
+>>>&-1 string/c wsusscan.cab \b, Microsoft Standalone Update
+!:mime application/vnd.ms-cab-compressed
+!:ext msu
+>>>&-1 default x
+# look at point character of 1st archive member name for file name extension
+# GRR: search range is maybe too large and match point else where like in EN600x64.cab!
+>>>>&-1 search/255 .
+# http://www.pptfaq.com/FAQ00164_What_is_a_PPZ_file-.htm
+# PPZ were created using Pack & Go feature of PowerPoint versions 97 - 2002
+# packs optional files, a PowerPoint presentation *.ppt with optional PLAYLIST.LST to CAB
+>>>>>&0 string/c ppt\0
+>>>>>>28 uleshort >1 \b, PowerPoint Packed and Go
+!:mime application/vnd.ms-powerpoint
+#!:mime application/mspowerpoint
+!:ext ppz
+# or POWERPNT.PPT packed as POWERPNT.PP_ found on Windows 2000,XP setup CD in directory i386
+>>>>>>28 uleshort =1 \b, one packed PowerPoint
+!:mime application/vnd.ms-cab-compressed
+!:ext pp_
+# https://msdn.microsoft.com/en-us/library/windows/desktop/bb773190(v=vs.85).aspx
+# first member *.theme implies Windows 7 Theme Pack like in CommunityShowcaseAqua3.themepack
+# or Windows 8 Desktop Theme Pack like in PanoramicGlaciers.deskthemepack
+>>>>>&0 string/c theme \b, Windows
+!:mime application/x-windows-themepack
+# https://www.drewkeller.com/content/using-theme-both-windows-7-and-windows-8
+# 1st member Panoramic.theme or Panoramas.theme implies Windows 8-10 Theme Pack
+# with MTSM=RJSPBS in [MasterThemeSelector] inside *.theme
+>>>>>>(16.l+16) string =Panoram 8
+!:ext deskthemepack
+>>>>>>(16.l+16) string !Panoram 7 or 8
+!:ext themepack/deskthemepack
+>>>>>>(16.l+16) ubyte x Theme Pack
+# URL: https://en.wikipedia.org/wiki/Microsoft_OneNote#File_format
+# http://fileformats.archiveteam.org/wiki/OneNote
+# Reference: https://mark0.net/download/triddefs_xml.7z/defs/o/onepkg.trid.xml
+# 1st member name like: "Class Notes.one" "test-onenote.one" "Open Notebook.onetoc2" "Editor Öffnen.onetoc2"
+>>>>>&0 string/c one \b, OneNote Package
+!:mime application/msonenote
+!:ext onepkg
+>>>>>&0 default x
+# look for null terminator of 1st member name
+>>>>>>&0 search/255 \0
+# 2nd member name WSUSSCAN.cab like in Microsoft-Windows-MediaFeaturePack-OOB-Package.msu
+>>>>>>>&16 string/c wsusscan.cab \b, Microsoft Standalone Update
+!:mime application/vnd.ms-cab-compressed
+!:ext msu
+>>>>>>>&16 default x
+# archive with more then one file need some output in version 5.32 to avoid error message like
+# Magdir/msdos, 1138: Warning: Current entry does not yet have a description for adding a MIME type
+# Magdir/msdos, 1139: Warning: Current entry does not yet have a description for adding a EXTENSION type
+# file: could not find any valid magic files!
+>>>>>>>>28 uleshort >1 \b, many
+!:mime application/vnd.ms-cab-compressed
+!:ext cab
+# remaining archives with just one file
+>>>>>>>>28 uleshort =1
+# neither extra bytes nor cab chain implies Windows 2000,XP setup files in directory i386
+>>>>>>>>>30 uleshort =0x0000 \b, Windows 2000/XP setup
+# cut of last char of source extension and add underscore to generate extension
+# TERMCAP._ ... FXSCOUNT.H_ ... L3CODECA.AC_ ... NPDRMV2.ZI_
+!:mime application/vnd.ms-cab-compressed
+!:ext _/?_/??_
+# archive need some output like "single" in version 5.32 to avoid error messages
+>>>>>>>>>30 uleshort !0x0000 \b, single
+!:mime application/vnd.ms-cab-compressed
+!:ext cab
+# first archive name without point character
+>>>>&-1 default x
+>>>>>28 uleshort =1 \b, single
+!:mime application/vnd.ms-cab-compressed
+# on XP_CD\I386\ like: NETWORKS._ PROTOCOL._ QUOTES._ SERVICES._
+!:ext _
+>>>>>28 uleshort >1 \b, many
+!:mime application/vnd.ms-cab-compressed
+# like: HP Envy 6000 printer driver packages Full_x86.cab Full_x64.cab
+!:ext cab
+# TODO: additional extensions like
+# .xtp InfoPath Template Part
+# .lvf Logitech Video Effects Face Accessory
+>8 ulelong x \b, %u bytes
+>28 uleshort 1 \b, 1 file
+>28 uleshort >1 \b, %u files
+# Reserved fields, set to zero
+#>4 belong !0 \b, reserved1 %x
+#>12 belong !0 \b, reserved2 %x
+# offset of the first CFFILE entry coffFiles: minimal 2Ch
+>16 ulelong x \b, at %#x
+>(16.l) use cab-file
+# at least also 2nd member
+>28 uleshort >1
+>>(16.l+16) ubyte x
+>>>&0 search/255 \0
+# second member info
+>>>>&0 use cab-file
+#>20 belong !0 \b, reserved %x
+# Cabinet file format version. Currently, versionMajor = 1 and versionMinor = 3
+>24 ubeshort !0x0301 \b version %#x
+# number of CFFOLDER entries
+>26 uleshort >1 \b, %u cffolders
+# cabinet file option indicators 1~PREVIOUS, 2~NEXT, 4~reserved fields
+# only found for flags 0 1 2 3 4 not 7
+>30 uleshort >0 \b, flags %#x
+# Cabinet files have a 16-bit cabinet setID field that is designed for application use.
+# default is zero, however, the -i option of cabarc can be used to set this field
+>32 uleshort >0 \b, ID %u
+# iCabinet is number of this cabinet file in a set, where 0 for the first cabinet
+#>34 uleshort x \b, iCabinet %u
+# add one for display because humans start numbering by 1 and also fit to name of disk szDisk*
+>34 uleshort+1 x \b, number %u
+>30 uleshort &0x0004 \b, extra bytes
+# cbCFHeader optional size of per-cabinet reserved area 14h 1800h
+>>36 uleshort >0 %u in head
+# cbCFFolder is optional size of per-folder reserved area
+>>38 ubyte >0 %u in folder
+# cbCFData is optional size of per-datablock reserved area
+>>39 ubyte >0 %u in data block
+# optional per-cabinet reserved area abReserve[cbCFHeader]
+>>36 uleshort >0
+# 1st CFFOLDER after reserved area in header
+>>>(36.s+40) use cab-folder
+# no reserved area in header
+>30 uleshort ^0x0004
+# no previous and next cab archive
+>>30 uleshort =0x0000
+>>>36 use cab-folder
+# only previous cab archive
+>>30 uleshort =0x0001 \b, previous
+>>>36 use cab-anchor
+# only next cab archive
+>>30 uleshort =0x0002 \b, next
+>>>36 use cab-anchor
+# previous+next cab archive
+# can not use sub routine cab-anchor to display previous and next cabinet together
+#>>>36 use cab-anchor
+#>>>>&0 use cab-anchor
+>>30 uleshort =0x0003 \b, previous
+>>>36 string x %s
+# optional name of previous disk szDisk*
+>>>>&1 string x disk %s
+>>>>>&1 string x \b, next %s
+# optional name of previous disk szDisk*
+>>>>>>&1 string x disk %s
+>>>>>>>&1 use cab-folder
+# display filename and disk name of previous or next cabinet
+0 name cab-anchor
+# optional name of previous/next cabinet file szCabinet*[255]
+>&0 string x %s
+# optional name of previous/next disk szDisk*[255]
+>>&1 string x disk %s
+# display folder structure CFFOLDER information like compression of cabinet
+0 name cab-folder
+# offset of the CFDATA block in this folder
+#>0 ulelong x \b, coffCabStart %#x
+# number of CFDATA blocks in folder
+>4 uleshort x \b, %u datablock
+# plural s
+>4 uleshort >1 \bs
+# compression typeCompress: 0~None 1~MSZIP 0x1503~LZX:21 0x1003~LZX:16 0x0f03~LZX:15
+>6 uleshort x \b, %#x compression
+# optional per-folder reserved area
+#>8 ubequad x \b, abReserve %#llx
+# display member structure CFFILE information like member name of cabinet
+0 name cab-file
+# cbFile is uncompressed size of file in bytes
+#>0 ulelong x \b, cbFile %u
+# uoffFolderStart is uncompressed offset of file in folder
+#>4 ulelong >0 \b, uoffFolderStart %#x
+# iFolder is index into the CFFOLDER area. 0 indicates first folder in cabinet
+# define ifoldCONTINUED_FROM_PREV (0xFFFD)
+# define ifoldCONTINUED_TO_NEXT (0xFFFE)
+# define ifoldCONTINUED_PREV_AND_NEXT (0xFFFF)
+>8 uleshort >0 \b, iFolder %#x
+# date stamp for file
+>10 lemsdosdate x last modified %s
+# time stamp for file
+>12 lemsdostime x %s
+# attribs is attribute flags for file
+# define _A_RDONLY (0x01) file is read-only
+# define _A_HIDDEN (0x02) file is hidden
+# define _A_SYSTEM (0x04) file is a system file
+# define _A_ARCH (0x20) file modified since last backup
+# example http://sebastien.kirche.free.fr/pebuilder_plugins/depends.cab
+# define _A_EXEC (0x40) run after extraction
+# define _A_NAME_IS_UTF (0x80) szName[] contains UTF
+# define UNKNOWN (0x0100) undocumented or accident
+#>14 uleshort x \b, attribs %#x
+>14 uleshort >0 +
+>>14 uleshort &0x0001 \bR
+>>14 uleshort &0x0002 \bH
+>>14 uleshort &0x0004 \bS
+>>14 uleshort &0x0020 \bA
+>>14 uleshort &0x0040 \bX
+>>14 uleshort &0x0080 \bUtf
+# unknown 0x0100 flag found on one XP_CD:\I386\DRIVER.CAB
+>>14 uleshort &0x0100 \b?
+# szName is name of archive member
+>16 string x "%s"
+# next archive member name if more files
+#>>&17 string >\0 \b, NEXT NAME %-.50s
+
+# InstallShield Cabinet files
+0 string/b ISc( InstallShield Cabinet archive data
+>5 byte&0xf0 =0x60 version 6,
+>5 byte&0xf0 !0x60 version 4/5,
+>(12.l+40) lelong x %u files
+
+# Windows CE package files
+0 string/b MSCE\0\0\0\0 Microsoft WinCE install header
+>20 lelong 0 \b, architecture-independent
+>20 lelong 103 \b, Hitachi SH3
+>20 lelong 104 \b, Hitachi SH4
+>20 lelong 0xA11 \b, StrongARM
+>20 lelong 4000 \b, MIPS R4000
+>20 lelong 10003 \b, Hitachi SH3
+>20 lelong 10004 \b, Hitachi SH3E
+>20 lelong 10005 \b, Hitachi SH4
+>20 lelong 70001 \b, ARM 7TDMI
+>52 leshort 1 \b, 1 file
+>52 leshort >1 \b, %u files
+>56 leshort 1 \b, 1 registry entry
+>56 leshort >1 \b, %u registry entries
+
+
+# Windows Enhanced Metafile (EMF)
+# See msdn.microsoft.com/archive/en-us/dnargdi/html/msdn_enhmeta.asp
+# for further information.
+0 ulelong 1
+>40 string \ EMF Windows Enhanced Metafile (EMF) image data
+>>44 ulelong x version %#x
+
+
+0 string/b \224\246\056 Microsoft Word Document
+!:mime application/msword
+
+# From: "Nelson A. de Oliveira" <naoliv@gmail.com>
+# Magic type for Dell's BIOS .hdr files
+# Dell's .hdr
+0 string/b $RBU
+>23 string Dell %s system BIOS
+>5 byte 2
+>>48 byte x version %d.
+>>49 byte x \b%d.
+>>50 byte x \b%d
+>5 byte <2
+>>48 string x version %.3s
+
+# Type: Microsoft Document Imaging Format (.mdi)
+# URL: https://en.wikipedia.org/wiki/Microsoft_Document_Imaging_Format
+# From: Daniele Sempione <scrows@oziosi.org>
+# Too weak (EP)
+#0 short 0x5045 Microsoft Document Imaging Format
+
+# MS eBook format (.lit)
+0 string/b ITOLITLS Microsoft Reader eBook Data
+>8 lelong x \b, version %u
+!:mime application/x-ms-reader
+
+# Windows CE Binary Image Data Format
+# From: Dr. Jesus <j@hug.gs>
+0 string/b B000FF\n Windows Embedded CE binary image
+
+# The second byte of these signatures is a file version; I don't know what,
+# if anything, produced files with version numbers 0-2.
+# From: John Elliott <johne@seasip.demon.co.uk>
+0 string \xfc\x03\x00 Mallard BASIC program data (v1.11)
+0 string \xfc\x04\x00 Mallard BASIC program data (v1.29+)
+0 string \xfc\x03\x01 Mallard BASIC protected program data (v1.11)
+0 string \xfc\x04\x01 Mallard BASIC protected program data (v1.29+)
+
+0 string MIOPEN Mallard BASIC Jetsam data
+0 string Jetsam0 Mallard BASIC Jetsam index data
+
+# DOS backup 2.0 to 3.2
+# URL: http://fileformats.archiveteam.org/wiki/BACKUP_(MS-DOS)
+# Reference: http://www.ibiblio.org/pub/micro/pc-stuff/freedos/files/dos/restore/brtecdoc.htm
+# backupid.@@@
+
+# plausibility check for date
+0x3 ushort >1979
+>0x5 ubyte-1 <31
+>>0x6 ubyte-1 <12
+# actually 121 nul bytes
+>>>0x7 string \0\0\0\0\0\0\0\0
+>>>>0x1 ubyte x DOS 2.0 backup id file, sequence %d
+#!:mime application/octet-stream
+!:ext @@@
+>>>>0x0 ubyte 0xff \b, last disk
+
+# backed up file
+
+# skip some AppleWorks word like Tomahawk.Awp, WIN98SE-DE.vhd
+# by looking for trailing nul of maximal file name string
+0x52 ubyte 0
+# test for flag byte: FFh~complete file, 00h~split file
+# FFh -127 = -1 -127 = -128
+# 00h -127 = 0 -127 = -127
+>0 byte-127 <-126
+# plausibility check for file name length
+>>0x53 ubyte-1 <78
+# looking for terminating nul of file name string
+>>>(0x53.b+4) ubyte 0
+# looking if last char of string is valid DOS file name
+>>>>(0x53.b+3) ubyte >0x1F
+# actually 44 nul bytes
+# but sometimes garbage according to Ralf Quint. So can not be used as test
+#>0x54 string \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
+# first char of full file name is DOS (5Ch) or UNIX (2Fh) path separator
+# only DOS variant found. UNIX variant according to V32SLASH.TXT in archive PD0315.EXE
+>>>>>5 ubyte&0x8C 0x0C
+# ./msdos (version 5.30) labeled the entry as
+# "DOS 2.0 backed up file %s, split file, sequence %d" or
+# "DOS 2.0 backed up file %s, complete file"
+>>>>>>0 ubyte x DOS 2.0-3.2 backed up
+#>>>>>>0 ubyte 0xff complete
+>>>>>>0 ubyte 0
+>>>>>>>1 uleshort x sequence %d of
+# full file name with path but without drive letter and colon stored from 0x05 til 0x52
+>>>>>>0x5 string x file %s
+#!:mime application/octet-stream
+# backup name is original filename
+#!:ext doc/exe/rar/zip
+#!:ext *
+# magic/Magdir/msdos, 1169: Warning: EXTENSION type ` *' has bad char '*'
+# file: line 1169: Bad magic entry ' *'
+# after header original file content
+>>>>>>128 indirect x \b;
+
+
+# DOS backup 3.3 to 5.x
+
+# CONTROL.nnn files
+0 string \x8bBACKUP\x20
+# actually 128 nul bytes
+>0xa string \0\0\0\0\0\0\0\0
+>>0x9 ubyte x DOS 3.3 backup control file, sequence %d
+>>0x8a ubyte 0xff \b, last disk
+
+# NB: The BACKUP.nnn files consist of the files backed up,
+# concatenated.
+
+# From: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/MS-DOS_date/time
+# Reference: https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-dosdatetimetofiletime
+# Note: DOS date+time format is different from formats such as Unix epoch
+# bit encoded; uses year values relative to 1980 and 2 second precision
+0 name dos-date
+# HHHHHMMMMMMSSSSS bit encoded Hour (0-23) Minute (0-59) SecondPart (*2)
+#>0 uleshort x RAW TIME [%#4.4x]
+# hour part
+#>0 uleshort/2048 x hour [%u]
+# YYYYYMMMMDDDDD bit encoded YearPart (+1980) Month (1-12) Day (1-31)
+#>2 uleshort x RAW DATE [%#4.4x]
+# day part
+>2 uleshort&0x001F x %u
+#>2 uleshort/16 x MONTH PART [%#x]
+# GRR: not working
+#>2 uleshort/16 &0x000F MONTH [%u]
+#>2 uleshort&0x01E0 x MONTH PART [%#4.4x]
+>2 uleshort&0x01E0 =0x0020 jan
+>2 uleshort&0x01E0 =0x0040 feb
+>2 uleshort&0x01E0 =0x0060 mar
+>2 uleshort&0x01E0 =0x0080 apr
+>2 uleshort&0x01E0 =0x00A0 may
+>2 uleshort&0x01E0 =0x00C0 jun
+>2 uleshort&0x01E0 =0x00E0 jul
+>2 uleshort&0x01E0 =0x0100 aug
+>2 uleshort&0x01E0 =0x0120 sep
+>2 uleshort&0x01E0 =0x0140 oct
+>2 uleshort&0x01E0 =0x0160 nov
+>2 uleshort&0x01E0 =0x0180 dec
+# year part
+>2 uleshort/512 x 1980+%u
+#
diff --git a/magic/Magdir/msooxml b/magic/Magdir/msooxml
new file mode 100644
index 0000000..905017e
--- /dev/null
+++ b/magic/Magdir/msooxml
@@ -0,0 +1,68 @@
+
+#------------------------------------------------------------------------------
+# $File: msooxml,v 1.19 2023/03/14 19:46:15 christos Exp $
+# msooxml: file(1) magic for Microsoft Office XML
+# From: Ralf Brown <ralf.brown@gmail.com>
+
+# .docx, .pptx, and .xlsx are XML plus other files inside a ZIP
+# archive. The first member file is normally "[Content_Types].xml".
+# but some libreoffice generated files put this later. Perhaps skip
+# the "[Content_Types].xml" test?
+# Since MSOOXML doesn't have anything like the uncompressed "mimetype"
+# file of ePub or OpenDocument, we'll have to scan for a filename
+# which can distinguish between the three types
+
+0 name msooxml
+>0 string word/ Microsoft Word 2007+
+!:mime application/vnd.openxmlformats-officedocument.wordprocessingml.document
+!:ext docx
+>0 string ppt/ Microsoft PowerPoint 2007+
+!:mime application/vnd.openxmlformats-officedocument.presentationml.presentation
+!:ext pptx
+>0 string xl/ Microsoft Excel 2007+
+!:mime application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
+!:ext xlsx
+>0 string visio/ Microsoft Visio 2013+
+!:mime application/vnd.ms-visio.drawing.main+xml
+>0 string AppManifest.xaml Microsoft Silverlight Application
+!:mime application/x-silverlight-app
+
+# start by checking for ZIP local file header signature
+0 string PK\003\004
+!:strength +10
+# make sure the first file is correct
+>0x1E use msooxml
+>0x1E default x
+>>0x1E regex \\[Content_Types\\]\\.xml|_rels/\\.rels|docProps|customXml
+# skip to the second local file header
+# since some documents include a 520-byte extra field following the file
+# header, we need to scan for the next header
+>>>(18.l+49) search/6000 PK\003\004
+# now skip to the *third* local file header; again, we need to scan due to a
+# 520-byte extra field following the file header
+>>>>&26 search/6000 PK\003\004
+# and check the subdirectory name to determine which type of OOXML
+# file we have. Correct the mimetype with the registered ones:
+# https://technet.microsoft.com/en-us/library/cc179224.aspx
+>>>>>&26 use msooxml
+>>>>>&26 default x
+# OpenOffice/Libreoffice orders ZIP entry differently, so check the 4th file
+>>>>>>&26 search/6000 PK\003\004
+>>>>>>>&26 use msooxml
+# Some OOXML generators add an extra customXml directory. Check another file.
+>>>>>>>&26 default x
+>>>>>>>>&26 search/6000 PK\003\004
+>>>>>>>>>&26 use msooxml
+>>>>>>>>>&26 default x Microsoft OOXML
+>>>>>>>&26 default x Microsoft OOXML
+>>>>>&26 default x Microsoft OOXML
+>>0x1E regex \\[trash\\]
+>>>&26 search/6000 PK\003\004
+>>>>&26 search/6000 PK\003\004
+>>>>>&26 use msooxml
+>>>>>&26 default x
+>>>>>>&26 search/6000 PK\003\004
+>>>>>>>&26 use msooxml
+>>>>>>>&26 default x Microsoft OOXML
+>>>>>>&26 default x Microsoft OOXML
+>>>>>&26 default x Microsoft OOXML
diff --git a/magic/Magdir/msvc b/magic/Magdir/msvc
new file mode 100644
index 0000000..fbfa4f2
--- /dev/null
+++ b/magic/Magdir/msvc
@@ -0,0 +1,222 @@
+
+#------------------------------------------------------------------------------
+# $File: msvc,v 1.11 2022/01/17 17:17:30 christos Exp $
+# msvc: file(1) magic for msvc
+# "H. Nanosecond" <aldomel@ix.netcom.com>
+# Microsoft visual C
+#
+# I have version 1.0
+
+# .aps
+0 string HWB\000\377\001\000\000\000 Microsoft Visual C .APS file
+
+# .ide
+#too long 0 string \102\157\162\154\141\156\144\040\103\053\053\040\120\162\157\152\145\143\164\040\106\151\154\145\012\000\032\000\002\000\262\000\272\276\372\316 MSVC .ide
+0 string \102\157\162\154\141\156\144\040\103\053\053\040\120\162\157 MSVC .ide
+
+# .res
+0 string \000\000\000\000\040\000\000\000\377 MSVC .res
+0 string \377\003\000\377\001\000\020\020\350 MSVC .res
+0 string \377\003\000\377\001\000\060\020\350 MSVC .res
+
+#.lib
+# URL: https://en.wikipedia.org/wiki/Microsoft_Visual_C%2B%2B
+# http://fileformats.archiveteam.org/wiki/Microsoft_Library
+# http://fileformats.archiveteam.org/wiki/OMF
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/l/lib-msvc.trid.xml
+# https://pierrelib.pagesperso-orange.fr/exec_formats/OMF_v1.1.pdf
+# Update: Joerg Jenderek
+#0 string \360\015\000\000 Microsoft Visual C library
+#0 string \360\075\000\000 Microsoft Visual C library
+#0 string \360\175\000\000 Microsoft Visual C library
+# test for RecordType~LibraryHeaderRecord=0xF0 + RecordLength=???Dh + dictionary offset is multiple of 0x200
+0 ubelong&0xFF0f80ff =0xF00d0000
+# Microsoft Visual C library (strength=70) before MIDI SysEx messages (strength=50) handled by ./sysex
+#!:strength +0
+# test for valid 2nd RecordType~Translator Header Record=THEADR=80h or LHEADR=82h
+>(1.s+3) ubyte&0xFD =0x80
+>>0 use omf-lib
+# display information about Microsoft Visual C/OMF library
+0 name omf-lib
+# RecordType~LibraryHeaderRecord=0xF0
+#>0 byte 0xF0 Microsoft Visual C library
+# the above description was used in file version 5.41
+>0 byte 0xF0 Microsoft Visual C/OMF library
+#>0 byte 0xF0 relocatable Object Module Format (OMF) libray
+#!:mime application/octet-stream
+!:mime application/x-omf-lib
+!:ext lib
+# 1st record data length like 13=0Dh 29=1Dh 61=3Dh 125=7Dh 509=01FDh ... 32765=7FFDh
+#>1 uleshort x \b, 1st record data length %u
+#>1 uleshort x \b, 1st record data length %#x
+# 2**4=16 <= RecordLength+3 = PageSize = 2**n {16 32 512 no examples 64 128 256 1024 2048 ...32768} <= 2**15=32768
+>1 uleshort+3 x \b, page size %u
+# dictionary offset like: 400h 600h a00h c00h 1200h 1800h 2400h 5600h 12800h 19200h 28a00h
+>3 ulelong x \b, at %#x dictionary
+# dictionary block a 512 bytes; the first 37 bytes correspond to the 37 buckets
+#>(3.l) ubequad x (%#16.16llx...)
+# dictionary size; length in 512-byte blocks; a prime number? like:
+# 1 2 3 4 5 6 7 9 11 13 15 16 18 21 22 23 24 25 31 50 53 89 101 117 277
+>7 uleshort x with %u block
+# plurals s
+>7 uleshort >1 \bs
+# If dictionary byte 38 (FFLAG) has the value 255, there is no space left
+>(3.l+37) ubyte <0xFF (FFLAG=%#x)
+>(3.l+37) ubyte =0xFF (FFLAG=full)
+# dictionary entry; length byte of following symbol, the following text bytes of symbol, two bytes specifies the page number
+# like: dbfntx1! DBFNTX.LIB zlibCompileFlags_ ZLIB.LIB atoi! mwlibc.lib
+>(3.l+38) pstring x 1st entry %s
+# like: 1 33 41 47 458 8783
+>>&0 uleshort x in page %u
+# library flags; 0 or 1, but WHAT IS 0x4d in MOUSE.LIB ?
+>9 ubyte >1 \b, flags %#x
+>9 ubyte =1 case sensitive
+# In the library after header comes first object module with a Library Module Header Record (LHEADR=82h)
+# but in examples Translator Header Record (THEADR=80h) which is handled identically
+>(1.s+3) ubyte x \b, 2nd record
+>(1.s+3) ubyte !0x80 (type %#x)
+#>(1.s+4) uleshort x \b, 2nd record data length %u
+# Module name often source name like "dos\crt0.asm" in mlibce.lib or "QB4UTIL.ASM" in QB4UTIL.LIB
+# or "C:\Documents and Settings\Allan Campbell\My Documents\FDOSBoot\zlib\zutil.c" in ZLIB.LIB
+# or title like "87INIT" in FP87.LIB or "ACOSASIN" in MATHC.LIB or "Copyright" in calc-bcc.lib
+>(1.s+6) pstring x "%s"
+# 2nd record checksum
+#>>&0 ubyte x checksum %#x
+# 3rd RecordType: 96h~LNAMES 88h~COMENT
+>>&1 ubyte x \b, 3rd record
+>>&1 ubyte !0x88
+>>>&-1 ubyte !0x96
+# 3rd unusual record type
+>>>>&-1 ubyte x (type %#x)
+# 3rd record is a List of Names Record (LNAMES=96h)
+>>&1 ubyte =0x96 LNAMES
+# LNAMES record length like: 2 15 19
+#>>>&0 uleshort x \b, LNAMES record length %u
+>>>&0 uleshort >2
+# 1st LNAME string length; null is valid; maximal 255
+#>>>>&0 ubyte x 1st LNAME length %u
+>>>>&0 ubyte =0
+# 2nd LNAME length like: 4 7 8 17 31
+#>>>>>&0 ubyte x 2nd LNAME length %u
+# name used for segment, class, group, overlay, etc like:
+# CODE (mwlibc.lib) _TEXT32 (JMPPM32.LIB) _OVLCODE (WOVL.LIB)
+>>>>>&0 pstring x %s
+# 3rd LNAME length like: 4 5
+#>>>>>>&0 ubyte x 3rd LNAME length %u
+# like: DATA (mwlibc.lib) CODE (JMPPM32.LIB) _TEXT (EMU87.LIB)
+>>>>>>&0 pstring x %s
+# maybe 4th LNAME length like: 4 6
+>>>>>>>&0 ubyte <44
+# like: DATA (DEBUG.LIB) DGROUP (mwlibc.lib MOUSE.LIB)
+>>>>>>>>&-1 pstring x %s
+# 3rd record is a COMMENT (Including all comment class extensions)
+>>&1 ubyte =0x88 COMMENT
+# comment record length like: 3 FLIB7M.LIB 1Bh 1Eh 23h 27h 2Bh 30h freetype-bcc.lib
+#>>>&0 uleshort x \b, record length %#x
+# real comment length = record length - 1 (comment type) - 1 (comment Class) - 1 (checksum) -1 (char count)
+# like: 2 LIBFL.LIB 4 "UUID" 5 "dscap" 6 "int386" 7 "qb4util" 8 "AMSGEXIT" 16 REXX.LIB 20 27 35 44 freetype-bcc.lib
+#>>>>&-2 uleshort-4 >0 \b, comment length %u
+# check that record contain at least comment type (1 byte), comment class (1 byte), checksum (1 byte)
+# probably always true
+>>>&0 uleshort >2
+# comment type: 80h~NP~no purge bit 40h~NL~no list bit
+#>>>>&0 ubyte !0 Type %#x
+>>>>&0 ubyte &0x80 Preserved
+# no example
+>>>>&0 ubyte &0x40 NoList
+# comment class like: 0~Translator A0~OMF extensions A3~LIBMOD A1~New OMF extensions AA~UNKNOWN
+>>>>&1 ubyte x class=%#x
+# check that comment record contains at least real content
+>>>>&-2 uleshort >3
+# Translator comment record (0); it may name the source language or translator
+>>>>>&1 ubyte =0 Translator
+#>>>>>>&0 ubyte x Translator length %u
+# like: "TC86 Borland Turbo C 2.01 " (GEMS.LIB) "TC86 Borland Turbo C++ 3.00" (CATDB.LIB)
+>>>>>>&0 pstring x "%s"
+# OMF extensions comment record (A0); first byte of commentary string identifies subtype
+>>>>>&1 ubyte =0xA0 OMF extensions
+# A0 subtype like: 1~IMPDEF
+>>>>>>&0 ubyte !1 subtype %#x
+# Import Definition Record (Comment Class A0, Subtype 01~IMPDEF)
+>>>>>>&0 ubyte 1 IMPDEF
+# ordinal flag; determines form of Entry Ident field. If nonzero (seems to be 1) Entry is ordinal
+>>>>>>>&0 ubyte !0 ordinal
+# like: IMPORT.LIB DOSCALLS.LIB mlibw.lib mwinlibc.lib REXX.LIB
+>>>>>>>>&-1 ubyte >1 %u
+# Internal Name in count, char string format; module name for the imported symbol
+# like: 7 "REXXSAA" 9 11 13 14 15 16 20 21 26 "_Z10_clip_linePdS_S_S_dddd"
+#>>>>>>>&1 ubyte x internal name length %u
+# internal module name like: _DllGetVersion DllGetVersion BezierTerminationTest Copyright
+>>>>>>>&1 pstring x %s
+# module name in count, char string format; DLL name that supplies a matching export symbol
+# like: jpeg62.dll (jpeg-bcc.lib) unrar3.dll (unrar-bcc.lib) REXX (REXX.LIB)
+>>>>>>>>&0 pstring x exported by %s
+# Entry Ident; 16-bit if ordinal flag != 0 or imported name in count, char string format if ordinal flag = 0
+# like: \0 (calc-bcc.lib) DllGetVersion (libtiff-bcc.lib) UTF8ToHtml (libxml2-bcc.lib) xslAddCall (libxslt-bcc.lib)
+#>>>>>>>>>&0 pstring >\0 entry ident %s
+# "New OMF" extensions comment (A1); indicate version of symbolic debug information
+# like: LIBFL.LIB
+>>>>>&1 ubyte =0xA1 New OMF extensions
+# symbolic debug information version n
+>>>>>>&0 ubyte x n=%u
+# symbolic debug information style like: HL~IBM PM Debugger style (LIBFL.LIB) DX~AIX style CV~Microsoft symbol and type style
+>>>>>>>&0 string HL IBM style
+>>>>>>>&0 string DX AIX style
+>>>>>>>&0 string CV Microsoft style
+# LIBMOD comment record (A3) used only by the librarian
+# Microsoft extension added for LIB version 3.07 in macro assembler (MASM 5.0)
+>>>>>&1 ubyte =0xA3 LIBMOD
+# The A3 LIBMOD record contains only the ASCII string of the module name in count char format
+#>>>>>>&0 ubyte x LIBMOD length %u
+# LIBMOD comment record module name without path and extension like:
+# qb4util (QB4UTIL.LIB) affaldiv (libh.lib) crt0 (slibc.lib) clipper (DDDRAWS.LIB) dinpdev (DINPUTS.LIB) UUID (UUID.LIB)
+>>>>>>&0 pstring x %s
+# GRR: WHAT iS THAT? AA foo comment record
+#>>>>>&1 ubyte =0xAA AA-comment
+# like: OS220
+#>>>>>>&0 string x what=%-5.5s
+#
+
+#.pch
+0 string DTJPCH0\000\022\103\006\200 Microsoft Visual C .pch
+
+# Summary: Symbol Table / Debug info used by Microsoft compilers
+# URL: https://en.wikipedia.org/wiki/Program_database
+# Reference: https://code.google.com/p/pdbparser/wiki/MSF_Format
+# Update: Joerg Jenderek
+# Note: test only for Windows XP+SP3 x86 , 8.1 x64 arm and 10.1 x86
+# info does only applies partly for older files like msvbvm50.pdb about year 2001
+0 string Microsoft\ C/C++\040
+# "Microsoft Program DataBase" by TrID
+>24 search/14 \r\n\x1A MSVC program database
+!:mime application/x-ms-pdb
+!:ext pdb
+# "MSF 7.00" "program database 2.00" for msvbvm50.pdb
+>>16 regex \([0-9.]+\) ver %s
+#>>>0x38 search/128123456 /LinkInfo \b with linkinfo
+# "MSF 7.00" variant
+>>0x1e leshort 0
+# PageSize 400h 1000h
+>>>0x20 lelong x \b, %d
+# Page Count
+>>>0x28 lelong x \b*%d bytes
+# "program database 2.00" variant
+>>0x1e leshort !0
+# PageSize 400h
+>>>0x2c lelong x \b, %d
+# Page Count for msoo-dll.pdb 4379h
+>>>0x32 leshort x \b*%d bytes
+
+# Reference: https://github.com/Microsoft/vstest/pull/856/commits/fdc7a9f074ca5a8dfeec83b1be9162bf0cf4000d
+0 string/c bsjb\001\000\001\000\000\000\000\000\f\000\000\000pdb\ v1.0 Microsoft Roslyn C# debugging symbols version 1.0
+
+#.sbr
+0 string \000\002\000\007\000 MSVC .sbr
+>5 string >\0 %s
+
+#.bsc
+0 string \002\000\002\001 MSVC .bsc
+
+#.wsp
+0 string 1.00\ .0000.0000\000\003 MSVC .wsp version 1.0000.0000
+# these seem to start with the version and contain menus
diff --git a/magic/Magdir/msx b/magic/Magdir/msx
new file mode 100644
index 0000000..60e1656
--- /dev/null
+++ b/magic/Magdir/msx
@@ -0,0 +1,309 @@
+
+#------------------------------------------------------------------------------
+# msx: file(1) magic for the MSX Home Computer
+# v1.3
+# Fabio R. Schmidlin <sd-snatcher@users.sourceforge.net>
+
+############## MSX Music file formats ##############
+
+# Gigamix MGSDRV music file
+0 string/b MGS MSX Gigamix MGSDRV3 music file,
+>6 ubeshort 0x0D0A
+>>3 byte x \bv%c
+>>4 byte x \b.%c
+>>5 byte x \b%c
+>>8 string >\0 \b, title: %s
+
+1 string/b mgs2\ MSX Gigamix MGSDRV2 music file
+>6 uleshort 0x80
+>>0x2E uleshort 0
+>>>0x30 string >\0 \b, title: %s
+
+# KSS music file
+0 string/b KSCC KSS music file v1.03
+>0xE byte 0
+>>0xF byte&0x02 0 \b, soundchips: AY-3-8910, SCC(+)
+>>0xF byte&0x02 2 \b, soundchip(s): SN76489
+>>>0xF byte&0x04 4 stereo
+>>0xF byte&0x01 1 \b, YM2413
+>>0xF byte&0x08 8 \b, Y8950
+
+0 string/b KSSX KSS music file v1.20
+>0xE byte&0xEF 0
+>>0xF byte&0x40 0x00 \b, 60Hz
+>>0xF byte&0x40 0x40 \b, 50Hz
+>>0xF byte&0x02 0 \b, soundchips: AY-3-8910, SCC(+)
+>>0xF byte&0x02 0x02 \b, soundchips: SN76489
+>>>0xF byte&0x04 0x04 stereo
+>>0xF byte&0x01 0x01 \b,
+>>>0xF byte&0x18 0x00 \bYM2413
+>>>0xF byte&0x18 0x08 \bYM2413, Y8950
+>>>0xF byte&0x18 0x18 \bYM2413+Y8950 pseudostereo
+>>0xF byte&0x18 0x10 \b, Majyutsushi DAC
+
+# Moonblaster for Moonsound
+0 string/b MBMS
+>4 byte 0x10 MSX Moonblaster for MoonSound music
+
+# Music Player K-kaz
+0 string/b MPK MSX Music Player K-kaz song
+>6 ubeshort 0x0D0A
+>>3 byte x v%c
+>>4 byte x \b.%c
+>>5 byte x \b%c
+
+# I don't know why these don't work
+#0 search/0xFFFF \r\n.FM9
+#>0 search/0xFFFF \r\n#FORMAT MSX Music Player K-kaz source MML file
+#0 search/0xFFFF \r\nFM1\ \=
+#>0 search/0xFFFF \r\nPSG1\=
+#>>0 search/0xFFFF \r\nSCC1\= MSX MuSiCa MML source file
+
+# OPX Music file
+0x35 beshort 0x0d0a
+>0x7B beshort 0x0d0a
+>>0x7D byte 0x1a
+>>>0x87 uleshort 0 MSX OPX Music file
+>>>>0x86 byte 0 v1.5
+>>>>>0 string >\32 \b, title: %s
+>>>>0x86 byte 1 v2.4
+>>>>>0 string >\32 \b, title: %s
+
+# SCMD music file
+0x8B string/b SCMD
+>0xCE uleshort 0 MSX SCMD Music file
+#>>-2 uleshort 0x6a71 ; The file must end with this value. How to code this here?
+>>0x8F string >\0 \b, title: %s
+
+0 search/0xFFFF \r\n@title
+>&0 search/0xFFFF \r\n@m=[ MSX SCMD source MML file
+
+
+############## MSX image file formats ##############
+
+# MSX raw VRAM dump
+0 ubyte 0xFE
+>1 uleshort 0
+>>5 uleshort 0
+>>>3 uleshort 0x37FF MSX SC2/GRP raw image
+>>>3 uleshort 0x6A00 MSX Graph Saurus SR5 raw image
+>>>3 uleshort >0x769E
+>>>>3 uleshort <0x8000 MSX GE5/GE6 raw image
+>>>>>3 uleshort 0x7FFF \b, with sprite patterns
+>>>3 uleshort 0xD3FF MSX screen 7-12 raw image
+>>>3 uleshort 0xD400 MSX Graph Saurus SR7/SR8/SRS raw image
+
+# Graph Saurus compressed images
+0 ubyte 0xFD
+>1 uleshort 0
+>>5 uleshort 0
+>>>3 uleshort >0x013D MSX Graph Saurus compressed image
+
+# MSX G9B image file
+0 string/b G9B
+>1 uleshort 11
+>>3 uleshort >10
+>>>5 ubyte >0 MSX G9B image, depth=%d
+>>>>8 uleshort x \b, %dx
+>>>>10 uleshort x \b%d
+>>>>5 ubyte <9
+>>>>>6 ubyte 0
+>>>>>>7 ubyte x \b, codec=%d RGB color palettes
+>>>>>6 ubyte 64 \b, codec=RGB fixed color
+>>>>>6 ubyte 128 \b, codec=YJK
+>>>>>6 ubyte 192 \b, codec=YUV
+>>>>5 ubyte >8 codec=RGB fixed color
+>>>>12 ubyte 0 \b, raw
+>>>>12 ubyte 1 \b, bitbuster compression
+
+############## Other MSX file formats ##############
+
+# MSX internal ROMs
+0 ubeshort 0xF3C3
+>2 uleshort <0x4000
+>>8 ubyte 0xC3
+>>>9 uleshort <0x4000
+>>>>0x0B ubeshort 0x00C3
+>>>>>0x0D uleshort <0x4000
+>>>>>>0x0F ubeshort 0x00C3
+>>>>>>>0x11 uleshort <0x4000
+>>>>>>>>0x13 ubeshort 0x00C3
+>>>>>>>>>0x15 uleshort <0x4000
+>>>>>>>>>>0x50 ubyte 0xC3
+>>>>>>>>>>>0x51 uleshort <0x4000
+>>>>>>>>>>>>(9.s) ubyte 0xC3
+>>>>>>>>>>>>>&0 uleshort >0x4000
+>>>>>>>>>>>>>>&0 ubyte 0xC3 MSX BIOS+BASIC
+>>>>>>>>>>>>>>>0x002D ubyte+1 <3 \b. version=MSX%d
+>>>>>>>>>>>>>>>0x002D ubyte 2 \b, version=MSX2+
+>>>>>>>>>>>>>>>0x002D ubyte 3 \b, version=MSX Turbo-R
+>>>>>>>>>>>>>>>0x002D ubyte >3 \b, version=Unknown MSX %d version
+>>>>>>>>>>>>>>>0x0006 ubyte x \b, VDP.DR=%#2x
+>>>>>>>>>>>>>>>0x0007 ubyte x \b, VDP.DW=%#2x
+>>>>>>>>>>>>>>>0x002B ubyte&0xF 0 \b, charset=Japanese
+>>>>>>>>>>>>>>>0x002B ubyte&0xF 1 \b, charset=International
+>>>>>>>>>>>>>>>0x002B ubyte&0xF 2 \b, charset=Korean
+>>>>>>>>>>>>>>>0x002B ubyte&0xF >2 \b, charset=Unknown id:%d
+>>>>>>>>>>>>>>>0x002B ubyte&0x70 0x00 \b, date format=Y-M-D
+>>>>>>>>>>>>>>>0x002B ubyte&0x70 0x10 \b, date format=M-D-Y
+>>>>>>>>>>>>>>>0x002B ubyte&0x70 0x20 \b, date format=D-M-Y
+>>>>>>>>>>>>>>>0x002B ubyte&0x80 0x00 \b, vfreq=60Hz
+>>>>>>>>>>>>>>>0x002B ubyte&0x80 0x80 \b, vfreq=50Hz
+>>>>>>>>>>>>>>>0x002C ubyte&0x0F 0 \b, keyboard=Japanese
+>>>>>>>>>>>>>>>0x002C ubyte&0x0F 1 \b, keyboard=International
+>>>>>>>>>>>>>>>0x002C ubyte&0x0F 2 \b, keyboard=French
+>>>>>>>>>>>>>>>0x002C ubyte&0x0F 3 \b, keyboard=UK
+>>>>>>>>>>>>>>>0x002C ubyte&0x0F 4 \b, keyboard=German
+>>>>>>>>>>>>>>>0x002C ubyte&0x0F 5 \b, keyboard=Unknown id:%d
+>>>>>>>>>>>>>>>0x002C ubyte&0x0F 6 \b, keyboard=Spanish
+>>>>>>>>>>>>>>>0x002C ubyte&0x0F >6 \b, keyboard=Unknown id:%d
+>>>>>>>>>>>>>>>0x002C ubyte&0xF0 0x00 \b, basic=Japanese
+>>>>>>>>>>>>>>>0x002C ubyte&0xF0 0x10 \b, basic=International
+>>>>>>>>>>>>>>>0x002C ubyte&0xF0 >0x10 \b, basic=Unknown id:%d
+>>>>>>>>>>>>>>>0x002E ubyte&1 1 \b, built-in MIDI
+
+
+0 string/b CD
+>2 uleshort >0x10
+>>2 uleshort <0x4000
+>>>4 uleshort <0x4000
+>>>>6 uleshort <0x4000
+>>>>>8 ubyte 0xC3
+>>>>>>9 uleshort <0x4000
+>>>>>>>0x10 ubyte 0xC3
+>>>>>>>>0x11 uleshort <0x4000
+>>>>>>>>>0x14 ubyte 0xC3
+>>>>>>>>>>0x15 uleshort <0x4000 MSX2/2+/TR SubROM
+
+0 string \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
+>0x5F0 ubequad 0x8282828244380000
+>>0x150 ubyte 0x38
+>>>0x170 string \20\20\20
+>>>>0x1E32 string ())
+>>>>>0x2130 ubequad 0xA5A5594924231807
+>>>>>0x2138 ubequad 0x4A4A3424488830C0 MSX Kanji Font
+
+
+
+# MSX extension ROMs
+0 string/b AB
+>2 uleshort 0x0010 MSX ROM
+>>2 uleshort x \b, init=%#4x
+>>4 uleshort >0 \b, stahdl=%#4x
+>>6 uleshort >0 \b, devhdl=%#4x
+>>8 uleshort >0 \b, bas=%#4x
+>2 uleshort 0x4010 MSX ROM
+>>2 uleshort x \b, init=%#04x
+>>4 uleshort >0 \b, stahdl=%#04x
+>>6 uleshort >0 \b, devhdl=%#04x
+>>8 uleshort >0 \b, bas=%#04x
+>2 uleshort 0x8010 MSX ROM
+>>2 uleshort x \b, init=%#04x
+>>4 uleshort >0 \b, stahdl=%#04x
+>>6 uleshort >0 \b, devhdl=%#04x
+>>8 uleshort >0 \b, bas=%#04x
+0 string/b AB\0\0
+>6 uleshort 0
+>>4 uleshort >0x400F MSX-BASIC extension ROM
+>>>4 uleshort >0 \b, stahdl=%#04x
+>>>6 uleshort >0 \b, devhdl=%#04x
+>>>0x1C string OPLL \b, MSX-Music
+>>>>0x18 string PAC2 \b (external)
+>>>>0x18 string APRL \b (internal)
+
+0 string/b AB\0\0\0\0
+>6 uleshort >0x400F MSX device BIOS
+>>6 uleshort >0 \b, devhdl=%#04x
+
+
+0 string/b AB
+#>2 string 5JSuperLAYDOCK MSX Super Laydock ROM
+#>3 string @HYDLIDE3MSX MSX Hydlide-3 ROM
+#>3 string @3\x80IA862 Golvellius MSX1 ROM
+>2 uleshort >15
+>>2 uleshort <0xC000
+>>>8 string \0\0\0\0\0\0\0\0
+>>>>(2.s&0x3FFF) uleshort >0 MSX ROM
+>>>>>0x10 string YZ\0\0\0\0 Konami Game Master 2 MSX ROM
+>>>>>0x10 string CD \b, Konami RC-
+>>>>>>0x12 ubyte x \b%d
+>>>>>>0x13 ubyte/16 x \b%d
+>>>>>>0x13 ubyte&0xF x \b%d
+>>>>>0x10 string EF \b, Konami RC-
+>>>>>>0x12 ubyte x \b%d
+>>>>>>0x13 ubyte/16 x \b%d
+>>>>>>0x13 ubyte&0xF x \b%d
+>>>>>2 uleshort x \b, init=%#04x
+>>>>>4 uleshort >0 \b, stahdl=%#04x
+>>>>>6 uleshort >0 \b, devhdl=%#04x
+>>>>>8 uleshort >0 \b, bas=%#04x
+>>>2 uleshort 0
+>>>>4 uleshort 0
+>>>>>6 uleshort 0
+>>>>>>8 uleshort >0 MSX BASIC program in ROM, bas=%#04x
+
+0x4000 string/b AB
+>0x4002 uleshort >0x400F
+>>0x400A string \0\0\0\0\0\0 MSX ROM with nonstandard page order
+>>>0x4002 uleshort x \b, init=%#04x
+>>>0x4004 uleshort >0 \b, stahdl=%#04x
+>>>0x4006 uleshort >0 \b, devhdl=%#04x
+>>>0x4008 uleshort >0 \b, bas=%#04x
+
+0x8000 string/b AB
+>0x8002 uleshort >0x400F
+>>0x800A string \0\0\0\0\0\0 MSX ROM with nonstandard page order
+>>>0x8002 uleshort x \b, init=%#04x
+>>>0x8004 uleshort >0 \b, stahdl=%#04x
+>>>0x8006 uleshort >0 \b, devhdl=%#04x
+>>>0x8008 uleshort >0 \b, bas=%#04x
+
+
+0x3C000 string/b AB
+>0x3C008 string \0\0\0\0\0\0\0\0 MSX MegaROM with nonstandard page order
+>>0x3C002 uleshort x \b, init=%#04x
+>>0x3C004 uleshort >0 \b, stahdl=%#04x
+>>0x3C006 uleshort >0 \b, devhdl=%#04x
+>>0x3C008 uleshort >0 \b, bas=%#04x
+
+# MSX BIN file
+#0 byte 0xFE
+#>1 uleshort >0x8000
+#>>3 uleshort >0x8004
+#>>>5 uleshort >0x8000 MSX BIN file
+
+# MSX-BASIC file
+0 byte 0xFF
+>3 uleshort 0x000A
+>>1 uleshort >0x8000 MSX-BASIC program
+
+# MSX .CAS file
+0 string/b \x1F\xA6\xDE\xBA\xCC\x13\x7D\x74 MSX cassette archive
+
+# Mega-Assembler file
+0 byte 0xFE
+>1 uleshort 0x0001
+>>5 uleshort 0xffff
+>>>6 byte 0x0A MSX Mega-Assembler source
+
+# Execrom Patchfile
+0 string ExecROM\ patchfile\x1A MSX ExecROM patchfile
+>0x12 ubyte/16 x v%d
+>0x12 ubyte&0xF x \b.%d
+>0x13 ubyte x \b, contains %d patches
+
+# Konami's King's Valley-2 custom stage (ELG file)
+4 uleshort 0x0900
+>0xF byte 1
+>>0x14 byte 0
+>>>0x1E string \040\040\040
+>>>>0x23 byte 1
+>>>>>0x25 byte 0
+>>>>>>0x15 string >\x30
+>>>>>>>0x15 string <\x5A Konami King's Valley-2 custom stage, title: "%-8.8s"
+>>>>>>>>0x1D byte <32 \b, theme: %d
+
+# Metal Gear 1 savegame
+#0x4F string \x00\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF
+#>>0x60 string \xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF
+#>>>0x7B string \0x00\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x00 Metal Gear 1 savegame
diff --git a/magic/Magdir/mup b/magic/Magdir/mup
new file mode 100644
index 0000000..05b9471
--- /dev/null
+++ b/magic/Magdir/mup
@@ -0,0 +1,24 @@
+
+# ------------------------------------------------------------------------
+# $File: mup,v 1.5 2017/03/17 21:35:28 christos Exp $
+# mup: file(1) magic for Mup (Music Publisher) input file.
+#
+# From: Abel Cheung <abel (@) oaka.org>
+#
+# NOTE: This header is mainly proposed in the Arkkra mailing list,
+# and is not a mandatory header because of old mup input file
+# compatibility. Noteedit also use mup format, but is not forcing
+# user to use any header as well.
+#
+0 search/1 //!Mup Mup music publication program input text
+>6 string -Arkkra (Arkkra)
+>>13 string -
+>>>16 string .
+>>>>14 string x \b, need V%.4s
+>>>15 string .
+>>>>14 string x \b, need V%.3s
+>6 string -
+>>9 string .
+>>>7 string x \b, need V%.4s
+>>8 string .
+>>>7 string x \b, need V%.3s
diff --git a/magic/Magdir/music b/magic/Magdir/music
new file mode 100644
index 0000000..ad8da65
--- /dev/null
+++ b/magic/Magdir/music
@@ -0,0 +1,17 @@
+#------------------------------------------------------------------------------
+# $File: music,v 1.1 2011/11/25 03:28:17 christos Exp $
+# music: file (1) magic for music formats
+
+# BWW format used by Bagpipe Music Writer Gold by Robert MacNeil Musicworks
+# and Bagpipe Writer by Doug Wickstrom
+#
+0 string Bagpipe Bagpipe
+>8 string Reader Reader
+>>15 string >\0 (version %.3s)
+>8 string Music\ Writer Music Writer
+>>20 string :
+>>>21 string >\0 (version %.3s)
+>>21 string Gold Gold
+>>>25 string :
+>>>>26 string >\0 (version %.3s)
+
diff --git a/magic/Magdir/nasa b/magic/Magdir/nasa
new file mode 100644
index 0000000..de3545f
--- /dev/null
+++ b/magic/Magdir/nasa
@@ -0,0 +1,7 @@
+
+#------------------------------------------------------------------------------
+# nasa: file(1) magic
+
+# From: Barry Carter <carter.barry@gmail.com>
+0 string DAF/SPK NASA SPICE file (binary format)
+0 string DAFETF\ NAIF\ DAF\ ENCODED NASA SPICE file (transfer format)
diff --git a/magic/Magdir/natinst b/magic/Magdir/natinst
new file mode 100644
index 0000000..7a55dde
--- /dev/null
+++ b/magic/Magdir/natinst
@@ -0,0 +1,24 @@
+
+#-----------------------------------------------------------------------------
+# $File: natinst,v 1.6 2014/06/03 19:17:27 christos Exp $
+# natinst: file(1) magic for National Instruments Code Files
+
+#
+# From <egamez@fcfm.buap.mx> Enrique Gamez-Flores
+# version 1
+# Many formats still missing, we use, for the moment LabVIEW
+# We guess VXI format file. VISA, LabWindowsCVI, BridgeVIEW, etc, are missing
+#
+0 string RSRC National Instruments,
+# Check if it's a LabVIEW File
+>8 string LV LabVIEW File,
+# Check which kind of file it is
+>>10 string SB Code Resource File, data
+>>10 string IN Virtual Instrument Program, data
+>>10 string AR VI Library, data
+# This is for Menu Libraries
+>8 string LMNULBVW Portable File Names, data
+# This is for General Resources
+>8 string rsc Resources File, data
+# This is for VXI Package
+0 string VMAP National Instruments, VXI File, data
diff --git a/magic/Magdir/ncr b/magic/Magdir/ncr
new file mode 100644
index 0000000..21b09ab
--- /dev/null
+++ b/magic/Magdir/ncr
@@ -0,0 +1,49 @@
+
+#------------------------------------------------------------------------------
+# $File: ncr,v 1.8 2014/04/30 21:41:02 christos Exp $
+# ncr: file(1) magic for NCR Tower objects
+#
+# contributed by
+# Michael R. Wayne *** TMC & Associates *** INTERNET: wayne@ford-vax.arpa
+# uucp: {philabs | pyramid} !fmsrl7!wayne OR wayne@fmsrl7.UUCP
+#
+0 beshort 000610 Tower/XP rel 2 object
+>12 belong >0 not stripped
+>20 beshort 0407 executable
+>20 beshort 0410 pure executable
+>22 beshort >0 - version %d
+0 beshort 000615 Tower/XP rel 2 object
+>12 belong >0 not stripped
+>20 beshort 0407 executable
+>20 beshort 0410 pure executable
+>22 beshort >0 - version %d
+0 beshort 000620 Tower/XP rel 3 object
+>12 belong >0 not stripped
+>20 beshort 0407 executable
+>20 beshort 0410 pure executable
+>22 beshort >0 - version %d
+0 beshort 000625 Tower/XP rel 3 object
+>12 belong >0 not stripped
+>20 beshort 0407 executable
+>20 beshort 0410 pure executable
+>22 beshort >0 - version %d
+0 beshort 000630 Tower32/600/400 68020 object
+>12 belong >0 not stripped
+>20 beshort 0407 executable
+>20 beshort 0410 pure executable
+>22 beshort >0 - version %d
+0 beshort 000640 Tower32/800 68020
+>18 beshort &020000 w/68881 object
+>18 beshort &040000 compatible object
+>18 beshort &060000 object
+>20 beshort 0407 executable
+>20 beshort 0413 pure executable
+>12 belong >0 not stripped
+>22 beshort >0 - version %d
+0 beshort 000645 Tower32/800 68010
+>18 beshort &040000 compatible object
+>18 beshort &060000 object
+>20 beshort 0407 executable
+>20 beshort 0413 pure executable
+>12 belong >0 not stripped
+>22 beshort >0 - version %d
diff --git a/magic/Magdir/netbsd b/magic/Magdir/netbsd
new file mode 100644
index 0000000..77e64f0
--- /dev/null
+++ b/magic/Magdir/netbsd
@@ -0,0 +1,251 @@
+
+#------------------------------------------------------------------------------
+# $File: netbsd,v 1.26 2019/01/01 03:11:23 christos Exp $
+# netbsd: file(1) magic for NetBSD objects
+#
+# All new-style magic numbers are in network byte order.
+# The old-style magic numbers are indistinguishable from the same magic
+# numbers used in other systems, and are handled, for all those systems,
+# in aout.
+#
+
+0 name netbsd-detail
+>20 lelong x @%#x
+>4 lelong >0 \b+T=%d
+>8 lelong >0 \b+D=%d
+>12 lelong >0 \b+B=%d
+>16 lelong >0 \b+S=%d
+>24 lelong >0 \b+TR=%d
+>28 lelong >0 \b+TD=%d
+
+0 name netbsd-4096
+>0 byte &0x80
+>>20 lelong <4096 shared library
+>>20 lelong =4096 dynamically linked executable
+>>20 lelong >4096 dynamically linked executable
+>0 byte ^0x80 executable
+>16 lelong >0 not stripped
+
+0 name netbsd-8192
+>0 byte &0x80
+>>20 lelong <8192 shared library
+>>20 lelong =8192 dynamically linked executable
+>>20 lelong >8192 dynamically linked executable
+>0 byte ^0x80 executable
+>16 lelong >0 not stripped
+>0 use netbsd-detail
+
+0 name netbsd-normal
+>0 byte &0x80 dynamically linked executable
+>0 byte ^0x80
+>>0 byte &0x40 position independent
+>>20 lelong !0 executable
+>>20 lelong =0 object file
+>16 lelong >0 not stripped
+>0 use netbsd-detail
+
+0 name netbsd-pure
+>0 byte &0x80 dynamically linked executable
+>0 byte ^0x80 executable
+>16 lelong >0 not stripped
+>0 use netbsd-detail
+
+0 name netbsd-core
+>12 string >\0 from '%s'
+>32 lelong !0 (signal %d)
+
+0 belong&0377777777 041400413 a.out NetBSD/i386 demand paged
+>0 use netbsd-4096
+
+0 belong&0377777777 041400410 a.out NetBSD/i386 pure
+>0 use netbsd-pure
+
+0 belong&0377777777 041400407 a.out NetBSD/i386
+>0 use netbsd-normal
+
+0 belong&0377777777 041400507 a.out NetBSD/i386 core
+>0 use netbsd-core
+
+0 belong&0377777777 041600413 a.out NetBSD/m68k demand paged
+>0 use \^netbsd-8192
+
+0 belong&0377777777 041600410 a.out NetBSD/m68k pure
+>0 use \^netbsd-pure
+
+0 belong&0377777777 041600407 a.out NetBSD/m68k
+>0 use \^netbsd-normal
+
+0 belong&0377777777 041600507 a.out NetBSD/m68k core
+>0 use \^netbsd-core
+
+0 belong&0377777777 042000413 a.out NetBSD/m68k4k demand paged
+>0 use \^netbsd-4096
+
+0 belong&0377777777 042000410 a.out NetBSD/m68k4k pure
+>0 use \^netbsd-pure
+
+0 belong&0377777777 042000407 a.out NetBSD/m68k4k
+>0 use \^netbsd-normal
+
+0 belong&0377777777 042000507 a.out NetBSD/m68k4k core
+>0 use \^netbsd-core
+
+0 belong&0377777777 042200413 a.out NetBSD/ns32532 demand paged
+>0 use netbsd-4096
+
+0 belong&0377777777 042200410 a.out NetBSD/ns32532 pure
+>0 use netbsd-pure
+
+0 belong&0377777777 042200407 a.out NetBSD/ns32532
+>0 use netbsd-normal
+
+0 belong&0377777777 042200507 a.out NetBSD/ns32532 core
+>0 use netbsd-core
+
+0 belong&0377777777 045200507 a.out NetBSD/powerpc core
+>0 use netbsd-core
+
+0 belong&0377777777 042400413 a.out NetBSD/SPARC demand paged
+>0 use \^netbsd-8192
+
+0 belong&0377777777 042400410 a.out NetBSD/SPARC pure
+>0 use \^netbsd-pure
+
+0 belong&0377777777 042400407 a.out NetBSD/SPARC
+>0 use \^netbsd-normal
+
+0 belong&0377777777 042400507 a.out NetBSD/SPARC core
+>0 use \^netbsd-core
+
+0 belong&0377777777 042600413 a.out NetBSD/pmax demand paged
+>0 use netbsd-4096
+
+0 belong&0377777777 042600410 a.out NetBSD/pmax pure
+>0 use \^netbsd-pure
+
+0 belong&0377777777 042600407 a.out NetBSD/pmax
+>0 use netbsd-normal
+
+0 belong&0377777777 042600507 a.out NetBSD/pmax core
+>0 use netbsd-core
+
+0 belong&0377777777 043000413 a.out NetBSD/vax 1k demand paged
+>0 use netbsd-4096
+
+0 belong&0377777777 043000410 a.out NetBSD/vax 1k pure
+>0 use netbsd-pure
+
+0 belong&0377777777 043000407 a.out NetBSD/vax 1k
+>0 use netbsd-normal
+
+0 belong&0377777777 043000507 a.out NetBSD/vax 1k core
+>0 use netbsd-core
+
+0 belong&0377777777 045400413 a.out NetBSD/vax 4k demand paged
+>0 use netbsd-4096
+
+0 belong&0377777777 045400410 a.out NetBSD/vax 4k pure
+>0 use netbsd-pure
+
+0 belong&0377777777 045400407 a.out NetBSD/vax 4k
+>0 use netbsd-normal
+
+0 belong&0377777777 045400507 a.out NetBSD/vax 4k core
+>0 use netbsd-core
+
+# NetBSD/alpha does not support (and has never supported) a.out objects,
+# so no rules are provided for them. NetBSD/alpha ELF objects are
+# dealt with in "elf".
+0 lelong 0x00070185 ECOFF NetBSD/alpha binary
+>10 leshort 0x0001 not stripped
+>10 leshort 0x0000 stripped
+0 belong&0377777777 043200507 a.out NetBSD/alpha core
+>12 string >\0 from '%s'
+>32 lelong !0 (signal %d)
+
+0 belong&0377777777 043400413 a.out NetBSD/mips demand paged
+>0 use \^netbsd-8192
+
+>16 belong >0 not stripped
+0 belong&0377777777 043400410 a.out NetBSD/mips pure
+>0 use netbsd-pure
+
+0 belong&0377777777 043400407 a.out NetBSD/mips
+>0 use netbsd-normal
+
+0 belong&0377777777 043400507 a.out NetBSD/mips core
+>0 use netbsd-core
+
+0 belong&0377777777 043600413 a.out NetBSD/arm32 demand paged
+>0 use netbsd-4096
+
+0 belong&0377777777 043600410 a.out NetBSD/arm32 pure
+>0 use netbsd-pure
+
+0 belong&0377777777 043600407 a.out NetBSD/arm32
+>0 use netbsd-normal
+
+# NetBSD/arm26 has always used ELF objects, but it shares a core file
+# format with NetBSD/arm32.
+0 belong&0377777777 043600507 a.out NetBSD/arm core
+>0 use netbsd-core
+
+# Kernel core dump format
+0 belong&0x0000ffff 0x00008fca NetBSD kernel core file
+>0 belong&0x03ff0000 0x00000000 \b, Unknown
+>0 belong&0x03ff0000 0x00010000 \b, sun 68010/68020
+>0 belong&0x03ff0000 0x00020000 \b, sun 68020
+>0 belong&0x03ff0000 0x00640000 \b, 386 PC
+>0 belong&0x03ff0000 0x00860000 \b, i386 BSD
+>0 belong&0x03ff0000 0x00870000 \b, m68k BSD (8K pages)
+>0 belong&0x03ff0000 0x00880000 \b, m68k BSD (4K pages)
+>0 belong&0x03ff0000 0x00890000 \b, ns32532 BSD
+>0 belong&0x03ff0000 0x008a0000 \b, SPARC/32 BSD
+>0 belong&0x03ff0000 0x008b0000 \b, pmax BSD
+>0 belong&0x03ff0000 0x008c0000 \b, vax BSD (1K pages)
+>0 belong&0x03ff0000 0x008d0000 \b, alpha BSD
+>0 belong&0x03ff0000 0x008e0000 \b, mips BSD (Big Endian)
+>0 belong&0x03ff0000 0x008f0000 \b, arm6 BSD
+>0 belong&0x03ff0000 0x00900000 \b, m68k BSD (2K pages)
+>0 belong&0x03ff0000 0x00910000 \b, sh3 BSD
+>0 belong&0x03ff0000 0x00950000 \b, ppc BSD (Big Endian)
+>0 belong&0x03ff0000 0x00960000 \b, vax BSD (4K pages)
+>0 belong&0x03ff0000 0x00970000 \b, mips1 BSD
+>0 belong&0x03ff0000 0x00980000 \b, mips2 BSD
+>0 belong&0x03ff0000 0x00990000 \b, m88k BSD
+>0 belong&0x03ff0000 0x00920000 \b, parisc BSD
+>0 belong&0x03ff0000 0x009b0000 \b, sh5/64 BSD
+>0 belong&0x03ff0000 0x009c0000 \b, SPARC/64 BSD
+>0 belong&0x03ff0000 0x009d0000 \b, amd64 BSD
+>0 belong&0x03ff0000 0x009e0000 \b, sh5/32 BSD
+>0 belong&0x03ff0000 0x009f0000 \b, ia64 BSD
+>0 belong&0x03ff0000 0x00b70000 \b, aarch64 BSD
+>0 belong&0x03ff0000 0x00b80000 \b, or1k BSD
+>0 belong&0x03ff0000 0x00b90000 \b, Risk-V BSD
+>0 belong&0x03ff0000 0x00c80000 \b, hp200 BSD
+>0 belong&0x03ff0000 0x012c0000 \b, hp300 BSD
+>0 belong&0x03ff0000 0x020b0000 \b, hp800 HP-UX
+>0 belong&0x03ff0000 0x020c0000 \b, hp200/hp300 HP-UX
+>0 belong&0xfc000000 0x04000000 \b, CPU
+>0 belong&0xfc000000 0x08000000 \b, DATA
+>0 belong&0xfc000000 0x10000000 \b, STACK
+>4 leshort x \b, (headersize = %d
+>6 leshort x \b, segmentsize = %d
+>8 lelong x \b, segments = %d)
+
+# little endian only for now.
+0 name ktrace
+>4 leshort 7
+>>6 leshort <3 NetBSD ktrace file version %d
+>>>12 string x from %s
+>>>56 string x \b, emulation %s
+>>>8 lelong <65536 \b, pid=%d
+
+56 string netbsd
+>0 use ktrace
+56 string linux
+>0 use ktrace
+56 string sunos
+>0 use ktrace
+56 string hpux
+>0 use ktrace
diff --git a/magic/Magdir/netscape b/magic/Magdir/netscape
new file mode 100644
index 0000000..0e1ca61
--- /dev/null
+++ b/magic/Magdir/netscape
@@ -0,0 +1,26 @@
+
+#------------------------------------------------------------------------------
+# $File: netscape,v 1.8 2017/03/17 21:35:28 christos Exp $
+# netscape: file(1) magic for Netscape files
+# "H. Nanosecond" <aldomel@ix.netcom.com>
+# version 3 and 4 I think
+#
+
+# Netscape Address book .nab
+0 string \000\017\102\104\000\000\000\000\000\000\001\000\000\000\000\002\000\000\000\002\000\000\004\000 Netscape Address book
+
+# Netscape Communicator address book
+0 string \000\017\102\111 Netscape Communicator address book
+
+# .snm Caches
+0 string #\ Netscape\ folder\ cache Netscape folder cache
+0 string \000\036\204\220\000 Netscape folder cache
+# .n2p
+# Net 2 Phone
+#0 string 123\130\071\066\061\071\071\071\060\070\061\060\061\063\060
+0 string SX961999 Net2phone
+
+#
+#This is files ending in .art, FIXME add more rules
+0 string JG\004\016\0\0\0\0 AOL ART image
+0 string JG\003\016\0\0\0\0 AOL ART image
diff --git a/magic/Magdir/netware b/magic/Magdir/netware
new file mode 100644
index 0000000..089a243
--- /dev/null
+++ b/magic/Magdir/netware
@@ -0,0 +1,11 @@
+
+#------------------------------------------------------------------------------
+# $File: netware,v 1.5 2020/09/04 16:30:51 christos Exp $
+# netware: file(1) magic for NetWare Loadable Modules (NLMs)
+# From: Mads Martin Joergensen <mmj@suse.de>
+# URL: https://en.wikipedia.org/wiki/NetWare_Loadable_Module
+
+0 string NetWare\ Loadable\ Module NetWare Loadable Module
+#!:mime application/octet-stream
+!:ext nlm
+
diff --git a/magic/Magdir/news b/magic/Magdir/news
new file mode 100644
index 0000000..eea8aed
--- /dev/null
+++ b/magic/Magdir/news
@@ -0,0 +1,13 @@
+
+#------------------------------------------------------------------------------
+# $File: news,v 1.6 2009/09/19 16:28:11 christos Exp $
+# news: file(1) magic for SunOS NeWS fonts (not "news" as in "netnews")
+#
+0 string StartFontMetrics ASCII font metrics
+0 string StartFont ASCII font bits
+0 belong 0x137A2944 NeWS bitmap font
+0 belong 0x137A2947 NeWS font family
+0 belong 0x137A2950 scalable OpenFont binary
+0 belong 0x137A2951 encrypted scalable OpenFont binary
+8 belong 0x137A2B45 X11/NeWS bitmap font
+8 belong 0x137A2B48 X11/NeWS font family
diff --git a/magic/Magdir/nifty b/magic/Magdir/nifty
new file mode 100644
index 0000000..151d869
--- /dev/null
+++ b/magic/Magdir/nifty
@@ -0,0 +1,202 @@
+
+#------------------------------------------------------------------------------
+# $File: nifty,v 1.1 2022/02/14 16:51:15 christos Exp $
+# file(1) magic for the NIfTI file format
+
+# Type: NIfTI, Neuroimaging file format
+# URL: https://nifti.nimh.nih.gov/
+# From: Yann Leprince <yann.leprince@cea.fr>, 2022
+
+344 string n+1\0 NIfTI-1 neuroimaging data,
+!:mime image/x.nifti
+!:ext nii
+>0 use nifti1
+344 string ni1\0 NIfTI-1 neuroimaging data header,
+!:mime image/x.nifti
+!:ext hdr
+>0 use nifti1
+
+4 string n+2\0\r\n\032\n NIfTI-2 neuroimaging data,
+!:mime image/x.nifti
+!:ext nii
+>0 use nifti2
+4 string ni2\0\r\n\032\n NIfTI-2 neuroimaging data header,
+!:mime image/x.nifti
+!:ext hdr
+>0 use nifti2
+
+# Main subroutine for NIfTI-1
+0 name nifti1
+>0 clear x
+>0 lelong =348 little endian
+>>70 use nifti-datatype-le
+>>112 lefloat !0 with scaling
+>>0 use nifti1-dim-le
+>>252 leshort >0 \b, with qform
+>>>252 use xform-code-nifti1-le
+>>254 leshort >0 \b, with sform
+>>>254 use xform-code-nifti1-le
+>>136 string >\0 \b, description: %s
+>0 belong =348 big endian
+>>70 use \^nifti-datatype-le
+>>112 befloat !0 with scaling
+>>0 use \^nifti1-dim-le
+>>252 beshort >0 \b, with qform
+>>>252 use \^xform-code-nifti1-le
+>>254 beshort >0 \b, with sform
+>>>254 use \^xform-code-nifti1-le
+>>136 string >\0 \b, description: %s
+>0 default x
+>>0 long x invalid sizeof_hdr=%d
+
+# Main subroutine for NIfTI-2
+0 name nifti2
+>0 clear x
+>0 lelong =540 little endian
+>>12 use nifti-datatype-le
+>>176 lefloat !0 with scaling
+>>0 use nifti2-dim-le
+>>344 lelong >0 \b, with qform
+>>>344 use xform-code-nifti2-le
+>>348 lelong >0 \b, with sform
+>>>348 use xform-code-nifti2-le
+>>240 string >\0 \b, description: %s
+>0 belong =540 big endian
+>>12 use \^nifti-datatype-le
+>>176 befloat !0 with scaling
+>>0 use \^nifti2-dim-le
+>>344 lelong >0 \b, with qform
+>>>344 use \^xform-code-nifti2-le
+>>348 lelong >0 \b, with sform
+>>>348 use \^xform-code-nifti2-le
+>>240 string >\0 \b, description: %s
+>0 default x
+>>0 long x invalid sizeof_hdr=%d
+
+
+# Other subroutines for details of NIfTI files
+
+0 name nifti-datatype-le
+>0 clear x
+>0 leshort =1 \b, binary datatype
+>0 leshort =2 \b, uint8 datatype
+>0 leshort =4 \b, int16 datatype
+>0 leshort =8 \b, int32 datatype
+>0 leshort =16 \b, float32 datatype
+>0 leshort =32 \b, complex64 datatype
+>0 leshort =64 \b, float64 datatype
+>0 leshort =128 \b, RGB24 datatype
+>0 leshort =256 \b, int8 datatype
+>0 leshort =512 \b, uint16 datatype
+>0 leshort =768 \b, uint32 datatype
+>0 leshort =1024 \b, int64 datatype
+>0 leshort =1280 \b, uint64 datatype
+>0 leshort =1536 \b, float128 datatype
+>0 leshort =1792 \b, complex128 datatype
+>0 leshort =2048 \b, complex256 datatype
+>0 leshort =2304 \b, RGBA32 datatype
+>0 default x
+>>0 leshort x \b, unknown datatype 0x%x
+>>2 leshort x (%d bits/pixel)
+
+0 name nifti1-dim-le
+>0 clear x
+>40 leshort <0 \b, INVALID dim[0]=%d
+>40 leshort >7 \b, INVALID dim[0]=%d
+>0 default x
+>>40 leshort x \b, %d-dimensional (size
+>>42 leshort x %d
+>>40 leshort >1
+>>>44 leshort x \bx%d
+>>40 leshort >2
+>>>46 leshort x \bx%d
+>>40 leshort >3
+>>>48 leshort x \bx%d
+>>40 leshort >4
+>>>50 leshort x \bx%d
+>>40 leshort >5
+>>>52 leshort x \bx%d
+>>40 leshort >6
+>>>54 leshort x \bx%d
+>>80 lefloat x \b, voxel size %f
+>>40 leshort >1
+>>>84 lefloat x x %f
+>>40 leshort >2
+>>>88 lefloat x x %f
+>>123 use nifti1-xyz-unit
+>>40 leshort >3
+>>>92 lefloat x x %f
+>>>123 use nifti1-t-unit
+>>40 leshort x \b)
+
+0 name nifti2-dim-le
+>0 clear x
+>16 lequad <0 \b, INVALID dim[0]=%lld
+>16 lequad >7 \b, INVALID dim[0]=%lld
+>0 default x
+>>16 lequad x \b, %lld-dimensional (size
+>>24 lequad x %lld
+>>16 lequad >1
+>>>32 lequad x \bx%lld
+>>16 lequad >2
+>>>40 lequad x \bx%lld
+>>16 lequad >3
+>>>48 lequad x \bx%lld
+>>16 lequad >4
+>>>56 lequad x \bx%lld
+>>16 lequad >5
+>>>64 lequad x \bx%lld
+>>16 lequad >6
+>>>72 lequad x \bx%lld,
+>>112 ledouble x \b, voxel size %f
+>>16 lequad >1
+>>>120 ledouble x x %f
+>>16 lequad >2
+>>>128 ledouble x x %f
+>>500 use nifti2-xyz-unit
+>>16 lequad >3
+>>>136 ledouble x x %f
+>>>500 use nifti2-t-unit
+>>16 lequad x \b)
+
+0 name xform-code-nifti1-le
+>0 leshort =1 to scanner-based coordinates
+>0 leshort =2 to aligned coordinates
+>0 leshort =3 to Talairach coordinates
+>0 leshort =4 to MNI152 coordinates
+>0 leshort =5 to template coordinates
+
+0 name xform-code-nifti2-le
+>0 lelong =1 to scanner-based coordinates
+>0 lelong =2 to aligned coordinates
+>0 lelong =3 to Talairach coordinates
+>0 lelong =4 to MNI152 coordinates
+>0 lelong =5 to template coordinates
+
+0 name nifti1-xyz-unit
+>0 byte &0x01
+>>0 byte ^0x02 m
+>>0 byte &0x02 micron
+>0 byte ^0x01
+>>0 byte &0x02 mm
+
+0 name nifti1-t-unit
+>0 byte &0x08
+>>0 byte ^0x10 s
+>>0 byte &0x10 ms
+>0 byte ^0x08
+>>0 byte &0x10 microsecond
+
+0 name nifti2-xyz-unit
+>0 lelong &0x01
+>>0 lelong ^0x02 m
+>>0 lelong &0x02 micron
+>0 lelong ^0x01
+>>0 lelong &0x02 mm
+
+0 name nifti2-t-unit
+>0 lelong &0x08
+>>0 lelong ^0x10 s
+>>0 lelong &0x10 ms
+>0 lelong ^0x08
+>>0 lelong &0x10 microsecond
diff --git a/magic/Magdir/nim-lang b/magic/Magdir/nim-lang
new file mode 100644
index 0000000..bc2cf98
--- /dev/null
+++ b/magic/Magdir/nim-lang
@@ -0,0 +1,29 @@
+
+#------------------------------------------------------------------------------
+# $File: nim-lang,v 1.3 2021/07/06 12:34:06 christos Exp $
+# nim-lang: file(1) magic for nim
+# URL: https://nim-lang.org/
+
+0 search/8192 import
+>&0 search/64 os
+>>&0 use nim1
+>&0 default x
+>>&0 search/64 osproc
+>>>&0 use nim1
+>>&0 default x
+>>>&0 search/64 strutils
+>>>>&0 use nim1
+
+0 name nim1
+>&0 search/8192 proc
+>>&0 use nim2
+>&0 default x
+>>&0 search/8192 template
+>>>&0 use nim2
+>>&0 default x
+>>>&0 search/8192 let
+>>>>&0 use nim2
+
+0 name nim2
+>&0 search/8192 when Nim source code
+!:ext nim
diff --git a/magic/Magdir/nitpicker b/magic/Magdir/nitpicker
new file mode 100644
index 0000000..bea96c3
--- /dev/null
+++ b/magic/Magdir/nitpicker
@@ -0,0 +1,14 @@
+
+#------------------------------------------------------------------------------
+# $File: nitpicker,v 1.8 2019/04/19 00:42:27 christos Exp $
+# nitpicker: file(1) magic for Flowfiles.
+# From: Christian Jachmann <C.Jachmann@gmx.net> https://www.nitpicker.de
+0 string NPFF NItpicker Flow File
+>4 byte x V%d.
+>5 byte x %d
+>6 bedate x started: %s
+>10 bedate x stopped: %s
+>14 belong x Bytes: %u
+>18 belong x Bytes1: %u
+>22 belong x Flows: %u
+>26 belong x Pkts: %u
diff --git a/magic/Magdir/numpy b/magic/Magdir/numpy
new file mode 100644
index 0000000..c1520dd
--- /dev/null
+++ b/magic/Magdir/numpy
@@ -0,0 +1,9 @@
+
+#------------------------------------------------------------------------------
+# $File: numpy,v 1.1 2019/05/09 16:24:36 christos Exp $
+# numpy: file(1) magic for NumPy array binary serialization format
+# Reference: https://docs.scipy.org/doc/numpy/reference/generated/numpy.lib.format.html
+0 string \x93NUMPY NumPy array,
+>6 ubyte x version %d
+>7 ubyte x \b.%d,
+>8 uleshort x header length %d
diff --git a/magic/Magdir/oasis b/magic/Magdir/oasis
new file mode 100644
index 0000000..45ad6d1
--- /dev/null
+++ b/magic/Magdir/oasis
@@ -0,0 +1,12 @@
+
+#------------------------------------------------------------------------------
+# $File: oasis,v 1.2 2014/06/03 19:17:27 christos Exp $
+# OASIS
+# Summary: OASIS stream file
+# Long description: Open Artwork System Interchange Standard
+# File extension: .oas
+# Full name: Ben Cowley (bcowley@broadcom.com)
+# Philip Dixon (pdixon@broadcom.com)
+# Reference: http://www.wrcad.com/oasis/oasis-3626-042303-draft.pdf
+# (see page 3)
+0 string %SEMI-OASIS\r\n OASIS Stream file
diff --git a/magic/Magdir/ocaml b/magic/Magdir/ocaml
new file mode 100644
index 0000000..3ec3100
--- /dev/null
+++ b/magic/Magdir/ocaml
@@ -0,0 +1,14 @@
+
+#------------------------------------------------------------------------------
+# $File: ocaml,v 1.5 2010/09/20 18:55:20 rrt Exp $
+# ocaml: file(1) magic for Objective Caml files.
+0 string Caml1999 OCaml
+>8 string X exec file
+>8 string I interface file (.cmi)
+>8 string O object file (.cmo)
+>8 string A library file (.cma)
+>8 string Y native object file (.cmx)
+>8 string Z native library file (.cmxa)
+>8 string M abstract syntax tree implementation file
+>8 string N abstract syntax tree interface file
+>9 string >\0 (Version %3.3s)
diff --git a/magic/Magdir/octave b/magic/Magdir/octave
new file mode 100644
index 0000000..49ea3e7
--- /dev/null
+++ b/magic/Magdir/octave
@@ -0,0 +1,6 @@
+
+#------------------------------------------------------------------------------
+# $File: octave,v 1.4 2009/09/19 16:28:11 christos Exp $
+# octave binary data file(1) magic, from Dirk Eddelbuettel <edd@debian.org>
+0 string Octave-1-L Octave binary data (little endian)
+0 string Octave-1-B Octave binary data (big endian)
diff --git a/magic/Magdir/ole2compounddocs b/magic/Magdir/ole2compounddocs
new file mode 100644
index 0000000..2c451a9
--- /dev/null
+++ b/magic/Magdir/ole2compounddocs
@@ -0,0 +1,760 @@
+
+#------------------------------------------------------------------------------
+# $File: ole2compounddocs,v 1.26 2023/05/15 16:46:12 christos Exp $
+# Microsoft OLE 2 Compound Documents : file(1) magic for Microsoft Structured
+# storage (https://en.wikipedia.org/wiki/Compound_File_Binary_Format)
+# Additional tests for OLE 2 Compound Documents should be under this recipe.
+# reference: https://www.openoffice.org/sc/compdocfileformat.pdf
+
+0 string \320\317\021\340\241\261\032\341
+# https://digital-preservation.github.io/droid/
+# skip droid skeleton like fmt-39-signature-id-128.doc by valid version
+>0x1A ushort !0xABAB OLE 2 Compound Document
+#>0x1C uleshort x \b, endnian %#4.4x
+# big endian not tested
+>>0x1C ubeshort =0xfffe \b, big-endian
+>>>546 string jbjb : Microsoft Word Document
+!:mime application/msword
+!:apple MSWDWDBN
+!:ext doc
+# Byte Order 0xFFFE means little-endian found in real world applications
+#>>0x1C uleshort =0xfffe \b, little-endian
+>>0x1C uleshort =0xfffe
+# From: Joerg Jenderek
+# Major Version 3 or 4
+>>>0x1A uleshort x \b, v%u
+# Minor Version 32h=50 3Bh=59 3Eh=62
+>>>0x18 uleshort x \b.%u
+# SecID of first sector of the directory stream is often 1 but high like 3144h
+>>>48 ulelong x \b, SecID %#x
+# Sector Shift Exponent in short-stream container stream: 6~64 bytes
+>>>32 uleshort !6 \b, exponent of short stream %u
+# total number of sectors used for the FAT
+>>>44 ulelong >1 \b, %u FAT sectors
+# SecID of first sector of the short-sector allocation table (Mini FAT)
+# or -2 (End Of ChainSecID) if not extant
+>>>60 ulelong !0xffFFffFE \b, Mini FAT start sector %#x
+# total number of sectors used for the short-sector allocation table
+>>>64 ulelong !1 \b, %u Mini FAT sector
+# plural s
+>>>>64 ulelong >1 \bs
+# SecID of first sector of the master sector allocation table (DIFAT)
+# or -2 (End Of Chain SecID) if no additional sectors used
+>>>68 ulelong !0xffFFffFE \b, DIFAT start sector %#x
+# total number of sectors used for the master sector allocation table (DIFAT)
+>>>72 ulelong >0 \b, %u DIFAT sectors
+# First part of the master sector allocation table (DIFAT) containing 109 SecIDs
+#>>>76 ubequad x \b, DIFAT=%#16.16llx
+#>>>84 ubequad x \b%16.16llx...
+# pointer to root entry only works with standard configuration for SecID ~< 800h
+# Red-Carpet-presentation-1.0-1.sdd sg10.sdv 2000_GA_Annual_Review_Data.xls
+# "ORLEN Factbook 2017.xls" XnView_metadata.doc
+# "Barham, Lisa - Die Shopping-Prinzessinnen.doc" then not recognized
+>>>48 ulelong >0x800 too big for FILE_BYTES_MAX = 1 MiB
+# Sector Shift Exponent 9~512 for major version 3 or C~4096 for major version 4
+>>>0x1E uleshort 0xc \b, blocksize 4096
+# jump to one block (4096 bytes per block) before root storage block
+>>>>(48.l*4096) ubyte x
+>>>>>&4095 use ole2-directory
+#>>>0x1E uleshort 9 \b, blocksize 512
+>>>0x1E uleshort 9
+# jump to one block (512 bytes per block) before root storage block
+# in 5.37 only true for offset ~< FILE_BYTES_MAX=7 MiB defined in ../../src/file.h
+>>>>(48.l*512) ubyte x
+>>>>>&511 use ole2-directory
+# check directory entry structure and display types by GUID
+0 name ole2-directory
+# directory entry name like "Root Entry"
+#>0 lestring16 x \b, 1st %.10s
+# type of the entry; 5~Root storage
+#>66 ubyte x \b, type %x
+# node colour of the entry: 00H ~ Red 01H ~ Black
+#>67 ubyte x \b, color %x
+# the DirIDs of the child nodes. Should both be -1 in the root storage entry
+#>68 bequad !0xffffffffffffffff \b, DirIDs %llx
+# NEXT lines for DEBUGGING
+# second directory entry name like VisioDocument Control000
+#>128 lestring16 x \b, 2nd %.20s
+# third directory entry like WordDocument
+#>256 lestring16 x \b, 3rd %.20s
+# forth
+#>384 lestring16 x \b, 4th %.10s
+# 5th
+#>512 lestring16 x \b, 5th %.10s
+# 6th
+#>640 lestring16 x \b, 6th %.10s
+# 7th
+#>768 lestring16 x \b, 7th %.10s
+# https://wikileaks.org/ciav7p1/cms/page_13762814.html
+# https://m.blog.naver.com/superman4u/40047693679
+# https://misc.daniel-marschall.de/projects/guid_analysis/guid.txt
+# https://toolslick.com/conversion/data/guid
+#>80 ubequad !0 \b, clsid %#16.16llx
+#>>88 ubequad x \b%16.16llx
+# test for "Root Entry" inside directory by type 5 value
+>66 ubyte 5
+# look for CLSID GUID 0
+>>88 ubequad 0x0
+>>>80 ubequad 0x0
+# - Microstation V8 DGN files (www.bentley.com)
+# URL: https://en.wikipedia.org/wiki/MicroStation
+# Last update on 10/23/2006 by Lester Hightower
+# 07/24/2019 by Joerg Jenderek
+# Second directory entry name like Dgn~H Dgn~S
+>>>>128 lestring16 Dgn~ : Microstation V8 CAD
+#!:mime application/x-ole-storage
+!:mime application/x-bentley-dgn
+# http://www.q-cad.com/files/samples_cad_files/1344468165.dgn
+!:ext dgn
+#
+# URL: http://fileformats.archiveteam.org/wiki/WordPerfect
+# Second directory entry name PerfectOffice_
+>>>>128 lestring16 PerfectOffice_ : WordPerfect 7-X3 presentations Master, Document or Graphic
+!:mime application/vnd.wordperfect
+# https://www.macdisk.com/macsigen.php "WPC2" for Wordperfect 2 *.wpd
+!:apple ????WPC7
+!:ext mst/wpd/wpg
+#
+# URL: http://fileformats.archiveteam.org/wiki/Microsoft_Works_Word_Processor
+# Second directory entry name MatOST_
+>>>>128 lestring16 MatOST : Microsoft Works 3.0 document
+!:mime application/vnd.ms-works
+!:apple ????AWWP
+!:ext wps
+#
+# URL: http://fileformats.archiveteam.org/wiki/Microsoft_Works_Spreadsheet
+# 3rd directory entry name WksSSWorkBook
+>>>>256 lestring16 WksSSWorkBook : Microsoft Works 6-9 spreadsheet
+!:mime application/vnd.ms-works
+!:apple ????AWSS
+!:ext xlr
+#
+# URL: http://fileformats.archiveteam.org/wiki/XLS
+# what is the difference to {00020820-0000-0000-c000-000000000046} ?
+# Second directory entry name Workbook
+>>>>128 lestring16 Workbook
+>>>>>256 lestring16 !WksSSWorkBook : Microsoft Excel 97-2003 worksheet 0 clsid
+!:mime application/vnd.ms-excel
+# https://www.macdisk.com/macsigen.php XLS5 for Excel 5
+!:apple ????XLS9
+!:ext xls
+#
+# URL: http://fileformats.archiveteam.org/wiki/PPT
+# Second directory entry name Object1 Object12 Object35
+>>>>128 lestring16 Object : Microsoft PowerPoint 4 presentation
+!:mime application/vnd.ms-powerpoint
+# https://www.macdisk.com/macsigen.php
+!:apple ????PPT3
+!:ext ppt
+#
+# URL: https://www.msoutlook.info/question/164
+# Second directory entry name __CollDataStm
+>>>>128 lestring16 __CollDataStm : Microsoft Outlook Send Receive Settings
+#!:mime application/vnd.ms-outlook
+!:mime application/x-ms-srs
+# %APPDATA%\Microsoft\Outlook\Outlook.srs
+!:ext srs
+#
+# URL: https://www.file-extensions.org/cag-file-extension
+# Second directory entry name Category
+>>>>128 lestring16 Category : Microsoft Clip Art Gallery
+#!:mime application/x-ole-storage
+!:mime application/x-ms-cag
+!:apple MScgCGdb
+!:ext cag/
+#
+# URL: https://www.filesuffix.com/de/extension/rra
+# 3rd directory entry name StrIndex_StringTable
+>>>>256 lestring16 StrIndex_StringTable : Windows temporarily installer
+#!:mime application/x-ole-storage
+!:mime application/x-ms-rra
+!:ext rra
+#
+# URL: https://www.forensicswiki.org/wiki/Jump_Lists
+# 3rd directory entry name DestList
+>>>>256 lestring16 DestList : Windows jump list
+#!:mime application/x-ole-storage
+!:mime application/x-ms-jumplist
+# %APPDATA%\Microsoft\Windows\Recent\AutomaticDestinations\*.automaticDestinations-ms
+!:ext automaticDestinations-ms
+#
+# URL: https://en.wikipedia.org/wiki/Windows_thumbnail_cache
+# Second directory entry name 256_
+>>>>128 lestring16 256_ : Windows thumbnail database 256
+#!:mime application/x-ole-storage
+!:mime application/x-ms-thumbnail
+# Thumbs.db
+!:ext db
+>>>>128 lestring16 96_ : Windows thumbnail database 96
+!:mime application/x-ms-thumbnail
+!:ext db
+# 3rd directory entry name Catalog_
+>>>>256 lestring16 Catalog : Windows thumbnail database
+!:mime application/x-ms-thumbnail
+!:ext db
+#
+# URL: https://support.microsoft.com/en-us/help/300887/how-to-use-system-information-msinfo32-command-line-tool-switches
+# Note: older Microsoft Systeminfo (MSInfo Configuration File of msinfo32); newer use xml based
+# Second directory entry name Control000
+>>>>128 lestring16 Control000 : Microsoft old Systeminfo
+#!:mime application/x-ole-storage
+!:mime application/x-ms-info
+!:ext nfo
+#
+# From: Joerg Jenderek
+# URL: https://learn.microsoft.com/en-us/sysinternals/downloads/autoruns
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/a/arn-autoruns-v14.trid.xml
+# Note: older versions til 13 about middle 2021 handled by ./windows
+# called "Sysinternals Autoruns data (v14)" by TrID
+# second, third and fourth directory entry name like Header Items 0
+>>>>128 lestring16 Header : Microsoft sysinternals AutoRuns data, version 14
+#!:mime application/x-ole-storage
+!:mime application/x-ms-arn
+# like: MyHOSTNAME.arn
+!:ext arn
+#
+# From: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/Microsoft_Access
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/m/mdz.trid.xml
+# http://fileformats.archiveteam.org/wiki/Microsoft_Compound_File
+# Note: only version foo tested and called "Microsoft Access Wizard template" by TrID
+# Fourth directory entry name TemplateID
+>>>>384 lestring16 TemplateID : Microsoft Access wizard template
+# Second directory entry name like \005SummaryInformation and 3rd name like \005DocumentSummaryInformation
+#!:mime application/x-ole-storage
+#!:mime application/vnd.ms-office
+#!:mime application/vnd.ms-access
+#!:mime application/msaccess
+!:mime application/x-ms-mdz
+# http://extension.nirsoft.net/mdz
+!:ext mdz
+#
+# URL: http://fileformats.archiveteam.org/wiki/Corel_Print_House
+# Second directory entry name Thumbnail
+>>>>128 lestring16 Thumbnail : Corel PrintHouse image
+#!:mime application/x-ole-storage
+!:mime application/x-corel-cph
+!:ext cph
+# 3rd directory entry name Thumbnail
+>>>>256 lestring16 Thumbnail : Corel PrintHouse image
+!:mime application/x-corel-cph
+!:ext cph
+# URL: http://fileformats.archiveteam.org/wiki/Corel_Gallery
+# Note: format since Gallery 2; sometimes called Corel Multimedia Manager Album
+# third directory entry name _INFO_
+>>>>256 lestring16 _INFO_ : Corel Gallery
+# second directory entry name _ITEM_ or _DATA_
+# later directory entry names: _ALBUM_ _THUMBNAIL_
+#!:mime application/x-ole-storage
+!:mime application/x-corel-gal
+!:ext gal
+#
+# From: Joerg Jenderek
+# URL: https://archive.org/details/iPhoto-Plus-4
+# https://filext.com/file-extension/TPL
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/t/tpl-ulead.trid.xml
+# Note: found in Template sub directory in program directory of software iPhoto Plus version 4
+# second, third and fourth directory entry name like TplHeader TplMainImage TplPreview
+>>>>128 lestring16 TplHeader : Ulead iPhoto Template
+#!:mime application/x-ole-storage
+!:mime image/x-ulead-tpl
+# https://www.file-extensions.org/tpl-file-extension-ulead-photo-express-template
+!:ext tpl
+#
+# URL: https://en.wikipedia.org/wiki/Hangul_(word_processor)
+# https://www.hancom.com/etc/hwpDownload.do
+# Note: "HWP Document File" signature found in FileHeader
+# Hangul Word Processor WORDIAN, 2002 and later is using HWP 5.0 format.
+# Second directory entry name FileHeader hint for Thinkfree Office document
+>>>>128 lestring16 FileHeader : Hancom HWP (Hangul Word Processor) file, version 5.0
+#!:mime application/haansofthwp
+!:mime application/x-hwp
+# https://example-files.online-convert.com/document/hwp/example.hwp
+!:ext hwp
+#
+# URL: https://ask.libreoffice.org/en/question/26303/creating-new-themes-for-the-gallery-not-functioning/
+# Second directory entry name like dd2000 dd2001 dd2036 dd2060 dd2083
+>>>>128 lestring16 dd2 : StarOffice Gallery view
+#!:mime application/x-ole-storage
+!:mime application/x-star-sdv
+!:ext sdv
+# URL: https://en.wikipedia.org/wiki/SoftMaker_Office
+# second directory entry name Current User
+>>>>128 lestring16 Current\ User : SoftMaker
+# third directory entry name SMNativeObjData
+>>>>>256 lestring16 SMNativeObjData
+# 5th directory entry name PowerPoint
+>>>>>>512 lestring16 PowerPoint PowerPoint presentation or template
+!:mime application/vnd.ms-powerpoint
+!:ext ppt/pps/pot
+# 4th directory entry name PowerPoint
+>>>>>384 lestring16 PowerPoint Presentations or template
+# http://extension.nirsoft.net/prv
+!:mime application/vnd.softmaker.presentations
+!:ext prd/prv
+# third directory entry name like Current User
+>>>>256 lestring16 Current\ User : SoftMaker
+# 5th directory entry name PowerPoint
+>>>>>512 lestring16 PowerPoint Presentations or template
+# http://extension.nirsoft.net/prd
+!:mime application/vnd.softmaker.presentations
+!:ext prd/prv
+# 2nd directory entry name Pictures
+>>>>>>128 lestring16 Pictures with pictures
+#
+# URL: http://fileformats.archiveteam.org/wiki/PageMaker
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/p
+# pagemaker-generic.trid.xml
+# pagemaker-pm6.trid.xml
+# pagemaker-pm65.trid.xml
+# pmd-pm7.trid.xml
+# From: Joerg Jenderek
+# Note: since version 6 embedd as stream with PageMaker name the "old" format handled by ./wordprocessors
+# verified by Michal Mutl Structured Storage Viewer `SSView.exe brochus.pt6`
+# Second directory entry name PageMaker
+>>>>128 lestring16 PageMaker :
+# look for magic of "old" PageMaker like in 02TEMPLT.T65
+>>>>>0 search/0xa900/s \0\0\0\0\0\0\xff\x99
+# GRR: jump to PageMaker stream and inspect it by sub routine PageMaker of ./wordprocessors failed with wrong version!
+#>>>>>>&0 use PageMaker
+# THIS WORKS PARTLY!
+>>>>>>&0 indirect x
+# remaining null clsid
+>>>>128 default x
+>>>>>0 use ole2-unknown
+# look for CLSID where "second" part is 0
+>>>80 ubequad !0x0
+#
+# Summary: Family Tree Maker
+# From: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/Family_Tree_Maker
+# https://en.wikipedia.org/wiki/Family_Tree_Maker
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/f/ftw.trid.xml
+# Note called "Family Tree Maker Family Tree" by TrID and
+# "FamilyTree Maker Database" with version "1-4" by DROID via PUID fmt/1352
+# tested only with version 2.0
+# verified by Michal Mutl Structured Storage Viewer `SSView.exe my.ftw`
+# newer versions are SQLite based and handled by ./sql
+# directory names like: IND.DB AUX.DB GENERAL.DB NAME.NDX BIRTH.NDX EXTRA.DB
+>>>>80 ubequad 0x5702000000000000 : Family Tree Maker Windows database, version 1-4
+# look for "File Format (C) Copyright 1993 Banner Blue Software Inc. - All Rights Reserved" in GENERAL.DB
+#>>>>>0 search/0x5460c/s F\0i\0l\0e\0\040\0F\0o\0r\0m\0a\0t\0\040\0(\0C\0)\0 \b, VERSION
+# GRR: jump to version value like 2 does not work!
+#>>>>>>&-8 ubyte x %u
+#!:mime application/x-ole-storage
+!:mime application/x-fmt
+# FBK is used for backup of FTW
+!:ext ftw/fbk
+#
+>>>>80 default x
+>>>>>0 use ole2-unknown
+# look for known clsid GUID
+# - Visio documents
+# URL: http://fileformats.archiveteam.org/wiki/Visio
+# Last update on 10/23/2006 by Lester Hightower, 07/20/2019 by Joerg Jenderek
+>>88 ubequad 0xc000000000000046
+>>>80 ubequad 0x131a020000000000 : Microsoft Visio 2000-2002 Document, stencil or template
+!:mime application/vnd.visio
+# VSD~Drawing VSS~Stencil VST~Template
+!:ext vsd/vss/vst
+>>>80 ubequad 0x141a020000000000 : Microsoft Visio 2003-2010 Document, stencil or template
+!:mime application/vnd.visio
+!:ext vsd/vss/vst
+#
+# URL: http://fileformats.archiveteam.org/wiki/Windows_Installer
+# https://en.wikipedia.org/wiki/Windows_Installer#ICE_validation
+# Update: Joerg Jenderek
+# Windows Installer Package *.MSI or validation module *.CUB
+>>>80 ubequad 0x84100c0000000000 : Microsoft Windows Installer Package or validation module
+!:mime application/x-msi
+#!:mime application/x-ms-win-installer
+# https://learn.microsoft.com/en-us/windows/win32/msi/internal-consistency-evaluators-ices
+# cub is used for validation module like: Vstalogo.cub XPlogo.cub darice.cub logo.cub mergemod.cub
+#!:mime application/x-ms-cub
+!:ext msi/cub
+# From: Joerg Jenderek
+# URL: http://en.wikipedia.org/wiki/Windows_Installer
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/m/mst.trid.xml
+# called "Windows SDK Setup Transform script" by TrID
+>>>80 ubequad 0x82100c0000000000 : Microsoft Windows Installer transform script
+#!:mime application/x-ole-storage
+!:mime application/x-ms-mst
+!:ext mst
+>>>80 ubequad 0x86100c0000000000 : Microsoft Windows Installer Patch
+# ??
+!:mime application/x-wine-extension-msp
+#!:mime application/x-ms-msp
+!:ext msp
+#
+# URL: http://fileformats.archiveteam.org/wiki/DOC
+>>>80 ubequad 0x0009020000000000 : Microsoft Word 6-95 document or template
+!:mime application/msword
+# for template MSWDW8TN
+!:apple MSWDWDBN
+!:ext doc/dot
+>>>80 ubequad 0x0609020000000000 : Microsoft Word 97-2003 document or template
+!:mime application/msword
+!:apple MSWDWDBN
+# dot for template; no extension on Macintosh
+!:ext doc/dot/
+#
+# URL: http://fileformats.archiveteam.org/wiki/Microsoft_Works_Word_Processor
+>>>80 ubequad 0x0213020000000000 : Microsoft Works 3-4 document or template
+!:mime application/vnd.ms-works
+!:apple ????AWWP
+# ps for template https://filext.com/file-extension/PS bps for backup
+!:ext wps/ps/bps
+#
+# URL: http://fileformats.archiveteam.org/wiki/Microsoft_Works_Database
+>>>80 ubequad 0x0313020000000000 : Microsoft Works 3-4 database or template
+!:mime application/vnd.ms-works-db
+# https://www.macdisk.com/macsigen.php
+!:apple ????AWDB
+# db for template www.file-extensions.org/db-file-extension-microsoft-works-data bdb for backup
+!:ext wdb/db/bdb
+#
+# URL: https://en.wikipedia.org/wiki/Microsoft_Excel
+>>>80 ubequad 0x1008020000000000 : Microsoft Excel 5-95 worksheet, addin or template
+!:mime application/vnd.ms-excel
+# https://www.macdisk.com/macsigen.php
+!:apple ????XLS5
+# worksheet/addin/template/no extension on Macintosh
+!:ext xls/xla/xlt/
+#
+>>>80 ubequad 0x2008020000000000 : Microsoft Excel 97-2003
+!:mime application/vnd.ms-excel
+# https://www.macdisk.com/macsigen.php XLS5 for Excel 5
+!:apple ????XLS9
+# 3rd directory entry name
+>>>>256 lestring16 _VBA_PROJECT_CUR addin
+!:ext xla/
+# 4th directory entry name
+>>>>384 lestring16 _VBA_PROJECT_CUR addin
+!:ext xla
+#!:ext xla/
+>>>>256 default x worksheet or template
+!:ext xls/xlt
+#!:ext xls/xlt/
+#
+# URL: http://fileformats.archiveteam.org/wiki/OLE2
+>>>80 ubequad 0x0b0d020000000000 : Microsoft Outlook 97-2003 item
+#>>>80 ubequad 0x0b0d020000000000 : Microsoft Outlook 97-2003 Message
+#!:mime application/vnd.ms-outlook
+!:mime application/x-ms-msg
+!:ext msg
+# URL: https://wiki.fileformat.com/email/oft/
+>>>80 ubequad 0x46f0060000000000 : Microsoft Outlook 97-2003 item template
+#!:mime application/vnd.ms-outlook
+!:mime application/x-ms-oft
+!:ext oft
+#
+# URL: http://fileformats.archiveteam.org/wiki/PPT
+>>>80 ubequad 0x5148040000000000 : Microsoft PowerPoint 4.0 presentation
+!:mime application/vnd.ms-powerpoint
+# https://www.macdisk.com/macsigen.php
+!:apple ????PPT3
+!:ext ppt
+# Summary: "newer" Greenstreet Art drawing
+# From: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/GST_ART
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/a/art-gst-docfile.trid.xml
+# Note: called like "Greenstreet Art drawing" by TrID
+# Note: CONTENT stream contains binary part of older versions with phrase GST:ART at offset 16
+# verified by Michal Mutl Structured Storage Viewer `SSView.exe BCARD2.ART`
+>>>80 ubequad 0x602c020000000000 : Greenstreet Art drawing
+#!:mime application/x-ole-storage
+!:mime image/x-greenstreet-art
+!:ext art
+>>>80 default x
+>>>>0 use ole2-unknown
+#??
+# URL: http://www.checkfilename.com/view-details/Microsoft-Works/RespageIndex/0/sTab/2/
+>>88 ubequad 0xa29a00aa004a1a72 : Microsoft
+# URL: http://fileformats.archiveteam.org/wiki/Microsoft_Works_Word_Processor
+>>>80 ubequad 0xc2dbcd28e20ace11 Works 4 document
+!:mime application/vnd.ms-works
+!:apple ????AWWP
+!:ext wps
+#
+# URL: http://fileformats.archiveteam.org/wiki/Microsoft_Works_Database
+>>>80 ubequad 0xc3dbcd28e20ace11 Works 4 database
+!:mime application/vnd.ms-works-db
+!:apple ????AWDB
+!:ext wdb/bdb
+#??
+>>88 ubequad 0xa40700c04fb932ba : Microsoft
+# URL: http://fileformats.archiveteam.org/wiki/Microsoft_Works_Word_Processor
+>>>80 ubequad 0xb25aa40e0a9ed111 Works 5-6 document
+!:mime application/vnd.ms-works
+!:apple ????AWWP
+!:ext wps
+# From: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/Microsoft_Works
+# Reference: http://fileformats.archiveteam.org/wiki/Microsoft_Compound_File
+# Note: probably version 6 and 7
+# organize pictures like JPFG images in streams __cf1 with names like
+# 001.JPG, 002.JPG ... in streams __fname
+>>88 ubequad 0xa1c800c04f612452 : Microsoft
+>>>80 ubequad 0xc0c7266eb98cd311 Works portfolio
+# 2nd directory entry name PfOrder, 3rd __LastID and 4th __SizeUsed
+#!:mime application/x-ole-storage
+# https://www.iana.org/assignments/media-types/application/vnd.ms-works
+!:mime application/vnd.ms-works
+# https://extension.nirsoft.net/wsb
+# like: wsbsamp.wsb WORKS2003_CD:\MSWorks\Common\Sammlung.wsb
+!:ext wsb
+#??
+# URL: http://fileformats.archiveteam.org/wiki/Microsoft_Publisher
+>>88 ubequad 0x00c0000000000046 : Microsoft
+>>>80 ubequad 0x0112020000000000 Publisher
+!:mime application/vnd.ms-publisher
+!:ext pub
+#
+# URL: http://fileformats.archiveteam.org/wiki/PPT
+#??
+>>88 ubequad 0xa90300aa00510ea3 : Microsoft
+>>>80 ubequad 0x70ae7bea3bfbcd11 PowerPoint 95 presentation
+!:mime application/vnd.ms-powerpoint
+# https://www.macdisk.com/macsigen.php
+!:apple ????PPT3
+!:ext ppt/pot
+#??
+>>88 ubequad 0x86ea00aa00b929e8 : Microsoft
+>>>80 ubequad 0x108d81649b4fcf11 PowerPoint 97-2003 presentation or template
+!:mime application/vnd.ms-powerpoint
+!:apple ????PPT3
+# /autostart/template
+!:ext ppt/pps/pot
+# From: Joerg Jenderek
+# URL: https://www.file-extensions.org/ppa-file-extension
+# https://en.wikipedia.org/wiki/Microsoft_PowerPoint#cite_note-231
+# Reference: http://fileformats.archiveteam.org/wiki/Microsoft_Compound_File
+>>88 ubequad 0x871800aa0060263b : Microsoft
+# only version 8 (97) tested; PowerPoint 4.0 to 11.0 (2004) (Wikipedia); 97 to 2003 (file-extensions.org)
+>>>80 ubequad 0xf04672810a72cf11 PowerPoint Addin or Wizard
+# second, third and fourth directory entry name like VBA PROJECT PROJECTwm
+# http://extension.nirsoft.net/pwz
+!:mime application/vnd.ms-powerpoint
+# like: BSHPPT97.PPA "AutoContent Wizard.pwz"
+!:ext ppa/pwz
+#
+# From: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/AWD_(At_Work_Document)
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/a/awd-fax.trid.xml
+# Note: called "Microsoft At Work Fax document" by TrID
+>>88 ubequad 0xb29400dd010f2bf9 : Microsoft
+>>>80 ubequad 0x801cb0023de01a10 At Work fax Document
+#!:mime application/x-ole-storage
+!:mime image/x-ms-awd
+!:ext awd
+#
+# URL: https://en.wikipedia.org/wiki/Microsoft_Project
+#??
+>>88 ubequad 0xbe1100c04fb6faf1 : Microsoft
+>>>80 ubequad 0x3a8fb774c8c8d111 Project
+!:mime application/vnd.ms-project
+!:ext mpp
+# From: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/Microsoft_Office_shared_tools#Binder
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/o/obd.trid.xml
+# http://fileformats.archiveteam.org/wiki/Microsoft_Compound_File
+# Note: only version 8 tested and called "Office Binder Document" by TrID and
+# "Microsoft Office Binder File for Windows" version 97-2000 by DROID fmt/240
+>>88 ubequad 0xb21c00aa004ba90b : Microsoft
+>>>80 ubequad 0x0004855964661b10 Office Binder Document, Template or wizard
+# second directory entry name like Binder
+# https://www.file-extensions.org/obd-file-extension
+#!:mime application/vnd.ms-binder
+!:mime application/x-msbinder
+# obt for template; obz for Microsoft Office Binder wizard
+!:ext obd/obt/obz
+#
+# URL: http://fileformats.archiveteam.org/wiki/WordPerfect
+# Reference: http://fileformats.archiveteam.org/wiki/Microsoft_Compound_File
+# https://github.com/OneWingedShark/WordPerfect/
+# blob/master/doc/SDK_Help/FileFormats/WPFF_DocumentStructure.htm
+# From: Joerg Jenderek
+# Note: internal version x.2 or 2.2 like in embedded ole6-PerfectOffice_MAIN.wpd
+# 3rd directory entry name PerfectOffice_OBJECT and 2nd PerfectOffice_MAIN,
+# which contains WordPerfect document \xffWPC signature handled by ./wordprocessors
+>>88 ubequad 0x19370000929679cd : WordPerfect 7
+>>>80 ubequad 0xff739851ad2d2002 Document
+!:mime application/vnd.wordperfect
+#!:apple ????WPC?
+# https://fossies.org/linux/wp2latex/test/ole6.wpd
+!:ext wpd
+#>>>>0 search/0xc01/s \xffWPC \b, WPC SIGNATURE
+# inspect embedded WordPerfect document by ./wordprocessors with 1 space at end
+#>>>>>&0 indirect x \b; contains
+# GRR: the above expression does not work correctly
+#
+# URL: http://fileformats.archiveteam.org/wiki/SHW_(Corel)
+#???
+>>88 ubequad 0x99ae04021c007002 : WordPerfect
+>>>80 ubequad 0x62fe2e4099191b10 7-X3 presentation
+!:mime application/x-corelpresentations
+#!:mime application/x-shw-viewer
+#!:mime image/x-presentations
+!:ext shw
+#
+# URL: http://www.checkfilename.com/view-details/WordPerfect-Office-X3/RespageIndex/0/sTab/2/
+>>>80 ubequad 0x60fe2e4099191b10 9 Graphic
+#!:mime application/x-wpg
+#!:mime image/x-wordperfect-graphics
+!:mime image/x-wpg
+# https://www.macdisk.com/macsigen.php "WPC2" for Wordperfect 2 *.wpd
+!:apple ????WPC9
+!:ext wpg
+#
+# From: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/CorelCAD
+# https://en.wikipedia.org/wiki/CorelCAD
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/c/ccd-corelcad.trid.xml
+# Note: called "CorelCAD Drawing" by TrID and CorelCAD
+# directory entry names like Contents ViewInfo CustomViewDescriptions LayerInfo
+>>88 ubequad 0xbe26db67235e2689 : Corel
+>>>80 ubequad 0x20f414de1cacce11 \bCAD Drawing or Template
+#!:mime application/x-ole-storage
+!:mime application/x-corel-cad
+# CCT for CorelCAD Template
+!:ext ccd/cct
+#
+# URL: http://fileformats.archiveteam.org/wiki/StarOffice_binary_formats
+>>88 ubequad 0x996104021c007002 : StarOffice
+>>>80 ubequad 0x407e5cdc5cb31b10 StarWriter 3.0 document or template
+# https://www.openoffice.org/framework/documentation/mimetypes/mimetypes.html
+!:mime application/x-starwriter
+!:ext sdw/vor
+#
+>>>80 ubequad 0xa03f543fa6b61b10 StarCalc 3.0 spreadsheet or template
+!:mime application/x-starcalc
+!:ext sdc/vor
+#
+>>>80 ubequad 0xe0aa10af6db31b10 StarDraw 3.0 drawing or template
+!:mime application/x-starimpress
+#!:mime application/x-stardraw
+# sda ??
+!:ext sdd/sda/vor
+#??
+>>88 ubequad 0x89cb008029e4b0b1 : StarOffice
+>>>80 ubequad 0x41d461633542d011 StarCalc 4.0 spreadsheet or template
+!:mime application/x-starcalc
+!:ext sdc/vor
+#
+>>>80 ubequad 0x61b8a5c6d685d111 StarCalc 5.0 spreadsheet or template
+!:mime application/vnd.stardivision.cal
+!:ext sdc/vor
+#
+>>>80 ubequad 0xc03c2d011642d011 StarImpress 4.0 presentation or template
+!:mime application/x-starimpress
+!:ext sdd/vor
+#??
+>>88 ubequad 0xb12a04021c007002 : StarOffice
+>>>80 ubequad 0x600459d4fd351c10 StarMath 3.0
+!:mime application/x-starmath
+!:ext smf
+#??
+>>88 ubequad 0x8e2c00001b4cc711 : StarOffice
+>>>80 ubequad 0xe0999cfb6d2c1c10 StarChart 3.0
+!:mime application/x-starchart
+!:ext sds
+#??
+>>88 ubequad 0xa45e00a0249d57b1 : StarOffice
+>>>80 ubequad 0xb0e9048b0e42d011 StarWriter 4.0 document or template
+!:mime application/x-starwriter
+!:ext sdw/vor
+#??
+>>88 ubequad 0x89ca008029e4b0b1 : StarOffice
+>>>80 ubequad 0xe1b7b3022542d011 StarMath 4.0
+!:mime application/x-starmath
+!:ext smf
+#
+>>>80 ubequad 0xe0b7b3022542d011 StarChart 4.0
+!:mime application/x-starchart
+!:ext sds
+#??
+>>88 ubequad 0xa53f00a0249d57b1 : StarOffice
+>>>80 ubequad 0x70c90a340de3d011 Master 4.0 document
+!:mime application/x-starwriter-global
+!:ext sgl
+#??
+>>88 ubequad 0x89d0008029e4b0b1 : StarOffice
+>>>80 ubequad 0x40e6b5ffde85d111 StarMath 5.0
+!:mime application/vnd.stardivision.math
+!:ext smf
+#
+>>>80 ubequad 0xa005892ebd85d111 StarDraw 5.0 drawing or template
+!:mime application/vnd.stardivision.draw
+!:ext sda/vor
+#
+>>>80 ubequad 0x21725c56bc85d111 StarImpress 5.0 presentation or template
+!:mime application/vnd.stardivision.impress
+# sda is used for what?
+!:ext sdd/vor/sda
+#
+>>>80 ubequad 0x214388bfdd85d111 StarChart 5.0
+!:mime application/vnd.stardivision.chart
+!:ext sds
+# ??
+>>88 ubequad 0xaab4006097da561a : StarOffice
+>>>80 ubequad 0xd1f90cc2ae85d111 StarWriter 5.0 document or template
+!:mime application/vnd.stardivision.writer
+!:ext sdw/vor
+#
+>>>80 ubequad 0xd3f90cc2ae85d111 Master 5.0 document
+!:mime application/vnd.stardivision.writer-global
+!:ext sgl
+#??
+# URL: http://fileformats.archiveteam.org/wiki/FlashPix
+>>88 ubequad 0x855300aa00a1f95b : Kodak
+>>>80 ubequad 0x0067615654c1ce11 FlashPIX Image
+!:mime image/vnd.fpx
+!:apple ????FPix
+!:ext fpx
+# URL: https://en.wikipedia.org/wiki/SoftMaker_Office
+>>88 ubequad 0x95f600a0cc3cca14 : PlanMaker
+>>>80 ubequad 0x9174088a6452d411 document or template
+!:mime application/vnd.softmaker.planmaker
+# pmv for template https://www.file-extensions.org/pmv-file-extension
+!:ext pmd/pmv
+# URL: http://fileformats.archiveteam.org/wiki/MAX_(3ds_Max)
+# https://en.wikipedia.org/wiki/Autodesk_3ds_Max
+# Reference: http://fileformats.archiveteam.org/wiki/Microsoft_Compound_File
+# Note: called "3D Studio Max Scene" by TrID and "3DS Max" by DROID and
+# "3DSMax thumbnail" by XnView and verfied by `nconvert -info A380.max`
+# applies only to "newer" versions (about 2008-2020)
+>>88 ubequad 0x9fed04143144cc1e : Autodesk
+>>>80 ubequad 0x7b8cdd1cc081a045 3ds Max
+#!:mime application/x-ole-storage
+!:mime model/x-autodesk-max
+# like: https://static.free3d.com/models/dropbox/dropbox/sq/A380.7z/A380.max
+!:ext max
+# also chr for character file according to DROID https://www.nationalarchives.gov.uk/PRONOM/fmt/978
+#!:ext max/chr
+# remaining non null clsid
+>>88 default x
+>>>0 use ole2-unknown
+# display information about directory for not detected CDF files
+0 name ole2-unknown
+>80 ubequad x : UNKNOWN
+# https://reposcope.com/mimetype/application/x-ole-storage
+!:mime application/x-ole-storage
+# according to file version 5.41 with -e soft option
+#!:mime application/CDFV2
+#!:ext ???
+>80 ubequad !0 \b, clsid %#16.16llx
+>>88 ubequad x \b%16.16llx
+# converted hexadecimal format to standard GUUID notation
+>>80 guid x {%s}
+# second directory entry name like VisioDocument Control000
+>128 lestring16 x with names %.20s
+# third directory entry like WordDocument Preview.dib
+>256 lestring16 x %.20s
+# forth like \005SummaryInformation
+>384 lestring16 x %.25s
+# 5th
+>512 lestring16 x %.10s
+# 6th
+>640 lestring16 x %.10s
+# 7th
+>768 lestring16 x %.10s
diff --git a/magic/Magdir/olf b/magic/Magdir/olf
new file mode 100644
index 0000000..6ae3fc0
--- /dev/null
+++ b/magic/Magdir/olf
@@ -0,0 +1,98 @@
+
+#------------------------------------------------------------------------------
+# $File: olf,v 1.4 2009/09/19 16:28:11 christos Exp $
+# olf: file(1) magic for OLF executables
+#
+# We have to check the byte order flag to see what byte order all the
+# other stuff in the header is in.
+#
+# MIPS R3000 may also be for MIPS R2000.
+# What're the correct byte orders for the nCUBE and the Fujitsu VPP500?
+#
+# Created by Erik Theisen <etheisen@openbsd.org>
+# Based on elf from Daniel Quinlan <quinlan@yggdrasil.com>
+0 string \177OLF OLF
+>4 byte 0 invalid class
+>4 byte 1 32-bit
+>4 byte 2 64-bit
+>7 byte 0 invalid os
+>7 byte 1 OpenBSD
+>7 byte 2 NetBSD
+>7 byte 3 FreeBSD
+>7 byte 4 4.4BSD
+>7 byte 5 Linux
+>7 byte 6 SVR4
+>7 byte 7 esix
+>7 byte 8 Solaris
+>7 byte 9 Irix
+>7 byte 10 SCO
+>7 byte 11 Dell
+>7 byte 12 NCR
+>5 byte 0 invalid byte order
+>5 byte 1 LSB
+>>16 leshort 0 no file type,
+>>16 leshort 1 relocatable,
+>>16 leshort 2 executable,
+>>16 leshort 3 shared object,
+# Core handling from Peter Tobias <tobias@server.et-inf.fho-emden.de>
+# corrections by Christian 'Dr. Disk' Hechelmann <drdisk@ds9.au.s.shuttle.de>
+>>16 leshort 4 core file
+>>>(0x38+0xcc) string >\0 of '%s'
+>>>(0x38+0x10) lelong >0 (signal %d),
+>>16 leshort &0xff00 processor-specific,
+>>18 leshort 0 no machine,
+>>18 leshort 1 AT&T WE32100 - invalid byte order,
+>>18 leshort 2 SPARC - invalid byte order,
+>>18 leshort 3 Intel 80386,
+>>18 leshort 4 Motorola 68000 - invalid byte order,
+>>18 leshort 5 Motorola 88000 - invalid byte order,
+>>18 leshort 6 Intel 80486,
+>>18 leshort 7 Intel 80860,
+>>18 leshort 8 MIPS R3000_BE - invalid byte order,
+>>18 leshort 9 Amdahl - invalid byte order,
+>>18 leshort 10 MIPS R3000_LE,
+>>18 leshort 11 RS6000 - invalid byte order,
+>>18 leshort 15 PA-RISC - invalid byte order,
+>>18 leshort 16 nCUBE,
+>>18 leshort 17 VPP500,
+>>18 leshort 18 SPARC32PLUS,
+>>18 leshort 20 PowerPC,
+>>18 leshort 0x9026 Alpha,
+>>20 lelong 0 invalid version
+>>20 lelong 1 version 1
+>>36 lelong 1 MathCoPro/FPU/MAU Required
+>8 string >\0 (%s)
+>5 byte 2 MSB
+>>16 beshort 0 no file type,
+>>16 beshort 1 relocatable,
+>>16 beshort 2 executable,
+>>16 beshort 3 shared object,
+>>16 beshort 4 core file,
+>>>(0x38+0xcc) string >\0 of '%s'
+>>>(0x38+0x10) belong >0 (signal %d),
+>>16 beshort &0xff00 processor-specific,
+>>18 beshort 0 no machine,
+>>18 beshort 1 AT&T WE32100,
+>>18 beshort 2 SPARC,
+>>18 beshort 3 Intel 80386 - invalid byte order,
+>>18 beshort 4 Motorola 68000,
+>>18 beshort 5 Motorola 88000,
+>>18 beshort 6 Intel 80486 - invalid byte order,
+>>18 beshort 7 Intel 80860,
+>>18 beshort 8 MIPS R3000_BE,
+>>18 beshort 9 Amdahl,
+>>18 beshort 10 MIPS R3000_LE - invalid byte order,
+>>18 beshort 11 RS6000,
+>>18 beshort 15 PA-RISC,
+>>18 beshort 16 nCUBE,
+>>18 beshort 17 VPP500,
+>>18 beshort 18 SPARC32PLUS,
+>>18 beshort 20 PowerPC or cisco 4500,
+>>18 beshort 21 cisco 7500,
+>>18 beshort 24 cisco SVIP,
+>>18 beshort 25 cisco 7200,
+>>18 beshort 36 cisco 12000,
+>>18 beshort 0x9026 Alpha,
+>>20 belong 0 invalid version
+>>20 belong 1 version 1
+>>36 belong 1 MathCoPro/FPU/MAU Required
diff --git a/magic/Magdir/openfst b/magic/Magdir/openfst
new file mode 100644
index 0000000..8df9b56
--- /dev/null
+++ b/magic/Magdir/openfst
@@ -0,0 +1,17 @@
+
+#------------------------------------------------------------------------------
+# $File: openfst,v 1.1 2019/09/30 15:58:24 christos Exp $
+# openfs: file(1) magic for OpenFST (Weighted finite-state tranducer library)
+
+0 long 0x7eb2fdd6 OpenFst binary FST data
+>&0 pstring/l x \b, fst type: %s
+>>&0 pstring/l x \b, arc type: %s
+>>>&0 long x \b, version: %d
+>>>>&20 quad x \b, num states: %lld
+>>>>>&0 quad >0 \b, num arcs: %lld
+
+0 long 0x56515c OpenFst binary FAR data, far type: stlist
+>4 long x \b, version: %d
+
+0 long 0x7eb2f35c OpenFst binary FAR data, far type: sttable
+>4 long x \b, version: %d
diff --git a/magic/Magdir/opentimestamps b/magic/Magdir/opentimestamps
new file mode 100644
index 0000000..f2f0e3e
--- /dev/null
+++ b/magic/Magdir/opentimestamps
@@ -0,0 +1,16 @@
+
+#------------------------------------------------------------
+# $File: opentimestamps,v 1.1 2019/05/27 01:27:31 christos Exp $
+# OpenTimestamps related magic entries
+# https://opentimestamps.org/
+# https://en.wikipedia.org/wiki/OpenTimestamps
+# "Emanuele Cisbani" <emanuele.cisbani@gmail.com>
+#------------------------------------------------------------
+
+# OpenTimestamps Proof .ots format.
+# Magic is defined here:
+# https://github.com/opentimestamps/python-opentimestamps/\
+# blob/master/opentimestamps/core/timestamp.py#L273
+
+0 string \x00\x4f\x70\x65\x6e\x54\x69\x6d\x65\x73\x74\x61\x6d\x70\x73\x00 OpenTimestamps
+>16 string \x00\x50\x72\x6f\x6f\x66\x00\xbf\x89\xe2\xe8\x84\xe8\x92\x94\x01 Proof
diff --git a/magic/Magdir/oric b/magic/Magdir/oric
new file mode 100644
index 0000000..38c02c5
--- /dev/null
+++ b/magic/Magdir/oric
@@ -0,0 +1,16 @@
+
+#------------------------------------------------------------------------------
+# $File: oric,v 1.2 2022/04/25 17:28:20 christos Exp $
+# Oric tape files
+# From: Stefan A. Haubenthal <polluks@sdf.lonestar.org>
+# References:
+# http://fileformats.archiveteam.org/wiki/TAP_(Oric)
+# http://fileformats.archiveteam.org/wiki/DSK_(Oric)
+0 string \x16\x16\x16\x24 Oric tape,
+>6 byte =0x00 BASIC,
+>6 byte =0x80 memory block,
+>7 byte >0x00 autorun,
+>13 string x "%.15s"
+
+0 string ORICDISK Oric Image
+0 string MFM_DISK Oric Image
diff --git a/magic/Magdir/os2 b/magic/Magdir/os2
new file mode 100644
index 0000000..cb43e99
--- /dev/null
+++ b/magic/Magdir/os2
@@ -0,0 +1,186 @@
+
+#------------------------------------------------------------------------------
+# $File: os2,v 1.14 2022/03/21 21:25:50 christos Exp $
+# os2: file(1) magic for OS/2 files
+#
+
+# Provided 1998/08/22 by
+# David Mediavilla <davidme.news@REMOVEIFNOTSPAMusa.net>
+1 search/100 InternetShortcut MS Windows 95 Internet shortcut text
+!:mime application/x-mswinurl
+!:ext url
+>17 search/100 URL= (URL=<
+>>&0 string x \b%s>)
+
+# OS/2 URL objects
+# Provided 1998/08/22 by
+# David Mediavilla <davidme.news@REMOVEIFNOTSPAMusa.net>
+#0 string http: OS/2 URL object text
+#>5 string >\ (WWW) <http:%s>
+#0 string mailto: OS/2 URL object text
+#>7 string >\ (email) <%s>
+#0 string news: OS/2 URL object text
+#>5 string >\ (Usenet) <%s>
+#0 string ftp: OS/2 URL object text
+#>4 string >\ (FTP) <ftp:%s>
+#0 string file: OS/2 URL object text
+#>5 string >\ (Local file) <%s>
+
+# >>>>> OS/2 INF/HLP <<<<< (source: Daniel Dissett ddissett@netcom.com)
+# URL: http://fileformats.archiveteam.org/wiki/INF/HLP_(OS/2)
+# Reference: http://www.edm2.com/0308/inf.html
+# Carl Hauser (chauser.parc@xerox.com) and
+# Marcus Groeber (marcusg@ph-cip.uni-koeln.de)
+# list the following header format in inf02a.doc:
+#
+# int16 ID; // ID magic word (5348h = "HS")
+# int8 unknown1; // unknown purpose, could be third letter of ID
+# int8 flags; // probably a flag word...
+# // bit 0: set if INF style file
+# // bit 4: set if HLP style file
+# // patching this byte allows reading HLP files
+# // using the VIEW command, while help files
+# // seem to work with INF settings here as well.
+# int16 hdrsize; // total size of header
+# int16 unknown2; // unknown purpose
+#
+0 string HSP\x01\x9b\x00 OS/2 INF
+!:mime application/x-os2-inf
+!:ext inf
+>107 string >0 (%s)
+0 string HSP\x10\x9b\x00 OS/2 HLP
+!:mime application/x-os2-hlp
+!:ext hlp
+>107 string >0 (%s)
+
+# From: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/MSG_(OS/2)
+# Reference: https://github.com/OS2World/UTIL-SYSTEM-MKMSGF/blob/master/mkmsgf.h
+# Note: created by MKMSGF.EXE. Text source can be recreated by E_MSGF
+# example like OS001H.MSG
+0 string \xffMKMSGF\0 OS/2 help message
+!:mime application/x-os2-msg
+!:ext msg
+# identifier[3] like: DOS NET REX SYS ...
+>8 string x '%.3s'
+# msgnumber: number of messages
+>11 uleshort x \b, %u messages
+# firstmsgnumber; number of the first message like: some times 0 often 1 169 1000 3502
+>13 uleshort >1 \b, 1st number %u
+# offset16bit; 1~Index table has 16-bit offsets (files<64k) 0~Index table has 32-bit offsets
+>15 ubyte =0 \b, 32-bit
+#>15 ubyte =1 \b, 16-bit
+# version; file version: 2~new 0~old
+>16 uleshort !2 \b, version %u
+# indextaboffset; offset of index table: 1F~after header 0~no index table for version 0?
+>18 uleshort >0
+>>18 uleshort !0x1f \b, at %#x index
+# 32-bit offset
+>>15 ubyte =0
+# offset with message table
+>>>(18.s) ulelong x \b, at %#x
+# 1st message
+# http://www.os2museum.com/files/docs/os210ptk/os2-1.0-ptk-tools-1988.pdf
+# message type: E~Error H~Help I~Information P~Prompt W~Warning ?
+>>>>(&-4.l) ubyte x %c-type
+>>>>>&0 string x %s
+# 16-bit offset
+>>15 ubyte =1
+# msgnum; message number
+>>>(18.s) uleshort x \b, number %u
+# msgindex; offset of message from begin of file
+>>>(18.s+2) uleshort x at %#x
+# message type E H I P W ?
+>>>>(&-2.s) ubyte x %c-type
+# skip newline carriage return
+>>>>>&0 ubeshort =0x0D0a
+>>>>>>&0 string x %s
+>>>>>&0 ubeshort !0x0D0a
+>>>>>>&-2 string x %s
+# for version 0 index table apparently at offset 1F
+>16 uleshort 0
+>>15 ubyte 1
+# 1st message 16-bit
+>>>0x1F uleshort x \b, at %#x
+# message type: E~Error H~Help I~Information P~Prompt W~Warning ?
+>>>>(0x1F.s) ubyte x %c-type
+>>>>>&0 string x %s
+# 2nd message 16-bit
+>>>0x21 uleshort x \b, at %#x
+>>>>(0x21.s) ubyte x %c-type
+>>>>>&0 string x %s
+# 3rd message 16-bit
+>>>0x23 uleshort x \b, at %#x
+>>>>(0x23.s) ubyte x %c-type
+>>>>>&0 string x %s
+# version 0 32-bit
+>>15 ubyte 0
+# 1st message 32-bit
+>>>0x1f ulelong x \b, at %#x
+>>>>(0x1F.l) ubyte x %c-type
+>>>>>&0 string x %s
+# 2nd message 32-bit
+>>>0x23 ulelong x \b, at %#x
+>>>>(0x23.l) ubyte x %c-type
+>>>>>&0 string x %s
+# 3rd message 32-bit
+>>>0x27 ulelong x \b, AT %#x
+>>>>(0x27.l) ubyte x %c-type
+>>>>>&0 string x %s
+# countryinfo; offset of country info block: 0 for version 0
+>20 uleshort !0 \b, at %#x countryinfo
+# nextcoutryinfo
+>>22 uleshort >0 \b, at %#x next
+# reserved[5]; Must be 0
+>>25 ulelong !0 \b, RESERVED %#x
+>>(20.s) use os2-msg-info
+# display country info block of MKMSGF message file
+0 name os2-msg-info
+# bytesperchar; bytes per char: 1~SBCS 2~DBCS
+>0 ubyte >1 \b, %u bytes/char
+# reserved; Not known
+>1 uleshort !0 \b, reserved %#x
+# langfamilyID; language family ID like: 0~? 1~Arabic ... 7~German ... 9~English ... 34~Slovene
+>3 uleshort >0 \b, language %u
+# langversionID; like: 7_1~German 7_2~Swiss German 12_1~French 12_3~Canadian French
+>>5 uleshort x \b_%u
+# langfamilyID too high. This should not happen
+>3 uleshort >34 (invalid language)
+# codepagesnumber; number of codepages like: 1 2 ... 16
+>7 uleshort x \b, %u code page
+# plural s
+>7 uleshort >1 \bs
+# too many number of codepages. This should not happen
+>7 uleshort >16 (Too many)
+# codepages[16]; codepages list like 437 850 ...
+>7 uleshort <17
+# 1st code page
+>>9 uleshort >0 %u
+# possible 2nd code page number
+>>>7 uleshort >1
+>>>>11 uleshort x %u
+# filename[260]; name of file like: dbaseos2.msg dde4c01e.msg os2ldr.mgr xdfh.msg ...
+>41 string x \b, %s
+
+# OS/2 INI (this is a guess)
+0 string \xff\xff\xff\xff\x14\0\0\0 OS/2 INI
+!:mime application/x-os2-ini
+!:ext ini
+
+# From: Joerg Jenderek
+# URL: http://warpin.netlabs.org/
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/a/ark-wpi.trid.xml
+# Note: called by TrID "WarpIN Installer"
+# probably magic at the beginning
+0 ubelong =0x770402BE WarpIN Installer
+#>4 ubelong =0x03000000
+#!:mime application/octet-stream
+!:mime application/x-os2-wpi
+!:ext wpi
+# creator program name like: "reserved" or "WIC x.y.z"
+>0x106 string x \b, created by %s
+# name like: "reserved" or "OS/2 Netlabs"
+>0x146 string x \b, '%s'
+# name like: "N/A" "http://warpin.netlabs.org"
+>0x186 string x \b, URL %s
+
diff --git a/magic/Magdir/os400 b/magic/Magdir/os400
new file mode 100644
index 0000000..6a05f08
--- /dev/null
+++ b/magic/Magdir/os400
@@ -0,0 +1,39 @@
+
+#------------------------------------------------------------------------------
+# $File: os400,v 1.5 2009/09/19 16:28:11 christos Exp $
+# os400: file(1) magic for IBM OS/400 files
+#
+# IBM OS/400 (i5/OS) Save file (SAVF) - gerardo.cacciari@gmail.com
+# In spite of its quite variable format (due to internal memory page
+# length differences between CISC and RISC versions of the OS) the
+# SAVF structure hasn't suitable offsets to identify the catalog
+# header in the first descriptor where there are some useful infos,
+# so we must search in a somewhat large area for a particular string
+# that represents the EBCDIC encoding of 'QSRDSSPC' (save/restore
+# descriptor space) preceded by a two byte constant.
+#
+1090 search/7393 \x19\xDB\xD8\xE2\xD9\xC4\xE2\xE2\xD7\xC3 IBM OS/400 save file data
+>&212 byte 0x01 \b, created with SAVOBJ
+>&212 byte 0x02 \b, created with SAVLIB
+>&212 byte 0x07 \b, created with SAVCFG
+>&212 byte 0x08 \b, created with SAVSECDTA
+>&212 byte 0x0A \b, created with SAVSECDTA
+>&212 byte 0x0B \b, created with SAVDLO
+>&212 byte 0x0D \b, created with SAVLICPGM
+>&212 byte 0x11 \b, created with SAVCHGOBJ
+>&213 byte 0x44 \b, at least V5R4 to open
+>&213 byte 0x43 \b, at least V5R3 to open
+>&213 byte 0x42 \b, at least V5R2 to open
+>&213 byte 0x41 \b, at least V5R1 to open
+>&213 byte 0x40 \b, at least V4R5 to open
+>&213 byte 0x3F \b, at least V4R4 to open
+>&213 byte 0x3E \b, at least V4R3 to open
+>&213 byte 0x3C \b, at least V4R2 to open
+>&213 byte 0x3D \b, at least V4R1M4 to open
+>&213 byte 0x3B \b, at least V4R1 to open
+>&213 byte 0x3A \b, at least V3R7 to open
+>&213 byte 0x35 \b, at least V3R6 to open
+>&213 byte 0x36 \b, at least V3R2 to open
+>&213 byte 0x34 \b, at least V3R1 to open
+>&213 byte 0x31 \b, at least V3R0M5 to open
+>&213 byte 0x30 \b, at least V2R3 to open
diff --git a/magic/Magdir/os9 b/magic/Magdir/os9
new file mode 100644
index 0000000..74b47f3
--- /dev/null
+++ b/magic/Magdir/os9
@@ -0,0 +1,80 @@
+
+#------------------------------------------------------------------------------
+# $File: os9,v 1.8 2017/03/17 21:35:28 christos Exp $
+#
+# Copyright (c) 1996 Ignatios Souvatzis. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+#
+#
+# OS9/6809 module descriptions:
+#
+0 beshort 0x87CD OS9/6809 module:
+#
+>6 byte&0x0f 0x00 non-executable
+>6 byte&0x0f 0x01 machine language
+>6 byte&0x0f 0x02 BASIC I-code
+>6 byte&0x0f 0x03 Pascal P-code
+>6 byte&0x0f 0x04 C I-code
+>6 byte&0x0f 0x05 COBOL I-code
+>6 byte&0x0f 0x06 Fortran I-code
+#
+>6 byte&0xf0 0x10 program executable
+>6 byte&0xf0 0x20 subroutine
+>6 byte&0xf0 0x30 multi-module
+>6 byte&0xf0 0x40 data module
+#
+>6 byte&0xf0 0xC0 system module
+>6 byte&0xf0 0xD0 file manager
+>6 byte&0xf0 0xE0 device driver
+>6 byte&0xf0 0xF0 device descriptor
+#
+# OS9/m68k stuff (to be continued)
+#
+0 beshort 0x4AFC OS9/68K module:
+#
+# attr
+>0x14 byte&0x80 0x80 re-entrant
+>0x14 byte&0x40 0x40 ghost
+>0x14 byte&0x20 0x20 system-state
+#
+# lang:
+#
+>0x13 byte 1 machine language
+>0x13 byte 2 BASIC I-code
+>0x13 byte 3 Pascal P-code
+>0x13 byte 4 C I-code
+>0x13 byte 5 COBOL I-code
+>0x13 byte 6 Fortran I-code
+#
+#
+# type:
+#
+>0x12 byte 1 program executable
+>0x12 byte 2 subroutine
+>0x12 byte 3 multi-module
+>0x12 byte 4 data module
+>0x12 byte 11 trap library
+>0x12 byte 12 system module
+>0x12 byte 13 file manager
+>0x12 byte 14 device driver
+>0x12 byte 15 device descriptor
diff --git a/magic/Magdir/osf1 b/magic/Magdir/osf1
new file mode 100644
index 0000000..4e91471
--- /dev/null
+++ b/magic/Magdir/osf1
@@ -0,0 +1,10 @@
+
+#------------------------------------------------------------------------------
+# $File: osf1,v 1.7 2009/09/19 16:28:11 christos Exp $
+#
+# Mach magic number info
+#
+0 long 0xefbe OSF/Rose object
+# I386 magic number info
+#
+0 short 0565 i386 COFF object
diff --git a/magic/Magdir/palm b/magic/Magdir/palm
new file mode 100644
index 0000000..5d2b913
--- /dev/null
+++ b/magic/Magdir/palm
@@ -0,0 +1,156 @@
+
+#------------------------------------------------------------------------------
+# $File: palm,v 1.15 2021/12/16 21:50:06 christos Exp $
+# palm: file(1) magic for PalmOS {.prc,.pdb}: applications, docfiles, and hacks
+#
+# Brian Lalor <blalor@hcirisc.cs.binghamton.edu>
+
+# These are weak, byte 59 is not guaranteed to be 0 and there are
+# 8 character identifiers at byte 60, one I found for appl is BIGb.
+# What are the possibilities and where is this documented?
+
+# The common header format for PalmOS .pdb/.prc files is
+# {
+# char name[ 32 ];
+# Word attributes;
+# Word version;
+# DWord creationDate;
+# DWord modificationDate;
+# DWord lastBackupDate;
+# DWord modificationNumber;
+# DWord appInfoID;
+# DWord sortInfoID;
+# char type[4];
+# char creator[4];
+# DWord uniqueIDSeed;
+# RecordListType recordList;
+# };
+#
+# Datestamps are unsigned seconds since the MacOS epoch (Jan 1, 1904),
+# or Unix/POSIX time + 2082844800.
+
+0 name aportisdoc
+# date is supposed to be big-endian seconds since 1 Jan 1904, but many
+# files contain the timestamp in little-endian or a completely
+# nonsensical value...
+#>36 bedate-2082844800 >0 \b, created %s
+# compression: 1=uncomp, 2=orig, 0x4448=HuffDic
+>(78.L) beshort =1 \b, uncompressed
+# compressed
+>(78.L) beshort >1
+>>(78.L+4) belong x \b, %d bytes uncompressed
+
+# appl
+#60 string appl PalmOS application
+#>0 string >\0 "%s"
+
+# HACK
+#60 string HACK HackMaster hack
+#>0 string >\0 "%s"
+
+# iSiloX e-book
+60 string SDocSilX iSiloX E-book
+>0 string >\0 "%s"
+
+# Mobipocket (www.mobipocket.com), donated by Carl Witty
+# expanded by Ralf Brown
+60 string BOOKMOBI Mobipocket E-book
+!:mime application/x-mobipocket-ebook
+# MobiPocket stores a full title, pointed at by the belong at offset
+# 0x54 in its header at (78.L), with length given by the belong at
+# offset 0x58.
+# there's no guarantee that the title string is null-terminated, but
+# we currently can't specify a variable-length string where the length
+# field is not at the start of the string; in practice, the data
+# following the string always seems to start with a zero byte
+>(78.L) belong x
+>>&(&0x50.L-4) string >\0 "%s"
+>0 use aportisdoc
+>>(78.L+0x68) belong >0 \b, version %d
+>>(78.L+0x1C) belong !0 \b, codepage %d
+>>(78.L+0x0C) beshort >0 \b, encrypted (type %d)
+
+# AportisDoc/PalmDOC
+60 string TEXtREAd AportisDoc/PalmDOC E-book
+>0 string >\0 "%s"
+>0 use aportisdoc
+
+# Variety of PalmOS document types
+# Michael-John Turner <mj@debian.org>
+# Thanks to Hasan Umit Ezerce <humit@tr-net.net.tr> for his DocType
+60 string BVokBDIC BDicty PalmOS document
+>0 string >\0 "%s"
+60 string DB99DBOS DB PalmOS document
+>0 string >\0 "%s"
+60 string vIMGView FireViewer/ImageViewer PalmOS document
+>0 string >\0 "%s"
+60 string PmDBPmDB HanDBase PalmOS document
+>0 string >\0 "%s"
+60 string InfoINDB InfoView PalmOS document
+>0 string >\0 "%s"
+60 string ToGoToGo iSilo PalmOS document
+>0 string >\0 "%s"
+60 string JfDbJBas JFile PalmOS document
+>0 string >\0 "%s"
+60 string JfDbJFil JFile Pro PalmOS document
+>0 string >\0 "%s"
+60 string DATALSdb List PalmOS document
+>0 string >\0 "%s"
+60 string Mdb1Mdb1 MobileDB PalmOS document
+>0 string >\0 "%s"
+60 string PNRdPPrs PeanutPress PalmOS document
+>0 string >\0 "%s"
+60 string DataPlkr Plucker PalmOS document
+>0 string >\0 "%s"
+60 string DataSprd QuickSheet PalmOS document
+>0 string >\0 "%s"
+60 string SM01SMem SuperMemo PalmOS document
+>0 string >\0 "%s"
+60 string TEXtTlDc TealDoc PalmOS document
+>0 string >\0 "%s"
+60 string InfoTlIf TealInfo PalmOS document
+>0 string >\0 "%s"
+60 string DataTlMl TealMeal PalmOS document
+>0 string >\0 "%s"
+60 string DataTlPt TealPaint PalmOS document
+>0 string >\0 "%s"
+60 string dataTDBP ThinkDB PalmOS document
+>0 string >\0 "%s"
+60 string TdatTide Tides PalmOS document
+>0 string >\0 "%s"
+60 string ToRaTRPW TomeRaider PalmOS document
+>0 string >\0 "%s"
+
+# A GutenPalm zTXT etext for use on Palm Pilots (http://gutenpalm.sf.net)
+# For version 1.xx zTXTs, outputs version and numbers of bookmarks and
+# annotations.
+# For other versions, just outputs version.
+#
+60 string zTXT A GutenPalm zTXT e-book
+>0 string >\0 "%s"
+>(0x4E.L) byte 0
+>>(0x4E.L+1) byte x (v0.%02d)
+>(0x4E.L) byte 1
+>>(0x4E.L+1) byte x (v1.%02d)
+>>>(0x4E.L+10) beshort >0
+>>>>(0x4E.L+10) beshort <2 - 1 bookmark
+>>>>(0x4E.L+10) beshort >1 - %d bookmarks
+>>>(0x4E.L+14) beshort >0
+>>>>(0x4E.L+14) beshort <2 - 1 annotation
+>>>>(0x4E.L+14) beshort >1 - %d annotations
+>(0x4E.L) byte >1 (v%d.
+>>(0x4E.L+1) byte x %02d)
+
+# Palm OS .prc file types
+60 string libr
+# flags, only bit 0 or bit 6
+# https://en.wikipedia.org/wiki/PRC_%28Palm_OS%29
+# https://web.mit.edu/tytso/www/pilot/prc-format.html
+>0x20 beshort&0xffbe 0
+>>0 string >\0 Palm OS dynamic library data "%s"
+60 string ptch Palm OS operating system patch data
+>0 string >\0 "%s"
+
+# Mobipocket (www.mobipocket.com), donated by Carl Witty
+60 string BOOKMOBI Mobipocket E-book
+>0 string >\0 "%s"
diff --git a/magic/Magdir/parix b/magic/Magdir/parix
new file mode 100644
index 0000000..ba5cbf5
--- /dev/null
+++ b/magic/Magdir/parix
@@ -0,0 +1,13 @@
+
+#------------------------------------------------------------------------------
+# $File: parix,v 1.5 2020/03/08 22:18:32 christos Exp $
+#
+# Parix COFF executables
+# From: Ignatios Souvatzis <ignatios@cs.uni-bonn.de>
+#
+0 beshort&0xefff 0x8ACE PARIX
+>0 byte&0xf0 0x80 T800
+>0 byte&0xf0 0x90 T9000
+>19 byte&0x02 0x02 executable
+>19 byte&0x02 0x00 object
+>19 byte&0x0c 0x00 not stripped
diff --git a/magic/Magdir/parrot b/magic/Magdir/parrot
new file mode 100644
index 0000000..b2a56c8
--- /dev/null
+++ b/magic/Magdir/parrot
@@ -0,0 +1,22 @@
+#------------------------------------------------------------------------------
+# $File: parrot,v 1.2 2019/04/19 00:42:27 christos Exp $
+# parrot: file(1) magic for Parrot Virtual Machine
+# URL: https://www.lua.org/
+# From: Lubomir Rintel <lkundrak@v3.sk>
+
+# Compiled Parrot byte code
+0 string \376PBC\r\n\032\n Parrot bytecode
+>64 byte x %d.
+>72 byte x \b%d,
+>8 byte >0 %d byte words,
+>16 byte 0 little-endian,
+>16 byte 1 big-endian,
+>32 byte 0 IEEE-754 8 byte double floats,
+>32 byte 1 x86 12 byte long double floats,
+>32 byte 2 IEEE-754 16 byte long double floats,
+>32 byte 3 MIPS 16 byte long double floats,
+>32 byte 4 AIX 16 byte long double floats,
+>32 byte 5 4-byte floats,
+>40 byte x Parrot %d.
+>48 byte x \b%d.
+>56 byte x \b%d
diff --git a/magic/Magdir/pascal b/magic/Magdir/pascal
new file mode 100644
index 0000000..6168802
--- /dev/null
+++ b/magic/Magdir/pascal
@@ -0,0 +1,39 @@
+#------------------------------------------------------------------------------
+# $File: pascal,v 1.4 2022/07/30 16:53:06 christos Exp $
+# pascal: file(1) magic for Pascal source
+#
+0 search/8192 (input, Pascal source text
+!:mime text/x-pascal
+#0 regex \^program Pascal source text
+#!:mime text/x-pascal
+#0 regex \^record Pascal source text
+#!:mime text/x-pascal
+
+# Free Pascal
+0 string PPU Pascal unit
+>3 string x \b, version %s
+
+# From: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/Dan_Bricklin
+0 string/b Type
+# URL: https://dl.winworldpc.com/Dan%20Bricklins%20Demo%20II%20Version%202%20Manual.7z
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/d/dbd-v2.trid.xml
+>4 string D2 Dan Bricklin's Demo 2 demo
+#!:mime application/octet-stream
+!:ext dbd
+# URL: https://muhaz.org/turbo-pascal-download-details.html
+# From: Joerg Jenderek
+# Note: used by Turbo Pascal 5.5 TOUR.EXE
+>4 string T2 Turbo Pascal TOUR data
+#!:mime application/octet-stream
+!:mime application/x-borland-cbt
+!:ext cbt
+# WHAT iS THAT?
+#>4 string \040P Dan Bricklin's Demo 2 foo
+#!:mime application/octet-stream
+# _PPRINT.SG2 _PASCII.SG2
+#!:ext sg2
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/d/dbd-gen.trid.xml
+>4 default x Dan Bricklin's Demo demo (generic)
+#!:mime application/octet-stream
+!:ext dbd
diff --git a/magic/Magdir/pbf b/magic/Magdir/pbf
new file mode 100644
index 0000000..0ab7a88
--- /dev/null
+++ b/magic/Magdir/pbf
@@ -0,0 +1,11 @@
+
+#------------------------------------------------------------------------------
+# $File: pbf,v 1.3 2019/04/19 00:42:27 christos Exp $
+# file(1) magic(5) data for OpenStreetMap
+
+# OpenStreetMap Protocolbuffer Binary Format (.osm.pbf)
+# https://wiki.openstreetmap.org/wiki/PBF_Format
+# From: Markus Heidelberg <markus.heidelberg@web.de>
+0 belong&0xfffffff0 0
+>4 beshort 0x0A09
+>>6 string OSMHeader OpenStreetMap Protocolbuffer Binary Format
diff --git a/magic/Magdir/pbm b/magic/Magdir/pbm
new file mode 100644
index 0000000..40ecf49
--- /dev/null
+++ b/magic/Magdir/pbm
@@ -0,0 +1,8 @@
+
+#------------------------------------------------------------------------------
+# $File: pbm,v 1.6 2009/09/19 16:28:11 christos Exp $
+# pbm: file(1) magic for Portable Bitmap files
+#
+# XXX - byte order?
+#
+0 short 0x2a17 "compact bitmap" format (Poskanzer)
diff --git a/magic/Magdir/pc88 b/magic/Magdir/pc88
new file mode 100644
index 0000000..03822f5
--- /dev/null
+++ b/magic/Magdir/pc88
@@ -0,0 +1,24 @@
+#------------------------------------------------------------------------------
+# pc88: file(1) magic for the NEC Home Computer
+# v1.0
+# Fabio R. Schmidlin <sd-snatcher@users.sourceforge.net>
+
+# PC88 2D disk image
+0x20 ulelong&0xFFFFFEFF 0x2A0
+>0x10 string \0\0\0\0\0\0\0\0\0\0
+>>0x280 string \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
+>>>0x1A ubyte&0xEF 0
+>>>>0x1B ubyte&0x8F 0
+>>>>>0x1B ubyte&70 <0x40
+>>>>>>0x1C ulelong >0x21
+>>>>>>>0 regex [[:print:]]* NEC PC-88 disk image, name=%s
+>>>>>>>>0x1B ubyte 0 \b, media=2D
+>>>>>>>>0x1B ubyte 0x10 \b, media=2DD
+>>>>>>>>0x1B ubyte 0x20 \b, media=2HD
+>>>>>>>>0x1B ubyte 0x30 \b, media=1D
+>>>>>>>>0x1B ubyte 0x40 \b, media=1DD
+>>>>>>>>0x1A ubyte 0x10 \b, write-protected
+
+
+
+
diff --git a/magic/Magdir/pc98 b/magic/Magdir/pc98
new file mode 100644
index 0000000..e8f6b8a
--- /dev/null
+++ b/magic/Magdir/pc98
@@ -0,0 +1,77 @@
+#------------------------------------------------------------------------------
+# pc98: file(1) magic for the MSX Home Computer
+# v1.0
+# Fabio R. Schmidlin <sd-snatcher@users.sourceforge.net>
+
+# Maki-chan v1 Graphic format
+# The image resolution should be X=(44.L - 40.L) and Y=(46.L - 42.L), but I couldn't find a way to do so
+# http://www.jisyo.com/viewer/faq/maki_tech.htm
+0 string/b MAKI01 Maki-chan v1.
+>6 ubyte|0x20 x \b%c image
+>8 ubelong >0x40404040 \b, system ID:
+>>8 byte x %c
+>>9 byte x \b%c
+>>10 byte x \b%c
+>>11 byte x \b%c
+>44 ubeshort x \b, %dx
+>46 ubeshort x \b%d
+>38 ubeshort&2 0 \b, 16 paletted RGB colors
+>38 ubeshort&2 2 \b, 8 fixed RGB colors
+>38 ubeshort&1 1 \b, 2:1 dot aspect ratio
+
+# Maki-chan v2 Graphic format
+# http://www.jisyo.com/viewer/faq/mag_tech.htm
+# https://mooncore.eu/bunny/txt/makichan.htm
+# http://metanest.jp/mag/mag.xhtml
+0 string/b MAKI02\ \ Maki-chan v2 image,
+>8 byte x system ID: %c
+>9 byte x \b%c
+>10 byte x \b%c
+>11 byte x \b%c,
+>13 search/0x200 \x1A
+#Maki-chan video modes are a bit messy and seems to have been expanded over the years without too much planing:
+#1) When offset1(ubeshort) !=0x0344:
+# 1.1) And offset3(ubyte).b7=0:
+# - b0=pixel aspect ratio: 1=2:1 (note: this ignores that the machine's 1:1 pixel aspect ratio isn't really 1:1)
+# - b1=number of colors: 0=16 colors, 1=8 colors
+# - b2=Palette or fixed colors flag (called "analog" and "digital" in the doc): 0=Paletted, 1=Fixed colors encoded directly in the pixel data
+# 1.2) And offset3(ubyte).B7=1:
+# - b0=256 paletted colors
+# - b1=256 fixed colors using the MSX SCR8 palette
+#2) When offset1(ubeshort) =0x0344:
+# - 256x212 image with 19268 YJK colors. The usual resolution and color information fields from the file must be ignored
+>>&1 ubeshort 0x0344 256x212, 19268 fixed YJK colors
+>>&1 ubeshort !0x0344
+>>>&5 uleshort+1 x %dx
+>>>&7 uleshort+1 x \b%d,
+>>>&0 ubyte&0x86 0x00 16 paletted RGB colors
+>>>&0 ubyte&0x86 0x02 8 paletted RGB colors
+>>>&0 ubyte&0x86 0x04 16 fixed RGB colors
+>>>&0 ubyte&0x86 0x06 8 fixed RGB colors
+>>>&0 ubyte&0x81 0x80 256 paletted RGB colors
+>>>&0 ubyte&0x81 0x81 256 fixed MSX-SCR8 colors
+>>>&0 ubyte&0x01 1 \b, 2:1 dot aspect ratio
+
+# XLD4 (Q4) picture
+11 string/b MAJYO XLD4(Q4) picture
+
+# Yanagisawa Pi picture
+#0 string Pi\x1A\0 Yanagisawa Pi picture
+#>3 search/0x200 \x04
+0 string Pi
+>2 search/0x200 \x1A
+>>&0 ubyte 0
+>>>&3 ubyte 4 Yanagisawa Pi 16 color picture,
+>>>&4 byte x system ID: %c
+>>>&5 byte x \b%c
+>>>&6 byte x \b%c
+>>>&7 byte x \b%c,
+>>>&10 ubeshort x %dx
+>>>&12 ubeshort x \b%d
+>>>&3 ubyte 8 Yanagisawa Pi 256 color picture
+>>>&4 byte x system ID: %c
+>>>&5 byte x \b%c
+>>>&6 byte x \b%c
+>>>&7 byte x \b%c,
+>>>&10 ubeshort x %dx
+>>>&12 ubeshort x \b%d
diff --git a/magic/Magdir/pci_ids b/magic/Magdir/pci_ids
new file mode 100644
index 0000000..34bc2e2
--- /dev/null
+++ b/magic/Magdir/pci_ids
@@ -0,0 +1,116 @@
+
+#------------------------------------------------------------------------------
+# $File: pci_ids,v 1.1 2022/04/02 14:47:42 christos Exp $
+# pci.ids: file(1) magic for PCI specific informations
+#
+
+# Vendor identification (ID) https://pci-ids.ucw.cz/v2.2/pci.ids
+# show hexadecimal PCI vendor identification in human readable text form
+0 name PCI-vendor
+# ID vendor name
+#>0 uleshort =0x0f00 fOO
+>0 uleshort =0x1000 Broadcom
+>0 uleshort =0x1002 AMD/ATI
+>0 uleshort =0x1013 Cirrus Logic
+>0 uleshort =0x1014 IBM
+>0 uleshort =0x1022 AMD
+>0 uleshort =0x1050 Winbond
+>0 uleshort =0x105a Promise
+>0 uleshort =0x1095 Silicon
+>0 uleshort =0x10EC Realtek
+>0 uleshort =0x10de NVIDIA
+>0 uleshort =0x1106 VIA
+# Woodward McCoach, Inc.
+>0 uleshort =0x1231 Woodward
+#
+>0 uleshort =0x1234 Bochs
+>0 uleshort =0x15ad VMware
+>0 uleshort =0x1af4 Virtio
+>0 uleshort =0x1b36 QEMU
+>0 uleshort =0x1de1 Tekram
+# maybe also Promise?
+#>0 uleshort =0x4289 Promise
+#>0 uleshort =0x66a1 FOO
+>0 uleshort =0x8086 Intel
+>0 uleshort =0x9004 Adaptec
+# also Adaptec; but no example
+>0 uleshort =0x9005 Adaptec
+# for unknown/missing manufactors
+>0 default x UNKNOWN
+>>0 uleshort x (%#4.4x)
+
+# https://blog.ladsai.com/pci-configuration-space-class-code.html
+# Base class code https://wiki.osdev.org/PCI
+# show hexadecimal PCI class+sub+ProgIF identification in human readable text form
+0 name PCI-class
+#>0 ubyte x CLASS=%x
+>0 ubyte x
+# Device was built prior definition of the class code field
+>>0 ubyte 0x00 PRIOR
+# Any device except for VGA-Compatible devices like: 2975BIOS.BIN Trm3x5.bin
+# BUT also NVidia44.bin vgabios-stdvga-bin.rom
+#>>>0 ubyte 0x00 NOT VGA
+# VGA-Compatible Device; NO EXAMPLE found here!!
+#>>>0 ubyte 0x01 VGA
+# like 4243.bin
+#>>>0 ubyte 0x04 SUB_CLASS_4
+>>0 ubyte 0x01 storage controller
+# device sub-type and its definition is dependent upon the base-type code
+>>>1 ubyte 0x00 SCSI
+>>>1 ubyte 0x01 IDE
+>>>1 ubyte 0x02 Floppy
+>>>1 ubyte 0x03 IPI
+>>>0 ubyte 0x04 RAID
+>>>1 ubyte 0x05 ATA
+>>>1 ubyte 0x06 SATA
+>>>1 ubyte 0x07 SAS
+>>>1 ubyte 0x08 NVM
+# 4650_sr5.bin "PROMISE" "FT TX4650 Ary X"
+>>>1 ubyte 0x80 OTHER
+>>0 ubyte 0x02 network controller
+>>>1 ubyte 0x00 ethernet
+>>>1 ubyte 0x01 token ring
+>>>1 ubyte 0x02 FDDI
+>>>1 ubyte 0x03 ATM
+>>>1 ubyte 0x04 ISDN
+>>>1 ubyte 0x05 WorldFip
+# PICMG 2.14 Multi Computing
+>>>1 ubyte 0x06 PICMG
+>>>1 ubyte 0x80 OTHER
+>>0 ubyte 0x03 display controller
+>>0 ubyte 0x04 multimedia controller
+>>0 ubyte 0x05 memory controller
+>>0 ubyte 0x06 bridge device
+# Simple Communication Controllers
+>>0 ubyte 0x07 communication controller
+# Base System Peripherals
+>>0 ubyte 0x08 base peripheral
+# Input Devices
+>>0 ubyte 0x09 input device
+# Docking Stations
+>>0 ubyte 0x0A docking station
+>>0 ubyte 0x0B processor
+>>0 ubyte 0x0C serial bus controller
+>>0 ubyte 0x0D wireless controller
+# Intelligent I/O Controllers
+>>0 ubyte 0x0E I/O controller
+# Satellite Communication Controllers
+>>0 ubyte 0x0F satellite controller
+# Encryption/Decryption Controllers
+>>0 ubyte 0x10 encryption controller
+# Data Acquisition and Signal Processing Controllers
+>>0 ubyte 0x11 signal controller
+# Processing Accelerator
+>>0 ubyte 0x12 processing accelerator
+# Non-Essential Instrumentation
+>>0 ubyte 0x13 non-essential
+# reserved or unassigned
+>>0 default x
+# device does not fit any defined class; Unassigned Class (Vendor specific)
+>>>0 ubyte 0xFF UNASSIGNED
+# THIS SHOULD NOT HAPPEN! BUT CLASS=8f for Promise 4650_sr5.bin 8660_sr5.bin
+>>>0 default x RESERVED
+>>>>0 ubyte x (%#x)
+# Prog IF of PCI class code?
+# defines the specific device programming interface
+>2 ubyte >0 \b, ProgIF=%u
diff --git a/magic/Magdir/pcjr b/magic/Magdir/pcjr
new file mode 100644
index 0000000..c3ab7a2
--- /dev/null
+++ b/magic/Magdir/pcjr
@@ -0,0 +1,8 @@
+
+#------------------------------------------------------------------------------
+# $File: pcjr,v 1.1 2021/01/09 15:09:58 christos Exp $
+# pcjr: file(1) magic for PCjr Cartridge image file format
+# From: Francis Laniel <laniel_francis@privacyrequired.com>
+0 string PCjr
+>0x80 beshort 0x55aa PCjr Cartridge image
+>0x200 beshort 0x55aa PCjr Cartridge image
diff --git a/magic/Magdir/pdf b/magic/Magdir/pdf
new file mode 100644
index 0000000..7a99d8d
--- /dev/null
+++ b/magic/Magdir/pdf
@@ -0,0 +1,51 @@
+
+#------------------------------------------------------------------------------
+# $File: pdf,v 1.18 2023/07/17 15:57:18 christos Exp $
+# pdf: file(1) magic for Portable Document Format
+#
+
+0 name pdf
+>8 search /Count
+>>&0 regex [0-9]+ \b, %s page(s)
+>8 search/512 /Filter/FlateDecode/ (zip deflate encoded)
+
+0 string %PDF- PDF document
+!:mime application/pdf
+!:strength +60
+!:ext pdf
+>5 byte x \b, version %c
+>7 byte x \b.%c
+>0 use pdf
+
+0 string \012%PDF- PDF document
+!:mime application/pdf
+!:strength +60
+!:ext pdf
+>6 byte x \b, version %c
+>8 byte x \b.%c
+>0 use pdf
+
+0 string \xef\xbb\xbf%PDF- PDF document (UTF-8)
+!:mime application/pdf
+!:strength +60
+!:ext pdf
+>6 byte x \b, version %c
+>8 byte x \b.%c
+>0 use pdf
+
+# From: Nick Schmalenberger <nick@schmalenberger.us>
+# Forms Data Format
+0 string %FDF- FDF document
+!:mime application/vnd.fdf
+!:strength +60
+!:ext pdf
+>5 byte x \b, version %c
+>7 byte x \b.%c
+
+0 search/1024 %PDF- PDF document
+!:mime application/pdf
+!:strength +60
+!:ext pdf
+>&0 byte x \b, version %c
+>&2 byte x \b.%c
+>0 use pdf
diff --git a/magic/Magdir/pdp b/magic/Magdir/pdp
new file mode 100644
index 0000000..2d18b62
--- /dev/null
+++ b/magic/Magdir/pdp
@@ -0,0 +1,42 @@
+
+#------------------------------------------------------------------------------
+# $File: pdp,v 1.11 2017/03/17 21:35:28 christos Exp $
+# pdp: file(1) magic for PDP-11 executable/object and APL workspace
+#
+0 lelong 0101555 PDP-11 single precision APL workspace
+0 lelong 0101554 PDP-11 double precision APL workspace
+#
+# PDP-11 a.out
+#
+0 leshort 0407 PDP-11 executable
+>8 leshort >0 not stripped
+>15 byte >0 - version %d
+
+# updated by Joerg Jenderek at Mar 2013
+# GRR: line below too general as it catches also Windows precompiled setup information *.PNF
+0 leshort 0401
+# skip *.PNF with WinDirPathOffset 58h
+>68 ulelong !0x00000058 PDP-11 UNIX/RT ldp
+# skip *.PNF with high byte of InfVersionDatumCount zero
+#>>15 byte !0 PDP-11 UNIX/RT ldp
+0 leshort 0405 PDP-11 old overlay
+
+0 leshort 0410 PDP-11 pure executable
+>8 leshort >0 not stripped
+>15 byte >0 - version %d
+
+0 leshort 0411 PDP-11 separate I&D executable
+>8 leshort >0 not stripped
+>15 byte >0 - version %d
+
+0 leshort 0437 PDP-11 kernel overlay
+
+# These last three are derived from 2.11BSD file(1)
+0 leshort 0413 PDP-11 demand-paged pure executable
+>8 leshort >0 not stripped
+
+0 leshort 0430 PDP-11 overlaid pure executable
+>8 leshort >0 not stripped
+
+0 leshort 0431 PDP-11 overlaid separate executable
+>8 leshort >0 not stripped
diff --git a/magic/Magdir/perl b/magic/Magdir/perl
new file mode 100644
index 0000000..4a3756a
--- /dev/null
+++ b/magic/Magdir/perl
@@ -0,0 +1,100 @@
+#------------------------------------------------------------------------------
+# $File: perl,v 1.27 2023/07/17 16:01:36 christos Exp $
+# perl: file(1) magic for Larry Wall's perl language.
+#
+# The `eval' lines recognizes an outrageously clever hack.
+# Keith Waclena <keith@cerberus.uchicago.edu>
+# Send additions to <perl5-porters@perl.org>
+0 search/1024 eval\ "exec\ perl Perl script text
+!:mime text/x-perl
+0 search/1024 eval\ "exec\ /bin/perl Perl script text
+!:mime text/x-perl
+0 search/1024 eval\ "exec\ /usr/bin/perl Perl script text
+!:mime text/x-perl
+0 search/1024 eval\ "exec\ /usr/local/bin/perl Perl script text
+!:mime text/x-perl
+0 search/1024 eval\ 'exec\ perl Perl script text
+!:mime text/x-perl
+0 search/1024 eval\ 'exec\ /bin/perl Perl script text
+!:mime text/x-perl
+0 search/1024 eval\ 'exec\ /usr/bin/perl Perl script text
+!:mime text/x-perl
+0 search/1024 eval\ 'exec\ /usr/local/bin/perl Perl script text
+!:mime text/x-perl
+0 search/1024 eval\ '(exit\ $?0)'\ &&\ eval\ 'exec Perl script text
+!:mime text/x-perl
+0 string #!/usr/bin/env\ perl Perl script text executable
+!:mime text/x-perl
+0 string #!\ /usr/bin/env\ perl Perl script text executable
+!:mime text/x-perl
+0 string #!
+>0 regex \^#!.*/bin/perl([[:space:]].*)*$ Perl script text executable
+!:mime text/x-perl
+
+# by Dmitry V. Levin and Alexey Tourbin
+# check the first line
+0 search/8192 package
+>0 regex \^package[[:space:]]+[0-9A-Za-z_:]+[[:space:]]*([[:space:]]v?[0-9][0-9.]*)?[[:space:]]*; Perl5 module source text
+!:strength + 40
+# not 'p', check other lines
+0 search/8192 !p
+>0 regex \^package[[:space:]]+[0-9A-Za-z_:]+[[:space:]]*([[:space:]]v?[0-9][0-9.]*)?[[:space:]]*;
+>>0 regex \^1[[:space:]]*;|\^(use|sub|my)[[:space:]].*[(;{=] Perl5 module source text
+!:strength + 75
+
+# Perl POD documents
+# From: Tom Hukins <tom@eborcom.com>
+0 search/1024/W \=pod\n Perl POD document text
+0 search/1024/W \n\=pod\n Perl POD document text
+0 search/1024/W \=head1\ Perl POD document text
+0 search/1024/W \n\=head1\ Perl POD document text
+0 search/1024/W \=head2\ Perl POD document text
+0 search/1024/W \n\=head2\ Perl POD document text
+0 search/1024/W \=encoding\ Perl POD document text
+0 search/1024/W \n\=encoding\ Perl POD document text
+
+
+# Perl Storable data files.
+0 string perl-store perl Storable (v0.6) data
+>4 byte >0 (net-order %d)
+>>4 byte &01 (network-ordered)
+>>4 byte =3 (major 1)
+>>4 byte =2 (major 1)
+
+0 string pst0 perl Storable (v0.7) data
+>4 byte >0
+>>4 byte &01 (network-ordered)
+>>4 byte =5 (major 2)
+>>4 byte =4 (major 2)
+>>5 byte >0 (minor %d)
+
+# This is Debian #742949 by Zefram <zefram@fysh.org>:
+# -----------------------------------------------------------
+# The Perl module Hash::SharedMem
+# <https://metacpan.org/release/Hash-SharedMem> defines a file format
+# for a key/value store. Details of the file format are in the "DESIGN"
+# file in the module distribution. Magic:
+0 bequad =0xa58afd185cbf5af7 Hash::SharedMem master file, big-endian
+>8 bequad <0x1000000
+>>15 byte >2 \b, line size 2^%d byte
+>>14 byte >2 \b, page size 2^%d byte
+>>13 byte &1
+>>>13 byte >1 \b, max fanout %d
+0 lequad =0xa58afd185cbf5af7 Hash::SharedMem master file, little-endian
+>8 lequad <0x1000000
+>>8 byte >2 \b, line size 2^%d byte
+>>9 byte >2 \b, page size 2^%d byte
+>>10 byte &1
+>>>10 byte >1 \b, max fanout %d
+0 bequad =0xc693dac5ed5e47c2 Hash::SharedMem data file, big-endian
+>8 bequad <0x1000000
+>>15 byte >2 \b, line size 2^%d byte
+>>14 byte >2 \b, page size 2^%d byte
+>>13 byte &1
+>>>13 byte >1 \b, max fanout %d
+0 lequad =0xc693dac5ed5e47c2 Hash::SharedMem data file, little-endian
+>8 lequad <0x1000000
+>>8 byte >2 \b, line size 2^%d byte
+>>9 byte >2 \b, page size 2^%d byte
+>>10 byte &1
+>>>10 byte >1 \b, max fanout %d
diff --git a/magic/Magdir/pgf b/magic/Magdir/pgf
new file mode 100644
index 0000000..8318ce1
--- /dev/null
+++ b/magic/Magdir/pgf
@@ -0,0 +1,52 @@
+
+#------------------------------------------------------------------------------
+# $File: pgf,v 1.3 2021/02/23 00:51:10 christos Exp $
+# pgf: file(1) magic for Progressive Graphics File (PGF)
+#
+# <http://www.libpgf.org/uploads/media/PGF_Details_01.pdf>
+# 2013 by Philipp Hahn <pmhahn debian org>
+0 string PGF Progressive Graphics image data,
+!:mime image/x-pgf
+>3 string 2 version %s,
+>3 string 4 version %s,
+>3 string 5 version %s,
+>3 string 6 version %s,
+# PGFPreHeader
+#>>4 lelong x header size %d,
+# PGFHeader
+>>8 lelong x %d x
+>>12 lelong x %d,
+>>16 byte x %d levels,
+>>17 byte x compression level %d,
+>>18 byte x %d bpp,
+>>19 byte x %d channels,
+>>20 clear x
+>>20 byte 0 bitmap,
+>>20 byte 1 gray scale,
+>>20 byte 2 indexed color,
+>>20 byte 3 RGB color,
+>>20 byte 4 CMYK color,
+>>20 byte 5 HSL color,
+>>20 byte 6 HSB color,
+>>20 byte 7 multi-channel,
+>>20 byte 8 duo tone,
+>>20 byte 9 LAB color,
+>>20 byte 10 gray scale 16,
+>>20 byte 11 RGB color 48,
+>>20 byte 12 LAB color 48,
+>>20 byte 13 CMYK color 64,
+>>20 byte 14 deep multi-channel,
+>>20 byte 15 duo tone 16,
+>>20 byte 17 RGBA color,
+>>20 byte 18 gray scale 32,
+>>20 byte 19 RGB color 12,
+>>20 byte 20 RGB color 16,
+>>20 byte 255 unknown format,
+>>20 default x format
+>>>20 byte x \b %d,
+>>21 byte x %d bpc
+# PGFPostHeader
+# Level-Sizes
+#>>(4.l+4) lelong x level 0 size: %d
+#>>(4.l+8) lelong x level 1 size: %d
+#>>(4.l+12) lelong x level 2 size: %d
diff --git a/magic/Magdir/pgp b/magic/Magdir/pgp
new file mode 100644
index 0000000..d818838
--- /dev/null
+++ b/magic/Magdir/pgp
@@ -0,0 +1,581 @@
+
+#------------------------------------------------------------------------------
+# $File: pgp,v 1.25 2021/04/26 15:56:00 christos Exp $
+# pgp: file(1) magic for Pretty Good Privacy
+
+# Handling of binary PGP keys is in pgp-binary-keys.
+# see https://lists.gnupg.org/pipermail/gnupg-devel/1999-September/016052.html
+#
+0 beshort 0xa600 PGP encrypted data
+#!:mime application/pgp-encrypted
+#0 string -----BEGIN\040PGP text/PGP armored data
+!:mime text/PGP # encoding: armored data
+#>15 string PUBLIC\040KEY\040BLOCK- public key block
+#>15 string MESSAGE- message
+#>15 string SIGNED\040MESSAGE- signed message
+#>15 string PGP\040SIGNATURE- signature
+
+# Update: Joerg Jenderek
+# URL: http://en.wikipedia.org/wiki/Pretty_Good_Privacy
+# Reference: https://reposcope.com/mimetype/application/pgp-keys
+2 string ---BEGIN\040PGP\040PRIVATE\040KEY\040BLOCK- PGP private key block
+#!:mime text/PGP
+!:mime application/pgp-keys
+!:ext asc
+2 string ---BEGIN\040PGP\040PUBLIC\040KEY\040BLOCK- PGP public key block
+!:mime application/pgp-keys
+!:ext asc
+>10 search/100 \n\n
+>>&0 use pgp
+0 string -----BEGIN\040PGP\040MESSAGE- PGP message
+# https://reposcope.com/mimetype/application/pgp-encrypted
+#!:mime application/pgp
+!:mime application/pgp-encrypted
+!:ext asc
+#!:ext asc/pgp/gpg
+>10 search/100 \n\n
+>>&0 use pgp
+# Reference: https://www.gnupg.org/gph/en/manual/x135.html
+0 string -----BEGIN\040PGP\040SIGNED\040MESSAGE- PGP signed message
+#!:mime text/plain
+!:mime text/PGP
+#!:mime application/pgp
+!:ext asc
+0 string -----BEGIN\040PGP\040SIGNATURE- PGP signature
+# https://reposcope.com/mimetype/application/pgp-signature
+!:mime application/pgp-signature
+!:ext asc
+>10 search/100 \n\n
+>>&0 use pgp
+
+# Decode the type of the packet based on it's base64 encoding.
+# Idea from Mark Martinec
+# The specification is in RFC 4880, section 4.2 and 4.3:
+# https://tools.ietf.org/html/rfc4880#section-4.2
+
+0 name pgp
+>0 byte 0x67 Reserved (old)
+>0 byte 0x68 Public-Key Encrypted Session Key (old)
+>0 byte 0x69 Signature (old)
+>0 byte 0x6a Symmetric-Key Encrypted Session Key (old)
+>0 byte 0x6b One-Pass Signature (old)
+>0 byte 0x6c Secret-Key (old)
+>0 byte 0x6d Public-Key (old)
+>0 byte 0x6e Secret-Subkey (old)
+>0 byte 0x6f Compressed Data (old)
+>0 byte 0x70 Symmetrically Encrypted Data (old)
+>0 byte 0x71 Marker (old)
+>0 byte 0x72 Literal Data (old)
+>0 byte 0x73 Trust (old)
+>0 byte 0x74 User ID (old)
+>0 byte 0x75 Public-Subkey (old)
+>0 byte 0x76 Unused (old)
+>0 byte 0x77
+>>1 byte&0xc0 0x00 Reserved
+>>1 byte&0xc0 0x40 Public-Key Encrypted Session Key
+>>1 byte&0xc0 0x80 Signature
+>>1 byte&0xc0 0xc0 Symmetric-Key Encrypted Session Key
+>0 byte 0x78
+>>1 byte&0xc0 0x00 One-Pass Signature
+>>1 byte&0xc0 0x40 Secret-Key
+>>1 byte&0xc0 0x80 Public-Key
+>>1 byte&0xc0 0xc0 Secret-Subkey
+>0 byte 0x79
+>>1 byte&0xc0 0x00 Compressed Data
+>>1 byte&0xc0 0x40 Symmetrically Encrypted Data
+>>1 byte&0xc0 0x80 Marker
+>>1 byte&0xc0 0xc0 Literal Data
+>0 byte 0x7a
+>>1 byte&0xc0 0x00 Trust
+>>1 byte&0xc0 0x40 User ID
+>>1 byte&0xc0 0x80 Public-Subkey
+>>1 byte&0xc0 0xc0 Unused [z%x]
+>0 byte 0x30
+>>1 byte&0xc0 0x00 Unused [0%x]
+>>1 byte&0xc0 0x40 User Attribute
+>>1 byte&0xc0 0x80 Sym. Encrypted and Integrity Protected Data
+>>1 byte&0xc0 0xc0 Modification Detection Code
+
+# magic signatures to detect PGP crypto material (from stef)
+# detects and extracts metadata from:
+# - symmetric encrypted packet header
+# - RSA (e=65537) secret (sub-)keys
+
+# 1024b RSA encrypted data
+
+0 string \x84\x8c\x03 PGP RSA encrypted session key -
+>3 belong x keyid: %08X
+>7 belong x %08X
+>11 byte 0x01 RSA (Encrypt or Sign) 1024b
+>11 byte 0x02 RSA Encrypt-Only 1024b
+>12 string \x04\x00
+>12 string \x03\xff
+>12 string \x03\xfe
+>12 string \x03\xfd
+>12 string \x03\xfc
+>12 string \x03\xfb
+>12 string \x03\xfa
+>12 string \x03\xf9
+>142 byte 0xd2 .
+
+# 2048b RSA encrypted data
+
+0 string \x85\x01\x0c\x03 PGP RSA encrypted session key -
+>4 belong x keyid: %08X
+>8 belong x %08X
+>12 byte 0x01 RSA (Encrypt or Sign) 2048b
+>12 byte 0x02 RSA Encrypt-Only 2048b
+>13 string \x08\x00
+>13 string \x07\xff
+>13 string \x07\xfe
+>13 string \x07\xfd
+>13 string \x07\xfc
+>13 string \x07\xfb
+>13 string \x07\xfa
+>13 string \x07\xf9
+>271 byte 0xd2 .
+
+# 3072b RSA encrypted data
+
+0 string \x85\x01\x8c\x03 PGP RSA encrypted session key -
+>4 belong x keyid: %08X
+>8 belong x %08X
+>12 byte 0x01 RSA (Encrypt or Sign) 3072b
+>12 byte 0x02 RSA Encrypt-Only 3072b
+>13 string \x0c\x00
+>13 string \x0b\xff
+>13 string \x0b\xfe
+>13 string \x0b\xfd
+>13 string \x0b\xfc
+>13 string \x0b\xfb
+>13 string \x0b\xfa
+>13 string \x0b\xf9
+>399 byte 0xd2 .
+
+# 4096b RSA encrypted data
+
+0 string \x85\x02\x0c\x03 PGP RSA encrypted session key -
+>4 belong x keyid: %08X
+>8 belong x %08X
+>12 byte 0x01 RSA (Encrypt or Sign) 4096b
+>12 byte 0x02 RSA Encrypt-Only 4096b
+>13 string \x10\x00
+>13 string \x0f\xff
+>13 string \x0f\xfe
+>13 string \x0f\xfd
+>13 string \x0f\xfc
+>13 string \x0f\xfb
+>13 string \x0f\xfa
+>13 string \x0f\xf9
+>527 byte 0xd2 .
+
+# 8192b RSA encrypted data
+
+0 string \x85\x04\x0c\x03 PGP RSA encrypted session key -
+>4 belong x keyid: %08X
+>8 belong x %08X
+>12 byte 0x01 RSA (Encrypt or Sign) 8192b
+>12 byte 0x02 RSA Encrypt-Only 8192b
+>13 string \x20\x00
+>13 string \x1f\xff
+>13 string \x1f\xfe
+>13 string \x1f\xfd
+>13 string \x1f\xfc
+>13 string \x1f\xfb
+>13 string \x1f\xfa
+>13 string \x1f\xf9
+>1039 byte 0xd2 .
+
+# 1024b Elgamal encrypted data
+
+0 string \x85\x01\x0e\x03 PGP Elgamal encrypted session key -
+>4 belong x keyid: %08X
+>8 belong x %08X
+>12 byte 0x10 Elgamal Encrypt-Only 1024b.
+>13 string \x04\x00
+>13 string \x03\xff
+>13 string \x03\xfe
+>13 string \x03\xfd
+>13 string \x03\xfc
+>13 string \x03\xfb
+>13 string \x03\xfa
+>13 string \x03\xf9
+
+# 2048b Elgamal encrypted data
+
+0 string \x85\x02\x0e\x03 PGP Elgamal encrypted session key -
+>4 belong x keyid: %08X
+>8 belong x %08X
+>12 byte 0x10 Elgamal Encrypt-Only 2048b.
+>13 string \x08\x00
+>13 string \x07\xff
+>13 string \x07\xfe
+>13 string \x07\xfd
+>13 string \x07\xfc
+>13 string \x07\xfb
+>13 string \x07\xfa
+>13 string \x07\xf9
+
+# 3072b Elgamal encrypted data
+
+0 string \x85\x03\x0e\x03 PGP Elgamal encrypted session key -
+>4 belong x keyid: %08X
+>8 belong x %08X
+>12 byte 0x10 Elgamal Encrypt-Only 3072b.
+>13 string \x0c\x00
+>13 string \x0b\xff
+>13 string \x0b\xfe
+>13 string \x0b\xfd
+>13 string \x0b\xfc
+>13 string \x0b\xfb
+>13 string \x0b\xfa
+>13 string \x0b\xf9
+
+# crypto algo mapper
+
+0 name crypto
+>0 byte 0x00 Plaintext or unencrypted data
+>0 byte 0x01 IDEA
+>0 byte 0x02 TripleDES
+>0 byte 0x03 CAST5 (128 bit key)
+>0 byte 0x04 Blowfish (128 bit key, 16 rounds)
+>0 byte 0x07 AES with 128-bit key
+>0 byte 0x08 AES with 192-bit key
+>0 byte 0x09 AES with 256-bit key
+>0 byte 0x0a Twofish with 256-bit key
+
+# hash algo mapper
+
+0 name hash
+>0 byte 0x01 MD5
+>0 byte 0x02 SHA-1
+>0 byte 0x03 RIPE-MD/160
+>0 byte 0x08 SHA256
+>0 byte 0x09 SHA384
+>0 byte 0x0a SHA512
+>0 byte 0x0b SHA224
+
+# display public key algorithms as human readable text
+0 name key_algo
+>0 byte 0x01 RSA (Encrypt or Sign)
+# keep old look of version 5.28 without parentheses
+>0 byte 0x02 RSA Encrypt-Only
+>0 byte 0x03 RSA (Sign-Only)
+>0 byte 16 ElGamal (Encrypt-Only)
+>0 byte 17 DSA
+>0 byte 18 Elliptic Curve
+>0 byte 19 ECDSA
+>0 byte 20 ElGamal (Encrypt or Sign)
+>0 byte 21 Diffie-Hellman
+>0 default x
+>>0 ubyte <22 unknown (pub %d)
+# this should never happen
+>>0 ubyte >21 invalid (%d)
+
+# pgp symmetric encrypted data
+
+0 byte 0x8c PGP symmetric key encrypted data -
+>1 byte 0x0d
+>1 byte 0x0c
+>2 byte 0x04
+>3 use crypto
+>4 byte 0x01 salted -
+>>5 use hash
+>>14 byte 0xd2 .
+>>14 byte 0xc9 .
+>4 byte 0x03 salted & iterated -
+>>5 use hash
+>>15 byte 0xd2 .
+>>15 byte 0xc9 .
+
+# encrypted keymaterial needs s2k & can be checksummed/hashed
+
+0 name chkcrypto
+>0 use crypto
+>1 byte 0x00 Simple S2K
+>1 byte 0x01 Salted S2K
+>1 byte 0x03 Salted&Iterated S2K
+>2 use hash
+
+# all PGP keys start with this prolog
+# containing version, creation date, and purpose
+
+0 name keyprolog
+>0 byte 0x04
+>1 beldate x created on %s -
+>5 byte 0x01 RSA (Encrypt or Sign)
+>5 byte 0x02 RSA Encrypt-Only
+
+# end of secret keys known signature
+# contains e=65537 and the prolog to
+# the encrypted parameters
+
+0 name keyend
+>0 string \x00\x11\x01\x00\x01 e=65537
+>5 use crypto
+>5 byte 0xff checksummed
+>>6 use chkcrypto
+>5 byte 0xfe hashed
+>>6 use chkcrypto
+
+# PGP secret keys contain also the public parts
+# these vary by bitsize of the key
+
+0 name x1024
+>0 use keyprolog
+>6 string \x03\xfe
+>6 string \x03\xff
+>6 string \x04\x00
+>136 use keyend
+
+0 name x2048
+>0 use keyprolog
+>6 string \x80\x00
+>6 string \x07\xfe
+>6 string \x07\xff
+>264 use keyend
+
+0 name x3072
+>0 use keyprolog
+>6 string \x0b\xfe
+>6 string \x0b\xff
+>6 string \x0c\x00
+>392 use keyend
+
+0 name x4096
+>0 use keyprolog
+>6 string \x10\x00
+>6 string \x0f\xfe
+>6 string \x0f\xff
+>520 use keyend
+
+# \x00|\x1f[\xfe\xff]).{1024})'
+0 name x8192
+>0 use keyprolog
+>6 string \x20\x00
+>6 string \x1f\xfe
+>6 string \x1f\xff
+>1032 use keyend
+
+# depending on the size of the pkt
+# we branch into the proper key size
+# signatures defined as x{keysize}
+
+0 name pgpkey
+>0 string \x01\xd8 1024b
+>>2 use x1024
+>0 string \x01\xeb 1024b
+>>2 use x1024
+>0 string \x01\xfb 1024b
+>>2 use x1024
+>0 string \x01\xfd 1024b
+>>2 use x1024
+>0 string \x01\xf3 1024b
+>>2 use x1024
+>0 string \x01\xee 1024b
+>>2 use x1024
+>0 string \x01\xfe 1024b
+>>2 use x1024
+>0 string \x01\xf4 1024b
+>>2 use x1024
+>0 string \x02\x0d 1024b
+>>2 use x1024
+>0 string \x02\x03 1024b
+>>2 use x1024
+>0 string \x02\x05 1024b
+>>2 use x1024
+>0 string \x02\x15 1024b
+>>2 use x1024
+>0 string \x02\x00 1024b
+>>2 use x1024
+>0 string \x02\x10 1024b
+>>2 use x1024
+>0 string \x02\x04 1024b
+>>2 use x1024
+>0 string \x02\x06 1024b
+>>2 use x1024
+>0 string \x02\x16 1024b
+>>2 use x1024
+>0 string \x03\x98 2048b
+>>2 use x2048
+>0 string \x03\xab 2048b
+>>2 use x2048
+>0 string \x03\xbb 2048b
+>>2 use x2048
+>0 string \x03\xbd 2048b
+>>2 use x2048
+>0 string \x03\xcd 2048b
+>>2 use x2048
+>0 string \x03\xb3 2048b
+>>2 use x2048
+>0 string \x03\xc3 2048b
+>>2 use x2048
+>0 string \x03\xc5 2048b
+>>2 use x2048
+>0 string \x03\xd5 2048b
+>>2 use x2048
+>0 string \x03\xae 2048b
+>>2 use x2048
+>0 string \x03\xbe 2048b
+>>2 use x2048
+>0 string \x03\xc0 2048b
+>>2 use x2048
+>0 string \x03\xd0 2048b
+>>2 use x2048
+>0 string \x03\xb4 2048b
+>>2 use x2048
+>0 string \x03\xc4 2048b
+>>2 use x2048
+>0 string \x03\xc6 2048b
+>>2 use x2048
+>0 string \x03\xd6 2048b
+>>2 use x2048
+>0 string \x05X 3072b
+>>2 use x3072
+>0 string \x05k 3072b
+>>2 use x3072
+>0 string \x05{ 3072b
+>>2 use x3072
+>0 string \x05} 3072b
+>>2 use x3072
+>0 string \x05\x8d 3072b
+>>2 use x3072
+>0 string \x05s 3072b
+>>2 use x3072
+>0 string \x05\x83 3072b
+>>2 use x3072
+>0 string \x05\x85 3072b
+>>2 use x3072
+>0 string \x05\x95 3072b
+>>2 use x3072
+>0 string \x05n 3072b
+>>2 use x3072
+>0 string \x05\x7e 3072b
+>>2 use x3072
+>0 string \x05\x80 3072b
+>>2 use x3072
+>0 string \x05\x90 3072b
+>>2 use x3072
+>0 string \x05t 3072b
+>>2 use x3072
+>0 string \x05\x84 3072b
+>>2 use x3072
+>0 string \x05\x86 3072b
+>>2 use x3072
+>0 string \x05\x96 3072b
+>>2 use x3072
+>0 string \x07[ 4096b
+>>2 use x4096
+>0 string \x07\x18 4096b
+>>2 use x4096
+>0 string \x07+ 4096b
+>>2 use x4096
+>0 string \x07; 4096b
+>>2 use x4096
+>0 string \x07= 4096b
+>>2 use x4096
+>0 string \x07M 4096b
+>>2 use x4096
+>0 string \x073 4096b
+>>2 use x4096
+>0 string \x07C 4096b
+>>2 use x4096
+>0 string \x07E 4096b
+>>2 use x4096
+>0 string \x07U 4096b
+>>2 use x4096
+>0 string \x07. 4096b
+>>2 use x4096
+>0 string \x07> 4096b
+>>2 use x4096
+>0 string \x07@ 4096b
+>>2 use x4096
+>0 string \x07P 4096b
+>>2 use x4096
+>0 string \x074 4096b
+>>2 use x4096
+>0 string \x07D 4096b
+>>2 use x4096
+>0 string \x07F 4096b
+>>2 use x4096
+>0 string \x07V 4096b
+>>2 use x4096
+>0 string \x0e[ 8192b
+>>2 use x8192
+>0 string \x0e\x18 8192b
+>>2 use x8192
+>0 string \x0e+ 8192b
+>>2 use x8192
+>0 string \x0e; 8192b
+>>2 use x8192
+>0 string \x0e= 8192b
+>>2 use x8192
+>0 string \x0eM 8192b
+>>2 use x8192
+>0 string \x0e3 8192b
+>>2 use x8192
+>0 string \x0eC 8192b
+>>2 use x8192
+>0 string \x0eE 8192b
+>>2 use x8192
+>0 string \x0eU 8192b
+>>2 use x8192
+>0 string \x0e. 8192b
+>>2 use x8192
+>0 string \x0e> 8192b
+>>2 use x8192
+>0 string \x0e@ 8192b
+>>2 use x8192
+>0 string \x0eP 8192b
+>>2 use x8192
+>0 string \x0e4 8192b
+>>2 use x8192
+>0 string \x0eD 8192b
+>>2 use x8192
+>0 string \x0eF 8192b
+>>2 use x8192
+>0 string \x0eV 8192b
+>>2 use x8192
+
+# PGP RSA (e=65537) secret (sub-)key header
+
+0 byte 0x97 PGP Secret Sub-key -
+>1 use pgpkey
+0 byte 0x9d
+# Update: Joerg Jenderek
+# secret subkey packet (tag 7) with same structure as secret key packet (tag 5)
+# skip Fetus.Sys16 CALIBUS.MAIN OrbFix.Sys16.Ex by looking for positive len
+>1 ubeshort >0
+#>1 ubeshort x \b, body length %#x
+# next packet type often 88h,89h~(tag 2)~Signature Packet
+#>>(1.S+3) ubyte x \b, next packet type %#x
+# skip Dragon.SHR DEMO.INIT by looking for positive version
+>>3 ubyte >0
+# skip BUISSON.13 GUITAR1 by looking for low version number
+>>>3 ubyte <5 PGP Secret Sub-key
+# sub-key are normally part of secret key. So it does not occur as standalone file
+#!:ext bin
+# version 2,3~old 4~new . Comment following line for version 5.28 look
+>>>>3 ubyte x (v%d)
+>>>>3 ubyte x -
+# old versions 2 or 3 but no real example found
+>>>>3 ubyte <4
+# 2 byte for key bits in version 5.28 look
+>>>>>11 ubeshort x %db
+>>>>>4 beldate x created on %s -
+# old versions use 2 additional bytes after time stamp
+#>>>>>8 ubeshort x %#x
+# display key algorithm 1~RSA Encrypt|Sign - 21~Diffie-Hellman
+>>>>>10 use key_algo
+>>>>>(11.S/8) ubequad x
+# look after first key
+>>>>>>&5 use keyend
+# new version
+>>>>3 ubyte >3
+>>>>>9 ubeshort x %db
+>>>>>4 beldate x created on %s -
+# display key algorithm
+>>>>>8 use key_algo
+>>>>>(9.S/8) ubequad x
+# look after first key for something like s2k
+>>>>>>&3 use keyend
diff --git a/magic/Magdir/pgp-binary-keys b/magic/Magdir/pgp-binary-keys
new file mode 100644
index 0000000..1ce76d9
--- /dev/null
+++ b/magic/Magdir/pgp-binary-keys
@@ -0,0 +1,388 @@
+
+#------------------------------------------------------------------------------
+# $File: pgp-binary-keys,v 1.2 2021/04/26 15:56:00 christos Exp $
+# pgp-binary-keys: This file handles pgp binary keys.
+#
+# An PGP certificate or message doesn't have a fixed header. Instead,
+# they are sequences of packets:
+#
+# https://tools.ietf.org/html/rfc4880#section-4.3
+#
+# whose order conforms to a grammar:
+#
+# https://tools.ietf.org/html/rfc4880#section-11
+#
+# Happily most packets have a few fields that are constrained, which
+# allow us to fingerprint them with relatively high certainty.
+#
+# A PGP packet is described by a single byte: the so-called CTB. The
+# high-bit is always set. If bit 6 is set, then it is a so-called
+# new-style CTB; if bit 6 is clear, then it is a so-called old-style
+# CTB. Old-style CTBs have only four bits of type information; bits
+# 1-0 are used to describe the length. New-style CTBs have 6 bits of
+# type information.
+#
+# Following the CTB is the packet's length in bytes. If we blindly
+# advance the file cursor by this amount past the end of the length
+# information we come to the next packet.
+#
+# Data Structures
+# ===============
+#
+# New Style CTB
+# -------------
+#
+# https://tools.ietf.org/html/rfc4880#section-4.2.2
+#
+# 76543210
+# ||\----/
+# || tag
+# |always 1
+# always 1
+#
+# Tag bits 7 and 6 set
+# 0 0xC0 -- Reserved - a packet tag MUST NOT have this value
+# 1 0xC1 -- Public-Key Encrypted Session Key Packet
+# 2 0xC2 -- Signature Packet
+# 3 0xC3 -- Symmetric-Key Encrypted Session Key Packet
+# 4 0xC4 -- One-Pass Signature Packet
+# 5 0xC5 -- Secret-Key Packet
+# 6 0xC6 -- Public-Key Packet
+# 7 0xC7 -- Secret-Subkey Packet
+# 8 0xC8 -- Compressed Data Packet
+# 9 0xC9 -- Symmetrically Encrypted Data Packet
+# 10 0xCA -- Marker Packet
+# 11 0xCB -- Literal Data Packet
+# 12 0xCC -- Trust Packet
+# 13 0xCD -- User ID Packet
+# 14 0xCE -- Public-Subkey Packet
+# 17 0xD1 -- User Attribute Packet
+# 18 0xD2 -- Sym. Encrypted and Integrity Protected Data Packet
+# 19 0xD3 -- Modification Detection Code Packet
+# 60 to 63 -- Private or Experimental Values
+#
+# The CTB is followed by the length header, which is densely encoded:
+#
+# if length[0] is:
+# 0..191: one byte length (length[0])
+# 192..223: two byte length ((length[0] - 192) * 256 + length[2] + 192
+# 224..254: four byte length (big endian interpretation of length[1..5])
+# 255: partial body encoding
+#
+# The partial body encoding is similar to HTTP's chunk encoding. It
+# is only allowed for container packets (SEIP, Compressed Data and
+# Literal).
+#
+# Old Style CTB
+# -------------
+#
+# https://tools.ietf.org/html/rfc4880#section-4.2.1
+#
+# CTB:
+#
+# 76543210
+# ||\--/\/
+# || | length encoding
+# || tag
+# |always 0
+# always 1
+#
+# Tag:
+#
+# Tag bit 7 set, bits 6, 1, 0 clear
+# 0 0x80 -- Reserved - a packet tag MUST NOT have this value
+# 1 0x84 -- Public-Key Encrypted Session Key Packet
+# 2 0x88 -- Signature Packet
+# 3 0x8C -- Symmetric-Key Encrypted Session Key Packet
+# 4 0x90 -- One-Pass Signature Packet
+# 5 0x94 -- Secret-Key Packet
+# 6 0x98 -- Public-Key Packet
+# 7 0x9C -- Secret-Subkey Packet
+# 8 0xA0 -- Compressed Data Packet
+# 9 0xA4 -- Symmetrically Encrypted Data Packet
+# 10 0xA8 -- Marker Packet
+# 11 0xAC -- Literal Data Packet
+# 12 0xB0 -- Trust Packet
+# 13 0xB4 -- User ID Packet
+# 14 0xB8 -- Public-Subkey Packet
+#
+# Length encoding:
+#
+# Value
+# 0 1 byte length (following byte is the length)
+# 1 2 byte length (following two bytes are the length)
+# 2 4 byte length (following four bytes are the length)
+# 3 indeterminate length: natural end of packet, e.g., EOF
+#
+# An indeterminate length is only allowed for container packets
+# (SEIP, Compressed Data and Literal).
+#
+# Certificates
+# ------------
+#
+# We check the first three packets to determine if a sequence of
+# OpenPGP packets is likely to be a certificate. The grammar allows
+# the following prefixes:
+#
+# [Primary Key] [SIG] (EOF or another certificate)
+# [Primary Key] [SIG] [User ID] [SIG]...
+# [Primary Key] [SIG] [User Attribute] [SIG]...
+# [Primary Key] [SIG] [Subkey] [SIG]...
+# [Primary Key] [User ID] [SIG]...
+# [Primary Key] [User Attribute] [SIG]...
+# [Primary Key] [Subkey] [SIG]...
+#
+# Any number of marker packets are also allowed between each packet,
+# but they are not normally used and we don't currently check for
+# them.
+#
+# The keys and subkeys may be public or private.
+#
+
+# Key packets and signature packets are versioned. There are two
+# packet versions that we need to worry about in practice: v3 and v4.
+# v4 packets were introduced in RFC 2440, which was published in 1998.
+# It also deprecated v3 packets. There are no actively used v3
+# certificates (GnuPG removed the code to support them in November
+# 2014). But there are v3 keys lying around and it is useful to
+# identify them. The next version of OpenPGP will introduce v5 keys.
+# The document has not yet been standardized so changes are still
+# possible. But, for our purposes, it appears that v5 data structures
+# will be identical to v4 data structures modulo the version number.
+#
+# https://tools.ietf.org/html/rfc2440
+# https://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000358.html
+# https://www.ietf.org/id/draft-ietf-openpgp-rfc4880bis-09.html#name-key-material-packet
+
+
+
+
+# The first packet has to be a public key or a secret key.
+#
+# New-Style Public Key
+0 ubyte =0xC6 OpenPGP Public Key
+>&0 use primary_key_length_new
+# New-Style Secret Key
+0 ubyte =0xC5 OpenPGP Secret Key
+>&0 use primary_key_length_new
+# Old-Style Public Key
+0 ubyte&0xFC =0x98 OpenPGP Public Key
+>&-1 use primary_key_length_old
+# Old-Style Secret Key
+0 ubyte&0xFC =0x94 OpenPGP Secret Key
+>&-1 use primary_key_length_old
+
+# Parse the length, check the packet's body and finally advance to the
+# next packet.
+
+# There are 4 different new-style length encodings, but the partial
+# body encoding is only acceptable for the SEIP, Compressed Data, and
+# Literal packets, which isn't valid for any packets in a certificate
+# so we ignore it.
+0 name primary_key_length_new
+>&0 ubyte <192
+#>>&0 ubyte x (1 byte length encoding, %d bytes)
+>>&0 use pgp_binary_key_pk_check
+>>>&(&-1.B) use sig_or_component_1
+>&0 ubyte >191
+>>&-1 ubyte <225
+# offset = ((offset[0] - 192) << 8) + offset[1] + 192 (for the length header)
+# raw - (192 * 256 - 192)
+# = 48960
+#>>>&0 ubeshort x (2 byte length encoding, %d bytes)
+>>>&1 use pgp_binary_key_pk_check
+>>>>&(&-2.S-48960) use sig_or_component_1
+>&0 ubyte =255
+#>>&0 belong x (5 byte length encoding, %d bytes)
+>>&4 use pgp_binary_key_pk_check
+>>>&(&-4.L) use sig_or_component_1
+# Partial body encoding (only valid for container packets).
+# >&0 ubyte >224
+# >>&0 ubyte <255 partial body encoding
+
+# There are 4 different old-style length encodings, but the
+# indeterminate length encoding is only acceptable for the SEIP,
+# Compressed Data, and Literal packets, which isn't valid for any
+# packets in a certificate.
+0 name primary_key_length_old
+#>&0 ubyte x (ctb: %x)
+>&0 ubyte&0x3 =0
+#>>&0 ubyte x (1 byte length encoding, %d bytes)
+>>&1 use pgp_binary_key_pk_check
+>>>&(&-1.B) use sig_or_component_1
+>&0 ubyte&0x3 =1
+#>>&0 ubeshort x (2 byte length encoding, %d bytes)
+>>&2 use pgp_binary_key_pk_check
+>>>&(&-2.S) use sig_or_component_1
+>&0 ubyte&0x3 =2
+#>>&0 ubelong x (4 byte length encoding, %d bytes)
+>>&4 use pgp_binary_key_pk_check
+>>>&(&-4.L) use sig_or_component_1
+
+# Check the Key.
+#
+# https://tools.ietf.org/html/rfc4880#section-5.5.2
+0 name pgp_binary_key_pk_check
+# Valid versions are: 2, 3, 4. 5 is proposed in RFC 4880bis.
+# Anticipate a v6 / v7 format that like v5 is compatible with v4.
+# key format in a decade or so :D.
+>&0 ubyte >1
+>>&-1 ubyte <8
+>>>&-1 byte x Version %d
+# Check that keys were created after 1990.
+# (1990 - 1970) * 365.2524 * 24 * 60 * 60 = 631156147
+>>>&0 bedate >631156147 \b, Created %s
+>>>>&-5 ubyte >3
+>>>>>&4 use pgp_binary_key_algo
+>>>>&-5 ubyte <4
+>>>>>&6 use pgp_binary_key_algo
+
+# Print out the key's algorithm and the number of bits, if this is
+# relevant (ECC keys are a fixed size).
+0 name pgp_binary_key_algo
+>0 clear x
+>&0 ubyte =1 \b, RSA (Encrypt or Sign,
+>>&0 ubeshort x \b %d bits)
+>&0 ubyte =2 \b, RSA (Encrypt,
+>>&0 ubeshort x \b %d bits)
+>&0 ubyte =3 \b, RSA (Sign,
+>>&0 ubeshort x \b %d bits)
+>&0 ubyte =16 \b, El Gamal (Encrypt,
+>>&0 ubeshort x \b %d bits)
+>&0 ubyte =17 \b, DSA
+>>&0 ubeshort x \b (%d bits)
+>&0 ubyte =18 \b, ECDH
+>&0 ubyte =19 \b, ECDSA
+>&0 ubyte =20 \b, El Gamal (Encrypt or Sign,
+>>&0 ubeshort x \b %d bits)
+>&0 ubyte =22 \b, EdDSA
+>&0 default x
+>>&0 ubyte x \b, Unknown Algorithm (%#x)
+
+# Match all possible second packets.
+0 name sig_or_component_1
+#>0 ubyte x (ctb: %x)
+>&0 ubyte =0xC2
+>>0 ubyte x \b; Signature
+>>&0 use sig_or_component_1_length_new
+>&0 ubyte =0xCD
+>>0 ubyte x \b; User ID
+>>&0 use sig_or_component_1_length_new
+>&0 ubyte =0xCE
+>>0 ubyte x \b; Public Subkey
+>>&0 use sig_or_component_1_length_new
+>&0 ubyte =0xC7
+>>0 ubyte x \b; Secret Subkey
+>>&0 use sig_or_component_1_length_new
+>&0 ubyte =0xD1
+>>0 ubyte x \b; User Attribute
+>>&0 use sig_or_component_1_length_new
+>&0 ubyte&0xFC =0x88
+>>0 ubyte x \b; Signature
+>>&-1 use sig_or_component_1_length_old
+>&0 ubyte&0xFC =0xB4
+>>0 ubyte x \b; User ID
+>>&-1 use sig_or_component_1_length_old
+>&0 ubyte&0xFC =0xB8
+>>0 ubyte x \b; Public Subkey
+>>&-1 use sig_or_component_1_length_old
+>&0 ubyte&0xFC =0x9C
+>>0 ubyte x \b; Secret Subkey
+>>&-1 use sig_or_component_1_length_old
+
+# Copy of 'primary_key_length_new', but calls cert_packet_3.
+0 name sig_or_component_1_length_new
+>&0 ubyte <192
+#>>&0 ubyte x (1 byte new length encoding, %d bytes)
+>>&(&-1.B) use cert_packet_3
+>&0 ubyte >191
+>>&-1 ubyte <225
+# offset = ((offset[0] - 192) << 8) + offset[1] + 192 + 1 (for the length header)
+# raw - (192 * 256 - 192 - 1)
+# = 48959
+#>>>&-1 ubeshort x (2 byte new length encoding, %d bytes)
+>>>&(&-1.S-48959) use cert_packet_3
+>&0 ubyte =255
+#>>&0 belong x (5 byte new length encoding, %d bytes)
+>>&(&-4.L) use cert_packet_3
+# Partial body encoding (only valid for container packets).
+# >&0 ubyte >224
+# >>&0 ubyte <255 partial body encoding
+
+0 name sig_or_component_1_length_old
+#>&0 ubyte x (ctb: %x)
+>&0 ubyte&0x3 =0
+#>>&0 ubyte x (1 byte old length encoding, %d bytes)
+>>&(&0.B+1) use cert_packet_3
+>&0 ubyte&0x3 =1
+#>>&0 ubeshort x (2 byte old length encoding, %d bytes)
+>>&(&0.S+2) use cert_packet_3
+>&0 ubyte&0x3 =2
+#>>&0 ubelong x (4 byte old length encoding, %d bytes)
+>>&(&0.L+4) use cert_packet_3
+
+# Copy of above.
+0 name cert_packet_3
+#>0 ubyte x (ctb: %x)
+>&0 ubyte =0xC2
+>>0 ubyte x \b; Signature
+>>&0 use cert_packet_3_length_new
+>&0 ubyte =0xCD
+>>0 ubyte x \b; User ID
+>>&0 use cert_packet_3_length_new
+>&0 ubyte =0xCE
+>>0 ubyte x \b; Public Subkey
+>>&0 use cert_packet_3_length_new
+>&0 ubyte =0xC7
+>>0 ubyte x \b; Secret Subkey
+>>&0 use cert_packet_3_length_new
+>&0 ubyte =0xD1
+>>0 ubyte x \b; User Attribute
+>>&0 use cert_packet_3_length_new
+>&0 ubyte&0xFC =0x88
+>>0 ubyte x \b; Signature
+>>&-1 use cert_packet_3_length_old
+>&0 ubyte&0xFC =0xB4
+>>0 ubyte x \b; User ID
+>>&-1 use cert_packet_3_length_old
+>&0 ubyte&0xFC =0xB8
+>>0 ubyte x \b; Public Subkey
+>>&-1 use cert_packet_3_length_old
+>&0 ubyte&0xFC =0x9C
+>>0 ubyte x \b; Secret Subkey
+>>&-1 use cert_packet_3_length_old
+
+# Copy of above.
+0 name cert_packet_3_length_new
+>&0 ubyte <192
+#>>&0 ubyte x (1 byte new length encoding, %d bytes)
+>>&(&-1.B) use pgp_binary_keys_end
+>&0 ubyte >191
+>>&-1 ubyte <225
+# offset = ((offset[0] - 192) << 8) + offset[1] + 192 + 1 (for the length header)
+# raw - (192 * 256 - 192 - 1)
+# = 48959
+#>>>&-1 ubeshort x (2 byte new length encoding, %d bytes)
+>>>&(&-1.S-48959) use pgp_binary_keys_end
+>&0 ubyte =255
+#>>&0 belong x (5 byte new length encoding, %d bytes)
+>>&(&-4.L) use pgp_binary_keys_end
+
+0 name cert_packet_3_length_old
+#>&0 ubyte x (ctb: %x)
+>&0 ubyte&0x3 =0
+#>>&0 ubyte x (1 byte old length encoding, %d bytes)
+>>&(&0.B+1) use pgp_binary_keys_end
+>&0 ubyte&0x3 =1
+#>>&0 ubeshort x (2 byte old length encoding, %d bytes)
+>>&(&0.S+2) use pgp_binary_keys_end
+>&0 ubyte&0x3 =2
+#>>&0 ubelong x (4 byte old length encoding, %d bytes)
+>>&(&0.L+4) use pgp_binary_keys_end
+
+# We managed to parse the first three packets of the certificate. Declare
+# victory.
+0 name pgp_binary_keys_end
+>0 byte x \b; OpenPGP Certificate
+!:mime application/pgp-keys
+!:ext pgp/gpg/pkr/asd
diff --git a/magic/Magdir/pkgadd b/magic/Magdir/pkgadd
new file mode 100644
index 0000000..7dfb286
--- /dev/null
+++ b/magic/Magdir/pkgadd
@@ -0,0 +1,7 @@
+
+#------------------------------------------------------------------------------
+# $File: pkgadd,v 1.6 2009/09/19 16:28:11 christos Exp $
+# pkgadd: file(1) magic for SysV R4 PKG Datastreams
+#
+0 string #\ PaCkAgE\ DaTaStReAm pkg Datastream (SVR4)
+!:mime application/x-svr4-package
diff --git a/magic/Magdir/plan9 b/magic/Magdir/plan9
new file mode 100644
index 0000000..db06847
--- /dev/null
+++ b/magic/Magdir/plan9
@@ -0,0 +1,25 @@
+
+#------------------------------------------------------------------------------
+# $File: plan9,v 1.6 2021/07/30 12:25:13 christos Exp $
+# plan9: file(1) magic for AT&T Bell Labs' Plan 9 executables and object files
+# From: "Stefan A. Haubenthal" <polluks@web.de>
+#
+0 belong 0x00000107 Plan 9 executable, Motorola 68k
+0 belong 0x00000197 Plan 9 executable, AT&T Hobbit
+0 belong 0x000001EB Plan 9 executable, Intel 386
+0 belong 0x00000247 Plan 9 executable, Intel 960
+0 belong 0x000002AB Plan 9 executable, SPARC
+0 belong 0x00000407 Plan 9 executable, MIPS R3000
+0 belong 0x0000048B Plan 9 executable, AT&T DSP 3210
+0 belong 0x00000517 Plan 9 executable, MIPS R4000 BE
+0 belong 0x000005AB Plan 9 executable, AMD 29000
+0 belong 0x00000647 Plan 9 executable, ARM 7-something
+0 belong 0x000006EB Plan 9 executable, PowerPC
+0 belong 0x00000797 Plan 9 executable, MIPS R4000 LE
+0 belong 0x0000084B Plan 9 executable, DEC Alpha
+
+0 belong 0x3A11013C Plan 9 object file, MIPS R3000
+0 belong 0x430D013C Plan 9 object file, AT&T Hobbit
+0 belong 0x4D013201 Plan 9 object file, Motorola 68k
+0 belong 0x7410013C Plan 9 object file, SPARC
+0 belong 0x7E004501 Plan 9 object file, Intel 386
diff --git a/magic/Magdir/playdate b/magic/Magdir/playdate
new file mode 100644
index 0000000..77f8c68
--- /dev/null
+++ b/magic/Magdir/playdate
@@ -0,0 +1,57 @@
+
+#------------------------------------------------------------------------------
+# $File: playdate,v 1.1 2022/11/04 13:34:48 christos Exp $
+#
+# Various native file formats for the Playdate portable video game console.
+#
+# These are unofficially documented at
+# https://github.com/jaames/playdate-reverse-engineering
+#
+# The SDK is a source for many test files, and can be used to
+# create others. https://play.date/dev/
+
+
+# pdi: static image
+0 string Playdate\ IMG Playdate image data
+>12 belong&0x80 0x80 (compressed)
+>>20 lelong x %d x
+>>24 lelong x %d
+>12 belong&0x80 0x00 (uncompressed)
+>>16 leshort x %d x
+>>18 leshort x %d
+
+# pdt: multiple static images
+0 string Playdate\ IMT Playdate image data set
+>12 belong&0x80 0x80 (compressed)
+>>20 lelong x %d x
+>>24 lelong x %d,
+>>28 lelong x %d cells
+>12 belong&0x80 0x00 (uncompressed)
+>>20 lelong x tile grid %d x
+>>24 lelong x %d
+
+# pds: string tables
+0 string Playdate\ STR Playdate localization strings
+>12 belong&0x80 0x80 (compressed)
+>12 belong&0x80 0x00 (uncompressed)
+
+# pda: audio
+0 string Playdate\ AUD Playdate audio file
+>12 lelong&0xffffff x %d Hz,
+>15 byte 0 unsigned, 8-bit PCM, 1 channel
+>15 byte 1 unsigned, 8-bit PCM, 2 channel
+>15 byte 2 signed, 16-bit little-endian PCM, 1 channel
+>15 byte 3 signed, 16-bit little-endian PCM, 1 channel
+>15 byte 4 4-bit ADPCM, 1 channel
+>15 byte 5 4-bit ADPCM, 2 channel
+
+# pda: video
+0 string Playdate\ VID Playdate video file
+>24 leshort x %d x
+>26 leshort x %d,
+>16 leshort x %d frames,
+>20 lefloat x %.2f FPS
+
+# pdz: executable package
+# Not a lot we can do, as it's a stream of entries with no summary information.
+0 string Playdate\ PDZ Playdate executable package
diff --git a/magic/Magdir/plus5 b/magic/Magdir/plus5
new file mode 100644
index 0000000..795cca1
--- /dev/null
+++ b/magic/Magdir/plus5
@@ -0,0 +1,18 @@
+
+#------------------------------------------------------------------------------
+# $File: plus5,v 1.6 2009/09/19 16:28:11 christos Exp $
+# plus5: file(1) magic for Plus Five's UNIX MUMPS
+#
+# XXX - byte order? Paging Hokey....
+#
+0 short 0x259 mumps avl global
+>2 byte >0 (V%d)
+>6 byte >0 with %d byte name
+>7 byte >0 and %d byte data cells
+0 short 0x25a mumps blt global
+>2 byte >0 (V%d)
+>8 short >0 - %d byte blocks
+>15 byte 0x00 - P/D format
+>15 byte 0x01 - P/K/D format
+>15 byte 0x02 - K/D format
+>15 byte >0x02 - Bad Flags
diff --git a/magic/Magdir/pmem b/magic/Magdir/pmem
new file mode 100644
index 0000000..c0ead73
--- /dev/null
+++ b/magic/Magdir/pmem
@@ -0,0 +1,46 @@
+
+#------------------------------------------------------------------------------
+# $File: pmem,v 1.4 2021/04/26 15:56:00 christos Exp $
+# pmem: file(1) magic for Persistent Memory Development Kit pool files
+#
+0 string PMEM
+>4 string POOLSET Persistent Memory Poolset file
+>>11 search REPLICA with replica
+>4 regex LOG|BLK|OBJ Persistent Memory Pool file, type: %s,
+>>8 lelong >0 version: %#x,
+>>12 lelong x compat: %#x,
+>>16 lelong x incompat: %#x,
+>>20 lelong x ro_compat: %#x,
+
+
+>>120 leqldate x crtime: %s,
+>>128 lequad x alignment_desc: %#016llx,
+
+>>136 clear x
+>>136 byte 2 machine_class: 64-bit,
+>>136 default x machine_class: unknown
+>>>136 byte x (%#d),
+
+>>137 clear x
+>>137 byte 1 data: little-endian,
+>>137 byte 2 data: big-endian,
+>>137 default x data: unknown
+>>>137 byte x (%#d),
+
+>>138 byte !0 reserved[0]: %d,
+>>139 byte !0 reserved[1]: %d,
+>>140 byte !0 reserved[2]: %d,
+>>141 byte !0 reserved[3]: %d,
+
+>>142 clear x
+>>142 leshort 62 machine: x86_64
+>>142 leshort 183 machine: aarch64
+>>142 default x machine: unknown
+>>>142 leshort x (%#d)
+
+>4 string BLK
+>>4096 lelong x \b, blk.bsize: %d
+
+>4 string OBJ
+>>4096 string >0 \b, obj.layout: '%s'
+>>4096 string <0 \b, obj.layout: NULL
diff --git a/magic/Magdir/polyml b/magic/Magdir/polyml
new file mode 100644
index 0000000..1cc0109
--- /dev/null
+++ b/magic/Magdir/polyml
@@ -0,0 +1,23 @@
+
+#------------------------------------------------------------------------------
+# $File: polyml,v 1.2 2019/04/19 00:42:27 christos Exp $
+# polyml: file(1) magic for PolyML
+#
+# PolyML
+# MPEG, FLI, DL originally from vax@ccwf.cc.utexas.edu (VaX#n8)
+# FLC, SGI, Apple originally from Daniel Quinlan (quinlan@yggdrasil.com)
+
+# [0]: https://www.polyml.org/
+# [1]: https://github.com/polyml/polyml/blob/master/\
+# libpolyml/savestate.cpp#L146-L147
+# [2]: https://github.com/polyml/polyml/blob/master/\
+# libpolyml/savestate.cpp#L1262-L1263
+
+# Type: Poly/ML saved data
+# From: Matthew Fernandez <matthew.fernandez@gmail.com>
+
+0 string POLYSAVE Poly/ML saved state
+>8 long x version %u
+
+0 string POLYMODU Poly/ML saved module
+>8 long x version %u
diff --git a/magic/Magdir/printer b/magic/Magdir/printer
new file mode 100644
index 0000000..b45a202
--- /dev/null
+++ b/magic/Magdir/printer
@@ -0,0 +1,278 @@
+
+#------------------------------------------------------------------------------
+# $File: printer,v 1.34 2023/06/16 19:27:12 christos Exp $
+# printer: file(1) magic for printer-formatted files
+#
+
+# PostScript, updated by Daniel Quinlan (quinlan@yggdrasil.com)
+0 string %! PostScript document text
+!:mime application/postscript
+!:apple ASPSTEXT
+>2 string PS-Adobe- conforming
+>>11 string >\0 DSC level %.3s
+>>>15 string EPS \b, type %s
+>>>15 string Query \b, type %s
+>>>15 string ExitServer \b, type %s
+>>>15 search/1000 %%LanguageLevel:\040
+>>>>&0 string >\0 \b, Level %s
+# Some PCs have the annoying habit of adding a ^D as a document separator
+0 string \004%! PostScript document text
+!:mime application/postscript
+!:apple ASPSTEXT
+>3 string PS-Adobe- conforming
+>>12 string >\0 DSC level %.3s
+>>>16 string EPS \b, type %s
+>>>16 string Query \b, type %s
+>>>16 string ExitServer \b, type %s
+>>>16 search/1000 %%LanguageLevel:\040
+>>>>&0 string >\0 \b, Level %s
+0 string \033%-12345X%!PS PostScript document
+
+# DOS EPS Binary File Header
+# From: Ed Sznyter <ews@Black.Market.NET>
+# Update: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/Encapsulated_PostScript
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/eps-adobe.trid.xml
+# Note: called "Encapsulated PostScript binary" by TrID and
+# verified partly by ImageMagick `identify -verbose *` as EPT (Encapsulated PostScript with TIFF preview)
+0 belong 0xC5D0D3C6
+# skip DROID fmt-122-signature-id-174.eps fmt-123-signature-id-178.eps fmt-124-signature-id-180.eps
+# by looking for content after header
+# GRR: in version 5.44 unequal and not endian variant not working!
+>32 ulelong >0 DOS EPS Binary File
+!:mime image/x-eps
+# TODO: check that "long" is false on big endian machines
+# Postscript often (850/857) comes after header; so values like: 30 32 or 2788 10644 43350 71828
+>>4 long >0 at byte %d
+# 1 space char after length value to get phrase like "length 263893 PostScript document text"
+>>>8 long >0 length %d
+# PostScript document text handled by ./printer
+>>>>(4.l) indirect x
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/e/eps-wmf.trid.xml
+# Note: called "Encapsulated PostScript binary (with WMF preview)" by TrID
+# verified partly by XnView `nconvert -info *.EP?` as TIFF epsp
+>>>>12 long >0 at byte %d
+!:ext eps
+# GRR: in file version 5.44 calling indirect of ./msdos produce phrase like "length 452\012- Windows metafile"
+>>>>16 long >0 length %d
+# Windows metafile data handled by ./msdos
+>>>>>(12.l) indirect x
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/e/eps-tiff.trid.xml
+# Note: called "Encapsulated PostScript binary (with TIFF preview)" by TrID
+>>>>20 long >0 at byte %d
+# For the variant with the TIFF preview image sometimes the file extension ept is used
+!:ext eps/ept
+# GRR: in file version 5.44 calling indirect of ./images produce phrase like "length 43320\012- TIFF image data,"
+>>>>>24 long >0 length %d
+# TIFF image data handled by ./images
+>>>>>>(20.l) indirect x
+
+# Summary: Adobe's PostScript Printer Description File
+# Extension: .ppd
+# Reference: https://partners.adobe.com/public/developer/en/ps/5003.PPD_Spec_v4.3.pdf, Section 3.8
+# Submitted by: Yves Arrouye <arrouye@marin.fdn.fr>
+#
+0 string *PPD-Adobe:\x20 PPD file
+>&0 string x \b, version %s
+!:ext ppd
+!:mime application/vnd.cups-ppd
+
+# HP Printer Job Language
+0 string \033%-12345X@PJL HP Printer Job Language data
+# HP Printer Job Language
+# The header found on Win95 HP plot files is the "Silliest Thing possible"
+# (TM)
+# Every driver puts the language at some random position, with random case
+# (LANGUAGE and Language)
+# For example the LaserJet 5L driver puts the "PJL ENTER LANGUAGE" in line 10
+# From: Uwe Bonnes <bon@elektron.ikp.physik.th-darmstadt.de>
+#
+0 string \033%-12345X@PJL HP Printer Job Language data
+>&0 string >\0 %s
+>>&0 string >\0 %s
+>>>&0 string >\0 %s
+>>>>&0 string >\0 %s
+#>15 string \ ENTER\ LANGUAGE\ =
+#>31 string PostScript PostScript
+
+# From: Stefan Thurner <thurners@nicsys.de>
+0 string \033%-12345X@PJL
+>&0 search/10000 %! PJL encapsulated PostScript document text
+
+# Rick Richardson <rickrich@gmail.com>
+
+# For Fuji-Xerox Printers - HBPL stands for Host Based Printer Language
+# For Oki Data Printers - HIPERC
+# For Konica Minolta Printers - LAVAFLOW
+# For Samsung Printers - QPDL
+# For HP Printers - ZJS stands for Zenographics ZJStream
+0 string \033%-12345X@PJL HP Printer Job Language data
+>0 search/10000 @PJL\ ENTER\ LANGUAGE=HBPL - HBPL
+>0 search/10000 @PJL\ ENTER\ LANGUAGE=HIPERC - Oki Data HIPERC
+>0 search/10000 @PJL\ ENTER\ LANGUAGE=LAVAFLOW - Konica Minolta LAVAFLOW
+>0 search/10000 @PJL\ ENTER\ LANGUAGE=QPDL - Samsung QPDL
+>0 search/10000 @PJL\ ENTER\ LANGUAGE\ =\ QPDL - Samsung QPDL
+>0 search/10000 @PJL\ ENTER\ LANGUAGE=ZJS - HP ZJS
+# Summary: Hewlett-Packard printer firmware update
+# From: Joerg Jenderek
+# URL: https://support.hp.com/us-en/drivers/selfservice/hp-envy-6000e-all-in-one-printer-series/2100187505/model/2100187513
+# Note: firmware update tested with ENVY 6000 All-in-One Printer
+0 string @PJL\ ENTER\ LANGUAGE=FWUPDATE2 HP Printer firmware update
+#!:mime application/octet-stream
+#!:mime application/x-hp-firmware
+# https://ftp.hp.com/pub/softlib/software13/printers/en6000/2214/EN6000_2214B.exe
+# vasari_base_dist_pp1_001.2214B_nonassert_appsigned_lbi_rootfs_secure_signed.ful2
+!:ext ful2
+
+# HP Printer Control Language, Daniel Quinlan (quinlan@yggdrasil.com)
+0 string \033E\033 HP PCL printer data
+>3 string \&l0A - default page size
+>3 string \&l1A - US executive page size
+>3 string \&l2A - US letter page size
+>3 string \&l3A - US legal page size
+>3 string \&l26A - A4 page size
+>3 string \&l80A - Monarch envelope size
+>3 string \&l81A - No. 10 envelope size
+>3 string \&l90A - Intl. DL envelope size
+>3 string \&l91A - Intl. C5 envelope size
+>3 string \&l100A - Intl. B5 envelope size
+>3 string \&l-81A - No. 10 envelope size (landscape)
+>3 string \&l-90A - Intl. DL envelope size (landscape)
+
+# IMAGEN printer-ready files:
+0 string @document( Imagen printer
+# this only works if "language xxx" is first item in Imagen header.
+>10 string language\ impress (imPRESS data)
+>10 string language\ daisy (daisywheel text)
+>10 string language\ diablo (daisywheel text)
+>10 string language\ printer (line printer emulation)
+>10 string language\ tektronix (Tektronix 4014 emulation)
+# Add any other languages that your Imagen uses - remember
+# to keep the word `text' if the file is human-readable.
+# [GRR 950115: missing "postscript" or "ultrascript" (whatever it was called)]
+#
+# Now magic for IMAGEN font files...
+0 string Rast RST-format raster font data
+>45 string >0 face %s
+# From Jukka Ukkonen
+0 string \033[K\002\0\0\017\033(a\001\0\001\033(g Canon Bubble Jet BJC formatted data
+
+# From <mike@flyn.org>
+# These are the /etc/magic entries to decode data sent to an Epson printer.
+0 string \x1B\x40\x1B\x28\x52\x08\x00\x00REMOTE1P Epson Stylus Color 460 data
+
+
+#------------------------------------------------------------------------------
+# zenographics: file(1) magic for Zenographics ZjStream printer data
+# Rick Richardson <rickrich@gmail.com>
+0 string JZJZ
+>0x12 string ZZ Zenographics ZjStream printer data (big-endian)
+0 string ZJZJ
+>0x12 string ZZ Zenographics ZjStream printer data (little-endian)
+
+
+#------------------------------------------------------------------------------
+# Oak Technologies printer stream
+# Rick Richardson <rickrich@gmail.com>
+0 string OAK
+>0x07 byte 0
+>0x0b byte 0 Oak Technologies printer stream
+
+# This would otherwise be recognized as PostScript - nick@debian.org
+0 string %!VMF SunClock's Vector Map Format data
+
+#------------------------------------------------------------------------------
+# HP LaserJet 1000 series downloadable firmware file
+0 string \xbe\xefABCDEFGH HP LaserJet 1000 series downloadable firmware
+
+# From: Paolo <oopla@users.sf.net>
+# Epson ESC/Page, ESC/PageColor
+0 string \x1b\x01@EJL Epson ESC/Page language printer data
+
+# Summary: Hewlett-Packard Graphics Language
+# From: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/HP-GL
+# https://en.wikipedia.org/wiki/HPGL
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/h/hpg.trid.xml
+# Note: called "Hewlett-Packard Graphics Language" by TrID and
+# "Hewlett Packard Graphics Language" by DROID via PUID x-fmt/293 and
+# HPGL by XnView command `nconvert -info *`
+# initialize, start a plotting job
+0 string IN;
+>0 use hpgl
+# fill.plt
+0 string INPS
+>0 use hpgl
+# http://ftp.funet.fi/index/graphics/packages/hpgl2ps/hpgl2ps.tar.Z/hpgl2ps/test1.hpgl
+0 string DF;
+>0 use hpgl
+# http://ftp.funet.fi/index/graphics/packages/hpgl2ps/hpgl2ps.tar.Z/hpgl2ps/test3.hpgl
+# Select Pen n; If no pen number or 0, the controller performs an end of file command; n in range between -32767 and 32768 like: 6
+0 string SP
+# skip text Linux-syscall-note inside qemu sources starting with SPDX-Exception-Identifier: Linux-syscall-note
+# by checking for valid Pen number
+>2 regex \^([0-9]{1,5})
+#>2 regex \^([0-9]{1,5}) PEN_NUMBER=%s
+>>0 use hpgl
+# charsize.hp pages.hp set the scaling points (P1 and P2) to their default positions
+0 string IP0
+>0 use hpgl
+# ci.hp
+0 string CO\040
+>0 use hpgl
+# iw.hp 286x192.5_lh.hpg 286x192.5_lq.hpg
+0 string PS\040
+>0 use hpgl
+# thick.hp
+0 string PS9
+>0 use hpgl
+# ul.hp
+0 string PS4
+>0 use hpgl
+# la.hp
+0 string BP
+>0 use hpgl
+# miter.hp
+# Plot Absolute x,y{,x,y{...}}; x and y in range between -32767 and 32768 like: PA4000,3000;
+0 string PA
+# skip shell scripts test_msa_run_32r5eb.sh test_msa_run_32r5eb.sh with variable PATH_TO_QEMU
+# by checking for valid x coordinate
+>2 regex \^([-]{0,1}[0-9]{1,5})
+#>2 regex \^([-]{0,1}[0-9]{1,5}) COORDINATE=%s
+>>0 use hpgl
+# pw.hpg number of pens x
+0 string NP
+>0 use hpgl
+# win_1.hp
+#0 string \003INCA WHAT_IS_THAT
+#>0 use hpgl
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/h/hpgl2.trid.xml
+# Note: called "Hewlett-Packard Graphics Language 2" by TrID
+0 string \033%-1B Hewlett-Packard Graphics Language 2
+!:mime application/vnd.hp-HPGL
+# like: dt.plt
+!:ext plt
+#!:ext plt/gl2/hpg2/spl
+# remaining part after escsape sequnce
+>5 string x with "%-.10s"
+# display Hewlett-Packard Graphics Language vector graphic information
+0 name hpgl
+>0 string x Hewlett-Packard Graphics Language
+#!:mime vector/x-hpgl
+# https://www.iana.org/assignments/media-types/application/vnd.hp-HPGL
+!:mime application/vnd.hp-HPGL
+# no example with HPL suffix found
+!:ext hpgl/hpg/hp/plt
+# like: "IN;" "DF;IN;LT;PU1000,1000;PD2000,10" "SP6;DI0,1;SR0.70,1.90;SC0,800,"
+# "CO Concentric circles drawn with different linewidths;"
+>0 string x \b, starting with "%-.54s"
+# continue but not for 1 long line without CR or LF
+>>&0 ubyte <0x0E
+#>>&0 ubyte <0x0E TERMINATOR=%x
+# second line after 1 terminator character
+>>>&0 string >\r with "%-.10s"
+# next character again CR or LF
+>>>&0 ubyte <0x0E
+#>>>&0 ubyte <0x0E 2ND_CHARACTER=%x
+# second line after 2 terminator characters
+>>>>&0 string >\r with "%-.10s"
diff --git a/magic/Magdir/project b/magic/Magdir/project
new file mode 100644
index 0000000..9180b57
--- /dev/null
+++ b/magic/Magdir/project
@@ -0,0 +1,10 @@
+
+#------------------------------------------------------------------------------
+# $File: project,v 1.5 2017/03/17 21:35:28 christos Exp $
+# project: file(1) magic for Project management
+#
+# Magic strings for ftnchek project files. Alexander Mai
+0 string FTNCHEK_\ P project file for ftnchek
+>10 string 1 version 2.7
+>10 string 2 version 2.8 to 2.10
+>10 string 3 version 2.11 or later
diff --git a/magic/Magdir/psdbms b/magic/Magdir/psdbms
new file mode 100644
index 0000000..3eec965
--- /dev/null
+++ b/magic/Magdir/psdbms
@@ -0,0 +1,14 @@
+
+#------------------------------------------------------------------------------
+# $File: psdbms,v 1.8 2017/03/17 21:35:28 christos Exp $
+# psdbms: file(1) magic for psdatabase
+#
+# Update: Joerg Jenderek
+# GRR: line below too general as it catches also some Panorama database *.pan ,
+# AppleWorks word processor
+0 belong&0xff00ffff 0x56000000
+# assume version starts with digit
+>1 regex/s =^[0-9] ps database
+>>1 string >\0 version %s
+# kernel name
+>>4 string >\0 from kernel %s
diff --git a/magic/Magdir/psl b/magic/Magdir/psl
new file mode 100644
index 0000000..0296540
--- /dev/null
+++ b/magic/Magdir/psl
@@ -0,0 +1,14 @@
+
+#------------------------------------------------------------------------------
+# $File: psl,v 1.3 2019/04/19 00:42:27 christos Exp $
+# psl: file(1) magic for Public Suffix List representations
+# From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+# URL: https://publicsuffix.org
+# see also: https://thread.gmane.org/gmane.network.dns.libpsl.bugs/162/focus=166
+
+0 search/512 \n\n//\ ===BEGIN\ ICANN\ DOMAINS===\n\n Public Suffix List data
+
+0 string .DAFSA@PSL_
+>15 string \n Public Suffix List data (optimized)
+>>11 byte >0x2f
+>>>11 byte <0x3a (Version %c)
diff --git a/magic/Magdir/pulsar b/magic/Magdir/pulsar
new file mode 100644
index 0000000..7cb6f18
--- /dev/null
+++ b/magic/Magdir/pulsar
@@ -0,0 +1,13 @@
+
+#------------------------------------------------------------------------------
+# $File: pulsar,v 1.5 2009/09/19 16:28:12 christos Exp $
+# pulsar: file(1) magic for Pulsar POP3 daemon binary files
+#
+# http://pulsar.sourceforge.net
+# mailto:rok.papez@lugos.si
+#
+
+0 belong 0x1ee7f11e Pulsar POP3 daemon mailbox cache file.
+>4 ubelong x Version: %d.
+>8 ubelong x \b%d
+
diff --git a/magic/Magdir/puzzle b/magic/Magdir/puzzle
new file mode 100644
index 0000000..ac983f3
--- /dev/null
+++ b/magic/Magdir/puzzle
@@ -0,0 +1,17 @@
+
+#------------------------------------------------------------------------------
+# $File: puzzle,v 1.2 2021/10/07 15:40:40 christos Exp $
+# wsdl: Magic for various puzzles
+
+# PUZ crossword puzzles from Alan De Smet
+# Test files can be found at
+# https://theworld.com/~wij/puzzles/wij-themed.html or using the
+# "Universal" or "WS Journal" links on the right side of
+# https://www.cruciverb.com/ .
+
+2 string ACROSS&DOWN PUZ crossword puzzle
+>0x2c byte x %d x
+>0x2d byte x %d,
+>0x2e leshort x %d clues,
+>0x1e leshort 0x0000 plain text solution
+>0x1e leshort !0x0000 scrambled solution
diff --git a/magic/Magdir/pwsafe b/magic/Magdir/pwsafe
new file mode 100644
index 0000000..549093f
--- /dev/null
+++ b/magic/Magdir/pwsafe
@@ -0,0 +1,14 @@
+
+#------------------------------------------------------------------------------
+# $File: pwsafe,v 1.2 2019/04/19 00:42:27 christos Exp $
+# pwsafe: file(1) magic for passwordsafe file
+#
+# Password Safe
+# http://passwordsafe.sourceforge.net/
+# file format specs
+# https://passwordsafe.svn.sourceforge.net/viewvc/passwordsafe/trunk/pwsafe/pwsafe/docs/formatV3.txt
+# V2 https://passwordsafe.svn.sourceforge.net/viewvc/passwordsafe/trunk/pwsafe/pwsafe/docs/formatV2.txt
+# V1 https://passwordsafe.svn.sourceforge.net/viewvc/passwordsafe/trunk/pwsafe/pwsafe/docs/notes.txt
+# V2 and V1 have no easy identifier that I can find
+# .psafe3
+0 string PWS3 Password Safe V3 database
diff --git a/magic/Magdir/pyramid b/magic/Magdir/pyramid
new file mode 100644
index 0000000..ee47c80
--- /dev/null
+++ b/magic/Magdir/pyramid
@@ -0,0 +1,12 @@
+
+#------------------------------------------------------------------------------
+# $File: pyramid,v 1.7 2009/09/19 16:28:12 christos Exp $
+# pyramid: file(1) magic for Pyramids
+#
+# XXX - byte order?
+#
+0 long 0x50900107 Pyramid 90x family executable
+0 long 0x50900108 Pyramid 90x family pure executable
+>16 long >0 not stripped
+0 long 0x5090010b Pyramid 90x family demand paged pure executable
+>16 long >0 not stripped
diff --git a/magic/Magdir/python b/magic/Magdir/python
new file mode 100644
index 0000000..00d90d1
--- /dev/null
+++ b/magic/Magdir/python
@@ -0,0 +1,305 @@
+
+#------------------------------------------------------------------------------
+# $File: python,v 1.45 2022/07/24 23:59:37 christos Exp $
+# python: file(1) magic for python
+#
+# Outlook puts """ too for urgent messages
+# From: David Necas <yeti@physics.muni.cz>
+# often the module starts with a multiline string
+0 string/t """ Python script text executable
+# MAGIC as specified in Python/import.c (1.0 to 3.7)
+# and in Lib/importlib/_bootstrap_external.py (3.5+)
+# two bytes of magic followed by "\r\n" in little endian order
+0 belong 0x02099900 python 1.0 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x03099900 python 1.1/1.2 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x892e0d0a python 1.3 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x04170d0a python 1.4 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x994e0d0a python 1.5 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0xfcc40d0a python 1.6 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0xfdc40d0a python 1.6 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x87c60d0a python 2.0 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x88c60d0a python 2.0 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x2aeb0d0a python 2.1 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x2beb0d0a python 2.1 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x2ded0d0a python 2.2 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x2eed0d0a python 2.2 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x3bf20d0a python 2.3 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x3cf20d0a python 2.3 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x45f20d0a python 2.3 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x59f20d0a python 2.4 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x63f20d0a python 2.4 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x6df20d0a python 2.4 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x6ef20d0a python 2.4 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x77f20d0a python 2.5 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x81f20d0a python 2.5 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x8bf20d0a python 2.5 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x8cf20d0a python 2.5 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x95f20d0a python 2.5 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x9ff20d0a python 2.5 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0xa9f20d0a python 2.5 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0xb3f20d0a python 2.5 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0xb4f20d0a python 2.5 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0xc7f20d0a python 2.6 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0xd1f20d0a python 2.6 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0xd2f20d0a python 2.6 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0xdbf20d0a python 2.7 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0xe5f20d0a python 2.7 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0xeff20d0a python 2.7 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0xf9f20d0a python 2.7 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x03f30d0a python 2.7 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x04f30d0a python 2.7 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x0af30d0a PyPy2.7 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0xb80b0d0a python 3.0 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0xc20b0d0a python 3.0 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0xcc0b0d0a python 3.0 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0xd60b0d0a python 3.0 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0xe00b0d0a python 3.0 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0xea0b0d0a python 3.0 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0xf40b0d0a python 3.0 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0xf50b0d0a python 3.0 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0xff0b0d0a python 3.0 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x090c0d0a python 3.0 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x130c0d0a python 3.0 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x1d0c0d0a python 3.0 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x1f0c0d0a python 3.0 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x270c0d0a python 3.0 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x3b0c0d0a python 3.0 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x450c0d0a python 3.1 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x4f0c0d0a python 3.1 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x580c0d0a python 3.2 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x620c0d0a python 3.2 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x6c0c0d0a python 3.2 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x760c0d0a python 3.3 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x800c0d0a python 3.3 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x8a0c0d0a python 3.3 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x940c0d0a python 3.3 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x9e0c0d0a python 3.3 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0xb20c0d0a python 3.4 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0xbc0c0d0a python 3.4 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0xc60c0d0a python 3.4 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0xd00c0d0a python 3.4 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0xda0c0d0a python 3.4 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0xe40c0d0a python 3.4 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0xee0c0d0a python 3.4 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0xf80c0d0a python 3.5.1- byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x020d0d0a python 3.5.1- byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x0c0d0d0a python 3.5.1- byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x160d0d0a python 3.5.1- byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x170d0d0a python 3.5.2+ byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x200d0d0a python 3.6 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x210d0d0a python 3.6 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x2a0d0d0a python 3.6 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x2b0d0d0a python 3.6 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x2c0d0d0a python 3.6 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x2d0d0d0a python 3.6 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x2f0d0d0a python 3.6 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x300d0d0a python 3.6 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x310d0d0a python 3.6 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x320d0d0a python 3.6 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x330d0d0a python 3.6 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x3e0d0d0a python 3.7 byte-compiled
+!:mime application/x-bytecode.python
+0 belong 0x3f0d0d0a python 3.7 byte-compiled
+!:mime application/x-bytecode.python
+
+# magic 3392+ implements PEP 552: Deterministic pycs
+0 name pyc-pep552
+# the flag field determines how .pyc validity is checked
+>4 ulelong&1 0 timestamp-based,
+>>8 uledate x .py timestamp: %s UTC,
+>>12 ulelong x .py size: %d bytes
+>4 ulelong&1 !0 hash-based, check-source flag
+>>4 ulelong&2 0 unset,
+>>4 ulelong&2 !0 set,
+>>8 ulequad x hash: 0x%llx
+
+# uleshort magic followed by \x0d\0xa
+2 string \x0d\x0a
+# extra check: only two bits of flag field are currently used
+>4 ulelong <0x4
+# \x0d as part of magic should suffice till Python 3.14 (magic 3600)
+>>1 ubyte 0x0d Byte-compiled Python module for
+!:mime application/x-bytecode.python
+# now look at the magic number to determine the version
+>>>0 uleshort <3400 CPython 3.7,
+>>>0 default x
+>>>>0 uleshort <3420 CPython 3.8,
+>>>>0 default x
+>>>>>0 uleshort <3430 CPython 3.9,
+>>>>>0 default x
+>>>>>>0 uleshort <3450 CPython 3.10,
+>>>>>>0 default x
+>>>>>>>0 uleshort <3500 CPython 3.11,
+>>>>>>>0 default x CPython 3.12 or newer,
+>>>0 use pyc-pep552
+>>0 uleshort 240 Byte-compiled Python module for PyPy3.7,
+!:mime application/x-bytecode.python
+>>>0 use pyc-pep552
+>>0 uleshort 256 Byte-compiled Python module for PyPy3.8,
+!:mime application/x-bytecode.python
+>>>0 use pyc-pep552
+>>0 uleshort 336 Byte-compiled Python module for PyPy3.9,
+!:mime application/x-bytecode.python
+>>>0 use pyc-pep552
+
+0 search/1/w #!\040/usr/bin/python Python script text executable
+!:strength + 15
+!:mime text/x-script.python
+0 search/1/w #!\040/usr/local/bin/python Python script text executable
+!:strength + 15
+!:mime text/x-script.python
+0 search/10/w #!\040/usr/bin/env\040python Python script text executable
+!:strength + 15
+!:mime text/x-script.python
+
+
+# from module.submodule import func1, func2
+0 search/8192 import
+>0 regex \^from[\040\t]+([A-Za-z0-9_]|\\.)+[\040\t]+import.*$ Python script text executable
+!:strength + 15
+!:mime text/x-script.python
+
+# def __init__ (self, ...):
+0 search/4096 def\ __init__
+>&0 search/64 self Python script text executable
+!:strength + 15
+!:mime text/x-script.python
+
+# if __name__ == "__main__":
+0 search/4096 if\ __name__
+>&0 search/64 '__main__' Python script text executable
+>&0 search/64 "__main__" Python script text executable
+!:strength + 15
+!:mime text/x-script.python
+
+# import module [as abrev]
+0 search/8192 import
+>0 regex \^import\ [_[:alpha:]]+\ as\ [[:alpha:]][[:space:]]*$ Python script text executable
+!:mime text/x-script.python
+
+# comments
+#0 search/4096 '''
+#>&0 regex .*'''$ Python script text executable
+#!:mime text/x-script.python
+
+#0 search/4096 """
+#>&0 regex .*"""$ Python script text executable
+#!:mime text/x-script.python
+
+# try:
+# except: or finally:
+# block
+0 search/4096 try:
+>&0 regex \^[[:space:]]*except.*:$ Python script text executable
+!:strength + 15
+!:mime text/x-script.python
+>&0 search/4096 finally: Python script text executable
+!:mime text/x-script.python
+
+# class name[(base classes,)]: [pass]
+0 search/8192 class
+>0 regex \^class\ [_[:alpha:]]+(\\(.*\\))?(\ )*:([\ \t]+pass)?$ Python script text executable
+!:strength + 15
+!:mime text/x-script.python
+
+# def name(*args, **kwargs):
+0 search/8192 def\
+>0 regex \^[[:space:]]{0,50}def\ {1,50}[_a-zA-Z]{1,100}
+>>&0 regex \\(([[:alpha:]*_,\ ]){0,255}\\):$ Python script text executable
+!:strength + 15
+!:mime text/x-script.python
+
+# https://numpy.org/devdocs/reference/generated/numpy.lib.format.html
+0 string \223NUMPY NumPy data file
+!:mime application/x-numpy-data
+>6 byte x \b, version %d
+>7 byte x \b.%d
+#>8 leshort x \b, header length=%d
+>10 string x \b, description %s
diff --git a/magic/Magdir/qt b/magic/Magdir/qt
new file mode 100644
index 0000000..68085f2
--- /dev/null
+++ b/magic/Magdir/qt
@@ -0,0 +1,30 @@
+
+#------------------------------------------------------------------------------
+# $File: qt,v 1.4 2022/11/11 14:50:23 christos Exp $
+# qt: file(1) magic for Qt
+
+# https://doc.qt.io/qt-5/resources.html
+0 string \<!DOCTYPE\040RCC\> Qt Resource Collection file
+
+# https://qt.gitorious.org/qt/qtbase/source/\
+# 5367fa356233da4c0f28172a8f817791525f5457:\
+# src/tools/rcc/rcc.cpp#L840
+0 string qres\0\0 Qt Binary Resource file
+0 search/1024 The\040Resource\040Compiler\040for\040Qt Qt C-code resource file
+
+# https://qt.gitorious.org/qt/qtbase/source/\
+# 5367fa356233da4c0f28172a8f817791525f5457:\
+# src/corelib/kernel/qtranslator.cpp#L62
+0 string \x3c\xb8\x64\x18\xca\xef\x9c\x95
+>8 string \xcd\x21\x1c\xbf\x60\xa1\xbd\xdd Qt Translation file
+
+
+# Qt V4 Javascript engine compiled unit
+# From: Alexandre Iooss <erdnaxe@crans.org>
+# URL: https://github.com/qt/qtdeclarative/blob/v6.4.0/src/qml/common/qv4compileddata_p.h
+0 string qv4cdata QV4 compiled unit
+!:ext qmlc
+>8 ulelong x \b, version %d
+>12 byte x \b, Qt %d
+>13 byte x \b.%d
+>14 byte x \b.%d
diff --git a/magic/Magdir/revision b/magic/Magdir/revision
new file mode 100644
index 0000000..824220a
--- /dev/null
+++ b/magic/Magdir/revision
@@ -0,0 +1,66 @@
+
+#------------------------------------------------------------------------------
+# $File: revision,v 1.11 2019/04/19 00:42:27 christos Exp $
+# file(1) magic for revision control files
+# From Hendrik Scholz <hendrik@scholz.net>
+0 string/t /1\ :pserver: cvs password text file
+
+# Conary changesets
+# From: Jonathan Smith <smithj@rpath.com>
+0 belong 0xea3f81bb Conary changeset data
+
+# Type: Git bundles (git-bundle)
+# From: Josh Triplett <josh@freedesktop.org>
+0 string #\ v2\ git\ bundle\n Git bundle
+
+# Type: Git pack
+# From: Adam Buchbinder <adam.buchbinder@gmail.com>
+# Update: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/Git
+# reference: https://github.com/git/git/blob/master/Documentation/technical/pack-format.txt
+# The actual magic is 'PACK', but that clashes with Doom/Quake packs. However,
+# those have a little-endian offset immediately following the magic 'PACK',
+# the first byte of which is never 0, while the first byte of the Git pack
+# version, since it's a tiny number stored in big-endian format, is always 0.
+0 string PACK
+# GRR: line above is too general as it matches also PackDir archive ./acorn
+# test for major version. Git 2017 accepts version number 2 or 3
+>4 ubelong <9
+# Acorn PackDir with method 0 compression has root like ADFS::HardDisc4.$.AsylumSrc
+# or SystemDevice::foobar
+>>9 search/13 ::
+# but in git binary
+>>9 default x Git pack
+!:mime application/x-git
+!:ext pack
+# 4 GB limit implies unsigned integer
+>>>4 ubelong x \b, version %u
+>>>8 ubelong x \b, %u objects
+
+# Type: Git pack index
+# From: Adam Buchbinder <adam.buchbinder@gmail.com>
+0 string \377tOc Git pack index
+>4 belong =2 \b, version 2
+
+# Type: Git index file
+# From: Frederic Briare <fbriere@fbriere.net>
+0 string DIRC Git index
+>4 belong >0 \b, version %d
+>>8 belong >0 \b, %d entries
+
+# Type: Mercurial bundles
+# From: Seo Sanghyeon <tinuviel@sparcs.kaist.ac.kr>
+0 string HG10 Mercurial bundle,
+>4 string UN uncompressed
+>4 string BZ bzip2 compressed
+
+# Type: Subversion (SVN) dumps
+# From: Uwe Zeisberger <zeisberg@informatik.uni-freiburg.de>
+0 string SVN-fs-dump-format-version: Subversion dumpfile
+>28 string >\0 (version: %s)
+
+# Type: Bazaar revision bundles and merge requests
+# URL: https://www.bazaar-vcs.org/
+# From: Jelmer Vernooij <jelmer@samba.org>
+0 string #\ Bazaar\ revision\ bundle\ v Bazaar Bundle
+0 string #\ Bazaar\ merge\ directive\ format Bazaar merge directive
diff --git a/magic/Magdir/riff b/magic/Magdir/riff
new file mode 100644
index 0000000..9b913a5
--- /dev/null
+++ b/magic/Magdir/riff
@@ -0,0 +1,840 @@
+
+#------------------------------------------------------------------------------
+# $File: riff,v 1.45 2022/07/24 23:47:49 christos Exp $
+# riff: file(1) magic for RIFF format
+# See
+#
+# https://www.seanet.com/users/matts/riffmci/riffmci.htm
+# http://www-mmsp.ece.mcgill.ca/Documents/AudioFormats/WAVE/Docs/riffmci.pdf
+# https://www.iana.org/assignments/wave-avi-codec-registry/wave-avi-codec-registry.xml
+#
+
+# audio format tag. Assume limits: max 1024 bit, 128 channels, 1 MHz
+0 name riff-wave
+>0 leshort 0x01 \b, Microsoft PCM
+>>14 leshort >0
+>>>14 leshort <1024 \b, %d bit
+>0 leshort 0x02 \b, Microsoft ADPCM
+>0 leshort 0x03 \b, IEEE Float
+>0 leshort 0x04 \b, Compaq VSELP
+>0 leshort 0x05 \b, IBM CVSD
+>0 leshort 0x06 \b, ITU G.711 A-law
+>0 leshort 0x07 \b, ITU G.711 mu-law
+>0 leshort 0x08 \b, Microsoft DTS
+>0 leshort 0x10 \b, OKI ADPCM
+>0 leshort 0x11 \b, IMA ADPCM
+>0 leshort 0x12 \b, MediaSpace ADPCM
+>0 leshort 0x13 \b, Sierra ADPCM
+>0 leshort 0x14 \b, ITU G.723 ADPCM (Yamaha)
+>0 leshort 0x15 \b, DSP Solutions DIGISTD
+>0 leshort 0x16 \b, DSP Solutions DIGIFIX
+>0 leshort 0x17 \b, Dialogic OKI ADPCM
+>0 leshort 0x18 \b, MediaVision ADPCM
+>0 leshort 0x19 \b, HP CU
+>0 leshort 0x20 \b, Yamaha ADPCM
+>0 leshort 0x21 \b, Speech Compression SONARC
+>0 leshort 0x22 \b, DSP Group True Speech
+>0 leshort 0x23 \b, Echo Speech EchoSC1
+>0 leshort 0x24 \b, AudioFile AF36
+>0 leshort 0x25 \b, APTX
+>0 leshort 0x26 \b, AudioFile AF10
+>0 leshort 0x27 \b, Prosody 1612
+>0 leshort 0x28 \b, LRC
+>0 leshort 0x30 \b, Dolby AC2
+>0 leshort 0x31 \b, GSM 6.10
+>0 leshort 0x32 \b, MSN Audio
+>0 leshort 0x33 \b, Antex ADPCME
+>0 leshort 0x34 \b, Control Res VQLPC
+>0 leshort 0x35 \b, Digireal
+>0 leshort 0x36 \b, DigiADPCM
+>0 leshort 0x37 \b, Control Res CR10
+>0 leshort 0x38 \b, NMS VBXADPCM
+>0 leshort 0x39 \b, Roland RDAC
+>0 leshort 0x3A \b, Echo Speech EchoSC3
+>0 leshort 0x3B \b, Rockwell ADPCM
+>0 leshort 0x3C \b, Rockwell Digitalk
+>0 leshort 0x3D \b, Xebec
+>0 leshort 0x40 \b, ITU G.721 ADPCM
+>0 leshort 0x41 \b, ITU G.728 CELP
+>0 leshort 0x42 \b, MSG723
+>0 leshort 0x50 \b, MPEG
+>0 leshort 0x52 \b, RT24
+>0 leshort 0x53 \b, PAC
+>0 leshort 0x55 \b, MPEG Layer 3
+>0 leshort 0x59 \b, Lucent G.723
+>0 leshort 0x60 \b, Cirrus
+>0 leshort 0x61 \b, ESPCM
+>0 leshort 0x62 \b, Voxware
+>0 leshort 0x63 \b, Canopus Atrac
+>0 leshort 0x64 \b, ITU G.726 ADPCM
+>0 leshort 0x65 \b, ITU G.722 ADPCM
+>0 leshort 0x66 \b, DSAT
+>0 leshort 0x67 \b, DSAT Display
+>0 leshort 0x69 \b, Voxware Byte Aligned
+>0 leshort 0x70 \b, Voxware AC8
+>0 leshort 0x71 \b, Voxware AC10
+>0 leshort 0x72 \b, Voxware AC16
+>0 leshort 0x73 \b, Voxware AC20
+>0 leshort 0x74 \b, Voxware MetaVoice
+>0 leshort 0x75 \b, Voxware MetaSound
+>0 leshort 0x76 \b, Voxware RT29HW
+>0 leshort 0x77 \b, Voxware VR12
+>0 leshort 0x78 \b, Voxware VR18
+>0 leshort 0x79 \b, Voxware TQ40
+>0 leshort 0x80 \b, Softsound
+>0 leshort 0x81 \b, Voxware TQ60
+>0 leshort 0x82 \b, MSRT24
+>0 leshort 0x83 \b, ITU G.729A
+>0 leshort 0x84 \b, MVI MV12
+>0 leshort 0x85 \b, DF G.726
+>0 leshort 0x86 \b, DF GSM610
+>0 leshort 0x88 \b, ISIAudio
+>0 leshort 0x89 \b, Onlive
+>0 leshort 0x91 \b, SBC24
+>0 leshort 0x92 \b, Dolby AC3 S/PDIF
+>0 leshort 0x97 \b, ZyXEL ADPCM
+>0 leshort 0x98 \b, Philips LPCBB
+>0 leshort 0x99 \b, Packed
+>0 leshort 0x100 \b, Rhetorex ADPCM
+>0 leshort 0x101 \b, BeCubed Software IRAT
+>0 leshort 0x111 \b, Vivo G.723
+>0 leshort 0x112 \b, Vivo Siren
+>0 leshort 0x123 \b, Digital G.723
+>0 leshort 0x200 \b, Creative ADPCM
+>0 leshort 0x202 \b, Creative FastSpeech8
+>0 leshort 0x203 \b, Creative FastSpeech10
+>0 leshort 0x220 \b, Quarterdeck
+>0 leshort 0x300 \b, FM Towns Snd
+>0 leshort 0x400 \b, BTV Digital
+>0 leshort 0x680 \b, VME VMPCM
+>0 leshort 0x1000 \b, OLIGSM
+>0 leshort 0x1001 \b, OLIADPCM
+>0 leshort 0x1002 \b, OLICELP
+>0 leshort 0x1003 \b, OLISBC
+>0 leshort 0x1004 \b, OLIOPR
+>0 leshort 0x1100 \b, LH Codec
+>0 leshort 0x1400 \b, Norris
+>0 leshort 0x1401 \b, ISIAudio
+>0 leshort 0x1500 \b, Soundspace Music Compression
+>0 leshort 0x2000 \b, AC3 DVM
+>0 leshort 0x2001 \b, DTS
+>2 leshort =1 \b, mono
+>2 leshort =2 \b, stereo
+>2 leshort >2
+>>2 leshort <128 \b, %d channels
+>4 lelong >0
+>>4 lelong <1000000 %d Hz
+
+# try to find "fmt "
+0 name riff-walk
+>0 string fmt\x20
+>>4 lelong >15
+>>>8 use riff-wave
+>0 string LIST
+>>&(4.l+4) use riff-walk
+>0 string DISP
+>>&(4.l+4) use riff-walk
+>0 string bext
+>>&(4.l+4) use riff-walk
+>0 string Fake
+>>&(4.l+4) use riff-walk
+>0 string fact
+>>&(4.l+4) use riff-walk
+>0 string VP8
+>>11 byte 0x9d
+>>>12 byte 0x01
+>>>>13 byte 0x2a \b, VP8 encoding
+>>>>>14 leshort&0x3fff x \b, %d
+>>>>>16 leshort&0x3fff x \bx%d, Scaling:
+>>>>>14 leshort&0xc000 0x0000 \b [none]
+>>>>>14 leshort&0xc000 0x1000 \b [5/4]
+>>>>>14 leshort&0xc000 0x2000 \b [5/3]
+>>>>>14 leshort&0xc000 0x3000 \b [2]
+>>>>>14 leshort&0xc000 0x0000 \bx[none]
+>>>>>14 leshort&0xc000 0x1000 \bx[5/4]
+>>>>>14 leshort&0xc000 0x2000 \bx[5/3]
+>>>>>14 leshort&0xc000 0x3000 \bx[2]
+>>>>>15 byte&0x80 =0x00 \b, YUV color
+>>>>>15 byte&0x80 =0x80 \b, bad color specification
+>>>>>15 byte&0x40 =0x40 \b, no clamping required
+>>>>>15 byte&0x40 =0x00 \b, decoders should clamp
+#>0 string x we got %s
+#>>&(4.l+4) use riff-walk
+
+# RecorderGear TR500 call recorder digits (BCD)
+0 name tr500-call-recorder-digits
+>0 byte&0xF0 0x00 \b0
+>0 byte&0xF0 0x10 \b1
+>0 byte&0xF0 0x20 \b2
+>0 byte&0xF0 0x30 \b3
+>0 byte&0xF0 0x40 \b4
+>0 byte&0xF0 0x50 \b5
+>0 byte&0xF0 0x60 \b6
+>0 byte&0xF0 0x70 \b7
+>0 byte&0xF0 0x80 \b8
+>0 byte&0xF0 0x90 \b9
+>0 byte&0xF0 0xb0 \b*
+>0 byte&0xF0 0xc0 \b#
+>0 byte&0x0F 0 \b0
+>0 byte&0x0F 1 \b1
+>0 byte&0x0F 2 \b2
+>0 byte&0x0F 3 \b3
+>0 byte&0x0F 4 \b4
+>0 byte&0x0F 5 \b5
+>0 byte&0x0F 6 \b6
+>0 byte&0x0F 7 \b7
+>0 byte&0x0F 8 \b8
+>0 byte&0x0F 9 \b9
+>0 byte&0x0F 0xb \b*
+>0 byte&0x0F 0xc \b#
+
+# TR500 call recorder extended header
+# From: David Korth <gerbilsoft@gerbilsoft.com>
+# Contains dialed/incoming phone number and timestamp.
+# TODO: Verify byte 15.
+0 name tr500-call-recorder-header
+>15 byte 2 (outgoing call:
+>15 byte 4 (incoming call:
+>1 byte 0xFF \bno number
+>1 byte !0xFF
+>>1 use tr500-call-recorder-digits
+>>2 byte !0xFF
+>>>2 use tr500-call-recorder-digits
+>>3 byte !0xFF
+>>>3 use tr500-call-recorder-digits
+>>4 byte !0xFF
+>>>4 use tr500-call-recorder-digits
+>>5 byte !0xFF
+>>>5 use tr500-call-recorder-digits
+>>6 byte !0xFF
+>>>6 use tr500-call-recorder-digits
+>>7 byte !0xFF
+>>>7 use tr500-call-recorder-digits
+>>8 byte !0xFF
+>>>8 use tr500-call-recorder-digits
+>9 byte x \b, 20%02x
+>10 byte x \b/%02x
+>11 byte x \b/%02x
+>12 byte x %02x
+>13 byte x \b:%02x
+>14 byte x \b:%02x)
+
+# AVI section extended by Patrik Radman <patrik+file-magic@iki.fi>
+#
+0 string RIFF RIFF (little-endian) data
+# RIFF Palette format
+# Update: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/Resource_Interchange_File_Format
+# Reference: https://worms2d.info/Palette_file
+# WAVE/AVI codec registry: https://www.iana.org/assignments/wave-avi-codec-registry/wave-avi-codec-registry.xml
+>8 string PAL\ \b, palette
+!:mime application/x-riff
+# color palette by Microsoft Corporation
+!:ext pal
+# file size = chunk size + 8 in most cases
+>>4 ulelong+8 x \b, %u bytes
+# Extended PAL Format
+>>12 string plth \b, extended
+# Simple PAL Format
+>>12 string data
+# data chunk size = color entries * 4 + 4 + sometimes extra (4) appended bytes
+>>>16 ulelong x \b, data size %u
+# palVersion is always 0x0300
+#>>>20 leshort x \b, version %#4.4x
+# palNumEntries specifies the number of palette color entries
+>>>22 uleshort x \b, %u entries
+# after palPalEntry sized (number of color entries * 4 ) vector
+>>>(22.s*4) ubequad x
+# jump relative 22 ( 8 + 16) bytes forward points after end of file or to
+# appended extra bytes like in http://safecolours.rigdenage.com/set(ms).zip/Protan(MS).pal
+>>>>&16 ubelong x \b, extra bytes
+>>>>>&-4 ubelong >0 %#8.8x
+# RIFF Device Independent Bitmap format
+# URL: http://fileformats.archiveteam.org/wiki/RDIB
+>8 string RDIB \b, device-independent bitmap
+!:ext rdi/dib
+>>16 string BM
+>>>30 leshort 12 \b, OS/2 1.x format
+>>>>34 leshort x \b, %d x
+>>>>36 leshort x %d
+>>>30 leshort 64 \b, OS/2 2.x format
+>>>>34 leshort x \b, %d x
+>>>>36 leshort x %d
+>>>30 leshort 40 \b, Windows 3.x format
+>>>>34 lelong x \b, %d x
+>>>>38 lelong x %d x
+>>>>44 leshort x %d
+# RIFF MIDI format
+# URL: http://fileformats.archiveteam.org/wiki/RIFF_MIDI
+>8 string RMID \b, MIDI
+# http://extension.nirsoft.net/rmi
+!:mime audio/mid
+#!:mime audio/x-rmid
+!:ext rmi
+# RIFF Multimedia Movie File format
+# URL: http://fileformats.archiveteam.org/wiki/RIFF_Multimedia_Movie
+>8 string RMMP \b, multimedia movie
+!:mime video/x-mmm
+!:ext mmm
+# RIFF wrapper for MP3
+>8 string RMP3 \b, MPEG Layer 3 audio
+#!:mime audio/x-rmp3
+# Microsoft WAVE format (*.wav)
+# URL: http://fileformats.archiveteam.org/wiki/WAV
+>8 string WAVE \b, WAVE audio
+#!:mime audio/vnd.wave
+!:mime audio/x-wav
+# https://www.macdisk.com/macsigen.php
+#!:apple ????WAVE
+!:ext wav/wave
+>>12 string >\0
+>>>12 use riff-walk
+# TR500 call recorder extended header
+>>16 ulelong 0x1E4
+>>>20 leshort 0x11
+>>>>256 byte 4
+>>>>>256 use tr500-call-recorder-header
+# Update: Joerg Jenderek
+# lower case for Corel Draw version 8 Bidi
+>8 string/c cdr
+# skip Corel CCX Clipart
+>>8 string !CDRXcont
+# Corel Draw Picture
+>>>0 use corel-draw
+# URL: http://fileformats.archiveteam.org/wiki/CCX_(Corel)
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/c/ccx-corel.trid.xml
+>>8 string =CDRXcont \b, Corel Clipart
+!:mime application/x-corel-ccx
+!:ext ccx
+# 3rd chunk data {Corel\040Binary\040Meta\040File}
+#>>>20 string x \b, 3rd '%-s'
+>>>4 ulelong+8 x \b, %u bytes
+# From: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/CorelDRAW
+# Reference: http://fileformats.archiveteam.org/wiki/CorelDRAW
+# Picture templates created by newer software start with RIFF type CDT
+>8 string CDT
+>>0 use corel-draw
+# Picture templates with version 4.4
+>8 string CDST
+>>0 use corel-draw
+# pattern created by newer software start with RIFF type PAT
+>8 string PAT
+>>0 use corel-draw
+# From: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/Corel_Designer
+# Reference: http://fileformats.archiveteam.org/wiki/Corel_Designer
+>8 string DES
+>>8 string !DESC
+>>>0 use corel-des
+# Corel Draw templates with version 12.5 or Corel Designer illustration 12
+>>8 string =DESC
+# MORE TESTS NEEDED HERE!
+#>>>0 use corel-des
+#>>>0 use corel-draw
+>8 string NUNDROOT \b, Steinberg CuBase
+# From: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/MIDI_Instrument_Definition_File
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/i/idf.trid.xml
+# ftp://curscott.servebeer.com/Download/Apps/_Microsoft/
+# Visual%20Studio%206.0%20Professional%20MSDN/
+# SAMPLES/VC98/SDK/GRAPHICS/AUDIO/IDFEDIT/GLOBALS.H
+# Note: called "MIDI Instrument Definition File" by TrID
+>8 string IDF\ LIST \b, MIDI Instrument Definition File
+!:mime audio/x-idf
+!:ext idf
+# 3rd chunk size like: 254 284 286 670
+#>>0x10 ulelong x \b, 3th SIZE %u
+# for debugging purpose display next chunk like: MMAPhdr
+#>>0x14 string x \b, 4th "%-8.8s"
+#>>0x1C ulelong x \b, 4th SIZE 0x%x
+# probably MIDI instrument name like: "Universal-MIDI-Instrument" "instrument name" "General MIDI"
+>>0x30 string x "%s"
+# look for inst TAG
+>>0x31 search/256 inst by
+# probably manufacture name like: "Unspecified Company" "NVidia Corporation"
+>>>&0x24 string x "%s"
+# AVI == Audio Video Interleave
+# Reference: http://fileformats.archiveteam.org/wiki/AVI
+>8 string AVI\040 \b, AVI
+# https://reposcope.com/mimetype/video/x-msvideo
+!:mime video/x-msvideo
+# https://www.iana.org/assignments/wave-avi-codec-registry/wave-avi-codec-registry.xml
+#!:mime video/vnd.avi
+!:ext avi/divx
+>>12 string LIST
+>>>20 string hdrlavih
+>>>>&36 lelong x \b, %u x
+>>>>&40 lelong x %u,
+>>>>&4 lelong >1000000 <1 fps,
+>>>>&4 lelong 1000000 1.00 fps,
+>>>>&4 lelong 500000 2.00 fps,
+>>>>&4 lelong 333333 3.00 fps,
+>>>>&4 lelong 250000 4.00 fps,
+>>>>&4 lelong 200000 5.00 fps,
+>>>>&4 lelong 166667 6.00 fps,
+>>>>&4 lelong 142857 7.00 fps,
+>>>>&4 lelong 125000 8.00 fps,
+>>>>&4 lelong 111111 9.00 fps,
+>>>>&4 lelong 100000 10.00 fps,
+# ]9.9,10.1[
+>>>>&4 lelong <101010
+>>>>>&-4 lelong >99010
+>>>>>>&-4 lelong !100000 ~10 fps,
+>>>>&4 lelong 83333 12.00 fps,
+# ]11.9,12.1[
+>>>>&4 lelong <84034
+>>>>>&-4 lelong >82645
+>>>>>>&-4 lelong !83333 ~12 fps,
+>>>>&4 lelong 66667 15.00 fps,
+# ]14.9,15.1[
+>>>>&4 lelong <67114
+>>>>>&-4 lelong >66225
+>>>>>>&-4 lelong !66667 ~15 fps,
+>>>>&4 lelong 50000 20.00 fps,
+>>>>&4 lelong 41708 23.98 fps,
+>>>>&4 lelong 41667 24.00 fps,
+# ]23.9,24.1[
+>>>>&4 lelong <41841
+>>>>>&-4 lelong >41494
+>>>>>>&-4 lelong !41708
+>>>>>>>&-4 lelong !41667 ~24 fps,
+>>>>&4 lelong 40000 25.00 fps,
+# ]24.9,25.1[
+>>>>&4 lelong <40161
+>>>>>&-4 lelong >39841
+>>>>>>&-4 lelong !40000 ~25 fps,
+>>>>&4 lelong 33367 29.97 fps,
+>>>>&4 lelong 33333 30.00 fps,
+# ]29.9,30.1[
+>>>>&4 lelong <33445
+>>>>>&-4 lelong >33223
+>>>>>>&-4 lelong !33367
+>>>>>>>&-4 lelong !33333 ~30 fps,
+>>>>&4 lelong <32224 >30 fps,
+##>>>>&4 lelong x (%lu)
+##>>>>&20 lelong x %lu frames,
+# Note: The tests below assume that the AVI has 1 or 2 streams,
+# "vids" optionally followed by "auds".
+# (Should cover 99.9% of all AVIs.)
+# assuming avih length = 56
+>>>88 string LIST
+>>>>96 string strlstrh
+>>>>>108 string vids video:
+>>>>>>&0 lelong 0 uncompressed
+# skip past vids strh
+>>>>>>(104.l+108) string strf
+>>>>>>>(104.l+132) lelong 1 RLE 8bpp
+>>>>>>>(104.l+132) string/c anim Intel RDX
+>>>>>>>(104.l+132) string/c aur2 AuraVision Aura 2
+>>>>>>>(104.l+132) string/c aura AuraVision Aura
+>>>>>>>(104.l+132) string/c bt20 Brooktree MediaStream
+>>>>>>>(104.l+132) string/c btcv Brooktree Composite Video
+>>>>>>>(104.l+132) string/c cc12 Intel YUV12
+>>>>>>>(104.l+132) string/c cdvc Canopus DV
+>>>>>>>(104.l+132) string/c cham Winnov Caviara Cham
+>>>>>>>(104.l+132) string/c cljr Proprietary YUV 4 pixels
+>>>>>>>(104.l+132) string/c cmyk Common Data Format in Printing
+>>>>>>>(104.l+132) string/c cpla Weitek 4:2:0 YUV Planar
+>>>>>>>(104.l+132) string/c cvid Cinepak
+>>>>>>>(104.l+132) string/c cwlt Microsoft Color WLT DIB
+>>>>>>>(104.l+132) string/c cyuv Creative Labs YUV
+>>>>>>>(104.l+132) string/c d261 H.261
+>>>>>>>(104.l+132) string/c d263 H.263
+>>>>>>>(104.l+132) string/c duck TrueMotion 1.0
+>>>>>>>(104.l+132) string/c dve2 DVE-2 Videoconferencing
+>>>>>>>(104.l+132) string/c fljp Field Encoded Motion JPEG
+>>>>>>>(104.l+132) string/c fvf1 Fractal Video Frame
+>>>>>>>(104.l+132) string/c gwlt Microsoft Greyscale WLT DIB
+>>>>>>>(104.l+132) string/c h260 H.260
+>>>>>>>(104.l+132) string/c h261 H.261
+>>>>>>>(104.l+132) string/c h262 H.262
+>>>>>>>(104.l+132) string/c h263 H.263
+>>>>>>>(104.l+132) string/c h264 H.264
+>>>>>>>(104.l+132) string/c h265 H.265
+>>>>>>>(104.l+132) string/c h266 H.266
+>>>>>>>(104.l+132) string/c h267 H.267
+>>>>>>>(104.l+132) string/c h268 H.268
+>>>>>>>(104.l+132) string/c h269 H.269
+>>>>>>>(104.l+132) string/c i263 Intel I.263
+>>>>>>>(104.l+132) string/c i420 Intel Indeo 4
+>>>>>>>(104.l+132) string/c ian Intel RDX
+>>>>>>>(104.l+132) string/c iclb CellB Videoconferencing Codec
+>>>>>>>(104.l+132) string/c ilvc Intel Layered Video
+>>>>>>>(104.l+132) string/c ilvr ITU-T H.263+
+>>>>>>>(104.l+132) string/c iraw Intel YUV Uncompressed
+>>>>>>>(104.l+132) string/c iv30 Intel Indeo 3
+>>>>>>>(104.l+132) string/c iv31 Intel Indeo 3.1
+>>>>>>>(104.l+132) string/c iv32 Intel Indeo 3.2
+>>>>>>>(104.l+132) string/c iv33 Intel Indeo 3.3
+>>>>>>>(104.l+132) string/c iv34 Intel Indeo 3.4
+>>>>>>>(104.l+132) string/c iv35 Intel Indeo 3.5
+>>>>>>>(104.l+132) string/c iv36 Intel Indeo 3.6
+>>>>>>>(104.l+132) string/c iv37 Intel Indeo 3.7
+>>>>>>>(104.l+132) string/c iv38 Intel Indeo 3.8
+>>>>>>>(104.l+132) string/c iv39 Intel Indeo 3.9
+>>>>>>>(104.l+132) string/c iv40 Intel Indeo 4.0
+>>>>>>>(104.l+132) string/c iv41 Intel Indeo 4.1
+>>>>>>>(104.l+132) string/c iv42 Intel Indeo 4.2
+>>>>>>>(104.l+132) string/c iv43 Intel Indeo 4.3
+>>>>>>>(104.l+132) string/c iv44 Intel Indeo 4.4
+>>>>>>>(104.l+132) string/c iv45 Intel Indeo 4.5
+>>>>>>>(104.l+132) string/c iv46 Intel Indeo 4.6
+>>>>>>>(104.l+132) string/c iv47 Intel Indeo 4.7
+>>>>>>>(104.l+132) string/c iv48 Intel Indeo 4.8
+>>>>>>>(104.l+132) string/c iv49 Intel Indeo 4.9
+>>>>>>>(104.l+132) string/c iv50 Intel Indeo 5.0
+>>>>>>>(104.l+132) string/c mpeg MPEG 1 Video Frame
+>>>>>>>(104.l+132) string/c mjpg Motion JPEG
+>>>>>>>(104.l+132) string/c mp42 Microsoft MPEG-4 v2
+>>>>>>>(104.l+132) string/c mp43 Microsoft MPEG-4 v3
+>>>>>>>(104.l+132) string/c mrca MR Codec
+>>>>>>>(104.l+132) string/c mrle Run Length Encoding
+>>>>>>>(104.l+132) string/c msvc Microsoft Video 1
+>>>>>>>(104.l+132) string/c phmo Photomotion
+>>>>>>>(104.l+132) string/c qpeq QPEG 1.1 Format Video
+>>>>>>>(104.l+132) string/c rgbt RGBT
+>>>>>>>(104.l+132) string/c rle4 Run Length Encoded 4
+>>>>>>>(104.l+132) string/c rle8 Run Length Encoded 8
+>>>>>>>(104.l+132) string/c rt21 Intel Indeo 2.1
+>>>>>>>(104.l+132) string/c rvx Intel RDX
+>>>>>>>(104.l+132) string/c sdcc Sun Digital Camera Codec
+>>>>>>>(104.l+132) string/c sfmc Crystal Net SFM Codec
+>>>>>>>(104.l+132) string/c smsc SMSC
+>>>>>>>(104.l+132) string/c smsd SMSD
+>>>>>>>(104.l+132) string/c splc Splash Studios ACM Audio Codec
+>>>>>>>(104.l+132) string/c sqz2 Microsoft VXtreme Video Codec
+>>>>>>>(104.l+132) string/c sv10 Sorenson Video R1
+>>>>>>>(104.l+132) string/c tlms TeraLogic Motion Intraframe Codec A
+>>>>>>>(104.l+132) string/c tlst TeraLogic Motion Intraframe Codec B
+>>>>>>>(104.l+132) string/c tm20 TrueMotion 2.0
+>>>>>>>(104.l+132) string/c tmic TeraLogic Motion Intraframe Codec 2
+>>>>>>>(104.l+132) string/c tmot TrueMotion Video Compression
+>>>>>>>(104.l+132) string/c tr20 TrueMotion RT 2.0
+>>>>>>>(104.l+132) string/c ulti Ultimotion
+>>>>>>>(104.l+132) string/c uyvy UYVY 4:2:2 byte ordering
+>>>>>>>(104.l+132) string/c v422 24-bit YUV 4:2:2 format
+>>>>>>>(104.l+132) string/c v655 16-bit YUV 4:2:2 format
+>>>>>>>(104.l+132) string/c vcr1 ATI VCR 1.0
+>>>>>>>(104.l+132) string/c vcr2 ATI VCR 2.0
+>>>>>>>(104.l+132) string/c vcr3 ATI VCR 3.0
+>>>>>>>(104.l+132) string/c vcr4 ATI VCR 4.0
+>>>>>>>(104.l+132) string/c vcr5 ATI VCR 5.0
+>>>>>>>(104.l+132) string/c vcr6 ATI VCR 6.0
+>>>>>>>(104.l+132) string/c vcr7 ATI VCR 7.0
+>>>>>>>(104.l+132) string/c vcr8 ATI VCR 8.0
+>>>>>>>(104.l+132) string/c vcr9 ATI VCR 9.0
+>>>>>>>(104.l+132) string/c vdct Video Maker Pro DIB
+>>>>>>>(104.l+132) string/c vids YUV 4:2:2 CCIR 601 for V422
+>>>>>>>(104.l+132) string/c vivo Vivo H.263
+>>>>>>>(104.l+132) string/c vixl VIXL
+>>>>>>>(104.l+132) string/c vlv1 VLCAP.DRV
+>>>>>>>(104.l+132) string/c wbvc W9960
+>>>>>>>(104.l+132) string/c x263 mmioFOURCC('X','2','6','3')
+>>>>>>>(104.l+132) string/c xlv0 XL Video Decoder
+>>>>>>>(104.l+132) string/c y211 YUV 2:1:1 Packed
+>>>>>>>(104.l+132) string/c y411 YUV 4:1:1 Packed
+>>>>>>>(104.l+132) string/c y41b YUV 4:1:1 Planar
+>>>>>>>(104.l+132) string/c y41p PC1 4:1:1
+>>>>>>>(104.l+132) string/c y41t PC1 4:1:1 with transparency
+>>>>>>>(104.l+132) string/c y42b YUV 4:2:2 Planar
+>>>>>>>(104.l+132) string/c y42t PC1 4:2:2 with transparency
+>>>>>>>(104.l+132) string/c yc12 Intel YUV12 Codec
+>>>>>>>(104.l+132) string/c yuv8 Winnov Caviar YUV8
+>>>>>>>(104.l+132) string/c yuv9 YUV9
+>>>>>>>(104.l+132) string/c yuy2 YUY2 4:2:2 byte ordering packed
+>>>>>>>(104.l+132) string/c yuyv BI_YUYV, Canopus
+>>>>>>>(104.l+132) string/c fmp4 FFMpeg MPEG-4
+>>>>>>>(104.l+132) string/c div3 DivX 3
+>>>>>>>>112 string/c div3 Low-Motion
+>>>>>>>>112 string/c div4 Fast-Motion
+>>>>>>>(104.l+132) string/c divx DivX 4
+>>>>>>>(104.l+132) string/c dx50 DivX 5
+>>>>>>>(104.l+132) string/c xvid XviD
+>>>>>>>(104.l+132) string/c h264 H.264
+>>>>>>>(104.l+132) string/c wmv3 Windows Media Video 9
+>>>>>>>(104.l+132) string/c h264 X.264 or H.264
+>>>>>>>(104.l+132) lelong 0
+##>>>>>>>(104.l+132) string x (%.4s)
+# skip past first (video) LIST
+>>>>(92.l+96) string LIST
+>>>>>(92.l+104) string strlstrh
+>>>>>>(92.l+116) string auds \b, audio:
+# auds strh length = 56:
+>>>>>>>(92.l+172) string strf
+>>>>>>>>(92.l+180) leshort 0x0001 uncompressed PCM
+>>>>>>>>(92.l+180) leshort 0x0002 ADPCM
+>>>>>>>>(92.l+180) leshort 0x0006 aLaw
+>>>>>>>>(92.l+180) leshort 0x0007 uLaw
+>>>>>>>>(92.l+180) leshort 0x0050 MPEG-1 Layer 1 or 2
+>>>>>>>>(92.l+180) leshort 0x0055 MPEG-1 Layer 3
+>>>>>>>>(92.l+180) leshort 0x2000 Dolby AC3
+>>>>>>>>(92.l+180) leshort 0x0161 DivX
+##>>>>>>>>(92.l+180) leshort x (%#.4x)
+>>>>>>>>(92.l+182) leshort 1 (mono,
+>>>>>>>>(92.l+182) leshort 2 (stereo,
+>>>>>>>>(92.l+182) leshort >2 (%d channels,
+>>>>>>>>(92.l+184) lelong x %d Hz)
+# auds strh length = 64:
+>>>>>>>(92.l+180) string strf
+>>>>>>>>(92.l+188) leshort 0x0001 uncompressed PCM
+>>>>>>>>(92.l+188) leshort 0x0002 ADPCM
+>>>>>>>>(92.l+188) leshort 0x0055 MPEG-1 Layer 3
+>>>>>>>>(92.l+188) leshort 0x2000 Dolby AC3
+>>>>>>>>(92.l+188) leshort 0x0161 DivX
+##>>>>>>>>(92.l+188) leshort x (%#.4x)
+>>>>>>>>(92.l+190) leshort 1 (mono,
+>>>>>>>>(92.l+190) leshort 2 (stereo,
+>>>>>>>>(92.l+190) leshort >2 (%d channels,
+>>>>>>>>(92.l+192) lelong x %d Hz)
+# From: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/VDR_(VirtualDub)
+# Reference: http://sourceforge.net/projects/virtualdub/files/virtualdub-win/
+# 1.10.4.35491/VirtualDub-1.10.4-src.7z/src/vdremote/Main.cpp
+# VirtualDub link handler
+>8 string VDRM \b, VirtualDub link
+!:mime video/x-vdr
+!:ext vdr
+>>12 string PATH \b, PATH
+# remote-path to video file
+>>16 pstring/l x %s
+# Animated Cursor format
+# Update: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/Windows_Animated_Cursor
+# Reference: https://www.gdgsoft.com/anituner/help/aniformat.htm
+>8 string ACON \b, animated cursor
+!:mime application/x-navi-animation
+# http://extension.nirsoft.net/ani
+#!:mime image/ani
+!:ext ani
+# INAM tag followed by length of title
+>>24 string INAM
+>>>28 pstring/l x "%s"
+# IART tag followed by length of author
+>>>(28.l+32) ubelong 0x49415254
+>>>>&0 pstring/l x %s
+# SoundFont 2 <mpruett@sgi.com>
+# URL: http://fileformats.archiveteam.org/wiki/SoundFont_2.0
+>8 string sfbk \b, SoundFont/Bank
+!:mime audio/x-sfbk
+!:ext sf2
+# MPEG-1 wrapped in a RIFF, apparently
+# URL: http://file.fyicenter.com/17_Video_.DAT_File_Extension_for_VCD_Files.html
+>8 string CDXA \b, wrapped MPEG-1 (CDXA)
+!:mime video/x-cdxa
+!:ext mpg/dat
+# URL: http://fileformats.archiveteam.org/wiki/4X_IMA_ADPCM
+>8 string 4XMV \b, 4X Movie file
+!:mime video/x-4xmv
+!:ext 4xm/4xa
+# AMV-type AVI file: https://wiki.multimedia.cx/index.php?title=AMV
+>8 string AMV\040 \b, AMV
+# http://fileformats.archiveteam.org/wiki/MTV_Video_(.AMV)
+!:mime video/x-amv
+!:ext amv
+#!:ext amv/mtv
+# URL: http://fileformats.archiveteam.org/wiki/WebP
+>8 string WEBP \b, Web/P image
+!:mime image/webp
+!:ext webp
+>>12 use riff-walk
+# From: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/RIFF_MIDS
+>8 string MIDS \b, MIDI Stream
+!:mime audio/x-mids
+!:ext mds
+# From: Joerg Jenderek
+# URL: http://mark0.net/soft-trid-e.html
+# Reference: http://fileformats.archiveteam.org/wiki/Trd_(TRID)
+>8 string TRID \b, TrID defs package
+!:mime application/x-trid-trd
+!:ext trd
+# From: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/CorelDRAW
+# Reference: http://fileformats.archiveteam.org/wiki/CorelDRAW
+# Note: Since version 3 CorelDraw Pictures are RIFF based
+# but data chunks remain proprietary.
+# Since version 14 til 15 packed as "content/riffData.cdr" and
+# since 16 "content/root.dat" in ZIP container
+# TODO: distinguish templates with version 12.5 from Designer illustration 12
+# display information of RIFF based Corel Draw pictures, templates and patterns
+0 name corel-draw
+# display second chunk for debugging
+#>8 string x \b, [8]=%.8s
+>0 string x \b, Corel Draw
+#!:mime image/x-coreldraw
+!:mime application/vnd.corel-draw
+# used by newer pictures templates
+>>8 string CDT
+# used by templates with newer versions since 16
+>>>12 string =fver Picture template (root.dat)
+!:ext dat
+# used by templates with older versions with vrsn tag
+>>>12 string !fver
+# used by templates with older versions 14-15
+>>>>11 string >E Picture template (riffData.cdr)
+!:ext cdr
+# used by templates with older versions 11-13
+>>>>11 string <F Picture template
+!:ext cdt/cdrt
+# used by older templates with version 4.4
+>>8 string CDST Picture template
+!:ext cdt
+# used by templates with version 12.5
+>>8 string DESC Picture template
+!:ext cdt
+# used by newer patterns with version 22
+>>8 string PAT Pattern
+!:ext dat
+# remaining older templates, patterns, drawings
+>>8 default x
+# pattern with old version 4.y
+>>>26 ulelong =0x0000206C Pattern
+!:ext pat
+# pattern with newer versions
+>>>26 ulelong =0x00000D2C Pattern
+!:ext pat
+# remaining older templates or pictures
+>>>26 default x
+# used by older versions 5 - 15
+>>>>12 string =vrsn
+# 4th chunk size unequal 282Ch only found for CDR
+>>>>>26 ulelong !0x0000282c Picture
+!:ext cdr
+>>>>>26 default x Picture or template
+!:ext cdr/cdt
+# used by newer versions since 16
+>>>>12 string =fver Picture (root.dat)
+!:ext dat
+# version marked by 1 ASCII char: space~3, ... , F~15, ... , N~22, ... R~22 template
+>11 string x \b, version
+>11 string >\040 '%-.1s'
+>0 use corel-version
+>4 ulelong+8 x \b, %u bytes
+#
+# display numeric version of RIFF based Corel after 3rd RIFF tag
+0 name corel-version
+# for debugging purpose; vrsn for short content; fver for 16 byte size
+#>12 string x \b, TAG "%-4.4s"
+# 1st data chunk length 2 implies short content version
+>16 ulelong 2
+# vrsn chunk short content interpreted by MajorVersion * 100 + MinorVersion
+>>20 uleshort/100 x %u
+>>20 uleshort%100 >0 \b.%u
+# for debugging purpose display next chunk like: DISP LIST
+#>>22 string x \b, 4th "%-4.4s"
+#>>26 ulelong x \b, 4th SIZE %#x
+# for debugging purpose display 5th chunk like: LIST DISP ccmm osfp
+#>>(26.l+30) string x \b, 5th "%-4.4s"
+# 1st data chunk length 10h implies 16 byte content with version info
+>16 ulelong 0x10
+>>34 ubyte x %u
+>>>33 ubyte >0 \b.%u
+# display information of RIFF based Corel Design formats
+0 name corel-des
+# display second chunk for debugging
+#>8 string x \b, [8]=%.8s
+>12 string x \b, Corel DESIGNER
+!:mime image/x-corel-des
+#!:mime application/x-vnd.corel.designer.document
+# used by Corel Designer with newer versions since 16
+>12 string =fver graphics (root.dat)
+!:ext dat
+# used by Corel Designer templates with older versions with vrsn tag
+>12 string !fver
+# used by Corel Designer with versions 14-15
+>>11 string >D graphics (riffData.cdr)
+!:ext cdr
+# used by Corel Designer with versions 10-12
+>>11 string <E graphics
+!:ext des
+# version indicated by last ASCII char of second chunk tag
+>11 string x \b, version '%-.1s'
+# but vrsn short content is not always version indicator
+# exceptions: 'A'~11.4 'B'~12 'C'~12.5
+>11 string >D
+>>0 use corel-version
+# for debugging purpose display next chunk like: DISP LIST
+#>>22 string x \b, 4th "%-4.4s"
+#>>26 ulelong x \b, 4th SIZE %#x
+# for debugging purpose display 5th chunk like: LIST osfp
+#>>(26.l+30) string x \b, 5th "%-4.4s"
+>4 ulelong+8 x \b, %u bytes
+
+#
+# XXX - some of the below may only appear in little-endian form.
+#
+# Also "MV93" appears to be for one form of Macromedia Director
+# files, and "GDMF" appears to be another multimedia format.
+#
+0 string RIFX RIFF (big-endian) data
+# RIFF Palette format
+>8 string PAL \b, palette
+>>16 beshort x \b, version %d
+>>18 beshort x \b, %d entries
+# RIFF Device Independent Bitmap format
+>8 string RDIB \b, device-independent bitmap
+>>16 string BM
+>>>30 beshort 12 \b, OS/2 1.x format
+>>>>34 beshort x \b, %d x
+>>>>36 beshort x %d
+>>>30 beshort 64 \b, OS/2 2.x format
+>>>>34 beshort x \b, %d x
+>>>>36 beshort x %d
+>>>30 beshort 40 \b, Windows 3.x format
+>>>>34 belong x \b, %d x
+>>>>38 belong x %d x
+>>>>44 beshort x %d
+# RIFF MIDI format
+>8 string RMID \b, MIDI
+# RIFF Multimedia Movie File format
+>8 string RMMP \b, multimedia movie
+# Microsoft WAVE format (*.wav)
+>8 string WAVE \b, WAVE audio
+>>20 leshort 1 \b, Microsoft PCM
+>>>34 leshort >0 \b, %d bit
+>>22 beshort =1 \b, mono
+>>22 beshort =2 \b, stereo
+>>22 beshort >2 \b, %d channels
+>>24 belong >0 %d Hz
+# Corel Draw Picture big endian not tested by real examples
+#>8 string CDRA \b, Corel Draw Picture
+#>8 string CDR6 \b, Corel Draw Picture, version 6
+>8 string CDR
+>>0 use \^corel-draw
+
+# AVI == Audio Video Interleave
+>8 string AVI\040 \b, AVI
+# Animated Cursor format
+>8 string ACON \b, animated cursor
+# Notation Interchange File Format (big-endian only)
+>8 string NIFF \b, Notation Interchange File Format
+# SoundFont 2 <mpruett@sgi.com>
+>8 string sfbk SoundFont/Bank
+
+#------------------------------------------------------------------------------
+# Sony Wave64
+# see http://www.vcs.de/fileadmin/user_upload/MBS/PDF/Whitepaper/Informations_about_Sony_Wave64.pdf
+# 128 bit RIFF-GUID { 66666972-912E-11CF-A5D6-28DB04C10000 } in little-endian
+0 string riff\x2E\x91\xCF\x11\xA5\xD6\x28\xDB\x04\xC1\x00\x00 Sony Wave64 RIFF data
+# 128 bit + total file size (64 bits) so 24 bytes
+# then WAVE-GUID { 65766177-ACF3-11D3-8CD1-00C04F8EDB8A }
+>24 string wave\xF3\xAC\xD3\x11\x8C\xD1\x00\xC0\x4F\x8E\xDB\x8A \b, WAVE 64 audio
+!:mime audio/x-w64
+# FMT-GUID { 20746D66-ACF3-11D3-8CD1-00C04F8EDB8A }
+>>40 search/256 fmt\x20\xF3\xAC\xD3\x11\x8C\xD1\x00\xC0\x4F\x8E\xDB\x8A \b
+>>>&10 leshort =1 \b, mono
+>>>&10 leshort =2 \b, stereo
+>>>&10 leshort >2 \b, %d channels
+>>>&12 lelong >0 %d Hz
+
+#------------------------------------------------------------------------------
+# MBWF/RF64
+# see EBU TECH 3306 https://tech.ebu.ch/docs/tech/tech3306-2009.pdf
+0 string RF64\xff\xff\xff\xffWAVEds64 MBWF/RF64 audio
+!:mime audio/x-wav
+>40 search/256 fmt\x20 \b
+>>&6 leshort =1 \b, mono
+>>&6 leshort =2 \b, stereo
+>>&6 leshort >2 \b, %d channels
+>>&8 lelong >0 %d Hz
diff --git a/magic/Magdir/ringdove b/magic/Magdir/ringdove
new file mode 100644
index 0000000..38dd4bf
--- /dev/null
+++ b/magic/Magdir/ringdove
@@ -0,0 +1,45 @@
+#------------------------------------------------------------------------------
+# $File: ringdove,v 1.1 2022/08/16 12:04:30 christos Exp $
+# ringdove: file(1) magic for RingdoveEDA data files
+
+# librnd and global
+0 regex/128l ha:rnd-menu-v[0-9]+[\ \t\r\n]*[{] librnd menu system (lihata)
+0 regex/128l ha:rnd-menu-patch-v[0-9]+[\ \t\r\n]*[{] librnd menu patch (lihata)
+0 regex/128l ha:coraleda-project-v[0-9]+[\ \t\r\n]*[{] CoralEDA/Ringdove project file (lihata)
+0 regex/128l ha:ringdove-project-v[0-9]+[\ \t\r\n]*[{] Ringdove project file (lihata)
+
+# pcb-rnd
+0 regex/128l ha:pcb-rnd-board-v[0-9]+[\ \t\r\n]*[{] pcb-rnd board file (lihata)
+0 regex/128l li:pcb-rnd-subcircuit-v[0-9]+[\ \t\r\n]*[{] pcb-rnd subcircuit/footprint file (lihata)
+0 regex/128l ha:pcb-rnd-buffer-v[0-9]+[\ \t\r\n]*[{] pcb-rnd paste buffer content (lihata)
+0 regex/128l li:pcb-rnd-conf-v[0-9]+[\ \t\r\n]*[{] pcb-rnd configuration (lihata)
+0 regex/128l ha:pcb-rnd-drc-query-v[0-9]+[\ \t\r\n]*[{] pcb-rnd drc query string (lihata)
+0 regex/128l li:pcb-rnd-font-v[0-9]+[\ \t\r\n]*[{] pcb-rnd vector font (lihata)
+0 regex/128l ha:pcb-rnd-log-v[0-9]+[\ \t\r\n]*[{] pcb-rnd message log dump (lihata)
+0 regex/128l ha:pcb-rnd-padstack-v[0-9]+[\ \t\r\n]*[{] pcb-rnd padstack (lihata)
+0 regex/128l li:pcb-rnd-view-list-v[0-9]+[\ \t\r\n]*[{] pcb-rnd view list (lihata)
+0 regex/128l li:view-list-v[0-9]+[\ \t\r\n]*[{] pcb-rnd view list (lihata)
+0 search Netlist(Freeze) pcb-rnd or gEDA/PCB netlist forward annotation action script
+
+# sch-rnd (cschem data model)
+0 regex/128l li:cschem-buffer-v[0-9]+[\ \t\r\n]*[{] sch-rnd/cschem buffer content (lihata)
+0 regex/128l li:sch-rnd-conf-v[0-9]+[\ \t\r\n]*[{] sch-rnd configuration (lihata)
+0 regex/128l ha:std_devmap.v[0-9]+[\ \t\r\n]*[{] sch-rnd devmap (device mapping; lihata)
+0 regex/128l li:cschem-group-v[0-9]+[\ \t\r\n]*[{] sch-rnd/cschem group or symbol (lihata)
+0 regex/128l ha:cschem-sheet-v[0-9]+[\ \t\r\n]*[{] sch-rnd/cschem schematic sheet (lihata)
+
+# tEDAx (modular format)
+0 regex/1l tEDAx[\ \t\r\n]v tEDAx (Trivial EDA eXchange)
+>0 regex begin\ symbol\ v with schematic symbol
+>0 regex begin\ board\ v with Printed Circuit Board
+>0 regex begin\ route_req\ v with PCB routing request
+>0 regex begin\ route_res\ v with PCB routing result
+>0 regex begin\ camv_layer\ v with camv-rnd exported layer
+>0 regex begin\ netlist\ v with netlist
+>0 regex begin\ backann\ v with Ringdove EDA back annotation
+>0 regex begin\ footprint\ v with PCB footprint
+>0 regex begin\ drc\ v with PCB DRC script
+>0 regex begin\ drc_query_rule\ v with pcb-rnd drc_query rules
+>0 regex begin\ drc_query_def\ v with pcb-rnd drc_query value/config definitions
+>0 regex begin\ etest\ v with PCB electric test
+
diff --git a/magic/Magdir/rpi b/magic/Magdir/rpi
new file mode 100644
index 0000000..0d213b5
--- /dev/null
+++ b/magic/Magdir/rpi
@@ -0,0 +1,52 @@
+
+#------------------------------------------------------------------------------
+# $File: rpi,v 1.3 2022/04/02 14:39:34 christos Exp $
+# rpi: file(1) magic for Raspberry Pi images
+-44 lelong 0
+>4 lelong 0
+>>8 lelong 1
+>>12 lelong 4
+>>>16 string 283x
+>>>>20 lelong 1
+>>>>>24 lelong 4
+>>>>>>28 string DTOK
+>>>>>>>32 lelong 44
+>>>>>>>>36 lelong 4
+>>>>>>>>>40 string RPTL Raspberry PI kernel image
+
+-56 lelong 0
+>4 lelong 0
+>>8 lelong 1
+>>12 lelong 4
+>>>16 string 283x
+>>>>20 lelong 1
+>>>>>24 lelong 4
+>>>>>>28 string DTOK
+>>>>>>>32 lelong 1
+>>>>>>>>36 lelong 4
+>>>>>>>>>40 string DDTK8
+>>>>>>>>>>48 lelong 4
+>>>>>>>>>>>52 string RPTL Raspberry PI kernel image
+
+# From: Joerg Jenderek
+# URL: https://www.raspberrypi.com/documentation/computers/raspberry-pi.html
+# #raspberry-pi-4-boot-eeprom
+# Reference: https://github.com/raspberrypi/rpi-eeprom/blob/master/rpi-eeprom-config
+# Note: start with same magic as for BIOS (ia32) ROM Extension handled by ./intel
+# masked with MAGIC_MASK and then compared with MAGIC
+0 belong&0xFFffF00F 0x55aaF00F Raspberry PI EEPROM
+#!:mime application/octet-stream
+!:mime application/x-raspberry-eeprom
+# like: pieeprom-2020-09-03.bin
+!:ext bin
+# a 32 bit offset to the next section like: 000184d4 000184c8 00018534 ... 0000bb84 0000bbd4 0000bbd4
+>4 ubelong x \b, offset %8.8x
+#>(4.L) ubelong x NEXT=%8.8x
+# self.length
+>8 ubelong !0 \b, length %x
+# self.filename
+>12 string >0 \b, "%s"
+# length is zero
+>8 ubelong =0
+# if length is zero then 2nd section magic here can be zero; this means sections parsing done
+>>8 ubelong !0 \b, 2nd MAGIC=%8.8x
diff --git a/magic/Magdir/rpm b/magic/Magdir/rpm
new file mode 100644
index 0000000..9a795f8
--- /dev/null
+++ b/magic/Magdir/rpm
@@ -0,0 +1,45 @@
+
+#------------------------------------------------------------------------------
+# $File: rpm,v 1.12 2013/01/11 16:45:23 christos Exp $
+#
+# RPM: file(1) magic for Red Hat Packages Erik Troan (ewt@redhat.com)
+#
+0 belong 0xedabeedb RPM
+!:mime application/x-rpm
+>4 byte x v%d
+>5 byte x \b.%d
+>6 beshort 1 src
+>6 beshort 0 bin
+>>8 beshort 1 i386/x86_64
+>>8 beshort 2 Alpha/Sparc64
+>>8 beshort 3 Sparc
+>>8 beshort 4 MIPS
+>>8 beshort 5 PowerPC
+>>8 beshort 6 68000
+>>8 beshort 7 SGI
+>>8 beshort 8 RS6000
+>>8 beshort 9 IA64
+>>8 beshort 10 Sparc64
+>>8 beshort 11 MIPSel
+>>8 beshort 12 ARM
+>>8 beshort 13 MiNT
+>>8 beshort 14 S/390
+>>8 beshort 15 S/390x
+>>8 beshort 16 PowerPC64
+>>8 beshort 17 SuperH
+>>8 beshort 18 Xtensa
+>>8 beshort 255 noarch
+
+#delta RPM Daniel Novotny (dnovotny@redhat.com)
+0 string drpm Delta RPM
+!:mime application/x-rpm
+>12 string x %s
+>>8 beshort 11 MIPSel
+>>8 beshort 12 ARM
+>>8 beshort 13 MiNT
+>>8 beshort 14 S/390
+>>8 beshort 15 S/390x
+>>8 beshort 16 PowerPC64
+>>8 beshort 17 SuperH
+>>8 beshort 18 Xtensa
+>>10 string x %s
diff --git a/magic/Magdir/rpmsg b/magic/Magdir/rpmsg
new file mode 100644
index 0000000..cbbbb2b
--- /dev/null
+++ b/magic/Magdir/rpmsg
@@ -0,0 +1,7 @@
+
+#------------------------------------------------------------------------------
+# $File: rpmsg,v 1.1 2019/04/19 00:40:47 christos Exp $
+# rpmsg: file(1) magic for restricted-permission messages (or "rights-protected" messages)
+# see https://en.wikipedia.org/wiki/Rpmsg
+
+0 string \x76\xe8\x04\x60\xc4\x11\xe3\x86 rpmsg Restricted Permission Message
diff --git a/magic/Magdir/rst b/magic/Magdir/rst
new file mode 100644
index 0000000..0df15b8
--- /dev/null
+++ b/magic/Magdir/rst
@@ -0,0 +1,13 @@
+
+#------------------------------------------------------------------------------
+# $File: rst,v 1.4 2023/07/27 18:26:32 christos Exp $
+# rst: ReStructuredText http://docutils.sourceforge.net/rst.html
+0 search/256 \=\=
+!:strength + 30
+>&0 regex/256 \^[\=]+$
+>>&0 search/512 :Author: ReStructuredText file
+>>&0 search/512 \012Authors: ReStructuredText file
+>>&0 search/512 \012Author: ReStructuredText file
+>>&0 default x
+>>>&0 regex/512 \^\\.\\.[A-Za-z] ReStructuredText file
+!:ext rst
diff --git a/magic/Magdir/rtf b/magic/Magdir/rtf
new file mode 100644
index 0000000..48a1f28
--- /dev/null
+++ b/magic/Magdir/rtf
@@ -0,0 +1,94 @@
+
+#------------------------------------------------------------------------------
+# $File: rtf,v 1.9 2020/12/12 20:01:47 christos Exp $
+# rtf: file(1) magic for Rich Text Format (RTF)
+#
+# Duncan P. Simpson, D.P.Simpson@dcs.warwick.ac.uk
+# Update: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/Rich_Text_Format
+# Reference: http://www.snake.net/software/RTF/RTF-Spec-1.7.rtf
+# http://www.kleinlercher.at/tools/Windows_Protocols/Word2007RTFSpec9.pdf
+0 string {\\rtf
+# skip DROID fmt-355-signature-id-522.rtf by looking for valid version
+>5 ubyte !0xAB
+# skip also \ in DROID fmt-50-signature-id-158.rtf by looking for valid version
+>>5 ubyte !0x5C Rich Text Format data
+!:mime text/rtf
+!:apple ????RTF
+!:ext rtf
+>>>0 use rtf-info
+# display information like version, language and code page of RTF
+0 name rtf-info
+# 1 mostly, 2 for newer Pocket Word documents, space for test like fdo78502.rtf, { for some urtf
+>5 ubyte !0x7b \b, version %c
+# The word for character set must precede any text or most other control words
+>6 string \\mac \b, Apple Macintosh
+>6 string \\pc
+# control word \pca
+>>9 ubyte =0x61 \b, IBM PS/2, code page 850
+>>9 ubyte !0x61 \b, IBM PC, code page 437
+# unknown character set or ANSI later after control words like
+# \adeflang1025 \info \title \author \category \manager
+# "Burow, Steffanie - Im Tal des Schneeleoparden.rtf"
+#>6 search/105 \\ansi \b, ANSI
+>6 search/502 \\ansi \b, ANSI
+>6 default x \b, unknown character set
+# look for explicit codepage keyword
+# "Burow, Steffanie - Im Tal des Schneeleoparden.rtf"
+#>5 search/110 \\ansicpg
+>5 search/500 \\ansicpg
+# skip unknown or buggy codepage string 0 like in fdo78502.rtf
+>>&0 ubyte !0x30 \b, code page
+# codepage string: 437~United States IBM, ..., 1252~WesternEuropean, ..., 57011~Punjabi
+>>>&-1 string x %-.3s
+# skip space or \ and display possible 4th digit of code page string
+>>>&2 ubyte >0x2F
+>>>>&-1 ubyte <0x3A \b%c
+# possible 5th digit of code page string
+>>>>>&0 ubyte >0x2F
+>>>>>>&-1 ubyte <0x3A \b%c
+# look again at version byte to use default clause
+>5 ubyte x
+# Default language ID for South Asian/Middle Eastern text
+# language ID: 1025, ..., 1065~Persian, ..., 2057~English_UnitedKingdom, ..., 58380~French_NorthAfrica
+# Readme-0.72-Persian.rtf
+#>6 search/1 \\adeflang \b, default middle east language ID
+>>6 search/497 \\adeflang \b, default middle east language ID
+# https://docs.microsoft.com/en-us/openspecs/office_standards/ms-oe376/6c085406-a698-4e12-9d4d-c3b0ee3dbc4a
+>>>&0 string x %.4s
+# skip \ and NL and show possible 5th digit of language string
+>>>&4 ubyte >0x2F
+>>>>&-1 ubyte <0x3A \b%c
+# else look for default language to be used when the \plain control word is encountered
+>>6 default x
+# "Burow, Steffanie - Im Tal des Schneeleoparden.rtf"
+#>>>6 search/127 \\deflang
+>>>6 search/505 \\deflang
+>>>>&0 string >0 \b, default language ID %-.4s
+# possible 5th digit of language string
+>>>>&4 ubyte >0x2F
+>>>>>&-1 ubyte <0x3A \b%c
+
+# Reference: http://latex2rtf.sourceforge.net/rtfspec_63.html
+# Note: no real world example found
+0 string {\\urtf Rich Text Format unicoded data
+!:mime text/rtf
+#!:apple ????RTF
+!:ext rtf
+>1 use rtf-info
+
+# URL: https://en.wikipedia.org/wiki/Microsoft_Word
+# Reference: http://fileformats.archiveteam.org/wiki/Microsoft_Word
+# Note: called by TrID "Pocket Word document"
+# by PlanMaker "Pocket Word-Handheld PC" for pwd
+# by PlanMaker "Pocket Word-Pocket PC" for psw
+0 string {\\pwd Pocket Word document or template
+# by SoftMaker Office http://extension.nirsoft.net/pwd
+#!:mime application/msword
+# https://reposcope.com/mimetype/application/x-pocket-word
+!:mime application/x-pocket-word
+# PWD for Handheld PC variant and PSW for Pocket PC variant
+# PWT for template
+!:ext pwd/psw/pwt
+>0 use rtf-info
+
diff --git a/magic/Magdir/ruby b/magic/Magdir/ruby
new file mode 100644
index 0000000..9e67a3e
--- /dev/null
+++ b/magic/Magdir/ruby
@@ -0,0 +1,55 @@
+
+#------------------------------------------------------------------------------
+# $File: ruby,v 1.10 2019/07/21 09:40:17 christos Exp $
+# ruby: file(1) magic for Ruby scripting language
+# URL: https://www.ruby-lang.org/
+# From: Reuben Thomas <rrt@sc3d.org>
+
+# Ruby scripts
+0 search/1/w #!\ /usr/bin/ruby Ruby script text executable
+!:strength + 15
+!:mime text/x-ruby
+0 search/1/w #!\ /usr/local/bin/ruby Ruby script text executable
+!:strength + 15
+!:mime text/x-ruby
+0 search/1 #!/usr/bin/env\ ruby Ruby script text executable
+!:strength + 15
+!:mime text/x-ruby
+0 search/1 #!\ /usr/bin/env\ ruby Ruby script text executable
+!:strength + 15
+!:mime text/x-ruby
+
+# What looks like ruby, but does not have a shebang
+# (modules and such)
+# From: Lubomir Rintel <lkundrak@v3.sk>
+0 search/8192 require
+>0 regex \^[[:space:]]*require[[:space:]]'[A-Za-z_/.]+'
+>>0 regex def\ [a-z]|\ do$
+>>>&0 regex \^[[:space:]]*end([[:space:]]+[;#].*)?$ Ruby script text
+!:strength + 30
+!:mime text/x-ruby
+0 regex \^[[:space:]]*(class|module)[[:space:]][A-Z]
+>0 regex (modul|includ)e\ [A-Z]|def\ [a-z]
+>>&0 regex \^[[:space:]]*end([[:space:]]+[;#].*)?$ Ruby script text
+!:strength + 30
+!:mime text/x-ruby
+# Classes with no modules or defs, beats simple ASCII
+0 regex \^[[:space:]]*(class|module)[[:space:]][A-Z]
+>&0 regex \^[[:space:]]*end([[:space:]]+[;#if].*)?$ Ruby script text
+!:strength + 10
+!:mime text/x-ruby
+# Looks for function definition to balance python magic
+# def name (args)
+# end
+0 search/8192 def\
+>0 regex \^[[:space:]]*def\ [a-z]|def\ [[:alpha:]]+::[a-z]
+>>&0 regex \^[[:space:]]*end([[:space:]]+[;#].*)?$ Ruby script text
+!:strength + 10
+!:mime text/x-ruby
+
+0 search/8192 require
+>0 regex \^[[:space:]]*require[[:space:]]'[A-Za-z_/.]+' Ruby script text
+!:mime text/x-ruby
+0 search/8192 include
+>0 regex \^[[:space:]]*include\ ([A-Z]+[a-z]*(::))+ Ruby script text
+!:mime text/x-ruby
diff --git a/magic/Magdir/rust b/magic/Magdir/rust
new file mode 100644
index 0000000..b1bbd9d
--- /dev/null
+++ b/magic/Magdir/rust
@@ -0,0 +1,21 @@
+
+#------------------------------------------------------------------------------
+# $File: rust,v 1.2 2022/11/18 15:58:15 christos Exp $
+# Magic for Rust and related languages programs
+#
+
+# Rust compiler metadata
+# From: Alexandre Iooss <erdnaxe@crans.org>
+# URL: https://github.com/rust-lang/rust/blob/1.64.0/compiler/rustc_metadata/src/rmeta/mod.rs
+0 string rust\x00\x00\x00
+>12 string \014rustc\x20 Rust compiler metadata
+!:ext rmeta
+>>7 byte x \b, version %d
+
+# Rust incremental compilation metadata
+# From: Alexandre Iooss <erdnaxe@crans.org>
+# URL: https://github.com/rust-lang/rust/blob/1.64.0/compiler/rustc_incremental/src/persist/file_format.rs
+0 string RSIC
+>4 uleshort =0 Rust incremental compilation metadata
+!:ext bin
+>>6 pstring x \b, rustc %s
diff --git a/magic/Magdir/sc b/magic/Magdir/sc
new file mode 100644
index 0000000..dc6d6c8
--- /dev/null
+++ b/magic/Magdir/sc
@@ -0,0 +1,7 @@
+
+#------------------------------------------------------------------------------
+# $File: sc,v 1.6 2009/09/19 16:28:12 christos Exp $
+# sc: file(1) magic for "sc" spreadsheet
+#
+38 string Spreadsheet sc spreadsheet file
+!:mime application/x-sc
diff --git a/magic/Magdir/sccs b/magic/Magdir/sccs
new file mode 100644
index 0000000..04e7929
--- /dev/null
+++ b/magic/Magdir/sccs
@@ -0,0 +1,24 @@
+
+#------------------------------------------------------------------------------
+# $File: sccs,v 1.8 2020/06/20 21:32:52 christos Exp $
+# sccs: file(1) magic for SCCS archives
+#
+# SCCS v4 archive structure:
+# \001h01207
+# \001s 00276/00000/00000
+# \001d D 1.1 87/09/23 08:09:20 ian 1 0
+# \001c date and time created 87/09/23 08:09:20 by ian
+# \001e
+# \001u
+# \001U
+# ... etc.
+# Now '\001h' happens to be the same as the 3B20's a.out magic number (0550).
+# *Sigh*. And these both came from various parts of the USG.
+# Maybe we should just switch everybody from SCCS to RCS!
+# Further, you can't just say '\001h0', because the five-digit number
+# is a checksum that could (presumably) have any leading digit,
+# Fortunately we have regular expression matching:
+0 string \001h
+>2 regex [0-9][0-9][0-9][0-9][0-9]$
+>>8 string \001s\040 SCCS v4 archive data
+>2 string V6,sum= SCCS v6 archive data
diff --git a/magic/Magdir/scientific b/magic/Magdir/scientific
new file mode 100644
index 0000000..d52d6ae
--- /dev/null
+++ b/magic/Magdir/scientific
@@ -0,0 +1,144 @@
+
+#------------------------------------------------------------------------------
+# $File: scientific,v 1.14 2023/04/29 17:28:09 christos Exp $
+# scientific: file(1) magic for scientific formats
+#
+# From: Joe Krahn <krahn@niehs.nih.gov>
+
+########################################################
+# CCP4 data and plot files:
+0 string MTZ\040 MTZ reflection file
+
+92 string PLOT%%84 Plot84 plotting file
+>52 byte 1 , Little-endian
+>55 byte 1 , Big-endian
+
+########################################################
+# Electron density MAP/MASK formats
+
+0 string EZD_MAP NEWEZD Electron Density Map
+109 string MAP\040( Old EZD Electron Density Map
+
+0 string/c :-)\040Origin BRIX Electron Density Map
+>170 string >0 , Sigma:%.12s
+#>4 string >0 %.178s
+#>4 addr x %.178s
+
+7 string 18\040!NTITLE XPLOR ASCII Electron Density Map
+9 string \040!NTITLE\012\040REMARK CNS ASCII electron density map
+
+208 string MAP\040 CCP4 Electron Density Map
+# Assumes same stamp for float and double (normal case)
+>212 byte 17 \b, Big-endian
+>212 byte 34 \b, VAX format
+>212 byte 68 \b, Little-endian
+>212 byte 85 \b, Convex native
+
+############################################################
+# X-Ray Area Detector images
+0 string R-AXIS4\ \ \ R-Axis Area Detector Image:
+>796 lelong <20 Little-endian, IP #%d,
+>>768 lelong >0 Size=%dx
+>>772 lelong >0 \b%d
+>796 belong <20 Big-endian, IP #%d,
+>>768 belong >0 Size=%dx
+>>772 belong >0 \b%d
+
+0 string RAXIS\ \ \ \ \ R-Axis Area Detector Image, Win32:
+>796 lelong <20 Little-endian, IP #%d,
+>>768 lelong >0 Size=%dx
+>>772 lelong >0 \b%d
+>796 belong <20 Big-endian, IP #%d,
+>>768 belong >0 Size=%dx
+>>772 belong >0 \b%d
+
+
+1028 string MMX\000\000\000\000\000\000\000\000\000\000\000\000\000 MAR Area Detector Image,
+>1072 ulong >1 Compressed(%d),
+>1100 ulong >1 %d headers,
+>1104 ulong >0 %d x
+>1108 ulong >0 %d,
+>1120 ulong >0 %d bits/pixel
+
+# Type: GEDCOM genealogical (family history) data
+# From: Giuseppe Bilotta
+# Update: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/GEDCOM
+# https://en.wikipedia.org/wiki/GEDCOM
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/g/
+# ged.trid.xml ged-utf8.trid.xml ged-utf16.trid.xml
+# Note: called "GEDCOM Family History" by TrID and "Genealogical Data Communication (GEDCOM) Format" by DROID via PUID fmt/851
+0 search/1/c 0\ HEAD GEDCOM genealogy text
+#!:mime text/plain
+#!:mime application/x-gedcom
+# https://www.iana.org/assignments/media-types/text/vnd.familysearch.gedcom
+!:mime text/vnd.familysearch.gedcom
+!:ext ged
+# no gedcom sample found and ged suffix also used for other formats
+#!:ext ged/gedcom
+>&0 search 1\ GEDC
+>>&0 search 2\ VERS version
+# 4 5.0 5.3 5.4 5.5 5.5.1 5.5.5 5.6 7.0 or no version
+>>>&1 string >\0 %s
+# From: Phil Endecott <phil05@chezphil.org>
+# 0\040HEAD as UTF-16 big endian without BOM
+0 string \000\060\000\040\000\110\000\105\000\101\000\104 GEDCOM genealogy text
+!:mime text/vnd.familysearch.gedcom
+!:ext ged
+# look for VERS tag encoded as UTF-16 big endian
+>12 search/0x65 V\0E\0R\0S version
+# version like: 5.5.1
+>>&2 bestring16 x %s
+>>0 string x \b, UTF-16 (without BOM) big-endian text
+# 0\040HEAD as UTF-16 little endian without BOM
+0 string \060\000\040\000\110\000\105\000\101\000\104\000 GEDCOM genealogy text
+!:mime text/vnd.familysearch.gedcom
+!:ext ged
+# look for VERS tag encoded as UTF-16 lttle endian
+>12 search/0x65 V\0E\0R\0S version
+# version like: 5.5.1
+>>&3 lestring16 x %s
+>>2 string x \b, UTF-16 (without BOM) little-endian text
+# Note: UTF-16 with BOM variants already described above by first test as "GEDCOM genealogy text"
+# 0\040HEAD as UTF-16 big endian with BOM
+#0 string \376\377\000\060\000\040\000\110\000\105\000\101\000\104 GEDCOM data
+# 0\040HEAD as UTF-16 little endian with BOM
+#0 string \377\376\060\000\040\000\110\000\105\000\101\000\104\000 GEDCOM data
+
+# PDB: Protein Data Bank files
+# Adam Buchbinder <adam.buchbinder@gmail.com>
+#
+# https://www.wwpdb.org/documentation/format32/sect2.html
+# https://www.ch.ic.ac.uk/chemime/
+#
+# The PDB file format is fixed-field, 80 columns. From the spec:
+#
+# COLS DATA
+# 1 - 6 "HEADER"
+# 11 - 50 String(40)
+# 51 - 59 Date
+# 63 - 66 IDcode
+#
+# Thus, positions 7-10, 60-62 and 67-80 are spaces. The Date must be in the
+# format DD-MMM-YY, e.g., 01-JAN-70, and the IDcode consists of numbers and
+# uppercase letters. However, examples have been seen without the date string,
+# e.g., the example on the chemime site.
+0 string HEADER\ \ \ \040
+>&0 regex/1l \^.{40}
+>>&0 regex/1l [0-9]{2}-[A-Z]{3}-[0-9]{2}\ {3}
+>>>&0 regex/1ls [A-Z0-9]{4}.{14}$
+>>>>&0 regex/1l [A-Z0-9]{4} Protein Data Bank data, ID Code %s
+!:mime chemical/x-pdb
+>>>>0 regex/1l [0-9]{2}-[A-Z]{3}-[0-9]{2} \b, %s
+
+# Type: GDSII Stream file
+0 belong 0x00060002 GDSII Stream file
+>4 byte 0x00
+>>5 byte x version %d.0
+>4 byte >0x00 version %d
+>>5 byte x \b.%d
+
+# Type: LXT (interLaced eXtensible Trace)
+# chrysn <chrysn@fsfe.org>
+0 beshort 0x0138 interLaced eXtensible Trace (LXT) file
+>2 beshort >0 (Version %u)
diff --git a/magic/Magdir/securitycerts b/magic/Magdir/securitycerts
new file mode 100644
index 0000000..8785dd8
--- /dev/null
+++ b/magic/Magdir/securitycerts
@@ -0,0 +1,6 @@
+
+#------------------------------------------------------------------------------
+# $File: securitycerts,v 1.4 2009/09/19 16:28:12 christos Exp $
+0 search/1 -----BEGIN\ CERTIFICATE------ RFC1421 Security Certificate text
+0 search/1 -----BEGIN\ NEW\ CERTIFICATE RFC1421 Security Certificate Signing Request text
+0 belong 0xedfeedfe Sun 'jks' Java Keystore File data
diff --git a/magic/Magdir/selinux b/magic/Magdir/selinux
new file mode 100644
index 0000000..89d5f53
--- /dev/null
+++ b/magic/Magdir/selinux
@@ -0,0 +1,24 @@
+# Type: SE Linux policy modules *.pp reference policy
+# for Fedora 5 to 9, RHEL5, and Debian Etch and Lenny.
+# URL: https://doc.coker.com.au/computers/selinux-magic
+# From: Russell Coker <russell@coker.com.au>
+
+0 lelong 0xf97cff8f SE Linux modular policy
+>4 lelong x version %d,
+>8 lelong x %d sections,
+>>(12.l) lelong 0xf97cff8d
+>>>(12.l+27) lelong x mod version %d,
+>>>(12.l+31) lelong 0 Not MLS,
+>>>(12.l+31) lelong 1 MLS,
+>>>(12.l+23) lelong 2
+>>>>(12.l+47) string >\0 module name %s
+>>>(12.l+23) lelong 1 base
+
+1 string policy_module( SE Linux policy module source
+2 string policy_module( SE Linux policy module source
+
+0 string ##\ <summary> SE Linux policy interface source
+
+#0 search gen_context( SE Linux policy file contexts
+
+#0 search gen_sens( SE Linux policy MLS constraints source
diff --git a/magic/Magdir/sendmail b/magic/Magdir/sendmail
new file mode 100644
index 0000000..6808dbf
--- /dev/null
+++ b/magic/Magdir/sendmail
@@ -0,0 +1,37 @@
+
+#------------------------------------------------------------------------------
+# $File: sendmail,v 1.12 2022/10/31 13:22:26 christos Exp $
+# sendmail: file(1) magic for sendmail config files
+#
+# XXX - byte order?
+#
+# Update: Joerg Jenderek
+# GRR: this test is too general as it catches also
+# READ.ME.FIRST.AWP Sendmail frozen configuration
+# - version ====|====|====|====|====|====|====|====|====|====|====|====|===
+# Email_23_f217153422.ts Sendmail frozen configuration
+# - version \330jK\354
+0 byte 046
+# https://www.sendmail.com/sm/open_source/docs/older_release_notes/
+# freezed configuration file (dbm format?) created from sendmail.cf with -bz
+# by older sendmail. til version 8.6 support for frozen configuration files is removed
+# valid version numbers look like "7.14.4" and should be similar to output of commands
+# "sendmail -d0 -bt < /dev/null |grep -i Version" or "egrep '^DZ' /etc/sendmail.cf"
+>16 regex/s =^[0-78][0-9.]{4} Sendmail frozen configuration
+# normally only /etc/sendmail.fc or /var/adm/sendmail/sendmail.fc
+!:ext fc
+>>16 string >\0 - version %s
+0 short 0x271c
+# look for valid version number
+>16 regex/s =^[0-78][0-9.]{4} Sendmail frozen configuration
+!:ext fc
+>>16 string >\0 - version %s
+
+#------------------------------------------------------------------------------
+# sendmail: file(1) magic for sendmail m4(1) files
+#
+# From Hendrik Scholz <hendrik@scholz.net>
+# i.e. files in /usr/share/sendmail/cf/
+#
+0 string divert(-1)\n sendmail m4 text file
+
diff --git a/magic/Magdir/sequent b/magic/Magdir/sequent
new file mode 100644
index 0000000..da38de6
--- /dev/null
+++ b/magic/Magdir/sequent
@@ -0,0 +1,42 @@
+
+#------------------------------------------------------------------------------
+# $File: sequent,v 1.14 2019/04/19 00:42:27 christos Exp $
+# sequent: file(1) magic for Sequent machines
+#
+# Sequent information updated by Don Dwiggins <atsun!dwiggins>.
+# For Sequent's multiprocessor systems (incomplete).
+0 lelong 0x00ea BALANCE NS32000 .o
+>16 lelong >0 not stripped
+>124 lelong >0 version %d
+0 lelong 0x10ea BALANCE NS32000 executable (0 @ 0)
+>16 lelong >0 not stripped
+>124 lelong >0 version %d
+0 lelong 0x20ea BALANCE NS32000 executable (invalid @ 0)
+>16 lelong >0 not stripped
+>124 lelong >0 version %d
+0 lelong 0x30ea BALANCE NS32000 standalone executable
+>16 lelong >0 not stripped
+>124 lelong >0 version %d
+#
+# Symmetry information added by Jason Merrill <jason@jarthur.claremont.edu>.
+# Symmetry magic nums will not be reached if DOS COM comes before them;
+# byte 0xeb is matched before these get a chance.
+0 leshort 0x12eb SYMMETRY i386 .o
+>16 lelong >0 not stripped
+>124 lelong >0 version %d
+0 leshort 0x22eb SYMMETRY i386 executable (0 @ 0)
+>16 lelong >0 not stripped
+>124 lelong >0 version %d
+0 leshort 0x32eb SYMMETRY i386 executable (invalid @ 0)
+>16 lelong >0 not stripped
+>124 lelong >0 version %d
+# https://en.wikipedia.org/wiki/Sequent_Computer_Systems
+# below test line conflicts with MS-DOS 2.11 floppies and Acronis loader
+#0 leshort 0x42eb SYMMETRY i386 standalone executable
+0 leshort 0x42eb
+# skip unlike negative version
+>124 lelong >-1
+# assuming version 28867614 is very low probable
+>>124 lelong !28867614 SYMMETRY i386 standalone executable
+>>>16 lelong >0 not stripped
+>>>124 lelong >0 version %d
diff --git a/magic/Magdir/sereal b/magic/Magdir/sereal
new file mode 100644
index 0000000..ead78d5
--- /dev/null
+++ b/magic/Magdir/sereal
@@ -0,0 +1,35 @@
+
+#------------------------------------------------------------------------------
+# $File: sereal,v 1.3 2015/02/05 19:14:45 christos Exp $
+# sereal: file(1) magic the Sereal binary serialization format
+#
+# From: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
+#
+# See the specification of the format at
+# https://github.com/Sereal/Sereal/blob/master/sereal_spec.pod#document-header-format
+#
+# I'd have liked to do the byte&0xF0 matching against 0, 1, 2 ... by
+# doing (byte&0xF0)>>4 here, but unfortunately that's not
+# supported. So when we print out a message about an unknown format
+# we'll print out e.g. 0x30 instead of the more human-readable
+# 0x30>>4.
+#
+# See https://github.com/Sereal/Sereal/commit/35372ae01d in the
+# Sereal.git repository for test Sereal data.
+0 name sereal
+>4 byte&0x0F x (version %d,
+>4 byte&0xF0 0x00 uncompressed)
+>4 byte&0xF0 0x10 compressed with non-incremental Snappy)
+>4 byte&0xF0 0x20 compressed with incremental Snappy)
+>4 byte&0xF0 >0x20 unknown subformat, flag: %d>>4)
+
+0 string/b \=srl Sereal data packet
+!:mime application/sereal
+>&0 use sereal
+0 string/b \=\xF3rl Sereal data packet
+!:mime application/sereal
+>&0 use sereal
+0 string/b \=\xC3\xB3rl Sereal data packet, UTF-8 encoded
+!:mime application/sereal
+>&0 use sereal
+
diff --git a/magic/Magdir/sgi b/magic/Magdir/sgi
new file mode 100644
index 0000000..fe532e0
--- /dev/null
+++ b/magic/Magdir/sgi
@@ -0,0 +1,144 @@
+
+#------------------------------------------------------------------------------
+# $File: sgi,v 1.24 2021/09/13 13:23:53 christos Exp $
+# sgi: file(1) magic for Silicon Graphics operating systems and applications
+#
+# Executable images are handled either in aout (for old-style a.out
+# files for 68K; they are indistinguishable from other big-endian 32-bit
+# a.out files) or in mips (for MIPS ECOFF and Ucode files)
+#
+
+# kbd file definitions
+0 string kbd!map kbd map file
+>8 byte >0 Ver %d:
+>10 short >0 with %d table(s)
+
+0 beshort 0x8765 disk quotas file
+
+0 beshort 0x0506 IRIS Showcase file
+>2 byte 0x49 -
+>3 byte x - version %d
+0 beshort 0x0226 IRIS Showcase template
+>2 byte 0x63 -
+>3 byte x - version %d
+0 belong 0x5343464d IRIS Showcase file
+>4 byte x - version %d
+0 belong 0x5443464d IRIS Showcase template
+>4 byte x - version %d
+0 belong 0xdeadbabe IRIX Parallel Arena
+>8 belong >0 - version %d
+
+# core files
+#
+# 32bit core file
+0 belong 0xdeadadb0 IRIX core dump
+>4 belong 1 of
+>16 string >\0 '%s'
+# 64bit core file
+0 belong 0xdeadad40 IRIX 64-bit core dump
+>4 belong 1 of
+>16 string >\0 '%s'
+# N32bit core file
+0 belong 0xbabec0bb IRIX N32 core dump
+>4 belong 1 of
+>16 string >\0 '%s'
+# New style crash dump file
+0 string \x43\x72\x73\x68\x44\x75\x6d\x70 IRIX vmcore dump of
+>36 string >\0 '%s'
+
+# Trusted IRIX info
+0 string SGIAUDIT SGI Audit file
+>8 byte x - version %d
+>9 byte x \b.%d
+#
+0 string WNGZWZSC Wingz compiled script
+0 string WNGZWZSS Wingz spreadsheet
+0 string WNGZWZHP Wingz help file
+#
+0 string #Inventor\040V IRIS Inventor 1.0 file
+0 string #Inventor\040V2 Open Inventor 2.0 file
+# GLF is OpenGL stream encoding
+0 string glfHeadMagic(); GLF_TEXT
+4 belong 0x7d000000 GLF_BINARY_LSB_FIRST
+!:strength -30
+4 belong 0x0000007d GLF_BINARY_MSB_FIRST
+!:strength -30
+# GLS is OpenGL stream encoding; GLS is the successor of GLF
+0 string glsBeginGLS( GLS_TEXT
+4 belong 0x10000000 GLS_BINARY_LSB_FIRST
+!:strength -30
+4 belong 0x00000010 GLS_BINARY_MSB_FIRST
+!:strength -30
+
+# Performance Co-Pilot file types
+0 string PmNs PCP compiled namespace (V.0)
+0 string PmN PCP compiled namespace
+>3 string >\0 (V.%1.1s)
+3 belong 0x84500526 PCP archive
+>7 byte x (V.%d)
+>20 belong -2 temporal index
+>20 belong -1 metadata
+>20 belong 0 log volume #0
+>20 belong >0 log volume #%d
+>24 string >\0 host: %s
+3 belong 0x28500526 PCP archive
+>7 byte x (V.%d)
+>24 belong -2 temporal index
+>24 belong -1 metadata
+>24 belong 0 log volume #0
+>24 belong >0 log volume #%d
+>36 string >\0 host: %s
+0 string PCPFolio PCP
+>9 string Version: Archive Folio
+>18 string >\0 (V.%s)
+0 string #pmchart PCP pmchart view
+>9 string Version
+>17 string >\0 (V%-3.3s)
+0 string #kmchart PCP pmchart view
+>9 string Version
+>17 string >\0 (V.%s)
+0 string pmview PCP pmview config
+>7 string Version
+>15 string >\0 (V%-3.3s)
+0 string #pmlogger PCP pmlogger config
+>10 string Version
+>18 string >\0 (V%1.1s)
+0 string #pmdahotproc PCP pmdahotproc config
+>13 string Version
+>21 string >\0 (V%-3.3s)
+0 string PcPh PCP Help
+>4 string 1 Index
+>4 string 2 Text
+>5 string >\0 (V.%1.1s)
+0 string #pmieconf-rules PCP pmieconf rules
+>16 string >\0 (V.%1.1s)
+3 string pmieconf-pmie PCP pmie config
+>17 string >\0 (V.%1.1s)
+0 string #pmlogconf-setup PCP pmlogconf config
+>17 string >\0 (V.%1.1s)
+1 string pmlogconf PCP pmlogger config
+>11 string >\0 (V.%1.1s)
+0 string MMV PCP memory mapped values
+>4 long x (V.%d)
+
+# SpeedShop data files
+0 lelong 0x13130303 SpeedShop data file
+
+# mdbm files
+0 lelong 0x01023962 mdbm file, version 0 (obsolete)
+0 string mdbm mdbm file,
+>5 byte x version %d,
+>6 byte x 2^%d pages,
+>7 byte x pagesize 2^%d,
+>17 byte x hash %d,
+>11 byte x dataformat %d
+
+# Alias Maya files
+0 string/t //Maya\040ASCII Alias Maya Ascii File,
+>13 string >\0 version %s
+8 string MAYAFOR4 Alias Maya Binary File,
+>32 string >\0 version %s scene
+8 string MayaFOR4 Alias Maya Binary File,
+>32 string >\0 version %s scene
+8 string CIMG Alias Maya Image File
+8 string DEEP Alias Maya Image File
diff --git a/magic/Magdir/sgml b/magic/Magdir/sgml
new file mode 100644
index 0000000..fb698a5
--- /dev/null
+++ b/magic/Magdir/sgml
@@ -0,0 +1,161 @@
+
+#------------------------------------------------------------------------------
+# $File: sgml,v 1.48 2023/01/18 16:10:21 christos Exp $
+# Type: SVG Vectorial Graphics
+# From: Noel Torres <tecnico@ejerciciosresueltos.com>
+0 string \<?xml\ version=
+>14 regex ['"\ \t]*[0-9.]+['"\ \t]*
+>>19 search/4096 \<svg SVG Scalable Vector Graphics image
+!:mime image/svg+xml
+!:ext svg
+>>19 search/4096 \<gnc-v2 GnuCash file
+!:mime application/x-gnucash
+0 string \<svg SVG Scalable Vector Graphics image
+!:mime image/svg+xml
+!:ext svg
+
+# Sitemap file
+0 string/t \<?xml\ version=
+>14 regex ['"\ \t]*[0-9.]+['"\ \t]*
+>>19 search/4096 \<urlset XML Sitemap document text
+!:mime application/xml-sitemap
+
+# OpenStreetMap XML (.osm)
+# https://wiki.openstreetmap.org/wiki/OSM_XML
+# From: Markus Heidelberg <markus.heidelberg@web.de>
+0 string \<?xml\ version=
+>14 regex ['"\ \t]*[0-9.]+['"\ \t]*
+>>19 search/4096 \<osm OpenStreetMap XML data
+
+# xhtml
+0 string/t \<?xml\ version="
+>19 search/4096/cWbt \<!doctype\ html XHTML document text
+>>15 string >\0 (version %.3s)
+!:mime text/html
+0 string/t \<?xml\ version='
+>19 search/4096/cWbt \<!doctype\ html XHTML document text
+>>15 string >\0 (version %.3s)
+!:mime text/html
+0 string/t \<?xml\ version="
+>19 search/4096/cWbt \<html broken XHTML document text
+>>15 string >\0 (version %.3s)
+!:mime text/html
+
+#------------------------------------------------------------------------------
+# sgml: file(1) magic for Standard Generalized Markup Language
+# HyperText Markup Language (HTML) is an SGML document type,
+# from Daniel Quinlan (quinlan@yggdrasil.com)
+# adapted to string extensions by Anthon van der Neut <anthon@mnt.org)
+0 search/4096/cWt \<!doctype\ html HTML document text
+!:mime text/html
+!:strength + 5
+
+# avoid misdetection as JavaScript
+0 string/cWt \<!doctype\ html HTML document text
+!:mime text/html
+0 string/ct \<html> HTML document text
+!:mime text/html
+0 string/ct \<!--
+>&0 search/4096/cWt \<!doctype\ html HTML document text
+!:mime text/html
+>&0 search/4096/ct \<html> HTML document text
+!:mime text/html
+
+# SVG document
+# https://www.w3.org/TR/SVG/single-page.html
+0 search/4096/cWbt \<!doctype\ svg SVG XML document
+!:mime image/svg+xml
+!:strength + 15
+
+0 search/4096/cwt \<head\> HTML document text
+!:mime text/html
+!:strength + 15
+0 search/4096/cWt \<head\ HTML document text
+!:mime text/html
+!:strength + 15
+0 search/4096/cwt \<title\> HTML document text
+!:mime text/html
+!:strength + 15
+0 search/4096/cWt \<title\ HTML document text
+!:mime text/html
+!:strength + 15
+0 search/4096/cwt \<html\> HTML document text
+!:mime text/html
+!:strength + 15
+0 search/4096/cWt \<html\ HTML document text
+!:mime text/html
+!:strength + 15
+0 search/4096/cwt \<script\> HTML document text
+!:mime text/html
+!:strength + 15
+0 search/4096/cWt \<script\ HTML document text
+!:mime text/html
+!:strength + 15
+0 search/4096/cwt \<style\> HTML document text
+!:mime text/html
+!:strength + 15
+0 search/4096/cWt \<style\ HTML document text
+!:mime text/html
+!:strength + 15
+0 search/4096/cwt \<table\> HTML document text
+!:mime text/html
+!:strength + 15
+0 search/4096/cWt \<table\ HTML document text
+!:mime text/html
+!:strength + 15
+
+0 search/4096/cwt \<a\ href= HTML document text
+!:mime text/html
+!:strength + 15
+
+# Extensible markup language (XML), a subset of SGML
+# from Marc Prud'hommeaux (marc@apocalypse.org)
+0 search/1/cwt \<?xml XML document text
+!:mime text/xml
+!:strength + 15
+0 string/t \<?xml\ version\ " XML
+!:mime text/xml
+!:strength + 15
+0 string/t \<?xml\ version=" XML
+!:mime text/xml
+!:strength + 15
+>15 string/t >\0 %.3s document text
+>>23 search/1 \<xsl:stylesheet (XSL stylesheet)
+>>24 search/1 \<xsl:stylesheet (XSL stylesheet)
+0 string/t \<?xml\ version=' XML
+!:mime text/xml
+!:strength + 15
+>15 string/t >\0 %.3s document text
+>>23 search/1 \<xsl:stylesheet (XSL stylesheet)
+>>24 search/1 \<xsl:stylesheet (XSL stylesheet)
+0 search/1/wt \<?XML broken XML document text
+!:mime text/xml
+!:strength - 10
+
+
+# SGML, mostly from rph@sq
+0 search/4096/cwt \<!doctype exported SGML document text
+0 search/4096/cwt \<!subdoc exported SGML subdocument text
+0 search/4096/cwt \<!-- exported SGML document text
+!:strength - 10
+
+# Web browser cookie files
+# (Mozilla, Galeon, Netscape 4, Konqueror..)
+# Ulf Harnhammar <ulfh@update.uu.se>
+0 search/1 #\ HTTP\ Cookie\ File Web browser cookie text
+0 search/1 #\ Netscape\ HTTP\ Cookie\ File Netscape cookie text
+0 search/1 #\ KDE\ Cookie\ File Konqueror cookie text
+
+# XML-based format representing braille pages in a digital format.
+#
+# Specification:
+# http://files.pef-format.org/specifications/pef-2008-1/pef-specification.html
+#
+# Simon Aittamaa <simon.aittamaa@gmail.com>
+0 string \<?xml\ version=
+>14 regex ['"\ \t]*[0-9.]+['"\ \t]*
+>>19 search/4096 \<pef Portable Embosser Format
+!:mime application/x-pef+xml
+
+# https://www.qgis.org/en/site/
+0 string \<!DOCTYPE\040qgis QGIS XML document
diff --git a/magic/Magdir/sharc b/magic/Magdir/sharc
new file mode 100644
index 0000000..e54088b
--- /dev/null
+++ b/magic/Magdir/sharc
@@ -0,0 +1,23 @@
+
+#------------------------------------------------------------------------
+# $File: sharc,v 1.8 2017/03/17 21:35:28 christos Exp $
+# file(1) magic for sharc files
+#
+# SHARC DSP, MIDI SysEx and RiscOS filetype definitions added by
+# FutureGroove Music (dsp@futuregroove.de)
+
+#------------------------------------------------------------------------
+#0 string Draw RiscOS Drawfile
+#0 string PACK RiscOS PackdDir archive
+
+#------------------------------------------------------------------------
+# SHARC DSP stuff (based on the FGM SHARC DSP SDK)
+
+#0 string =! Assembler source
+#0 string Analog ADi asm listing file
+0 string .SYSTEM SHARC architecture file
+0 string .system SHARC architecture file
+
+0 leshort 0x521C SHARC COFF binary
+>2 leshort >1 , %d sections
+>>12 lelong >0 , not stripped
diff --git a/magic/Magdir/sinclair b/magic/Magdir/sinclair
new file mode 100644
index 0000000..608d779
--- /dev/null
+++ b/magic/Magdir/sinclair
@@ -0,0 +1,40 @@
+
+#------------------------------------------------------------------------------
+# $File: sinclair,v 1.7 2021/04/27 20:35:51 christos Exp $
+# sinclair: file(1) sinclair QL
+
+# additions to /etc/magic by Thomas M. Ott (ThMO)
+
+# Sinclair QL floppy disk formats (ThMO)
+0 string =QL5 QL disk dump data,
+>3 string =A 720 KB,
+>3 string =B 1.44 MB,
+>3 string =C 3.2 MB,
+>4 string >\0 label:%.10s
+
+# Sinclair QL OS dump (ThMO)
+0 belong =0x30000
+>49124 belong <47104
+>>49128 belong <47104
+>>>49132 belong <47104
+>>>>49136 belong <47104 QL OS dump data,
+>>>>>49148 string >\0 type %.3s,
+>>>>>49142 string >\0 version %.4s
+
+# Sinclair QL firmware executables (ThMO)
+0 string NqNqNq`\004 QL firmware executable (BCPL)
+
+# Sinclair QL libraries (was ThMO)
+0 beshort 0xFB01 QDOS object
+>2 pstring x '%s'
+
+# Sinclair QL executables (was ThMO)
+4 belong 0x4AFB QDOS executable
+>9 pstring x '%s'
+6 beshort 0x4AFB QDOS executable
+>9 pstring x '%s'
+
+# Sinclair QL ROM (ThMO)
+0 belong =0x4AFB0001 QL plugin-ROM data,
+>9 pstring =\0 un-named
+>9 pstring >\0 named: %s
diff --git a/magic/Magdir/sisu b/magic/Magdir/sisu
new file mode 100644
index 0000000..ba7104f
--- /dev/null
+++ b/magic/Magdir/sisu
@@ -0,0 +1,18 @@
+# Type: SiSU Markup Language
+# URL: http://www.sisudoc.org/
+# From: Ralph Amissah <ralph.amissah@gmail.com>
+
+0 regex \^%?[\ \t]*SiSU[\ \t]+insert SiSU text insert
+>5 regex [0-9.]+ %s
+
+0 regex \^%[\ \t]+SiSU[\ \t]+master SiSU text master
+>5 regex [0-9.]+ %s
+
+0 regex \^%?[\ \t]*SiSU[\ \t]+text SiSU text
+>5 regex [0-9.]+ %s
+
+0 regex \^%?[\ \t]*SiSU[\ \t][0-9.]+ SiSU text
+>5 regex [0-9.]+ %s
+
+0 regex \^%*[\ \t]*sisu-[0-9.]+ SiSU text
+>5 regex [0-9.]+ %s
diff --git a/magic/Magdir/sketch b/magic/Magdir/sketch
new file mode 100644
index 0000000..ee731dd
--- /dev/null
+++ b/magic/Magdir/sketch
@@ -0,0 +1,6 @@
+
+#------------------------------------------------------------------------------
+# $File: sketch,v 1.5 2017/03/17 21:35:28 christos Exp $
+# Sketch Drawings: http://sketch.sourceforge.net/
+# From: Edwin Mons <e@ik.nu>
+0 search/1 ##Sketch Sketch document text
diff --git a/magic/Magdir/smalltalk b/magic/Magdir/smalltalk
new file mode 100644
index 0000000..9ff2c6b
--- /dev/null
+++ b/magic/Magdir/smalltalk
@@ -0,0 +1,25 @@
+
+#-----------------------------------------------
+# $File: smalltalk,v 1.5 2009/09/19 16:28:12 christos Exp $
+# GNU Smalltalk image, starting at version 1.6.2
+# From: catull_us@yahoo.com
+#
+0 string GSTIm\0\0 GNU SmallTalk
+# little-endian
+>7 byte&1 =0 LE image version
+>>10 byte x %d.
+>>9 byte x \b%d.
+>>8 byte x \b%d
+#>>12 lelong x , data: %ld
+#>>16 lelong x , table: %ld
+#>>20 lelong x , memory: %ld
+# big-endian
+>7 byte&1 =1 BE image version
+>>8 byte x %d.
+>>9 byte x \b%d.
+>>10 byte x \b%d
+#>>12 belong x , data: %ld
+#>>16 belong x , table: %ld
+#>>20 belong x , memory: %ld
+
+
diff --git a/magic/Magdir/smile b/magic/Magdir/smile
new file mode 100644
index 0000000..d196de5
--- /dev/null
+++ b/magic/Magdir/smile
@@ -0,0 +1,34 @@
+
+#------------------------------------------------------------------------------
+# $File: smile,v 1.1 2011/08/17 17:37:18 christos Exp $
+# smile: file(1) magic for Smile serialization
+#
+# The Smile serialization format uses a 4-byte header:
+#
+# Constant byte #0: 0x3A (ASCII ':')
+# Constant byte #1: 0x29 (ASCII ')')
+# Constant byte #2: 0x0A (ASCII linefeed, '\n')
+# Variable byte #3, consisting of bits:
+# Bits 4-7 (4 MSB): 4-bit version number
+# Bits 3: Reserved
+# Bit 2 (mask 0x04): Whether raw binary (unescaped 8-bit) values may be present in content
+# Bit 1 (mask 0x02): Whether shared String value checking was enabled during encoding, default false
+# Bit 0 (mask 0x01): Whether shared property name checking was enabled during encoding, default true
+#
+# Reference: http://wiki.fasterxml.com/SmileFormatSpec
+# Created by: Pierre-Alexandre Meyer <pierre@mouraf.org>
+
+# Detection
+0 string :)\n Smile binary data
+
+# Versioning
+>3 byte&0xF0 x version %d:
+
+# Properties
+>3 byte&0x04 0x04 binary raw,
+>3 byte&0x04 0x00 binary encoded,
+>3 byte&0x02 0x02 shared String values enabled,
+>3 byte&0x02 0x00 shared String values disabled,
+>3 byte&0x01 0x01 shared field names enabled
+>3 byte&0x01 0x00 shared field names disabled
+
diff --git a/magic/Magdir/sniffer b/magic/Magdir/sniffer
new file mode 100644
index 0000000..751d197
--- /dev/null
+++ b/magic/Magdir/sniffer
@@ -0,0 +1,482 @@
+
+#------------------------------------------------------------------------------
+# $File: sniffer,v 1.34 2022/12/14 18:27:36 christos Exp $
+# sniffer: file(1) magic for packet capture files
+#
+# From: guy@alum.mit.edu (Guy Harris)
+#
+
+#
+# Microsoft Network Monitor 1.x capture files.
+#
+0 string RTSS NetMon capture file
+>5 byte x - version %d
+>4 byte x \b.%d
+>6 leshort 0 (Unknown)
+>6 leshort 1 (Ethernet)
+>6 leshort 2 (Token Ring)
+>6 leshort 3 (FDDI)
+>6 leshort 4 (ATM)
+>6 leshort >4 (type %d)
+
+#
+# Microsoft Network Monitor 2.x capture files.
+#
+0 string GMBU NetMon capture file
+>5 byte x - version %d
+>4 byte x \b.%d
+>6 leshort 0 (Unknown)
+>6 leshort 1 (Ethernet)
+>6 leshort 2 (Token Ring)
+>6 leshort 3 (FDDI)
+>6 leshort 4 (ATM)
+>6 leshort 5 (IP-over-IEEE 1394)
+>6 leshort 6 (802.11)
+>6 leshort 7 (Raw IP)
+>6 leshort 8 (Raw IP)
+>6 leshort 9 (Raw IP)
+>6 leshort >9 (type %d)
+
+#
+# Network General Sniffer capture files.
+# Sorry, make that "Network Associates Sniffer capture files."
+# Sorry, make that "Network General old DOS Sniffer capture files."
+#
+0 string TRSNIFF\040data\040\040\040\040\032 Sniffer capture file
+>33 byte 2 (compressed)
+>23 leshort x - version %d
+>25 leshort x \b.%d
+>32 byte 0 (Token Ring)
+>32 byte 1 (Ethernet)
+>32 byte 2 (ARCNET)
+>32 byte 3 (StarLAN)
+>32 byte 4 (PC Network broadband)
+>32 byte 5 (LocalTalk)
+>32 byte 6 (Znet)
+>32 byte 7 (Internetwork Analyzer)
+>32 byte 9 (FDDI)
+>32 byte 10 (ATM)
+
+#
+# Cinco Networks NetXRay capture files.
+# Sorry, make that "Network General Sniffer Basic capture files."
+# Sorry, make that "Network Associates Sniffer Basic capture files."
+# Sorry, make that "Network Associates Sniffer Basic, and Windows
+# Sniffer Pro", capture files."
+# Sorry, make that "Network General Sniffer capture files."
+# Sorry, make that "NetScout Sniffer capture files."
+#
+0 string XCP\0 NetXRay capture file
+>4 string >\0 - version %s
+>44 leshort 0 (Ethernet)
+>44 leshort 1 (Token Ring)
+>44 leshort 2 (FDDI)
+>44 leshort 3 (WAN)
+>44 leshort 8 (ATM)
+>44 leshort 9 (802.11)
+
+#
+# "libpcap" capture files.
+# https://www.tcpdump.org/manpages/pcap-savefile.5.html
+# (We call them "tcpdump capture file(s)" for now, as "tcpdump" is
+# the main program that uses that format, but there are other programs
+# that use "libpcap", or that use the same capture file format.)
+#
+0 name pcap-be
+>4 beshort x - version %d
+>6 beshort x \b.%d
+# clear that continuation level match
+>20 clear x
+>20 belong&0x03FFFFFF 0 (No link-layer encapsulation
+>20 belong&0x03FFFFFF 1 (Ethernet
+>20 belong&0x03FFFFFF 2 (3Mb Ethernet
+>20 belong&0x03FFFFFF 3 (AX.25
+>20 belong&0x03FFFFFF 4 (ProNET
+>20 belong&0x03FFFFFF 5 (CHAOS
+>20 belong&0x03FFFFFF 6 (Token Ring
+>20 belong&0x03FFFFFF 7 (BSD ARCNET
+>20 belong&0x03FFFFFF 8 (SLIP
+>20 belong&0x03FFFFFF 9 (PPP
+>20 belong&0x03FFFFFF 10 (FDDI
+>20 belong&0x03FFFFFF 11 (RFC 1483 ATM
+>20 belong&0x03FFFFFF 12 (Raw IP
+>20 belong&0x03FFFFFF 13 (BSD/OS SLIP
+>20 belong&0x03FFFFFF 14 (BSD/OS PPP
+>20 belong&0x03FFFFFF 19 (Linux ATM Classical IP
+>20 belong&0x03FFFFFF 50 (PPP or Cisco HDLC
+>20 belong&0x03FFFFFF 51 (PPP-over-Ethernet
+>20 belong&0x03FFFFFF 99 (Symantec Enterprise Firewall
+>20 belong&0x03FFFFFF 100 (RFC 1483 ATM
+>20 belong&0x03FFFFFF 101 (Raw IP
+>20 belong&0x03FFFFFF 102 (BSD/OS SLIP
+>20 belong&0x03FFFFFF 103 (BSD/OS PPP
+>20 belong&0x03FFFFFF 104 (BSD/OS Cisco HDLC
+>20 belong&0x03FFFFFF 105 (802.11
+>20 belong&0x03FFFFFF 106 (Linux Classical IP over ATM
+>20 belong&0x03FFFFFF 107 (Frame Relay
+>20 belong&0x03FFFFFF 108 (OpenBSD loopback
+>20 belong&0x03FFFFFF 109 (OpenBSD IPsec encrypted
+>20 belong&0x03FFFFFF 112 (Cisco HDLC
+>20 belong&0x03FFFFFF 113 (Linux cooked v1
+>20 belong&0x03FFFFFF 114 (LocalTalk
+>20 belong&0x03FFFFFF 117 (OpenBSD PFLOG
+>20 belong&0x03FFFFFF 119 (802.11 with Prism header
+>20 belong&0x03FFFFFF 122 (RFC 2625 IP over Fibre Channel
+>20 belong&0x03FFFFFF 123 (SunATM
+>20 belong&0x03FFFFFF 127 (802.11 with radiotap header
+>20 belong&0x03FFFFFF 129 (Linux ARCNET
+>20 belong&0x03FFFFFF 130 (Juniper Multi-Link PPP
+>20 belong&0x03FFFFFF 131 (Juniper Multi-Link Frame Relay
+>20 belong&0x03FFFFFF 132 (Juniper Encryption Services PIC
+>20 belong&0x03FFFFFF 133 (Juniper GGSN PIC
+>20 belong&0x03FFFFFF 134 (Juniper FRF.16 Frame Relay
+>20 belong&0x03FFFFFF 135 (Juniper ATM2 PIC
+>20 belong&0x03FFFFFF 136 (Juniper Advanced Services PIC
+>20 belong&0x03FFFFFF 137 (Juniper ATM1 PIC
+>20 belong&0x03FFFFFF 138 (Apple IP over IEEE 1394
+>20 belong&0x03FFFFFF 139 (SS7 MTP2 with pseudo-header
+>20 belong&0x03FFFFFF 140 (SS7 MTP2
+>20 belong&0x03FFFFFF 141 (SS7 MTP3
+>20 belong&0x03FFFFFF 142 (SS7 SCCP
+>20 belong&0x03FFFFFF 143 (DOCSIS
+>20 belong&0x03FFFFFF 144 (Linux IrDA
+>20 belong&0x03FFFFFF 147 (Private use 0
+>20 belong&0x03FFFFFF 148 (Private use 1
+>20 belong&0x03FFFFFF 149 (Private use 2
+>20 belong&0x03FFFFFF 150 (Private use 3
+>20 belong&0x03FFFFFF 151 (Private use 4
+>20 belong&0x03FFFFFF 152 (Private use 5
+>20 belong&0x03FFFFFF 153 (Private use 6
+>20 belong&0x03FFFFFF 154 (Private use 7
+>20 belong&0x03FFFFFF 155 (Private use 8
+>20 belong&0x03FFFFFF 156 (Private use 9
+>20 belong&0x03FFFFFF 157 (Private use 10
+>20 belong&0x03FFFFFF 158 (Private use 11
+>20 belong&0x03FFFFFF 159 (Private use 12
+>20 belong&0x03FFFFFF 160 (Private use 13
+>20 belong&0x03FFFFFF 161 (Private use 14
+>20 belong&0x03FFFFFF 162 (Private use 15
+>20 belong&0x03FFFFFF 163 (802.11 with AVS header
+>20 belong&0x03FFFFFF 164 (Juniper Passive Monitor PIC
+>20 belong&0x03FFFFFF 165 (BACnet MS/TP
+>20 belong&0x03FFFFFF 166 (PPPD
+>20 belong&0x03FFFFFF 167 (Juniper PPPoE
+>20 belong&0x03FFFFFF 168 (Juniper PPPoE/ATM
+>20 belong&0x03FFFFFF 169 (GPRS LLC
+>20 belong&0x03FFFFFF 170 (GPF-T
+>20 belong&0x03FFFFFF 171 (GPF-F
+>20 belong&0x03FFFFFF 174 (Juniper PIC Peer
+>20 belong&0x03FFFFFF 175 (Ethernet with Endace ERF header
+>20 belong&0x03FFFFFF 176 (Packet-over-SONET with Endace ERF header
+>20 belong&0x03FFFFFF 177 (Linux LAPD
+>20 belong&0x03FFFFFF 178 (Juniper Ethernet
+>20 belong&0x03FFFFFF 179 (Juniper PPP
+>20 belong&0x03FFFFFF 180 (Juniper Frame Relay
+>20 belong&0x03FFFFFF 181 (Juniper C-HDLC
+>20 belong&0x03FFFFFF 182 (FRF.16 Frame Relay
+>20 belong&0x03FFFFFF 183 (Juniper Voice PIC
+>20 belong&0x03FFFFFF 184 (Arinc 429
+>20 belong&0x03FFFFFF 185 (Arinc 653 Interpartition Communication
+>20 belong&0x03FFFFFF 186 (USB with FreeBSD header
+>20 belong&0x03FFFFFF 187 (Bluetooth HCI H4
+>20 belong&0x03FFFFFF 188 (802.16 MAC Common Part Sublayer
+>20 belong&0x03FFFFFF 189 (Linux USB
+>20 belong&0x03FFFFFF 190 (Controller Area Network (CAN) v. 2.0B
+>20 belong&0x03FFFFFF 191 (802.15.4 with Linux padding
+>20 belong&0x03FFFFFF 192 (PPI
+>20 belong&0x03FFFFFF 193 (802.16 MAC Common Part Sublayer plus radiotap header
+>20 belong&0x03FFFFFF 194 (Juniper Integrated Service Module
+>20 belong&0x03FFFFFF 195 (802.15.4 with FCS
+>20 belong&0x03FFFFFF 196 (SITA
+>20 belong&0x03FFFFFF 197 (Endace ERF
+>20 belong&0x03FFFFFF 198 (Ethernet with u10 Networks pseudo-header
+>20 belong&0x03FFFFFF 199 (IPMB
+>20 belong&0x03FFFFFF 200 (Juniper Secure Tunnel
+>20 belong&0x03FFFFFF 201 (Bluetooth HCI H4 with pseudo-header
+>20 belong&0x03FFFFFF 202 (AX.25 with KISS header
+>20 belong&0x03FFFFFF 203 (LAPD
+>20 belong&0x03FFFFFF 204 (PPP with direction pseudo-header
+>20 belong&0x03FFFFFF 205 (Cisco HDLC with direction pseudo-header
+>20 belong&0x03FFFFFF 206 (Frame Relay with direction pseudo-header
+>20 belong&0x03FFFFFF 209 (Linux IPMB
+>20 belong&0x03FFFFFF 215 (802.15.4 with non-ASK PHY header
+>20 belong&0x03FFFFFF 216 (Linux evdev events
+>20 belong&0x03FFFFFF 219 (MPLS with label as link-layer header
+>20 belong&0x03FFFFFF 220 (Memory-mapped Linux USB
+>20 belong&0x03FFFFFF 221 (DECT
+>20 belong&0x03FFFFFF 222 (AOS Space Data Link protocol
+>20 belong&0x03FFFFFF 223 (Wireless HART
+>20 belong&0x03FFFFFF 224 (Fibre Channel FC-2
+>20 belong&0x03FFFFFF 225 (Fibre Channel FC-2 with frame delimiters
+>20 belong&0x03FFFFFF 226 (Solaris IPNET
+>20 belong&0x03FFFFFF 227 (SocketCAN
+>20 belong&0x03FFFFFF 228 (Raw IPv4
+>20 belong&0x03FFFFFF 229 (Raw IPv6
+>20 belong&0x03FFFFFF 230 (802.15.4 without FCS
+>20 belong&0x03FFFFFF 231 (D-Bus messages
+>20 belong&0x03FFFFFF 232 (Juniper Virtual Server
+>20 belong&0x03FFFFFF 233 (Juniper SRX E2E
+>20 belong&0x03FFFFFF 234 (Juniper Fibre Channel
+>20 belong&0x03FFFFFF 235 (DVB-CI
+>20 belong&0x03FFFFFF 236 (MUX27010
+>20 belong&0x03FFFFFF 237 (STANAG 5066 D_PDUs
+>20 belong&0x03FFFFFF 238 (Juniper ATM CEMIC
+>20 belong&0x03FFFFFF 239 (Linux netfilter log messages
+>20 belong&0x03FFFFFF 240 (Hilscher netAnalyzer
+>20 belong&0x03FFFFFF 241 (Hilscher netAnalyzer with delimiters
+>20 belong&0x03FFFFFF 242 (IP-over-Infiniband
+>20 belong&0x03FFFFFF 243 (MPEG-2 Transport Stream packets
+>20 belong&0x03FFFFFF 244 (ng4t ng40
+>20 belong&0x03FFFFFF 245 (NFC LLCP
+>20 belong&0x03FFFFFF 246 (Packet filter state syncing
+>20 belong&0x03FFFFFF 247 (InfiniBand
+>20 belong&0x03FFFFFF 248 (SCTP
+>20 belong&0x03FFFFFF 249 (USB with USBPcap header
+>20 belong&0x03FFFFFF 250 (Schweitzer Engineering Laboratories RTAC packets
+>20 belong&0x03FFFFFF 251 (Bluetooth Low Energy air interface
+>20 belong&0x03FFFFFF 252 (Wireshark Upper PDU export
+>20 belong&0x03FFFFFF 253 (Linux netlink
+>20 belong&0x03FFFFFF 254 (Bluetooth Linux Monitor
+>20 belong&0x03FFFFFF 255 (Bluetooth Basic Rate/Enhanced Data Rate baseband packets
+>20 belong&0x03FFFFFF 256 (Bluetooth Low Energy air interface with pseudo-header
+>20 belong&0x03FFFFFF 257 (PROFIBUS data link layer
+>20 belong&0x03FFFFFF 258 (Apple DLT_PKTAP
+>20 belong&0x03FFFFFF 259 (Ethernet with 802.3 Clause 65 EPON preamble
+>20 belong&0x03FFFFFF 260 (IPMI trace packets
+>20 belong&0x03FFFFFF 261 (Z-Wave RF profile R1 and R2 packets
+>20 belong&0x03FFFFFF 262 (Z-Wave RF profile R3 packets
+>20 belong&0x03FFFFFF 263 (WattStopper Digital Lighting Mngmt/Legrand Nitoo Open Proto
+>20 belong&0x03FFFFFF 264 (ISO 14443 messages
+>20 belong&0x03FFFFFF 265 (IEC 62106 Radio Data System groups
+>20 belong&0x03FFFFFF 266 (USB with Darwin header
+>20 belong&0x03FFFFFF 267 (OpenBSD DLT_OPENFLOW
+>20 belong&0x03FFFFFF 268 (IBM SDLC frames
+>20 belong&0x03FFFFFF 269 (TI LLN sniffer frames
+>20 belong&0x03FFFFFF 271 (Linux vsock
+>20 belong&0x03FFFFFF 272 (Nordic Semiconductor Bluetooth LE sniffer frames
+>20 belong&0x03FFFFFF 273 (Excentis XRA-31 DOCSIS 3.1 RF sniffer frames
+>20 belong&0x03FFFFFF 274 (802.3br mPackets
+>20 belong&0x03FFFFFF 275 (DisplayPort AUX channel monitoring data
+>20 belong&0x03FFFFFF 276 (Linux cooked v2
+>20 belong&0x03FFFFFF 278 (OpenVizsla USB
+>20 belong&0x03FFFFFF 279 (Elektrobit High Speed Capture and Replay (EBHSCR)
+>20 belong&0x03FFFFFF 281 (Broadcom tag
+>20 belong&0x03FFFFFF 282 (Broadcom tag (prepended)
+>20 belong&0x03FFFFFF 283 (802.15.4 with TAP
+>20 belong&0x03FFFFFF 284 (Marvell DSA
+>20 belong&0x03FFFFFF 285 (Marvell EDSA
+>20 belong&0x03FFFFFF 286 (ELEE lawful intercept
+>20 belong&0x03FFFFFF 287 (Z-Wave serial
+>20 belong&0x03FFFFFF 288 (USB 2.0
+>20 belong&0x03FFFFFF 289 (ATSC ALP
+>20 belong&0x03FFFFFF 290 (Event Tracing for Windows
+>20 belong&0x03FFFFFF 291 (Hilscher netANALYZER NG pseudo-footer
+>20 belong&0x03FFFFFF 292 (ZBOSS NCP protocol with pseudo-header
+>20 belong&0x03FFFFFF 293 (Low-Speed USB 2.0/1.1/1.0
+>20 belong&0x03FFFFFF 294 (Full-Speed USB 2.0/1.1/1.0
+>20 belong&0x03FFFFFF 295 (High-Speed USB 2.0
+# print default match
+>20 default x
+>>20 belong x (linktype#%u
+>16 belong x \b, capture length %u)
+
+# packets time stamps in seconds and microseconds.
+0 ubelong 0xa1b2c3d4 pcap capture file, microseconds ts (big-endian)
+!:mime application/vnd.tcpdump.pcap
+>0 use pcap-be
+0 ulelong 0xa1b2c3d4 pcap capture file, microsecond ts (little-endian)
+!:mime application/vnd.tcpdump.pcap
+>0 use \^pcap-be
+
+# packets time stamps in seconds and nanoseconds.
+0 ubelong 0xa1b23c4d pcap capture file, nanosecond ts (big-endian)
+!:mime application/vnd.tcpdump.pcap
+>0 use pcap-be
+0 ulelong 0xa1b23c4d pcap capture file, nanosecond ts (little-endian)
+!:mime application/vnd.tcpdump.pcap
+>0 use \^pcap-be
+
+#
+# "libpcap"-with-Alexey-Kuznetsov's-patches capture files.
+#
+0 ubelong 0xa1b2cd34 pcap capture file, microsecond ts, extensions (big-endian)
+>0 use pcap-be
+0 ulelong 0xa1b2cd34 pcap capture file, microsecond ts, extensions (little-endian)
+>0 use \^pcap-be
+
+#
+# "pcapng" capture files.
+# https://github.com/pcapng/pcapng
+# Pcapng files can contain multiple sections. Printing the endianness,
+# snaplen, or other information from the first SHB may be misleading.
+#
+0 ubelong 0x0a0d0d0a
+>8 ubelong 0x1a2b3c4d pcapng capture file
+>>12 beshort x - version %d
+>>14 beshort x \b.%d
+0 ulelong 0x0a0d0d0a
+>8 ulelong 0x1a2b3c4d pcapng capture file
+>>12 leshort x - version %d
+>>14 leshort x \b.%d
+
+#
+# AIX "iptrace" capture files.
+#
+0 string iptrace\0401.0 AIX iptrace capture file
+0 string iptrace\0402.0 AIX iptrace capture file
+
+#
+# Novell LANalyzer capture files.
+# URL: http://www.blacksheepnetworks.com/security/info/nw/lan/trace.txt
+# Reference: https://github.com/wireshark/wireshark/blob/master/wiretap/lanalyzer.c
+# Update: Joerg Jenderek
+#
+# regular trace header record (RT_HeaderRegular)
+0 leshort 0x1001
+# GRR: line above is too generic because it matches Commodore Plus/4 BASIC V3.5
+# and VIC-20 BASIC V2 program
+# skip many Commodore Basic program (Microzodiac.prg Minefield.prg Vic-tac-toe.prg breakvic_joy.prg)
+# with invalid second record type 0 instead of "Trace receive channel name record"
+>(2.s+4) leshort =0x1006h
+>>0 use novell-lanalyzer
+# cyclic trace header record (RT_HeaderCyclic)
+0 leshort 0x1007
+>0 use novell-lanalyzer
+0 name novell-lanalyzer
+>0 leshort x Novell LANalyzer capture file
+# https://reposcope.com/mimetype/application/x-lanalyzer
+!:mime application/x-lanalyzer
+# maybe also TR2 .. TR9 TRA .. TRZ
+!:ext tr1
+# version like: 1.5
+>4 ubyte x \b, version %u
+# minor version; one byte identifying the trace file minor version number
+>5 ubyte x \b.%u
+# Trace header record type like: 1001~regular or 1007~cyclic
+>0 leshort !0x1001 \b, record type %4.4x
+# record_length[2] is the length of the data part of 1st reorcd (without "type" and "length" fields) like: 4Ch
+>2 leshort x \b, record length %#x
+# second record type like: 1006h~Trace receive channel name record
+>(2.s+4) leshort !0x1006h \b, 2nd record type %#4.4x
+>(2.s+6) leshort x \b, 2nd record length %#x
+# each channel name is a null-terminated, eight-byte ASCII string like: Channel1
+>(2.s+8) string x \b, names %.9s
+# 2nd channel name like: Channel2
+>(2.s+17) string x %.9s ...
+
+#
+# HP-UX "nettl" capture files.
+# URL: https://nixdoc.net/man-pages/HP-UX/man1m/nettl.1m.html
+# Reference: https://github.com/wireshark/wireshark/blob/master/wiretap/nettl.c
+# Update: Joerg Jenderek
+# Note: Wireshark fills "meta information header fields" with "dummy" values
+# nettl_magic_hpux9[12]; for HP-UX 9.x not tested
+0 string \x00\x00\x00\x01\x00\x00\x00\x00\x00\x07\xD0\x00 HP/UX 9.x nettl capture file
+!:mime application/x-nettl
+!:ext trc0/trc1
+# nettl_magic_hpux10[12]; for HP-UX 10.x and 11.x
+0 string \x54\x52\x00\x64\x00 HP/UX nettl capture file
+# https://reposcope.com/mimetype/application/x-nettl
+!:mime application/x-nettl
+# maybe also TRC000 TRC001 TRC002 ...
+!:ext trc0/trc1
+# file_name[56]; maybe also like /tmp/raw.tr.TRC000
+>12 string !/tmp/wireshark.TRC000
+>>12 string x "%-.56s"
+# tz[20]; like UTC
+>68 string !UTC \b, tz
+>>68 string x %-.20s
+# host_name[9];
+>88 string >\0 \b, host %-.9s
+# os_vers[9]; like B.11.11
+>97 string !B.11.11 \b, os
+>>97 string x %-.9s
+# os_v; like 55h
+>>106 ubyte x (%#x)
+# xxa[8]; like 0
+>107 ubequad !0 \b, xxa=%#16.16llx
+# model[11] like: 9000/800
+>115 string !9000/800 \b, model
+>>115 string x %-.11s
+# unknown; probably just padding to 128 bytes like: 0406h
+>126 ubeshort !0x0406h \b, at 126 %#4.4x
+
+#
+# RADCOM WAN/LAN Analyzer capture files.
+#
+0 string \x42\xd2\x00\x34\x12\x66\x22\x88 RADCOM WAN/LAN Analyzer capture file
+
+#
+# NetStumbler log files. Not really packets, per se, but about as
+# close as you can get. These are log files from NetStumbler, a
+# Windows program, that scans for 802.11b networks.
+#
+0 string NetS NetStumbler log file
+>8 lelong x \b, %d stations found
+
+#
+# *Peek tagged capture files.
+#
+0 string \177ver EtherPeek/AiroPeek/OmniPeek capture file
+
+#
+# Visual Networks traffic capture files.
+#
+0 string \x05VNF Visual Networks traffic capture file
+
+#
+# Network Instruments Observer capture files.
+#
+0 string ObserverPktBuffe Network Instruments Observer capture file
+
+#
+# Files from Accellent Group's 5View products.
+#
+# URL: http://www.infovista.com
+# Reference: http://mark0.net/download/triddefs_xml.7z
+# defs/0/5vw.trid.xml
+# https://2.na.dl.wireshark.org/src/wireshark-3.6.2.tar.xz
+# wireshark-3.6.2/wiretap/5views.c
+# Update: Joerg Jenderek
+# Note: called "5View capture" by TrID and
+# "Wireshark capture file" on Windows or
+# "Packet Capture (Accellent/InfoVista 5view)" by shared MIME-info database
+# verified/falsified by `wireshark *.5vw`
+0 string \xaa\xaa\xaa\xaa
+# skip misidentified boot/x86_64/loader/kroete.dat on Suse LEAP DVD
+# by check for valid record version
+>8 ulelong =0x00010000
+>>0 use 5view-le
+0 name 5view-le
+# t_5VW_Info_Header.Signature = CST_5VW_INFO_HEADER_KEY = 0xAAAAAAAAU
+>0 ulelong x 5View capture file
+# https://reposcope.com/mimetype/application/x-5view
+!:mime application/x-5view
+!:ext 5vw
+# size of header in bytes (included signature and reserved fields); probably always 20h
+>4 ulelong !0x00000020 \b, header size %#x
+# version of header record; apparently always CST_5VW_INFO_RECORD_VERSION=0x00010000U
+>8 ulelong !0x00010000 \b, record version %#x
+# DataSize; total size of data without header like: 18h
+>12 ulelong x \b, record size %#x
+# filetype; type of the capture file like: 18001000h
+>16 ulelong x \b, file type %#8.8x
+# Reserved[3]; reserved for future use; apparently zero
+>20 quad !0 \b, Reserved %#llx
+# look for record header key CST_5VW_RECORDS_HEADER_KEY of structure t_5VW_TimeStamped_Header
+>0x20 search/0xB8/b \xEE\xEE\x33\x33 \b; record
+# HeaderSize; actual size of this header in bytes like: 32 24h
+>>&0 uleshort x size %#x
+# HeaderType; exact type of this header; probably always 0x4000
+>>&2 uleshort !0x4000 \b, header type %#x
+# RecType; type of record like: 80000000h
+>>&4 ulelong x \b, record type %#x
+# RecSubType; subtype of record like: 0
+>>&8 ulelong !0 \b, subtype %#x
+# RecSize; Size of one record like: 5Ch
+>>&12 ulelong x \b, RecSize %#x
+# RecNb; Number of records like: 1
+>>&16 ulelong >1 \b, %#x records
+# Timestamp Utc
+#>>&20 ulelong x \b, RAW TIME %#8.8x
+>>&20 date x \b, Time-stamp %s
diff --git a/magic/Magdir/softquad b/magic/Magdir/softquad
new file mode 100644
index 0000000..28f03b9
--- /dev/null
+++ b/magic/Magdir/softquad
@@ -0,0 +1,40 @@
+
+#------------------------------------------------------------------------------
+# $File: softquad,v 1.14 2022/10/28 17:19:54 christos Exp $
+# softquad: file(1) magic for SoftQuad Publishing Software
+# URL: https://en.wikipedia.org/wiki/SoftQuad_Software
+#
+# Author/Editor and RulesBuilder
+#
+# XXX - byte order?
+#
+0 string \<!SQ\ DTD> Compiled SGML rules file
+>9 string >\0 Type %s
+0 string \<!SQ\ A/E> A/E SGML Document binary
+>9 string >\0 Type %s
+0 string \<!SQ\ STS> A/E SGML binary styles file
+>9 string >\0 Type %s
+0 short 0xc0de Compiled PSI (v1) data
+0 short 0xc0da Compiled PSI (v2) data
+>3 string >\0 (%s)
+# Binary sqtroff font/desc files...
+# GRR: the line below is also true for 5View capture file handled by ./sniffer
+0 short 0125252
+# skip 5View capture file with "invalid" version AAAAh
+>2 short >0 SoftQuad DESC or font file binary - version %d
+# Bitmaps...
+0 search/1 SQ\ BITMAP1 SoftQuad Raster Format text
+#0 string SQ\ BITMAP2 SoftQuad Raster Format data
+# sqtroff intermediate language (replacement for ditroff int. lang.)
+0 string X\ SoftQuad troff Context intermediate
+>2 string 495 for AT&T 495 laser printer
+>2 string hp for Hewlett-Packard LaserJet
+>2 string impr for IMAGEN imPRESS
+>2 string ps for PostScript
+
+# From: Michael Piefel <piefel@debian.org>
+# sqtroff intermediate language (replacement for ditroff int. lang.)
+0 string X\ 495 SoftQuad troff Context intermediate for AT&T 495 laser printer
+0 string X\ hp SoftQuad troff Context intermediate for HP LaserJet
+0 string X\ impr SoftQuad troff Context intermediate for IMAGEN imPRESS
+0 string X\ ps SoftQuad troff Context intermediate for PostScript
diff --git a/magic/Magdir/sosi b/magic/Magdir/sosi
new file mode 100644
index 0000000..88ecc51
--- /dev/null
+++ b/magic/Magdir/sosi
@@ -0,0 +1,40 @@
+
+#------------------------------------------------------------------------------
+# $File: sosi,v 1.2 2021/02/23 00:51:10 christos Exp $
+# SOSI
+# Summary: Systematic Organization of Spatial Information
+# Long description: Norwegian text based map format
+# File extension: .sos
+# Full name: Petter Reinholdtsen (pere@hungry.com)
+# Reference: https://en.wikipedia.org/wiki/SOSI
+#
+# Example SOSI files available from
+# https://trac.osgeo.org/gdal/ticket/3638
+# https://nedlasting.geonorge.no/geonorge/Basisdata/N50Kartdata/SOSI/
+# https://nedlasting.geonorge.no/geonorge/Samferdsel/Elveg/SOSI/
+#
+# Start with optional comments (from "!" to the next line end)
+# followed by ".HODE" and end with "\n.SLUTT" followed by an optional
+# separator (any number of " ", "\t", "\n" or "\r"), might have BOM at
+# the start and following ".HODE" near the start there is "..OMR=C3=85DE"
+# (either UTF-8, ISO-8859-1 or some 7 bit Norwegian charset based on
+# ASCII) , "..TRANSPAR", "..TEGNSETT " followed by the charset and a
+# separator, as well as "..SOSI-VERSJON " followed by the format
+# version and a separator.
+#
+# FIXME figure out how to accept any of [space], [tab], [newline] and
+# [carriage return] as separators, not only line end.
+
+# Not searching for full "OMR=C3=85DE" to match also for non-UTF-8
+# character sets
+0 search ..OMR
+>0 search ..TRANSPAR
+>>0 search .HODE SOSI map data
+>>>&0 search ..SOSI-VERSJON
+>>>>&1 string x \b, version %s
+# FIXME could not figure out way to make a match for .SLUTT at the end required
+#>-7 string \n.SLUTT slutt
+#>-8 string \n.SLUTT\n slutt-nl
+#>-9 string \n.SLUTT\r\n slutt-crnl2
+!:mime text/vnd.sosi
+!:ext sos
diff --git a/magic/Magdir/spec b/magic/Magdir/spec
new file mode 100644
index 0000000..c504b1f
--- /dev/null
+++ b/magic/Magdir/spec
@@ -0,0 +1,21 @@
+
+#------------------------------------------------------------------------------
+# $File: spec,v 1.4 2009/09/19 16:28:12 christos Exp $
+# spec: file(1) magic for SPEC raw results (*.raw, *.rsf)
+#
+# Cloyce D. Spradling <cloyce@headgear.org>
+
+0 string spec SPEC
+>4 string .cpu CPU
+>>8 string <: \b%.4s
+>>12 string . raw result text
+
+17 string version=SPECjbb SPECjbb
+>32 string <: \b%.4s
+>>37 string <: v%.4s raw result text
+
+0 string BEGIN\040SPECWEB SPECweb
+>13 string <: \b%.2s
+>>15 string _SSL \b_SSL
+>>>20 string <: v%.4s raw result text
+>>16 string <: v%.4s raw result text
diff --git a/magic/Magdir/spectrum b/magic/Magdir/spectrum
new file mode 100644
index 0000000..cf14551
--- /dev/null
+++ b/magic/Magdir/spectrum
@@ -0,0 +1,184 @@
+
+#------------------------------------------------------------------------------
+# $File: spectrum,v 1.10 2023/05/08 01:33:36 christos Exp $
+# spectrum: file(1) magic for Spectrum emulator files.
+#
+# John Elliott <jce@seasip.demon.co.uk>
+
+#
+# Spectrum +3DOS header
+#
+0 string PLUS3DOS\032 Spectrum +3 data
+>15 byte 0 - BASIC program
+>15 byte 1 - number array
+>15 byte 2 - character array
+>15 byte 3 - memory block
+>>16 belong 0x001B0040 (screen)
+>15 byte 4 - Tasword document
+>15 string TAPEFILE - ZXT tapefile
+#
+# Tape file. This assumes the .TAP starts with a Spectrum-format header,
+# which nearly all will.
+#
+# Update: Sanity-check string contents to be printable.
+# -Adam Buchbinder <adam.buchbinder@gmail.com>
+# Update: Joerg Jenderek 2023 May
+# URL: http://fileformats.archiveteam.org/wiki/TAP_(ZX_Spectrum)
+# Reference: http://web.archive.org/web/20110711141601/http://www.zxmodules.de/fileformats/tapformat.html
+# http://mark0.net/download/triddefs_xml.7z/defs/t/tap-zx.trid.xml
+# Note: called "ZX Spectrum Tape image" by TrID and "TAP (ZX Spectrum)" by DROID via PUID fmt/801
+# verified by fuse-emulator-utils `tzxlist EXAMPLES.TAP`
+#
+# headers length 19=023 and flag byte 0 indicating a standard ROM loading header
+0 string \023\000\000
+>4 string >\0
+# skip {85CEE8D6-0F90-4492-B484-98E38862B28D}.2.ver0x0000000000000004.db {DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db
+# inside c:\ProgramData\Microsoft\Windows\Caches according to TrID and DROID
+>>23 ubyte =0xFF
+# skip DROID fmt-801-signature-id-1166.tap with invalid name \253\253\253\253\253\253\253\253\253\253
+# which looks like: "TF COPY II" "screen " "\023\001TF" " 1943 "
+>>>4 string <\177 Spectrum .TAP data "%-10.10s"
+#!:mime application/octet-stream
+!:mime application/x-spectrum-tap
+!:ext tap
+>>>>3 byte 0 - BASIC program
+# autostart line; 0..9999 are valid; 32768 means "no auto-loading"
+>>>>>16 uleshort x \b, autostart line %u
+# program length; length of BASIC program
+>>>>>18 uleshort x \b, program length %u
+>>>>3 byte 1 - number array
+>>>>3 byte 2 - character array
+>>>>3 byte 3 - memory block
+# length of the following data 1B00h=6912 and start address 4000h=16384 in case of a SCREEN$ header
+>>>>>14 belong 0x001B0040 (screen)
+# unused 32768=8000h
+>>>>>18 uleshort !32768 \b, unused %u
+# zxlength; length of the following data after the header
+>>>>14 uleshort x \b, data length %u
+#>>14 uleshort x \b, data length %#x
+# checksum byte; simply all bytes (including flag byte) XORed
+#>>>>20 ubyte x \b, checksum %#x
+
+# The following three blocks are from pak21-spectrum@srcf.ucam.org
+# TZX tape images
+# Update: Joerg Jenderek 2023 May
+# URL: http://fileformats.archiveteam.org/wiki/TZX
+# Reference: https://worldofspectrum.net/TZXformat.html
+# http://mark0.net/download/triddefs_xml.7z/defs/t/tzx.trid.xml
+# Note: called "ZX Spectrum Tape image" by TrID and "TZX Format" by DROID via PUID fmt/1000
+0 string ZXTape!\x1a Spectrum .TZX data
+#!:mime application/octet-stream
+!:mime application/x-spectrum-tzx
+# CDT is used for Amstrad tapes
+!:ext tzx/cdt
+>8 byte x version %d
+>9 byte x \b.%d
+# ID of first block
+>10 ubyte x \b; ID %#x
+# turbo speed data block
+>10 ubyte =0x11 (turbo)
+# length of PILOT tone (number of pulses)
+>>21 uleshort x \b, %u pilot pulses
+# length of PILOT pulse
+>>11 uleshort x with %u tstates
+# length of SYNC first pulse
+>>13 uleshort x \b, %u and
+# length of SYNC second pulse
+>>15 uleshort x %u sync tstates
+# length of ZERO bit pulse
+>>17 uleshort x \b, %u zero tstates
+# length of ONE bit pulse
+>>19 uleshort x \b, %u one tstates
+# used bits in the last byte
+>>23 ubyte x \b, use %u bit
+# plural s
+>>23 ubyte >1 \bs
+# pause after this block in milliseconds
+>>24 uleshort x \b, %u ms pause
+# BYTE[3]; length of data that follow
+>>26 ulelong&0x00FFffFF x \b, %u data bytes
+>10 ubyte =0x20 (pause)
+# pause duration in milliseconds
+>>11 uleshort x %u ms
+# text description
+>10 ubyte =0x30 (text)
+# length of the text description
+#>>11 ubyte x L=%u
+>>11 pstring x "%s"
+# archive text description in ASCII format
+>10 ubyte =0x32 (archive info)
+# length of archive text
+>>11 uleshort x \b, %#x bytes
+# number of text strings
+>>13 ubyte x with %u (type) text parts
+# text type identification byte: 0~title 1~publisher 2~author 3~year 4~language 5~type 6~price 7~protection 8~origin ff~comment
+>>14 byte <9 (%d)
+>>>14 byte >-2
+# length of text string
+#>>>>15 ubyte x L=%u
+>>>>15 pstring x %s
+# 2nd possible text description
+>>>>>&0 byte <9 (%d)
+>>>>>>&-1 byte >-2
+>>>>>>>&0 pstring x %s
+# 3rd possible text description
+>>>>>>>>&0 byte <9 (%d)
+>>>>>>>>>&-1 byte >-2
+>>>>>>>>>>&0 pstring x %s
+# 4th possible text description
+>>>>>>>>>>>&0 byte <9 (%d)
+>>>>>>>>>>>>&-1 byte >-2
+>>>>>>>>>>>>>&0 pstring x %s
+# 5th possible text description
+>>>>>>>>>>>>>>&0 byte <9 (%d)
+>>>>>>>>>>>>>>>&-1 byte >-2
+>>>>>>>>>>>>>>>>&0 pstring x %s
+# 6th possible text description
+>>>>>>>>>>>>>>>>>&0 byte <9 (%d)
+>>>>>>>>>>>>>>>>>>&-1 byte >-2
+>>>>>>>>>>>>>>>>>>>&0 pstring x %s
+# 7th possible text description
+>>>>>>>>>>>>>>>>>>>>&0 byte <9 (%d)
+>>>>>>>>>>>>>>>>>>>>>&-1 byte >-2
+>>>>>>>>>>>>>>>>>>>>>>&0 pstring x %s
+
+# RZX input recording files
+0 string RZX! Spectrum .RZX data
+>4 byte x version %d
+>5 byte x \b.%d
+
+# Floppy disk images
+0 string MV\ -\ CPCEMU\ Disk-Fil Amstrad/Spectrum .DSK data
+0 string MV\ -\ CPC\ format\ Dis Amstrad/Spectrum DU54 .DSK data
+0 string EXTENDED\ CPC\ DSK\ Fil Amstrad/Spectrum Extended .DSK data
+0 string SINCLAIR Spectrum .SCL Betadisk image
+
+# Hard disk images
+0 string RS-IDE\x1a Spectrum .HDF hard disk image
+>7 byte x \b, version %#02x
+
+# SZX snapshots (fuse and spectaculator)
+# Martin M. S. Pedersen <martin@linux.com>
+# http://www.spectaculator.com/docs/zx-state/header.shtml
+#
+0 string ZXST zx-state snapshot
+>4 byte x version %d
+>5 byte x \b.%d
+>>6 byte 0 16k ZX Spectrum
+>>6 byte 1 48k ZX Spectrum/ZX Spectrum+
+>>6 byte 2 ZX Spectrum 128
+>>6 byte 3 ZX Spectrum +2
+>>6 byte 4 ZX Spectrum +2A/+2B
+>>6 byte 5 ZX Spectrum +3
+>>6 byte 6 ZX Spectrum +3e
+>>6 byte 7 Pentagon 128
+>>6 byte 8 Timex Sinclair TC2048
+>>6 byte 9 Timex Sinclair TC2068
+>>6 byte 10 Scorpion ZS-256
+>>6 byte 11 ZX Spectrum SE
+>>6 byte 12 Timex Sinclair TS2068
+>>6 byte 13 Pentagon 512
+>>6 byte 14 Pentagon 1024
+>>6 byte 15 48k ZX Spectrum (NTSC)
+>>6 byte 16 ZX Spectrum 12Ke
+>>>7 byte 1 (alternate timings)
diff --git a/magic/Magdir/sql b/magic/Magdir/sql
new file mode 100644
index 0000000..00f3617
--- /dev/null
+++ b/magic/Magdir/sql
@@ -0,0 +1,288 @@
+
+#------------------------------------------------------------------------------
+# $File: sql,v 1.26 2023/04/29 17:26:58 christos Exp $
+# sql: file(1) magic for SQL files
+#
+# From: "Marty Leisner" <mleisner@eng.mc.xerox.com>
+# Recognize some MySQL files.
+# Elan Ruusamae <glen@delfi.ee>, added MariaDB signatures
+# from https://bazaar.launchpad.net/~maria-captains/maria/5.5/view/head:/support-files/magic
+#
+0 beshort 0xfe01 MySQL table definition file
+>2 byte x Version %d
+>3 byte 0 \b, type UNKNOWN
+>3 byte 1 \b, type DIAM_ISAM
+>3 byte 2 \b, type HASH
+>3 byte 3 \b, type MISAM
+>3 byte 4 \b, type PISAM
+>3 byte 5 \b, type RMS_ISAM
+>3 byte 6 \b, type HEAP
+>3 byte 7 \b, type ISAM
+>3 byte 8 \b, type MRG_ISAM
+>3 byte 9 \b, type MYISAM
+>3 byte 10 \b, type MRG_MYISAM
+>3 byte 11 \b, type BERKELEY_DB
+>3 byte 12 \b, type INNODB
+>3 byte 13 \b, type GEMINI
+>3 byte 14 \b, type NDBCLUSTER
+>3 byte 15 \b, type EXAMPLE_DB
+>3 byte 16 \b, type CSV_DB
+>3 byte 17 \b, type FEDERATED_DB
+>3 byte 18 \b, type BLACKHOLE_DB
+>3 byte 19 \b, type PARTITION_DB
+>3 byte 20 \b, type BINLOG
+>3 byte 21 \b, type SOLID
+>3 byte 22 \b, type PBXT
+>3 byte 23 \b, type TABLE_FUNCTION
+>3 byte 24 \b, type MEMCACHE
+>3 byte 25 \b, type FALCON
+>3 byte 26 \b, type MARIA
+>3 byte 27 \b, type PERFORMANCE_SCHEMA
+>3 byte 127 \b, type DEFAULT
+>0x0033 ulong x \b, MySQL version %d
+0 belong&0xffffff00 0xfefe0500 MySQL ISAM index file
+>3 byte x Version %d
+0 belong&0xffffff00 0xfefe0600 MySQL ISAM compressed data file
+>3 byte x Version %d
+0 belong&0xffffff00 0xfefe0700 MySQL MyISAM index file
+>3 byte x Version %d
+>14 beshort x \b, %d key parts
+>16 beshort x \b, %d unique key parts
+>18 byte x \b, %d keys
+>28 bequad x \b, %lld records
+>36 bequad x \b, %lld deleted records
+0 belong&0xffffff00 0xfefe0800 MySQL MyISAM compressed data file
+>3 byte x Version %d
+0 belong&0xffffff00 0xfefe0900 MySQL Maria index file
+>3 byte x Version %d
+0 belong&0xffffff00 0xfefe0a00 MySQL Maria compressed data file
+>3 byte x Version %d
+0 belong&0xffffff00 0xfefe0c00
+>4 string MACF MySQL Maria control file
+>>3 byte x Version %d
+0 string \376bin MySQL replication log,
+>9 long x server id %d
+>8 byte 1
+>>13 long 69 \b, MySQL V3.2.3
+>>>19 string x \b, server version %s
+>>13 long 75 \b, MySQL V4.0.2-V4.1
+>>>25 string x \b, server version %s
+>8 byte 15 MySQL V5+,
+>>25 string x server version %s
+>4 string MARIALOG MySQL Maria transaction log file
+>>3 byte x Version %d
+
+#------------------------------------------------------------------------------
+# iRiver H Series database file
+# From Ken Guest <ken@linux.ie>
+# As observed from iRivNavi.iDB and unencoded firmware
+#
+0 string iRivDB iRiver Database file
+>11 string >\0 Version %s
+>39 string iHP-100 [H Series]
+
+#------------------------------------------------------------------------------
+# SQLite database files
+# Ken Guest <ken@linux.ie>, Ty Sarna, Zack Weinberg
+#
+# Version 1 used GDBM internally; its files cannot be distinguished
+# from other GDBM files.
+#
+# Update: Joerg Jenderek
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/s/sqlite-2x.trid.xml
+# Note: called "SQLite 2.x database" by TrID and "SQLite Database File Format" version 2 by DROID via PUID fmt/1135
+# Version 2 used this format:
+0 string **\ This\ file\ contains\ an\ SQLite SQLite 2.x database
+!:mime application/x-sqlite2
+# FileAttributesStore.db test.sqlite2
+!:ext sqlite/sqlite2/db
+
+# URL: https://en.wikipedia.org/wiki/SQLite
+# Reference: https://www.sqlite.org/fileformat.html
+# Update: Joerg Jenderek
+# Version 3 of SQLite allows applications to embed their own "user version"
+# number in the database at offset 60. Later, SQLite added an "application id"
+# at offset 68 that is preferred over "user version" for indicating the
+# associated application.
+#
+0 string SQLite\ format\ 3
+# skip DROID fmt-729-signature-id-1053.sqlite by checking for valid page size
+>16 ubeshort >0 SQLite 3.x
+# deprecated
+#!:mime application/x-sqlite3
+!:mime application/vnd.sqlite3
+# seldom found extension sqlite3 like in SyncData.sqlite3
+# db
+# db3 like: AddrBook.db3 cgipcrvp.db3
+# https://www.maplesoft.com/support/help/Maple/view.aspx?path=worksheet%2freference%2fhelpdatabase
+# help is used for newer Maple help database
+# SQLite database weewx.sdb used by weather software weewx
+# https://www.weewx.com/docs/usersguide.htm
+# Avira Antivir use extension "dbe" like in avevtdb.dbe, avguard_tchk.dbe
+# Unfortunately extension sqlite also used for other databases starting with string
+# "TTCONTAINER" like in tracks.sqlite contentconsumer.sqlite contentproducerrepository.sqlite
+# and with string "ZV-zlib" in like extra.sqlite
+>>68 belong !0x5CDE09EF database
+!:ext sqlite/sqlite3/db/db3/dbe/sdb/help
+>>68 belong =0x5CDE09EF database
+# maple is used for Maple Workbook
+!:ext maple
+>>60 belong =0x5f4d544e (Monotone source repository)
+# if no known user version then check for Application IDs with default clause
+>>60 belong !0x5f4d544e
+# The "Application ID" set by PRAGMA application_id
+>>>68 belong =0x0f055112 (Fossil checkout)
+>>>68 belong =0x0f055113 (Fossil global configuration)
+>>>68 belong =0x0f055111 (Fossil repository)
+>>>68 belong =0x42654462 (Bentley Systems BeSQLite Database)
+>>>68 belong =0x42654c6e (Bentley Systems Localization File)
+>>>68 belong =0x47504b47 (OGC GeoPackage file)
+# https://www.sqlite.org/src/artifact?ci=trunk&filename=magic.txt
+>>>68 belong =0x47503130 (OGC GeoPackage version 1.0 file)
+>>>68 belong =0x45737269 (Esri Spatially-Enabled Database)
+>>>68 belong =0x4d504258 (MBTiles tileset)
+# https://www.maplesoft.com/support/help/errors/view.aspx?path=Formats/Maple
+>>>68 belong =0x5CDE09EF (Maple Workbook)
+# unknown application ID
+>>>68 default x
+>>>>68 belong !0 \b, application id %u
+# The "user version" as read and set by the user_version pragma like:
+# 1 2 4 5 7 9 10 25 36 43 53 400 416 131073 131074 131075
+>>60 belong !0 \b, user version %d
+# SQLITE_VERSION_NUMBER like: 0 3008011 3016002 3007014 3017000 3022000 3028000 3031001
+>>96 belong x \b, last written using SQLite version %d
+# database page size in bytes; a power of two between 512 and 32768, or 1 for 65536
+# like: 512 1024 often 4096 32768
+>>16 ubeshort !4096 \b, page size %u
+# File format write version. 1 for legacy; 2 for WAL; 0 for corruptDB.sqlite
+>>18 ubyte !1 \b, writer version %u
+# File format read version. 1 for legacy; 2 for WAL; 4 for corruptDB.sqlite
+>>19 ubyte !1 \b, read version %u
+# Bytes of unused "reserved" space at the end of each page. Usually 0
+>>20 ubyte !0 \b, unused bytes %u
+# maximum embedded payload fraction. Must be 64; 1 for corruptDB.sqlite
+>>21 ubyte !64 \b, maximum payload %u
+# Minimum embedded payload fraction. Must be 32; 1 for corruptDB.sqlite
+>>22 ubyte !32 \b, minimum payload %u
+# Leaf payload fraction. Must be 32; 0 for corruptDB.sqlite
+>>23 ubyte !32 \b, leaf payload %u
+# file change counter
+>>24 ubelong x \b, file counter %u
+# Size of the database file in pages
+>>28 ubelong x \b, database pages %u
+# page number of the first freelist trunk page like: 0 2 3 4 5 9
+# 10 13 14 15 16 17 18 19 23 36 39 46 50 136 190 217 307 505 516 561 883 1659
+>>32 ubelong !0 \b, 1st free page %u
+# total number of freelist pages
+>>36 ubelong !0 \b, free pages %u
+# The schema cookie like: 2 3 4 6 7 9 A D E F 13 14 1C 25 2A 2F 33 44 4B 53 5A 5F 62 86 87 8F 91 A8
+>>40 ubelong x \b, cookie %#x
+# the schema format number. Supported formats are 1 2 3 and often 4
+# 3328 for corruptDB.sqlite and 0 for 512 byte storage.sqlite (TorBrowser Firefox Thunderbird)
+>>44 ubelong x \b, schema %u
+# Suggested cache size like: 0 2000
+>>48 ubelong !0 \b, cache page size %u
+# The page number of the largest root b-tree page when in auto-vacuum or incremental-vacuum modes, or zero otherwise.
+>>52 ubelong !0 \b, largest root page %u
+# The database text encoding; a value of 1 means UTF-8; 2 means UTF-16le; 3 means UTF-16be
+#>>56 ubelong x \b, encoding %u
+>>56 ubelong x
+>>>56 ubelong =1 \b, UTF-8
+>>>56 ubelong =2 \b, UTF-16 little endian
+>>>56 ubelong =3 \b, UTF-16 big endian
+# 0 for corruptDB.sqlite and for storage.sqlite with database pages 1 (TorBrowser Firefox Thunderbird)
+# https://mozilla.github.io/firefox-browser-architecture/text/0010-firefox-data-stores.html
+>>>56 default x
+>>>>56 ubelong x \b, unknown %#x encoding
+# True (non-zero) for incremental-vacuum mode; false (zero) otherwiseqy
+>>64 ubelong !0 \b, vacuum mode %u
+# Reserved for expansion. Must be zero
+>>72 uquad !0 \b, reserved %#llx
+# The version-valid-for number like:
+# 1 2 3 4 C F 68h 95h 266h A99h 3DCDh B7CEh
+>>92 ubelong x \b, version-valid-for %u
+
+# SQLite Write-Ahead Log from SQLite version >= 3.7.0
+# https://www.sqlite.org/fileformat.html#walformat
+0 belong&0xfffffffe 0x377f0682 SQLite Write-Ahead Log,
+!:ext sqlite-wal/db-wal
+>4 belong x version %d
+# Summary: SQLite Write-Ahead-Log index (shared memory)
+# From: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/SQLite
+# Reference: http://www.sqlite.org/draft/walformat.html#walidxfmt
+# iVersion; WAL-index format version number; always 3007000=2DE218h
+0 ulelong 0x002DE218
+>0 use shm-le
+# big endian variant not tested
+0 ubelong 0x002DE218
+>0 use \^shm-le
+# show information about SQLite Write-Ahead-Log shared memory
+0 name shm-le
+>0 ulelong x SQLite Write-Ahead Log shared memory
+#!:mime application/octet-stream
+!:mime application/vnd.sqlite3
+# db3-shm Acronis BackupAndRecovery F4CEEE47-042C-4828-95A0-DE44EC267A28.db3-shm
+# dbx-shm probably Dropbox filecache.dbx-shm
+# aup3-shm Audacity project tada.aup3-shm
+# srd-shm Microsoft Windows StateRepository service StateRepository-Deployment.srd-shm StateRepository-Machine.srd-shm:
+!:ext sqlite-shm/db-shm/db3-shm/dbx-shm/aup3-shm/srd-shm
+# unused padding space; must be zero
+>4 ulelong !0 \b, unused %x
+# iChange; unsigned integer counter, incremented with each transaction
+>8 ulelong x \b, counter %u
+# isInit; the "isInit" flag; 1 when the shm file has been initialized
+>12 ubyte !1 \b, not initialized %u
+# bigEndCksum; true if the WAL file uses big-ending checksums; 0 if the WAL uses little-endian checksums
+>13 ubyte !0 \b, checksum type %u
+# szPage; database page size in bytes, or 1 if the page size is 65536
+>14 uleshort !1 \b, page size %u
+>14 uleshort =1 \b, page size 65536
+# mxFrame; number of valid and committed frames in the WAL file
+>16 ulelong x \b, %u frames
+# nPage; size of the database file in pages
+>20 ulelong x \b, %u pages
+# aFrameCksum; checksum of the last frame in the WAL file
+>24 ulelong x \b, frame checksum %#x
+# aSalt; two salt value copied from the WAL file header in the byte-order of the WAL file; might be different from machine byte-order
+>32 ulequad x \b, salt %#llx
+# aCksum; checksum over bytes 0 through 39 of this header
+>40 ulelong x \b, header checksum %#x
+# a copy of bytes 0 through 47 of header
+>48 ulelong !3007000 \b, iversion %u
+# nBackfill; number of WAL frames that have already been backfilled into the database by prior checkpoints
+>96 ulelong !0 \b, %u backfilled
+# nBackfillAttempted; number of WAL frames that have attempted to be backfilled
+>>128 ulelong x (%u attempts)
+# read-mark[0..4]; five "read marks"; each read mark is a 32-bit unsigned integer
+>100 ulelong !0 \b, read-mark[0] %#x
+>104 ulelong x \b, read-mark[1] %#x
+>108 ulelong !0xffffffff \b, read-mark[2] %#x
+>112 ulelong !0xffffffff \b, read-mark[3] %#x
+>116 ulelong !0xffffffff \b, read-mark[4] %#x
+# unused space set aside for 8 file locks
+>120 ulequad !0 \b, space %#llx
+# unused space reserved for further expansion
+>132 ulelong !0 \b, reserved %#x
+
+# SQLite Rollback Journal
+# https://www.sqlite.org/fileformat.html#rollbackjournal
+0 string \xd9\xd5\x05\xf9\x20\xa1\x63\xd7 SQLite Rollback Journal
+
+# Panasonic channel list database svl.bin or svl.db added by Joerg Jenderek
+# https://github.com/PredatH0r/ChanSort
+0 string PSDB\0 Panasonic channel list DataBase
+!:ext db/bin
+#!:mime application/x-db-svl-panasonic
+>126 string SQLite\ format\ 3
+#!:mime application/x-panasonic-sqlite3
+>>&-15 indirect x \b; contains
+
+# H2 Database from https://www.h2database.com/
+0 string --\ H2\ 0.5/B\ --\ \n H2 Database file
+
+# DuckDB database file from https://duckdb.org
+8 string DUCK DuckDB database file
+>12 lequad x \b, version %lld
+#>20 lequad x \b, flags %#llx
+#>28 lequad x \b, flags %#llx
diff --git a/magic/Magdir/ssh b/magic/Magdir/ssh
new file mode 100644
index 0000000..56b28a8
--- /dev/null
+++ b/magic/Magdir/ssh
@@ -0,0 +1,42 @@
+# Type: OpenSSH key files
+# From: Nicolas Collignon <tsointsoin@gmail.com>
+
+0 string SSH\040PRIVATE\040KEY OpenSSH RSA1 private key,
+>28 string >\0 version %s
+0 string -----BEGIN\040OPENSSH\040PRIVATE\040KEY----- OpenSSH private key
+# https://www.rfc-editor.org/rfc/rfc5958
+0 string -----BEGIN\040PRIVATE\040KEY----- OpenSSH private key (no password)
+0 string -----BEGIN\040ENCRYPTED\040PRIVATE\040KEY----- OpenSSH private key (with password)
+
+0 string ssh-dss\040 OpenSSH DSA public key
+0 string ssh-rsa\040 OpenSSH RSA public key
+0 string ecdsa-sha2-nistp256 OpenSSH ECDSA public key
+0 string ecdsa-sha2-nistp384 OpenSSH ECDSA public key
+0 string ecdsa-sha2-nistp521 OpenSSH ECDSA public key
+0 string ssh-ed25519 OpenSSH ED25519 public key
+
+0 string SSHKRL\n\0
+>8 ubelong 1 OpenSSH key/certificate revocation list, format %u
+>>12 ubequad x \b, version %llx
+>>>20 beqdate x \b, generated %s
+
+# From: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/PuTTY
+# Reference: https://the.earth.li/~sgtatham/putty/latest/putty-0.73.tar.gz
+# /sshpubk.c
+0 string PuTTY-User-Key-File- PuTTY Private Key File
+#!:mime text/plain
+# https://github.com/github/putty/blob/master/windows/installer.wxs
+!:mime application/x-putty-private-key
+!:ext ppk
+# version 1 or 2
+>20 string x \b, version %.1s
+# name of the algorithm like: ssh-dss ssh-rsa ecdsa-sha2-nistp256 ssh-ed25519
+>23 string x \b, algorithm %s
+# next line says "Encryption: " plus an encryption type like aes256-cbc or none
+>32 search/13 Encryption:\040 \b, Encryption
+>>&0 string x %s
+# next line says "Comment: " plus the comment string
+>>>&0 search/3 Comment:\040
+>>>>&0 string x "%s"
+
diff --git a/magic/Magdir/ssl b/magic/Magdir/ssl
new file mode 100644
index 0000000..2309392
--- /dev/null
+++ b/magic/Magdir/ssl
@@ -0,0 +1,20 @@
+
+#------------------------------------------------------------------------------
+# $File: ssl,v 1.5 2017/12/29 04:00:07 christos Exp $
+# ssl: file(1) magic for SSL file formats
+
+# Type: OpenSSL certificates/key files
+# From: Nicolas Collignon <tsointsoin@gmail.com>
+
+0 string -----BEGIN\040CERTIFICATE----- PEM certificate
+0 string -----BEGIN\040CERTIFICATE\040REQ PEM certificate request
+0 string -----BEGIN\040RSA\040PRIVATE PEM RSA private key
+0 string -----BEGIN\040DSA\040PRIVATE PEM DSA private key
+0 string -----BEGIN\040EC\040PRIVATE PEM EC private key
+0 string -----BEGIN\040ECDSA\040PRIVATE PEM ECDSA private key
+
+# From Luc Gommans
+# OpenSSL enc file (recognized by a magic string preceding the password's salt)
+0 string Salted__ openssl enc'd data with salted password
+# Using the -a or -base64 option, OpenSSL will base64-encode the data.
+0 string U2FsdGVkX1 openssl enc'd data with salted password, base64 encoded
diff --git a/magic/Magdir/statistics b/magic/Magdir/statistics
new file mode 100644
index 0000000..ca9f859
--- /dev/null
+++ b/magic/Magdir/statistics
@@ -0,0 +1,45 @@
+
+#------------------------------------------------------------------------------
+# $File: statistics,v 1.3 2022/03/24 15:48:58 christos Exp $
+# statistics: file(1) magic for statistics related software
+#
+
+# From Remy Rampin
+
+# Stata is a statistical software tool that was created in 1985. While I
+# don't personally use it, data files in its native (proprietary) format
+# are common (.dta files).
+#
+# Because they are so common, especially in statistical and social
+# sciences, Stata files and SPSS files can be opened by a lot of modern
+# software, for example Python's pandas package provides built-in
+# support for them (read_stata() and read_spss()).
+#
+# I noticed that the magic database includes an entry for SPSS files but
+# not Stata files. Stata files for Stata 13 and newer (formats 117, 118,
+# and 119) always begin with the string "<stata_dta><header>" as per
+# https://www.stata.com/help.cgi?dta#definition
+#
+# The format version number always follows, for example:
+# <stata_dta><header><release>117</release>
+# <stata_dta><header><release>118</release>
+#
+# Therefore the following line would do the trick:
+# 0 string <stata_dta><header> Stata Data File
+#
+# (I'm sure the version number could be captured as well but I did not
+# manage this without a regex)
+#
+# Unfortunately the previous formats (created by Stata before 13, which
+# was released 2013) are harder to recognize. Format 115 starts with the
+# four bytes 0x73010100 or 0x73020100, format 114 with 0x72010100 or
+# 0x72020100, format 113 with 0x71010101 or 0x71020101.
+#
+# For additional reference, the Library of Congress website has an entry
+# for the Stata Data File Format 118:
+# https://www.loc.gov/preservation/digital/formats/fdd/fdd000471.shtml
+#
+# Example of those files can be found on Zenodo:
+# https://zenodo.org/search?page=1&size=20&q=&file_type=dta
+0 string \<stata_dta\>\<header\>\<release\> Stata Data File
+>&0 regex [0-9]+ (Release %s)
diff --git a/magic/Magdir/subtitle b/magic/Magdir/subtitle
new file mode 100644
index 0000000..cfbe293
--- /dev/null
+++ b/magic/Magdir/subtitle
@@ -0,0 +1,38 @@
+
+#------------------------------------------------------------------------------
+# $File: subtitle,v 1.2 2022/09/07 11:29:09 christos Exp $
+# subtitle: file(1) magic for subtitles files
+
+# EBU-STL
+# https://tech.ebu.ch/docs/tech/tech3264.pdf
+3 string STL EBU-STL subtitles
+>6 regex =^[0-9][0-9] \b, rate %s
+>>8 string .01 \b, v1
+!:mime application/x-ebu-stl
+>>>16 regex =^[^\ ]{0,32} \b, title "%s"
+>>>>224 regex =^[0-9]{2} \b, created %-.2s
+>>>>>&0 regex =^[0-9]{2} \b-%-.2s
+>>>>>>&0 regex =^[0-9]{2} \b-%-.2s
+!:ext stl
+
+# SubRip (srt) subtitles
+0 regex/20 =^1[\r\n]+0[01]:[0-9]{2}:[0-9]{2},[0-9]{3}\040--> SubRip
+!:mime application/x-subrip
+!:ext srt
+
+# WebVTT subtitles
+# https://www.w3.org/TR/webvtt1/
+0 string/t WEBVTT
+>&0 regex/255 =[0-9]{2}:[0-9]{2}\\.[0-9]{3}\040--> WebVTT subtitles
+!:mime text/vtt
+!:ext vtt
+
+# XML TTML subtitles
+# https://www.w3.org/TR/ttml2/
+0 string/t \<?xml
+>20 search/400 \020xmlns=
+>>&0 regex ['"]http://www.w3.org/ns/ttml TTML subtitles
+!:mime application/ttml+xml
+# Augment strength to beat plain XML
+!:strength * 3
+!:ext ttml
diff --git a/magic/Magdir/sun b/magic/Magdir/sun
new file mode 100644
index 0000000..df83834
--- /dev/null
+++ b/magic/Magdir/sun
@@ -0,0 +1,141 @@
+
+#------------------------------------------------------------------------------
+# $File: sun,v 1.28 2019/04/19 00:42:27 christos Exp $
+# sun: file(1) magic for Sun machines
+#
+# Values for big-endian Sun (MC680x0, SPARC) binaries on pre-5.x
+# releases. (5.x uses ELF.) Entries for executables without an
+# architecture type, used before the 68020-based Sun-3's came out,
+# are in aout, as they're indistinguishable from other big-endian
+# 32-bit a.out files.
+#
+0 belong&077777777 0600413 a.out SunOS SPARC demand paged
+>0 byte &0x80
+>>20 belong <4096 shared library
+>>20 belong =4096 dynamically linked executable
+>>20 belong >4096 dynamically linked executable
+>0 byte ^0x80 executable
+>16 belong >0 not stripped
+
+0 belong&077777777 0600410 a.out SunOS SPARC pure
+>0 byte &0x80 dynamically linked executable
+>0 byte ^0x80 executable
+>16 belong >0 not stripped
+
+0 belong&077777777 0600407 a.out SunOS SPARC
+>0 byte &0x80 dynamically linked executable
+>0 byte ^0x80 executable
+>16 belong >0 not stripped
+
+0 belong&077777777 0400413 a.out SunOS mc68020 demand paged
+>0 byte &0x80
+>>20 belong <4096 shared library
+>>20 belong =4096 dynamically linked executable
+>>20 belong >4096 dynamically linked executable
+>0 byte ^0x80 executable
+>16 belong >0 not stripped
+
+0 belong&077777777 0400410 a.out SunOS mc68020 pure
+>0 byte &0x80 dynamically linked executable
+>0 byte ^0x80 executable
+>16 belong >0 not stripped
+
+0 belong&077777777 0400407 a.out SunOS mc68020
+>0 byte &0x80 dynamically linked executable
+>0 byte ^0x80 executable
+>16 belong >0 not stripped
+
+0 belong&077777777 0200413 a.out SunOS mc68010 demand paged
+>0 byte &0x80
+>>20 belong <4096 shared library
+>>20 belong =4096 dynamically linked executable
+>>20 belong >4096 dynamically linked executable
+>0 byte ^0x80 executable
+>16 belong >0 not stripped
+
+0 belong&077777777 0200410 a.out SunOS mc68010 pure
+>0 byte &0x80 dynamically linked executable
+>0 byte ^0x80 executable
+>16 belong >0 not stripped
+
+0 belong&077777777 0200407 a.out SunOS mc68010
+>0 byte &0x80 dynamically linked executable
+>0 byte ^0x80 executable
+>16 belong >0 not stripped
+
+#
+# Core files. "SPARC 4.x BCP" means "core file from a SunOS 4.x SPARC
+# binary executed in compatibility mode under SunOS 5.x".
+#
+0 belong 0x080456 SunOS core file
+>4 belong 432 (SPARC)
+>>132 string >\0 from '%s'
+>>116 belong =3 (quit)
+>>116 belong =4 (illegal instruction)
+>>116 belong =5 (trace trap)
+>>116 belong =6 (abort)
+>>116 belong =7 (emulator trap)
+>>116 belong =8 (arithmetic exception)
+>>116 belong =9 (kill)
+>>116 belong =10 (bus error)
+>>116 belong =11 (segmentation violation)
+>>116 belong =12 (bad argument to system call)
+>>116 belong =29 (resource lost)
+>>120 belong x (T=%dK,
+>>124 belong x D=%dK,
+>>128 belong x S=%dK)
+>4 belong 826 (68K)
+>>128 string >\0 from '%s'
+>4 belong 456 (SPARC 4.x BCP)
+>>152 string >\0 from '%s'
+# Sun SunPC
+0 long 0xfa33c08e SunPC 4.0 Hard Disk
+0 string #SUNPC_CONFIG SunPC 4.0 Properties Values
+# Sun snoop (see RFC 1761, which describes the capture file format,
+# RFC 3827, which describes some additional datalink types, and
+# https://www.iana.org/assignments/snoop-datalink-types/snoop-datalink-types.xml,
+# which is the IANA registry of Snoop datalink types)
+#
+0 string snoop Snoop capture file
+>8 belong >0 - version %d
+>12 belong 0 (IEEE 802.3)
+>12 belong 1 (IEEE 802.4)
+>12 belong 2 (IEEE 802.5)
+>12 belong 3 (IEEE 802.6)
+>12 belong 4 (Ethernet)
+>12 belong 5 (HDLC)
+>12 belong 6 (Character synchronous)
+>12 belong 7 (IBM channel-to-channel adapter)
+>12 belong 8 (FDDI)
+>12 belong 9 (Other)
+>12 belong 10 (type %d)
+>12 belong 11 (type %d)
+>12 belong 12 (type %d)
+>12 belong 13 (type %d)
+>12 belong 14 (type %d)
+>12 belong 15 (type %d)
+>12 belong 16 (Fibre Channel)
+>12 belong 17 (ATM)
+>12 belong 18 (ATM Classical IP)
+>12 belong 19 (type %d)
+>12 belong 20 (type %d)
+>12 belong 21 (type %d)
+>12 belong 22 (type %d)
+>12 belong 23 (type %d)
+>12 belong 24 (type %d)
+>12 belong 25 (type %d)
+>12 belong 26 (IP over Infiniband)
+>12 belong >26 (type %d)
+
+#---------------------------------------------------------------------------
+# The following entries have been tested by Duncan Laurie <duncan@sun.com> (a
+# lead Sun/Cobalt developer) who agrees that they are good and worthy of
+# inclusion.
+
+# Boot ROM images for Sun/Cobalt Linux server appliances
+0 string Cobalt\ Networks\ Inc.\nFirmware\ v Paged COBALT boot rom
+>38 string x V%.4s
+
+# New format for Sun/Cobalt boot ROMs is annoying, it stores the version code
+# at the very end where file(1) can't get it.
+0 string CRfs COBALT boot rom data (Flat boot rom or file system)
diff --git a/magic/Magdir/svf b/magic/Magdir/svf
new file mode 100644
index 0000000..b0d5c98
--- /dev/null
+++ b/magic/Magdir/svf
@@ -0,0 +1,5 @@
+# $File: svf,v 1.2 2023/05/23 13:37:32 christos Exp $
+#
+# file(1) magic(5) data for SmartVersion files with the .svf extension.
+
+0 string DFS\ File\x0D\x0Ahttp://www.difstream.com\x0D\x0A SmartVersion binary patch file
diff --git a/magic/Magdir/sylk b/magic/Magdir/sylk
new file mode 100644
index 0000000..f497c05
--- /dev/null
+++ b/magic/Magdir/sylk
@@ -0,0 +1,36 @@
+
+#------------------------------------------------------------------------------
+# $File: sylk,v 1.1 2020/04/05 22:18:34 christos Exp $
+# sylk: file(1) magic for SYLK text files
+
+# From: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/SYmbolic_LinK_%28SYLK%29
+# http://fileformats.archiveteam.org/wiki/SYLK
+# Note: called by TrID "SYLK - SYmbolic LinK data",
+# by DROID "Microsoft Symbolic Link (SYLK) File"
+# by FreeDesktop.org "spreadsheet interchange document"
+0 string ID;P
+# skip short DROID x-fmt-106-signature-id-603.slk
+>7 ubyte >0 spreadsheet interchange document
+# https://reposcope.com/mimetype/text/spreadsheet
+#!:mime text/spreadsheet
+# https://reposcope.com/mimetype/application/x-sylk by Gnumeric
+!:mime application/x-sylk
+!:ext slk/sylk
+>>4 ubyte >037 \b, created by
+# Gnumeric, pmw~PlanMaker, CALCOOO32~LibreOffice OpenOffice, SCALC3~StarOffice
+# MP~Multiplan, XL~Excel WXL~Excel Windows
+>>>4 string Gnumeric Gnumeric
+>>>4 string pmw PlanMaker
+>>>4 string CALCOOO32 Libre/OpenOffice Calc
+>>>4 string SCALC3 StarOffice Calc
+>>>4 string XL Excel
+# Excel, version probably running on Windows
+>>>4 string WXL Excel
+# not tested
+>>>4 string MP Multiplan
+# unknown spreadsheet software
+>>>4 default x
+>>>>4 string x %s
+
+
diff --git a/magic/Magdir/symbos b/magic/Magdir/symbos
new file mode 100644
index 0000000..c97a42e
--- /dev/null
+++ b/magic/Magdir/symbos
@@ -0,0 +1,42 @@
+
+#------------------------------------------------------------------------------
+# msx: file(1) magic for the SymbOS operating system
+# http://www.symbos.de
+# Fabio R. Schmidlin <frs@pop.com.br>
+
+# SymbOS EXE file
+0x30 string SymExe SymbOS executable
+>0x36 ubyte x v%c
+>0x37 ubyte x \b.%c
+>0xF string x \b, name: %s
+
+# SymbOS DOX document
+0 string INFOq\0 SymbOS DOX document
+
+# Symbos driver
+0 string SMD1 SymbOS driver
+>19 byte x \b, name: %c
+>20 byte x \b%c
+>21 byte x \b%c
+>22 byte x \b%c
+>23 byte x \b%c
+>24 byte x \b%c
+>25 byte x \b%c
+>26 byte x \b%c
+>27 byte x \b%c
+>28 byte x \b%c
+>29 byte x \b%c
+>30 byte x \b%c
+>31 byte x \b%c
+
+# Symbos video
+0 string SymVid SymbOS video
+>6 ubyte x v%c
+>7 ubyte x \b.%c
+
+# Soundtrakker 128 ST2 music
+0 byte 0
+>0xC string \x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x40\x00 Soundtrakker 128 ST2 music,
+>>1 string x name: %s
+
+
diff --git a/magic/Magdir/sysex b/magic/Magdir/sysex
new file mode 100644
index 0000000..d02389d
--- /dev/null
+++ b/magic/Magdir/sysex
@@ -0,0 +1,429 @@
+
+#------------------------------------------------------------------------
+# $File: sysex,v 1.12 2022/10/31 13:22:26 christos Exp $
+# sysex: file(1) magic for MIDI sysex files
+#
+# GRR: original 1 byte test at offset was too general as it catches also many FATs of DOS filesystems
+# where real SYStem EXclusive messages at offset 1 are limited to seven bits
+# https://en.wikipedia.org/wiki/MIDI
+# test for StartSysEx byte and upper unsed bit of vendor ID
+0 ubeshort&0xFF80 0xF000
+# MIDI System Exclusive (SysEx) messages (strength=50) after Microsoft Visual C library (strength=70)
+#!:strength +0
+# skip Microsoft Visual C library with page size 16 misidentified as ADA and
+# page size 32 misidentified as Inventronics by looking for terminating End Of eXclusive byte (EOX)
+>2 search/12 \xF7
+>>0 use midi-sysex
+# display information about MIDI System Exclusive (SysEx) messages
+0 name midi-sysex
+# https://fileinfo.com/extension/syx
+>1 ubyte x MIDI audio System Exclusive (SysEx) message -
+# Note: file (version 5.41) labeled the above entry as "SysEx File"
+#!:mime application/octet-stream
+!:mime audio/x-syx
+# https://onsongapp.com/docs/features/formats/sysex
+!:ext syx/sysex
+# https://www.midi.org/specifications-old/item/manufacturer-id-numbers
+# https://raw.githubusercontent.com/insolace/MIDI-Sysex-MFG-IDs/master/Sysex%20ID%20Tables/MIDI%20Sysex%20MFG%20IDs.csv
+# SysEx manufacturer ID; originally one byte, but now 0 is used as an escapement to reach the next two
+# North American Group
+#>1 byte 0x01 Sequential
+>1 byte 0x01 Sequential Circuits
+>1 byte 0x02 IDP
+#>1 byte 0x03 OctavePlateau
+>1 byte 0x03 Voyetra Turtle Beach
+>1 byte 0x04 Moog
+#>1 byte 0x05 Passport
+>1 byte 0x05 Passport Designs
+#>1 byte 0x06 Lexicon
+>1 byte 0x06 Lexicon Inc.
+>1 byte 0x07 Kurzweil/Future Retro
+>>3 byte 0x77 777
+>>4 byte 0x00 Bank
+>>4 byte 0x01 Song
+>>5 byte 0x0f 16
+>>5 byte 0x0e 15
+>>5 byte 0x0d 14
+>>5 byte 0x0c 13
+>>5 byte 0x0b 12
+>>5 byte 0x0a 11
+>>5 byte 0x09 10
+>>5 byte 0x08 9
+>>5 byte 0x07 8
+>>5 byte 0x06 7
+>>5 byte 0x05 6
+>>5 byte 0x04 5
+>>5 byte 0x03 4
+>>5 byte 0x02 3
+>>5 byte 0x01 2
+>>5 byte 0x00 1
+>>5 byte 0x10 (ALL)
+>>2 byte x \b, Channel %d
+>1 byte 0x08 Fender
+#>1 byte 0x09 Gulbransen
+>1 byte 0x09 MIDI9
+#>1 byte 0x0a AKG
+>1 byte 0x0a AKG Acoustics
+>1 byte 0x0b Voyce
+>1 byte 0x0c Waveframe
+# not ADA programming language
+#>1 byte 0x0d ADA
+>1 byte 0x0d ADA Signal Processors Inc.
+#>1 byte 0x0e Garfield
+>1 byte 0x0e Garfield Electronics
+>1 byte 0x0f Ensoniq
+>1 byte 0x10 Oberheim
+>>2 byte 0x06 Matrix 6 series
+>>3 byte 0x0A Dump (All)
+>>3 byte 0x01 Dump (Bank)
+>>4 belong 0x0002040E Matrix 1000
+>>>11 byte <2 User bank %d
+>>>11 byte >1 Preset bank %d
+>1 byte 0x11 Apple
+>1 byte 0x12 GreyMatter
+>1 byte 0x14 PalmTree
+>1 byte 0x15 JLCooper
+>1 byte 0x16 Lowrey
+>1 byte 0x17 AdamsSmith
+>1 byte 0x18 E-mu
+#>1 byte 0x19 Harmony
+>1 byte 0x19 Harmony Systems
+>1 byte 0x1a ART
+>1 byte 0x1b Baldwin
+>1 byte 0x1c Eventide
+>1 byte 0x1d Inventronics
+>1 byte 0x1f Clarity
+
+# European Group
+#>1 byte 0x21 SIEL
+>1 byte 0x21 Proel Labs (SIEL)
+>1 byte 0x22 Synthaxe
+>1 byte 0x24 Hohner
+>1 byte 0x25 Twister
+#>1 byte 0x26 Solton
+>1 byte 0x26 Ketron s.r.l.
+>1 byte 0x27 Jellinghaus
+>1 byte 0x28 Southworth
+>1 byte 0x29 PPG
+>1 byte 0x2a JEN
+#>1 byte 0x2b SSL
+>1 byte 0x2b Solid State Logic Organ Systems
+#>1 byte 0x2c AudioVertrieb
+>1 byte 0x2c Audio Veritrieb-P. Struven
+
+>1 byte 0x2f ELKA
+>>3 byte 0x09 EK-44
+
+>1 byte 0x30 Dynacord
+#>1 byte 0x31 Jomox
+>1 byte 0x31 Viscount International Spa
+>1 byte 0x33 Clavia
+>1 byte 0x39 Soundcraft
+# Some Waldorf info from http://Stromeko.Synth.net/Downloads#WaldorfDocs
+>1 byte 0x3e Waldorf
+>>2 byte 0x00 microWave
+>>2 byte 0x0E microwave2 / XT
+>>2 byte 0x0F Q / Q+
+>>3 byte =0 (default id)
+>>3 byte >0 (
+>>>3 byte <0x7F \bdevice %d)
+>>>3 byte =0x7F \bbroadcast id)
+>>3 byte 0x7f Microwave I
+>>>4 byte 0x00 SNDR (Sound Request)
+>>>4 byte 0x10 SNDD (Sound Dump)
+>>>4 byte 0x20 SNDP (Sound Parameter Change)
+>>>4 byte 0x30 SNDQ (Sound Parameter Inquiry)
+>>>4 byte 0x70 BOOT (Sound Reserved)
+>>>4 byte 0x01 MULR (Multi Request)
+>>>4 byte 0x11 MULD (Multi Dump)
+>>>4 byte 0x21 MULP (Multi Parameter Change)
+>>>4 byte 0x31 MULQ (Multi Parameter Inquiry)
+>>>4 byte 0x71 OS (Multi Reserved)
+>>>4 byte 0x02 DRMR (Drum Map Request)
+>>>4 byte 0x12 DRMD (Drum Map Dump)
+>>>4 byte 0x22 DRMP (Drum Map Parameter Change)
+>>>4 byte 0x32 DRMQ (Drum Map Parameter Inquiry)
+>>>4 byte 0x72 BIN (Drum Map Reserved)
+>>>4 byte 0x03 PATR (Sequencer Pattern Request)
+>>>4 byte 0x13 PATD (Sequencer Pattern Dump)
+>>>4 byte 0x23 PATP (Sequencer Pattern Parameter Change)
+>>>4 byte 0x33 PATQ (Sequencer Pattern Parameter Inquiry)
+>>>4 byte 0x73 AFM (Sequencer Pattern Reserved)
+>>>4 byte 0x04 GLBR (Global Parameter Request)
+>>>4 byte 0x14 GLBD (Global Parameter Dump)
+>>>4 byte 0x24 GLBP (Global Parameter Parameter Change)
+>>>4 byte 0x34 GLBQ (Global Parameter Parameter Inquiry)
+>>>4 byte 0x07 MODR (Mode Parameter Request)
+>>>4 byte 0x17 MODD (Mode Parameter Dump)
+>>>4 byte 0x27 MODP (Mode Parameter Parameter Change)
+>>>4 byte 0x37 MODQ (Mode Parameter Parameter Inquiry)
+>>2 byte 0x10 microQ
+>>>4 byte 0x00 SNDR (Sound Request)
+>>>4 byte 0x10 SNDD (Sound Dump)
+>>>4 byte 0x20 SNDP (Sound Parameter Change)
+>>>4 byte 0x30 SNDQ (Sound Parameter Inquiry)
+>>>4 byte 0x70 (Sound Reserved)
+>>>4 byte 0x01 MULR (Multi Request)
+>>>4 byte 0x11 MULD (Multi Dump)
+>>>4 byte 0x21 MULP (Multi Parameter Change)
+>>>4 byte 0x31 MULQ (Multi Parameter Inquiry)
+>>>4 byte 0x71 OS (Multi Reserved)
+>>>4 byte 0x02 DRMR (Drum Map Request)
+>>>4 byte 0x12 DRMD (Drum Map Dump)
+>>>4 byte 0x22 DRMP (Drum Map Parameter Change)
+>>>4 byte 0x32 DRMQ (Drum Map Parameter Inquiry)
+>>>4 byte 0x72 BIN (Drum Map Reserved)
+>>>4 byte 0x04 GLBR (Global Parameter Request)
+>>>4 byte 0x14 GLBD (Global Parameter Dump)
+>>>4 byte 0x24 GLBP (Global Parameter Parameter Change)
+>>>4 byte 0x34 GLBQ (Global Parameter Parameter Inquiry)
+>>2 byte 0x11 rackAttack
+>>>4 byte 0x00 SNDR (Sound Parameter Request)
+>>>4 byte 0x10 SNDD (Sound Parameter Dump)
+>>>4 byte 0x20 SNDP (Sound Parameter Parameter Change)
+>>>4 byte 0x30 SNDQ (Sound Parameter Parameter Inquiry)
+>>>4 byte 0x01 PRGR (Program Parameter Request)
+>>>4 byte 0x11 PRGD (Program Parameter Dump)
+>>>4 byte 0x21 PRGP (Program Parameter Parameter Change)
+>>>4 byte 0x31 PRGQ (Program Parameter Parameter Inquiry)
+>>>4 byte 0x71 OS (Program Parameter Reserved)
+>>>4 byte 0x03 PATR (Pattern Parameter Request)
+>>>4 byte 0x13 PATD (Pattern Parameter Dump)
+>>>4 byte 0x23 PATP (Pattern Parameter Parameter Change)
+>>>4 byte 0x33 PATQ (Pattern Parameter Parameter Inquiry)
+>>>4 byte 0x04 GLBR (Global Parameter Request)
+>>>4 byte 0x14 GLBD (Global Parameter Dump)
+>>>4 byte 0x24 GLBP (Global Parameter Parameter Change)
+>>>4 byte 0x34 GLBQ (Global Parameter Parameter Inquiry)
+>>>4 byte 0x05 EFXR (FX Parameter Request)
+>>>4 byte 0x15 EFXD (FX Parameter Dump)
+>>>4 byte 0x25 EFXP (FX Parameter Parameter Change)
+>>>4 byte 0x35 EFXQ (FX Parameter Parameter Inquiry)
+>>>4 byte 0x07 MODR (Mode Command Request)
+>>>4 byte 0x17 MODD (Mode Command Dump)
+>>>4 byte 0x27 MODP (Mode Command Parameter Change)
+>>>4 byte 0x37 MODQ (Mode Command Parameter Inquiry)
+>>2 byte 0x03 Wave
+>>>4 byte 0x00 SBPR (Soundprogram)
+>>>4 byte 0x01 SAPR (Performance)
+>>>4 byte 0x02 SWAVE (Wave)
+>>>4 byte 0x03 SWTBL (Wave control table)
+>>>4 byte 0x04 SVT (Velocity Curve)
+>>>4 byte 0x05 STT (Tuning Table)
+>>>4 byte 0x06 SGLB (Global Parameters)
+>>>4 byte 0x07 SARRMAP (Performance Program Change Map)
+>>>4 byte 0x08 SBPRMAP (Sound Program Change Map)
+>>>4 byte 0x09 SBPRPAR (Sound Parameter)
+>>>4 byte 0x0A SARRPAR (Performance Parameter)
+>>>4 byte 0x0B SINSPAR (Instrument/External Parameter)
+>>>4 byte 0x0F SBULK (Bulk Switch on/off)
+
+# Japanese Group
+>1 byte 0x40 Kawai
+>>3 byte 0x20 K1
+>>3 byte 0x22 K4
+
+>1 byte 0x41 Roland
+>>3 byte 0x14 D-50
+>>3 byte 0x2b U-220
+>>3 byte 0x02 TR-707
+
+>1 byte 0x42 Korg
+>>3 byte 0x19 M1
+
+>1 byte 0x43 Yamaha
+>1 byte 0x44 Casio
+>1 byte 0x46 Kamiya
+>1 byte 0x47 Akai
+#>1 byte 0x48 Victor
+>1 byte 0x48 Victor Company of Japan. Ltd.
+>1 byte 0x49 Mesosha
+>1 byte 0x4b Fujitsu
+>1 byte 0x4c Sony
+>1 byte 0x4e Teac
+>1 byte 0x50 Matsushita
+>1 byte 0x51 Fostex
+#>1 byte 0x52 Zoom
+>1 byte 0x52 Zoom Corporation
+>1 byte 0x54 Matsushita
+>1 byte 0x57 Acoustic tech. lab.
+# https://www.midi.org/techspecs/manid.php
+>1 belong&0xffffff00 0x00007400 Ta Horng
+>1 belong&0xffffff00 0x00007500 e-Tek
+>1 belong&0xffffff00 0x00007600 E-Voice
+>1 belong&0xffffff00 0x00007700 Midisoft
+>1 belong&0xffffff00 0x00007800 Q-Sound
+>1 belong&0xffffff00 0x00007900 Westrex
+>1 belong&0xffffff00 0x00007a00 Nvidia*
+>1 belong&0xffffff00 0x00007b00 ESS
+>1 belong&0xffffff00 0x00007c00 Mediatrix
+>1 belong&0xffffff00 0x00007d00 Brooktree
+>1 belong&0xffffff00 0x00007e00 Otari
+>1 belong&0xffffff00 0x00007f00 Key Electronics
+>1 belong&0xffffff00 0x00010000 Shure
+>1 belong&0xffffff00 0x00010100 AuraSound
+>1 belong&0xffffff00 0x00010200 Crystal
+>1 belong&0xffffff00 0x00010300 Rockwell
+>1 belong&0xffffff00 0x00010400 Silicon Graphics
+>1 belong&0xffffff00 0x00010500 Midiman
+>1 belong&0xffffff00 0x00010600 PreSonus
+>1 belong&0xffffff00 0x00010800 Topaz
+>1 belong&0xffffff00 0x00010900 Cast Lightning
+>1 belong&0xffffff00 0x00010a00 Microsoft
+>1 belong&0xffffff00 0x00010b00 Sonic Foundry
+>1 belong&0xffffff00 0x00010c00 Line 6
+>1 belong&0xffffff00 0x00010d00 Beatnik Inc.
+>1 belong&0xffffff00 0x00010e00 Van Koerving
+>1 belong&0xffffff00 0x00010f00 Altech Systems
+>1 belong&0xffffff00 0x00011000 S & S Research
+>1 belong&0xffffff00 0x00011100 VLSI Technology
+>1 belong&0xffffff00 0x00011200 Chromatic
+>1 belong&0xffffff00 0x00011300 Sapphire
+>1 belong&0xffffff00 0x00011400 IDRC
+>1 belong&0xffffff00 0x00011500 Justonic Tuning
+>1 belong&0xffffff00 0x00011600 TorComp
+>1 belong&0xffffff00 0x00011700 Newtek Inc.
+>1 belong&0xffffff00 0x00011800 Sound Sculpture
+>1 belong&0xffffff00 0x00011900 Walker Technical
+>1 belong&0xffffff00 0x00011a00 Digital Harmony
+>1 belong&0xffffff00 0x00011b00 InVision
+>1 belong&0xffffff00 0x00011c00 T-Square
+>1 belong&0xffffff00 0x00011d00 Nemesys
+>1 belong&0xffffff00 0x00011e00 DBX
+>1 belong&0xffffff00 0x00011f00 Syndyne
+>1 belong&0xffffff00 0x00012000 Bitheadz
+>1 belong&0xffffff00 0x00012100 Cakewalk
+>1 belong&0xffffff00 0x00012200 Staccato
+>1 belong&0xffffff00 0x00012300 National Semicon.
+>1 belong&0xffffff00 0x00012400 Boom Theory
+>1 belong&0xffffff00 0x00012500 Virtual DSP Corp
+>1 belong&0xffffff00 0x00012600 Antares
+>1 belong&0xffffff00 0x00012700 Angel Software
+>1 belong&0xffffff00 0x00012800 St Louis Music
+>1 belong&0xffffff00 0x00012900 Lyrrus dba G-VOX
+>1 belong&0xffffff00 0x00012a00 Ashley Audio
+>1 belong&0xffffff00 0x00012b00 Vari-Lite
+>1 belong&0xffffff00 0x00012c00 Summit Audio
+>1 belong&0xffffff00 0x00012d00 Aureal Semicon.
+>1 belong&0xffffff00 0x00012e00 SeaSound
+>1 belong&0xffffff00 0x00012f00 U.S. Robotics
+>1 belong&0xffffff00 0x00013000 Aurisis
+>1 belong&0xffffff00 0x00013100 Nearfield Multimedia
+>1 belong&0xffffff00 0x00013200 FM7 Inc.
+>1 belong&0xffffff00 0x00013300 Swivel Systems
+>1 belong&0xffffff00 0x00013400 Hyperactive
+>1 belong&0xffffff00 0x00013500 MidiLite
+>1 belong&0xffffff00 0x00013600 Radical
+>1 belong&0xffffff00 0x00013700 Roger Linn
+>1 belong&0xffffff00 0x00013800 Helicon
+>1 belong&0xffffff00 0x00013900 Event
+>1 belong&0xffffff00 0x00013a00 Sonic Network
+>1 belong&0xffffff00 0x00013b00 Realtime Music
+>1 belong&0xffffff00 0x00013c00 Apogee Digital
+
+>1 belong&0xffffff00 0x00202b00 Medeli Electronics
+>1 belong&0xffffff00 0x00202c00 Charlie Lab
+>1 belong&0xffffff00 0x00202d00 Blue Chip Music
+>1 belong&0xffffff00 0x00202e00 BEE OH Corp
+>1 belong&0xffffff00 0x00202f00 LG Semicon America
+>1 belong&0xffffff00 0x00203000 TESI
+>1 belong&0xffffff00 0x00203100 EMAGIC
+>1 belong&0xffffff00 0x00203200 Behringer
+>1 belong&0xffffff00 0x00203300 Access Music
+>1 belong&0xffffff00 0x00203400 Synoptic
+>1 belong&0xffffff00 0x00203500 Hanmesoft Corp
+>1 belong&0xffffff00 0x00203600 Terratec
+>1 belong&0xffffff00 0x00203700 Proel SpA
+>1 belong&0xffffff00 0x00203800 IBK MIDI
+>1 belong&0xffffff00 0x00203900 IRCAM
+>1 belong&0xffffff00 0x00203a00 Propellerhead Software
+>1 belong&0xffffff00 0x00203b00 Red Sound Systems
+>1 belong&0xffffff00 0x00203c00 Electron ESI AB
+>1 belong&0xffffff00 0x00203d00 Sintefex Audio
+>1 belong&0xffffff00 0x00203e00 Music and More
+>1 belong&0xffffff00 0x00203f00 Amsaro
+>1 belong&0xffffff00 0x00204000 CDS Advanced Technology
+>1 belong&0xffffff00 0x00204100 Touched by Sound
+>1 belong&0xffffff00 0x00204200 DSP Arts
+>1 belong&0xffffff00 0x00204300 Phil Rees Music
+>1 belong&0xffffff00 0x00204400 Stamer Musikanlagen GmbH
+>1 belong&0xffffff00 0x00204500 Soundart
+>1 belong&0xffffff00 0x00204600 C-Mexx Software
+>1 belong&0xffffff00 0x00204700 Klavis Tech.
+>1 belong&0xffffff00 0x00204800 Noteheads AB
+
+# Update: Joerg Jenderek; January 2022
+>1 byte 0x00 ID EXTENSIONS
+>1 byte 0x13 Digidesign Inc.
+>1 byte 0x1e Key Concepts
+>1 byte 0x20 Passac
+>1 byte 0x23 Stepp
+>1 byte 0x2d Neve
+>1 byte 0x2e Soundtracs Ltd.
+>1 byte 0x32 Drawmer
+>1 byte 0x34 Audio Architecture
+>1 byte 0x35 Generalmusic Corp SpA
+>1 byte 0x36 Cheetah Marketing
+>1 byte 0x37 C.T.M.
+>1 byte 0x38 Simmons UK
+>1 byte 0x3a Steinberg
+>1 byte 0x3b Wersi GmbH
+>1 byte 0x3c AVAB Niethammer AB
+>1 byte 0x3d Digigram
+>1 byte 0x3f Quasimidi
+#
+>1 byte 0x40 Kawai Musical Instruments MFG. CO. Ltd
+#>1 byte 0x45 foo
+#>1 byte 0x4a foo
+#>1 byte 0x4d foo
+#>1 byte 0x4f foo
+#>1 byte 0x53 foo
+>1 byte 0x55 Suzuki Musical Instruments MFG. Co. Ltd.
+>1 byte 0x56 Fuji Sound Corporation Ltd.
+#>1 byte 0x58 foo
+>1 byte 0x59 Faith. Inc.
+>1 byte 0x5a Internet Corporation
+#>1 byte 0x5b foo
+>1 byte 0x5c Seekers Co. Ltd.
+#>1 byte 0x5d foo
+#>1 byte 0x5e foo
+>1 byte 0x5f SD Card Association
+# Reserved for other uses for 60H to 7FH
+# URL: https://www.philscomputerlab.com/roland-midi-emulator-project-20.html
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/s/syx--midiemu.trid.xml
+# Note: called by TrID "MIDI Emulator Project SysEx preset command"
+>1 byte 0x66 MIDI Emulator
+# https://electronicmusic.fandom.com/wiki/List_of_MIDI_Manufacturer_IDs
+# Educational, prototyping, test, private use and experimentation
+>1 byte 0x7D PROTOTYPING
+# universal non-real-time (sample dump, tuning table, etc.)
+>1 byte 0x7E UNIVERSAL
+# universal real time (MIDI time code, MIDI Machine control, etc.)
+>1 byte 0x7F universal real time
+# display information about End Of eXclusive byte (EOX=F7)
+#>2 ubyte 0xF7 \b, at 2 EOX
+#>3 ubyte 0xF7 \b, at 3 EOX
+# https://tttapa.github.io/Control-Surface-doc/new-input/Doxygen/d2/d93/SysEx-Send-Receive_8ino-example.html
+>4 ubyte 0xF7 \b, at 4 EOX
+# http://www.1manband.nl/tutorials2/sysex.htm
+>5 ubyte 0xF7 \b, at 5 EOX
+# http://www.somascape.org/midi/tech/mfile.html#sysex
+>6 ubyte 0xF7 \b, at 6 EOX
+#
+>7 ubyte 0xF7 \b, at 7 EOX
+# https://webmidijs.org/forum/discussion/34/how-to-send-or-receive-system-exclusive-messages
+>8 ubyte 0xF7 \b, at 8 EOX
+#
+>9 ubyte 0xF7 \b, at 9 EOX
+# https://www.chd-el.cz/wp-content/uploads/845010_syxcom.pdf
+>10 ubyte 0xF7 \b, at 10 EOX
+# https://stackoverflow.com/questions/52906076/handling-midi-the-input-of-multiple-system-exclusive-messages-in-vb
+>11 ubyte 0xF7 \b, at 11 EOX
+# https://www.2writers.com/eddie/TutSysEx.htm
+>12 ubyte 0xF7 \b, at 12 EOX
+>13 ubyte 0xF7 \b, at 13 EOX
+# http://www.chromakinetics.com/handsonic/rolSysEx.htm
+>14 ubyte 0xF7 \b, at 14 EOX
+#>15 ubyte 0xF7 \b, at 15 EOX
+
+0 string T707 Roland TR-707 Data
diff --git a/magic/Magdir/tcl b/magic/Magdir/tcl
new file mode 100644
index 0000000..edc3ec4
--- /dev/null
+++ b/magic/Magdir/tcl
@@ -0,0 +1,29 @@
+#------------------------------------------------------------------------------
+# file: file(1) magic for Tcl scripting language
+# URL: https://www.tcl.tk/
+# From: gustaf neumann
+
+# Tcl scripts
+0 search/1/w #!\ /usr/bin/tcl Tcl script text executable
+!:mime text/x-tcl
+0 search/1/w #!\ /usr/local/bin/tcl Tcl script text executable
+!:mime text/x-tcl
+0 search/1 #!/usr/bin/env\ tcl Tcl script text executable
+!:mime text/x-tcl
+0 search/1 #!\ /usr/bin/env\ tcl Tcl script text executable
+!:mime text/x-tcl
+0 search/1/w #!\ /usr/bin/wish Tcl/Tk script text executable
+!:mime text/x-tcl
+0 search/1/w #!\ /usr/local/bin/wish Tcl/Tk script text executable
+!:mime text/x-tcl
+0 search/1 #!/usr/bin/env\ wish Tcl/Tk script text executable
+!:mime text/x-tcl
+0 search/1 #!\ /usr/bin/env\ wish Tcl/Tk script text executable
+!:mime text/x-tcl
+
+# check the first line
+0 search/1 package\ req
+>0 regex \^package[\ \t]+req Tcl script
+# not 'p', check other lines
+0 search/1 !p
+>0 regex \^package[\ \t]+req Tcl script
diff --git a/magic/Magdir/teapot b/magic/Magdir/teapot
new file mode 100644
index 0000000..b6577b6
--- /dev/null
+++ b/magic/Magdir/teapot
@@ -0,0 +1,6 @@
+
+#------------------------------------------------------------------------------
+# $File: teapot,v 1.4 2009/09/19 16:28:12 christos Exp $
+# teapot: file(1) magic for "teapot" spreadsheet
+#
+0 string #!teapot\012xdr teapot work sheet (XDR format)
diff --git a/magic/Magdir/terminfo b/magic/Magdir/terminfo
new file mode 100644
index 0000000..41704eb
--- /dev/null
+++ b/magic/Magdir/terminfo
@@ -0,0 +1,63 @@
+
+#------------------------------------------------------------------------------
+# $File: terminfo,v 1.13 2022/11/21 22:25:37 christos Exp $
+# terminfo: file(1) magic for terminfo
+#
+# URL: https://invisible-island.net/ncurses/man/term.5.html
+# URL: https://invisible-island.net/ncurses/man/scr_dump.5.html
+#
+# Workaround for Targa image type by Joerg Jenderek
+# GRR: line below too general as it catches also
+# Targa image type 1 with 26 long identification field
+# and HELP.DSK
+0 string \032\001
+# 5th character of terminal name list, but not Targa image pixel size (15 16 24 32)
+>16 ubyte >32
+# namelist, if more than 1 separated by "|" like "st|stterm| simpleterm 0.4.1"
+>>12 regex \^[a-zA-Z0-9][a-zA-Z0-9.][^|]* Compiled terminfo entry "%-s"
+!:mime application/x-terminfo
+# no extension
+#!:ext
+#
+#------------------------------------------------------------------------------
+# The following was added for ncurses6 development:
+#------------------------------------------------------------------------------
+#
+0 string \036\002
+# imitate the legacy compiled-format, to get the entry-name printed
+>16 ubyte >32
+# namelist, if more than 1 separated by "|" like "st|stterm| simpleterm 0. 4.1"
+>>12 regex \^[a-zA-Z0-9][a-zA-Z0-9.][^|]* Compiled 32-bit terminfo entry "%-s"
+!:mime application/x-terminfo2
+#
+# While the compiled terminfo uses little-endian format regardless of
+# platform, SystemV screen dumps do not. They came later, and that detail was
+# overlooked.
+#
+# AIX and HPUX use the SVr4 big-endian format
+# Solaris uses the SVr3 formats (sparc and x86 differ endian-ness)
+0 beshort 0433 SVr2 curses screen image, big-endian
+# GRR: line below too general as it catches Commodore C128 program (crc32.prg XLINK.PRG) with start address 1C01h handled by ./c64
+0 beshort 0434 SVr3 curses screen image, big-endian
+0 beshort 0435 SVr4 curses screen image, big-endian
+#
+0 leshort 0433 SVr2 curses screen image, little-endian
+0 leshort 0434 SVr3 curses screen image, little-endian
+0 leshort 0435 SVr4 curses screen image, little-endian
+#
+# Rather than SVr4, Solaris "xcurses" writes this header:
+0 regex \^MAX=[0-9]+,[0-9]+$
+>1 regex \^BEG=[0-9]+,[0-9]+$
+>2 regex \^SCROLL=[0-9]+,[0-9]+$
+>3 regex \^VMIN=[0-9]+$
+>4 regex \^VTIME=[0-9]+$
+>5 regex \^FLAGS=0x[[:xdigit:]]+$
+>6 regex \^FG=[0-9],[0-9]+$
+>7 regex \^BG=[0-9]+,[0-9]+, Solaris xcurses screen image
+#
+# ncurses5 (and before) did not use a magic number, making screen dumps "data".
+# ncurses6 (2015) uses this format, ignoring byte-order
+0 string \210\210\210\210ncurses ncurses6 screen image
+#
+# PDCurses added this in 2005
+0 string PDC\001 PDCurses screen image
diff --git a/magic/Magdir/tex b/magic/Magdir/tex
new file mode 100644
index 0000000..e66f8ff
--- /dev/null
+++ b/magic/Magdir/tex
@@ -0,0 +1,141 @@
+
+#------------------------------------------------------------------------------
+# $File: tex,v 1.22 2022/12/21 16:50:04 christos Exp $
+# tex: file(1) magic for TeX files
+#
+# XXX - needs byte-endian stuff (big-endian and little-endian DVI?)
+#
+# From <conklin@talisman.kaleida.com>
+
+# Although we may know the offset of certain text fields in TeX DVI
+# and font files, we can't use them reliably because they are not
+# zero terminated. [but we do anyway, christos]
+0 string \367\002
+>(14.b+15) string \213
+>>14 pstring >\0 TeX DVI file (%s)
+!:mime application/x-dvi
+0 string \367\203 TeX generic font data
+0 string \367\131 TeX packed font data
+>3 string >\0 (%s)
+0 string \367\312
+>(2.b+11) string \363 TeX virtual font data
+0 search/1 This\ is\ TeX, TeX transcript text
+0 search/1 This\ is\ METAFONT, METAFONT transcript text
+
+# There is no way to detect TeX Font Metric (*.tfm) files without
+# breaking them apart and reading the data. The following patterns
+# match most *.tfm files generated by METAFONT or afm2tfm.
+2 string \000\021 TeX font metric data
+!:mime application/x-tex-tfm
+>33 string >\0 (%s)
+2 string \000\022 TeX font metric data
+!:mime application/x-tex-tfm
+>33 string >\0 (%s)
+
+# Texinfo and GNU Info, from Daniel Quinlan (quinlan@yggdrasil.com)
+0 search/1 \\input\ texinfo Texinfo source text
+!:mime text/x-texinfo
+0 search/1 This\ is\ Info\ file GNU Info text
+!:mime text/x-info
+
+# TeX documents, from Daniel Quinlan (quinlan@yggdrasil.com)
+0 search/4096 \\input TeX document text
+!:mime text/x-tex
+!:strength + 15
+0 search/4096 \\begin LaTeX document text
+!:mime text/x-tex
+!:strength + 15
+0 search/4096 \\section LaTeX document text
+!:mime text/x-tex
+!:strength + 18
+0 search/4096 \\setlength LaTeX document text
+!:mime text/x-tex
+!:strength + 15
+0 search/4096 \\documentstyle LaTeX document text
+!:mime text/x-tex
+!:strength + 18
+0 search/4096 \\chapter LaTeX document text
+!:mime text/x-tex
+!:strength + 18
+0 search/4096 \\documentclass LaTeX 2e document text
+!:mime text/x-tex
+!:strength + 15
+0 search/4096 \\relax LaTeX auxiliary file
+!:mime text/x-tex
+!:strength + 15
+0 search/4096 \\contentsline LaTeX table of contents
+!:mime text/x-tex
+!:strength + 15
+0 search/4096 %\ -*-latex-*- LaTeX document text
+!:mime text/x-tex
+
+# Tex document, from Hendrik Scholz <hendrik@scholz.net>
+0 search/1 \\ifx TeX document text
+
+# Index and glossary files
+0 search/4096 \\indexentry LaTeX raw index file
+0 search/4096 \\begin{theindex} LaTeX sorted index
+0 search/4096 \\glossaryentry LaTeX raw glossary
+0 search/4096 \\begin{theglossary} LaTeX sorted glossary
+0 search/4096 This\ is\ makeindex Makeindex log file
+
+# End of TeX
+
+#------------------------------------------------------------------------------
+# file(1) magic for BibTex text files
+# From Hendrik Scholz <hendrik@scholz.net>
+
+0 search/1/c @article{ BibTeX text file
+0 search/1/c @book{ BibTeX text file
+0 search/1/c @inbook{ BibTeX text file
+0 search/1/c @incollection{ BibTeX text file
+0 search/1/c @inproceedings{ BibTeX text file
+0 search/1/c @manual{ BibTeX text file
+0 search/1/c @misc{ BibTeX text file
+0 search/1/c @preamble{ BibTeX text file
+0 search/1/c @phdthesis{ BibTeX text file
+0 search/1/c @techreport{ BibTeX text file
+0 search/1/c @unpublished{ BibTeX text file
+
+73 search/1 %%%\ \ BibTeX-file{ BibTex text file (with full header)
+
+73 search/1 %%%\ \ @BibTeX-style-file{ BibTeX style text file (with full header)
+
+0 search/1 %\ BibTeX\ standard\ bibliography\ BibTeX standard bibliography style text file
+
+0 search/1 %\ BibTeX\ ` BibTeX custom bibliography style text file
+
+0 search/1 @c\ @mapfile{ TeX font aliases text file
+
+0 string #LyX LyX document text
+
+# ConTeXt documents
+# https://wiki.contextgarden.net/
+0 search/4096 \\setupcolors[ ConTeXt document text
+!:strength + 15
+0 search/4096 \\definecolor[ ConTeXt document text
+!:strength + 15
+0 search/4096 \\setupinteraction[ ConTeXt document text
+!:strength + 15
+0 search/4096 \\useURL[ ConTeXt document text
+!:strength + 15
+0 search/4096 \\setuppapersize[ ConTeXt document text
+!:strength + 15
+0 search/4096 \\setuplayout[ ConTeXt document text
+!:strength + 15
+0 search/4096 \\setupfooter[ ConTeXt document text
+!:strength + 15
+0 search/4096 \\setupfootertexts[ ConTeXt document text
+!:strength + 15
+0 search/4096 \\setuppagenumbering[ ConTeXt document text
+!:strength + 15
+0 search/4096 \\setupbodyfont[ ConTeXt document text
+!:strength + 15
+0 search/4096 \\setuphead[ ConTeXt document text
+!:strength + 15
+0 search/4096 \\setupitemize[ ConTeXt document text
+!:strength + 15
+0 search/4096 \\setupwhitespace[ ConTeXt document text
+!:strength + 15
+0 search/4096 \\setupindenting[ ConTeXt document text
+!:strength + 15
diff --git a/magic/Magdir/tgif b/magic/Magdir/tgif
new file mode 100644
index 0000000..e80b3a7
--- /dev/null
+++ b/magic/Magdir/tgif
@@ -0,0 +1,7 @@
+
+#------------------------------------------------------------------------------
+# $File: tgif,v 1.7 2010/09/20 19:03:46 rrt Exp $
+# file(1) magic for tgif(1) files
+# From Hendrik Scholz <hendrik@scholz.net>
+0 string %TGIF\ Tgif file version
+>6 string x %s
diff --git a/magic/Magdir/ti-8x b/magic/Magdir/ti-8x
new file mode 100644
index 0000000..b05c5c9
--- /dev/null
+++ b/magic/Magdir/ti-8x
@@ -0,0 +1,239 @@
+
+#------------------------------------------------------------------------------
+# $File: ti-8x,v 1.8 2020/02/12 22:13:01 christos Exp $
+# ti-8x: file(1) magic for the TI-8x and TI-9x Graphing Calculators.
+#
+# From: Ryan McGuire (rmcguire@freenet.columbus.oh.us).
+#
+# Update: Romain Lievin (roms@lpg.ticalc.org).
+#
+# NOTE: This list is not complete.
+# Files for the TI-80 and TI-81 are pretty rare. I'm not going to put the
+# program/group magic numbers in here because I cannot find any.
+0 string **TI80** TI-80 Graphing Calculator File.
+0 string **TI81** TI-81 Graphing Calculator File.
+#
+# Magic Numbers for the TI-73
+#
+0 string **TI73** TI-73 Graphing Calculator
+>0x00003B byte 0x00 (real number)
+>0x00003B byte 0x01 (list)
+>0x00003B byte 0x02 (matrix)
+>0x00003B byte 0x03 (equation)
+>0x00003B byte 0x04 (string)
+>0x00003B byte 0x05 (program)
+>0x00003B byte 0x06 (assembly program)
+>0x00003B byte 0x07 (picture)
+>0x00003B byte 0x08 (gdb)
+>0x00003B byte 0x0C (complex number)
+>0x00003B byte 0x0F (window settings)
+>0x00003B byte 0x10 (zoom)
+>0x00003B byte 0x11 (table setup)
+>0x00003B byte 0x13 (backup)
+
+# Magic Numbers for the TI-82
+#
+0 string **TI82** TI-82 Graphing Calculator
+>0x00003B byte 0x00 (real)
+>0x00003B byte 0x01 (list)
+>0x00003B byte 0x02 (matrix)
+>0x00003B byte 0x03 (Y-variable)
+>0x00003B byte 0x05 (program)
+>0x00003B byte 0x06 (protected prgm)
+>0x00003B byte 0x07 (picture)
+>0x00003B byte 0x08 (gdb)
+>0x00003B byte 0x0B (window settings)
+>0x00003B byte 0x0C (window settings)
+>0x00003B byte 0x0D (table setup)
+>0x00003B byte 0x0E (screenshot)
+>0x00003B byte 0x0F (backup)
+#
+# Magic Numbers for the TI-83
+#
+0 string **TI83** TI-83 Graphing Calculator
+>0x00003B byte 0x00 (real)
+>0x00003B byte 0x01 (list)
+>0x00003B byte 0x02 (matrix)
+>0x00003B byte 0x03 (Y-variable)
+>0x00003B byte 0x04 (string)
+>0x00003B byte 0x05 (program)
+>0x00003B byte 0x06 (protected prgm)
+>0x00003B byte 0x07 (picture)
+>0x00003B byte 0x08 (gdb)
+>0x00003B byte 0x0B (window settings)
+>0x00003B byte 0x0C (window settings)
+>0x00003B byte 0x0D (table setup)
+>0x00003B byte 0x0E (screenshot)
+>0x00003B byte 0x13 (backup)
+#
+# Magic Numbers for the TI-83+
+#
+0 string **TI83F* TI-83+ Graphing Calculator
+>0x00003B byte 0x00 (real number)
+>0x00003B byte 0x01 (list)
+>0x00003B byte 0x02 (matrix)
+>0x00003B byte 0x03 (equation)
+>0x00003B byte 0x04 (string)
+>0x00003B byte 0x05 (program)
+>0x00003B byte 0x06 (assembly program)
+>0x00003B byte 0x07 (picture)
+>0x00003B byte 0x08 (gdb)
+>0x00003B byte 0x0C (complex number)
+>0x00003B byte 0x0F (window settings)
+>0x00003B byte 0x10 (zoom)
+>0x00003B byte 0x11 (table setup)
+>0x00003B byte 0x13 (backup)
+>0x00003B byte 0x15 (application variable)
+>0x00003B byte 0x17 (group of variable)
+
+#
+# Magic Numbers for the TI-85
+#
+0 string **TI85** TI-85 Graphing Calculator
+>0x00003B byte 0x00 (real number)
+>0x00003B byte 0x01 (complex number)
+>0x00003B byte 0x02 (real vector)
+>0x00003B byte 0x03 (complex vector)
+>0x00003B byte 0x04 (real list)
+>0x00003B byte 0x05 (complex list)
+>0x00003B byte 0x06 (real matrix)
+>0x00003B byte 0x07 (complex matrix)
+>0x00003B byte 0x08 (real constant)
+>0x00003B byte 0x09 (complex constant)
+>0x00003B byte 0x0A (equation)
+>0x00003B byte 0x0C (string)
+>0x00003B byte 0x0D (function GDB)
+>0x00003B byte 0x0E (polar GDB)
+>0x00003B byte 0x0F (parametric GDB)
+>0x00003B byte 0x10 (diffeq GDB)
+>0x00003B byte 0x11 (picture)
+>0x00003B byte 0x12 (program)
+>0x00003B byte 0x13 (range)
+>0x00003B byte 0x17 (window settings)
+>0x00003B byte 0x18 (window settings)
+>0x00003B byte 0x19 (window settings)
+>0x00003B byte 0x1A (window settings)
+>0x00003B byte 0x1B (zoom)
+>0x00003B byte 0x1D (backup)
+>0x00003B byte 0x1E (unknown)
+>0x00003B byte 0x2A (equation)
+>0x000032 string ZS4 - ZShell Version 4 File.
+>0x000032 string ZS3 - ZShell Version 3 File.
+#
+# Magic Numbers for the TI-86
+#
+0 string **TI86** TI-86 Graphing Calculator
+>0x00003B byte 0x00 (real number)
+>0x00003B byte 0x01 (complex number)
+>0x00003B byte 0x02 (real vector)
+>0x00003B byte 0x03 (complex vector)
+>0x00003B byte 0x04 (real list)
+>0x00003B byte 0x05 (complex list)
+>0x00003B byte 0x06 (real matrix)
+>0x00003B byte 0x07 (complex matrix)
+>0x00003B byte 0x08 (real constant)
+>0x00003B byte 0x09 (complex constant)
+>0x00003B byte 0x0A (equation)
+>0x00003B byte 0x0C (string)
+>0x00003B byte 0x0D (function GDB)
+>0x00003B byte 0x0E (polar GDB)
+>0x00003B byte 0x0F (parametric GDB)
+>0x00003B byte 0x10 (diffeq GDB)
+>0x00003B byte 0x11 (picture)
+>0x00003B byte 0x12 (program)
+>0x00003B byte 0x13 (range)
+>0x00003B byte 0x17 (window settings)
+>0x00003B byte 0x18 (window settings)
+>0x00003B byte 0x19 (window settings)
+>0x00003B byte 0x1A (window settings)
+>0x00003B byte 0x1B (zoom)
+>0x00003B byte 0x1D (backup)
+>0x00003B byte 0x1E (unknown)
+>0x00003B byte 0x2A (equation)
+#
+# Magic Numbers for the TI-89
+#
+0 string **TI89** TI-89 Graphing Calculator
+>0x000048 byte 0x00 (expression)
+>0x000048 byte 0x04 (list)
+>0x000048 byte 0x06 (matrix)
+>0x000048 byte 0x0A (data)
+>0x000048 byte 0x0B (text)
+>0x000048 byte 0x0C (string)
+>0x000048 byte 0x0D (graphic data base)
+>0x000048 byte 0x0E (figure)
+>0x000048 byte 0x10 (picture)
+>0x000048 byte 0x12 (program)
+>0x000048 byte 0x13 (function)
+>0x000048 byte 0x14 (macro)
+>0x000048 byte 0x1C (zipped)
+>0x000048 byte 0x21 (assembler)
+#
+# Magic Numbers for the TI-92
+#
+0 string **TI92** TI-92 Graphing Calculator
+>0x000048 byte 0x00 (expression)
+>0x000048 byte 0x04 (list)
+>0x000048 byte 0x06 (matrix)
+>0x000048 byte 0x0A (data)
+>0x000048 byte 0x0B (text)
+>0x000048 byte 0x0C (string)
+>0x000048 byte 0x0D (graphic data base)
+>0x000048 byte 0x0E (figure)
+>0x000048 byte 0x10 (picture)
+>0x000048 byte 0x12 (program)
+>0x000048 byte 0x13 (function)
+>0x000048 byte 0x14 (macro)
+>0x000048 byte 0x1D (backup)
+#
+# Magic Numbers for the TI-92+/V200
+#
+0 string **TI92P* TI-92+/V200 Graphing Calculator
+>0x000048 byte 0x00 (expression)
+>0x000048 byte 0x04 (list)
+>0x000048 byte 0x06 (matrix)
+>0x000048 byte 0x0A (data)
+>0x000048 byte 0x0B (text)
+>0x000048 byte 0x0C (string)
+>0x000048 byte 0x0D (graphic data base)
+>0x000048 byte 0x0E (figure)
+>0x000048 byte 0x10 (picture)
+>0x000048 byte 0x12 (program)
+>0x000048 byte 0x13 (function)
+>0x000048 byte 0x14 (macro)
+>0x000048 byte 0x1C (zipped)
+>0x000048 byte 0x21 (assembler)
+#
+# Magic Numbers for the TI-73/83+/89/92+/V200 FLASH upgrades
+#
+#0x0000016 string Advanced TI-XX Graphing Calculator (FLASH)
+0 string **TIFL** TI-XX Graphing Calculator (FLASH)
+>8 byte >0 - Revision %d
+>>9 byte x \b.%d,
+>12 byte >0 Revision date %02x
+>>13 byte x \b/%02x
+>>14 beshort x \b/%04x,
+>17 string >/0 name: '%s',
+>48 byte 0x74 device: TI-73,
+>48 byte 0x73 device: TI-83+,
+>48 byte 0x98 device: TI-89,
+>48 byte 0x88 device: TI-92+,
+>49 byte 0x23 type: OS upgrade,
+>49 byte 0x24 type: application,
+>49 byte 0x25 type: certificate,
+>49 byte 0x3e type: license,
+>74 lelong >0 size: %d bytes
+
+# VTi & TiEmu skins (TI Graphing Calculators).
+# From: Romain Lievin (roms@lpg.ticalc.org).
+# Magic Numbers for the VTi skins
+0 string VTI Virtual TI skin
+>3 string v - Version
+>>4 byte >0 \b %c
+>>6 byte x \b.%c
+# Magic Numbers for the TiEmu skins
+0 string TiEmu TiEmu skin
+>6 string v - Version
+>>7 byte >0 \b %c
+>>9 byte x \b.%c
+>>10 byte x \b%c
diff --git a/magic/Magdir/timezone b/magic/Magdir/timezone
new file mode 100644
index 0000000..84e9081
--- /dev/null
+++ b/magic/Magdir/timezone
@@ -0,0 +1,42 @@
+
+#------------------------------------------------------------------------------
+# $File: timezone,v 1.13 2021/07/21 17:57:20 christos Exp $
+# timezone: file(1) magic for timezone data
+#
+# from Daniel Quinlan (quinlan@yggdrasil.com)
+# this should work on Linux, SunOS, and maybe others
+# Added new official magic number for recent versions of the Olson code
+0 name timezone
+>4 byte 0 \b, old version
+>4 byte >0 \b, version %c
+>20 belong 0 \b, no gmt time flags
+>20 belong 1 \b, 1 gmt time flag
+>20 belong >1 \b, %d gmt time flags
+>24 belong 0 \b, no std time flags
+>24 belong 1 \b, 1 std time flag
+>24 belong >1 \b, %d std time flags
+>28 belong 0 \b, no leap seconds
+>28 belong 1 \b, 1 leap second
+>28 belong >1 \b, %d leap seconds
+>32 belong 0 \b, no transition times
+>32 belong 1 \b, 1 transition time
+>32 belong >1 \b, %d transition times
+>36 belong 0 \b, no local time types
+>36 belong 1 \b, 1 local time type
+>36 belong >1 \b, %d local time types
+>40 belong 0 \b, no abbreviation chars
+>40 belong 1 \b, 1 abbreviation char
+>40 belong >1 \b, %d abbreviation chars
+
+0 string TZif timezone data
+>51 string TZif \b(slim)
+>>51 use timezone
+>51 default x \b(fat)
+>>0 use timezone
+
+0 string \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0 old timezone data
+0 string \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0 old timezone data
+0 string \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\3\0 old timezone data
+0 string \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\4\0 old timezone data
+0 string \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\5\0 old timezone data
+0 string \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\6\0 old timezone data
diff --git a/magic/Magdir/tplink b/magic/Magdir/tplink
new file mode 100644
index 0000000..1b4ef0f
--- /dev/null
+++ b/magic/Magdir/tplink
@@ -0,0 +1,95 @@
+
+#------------------------------------------------------------------------------
+# $File: tplink,v 1.8 2023/05/15 16:41:02 christos Exp $
+# tplink: File magic for openwrt firmware files
+
+# URL: https://wiki.openwrt.org/doc/techref/header
+# Reference: https://git.openwrt.org/?p=openwrt.git;a=blob;f=tools/firmware-utils/src/mktplinkfw.c
+# http://mark0.net/download/triddefs_xml.7z/defs/b/bin-tplink-v1.trid.xml
+# Note: called "TP-Link router firmware (v1)" by TrID
+# From: Joerg Jenderek
+# check for valid header version 1 or 2
+0 ulelong <3
+>0 ulelong !0
+# test for header padding with nulls
+>>0x100 long 0
+# skip Norton Commander Cleanup Utility NCCLEAN.INI by looking for valid vendor name
+>>>4 ubelong >0x1F000000
+# skip user.dbt by looking for positive hardware id
+>>>>0x40 ubeshort >0
+# skip cversions.1.db cversions.2.db cversions.3.db inside
+# c:\ProgramData\Microsoft\Windows\Caches
+# with invalid vendor names \240\0\0\0 \140\0\0\0 \040\0\0\0
+>>>>>5 short !0
+>>>>>>0 use firmware-tplink
+
+0 name firmware-tplink
+>0 ubyte x firmware
+!:mime application/x-tplink-bin
+# like: TL-WR1043ND-V1-FW0.0.3-stripped.bin gluon-ffrefugee-0.9.2-tp-link-archer-c5-v1-sysupgrade.bin
+!:ext bin
+# hardware id like 10430001 07410001 09410004 09410006
+>0x40 ubeshort x %x
+>0x42 ubeshort x v%x
+# hardware revision like 1
+>0x44 ubelong !1 (revision %u)
+# vendor_name[24] like OpenWrt or TP-LINK Technologies
+>4 string x %.24s
+# fw_version[36] like r49389 or ver. 1.0
+>0x1c string x %.36s
+# header version 1 or 2
+>0 ubyte !1 V%X
+# ver_hi.ver_mid.ver_lo
+>0x98 long !0 \b, version
+>>0x98 ubeshort x %u
+>>0x9A ubeshort x \b.%u
+>>0x9C ubeshort x \b.%u
+# region code 0~universal 1~US
+>0x48 ubelong x
+#>>0x48 ubelong 0 (universal)
+>>0x48 ubelong 1 (US)
+>>0x48 ubelong >1 (region %u)
+# total length of the firmware. not always true
+>0x7C ubelong x \b, %u bytes or less
+# unknown 1
+>0x48 ubelong !0 \b, UNKNOWN1 %#x
+# md5sum1[16]
+#>0x4c ubequad x \b, MD5 %llx
+#>>0x54 ubequad x \b%llx
+# unknown 2
+>0x5c ubelong !0 \b, UNKNOWN2 %#x
+# md5sum2[16]
+#>0x60 ubequad !0 \b, 2nd MD5 %llx
+#>>0x68 ubequad x \b%llx
+# unknown 3
+>0x70 ubelong !0 \b, UNKNOWN3 %#x
+# kernel load address
+#>0x74 ubelong x \b, %#x load
+# kernel entry point
+#>0x78 ubelong x \b, %#x entry
+# kernel data offset. 200h means direct after header
+>0x80 ubelong x \b, at %#x
+# kernel data length and 1 space
+>0x84 ubelong x %u bytes
+# look for kernel type (gzip compressed vmlinux.bin by ./compress)
+>(0x80.L) indirect x
+# root file system data offset
+# WRONG in 5.35 with above indirect expression
+>0x88 ubelong x \b, at %#x
+# rootfs data length and 1 space
+>0x8C ubelong x %u bytes
+# in 5.32 only true for offset ~< FILE_BYTES_MAX=9 MB defined in ../../src/file.h
+>(0x88.L) indirect x
+# 'qshs' for wr940nv1_en_3_13_7_up(111228).bin
+#>(0x88.L) string x \b, file system '%.4s'
+#>(0x88.L) ubequad x \b, file system %#llx
+# bootloader data offset
+>0x90 ubelong !0 \b, at %#x
+# bootloader data length only reasonable if bootloader offset not null
+>>0x94 ubelong !0 %u bytes
+# pad[354] should be 354 null bytes.
+#>0x9E ubequad !0 \b, padding %#llx
+# But at 0x120 18 non null bytes in examples like
+# wr940nv4_eu_3_16_9_up_boot(160620).bin
+# wr940nv6_us_3_18_1_up_boot(171030).bin
+#>0x120 ubequad !0 \b, other padding %#llx
diff --git a/magic/Magdir/troff b/magic/Magdir/troff
new file mode 100644
index 0000000..301a40b
--- /dev/null
+++ b/magic/Magdir/troff
@@ -0,0 +1,44 @@
+
+#------------------------------------------------------------------------------
+# $File: troff,v 1.14 2023/06/01 16:00:46 christos Exp $
+# troff: file(1) magic for *roff
+#
+# updated by Daniel Quinlan (quinlan@yggdrasil.com)
+
+# troff input
+0 search/1 .\\" troff or preprocessor input text
+!:strength +12
+!:mime text/troff
+0 search/1 '\\" troff or preprocessor input text
+!:strength +12
+!:mime text/troff
+0 search/1 '.\\" troff or preprocessor input text
+!:strength +12
+!:mime text/troff
+0 search/1 \\" troff or preprocessor input text
+!:strength +12
+!:mime text/troff
+#0 search/1 ''' troff or preprocessor input text
+#!:mime text/troff
+0 regex/20l \^\\.[A-Za-z][A-Za-z0-9][\ \t] troff or preprocessor input text
+!:strength +12
+!:mime text/troff
+0 regex/20l \^\\.[A-Za-z][A-Za-z0-9]$ troff or preprocessor input text
+!:strength +12
+!:mime text/troff
+
+# ditroff intermediate output text
+0 search/1 x\ T ditroff output text
+>4 search/1 cat for the C/A/T phototypesetter
+>4 search/1 ps for PostScript
+>4 search/1 dvi for DVI
+>4 search/1 ascii for ASCII
+>4 search/1 lj4 for LaserJet 4
+>4 search/1 latin1 for ISO 8859-1 (Latin 1)
+>4 search/1 X75 for xditview at 75dpi
+>>7 search/1 -12 (12pt)
+>4 search/1 X100 for xditview at 100dpi
+>>8 search/1 -12 (12pt)
+
+# output data formats
+0 string \100\357 very old (C/A/T) troff output data
diff --git a/magic/Magdir/tuxedo b/magic/Magdir/tuxedo
new file mode 100644
index 0000000..191501d
--- /dev/null
+++ b/magic/Magdir/tuxedo
@@ -0,0 +1,8 @@
+
+#------------------------------------------------------------------------------
+# $File: tuxedo,v 1.4 2009/09/19 16:28:13 christos Exp $
+# tuxedo: file(1) magic for BEA TUXEDO data files
+#
+# from Ian Springer <ispringer@hotmail.com>
+#
+0 string \0\0\1\236\0\0\0\0\0\0\0\0\0\0\0\0 BEA TUXEDO DES mask data
diff --git a/magic/Magdir/typeset b/magic/Magdir/typeset
new file mode 100644
index 0000000..e99fe37
--- /dev/null
+++ b/magic/Magdir/typeset
@@ -0,0 +1,8 @@
+
+#------------------------------------------------------------------------------
+# $File: typeset,v 1.8 2009/09/19 16:28:13 christos Exp $
+# typeset: file(1) magic for other typesetting
+#
+0 string Interpress/Xerox Xerox InterPress data
+>16 string / (version
+>>17 string >\0 %s)
diff --git a/magic/Magdir/uf2 b/magic/Magdir/uf2
new file mode 100644
index 0000000..49a86d7
--- /dev/null
+++ b/magic/Magdir/uf2
@@ -0,0 +1,72 @@
+
+#------------------------------------------------------------------------------
+# $File: uf2,v 1.3 2021/04/28 01:00:31 christos Exp $
+# uf2: file(1) magic for UF2 firmware image files
+#
+# https://github.com/microsoft/uf2
+#
+# Created by Blake Ramsdell <blaker@gmail.com>
+
+0 string UF2\n UF2 firmware image
+!:ext uf2
+# This is for checking the other magic numbers, do we want to do that?
+#>4 lelong 0x9E5D5157 howdy
+#>>508 lelong 0x0AB16F30 doody
+>8 lelong &0x0001 \b, not main flash
+>8 lelong &0x1000 \b, file container
+>8 lelong &0x2000 \b, family
+
+# To update the UF2 family data, use this fine command
+#
+# families=`curl \
+# https://raw.githubusercontent.com/microsoft/uf2/master/utils/uf2families.json \
+# | jq -r '.[] | ">>28\tlelong\t\(.id)\t\(.description)"' | sort -n -k 3` && \
+# perl -0777 -i -pe \
+# "s/(### BEGIN UF2 FAMILIES\\n).*(\\n### END UF2 FAMILIES)/\$1$families\$2/s" \
+# uf2
+
+### BEGIN UF2 FAMILIES
+>>28 lelong 0x00ff6919 ST STM32L4xx
+>>28 lelong 0x04240bdf ST STM32L5xx
+>>28 lelong 0x16573617 Microchip (Atmel) ATmega32
+>>28 lelong 0x1851780a Microchip (Atmel) SAML21
+>>28 lelong 0x1b57745f Nordic NRF52
+>>28 lelong 0x1c5f21b0 ESP32
+>>28 lelong 0x1e1f432d ST STM32L1xx
+>>28 lelong 0x202e3a91 ST STM32L0xx
+>>28 lelong 0x21460ff0 ST STM32WLxx
+>>28 lelong 0x2abc77ec NXP LPC55xx
+>>28 lelong 0x300f5633 ST STM32G0xx
+>>28 lelong 0x31d228c6 GD32F350
+>>28 lelong 0x4c71240a ST STM32G4xx
+>>28 lelong 0x4fb2d5bd NXP i.MX RT10XX
+>>28 lelong 0x53b80f00 ST STM32F7xx
+>>28 lelong 0x55114460 Microchip (Atmel) SAMD51
+>>28 lelong 0x57755a57 ST STM32F401
+>>28 lelong 0x5a18069b Cypress FX2
+>>28 lelong 0x5d1a0a2e ST STM32F2xx
+>>28 lelong 0x5ee21072 ST STM32F103
+>>28 lelong 0x647824b6 ST STM32F0xx
+>>28 lelong 0x68ed2b88 Microchip (Atmel) SAMD21
+>>28 lelong 0x6b846188 ST STM32F3xx
+>>28 lelong 0x6d0922fa ST STM32F407
+>>28 lelong 0x6db66082 ST STM32H7xx
+>>28 lelong 0x70d16653 ST STM32WBxx
+>>28 lelong 0x7eab61ed ESP8266
+>>28 lelong 0x7f83e793 NXP KL32L2x
+>>28 lelong 0x8fb060fe ST STM32F407VG
+>>28 lelong 0xada52840 Nordic NRF52840
+>>28 lelong 0xbfdd4eee ESP32-S2
+>>28 lelong 0xc47e5767 ESP32-S3
+>>28 lelong 0xd42ba06c ESP32-C3
+>>28 lelong 0xe48bff56 Raspberry Pi RP2040
+### END UF2 FAMILIES
+
+>>28 default x
+>>>28 lelong x %#08x
+>8 lelong&0x2000 0 \b, file size
+>>28 lelong x %#08x
+>8 lelong &0x4000 \b, MD5 checksum present
+>8 lelong &0x8000 \b, extension tags present
+>12 lelong x \b, address %#08x
+>24 lelong x \b, %u total blocks
diff --git a/magic/Magdir/unicode b/magic/Magdir/unicode
new file mode 100644
index 0000000..7ca61ba
--- /dev/null
+++ b/magic/Magdir/unicode
@@ -0,0 +1,15 @@
+
+#------------------------------------------------------------------------------
+# $File: unicode,v 1.7 2019/02/19 20:34:42 christos Exp $
+# Unicode: BOM prefixed text files - Adrian Havill <havill@turbolinux.co.jp>
+# These types are recognised in file_ascmagic so these encodings can be
+# treated by text patterns. Missing types are already dealt with internally.
+#
+0 string +/v8 Unicode text, UTF-7
+0 string +/v9 Unicode text, UTF-7
+0 string +/v+ Unicode text, UTF-7
+0 string +/v/ Unicode text, UTF-7
+0 string \335\163\146\163 Unicode text, UTF-8-EBCDIC
+0 string \000\000\376\377 Unicode text, UTF-32, big-endian
+0 string \377\376\000\000 Unicode text, UTF-32, little-endian
+0 string \016\376\377 Unicode text, SCSU (Standard Compression Scheme for Unicode)
diff --git a/magic/Magdir/unisig b/magic/Magdir/unisig
new file mode 100644
index 0000000..6212c38
--- /dev/null
+++ b/magic/Magdir/unisig
@@ -0,0 +1,12 @@
+
+#------------------------------------------------------------------------------
+# $File: unisig,v 1.1 2020/04/09 19:05:44 christos Exp $
+# unisig: file(1) magic for files carrying a uniform signature (Unisig)
+# From: Lassi Kortela, John Cowan
+# URL: https://github.com/unisig
+#
+0 string \xDC\xDC\x0D\x0A\x1A\x0A\x00 Unisig:
+>7 ubyte =0 UUID
+>>8 guid x %s
+>7 ubyte >0 URI
+>>7 pstring x %s
diff --git a/magic/Magdir/unknown b/magic/Magdir/unknown
new file mode 100644
index 0000000..578a8ea
--- /dev/null
+++ b/magic/Magdir/unknown
@@ -0,0 +1,34 @@
+
+#------------------------------------------------------------------------------
+# $File: unknown,v 1.8 2013/01/09 22:37:24 christos Exp $
+# unknown: file(1) magic for unknown machines
+#
+# 0x107 is 0407, 0x108 is 0410, and 0x109 is 0411; those are all PDP-11
+# (executable, pure, and split I&D, respectively), but the PDP-11 version
+# doesn't have the "version %ld", which may be a bogus COFFism (I don't
+# think there was ever COFF for the PDP-11).
+#
+# 0x10B is 0413; that's VAX demand-paged, but this is a short, not a
+# long, as it would be on a VAX. In any case, that could collide with
+# VAX demand-paged files, as the magic number is little-endian on those
+# binaries, so the first 16 bits of the file would contain 0x10B.
+#
+# Therefore, those entries are commented out.
+#
+# 0x10C is 0414 and 0x10E is 0416; those *are* unknown.
+#
+#0 short 0x107 unknown machine executable
+#>8 short >0 not stripped
+#>15 byte >0 - version %ld
+#0 short 0x108 unknown pure executable
+#>8 short >0 not stripped
+#>15 byte >0 - version %ld
+#0 short 0x109 PDP-11 separate I&D
+#>8 short >0 not stripped
+#>15 byte >0 - version %ld
+#0 short 0x10b unknown pure executable
+#>8 short >0 not stripped
+#>15 byte >0 - version %ld
+0 long 0x10c unknown demand paged pure executable
+>16 long >0 not stripped
+0 long 0x10e unknown readable demand paged pure executable
diff --git a/magic/Magdir/usd b/magic/Magdir/usd
new file mode 100644
index 0000000..356cdf7
--- /dev/null
+++ b/magic/Magdir/usd
@@ -0,0 +1,21 @@
+
+#------------------------------------------------------------------------------
+# $File: usd,v 1.2 2020/05/21 22:17:00 christos Exp $
+#
+# From Christian Schmidbauer
+#
+# https://github.com/PixarAnimationStudios/USD
+
+# USD crate file
+# https://github.com/PixarAnimationStudios/USD/blob/ebac0a8b6703f4fa1c27115f1f013bb9819662f4/pxr/usd/usd/crateFile.h#L441-L450
+0 string PXR-USDC USD crate
+>8 byte x \b, version %x.
+>9 byte x \b%x.
+>10 byte x \b%x
+!:ext usd
+
+# USD ASCII file
+0 string #usda\040 USD ASCII
+>6 string x \b, version %s
+!:mime text/plain
+!:ext usd
diff --git a/magic/Magdir/uterus b/magic/Magdir/uterus
new file mode 100644
index 0000000..4b9e768
--- /dev/null
+++ b/magic/Magdir/uterus
@@ -0,0 +1,16 @@
+
+#------------------------------------------------------------------------------
+# $File: uterus,v 1.4 2022/10/31 13:22:26 christos Exp $
+# file(1) magic for uterus files
+# http://freecode.com/projects/uterus
+#
+0 string UTE+ uterus file
+>4 string v \b, version
+>5 byte x %c
+>6 string . \b.
+>7 byte x \b%c
+>8 string \<\> \b, big-endian
+>>16 belong >0 \b, slut size %u
+>8 string \>\< \b, little-endian
+>>16 lelong >0 \b, slut size %u
+>10 byte &8 \b, compressed
diff --git a/magic/Magdir/uuencode b/magic/Magdir/uuencode
new file mode 100644
index 0000000..df70dc5
--- /dev/null
+++ b/magic/Magdir/uuencode
@@ -0,0 +1,28 @@
+
+#------------------------------------------------------------------------------
+# $File: uuencode,v 1.9 2021/11/13 17:48:10 christos Exp $
+# uuencode: file(1) magic for ASCII-encoded files
+#
+
+# The first line of xxencoded files is identical to that in uuencoded files,
+# but the first character in most subsequent lines is 'h' instead of 'M'.
+# (xxencoding uses lowercase letters in place of most of uuencode's
+# punctuation and survives BITNET gateways better.)
+0 regex/1024 \^begin\040[0-7]{3}\040
+>&0 regex/256 [\012\015]+M[\040-\140]{60}[\012\015]+ uuencoded text
+>&0 regex/256 [\012\015]+h[0-9A-Za-z\053\055]{60}[\012\015]+ xxencoded text
+>&0 default x uuencoded or xxencoded text
+>&0 string >\0 \b, file name "%s"
+
+# btoa(1) is an alternative to uuencode that requires less space.
+0 search/1 xbtoa\ Begin btoa'd text
+
+# ship(1) is another, much cooler alternative to uuencode.
+# Greg Roelofs, newt@uchicago.edu
+0 search/1 $\012ship ship'd binary text
+
+# bencode(8) is used to encode compressed news batches (Bnews/Cnews only?)
+# Greg Roelofs, newt@uchicago.edu
+0 search/1 Decode\ the\ following\ with\ bdeco bencoded News text
+
+# GRR: handle BASE64
diff --git a/magic/Magdir/vacuum-cleaner b/magic/Magdir/vacuum-cleaner
new file mode 100644
index 0000000..eef78f2
--- /dev/null
+++ b/magic/Magdir/vacuum-cleaner
@@ -0,0 +1,54 @@
+
+#------------------------------------------------------------------------------
+# $File: vacuum-cleaner,v 1.1 2015/11/14 13:38:35 christos Exp $
+# vacuum cleaner magic by Thomas M. Ott (ThMO)
+#
+# navigation map for LG robot vacuum cleaner models VR62xx, VR64xx, VR63xx
+# file: MAPDATAyyyymmddhhmmss_xxxxxx_cc.blk
+# -> yyyymmdd: year, month, day of cleaning
+# -> hhmmss: hour, minute, second of cleaning
+# -> xxxxxx: 6 digits
+# -> cc: cleaning runs counter
+# size: 136044 bytes
+#
+# struct maphdr {
+# int32_t map_cnt; /* 0: single map */
+# int32_t min_ceil; /* 4: 100 mm == 10 cm == min. ceil */
+# int32_t max_ceil; /* 8: 10000 mm == 100 m == max. ceil */
+# int32_t max_climb; /* 12: 50 mm = 5 cm == max. height to climb */
+# int32_t unknown; /* 16: 50000 ??? */
+# int32_t cell_bytes; /* 20: # of bytes for cells per block */
+# int32_t block_max; /* 24: 1000 == max. # of blocks */
+# int32_t route_max; /* 28: 1000 == max. # of routes */
+# int32_t used_blocks; /* 32: 5/45/33/... == # of block entries used! */
+# int32_t cell_dim; /* 36: 10 == cell dimension */
+# int32_t clock_tick; /* 40: 100 == clock ticks */
+# #if 0
+# struct { /* 44: 1000 blocks for 10x10 cells */
+# int32_t yoffset;
+# int32_t xoffset;
+# int32_t posxy;
+# int32_t timecode;
+# } blocks[ 1000];
+# char cells[ 1000* 100]; /* 16044: 1000 10x10 cells */
+# int16_t routes[ 1000* 10]; /* 116044: 1000 10-routes */
+# #endif
+# };
+
+0 lelong =1
+>4 lelong =100
+>>8 lelong =10000
+>>>12 lelong =50
+>>>>16 lelong =50000
+>>>>>20 lelong =100
+>>>>>>24 lelong =1000
+>>>>>>>28 lelong =1000
+>>>>>>>>36 lelong =10
+>>>>>>>>>40 lelong =100
+>>>>>>>>>>32 lelong x LG robot VR6[234]xx %dm^2 navigation
+>>>>>>>>>>136040 lelong =-1 reuse map data
+>>>>>>>>>>136040 lelong =0 map data
+>>>>>>>>>>136040 lelong >0 spurious map data
+>>>>>>>>>>136040 lelong <-1 spurious map data
+
+
diff --git a/magic/Magdir/varied.out b/magic/Magdir/varied.out
new file mode 100644
index 0000000..01caf07
--- /dev/null
+++ b/magic/Magdir/varied.out
@@ -0,0 +1,46 @@
+
+#------------------------------------------------------------------------------
+# $File: varied.out,v 1.23 2014/04/30 21:41:02 christos Exp $
+# varied.out: file(1) magic for various USG systems
+#
+# Herewith many of the object file formats used by USG systems.
+# Most have been moved to files for a particular processor,
+# and deleted if they duplicate other entries.
+#
+0 short 0610 Perkin-Elmer executable
+# AMD 29K
+0 beshort 0572 amd 29k coff noprebar executable
+0 beshort 01572 amd 29k coff prebar executable
+0 beshort 0160007 amd 29k coff archive
+# Cray
+6 beshort 0407 unicos (cray) executable
+# Ultrix 4.3
+596 string \130\337\377\377 Ultrix core file
+>600 string >\0 from '%s'
+# BeOS and MAcOS PEF executables
+# From: hplus@zilker.net (Jon Watte)
+0 string Joy!peffpwpc header for PowerPC PEF executable
+#
+# ava assembler/linker Uros Platise <uros.platise@ijs.si>
+0 string avaobj AVR assembler object code
+>7 string >\0 version '%s'
+# gnu gmon magic From: Eugen Dedu <dedu@ese-metz.fr>
+0 string gmon GNU prof performance data
+>4 long x - version %d
+# From: Dave Pearson <davep@davep.org>
+# Harbour <URL:http://harbour-project.org/> HRB files.
+0 string \xc0HRB Harbour HRB file
+>4 leshort x version %d
+# Harbour HBV files
+0 string \xc0HBV Harbour variable dump file
+>4 leshort x version %d
+
+# From: Alex Beregszaszi <alex@fsn.hu>
+# 0 string exec BugOS executable
+# 0 string pack BugOS archive
+
+# From: Jason Spence <jspence@lightconsulting.com>
+# Generated by the "examples" in STM's ST40 devkit, and derived code.
+0 lelong 0x13a9f17e ST40 component image format
+>4 string >\0 \b, name '%s'
+
diff --git a/magic/Magdir/varied.script b/magic/Magdir/varied.script
new file mode 100644
index 0000000..74b1b22
--- /dev/null
+++ b/magic/Magdir/varied.script
@@ -0,0 +1,21 @@
+#------------------------------------------------------------------------------
+# $File: varied.script,v 1.15 2022/10/18 13:01:30 christos Exp $
+# varied.script: file(1) magic for various interpreter scripts
+
+0 string/wt #!\ a
+>&-1 string/T x %s script text executable
+!:strength / 3
+
+0 string/wb #!\ a
+>&-1 string/T x %s script executable (binary data)
+!:strength / 3
+
+
+# using env
+0 string/wt #!\ /usr/bin/env a
+>15 string/T >\0 %s script text executable
+!:strength / 6
+
+0 string/wb #!\ /usr/bin/env a
+>15 string/T >\0 %s script executable (binary data)
+!:strength / 6
diff --git a/magic/Magdir/vax b/magic/Magdir/vax
new file mode 100644
index 0000000..f3deffa
--- /dev/null
+++ b/magic/Magdir/vax
@@ -0,0 +1,32 @@
+
+#------------------------------------------------------------------------------
+# $File: vax,v 1.10 2019/10/04 18:07:46 christos Exp $
+# vax: file(1) magic for VAX executable/object and APL workspace
+#
+0 lelong 0101557 VAX single precision APL workspace
+0 lelong 0101556 VAX double precision APL workspace
+
+#
+# VAX a.out (BSD; others collide with 386 and other 32-bit little-endian
+# executables, and are handled in aout)
+#
+0 lelong 0420 a.out VAX demand paged (first page unmapped) pure executable
+>16 lelong >0 not stripped
+
+#
+# VAX COFF
+#
+# The `versions' were commented out, but have been un-commented out.
+# (Was the problem just one of endianness?)
+#
+0 leshort 0570
+>2 uleshort <100 VAX COFF executable, sections %d
+>>4 ledate x \b, created %s
+>>12 lelong >0 \b, not stripped
+>>22 leshort >0 \b, version %d
+
+0 leshort 0575
+>2 uleshort <100 VAX COFF pure executable, sections %d
+>>4 ledate x \b, created %s
+>>12 lelong >0 \b, not stripped
+>>22 leshort >0 \b, version %d
diff --git a/magic/Magdir/vicar b/magic/Magdir/vicar
new file mode 100644
index 0000000..59d843d
--- /dev/null
+++ b/magic/Magdir/vicar
@@ -0,0 +1,17 @@
+
+#------------------------------------------------------------------------------
+# $File: vicar,v 1.4 2009/09/19 16:28:13 christos Exp $
+# vicar: file(1) magic for VICAR files.
+#
+# From: Ossama Othman <othman@astrosun.tn.cornell.edu
+# VICAR is JPL's in-house spacecraft image processing program
+# VICAR image
+0 string LBLSIZE= VICAR image data
+>32 string BYTE \b, 8 bits = VAX byte
+>32 string HALF \b, 16 bits = VAX word = Fortran INTEGER*2
+>32 string FULL \b, 32 bits = VAX longword = Fortran INTEGER*4
+>32 string REAL \b, 32 bits = VAX longword = Fortran REAL*4
+>32 string DOUB \b, 64 bits = VAX quadword = Fortran REAL*8
+>32 string COMPLEX \b, 64 bits = VAX quadword = Fortran COMPLEX*8
+# VICAR label file
+43 string SFDU_LABEL VICAR label file
diff --git a/magic/Magdir/virtual b/magic/Magdir/virtual
new file mode 100644
index 0000000..3372020
--- /dev/null
+++ b/magic/Magdir/virtual
@@ -0,0 +1,307 @@
+
+#------------------------------------------------------------------------------
+# $File: virtual,v 1.17 2022/08/23 08:00:54 christos Exp $
+# From: James Nobis <quel@quelrod.net>
+# Microsoft hard disk images for:
+# Virtual Server
+# Virtual PC
+# VirtualBox
+# URL: http://fileformats.archiveteam.org/wiki/VHD_(Virtual_Hard_Disk)
+# Reference: https://download.microsoft.com/download/f/f/e/ffef50a5-07dd-4cf8-aaa3-442c0673a029/
+# Virtual%20Hard%20Disk%20Format%20Spec_10_18_06.doc
+0 string conectix Microsoft Disk Image, Virtual Server or Virtual PC
+# alternative shorter names
+#0 string conectix Microsoft Virtual Hard Disk image
+#0 string conectix Microsoft Virtual HD image
+!:mime application/x-virtualbox-vhd
+!:ext vhd
+# Features is a bit field used to indicate specific feature support
+#>8 ubelong !0x00000002 \b, Features %#x
+# Reserved. This bit must always be set to 1.
+#>8 ubelong &0x00000002 \b, Reserved %#x
+# File Format Version for the current specification 0x00010000
+#>12 ubelong !0x00010000 \b, Version %#8.8x
+# Data Offset only found 0x200
+#>16 ubequad !0x200 \b, Data Offset %#llx
+#>16 ubequad x \b, at %#llx
+# Dynamic Disk Header cookie like cxsparse
+#>(16.Q) string x "%-.8s"
+# This field contains a Unicode string (UTF-16) of the parent hard disk filename
+#>(16.Q+64) ubequad x \b, parent name %#llx
+# Creator Application
+# vpc~Microsoft Virtual PC, vs~Microsoft Virtual Server, vbox~VirtualBox, d2v~disk2vhd
+>28 string x \b, Creator %-4.4s
+# Creator Version: 0x00010000~Virtual Server 2004, 0x00050000~Virtual PC 2004
+# holds the major/minor version of the application that created the image
+>32 ubeshort x %x
+>34 ubeshort x \b.%x
+#>32 ubelong x \b, Version %#8.8x
+# Creator Host OS: 0x5769326B~Windows (Wi2k), 0x4D616320~Macintosh (Mac)
+>36 ubelong x (
+>>36 ubelong 0x5769326B \bW2k
+>>36 ubelong 0x4D616320 \bMac
+>>36 default x \b0x
+>>>36 ubelong x \b%8.8x
+# creation Time in seconds since 1 Jan 2000 UTC~946684800 sec. since Unix Epoch
+>24 bedate+946684800 x \b) %s
+# Original Size
+#>40 ubequad x \b, o.-Size %#llx
+# Current Size is same as original size, but change when disk is expanded
+#>48 ubequad x \b, Size %#llx
+>48 ubequad x \b, %llu bytes
+# Disk Geometry: cylinder, heads, and sectors/track for hard disk
+#>56 ubeshort x \b, Cylinder %#x
+>56 ubeshort x \b, CHS %u
+# Heads
+#>58 ubyte x \b, Heads %#x
+>58 ubyte x \b/%u
+# Sectors per track
+#>59 ubyte x \b, Sectors %#x
+>59 ubyte x \b/%u
+# Disk Type: 3~Dynamic hard disk
+>60 ubelong !0x3 \b, type %#x
+# Checksum
+#>64 ubelong x \b, cksum %#x
+# universally unique identifier (UUID) to associate a parent with its differencing image
+#>68 ubequad x \b, id %#16.16llx
+#>76 ubequad x \b-%16.16llx
+# Saved State: 1~Saved State
+>84 ubyte !0 \b, State %#x
+# Reserved 427 bytes with nils
+#>85 ubequad !0 \b, Reserved %#16.16llx
+
+# From: Joerg Jenderek
+# URL: https://msdn.microsoft.com/en-us/library/mt740058.aspx
+# Reference: https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/
+# MS-VHDX/[MS-VHDX].pdf
+# Note: extends the VHD format with new capabilities, such as a 16TB maximum size
+# TODO: find and display values like virtual size, disk size, cluster_size, etc
+# display id in GUID format
+#
+# VHDX_FILE_IDENTIFIER signature 0x656C696678646876
+0 string vhdxfile
+# VHDX_HEADER signature. 1 header is stored at offset 64KB and the other at 128KB
+>0x10000 string head Microsoft Disk Image eXtended
+#>0x20000 string head \b, 2nd header
+#!:mime application/x-virtualbox-vhdx
+!:ext vhdx
+# Creator[256] like "QEMU v3.0.0", "Microsoft Windows 6.3.9600.18512"
+>>8 lestring16 x \b, by %.256s
+# The Checksum field is a CRC-32C hash over the entire 4 KB structure
+#>>0x10004 ulelong x \b, CRC %#x
+# SequenceNumber
+>>0x10008 ulequad x \b, sequence %#llx
+# FileWriteGuid
+#>>0x10010 ubequad x \b, file id %#llx
+#>>>0x10018 ubequad x \b-%llx
+# DataWriteGuid
+#>>0x10020 ubequad x \b, data id %#llx
+#>>>0x10028 ubequad x \b-%llx
+# LogGuid. If this field is zero, then the log is empty or has no valid entries
+>>0x10030 ubequad >0 \b, log id %#llx
+>>>0x10038 ubequad x \b-%llx
+# LogVersion. If not 0 there is a log to replay
+>>0x10040 uleshort >0 \b, LogVersion %#x
+# Version. This field must be set to 1
+>>0x10042 uleshort !1 \b, Version %#x
+# LogLength must be multiples of 1 MB
+>>0x10044 ulelong/1048576 >1 \b, LogLength %u MB
+# LogOffset (normally 0x100000 when log direct after header); multiples of 1 MB
+>>0x10048 ulequad !0x100000 \b, LogOffset %#llx
+# Log Entry Signature must be 0x65676F6C~loge
+>>(0x10048.q) ulelong !0x65676F6C \b, NO Log Signature
+>>(0x10048.q) ulelong =0x65676F6C \b; LOG
+# Log Entry Checksum
+#>>>(0x10048.q+4) ulelong x \b, Log CRC %#x
+# Log Entry Length must be a multiple of 4 KB
+>>>(0x10048.q+8) ulelong/1024 >4 \b, EntryLength %u KB
+# Log Entry Tail must be a multiple of 4 KB
+#>>>(0x10048.q+12) ulelong x \b, Tail %#x
+# Log Entry SequenceNumber
+#>>>(0x10048.q+16) ulequad x \b, # %#llx
+# Log Entry DescriptorCount may be zero. only 4 bytes in other docs instead 8
+#>>>(0x10048.q+24) ulelong x \b, DescriptorCount %#llx
+# Log Entry Reserved must be set to 0
+>>>(0x10048.q+28) ulelong !0 \b, Reserved %#x
+# Log Entry LogGuid
+#>>>(0x10048.q+32) ubequad x \b, Log id %#llx
+#>>>(0x10048.q+40) ubequad x \b-%llx
+# Log Entry FlushedFileOffset should VHDX size when entry is written.
+#>>>(0x10048.q+48) ulequad x \b, FlushedFileOffset %llu
+# Log Entry LastFileOffset
+#>>>(0x10048.q+56) ulequad x \b, LastFileOffset %llu
+# filling
+#>>>(0x10048.q+64) ulequad >0 \b, filling %llx
+# Reserved[4016]
+#>>0x10050 ulequad >0 \b, Reserved %#llx
+# VHDX_REGION_TABLE_HEADER Signature 0x69676572~regi at offset 192 KB and 256 KB
+>0x30000 ulelong !0x69676572 \b, 1st region INVALID
+>0x30000 ulelong =0x69676572 \b; region
+# region Checksum. CRC-32C hash over the entire 64-KB table
+#>>0x30004 ulelong x \b, CRC %#x
+# The EntryCount specifies number of valid entries; Found 2; This must be =< 2047.
+>>0x30008 ulelong x \b, %u entries
+# reserved must be zero
+#>>0x3000C ulelong !0 \b, RESERVED %#x
+# Region Table Entry starts with identifier for the object. often BAT id
+>>0x30010 use vhdx-id
+# FileOffset
+>>0x30020 ulequad x \b, at %#llx
+# Length. Specifies the length of the object within the file
+#>>0x30028 ulelong x \b, Length %#x
+# 1 means region entry is required. if region not recognized, then REFUSE to load VHDX
+>>0x3002C ulelong x \b, Required %u
+# 2nd region entry often metadata id
+>>0x30030 use vhdx-id
+# 2nd entry FileOffset
+>>0x30040 ulequad x \b, at %#llx
+# 1 means region entry is required. if region not recognized, then REFUSE to load VHDX
+>>0x3004C ulelong x \b, Required %u
+# 2nd region
+>>0x40000 ulelong !0x69676572 \b, 2nd region INVALID
+# check in vhdx images for known id and show names instead hexadecimal
+0 name vhdx-id
+# https://www.windowstricks.in/online-windows-guid-converter
+# 2DC27766-F623-4200-9D64-115E9BFD4A08 BAT GUID
+# 6677C22D23F600429D64115E9BFD4A08 BAT ID
+>0 ubequad =0x6677C22D23F60042
+>>8 ubequad =0x9D64115E9BFD4A08 \b, id BAT
+# no BAT id
+>>8 default x
+>>>0 use vhdx-id-hex
+# 8B7CA206-4790-4B9A-B8FE-575F050F886E Metadata region GUID
+# 06A27C8B90479A4BB8FE575F050F886E Metadata region ID
+>0 ubequad =0x06A27C8B90479A4B
+>>8 ubequad =0xB8FE575F050F886E \b, id Metadata
+# no Metadata id
+>>8 default x
+>>>0 use vhdx-id-hex
+# 2FA54224-CD1B-4876-B211-5DBED83BF4B8 Virtual Disk Size GUID
+# 2442A52F1BCD7648B2115DBED83BF4B8 Virtual Disk Size ID
+# value "virtual size" can be verified by command `qemu-img info `
+>0 ubequad =0x2442A52F1BCD7648
+>>8 ubequad =0xB2115DBED83BF4B8 \b, id vsize
+# no Virtual Disk Size ID
+>>8 default x
+>>>0 use vhdx-id-hex
+# other ids
+>0 default x
+>>0 use vhdx-id-hex
+# in vhdx images show id as hexadecimal
+0 name vhdx-id-hex
+>0 ubequad x \b, ID %#16.16llx
+>8 ubequad x \b-%16.16llx
+#
+# libvirt
+# From: Philipp Hahn <hahn@univention.de>
+0 string LibvirtQemudSave Libvirt QEMU Suspend Image
+>0x10 lelong x \b, version %u
+>0x14 lelong x \b, XML length %u
+>0x18 lelong 1 \b, running
+>0x1c lelong 1 \b, compressed
+
+0 string LibvirtQemudPart Libvirt QEMU partial Suspend Image
+# From: Alex Beregszaszi <alex@fsn.hu>
+0 string/b COWD VMWare3
+>4 byte 3 disk image
+>>32 lelong x (%d/
+>>36 lelong x \b%d/
+>>40 lelong x \b%d)
+>4 byte 2 undoable disk image
+>>32 string >\0 (%s)
+
+0 string/b VMDK VMware4 disk image
+0 string/b KDMV VMware4 disk image
+
+#--------------------------------------------------------------------
+# Qemu Emulator Images
+# Lines written by Friedrich Schwittay (f.schwittay@yousable.de)
+# Updated by Adam Buchbinder (adam.buchbinder@gmail.com)
+# Made by reading sources, reading documentation, and doing trial and error
+# on existing QCOW files
+0 string/b QFI\xFB QEMU QCOW Image
+!:mime application/x-qemu-disk
+
+# Uncomment the following line to display Magic (only used for debugging
+# this magic number)
+#>0 string/b x , Magic: %s
+
+# There are currently 2 Versions: "1" and "2".
+# https://www.gnome.org/~markmc/qcow-image-format-version-1.html
+>4 belong x (v%d)
+
+# Using the existence of the Backing File Offset to determine whether
+# to read Backing File Information
+>>12 belong >0 \b, has backing file (
+# Note that this isn't a null-terminated string; the length is actually
+# (16.L). Assuming a null-terminated string happens to work usually, but it
+# may spew junk until it reaches a \0 in some cases.
+>>>(12.L) string >\0 \bpath %s
+
+# Modification time of the Backing File
+# Really useful if you want to know if your backing
+# file is still usable together with this image
+>>>>20 bedate >0 \b, mtime %s)
+>>>>20 default x \b)
+
+# Size is stored in bytes in a big-endian u64.
+>>24 bequad x \b, %lld bytes
+
+# 1 for AES encryption, 0 for none.
+>>36 belong 1 \b, AES-encrypted
+
+# https://www.gnome.org/~markmc/qcow-image-format.html
+>4 belong 2 (v2)
+# Using the existence of the Backing File Offset to determine whether
+# to read Backing File Information
+>>8 bequad >0 \b, has backing file
+# Note that this isn't a null-terminated string; the length is actually
+# (16.L). Assuming a null-terminated string happens to work usually, but it
+# may spew junk until it reaches a \0 in some cases. Also, since there's no
+# .Q modifier, we just use the bottom four bytes as an offset. Note that if
+# the file is over 4G, and the backing file path is stored after the first 4G,
+# the wrong filename will be printed. (This should be (8.Q), when that syntax
+# is introduced.)
+>>>(12.L) string >\0 (path %s)
+>>24 bequad x \b, %lld bytes
+>>32 belong 1 \b, AES-encrypted
+
+>4 belong 3 (v3)
+# Using the existence of the Backing File Offset to determine whether
+# to read Backing File Information
+>>8 bequad >0 \b, has backing file
+# Note that this isn't a null-terminated string; the length is actually
+# (16.L). Assuming a null-terminated string happens to work usually, but it
+# may spew junk until it reaches a \0 in some cases. Also, since there's no
+# .Q modifier, we just use the bottom four bytes as an offset. Note that if
+# the file is over 4G, and the backing file path is stored after the first 4G,
+# the wrong filename will be printed. (This should be (8.Q), when that syntax
+# is introduced.)
+>>>(12.L) string >\0 (path %s)
+>>24 bequad x \b, %lld bytes
+>>32 belong 1 \b, AES-encrypted
+
+>4 default x (unknown version)
+
+0 string/b QEVM QEMU suspend to disk image
+
+# QEMU QED Image
+# https://wiki.qemu.org/Features/QED/Specification
+0 string/b QED\0 QEMU QED Image
+
+# VDI Image
+# Sun xVM VirtualBox Disk Image
+# From: Richard W.M. Jones <rich@annexia.org>
+# VirtualBox Disk Image
+0x40 ulelong 0xbeda107f VirtualBox Disk Image
+>0x44 uleshort >0 \b, major %u
+>0x46 uleshort >0 \b, minor %u
+>0 string >\0 (%s)
+>368 lequad x \b, %lld bytes
+
+0 string/b Bochs\ Virtual\ HD\ Image Bochs disk image,
+>32 string x type %s,
+>48 string x subtype %s
+
+0 lelong 0x02468ace Bochs Sparse disk image
+
diff --git a/magic/Magdir/virtutech b/magic/Magdir/virtutech
new file mode 100644
index 0000000..410ab9e
--- /dev/null
+++ b/magic/Magdir/virtutech
@@ -0,0 +1,12 @@
+
+#------------------------------------------------------------------------------
+# $File: virtutech,v 1.4 2009/09/19 16:28:13 christos Exp $
+# Virtutech Compressed Random Access File Format
+#
+# From <gustav@virtutech.com>
+0 string \211\277\036\203 Virtutech CRAFF
+>4 belong x v%d
+>20 belong 0 uncompressed
+>20 belong 1 bzipp2ed
+>20 belong 2 gzipped
+>24 belong 0 not clean
diff --git a/magic/Magdir/visx b/magic/Magdir/visx
new file mode 100644
index 0000000..fe5c827
--- /dev/null
+++ b/magic/Magdir/visx
@@ -0,0 +1,32 @@
+
+#------------------------------------------------------------------------------
+# $File: visx,v 1.5 2009/09/19 16:28:13 christos Exp $
+# visx: file(1) magic for Visx format files
+#
+0 short 0x5555 VISX image file
+>2 byte 0 (zero)
+>2 byte 1 (unsigned char)
+>2 byte 2 (short integer)
+>2 byte 3 (float 32)
+>2 byte 4 (float 64)
+>2 byte 5 (signed char)
+>2 byte 6 (bit-plane)
+>2 byte 7 (classes)
+>2 byte 8 (statistics)
+>2 byte 10 (ascii text)
+>2 byte 15 (image segments)
+>2 byte 100 (image set)
+>2 byte 101 (unsigned char vector)
+>2 byte 102 (short integer vector)
+>2 byte 103 (float 32 vector)
+>2 byte 104 (float 64 vector)
+>2 byte 105 (signed char vector)
+>2 byte 106 (bit plane vector)
+>2 byte 121 (feature vector)
+>2 byte 122 (feature vector library)
+>2 byte 124 (chain code)
+>2 byte 126 (bit vector)
+>2 byte 130 (graph)
+>2 byte 131 (adjacency graph)
+>2 byte 132 (adjacency graph library)
+>2 string .VISIX (ascii text)
diff --git a/magic/Magdir/vms b/magic/Magdir/vms
new file mode 100644
index 0000000..56d57ae
--- /dev/null
+++ b/magic/Magdir/vms
@@ -0,0 +1,30 @@
+
+#------------------------------------------------------------------------------
+# $File: vms,v 1.10 2017/03/17 21:35:28 christos Exp $
+# vms: file(1) magic for VMS executables (experimental)
+#
+# VMS .exe formats, both VAX and AXP (Greg Roelofs, newt@uchicago.edu)
+
+# GRR 950122: I'm just guessing on these, based on inspection of the headers
+# of three executables each for Alpha and VAX architectures. The VAX files
+# all had headers similar to this:
+#
+# 00000 b0 00 30 00 44 00 60 00 00 00 00 00 30 32 30 35 ..0.D.`.....0205
+# 00010 01 01 00 00 ff ff ff ff ff ff ff ff 00 00 00 00 ................
+#
+0 string \xb0\0\x30\0 VMS VAX executable
+>44032 string PK\003\004 \b, Info-ZIP SFX archive v5.12 w/decryption
+#
+# The AXP files all looked like this, except that the byte at offset 0x22
+# was 06 in some of them and 07 in others:
+#
+# 00000 03 00 00 00 00 00 00 00 ec 02 00 00 10 01 00 00 ................
+# 00010 68 00 00 00 98 00 00 00 b8 00 00 00 00 00 00 00 h...............
+# 00020 00 00 07 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
+# 00030 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................
+# 00040 00 00 00 00 ff ff ff ff ff ff ff ff 02 00 00 00 ................
+#
+# GRR this test is still too general as it catches example adressen.dbt
+0 belong 0x03000000
+>8 ubelong 0xec020000 VMS Alpha executable
+>>75264 string PK\003\004 \b, Info-ZIP SFX archive v5.12 w/decryption
diff --git a/magic/Magdir/vmware b/magic/Magdir/vmware
new file mode 100644
index 0000000..cd1a9d9
--- /dev/null
+++ b/magic/Magdir/vmware
@@ -0,0 +1,6 @@
+
+#------------------------------------------------------------------------------
+# $File: vmware,v 1.8 2017/03/17 21:35:28 christos Exp $
+# VMware specific files (deducted from version 1.1 and log file entries)
+# Anthon van der Neut (anthon@mnt.org)
+0 belong 0x4d52564e VMware nvram
diff --git a/magic/Magdir/vorbis b/magic/Magdir/vorbis
new file mode 100644
index 0000000..49e75cb
--- /dev/null
+++ b/magic/Magdir/vorbis
@@ -0,0 +1,155 @@
+
+#------------------------------------------------------------------------------
+# $File: vorbis,v 1.26 2020/08/22 18:30:55 christos Exp $
+# vorbis: file(1) magic for Ogg/Vorbis files
+#
+# From Felix von Leitner <leitner@fefe.de>
+# Extended by Beni Cherniavsky <cben@crosswinds.net>
+# Further extended by Greg Wooledge <greg@wooledge.org>
+#
+# Most (everything but the number of channels and bitrate) is commented
+# out with `##' as it's not interesting to the average user. The most
+# probable things advanced users would want to uncomment are probably
+# the number of comments and the encoder version.
+#
+# FIXME: The first match has been made a search, so that it can skip
+# over prepended ID3 tags. This will work for MIME type detection, but
+# won't work for detecting other properties of the file (they all need
+# to be made relative to the search). In any case, if the file has ID3
+# tags, the ID3 information will be printed, not the Ogg information,
+# so until that's fixed, this doesn't matter.
+# FIXME[2]: Disable the above for now, since search assumes text mode.
+#
+# --- Ogg Framing ---
+#0 search/1000 OggS Ogg data
+0 string OggS Ogg data
+>4 byte !0 UNKNOWN REVISION %u
+##>4 byte 0 revision 0
+>4 byte 0
+##>>14 lelong x (Serial %lX)
+# non-Vorbis content: FLAC (Free Lossless Audio Codec, http://flac.sourceforge.net)
+>>28 string \x7fFLAC \b, FLAC audio
+# non-Vorbis content: Theora
+!:mime audio/ogg
+>>28 string \x80theora \b, Theora video
+!:mime video/ogg
+# non-Vorbis content: Kate
+>>28 string \x80kate\0\0\0\0 \b, Kate (Karaoke and Text)
+!:mime application/ogg
+>>>37 ubyte x v%u
+>>>38 ubyte x \b.%u,
+>>>40 byte 0 utf8 encoding,
+>>>40 byte !0 unknown character encoding,
+>>>60 string >\0 language %s,
+>>>60 string \0 no language set,
+>>>76 string >\0 category %s
+>>>76 string \0 no category set
+# non-Vorbis content: Skeleton
+>>28 string fishead\0 \b, Skeleton
+!:mime video/ogg
+>>>36 leshort x v%u
+>>>40 leshort x \b.%u
+# non-Vorbis content: Speex
+>>28 string Speex\ \ \ \b, Speex audio
+!:mime audio/ogg
+# non-Vorbis content: OGM
+>>28 string \x01video\0\0\0 \b, OGM video
+!:mime video/ogg
+>>>37 string/c div3 (DivX 3)
+>>>37 string/c divx (DivX 4)
+>>>37 string/c dx50 (DivX 5)
+>>>37 string/c xvid (XviD)
+# --- First vorbis packet - general header ---
+>>28 string \x01vorbis \b, Vorbis audio,
+!:mime audio/ogg
+>>>35 lelong !0 UNKNOWN VERSION %u,
+##>>>35 lelong 0 version 0,
+>>>35 lelong 0
+>>>>39 ubyte 1 mono,
+>>>>39 ubyte 2 stereo,
+>>>>39 ubyte >2 %u channels,
+>>>>40 lelong x %u Hz
+# Minimal, nominal and maximal bitrates specified when encoding
+>>>>48 string <\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff \b,
+# The above tests if at least one of these is specified:
+>>>>>52 lelong !-1
+# Vorbis RC2 has a bug which puts -1000 in the min/max bitrate fields
+# instead of -1.
+# Vorbis 1.0 uses 0 instead of -1.
+>>>>>>52 lelong !0
+>>>>>>>52 lelong !-1000
+>>>>>>>>52 lelong x <%u
+>>>>>48 lelong !-1
+>>>>>>48 lelong x ~%u
+>>>>>44 lelong !-1
+>>>>>>44 lelong !-1000
+>>>>>>>44 lelong !0
+>>>>>>>>44 lelong x >%u
+>>>>>48 string <\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff bps
+# -- Second vorbis header packet - the comments
+# A kludge to read the vendor string. It's a counted string, not a
+# zero-terminated one, so file(1) can't read it in a generic way.
+# libVorbis is the only one existing currently, so I detect specifically
+# it. The interesting value is the cvs date (8 digits decimal).
+# Post-RC1 Ogg files have the second header packet (and thus the version)
+# in a different place, so we must use an indirect offset.
+>>>(84.b+85) string \x03vorbis
+>>>>(84.b+96) string/c Xiphophorus\ libVorbis\ I \b, created by: Xiphophorus libVorbis I
+>>>>>(84.b+120) string >00000000
+# Map to beta version numbers:
+>>>>>>(84.b+120) string <20000508 (<beta1, prepublic)
+>>>>>>(84.b+120) string 20000508 (1.0 beta 1 or beta 2)
+>>>>>>(84.b+120) string >20000508
+>>>>>>>(84.b+120) string <20001031 (beta2-3)
+>>>>>>(84.b+120) string 20001031 (1.0 beta 3)
+>>>>>>(84.b+120) string >20001031
+>>>>>>>(84.b+120) string <20010225 (beta3-4)
+>>>>>>(84.b+120) string 20010225 (1.0 beta 4)
+>>>>>>(84.b+120) string >20010225
+>>>>>>>(84.b+120) string <20010615 (beta4-RC1)
+>>>>>>(84.b+120) string 20010615 (1.0 RC1)
+>>>>>>(84.b+120) string 20010813 (1.0 RC2)
+>>>>>>(84.b+120) string 20010816 (RC2 - Garf tuned v1)
+>>>>>>(84.b+120) string 20011014 (RC2 - Garf tuned v2)
+>>>>>>(84.b+120) string 20011217 (1.0 RC3)
+>>>>>>(84.b+120) string 20011231 (1.0 RC3)
+# Some pre-1.0 CVS snapshots still had "Xiphphorus"...
+>>>>>>(84.b+120) string >20011231 (pre-1.0 CVS)
+# For the 1.0 release, Xiphophorus is replaced by Xiph.Org
+>>>>(84.b+96) string/c Xiph.Org\ libVorbis\ I \b, created by: Xiph.Org libVorbis I
+>>>>>(84.b+117) string >00000000
+>>>>>>(84.b+117) string <20020717 (pre-1.0 CVS)
+>>>>>>(84.b+117) string 20020717 (1.0)
+>>>>>>(84.b+117) string 20030909 (1.0.1)
+>>>>>>(84.b+117) string 20040629 (1.1.0 RC1)
+>>>>>>(84.b+117) string 20050304 (1.1.2)
+>>>>>>(84.b+117) string 20070622 (1.2.0)
+>>>>>>(84.b+117) string 20090624 (1.2.2)
+>>>>>>(84.b+117) string 20090709 (1.2.3)
+>>>>>>(84.b+117) string 20100325 (1.3.1)
+>>>>>>(84.b+117) string 20101101 (1.3.2)
+>>>>>>(84.b+117) string 20120203 (1.3.3)
+>>>>>>(84.b+117) string 20140122 (1.3.4)
+>>>>>>(84.b+117) string 20150105 (1.3.5)
+
+# non-Vorbis content: Opus https://tools.ietf.org/html/rfc7845#section-5
+>>28 string OpusHead \b, Opus audio,
+!:mime audio/ogg
+>>>36 ubyte >0x0F UNKNOWN VERSION %u,
+>>>36 ubyte&0x0F !0 version 0.%u,
+>>>>46 ubyte >1
+>>>>>46 ubyte !255 unknown channel mapping family %u,
+>>>>>37 ubyte x %u channels
+>>>>46 ubyte 0
+>>>>>37 ubyte 1 mono
+>>>>>37 ubyte 2 stereo
+>>>>46 ubyte 1
+>>>>>37 ubyte 1 mono
+>>>>>37 ubyte 2 stereo
+>>>>>37 ubyte 3 linear surround
+>>>>>37 ubyte 4 quadraphonic
+>>>>>37 ubyte 5 5.0 surround
+>>>>>37 ubyte 6 5.1 surround
+>>>>>37 ubyte 7 6.1 surround
+>>>>>37 ubyte 8 7.1 surround
+>>>>40 lelong !0 \b, %u Hz (Input Sample Rate) \ No newline at end of file
diff --git a/magic/Magdir/vxl b/magic/Magdir/vxl
new file mode 100644
index 0000000..0fdc68a
--- /dev/null
+++ b/magic/Magdir/vxl
@@ -0,0 +1,14 @@
+
+#------------------------------------------------------------------------------
+# $File: vxl,v 1.4 2009/09/19 16:28:13 christos Exp $
+# VXL: file(1) magic for VXL binary IO data files
+#
+# from Ian Scott <scottim@sf.net>
+#
+# VXL is a collection of C++ libraries for Computer Vision.
+# See the vsl chapter in the VXL Book for more info
+# http://www.isbe.man.ac.uk/public_vxl_doc/books/vxl/book.html
+# http:/vxl.sf.net
+
+2 lelong 0x472b2c4e VXL data file,
+>0 leshort >0 schema version no %d
diff --git a/magic/Magdir/warc b/magic/Magdir/warc
new file mode 100644
index 0000000..5942867
--- /dev/null
+++ b/magic/Magdir/warc
@@ -0,0 +1,16 @@
+
+#------------------------------------------------------------------------------
+# $File: warc,v 1.4 2019/04/19 00:42:27 christos Exp $
+# warc: file(1) magic for WARC files
+
+0 string WARC/ WARC Archive
+>5 string x version %.4s
+!:mime application/warc
+
+#------------------------------------------------------------------------------
+# Arc File Format from Internet Archive
+# see https://www.archive.org/web/researcher/ArcFileFormat.php
+0 string filedesc:// Internet Archive File
+!:mime application/x-ia-arc
+>11 search/256 \x0A \b
+>>&0 ubyte >0 \b version %c
diff --git a/magic/Magdir/weak b/magic/Magdir/weak
new file mode 100644
index 0000000..6dc1793
--- /dev/null
+++ b/magic/Magdir/weak
@@ -0,0 +1,16 @@
+
+#------------------------------------------------------------------------------
+# weak: file(1) magic for very weak magic entries, disabled by default
+#
+# These entries are so weak that they might interfere identification of
+# other formats. Example include:
+# - Only identify for 1 or 2 bytes
+# - Match against very wide range of values
+# - Match against generic word in some spoken languages (e.g. English)
+
+# Summary: Computer Graphics Metafile
+# Extension: .cgm
+#0 beshort&0xffe0 0x0020 binary Computer Graphics Metafile
+#0 beshort 0x3020 character Computer Graphics Metafile
+
+#0 string =!! Bennet Yee's "face" format
diff --git a/magic/Magdir/web b/magic/Magdir/web
new file mode 100644
index 0000000..a0d26e6
--- /dev/null
+++ b/magic/Magdir/web
@@ -0,0 +1,18 @@
+
+#------------------------------------------------------------------------------
+# $File: web,v 1.2 2022/10/29 16:02:37 christos Exp $
+
+# http://www.rdfhdt.org/
+# From Christoph Biedl
+# http://www.rdfhdt.org/hdt-internals/
+# https://github.com/rdfhdt/hdt-cpp
+
+0 string $HDT\x01 HDT file (binary compressed indexed RDF triples) type 1
+!:mime application/vnd.hdt
+!:ext hdt
+
+0 string [Adblock\040Plus Adblock Plus
+>&1 regex [0-9.]+ %s
+>1 string x rules file
+>10 search/100 Version:
+>>&1 regex [0-9]+ \b, version %s
diff --git a/magic/Magdir/webassembly b/magic/Magdir/webassembly
new file mode 100644
index 0000000..469b45e
--- /dev/null
+++ b/magic/Magdir/webassembly
@@ -0,0 +1,17 @@
+#------------------------------------------------------------------------------
+# $File: webassembly,v 1.4 2022/08/16 11:16:39 christos Exp $
+# webassembly: file(1) magic for WebAssembly modules
+#
+# WebAssembly is a virtual architecture developed by a W3C Community
+# Group at https://webassembly.org/. The file extension is .wasm, and
+# the MIME type is application/wasm.
+#
+# https://webassembly.org/docs/binary-encoding/ is the main
+# document describing the binary format.
+# From: Pip Cet <pipcet@gmail.com> and Joel Martin
+
+0 string \0asm WebAssembly (wasm) binary module
+>4 lelong =1 version %#x (MVP)
+!:mime application/wasm
+!:ext wasm
+>4 lelong >1 version %#x
diff --git a/magic/Magdir/windows b/magic/Magdir/windows
new file mode 100644
index 0000000..f58ce3e
--- /dev/null
+++ b/magic/Magdir/windows
@@ -0,0 +1,1822 @@
+
+#------------------------------------------------------------------------------
+# $File: windows,v 1.63 2023/07/17 16:56:13 christos Exp $
+# windows: file(1) magic for Microsoft Windows
+#
+# This file is mainly reserved for files where programs
+# using them are run almost always on MS Windows 3.x or
+# above, or files only used exclusively in Windows OS,
+# where there is no better category to allocate for.
+# For example, even though WinZIP almost run on Windows
+# only, it is better to treat them as "archive" instead.
+# For format usable in DOS, such as generic executable
+# format, please specify under "msdos" file.
+#
+
+
+# Summary: Outlook Express DBX file
+# Created by: Christophe Monniez
+# Update: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/Outlook_Express_Database
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/d/dbx.trid.xml
+# https://sourceforge.net/projects/ol2mbox/files/LibDBX/
+# v1.0.4/libdbx_1.0.4.tar.gz/FILE-FORMAT
+# Note: called "Outlook Express Database" by TrID and DROID via PUID fmt/838 fmt/839
+# and partly verified by `undbx --verbosity 4 Posteingang.dbx`
+0 string \xCF\xAD\x12\xFE
+# skip DROID fmt-838-signature-id-1193.dbx fmt-839-signature-id-1194.dbx by check for valid file size
+>0x7C ulelong >0 MS Outlook Express DBX file
+#!:mime application/octet-stream
+#!:mime application/vnd.ms-outlook
+!:mime application/x-ms-dbx
+!:ext dbx
+>>4 byte =0xC5 \b, message database
+>>4 byte =0xC6 \b, folder database
+>>4 byte =0xC7 \b, account information
+>>4 byte =0x30 \b, offline database
+# version like: 5.2 5.5 (typical)
+>>20 ulequad !0x0000000500000005 \b, version
+# major version
+>>>24 ulelong x %u
+# minor version
+>>>20 ulelong x \b.%u
+# CLSID: 6F74FDC5-E366-11d1-9A4E-00C04FA309D4~Message 6F74FDC6-E366-11D1-9A4E-00C04FA309D4~Folder
+# 26FE9D30-1A8F-11D2-AABF-006097D474C4~offline
+#>>4 guid x \b, CLSID %s
+# file size; total size of file; sometimes real size a little bit higher
+>>0x7C ulelong x \b, ~ %u bytes
+# highest Email ID; the next email will have a number one higher than this
+>>0x5c ulelong x \b, highest ID %#x
+# item count; number of items stored in this DBX file
+>>0xC4 ulelong x \b, %u item
+# plural s
+>>0xC4 ulelong !1 \bs
+# index pointer; file offset pointing to a page of Data Indexes
+>>0xE4 ulelong >0 \b, index pointer %#x
+
+# From: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/Nickfile
+# https://www.nirsoft.net/utils/outlook_nk2_edit.html
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/n/nk2.trid.xml
+# https://github.com/libyal/libnk2/blob/main/documentation
+# Nickfile%20(NK2)%20format.asciidoc
+# Note: called "Outlook Nickfile" by TrID & TestDisk and
+# "Outlook Nickname File" by Microsoft Outlook and
+# "Outlook AutoComplete File" by Nirsoft NK2Edit
+# partly verfied by NK2Edit Raw Text Edit Mode
+0 ubelong 0x0DF0ADBA MS Outlook Nickfile
+#!:mime application/octet-stream
+#!:mime application/vnd.ms-outlook
+!:mime application/x-ms-nickfile
+!:ext nk2/dat/bak
+# nick is used by "older" Outlook; dat is used by "newer" Outlook (probably 2010 - 2016); bak is used for backup
+#!:ext nick/nk2/dat/bak
+# Unknown; probably a version indicator like: 0000000Ah 0000000Ch
+>4 ulelong x \b, probably version %u
+# Unknown2; probably a version indicator like: 1 0
+>8 ulelong x \b.%u
+# number of rows (nickname or alias items) in file
+>12 ulelong x \b, %u items
+# number of item entries/columns/properties value like: 17h
+>16 ulelong x \b, %u entries
+# value type/property tag: 001Fh~4 bytes for data size of UTF-16 LE string
+>20 uleshort x \b, value type %#4.4x
+# entry type/property identifier: 6001h~PR_DOTSTUFF_STATE/PR_NICK_NAME_W
+>22 uleshort x \b, entry type %#4.4x
+# Reserved like: 0013FD90h
+#>24 ulelong x \b, reserved %#8.8x
+# value data array/Irrelevant Union like: 0000000004E31A80h
+#>28 ulequad x \b, data %#16.16llx
+# UTF-16
+>20 uleshort =0x001F
+# unicode string bytes like: 2Ch
+>>36 ulelong x \b, %u bytes
+# unicode string value PT_UNICODE like: janesmith@contoso.org
+>>40 lestring16 x "%s"
+
+# Summary: Windows crash dump
+# Created by: Andreas Schuster (https://computer.forensikblog.de/)
+# https://web.archive.org/web/20101125060849/https://computer.forensikblog.de/en/2008/02/64bit_magic.html
+# Modified by (1): Abel Cheung (Avoid match with first 4 bytes only)
+# Modified by (2): Joerg Jenderek (addtional fields, extension, URL)
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/d/dmp.trid.xml
+# https://gitlab.com/qemu-project/qemu/-/blob/master/include/qemu/win_dump_defs.h
+# Note: called "Windows memory dump" by TrID
+# and verified by like Windows Kit `Dumpchk.exe 043022-18703-01.dmp`
+# and partly by NirSoft `BlueScreenView.exe 043022-18703-01.dmp`
+# char Signature[4]
+0 string PAGE
+# char ValidDump[4]
+>4 string DUMP MS Windows 32bit crash dump
+#!:mime application/octet-stream
+!:mime application/x-ms-dmp
+# like: Mini111013-01.dmp
+!:ext dmp
+# major version like: 15
+>>8 ulelong x \b, version %u
+# minor version like: 2600
+>>12 ulelong x \b.%u
+# DirectoryTableBase like: 709000
+#>>16 ulelong x \b, DirectoryTableBase %#x
+# PfnDatabase like: 805620c8
+#>>20 ulelong x \b, PfnDatabase %#x
+# PsLoadedModuleList like: 8055d720
+#>>24 ulelong x \b, PsLoadedModuleList %#x
+# PsActiveProcessHead like:805638b8
+#>>28 ulelong x \b, PsActiveProcessHead %#x
+# MachineImageType like: 14c (intel x86)
+>>32 ulelong !0x14c \b, MachineImageType %#x
+# NumberProcessors like: 2
+>>36 ulelong x \b, %u processors
+# BugcheckCode like: e2
+#>>40 ulelong x \b, BugcheckCode %#x
+# BugcheckParameter1 like: 0
+#>>44 ulelong x \b, BugcheckParameter1 %#x
+# BugcheckParameter2 like: 0
+#>>48 ulelong x \b, BugcheckParameter2 %#x
+# BugcheckParameter3 like: 0
+#>>52 ulelong x \b, BugcheckParameter3 %#x
+# BugcheckParameter4 like: 0
+#>>56 ulelong x \b, BugcheckParameter4 %#x
+# VersionUser[32]; like "PAGEPAGEPAGEPAGEPAGEPAGEPAGEPAGE" ""
+#>>60 string x \b, VersionUser "%.32s"
+# uint32_t reserved0 like: 45474101
+#>>92 ulelong x \b, reserved0 %#x
+>>0x05c byte 0 \b, no PAE
+>>0x05c byte 1 \b, PAE
+# KdDebuggerDataBlock like: 8054d2e0
+#>>96 ulelong x \b, KdDebuggerDataBlock %#x
+# uint8_t PhysicalMemoryBlockBuffer[700]
+# WinDumpPhyMemDesc32 NumberOfRuns like: 45474150
+#>>100 ulelong x \b, NumberOfRuns %#x
+# WinDumpPhyMemDesc32 uint32_t NumberOfPages like: 1162297680
+#>>104 ulelong x \b, NumberOfPages %#x
+# WinDumpPhyMemRun32 Run[86]; 688 bytes
+#>>108 ulelong x \b, BasePage %#x
+#>>112 ulelong x \b, PageCount %#x
+# uint8_t reserved1[3200]
+#>>800 string x \b, reserved "%s"
+#>>4000 ulelong x \b, RequiredDumpSpace %#x
+# uint8_t reserved2[92];
+#>>4004 string x \b, reserved2 "%s"
+>>0xf88 lelong 1 \b, full dump
+>>0xf88 lelong 2 \b, kernel dump
+>>0xf88 lelong 3 \b, small dump
+# like: 4
+>>0xf88 lelong >3 \b, dump type (%#x)
+# WinDumpPhyMemDesc32 uint32_t NumberOfPages like: 1162297680
+# GRR: IS THIS TRUE? VALUE IS SOMETIMES VERY HIGH!
+#>>104 ulelong x \b, NumberOfPages %#x
+>>0x068 lelong x \b, %d pages
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/d/dmp-64.trid.xml113o
+# Note: called "Windows 64bit Memory Dump" by TrID
+# char ValidDump[4]
+>4 string DU64 MS Windows 64bit crash dump
+#!:mime application/octet-stream
+!:mime application/x-ms-dmp
+# like: c:\Windows\Minidump\020322-18890-01.dmp c:\Windows\MEMORY.DMP
+!:ext dmp
+# major version like: 15
+>>8 ulelong x \b, version %u
+# minor version like: 9600 19041 22621
+>>12 ulelong x \b.%u
+# DirectoryTableBase like: 001ab000
+#>>16 ulequad x \b, DirectoryTableBase %#llx
+# PfnDatabase like: fffffa8000000000
+#>>24 ulequad x \b, PfnDatabase %#llx
+# PsLoadedModuleList like: fffff800c553f650
+#>>32 ulequad x \b, PsLoadedModuleList %#llx
+# PsActiveProcessHead like: fffff800c5525400
+#>>40 ulequad x \b, PsActiveProcessHead %#llx
+# MachineImageType like: 00008664
+>>48 ulelong !0x8664 \b, MachineImageType %#x
+# NumberProcessors like: 2 4
+>>52 ulelong x \b, %u processors
+# BugcheckCode like: 1000007e
+#>>56 ulelong x \b, BugcheckCode %#x
+# unused0
+#>>60 ulelong x \b, unused0 %#x
+# BugcheckParameter1 like: ffffffffc0000005
+#>>64 ulequad x \b, BugcheckParameter1 %#llx
+# BugcheckParameter2 like: fffff801abb2158f
+#>>72 ulequad x \b, BugcheckParameter2 %#llx
+# BugcheckParameter3 like: ffffd000290d4288
+#>>80 ulequad x \b, BugcheckParameter3 %#llx
+# BugcheckParameter4 like: ffffd000290d3aa0
+#>>88 ulequad x \b, BugcheckParameter4 %#llx
+# VersionUser[32]; like "" "PAGEPAGEPAGEPAGEPAGEPAGEPAGEPAGE" ""
+#>>96 string x \b, VersionUser "%.32s"
+# KdDebuggerDataBlock like: fffff800c550c530
+#>>128 ulequad x \b, KdDebuggerDataBlock %#llx
+# uint8_t PhysicalMemoryBlockBuffer[704]
+# WinDumpPhyMemDesc64 NumberOfRuns like: 6 7 0x45474150
+#>>136 ulelong x \b, NumberOfRuns %#x
+# WinDumpPhyMemDesc64 unused like: 0 0x45474150
+#>>140 ulelong x \b, unused %#x
+# WinDumpPhyMemRun64 Run[43] BasePage like: 1
+#>>152 ulequad x \b, BasePage %#llx
+# WinDumpPhyMemRun64 Run[43] PageCount like: 57h
+#>>160 ulequad x \b, PageCount %#llx
+# uint8_t ContextBuffer[3000] like: "" "\001" "\0207J\266\001\340\377\377&8\007\312"
+#>>840 string x \b, ContextBuffer "%s"
+# WinDumpExceptionRecord ExceptionCode
+#>>3840 ulelong x \b, ExceptionCode %#x
+# WinDumpExceptionRecord ExceptionFlags
+#>>3844 ulelong x \b, ExceptionFlags %#x
+# WinDumpExceptionRecord ExceptionRecord
+#>>3848 ulequad x \b, ExceptionRecord %#llx
+# WinDumpExceptionRecord ExceptionAddress
+#>>3856 ulequad x \b, ExceptionAddress %#llx
+# WinDumpExceptionRecord NumberParameters
+#>>3864 ulelong x \b, NumberParameters %#x
+# WinDumpExceptionRecord unused
+#>>3868 ulelong x \b, unsed %#x
+# WinDumpExceptionRecord ExceptionInformation[15]
+#>>3872 ulequad x \b, ExceptionInformation[0] %#llx
+# https://learn.microsoft.com/en-us/troubleshoot/windows-server/performance/memory-dump-file-options
+# but DumpType like: 4~small 5~full (MEMORY.DMP) 6~kernel (MEMORY.DMP)
+>>0xf98 ulelong x \b,
+>>>0xf98 lelong 5 full dump
+>>>0xf98 lelong 6 kernel dump
+>>>0xf98 lelong 4 small dump
+# This probably never occur
+>>>0xf98 default x DumpType
+>>>>0xf98 ulelong x (%#x)
+# WinDumpPhyMemDesc64 uint64_t NumberOfPages like: 3142425 8341923 8366500 1162297680 4992030524978970960
+# GRR: IS THIS TRUE? VALUE IS SOMETIMES VERY HIGH!
+>>0x090 lequad x \b, %lld pages
+
+# Summary: Vista Event Log
+# Created by: Andreas Schuster (https://computer.forensikblog.de/)
+# Update: Joerg Jenderek
+# URL: https://github.com/libyal/libevtx/blob/main/documentation/Windows%20XML%20Event%20Log%20(EVTX).asciidoc
+# Reference (1): https://web.archive.org/web/20110803085000/
+# https://computer.forensikblog.de/en/2007/05/some_magic.html
+# http://mark0.net/download/triddefs_xml.7z/defs/e/evtx.trid.xml
+# Note: called "Vista Event Log" by TrID and "Event Log" by Windows
+# verified partly by `wevtutil.exe gli /lf:true dumpfile.evtx`
+0 string ElfFile\0 MS Windows
+#!:mime application/octet-stream
+!:mime application/x-ms-evtx
+!:ext evtx
+# Major+Minor format version: 3.1~Vista and later 3.2~Windows 10 (2004) and later
+>0x24 ulelong =0x00030001 Vista-8.1 Event Log
+>0x24 ulelong !0x00030001 10-11 Event Log, version
+>>0x26 uleshort x %u
+>>0x24 uleshort x \b.%u
+>0x2a leshort x \b, %d chunks
+>>0x10 lelong x \b (no. %d in use)
+>0x18 lelong >1 \b, next record no. %d
+>0x18 lelong =1 \b, empty
+>0x78 lelong &1 \b, DIRTY
+>0x78 lelong &2 \b, FULL
+
+# Summary: Windows Event Trace Log
+# From: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/ETL
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/e/etl.trid.xml
+# https://www.geoffchappell.com/studies/windows/km/ntoskrnl/api/etw/tracelog/trace_logfile_header.htm
+# Note: called "Window tracing/diagnostic binary log" by TrID
+# verified by `tracerpt.EXE Wifi.etl -of EVTX`
+# and by etl-parser `etl2xml --input AMSITrace.etl --output AMSITrace.xml`
+# Every ETL file begins with a WMI_BUFFER_HEADER, a SYSTEM_TRACE_HEADER and a TRACE_LOGFILE_HEADER
+0 ubyte 0
+# look for corresponding encoded as UTF-16 file name extension like in: boot_BASE+CSWITCH_1.etl
+>0 search/0x699087/b .\0e\0t\0l\0\0\0
+# GRR: line above only works if in ../../src/file.h FILE_BYTES_MAX is raised above 699086h (6,59 MiB)
+>>0 use trace-etl
+# display information of Windows Performance Analyzer Trace File (file name)
+0 name trace-etl
+>0 ubyte x Windows Event Trace Log
+#!:mime application/x-ms-etl
+# http://extension.nirsoft.net/etl
+!:mime application/etl
+!:ext etl
+# look for DOS drive letter part of log file name like: PhotosAppTracing_startedInBGMode.etl
+>0 search/0x2b4/sb :\0\x5c\0
+# like: "c:\Windows\Logs\NetSetup\service.0.etl" "C:\Windows\System32\LogFiles\WMI\Wifi.etl"
+>>&-2 lestring16 x "%s"
+
+# Summary: Windows System Deployment Image
+# Created by: Joerg Jenderek
+# URL: http://en.wikipedia.org/wiki/System_Deployment_Image
+# Reference: http://skolk.livejournal.com/1320.html
+0 string $SDI
+>4 string 0001 System Deployment Image
+!:mime application/x-ms-sdi
+#!:mime application/octet-stream
+# \Boot\boot.sdi
+!:ext sdi
+# MDBtype: 0~Unspecified 1~RAM 2~ROM
+>>8 ulequad !0 \b, MDBtype %#llx
+# BootCodeOffset
+>>16 ulequad !0 \b, BootCodeOffset %#llx
+# BootCodeSize
+>>24 ulequad !0 \b, BootCodeSize %#llx
+# VendorID
+>>32 ulequad !0 \b, VendorID %#llx
+# DeviceID
+>>40 ulequad !0 \b, DeviceID %#llx
+# DeviceModel
+>>48 ulequad !0 \b, DeviceModel %#llx
+>>>56 ulequad !0 \b%llx
+# DeviceRole
+>>64 ulequad !0 \b, DeviceRole %#llx
+# Reserved1; reserved fields and gaps between BLOBs are padded with \0
+#>>72 ulequad !0 \b, Reserved1 %#llx
+# RuntimeGUID
+>>80 ulequad !0 \b, RuntimeGUID %#llx
+>>>88 ulequad !0 \b%llx
+# RuntimeOEMrev
+>>96 ulequad !0 \b, RuntimeOEMrev %#llx
+# Reserved2
+#>>104 ulequad !0 \b, Reserved2 %#llx
+# BLOB alignment value in pages, as specified in sdimgr /pack: 1~4K 2~8k
+>>112 ulequad !0 \b, PageAlignment %llu
+# Reserved3[48]
+#>>120 ulequad !0 \b, Reserved3 %#llx
+# SDI checksum 39h
+>>0x1f8 ulequad x \b, checksum %#llx
+# BLOBtype[8] \0-padded: PART, WIM , BOOT, LOAD, DISK
+>>0x400 string >\0 \b, type %-3.8s
+# 0~non-filesystem 7~NTFS 6~BIGFAT
+>>>0x420 ulequad !0 (%#llx)
+# ATTRibutes
+>>>0x408 ulequad !0 %#llx attributes
+# Offset
+>>>0x410 ulequad x at %#llx
+# print 1 space after size and then handles NTFS boot sector by ./filesystems
+>>>0x418 ulequad >0 %llu bytes
+>>>>(0x410.l) indirect x
+# 2nd BLOB: WIM
+>>0x440 string >\0 \b, type %-3.8s
+>>>0x428 ulequad !0 (%#llx)
+# ATTRibutes
+>>>0x448 ulequad !0 %#llx attributes
+# Offset
+>>>0x450 ulequad x at %#llx
+>>>0x458 ulequad >0 %llu bytes
+>>>>(0x450.l) indirect x
+# 3rd BLOB
+>>0x480 string >\0 \b, type %-3.8s
+
+# Summary: Windows boot status log BOOTSTAT.DAT
+# From: Joerg Jenderek
+# Reference: https://www.geoffchappell.com/notes/windows/boot/bsd.htm
+# Note: mainly refers to older Windows Vista, sometimes
+# BOOTSTAT.DAT only contains nulls or invalid data
+# checking for valid version below 5
+0 ulelong <5
+# skip many ISO images by checking for valid 64 KiB file size
+>8 ulelong =0x00010000
+>>0 use bootstat-dat
+# display information of BOOTSTAT.DAT
+0 name bootstat-dat
+>0 ulelong x Windows boot log
+#!:mime application/octet-stream
+!:mime application/x-ms-dat
+# BOOTSTAT.DAT in BOOT subdirectory
+!:ext dat
+# apparently a version number: 2 for older like Vista, 3, 4 Windows 10
+>0 ulelong >2 \b, version %u
+# apparently the size of the header: often 10h in older Windows, 14h, 18h
+>4 ulelong !0x10 \b, header size %#x
+#>4 ulelong !0x10 \b, header size %u
+# apparently the size of the file: always 0x00010000~64KiB
+# the file is acceptable to BOOTMGR only if it is exactly 64 KiB
+>8 ulelong !0x00010000 \b, file size %#x
+# size of valid data, in bytes: C8h 50h 172h 5D5Ch
+>0xc ulelong x \b, %#x valid bytes
+# skip header and jump to first bootstat entry and display information
+>(0x4.l-1) ubyte x
+>>&0 use bootstat-entry
+# jump to first entry again because pointer are bad after "use"
+>(0x4.l-1) ubyte x
+# by 1st entry size jump to 2nd entry and display information
+>>&(&0x18.l-1) ubyte x
+>>>&0 use bootstat-entry
+# jump to possible 3rd boot entry and display information
+# >(0x4.l-1) ubyte x
+# >>&(&0x18.l-1) ubyte x
+# >>>&(&0x18.l-1) ubyte x
+# >>>>&0 use bootstat-entry
+# display BOOTSTAT.DAT entry
+0 name bootstat-entry
+#>0x00 ubequad x \b, ENTRY %16.16llx
+# size of entry, in bytes: 40h(init) 78h(launced) 9Ch
+#>0x18 ulelong x \b; entry size %u
+>0x18 ulelong x \b; entry size %#x
+# time stamp, in seconds
+>0x00 ulelong x \b, %#x seconds
+# always zero, significance unknown
+>0x04 ulelong !0 \b, not null %u
+# GUID of event source; but empty if event source is BOOTMGR
+>0x08 ubequad !0 \b, GUID %#16.16llx
+>>0x10 ubequad x \b%16.16llx
+# severity code: 1~informational 3~errors
+>0x1C ulelong !1 \b, severity %#x
+# apparently a version number: 2
+>0x20 ulelong !2 \b, version %u
+# event identifier 1~log file initialised 11h~boot application launched
+#>0x24 ulelong x \b, event %#x
+>0x24 ulelong !1
+>>0x24 ulelong !0x11 \b, event %#x
+# entry data; size depends on event identifier
+#>0x28 ubequad x \b, data %#16.16llx
+>0x24 ulelong =0x1 \b, Init
+# always 0, significance unknown
+>>0x34 uleshort !0 \b, not null %u
+# always 7, significance unknown
+>>0x36 uleshort !7 \b, not seven %u
+# year
+>>0x28 uleshort x %u
+# month
+>>0x2A uleshort x \b-%u
+# day
+>>0x2C uleshort x \b-%u
+# hour
+>>0x2E uleshort x %u
+# minute
+>>0x30 uleshort x \b:%u
+# second
+>>0x32 uleshort x \b:%u
+# boot application launched
+>0x24 ulelong =0x11 \b, launched
+# type of start: 0 normally, 1 or 2 maybe in a recovery sequence
+>>0x38 uleshort !0 \b, type %u
+# pathname of boot application, as null-terminated Unicode string; typically
+# \Windows\system32\winload.exe \Windows\system32\winload.efi
+>>0x3C lestring16 x %s
+
+# Summary: Windows Error Report text files
+# URL: https://en.wikipedia.org/wiki/Windows_Error_Reporting
+# Reference: https://www.nirsoft.net/utils/app_crash_view.html
+# Created by: Joerg Jenderek
+# Note: in directories %ProgramData%\Microsoft\Windows\WER\{ReportArchive,ReportQueue}
+# %LOCALAPPDATA%\Microsoft\Windows\WER\{ReportArchive,ReportQueue}
+0 lestring16 Version=
+>22 lestring16 EventType Windows Error Report
+!:mime text/plain
+# Report.wer
+!:ext wer
+
+# Summary: Windows 3.1 group files
+# Extension: .grp
+# Created by: unknown
+0 string \120\115\103\103 MS Windows 3.1 group files
+
+
+# Summary: Old format help files
+# URL: https://en.wikipedia.org/wiki/WinHelp
+# Reference: https://www.oocities.org/mwinterhoff/helpfile.htm
+# Update: Joerg Jenderek
+# Created by: Dirk Jagdmann <doj@cubic.org>
+#
+# check and then display version and date inside MS Windows HeLP file fragment
+0 name help-ver-date
+# look for Magic of SYSTEMHEADER
+>0 leshort 0x036C
+# version Major 1 for right file fragment
+>>4 leshort 1 Windows
+# print non empty string above to avoid error message
+# Warning: Current entry does not yet have a description for adding a MIME type
+!:mime application/winhelp
+!:ext hlp
+# version Minor of help file format is hint for windows version
+>>>2 leshort 0x0F 3.x
+>>>2 leshort 0x15 3.0
+>>>2 leshort 0x21 3.1
+>>>2 leshort 0x27 x.y
+>>>2 leshort 0x33 95
+>>>2 default x y.z
+>>>>2 leshort x %#x
+# to complete message string like "MS Windows 3.x help file"
+>>>2 leshort x help
+# GenDate often older than file creation date
+>>>6 ldate x \b, %s
+#
+# Magic for HeLP files
+0 lelong 0x00035f3f
+# ./windows (version 5.25) labeled the entry as "MS Windows 3.x help file"
+# file header magic 0x293B at DirectoryStart+9
+>(4.l+9) uleshort 0x293B MS
+# look for @VERSION bmf.. like IBMAVW.ANN
+>>0xD4 string =\x62\x6D\x66\x01\x00 Windows help annotation
+!:mime application/x-winhelp
+!:ext ann
+>>0xD4 string !\x62\x6D\x66\x01\x00
+# "GID Help index" by TrID
+>>>(4.l+0x65) string =|Pete Windows help Global Index
+!:mime application/x-winhelp
+!:ext gid
+# HeLP Bookmark or
+# "Windows HELP File" by TrID
+>>>(4.l+0x65) string !|Pete
+# maybe there exist a cleaner way to detect HeLP fragments
+# brute search for Magic 0x036C with matching Major maximal 7 iterations
+# discapp.hlp
+>>>>16 search/0x49AF/s \x6c\x03
+>>>>>&0 use help-ver-date
+>>>>>&4 leshort !1
+# putty.hlp
+>>>>>>&0 search/0x69AF/s \x6c\x03
+>>>>>>>&0 use help-ver-date
+>>>>>>>&4 leshort !1
+>>>>>>>>&0 search/0x49AF/s \x6c\x03
+>>>>>>>>>&0 use help-ver-date
+>>>>>>>>>&4 leshort !1
+>>>>>>>>>>&0 search/0x49AF/s \x6c\x03
+>>>>>>>>>>>&0 use help-ver-date
+>>>>>>>>>>>&4 leshort !1
+>>>>>>>>>>>>&0 search/0x49AF/s \x6c\x03
+>>>>>>>>>>>>>&0 use help-ver-date
+>>>>>>>>>>>>>&4 leshort !1
+>>>>>>>>>>>>>>&0 search/0x49AF/s \x6c\x03
+>>>>>>>>>>>>>>>&0 use help-ver-date
+>>>>>>>>>>>>>>>&4 leshort !1
+>>>>>>>>>>>>>>>>&0 search/0x49AF/s \x6c\x03
+# GCC.HLP is detected after 7 iterations
+>>>>>>>>>>>>>>>>>&0 use help-ver-date
+# this only happens if bigger hlp file is detected after used search iterations
+>>>>>>>>>>>>>>>>>&4 leshort !1 Windows y.z help
+!:mime application/winhelp
+!:ext hlp
+# repeat search again or following default line does not work
+>>>>16 search/0x49AF/s \x6c\x03
+# remaining files should be HeLP Bookmark WinHlp32.BMK (XP 32-bit) or WinHlp32 (Windows 8.1 64-bit)
+>>>>16 default x Windows help Bookmark
+!:mime application/x-winhelp
+!:ext bmk
+## FirstFreeBlock normally FFFFFFFFh 10h for *ANN
+##>>8 lelong x \b, FirstFreeBlock %#8.8x
+# EntireFileSize
+>>12 lelong x \b, %d bytes
+## ReservedSpace normally 042Fh AFh for *.ANN
+#>>(4.l) lelong x \b, ReservedSpace %#8.8x
+## UsedSpace normally 0426h A6h for *.ANN
+#>>(4.l+4) lelong x \b, UsedSpace %#8.8x
+## FileFlags normally 04...
+#>>(4.l+5) lelong x \b, FileFlags %#8.8x
+## file header magic 0x293B
+#>>(4.l+9) uleshort x \b, file header magic %#4.4x
+## file header Flags 0x0402
+#>>(4.l+11) uleshort x \b, file header Flags %#4.4x
+## file header PageSize 0400h 80h for *.ANN
+#>>(4.l+13) uleshort x \b, PageSize %#4.4x
+## Structure[16] z4
+#>>(4.l+15) string >\0 \b, Structure_"%-.16s"
+## MustBeZero 0
+#>>(4.l+31) uleshort x \b, MustBeZero %#4.4x
+## PageSplits
+#>>(4.l+33) uleshort x \b, PageSplits %#4.4x
+## RootPage
+#>>(4.l+35) uleshort x \b, RootPage %#4.4x
+## MustBeNegOne 0xffff
+#>>(4.l+37) uleshort x \b, MustBeNegOne %#4.4x
+## TotalPages 1
+#>>(4.l+39) uleshort x \b, TotalPages %#4.4x
+## NLevels 0x0001
+#>>(4.l+41) uleshort x \b, NLevels %#4.4x
+## TotalBtreeEntries
+#>>(4.l+43) ulelong x \b, TotalBtreeEntries %#8.8x
+## pages of the B+ tree
+#>>(4.l+47) ubequad x \b, PageStart %#16.16llx
+
+# start with colon or semicolon for comment line like Back2Life.cnt
+0 regex \^(:|;)
+# look for first keyword Base
+>0 search/45 :Base
+>>&0 use cnt-name
+# only solution to search again from beginning , because relative offsets changes when use is called
+>0 search/45 :Base
+>0 default x
+# look for other keyword Title like in putty.cnt
+>>0 search/45 :Title
+>>>&0 use cnt-name
+#
+# display mime type and name of Windows help Content source
+0 name cnt-name
+# skip space at beginning
+>0 string \040
+# name without extension and greater character or name with hlp extension
+>>1 regex/c \^([^\xd>]*|.*\\.hlp) MS Windows help file Content, based "%s"
+!:mime text/plain
+!:apple ????TEXT
+!:ext cnt
+#
+# Windows creates a full text search from hlp file, if the user clicks the "Find" tab and enables keyword indexing
+0 string tfMR MS Windows help Full Text Search index
+!:mime application/x-winhelp-fts
+!:ext fts
+>16 string >\0 for "%s"
+
+# Summary: Hyper terminal
+# Created by: unknown
+# Update: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/HyperACCESS
+# https://www.hilgraeve.com/hyperterminal/
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/h/ht.trid.xml
+# Note: called "HyperTerminal data file" by TrID and "HyperTerminal File" on English Windows
+0 string HyperTerminal\040
+>14 string 1.0\ --\ HyperTerminal\ data\ file MS Windows HyperTerminal profile
+#!:mime application/octet-stream
+!:mime application/x-ms-ht
+!:ext ht
+
+# https://ithreats.files.wordpress.com/2009/05/\040
+# lnk_the_windows_shortcut_file_format.pdf
+# Summary: Windows shortcut
+# Created by: unknown
+# Update: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/Windows_Shortcut
+# https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-shllink/
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/l/lnk-shortcut.trid.xml
+# https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-SHLLINK/%5bMS-SHLLINK%5d.pdf
+# Note: called "Windows Shortcut" by TrID, "Microsoft Windows Shortcut" by DROID via PUID x-fmt/428 and "Windows shortcut file" by ./msdos (v 1.158)
+# partly verified by command like `lnkinfo AOL.lnk`
+# 'L' + GUUID
+# HeaderSize + LinkCLSID 00021401-0000-0000-C000-000000000046
+0 string \114\0\0\0\001\024\002\0\0\0\0\0\300\0\0\0\0\0\0\106 MS Windows shortcut
+!:mime application/x-ms-shortcut
+!:ext lnk
+# LinkFlags
+# HasLinkTargetIDList; if set a LinkTargetIDList structure MUST follow the ShellLinkHeader; If is not set, structure MUST NOT be present
+>20 lelong&1 1 \b, Item id list present
+# HasLinkInfo; if set a LinkInfo structure MUST follow the ShellLinkHeader or LinkTargetIDList; If is not set, structure MUST NOT be present
+>20 lelong&2 2 \b, Points to a file or directory
+>20 lelong&4 4 \b, Has Description string
+>20 lelong&8 8 \b, Has Relative path
+>20 lelong&16 16 \b, Has Working directory
+>20 lelong&32 32 \b, Has command line arguments
+>20 lelong&64 64 \b, Icon
+# IconIndex
+>>56 lelong x \b number=%d
+# IsUnicode; If set then StringData section contains Unicode-encoded strings
+>20 lelong&128 128 \b, Unicoded
+# ForceNoLinkInfo; LinkInfo structure is ignored
+>20 lelong&256 256 \b, NoLinkInfo
+# HasExpString; with an EnvironmentVariableDataBlock
+>20 lelong&512 512 \b, HasEnvironment
+# look for BlockSize 314h and EnvironmentVariableDataBlock BlockSignature A0000001h
+>>76 search/1972 \x14\x03\x00\x00\x01\x00\x00\xa0
+# TargetAnsi (260 bytes); NULL-terminated path to environment variable encoded with system default code page
+#>>>&0 string x '%s'
+# TargetUnicode (520 bytes): optional NULL-terminated path to same environment variable Unicode encoded
+# like: "%windir%\system32\calc.exe"
+>>>&260 lestring16 x "%s"
+# RunInSeparateProcess; run in a separate virtual machine when launching a 16-bit application; no examples found
+>20 lelong&1024 1024 \b, RunInSeparateProcess
+# Unused1; undefined and MUST be ignored
+#>20 lelong&2048 2048 \b, Unused1
+# HasDarwinID; with a DarwinDataBlock
+>20 lelong&4096 4096 \b, HasDarwinID
+# look for BlockSize 314h and DarwinDataBlock BlockSignature A0000006h
+>>76 search/1972 \x14\x03\x00\x00\x06\x00\x00\xa0
+# DarwinDataAnsi (260 bytes); NULL-terminated application identifier encoded with system default code page; SHOULD be ignored
+#>>>&0 string x '%s'
+# DarwinDataUnicode (520 bytes); NULL-terminated application identifier Unicode encoded
+>>>&260 lestring16 x "%s"
+# RunAsUser; target application is run as a different user
+>20 lelong&8192 8192 \b, RunAsUser
+# HasExpIcon; with an IconEnvironmentDataBlock
+>20 lelong&16384 16384 \b, HasExpIcon
+# look for BlockSize 314h and IconEnvironmentDataBlock BlockSignature A0000007h
+>>76 search/1972 \x14\x03\x00\x00\x07\x00\x00\xa0
+# TargetAnsi (260 bytes); NULL-terminated path to environment icon variable encoded with system default code page
+#>>>&0 string x '%s'
+# TargetUnicode (520 bytes); optional NULL-terminated path to same icon environment variable Unicode encoded
+# like: "%SystemDrive%\Program Files\YaCy\addon\YaCy.ico"
+>>>&260 lestring16 x "%s"
+# NoPidlAlias; represented in the shell namespace; no examples found
+>20 lelong&32768 32768 \b, NoPidlAlias
+# Unused2; undefined and MUST be ignored
+#>20 lelong&65536 65536 \b, Unused2
+# RunWithShimLayer; with a ShimDataBlock; no examples found
+>20 lelong&131072 131072 \b, RunWithShimLayer
+# ForceNoLinkTrack; TrackerDataBlock is ignored; no examples found
+>20 lelong&262144 262144 \b, ForceNoLinkTrack
+>20 lelong&262144 0
+# look for BlockSize 60h, TrackerDataBlock BlockSignature A0000003h, it length 58h and Version 0
+>>76 search/1972 \x60\x00\x00\x00\x03\x00\x00\xa0\x58\x00\x00\x00\0\0\0\0
+# MachineID (16 bytes); a NULL-terminated NetBIOS name encoded with system default code page of the machine
+>>>&0 string x \b, MachineID %0.16s
+# Droid (32 bytes)
+#
+# DroidBirth (32 bytes)
+#
+# EnableTargetMetadata; collect target properties and store in PropertyStoreDataBlock
+>20 lelong&524288 524288 \b, EnableTargetMetadata
+# look for BlockSize >= Ch, PropertyStoreDataBlock BlockSignature A0000009h
+#>>76 search/1972 \x00\x00\x09\x00\x00\xa0
+# PropertyStore (variable)
+#
+# DisableLinkPathTracking; EnvironmentVariableDataBlock is ignored; no examples found
+>20 lelong&1048576 1048576 \b, DisableLinkPathTracking
+# DisableKnownFolderTracking; SpecialFolderDataBlock and KnownFolderDataBlock are ignored and not saved
+>20 lelong&2097152 2097152 \b, DisableKnownFolderTracking
+>20 lelong&2097152 0
+# look for BlockSize 1Ch and KnownFolderDataBlock BlockSignature A000000Bh
+>>76 search/1972 \x1c\x00\x00\x00\x0B\x00\x00\xa0
+# https://learn.microsoft.com/en-us/dotnet/desktop/winforms/controls/known-folder-guids-for-file-dialog-custom-places
+# KnownFolderID specifies the folder GUID ID
+# ProgramFiles 905E63B6-C1BF-494E-B29C-65B732D3D21A
+# ProgramFilesX86 7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E
+>>>&0 guid x KnownFolderID %s
+# DisableKnownFolderAlias; unaliased form of the known folder IDList SHOULD be used; no examples found
+>20 lelong&4194304 4194304 \b, DisableKnownFolderAlias
+# AllowLinkToLink; link that references another link is enabled; no examples found
+>20 lelong&8388608 8388608 \b, AllowLinkToLink
+# UnaliasOnSave; unaliased form of that known folder or the target IDList SHOULD be used; no examples found
+>20 lelong&16777216 16777216 \b, UnaliasOnSave
+# PreferEnvironmentPath; path specified in the EnvironmentVariableDataBlock SHOULD be used
+>20 lelong&33554432 33554432 \b, PreferEnvironmentPath
+# KeepLocalIDListForUNCTarget; UNC name SHOULD be stored in local path IDList in PropertyStoreDataBlock; no examples found
+>20 lelong&67108864 67108864 \b, KeepLocalIDListForUNCTarget
+# FileAttributes
+>24 lelong&1 1 \b, Read-Only
+>24 lelong&2 2 \b, Hidden
+>24 lelong&4 4 \b, System
+# Reserved1; MUST be zero
+>24 lelong&8 8 \b, Reserved1
+>24 lelong&16 16 \b, Directory
+>24 lelong&32 32 \b, Archive
+# Reserved2; MUST be zero
+>24 lelong&64 64 \b, Reserved2
+>24 lelong&128 128 \b, Normal
+>24 lelong&256 256 \b, Temporary
+# no examples found
+>24 lelong&512 512 \b, Sparse
+# no examples found
+>24 lelong&1024 1024 \b, Reparse point
+>24 lelong&2048 2048 \b, Compressed
+>24 lelong&4096 4096 \b, Offline
+# FILE_ATTRIBUTE_NOT_CONTENT_INDEXED; contents need to be indexed
+>24 lelong&8192 8192 \b, NeedIndexed
+# FILE_ATTRIBUTE_ENCRYPTED; file or directory is encrypted
+>24 lelong&16384 16384 \b, Encrypted
+# value zero means there is no time set on the target
+>28 leqwdate !0 \b, ctime=%s
+# Access time of target in UTC
+>36 leqwdate !0 \b, atime=%s
+# write time of target in UTC
+>44 leqwdate !0 \b, mtime=%s
+# FileSize; 32 bit size of target in bytes
+>52 lelong x \b, length=%u, window=
+# ShowCommand; 1~SW_SHOWNORMAL 3~SW_SHOWMAXIMIZED HerzlichMEDION.lnk 7~SW_SHOWMINNOACTIVE YaCy.lnk Privoxy.lnk; All other values like 2 MUST be treated as SW_SHOWNORMAL
+#>60 lelong x ShowCommand=%#x
+>60 lelong x
+>>60 lelong 3 \bshowmaximized
+>>60 lelong 7 \bshowminnoactive
+>>60 default x \bnormal
+# Hotkey
+>64 uleshort >0 \b, hot key
+# 41h~A 42h~B ...
+>>64 ubyte x %c
+# modifier keys: 0x01~HOTKEYF_SHIFT 0x02~HOTKEYF_CONTROL 0x04~HOTKEYF_ALT
+>>65 ubyte&1 1 \b+SHIFT
+>>65 ubyte&2 2 \b+CONTROL
+>>65 ubyte&4 4 \b+ALT
+# Reserved; MUST be zero
+#>66 uleshort !0 \b, reserved %#x
+# Reserved2; MUST be zero
+#>68 ulelong !0 \b, reserved2 %#x
+# Reserved3; MUST be zero
+#>72 ulelong !0 \b, reserved3 %#x
+# optional LINKTARGET_IDLIST if LinkFlags bit HasLinkTargetIDList is set
+>20 lelong&1 1
+# IDListSize; size of IDList
+>>76 uleshort x \b, IDListSize %#4.4x
+# 1st item
+>>78 use lnk-item
+# 2nd possible item
+>>(78.s+78) uleshort >0
+>>>(78.s+78) use lnk-item
+# 3rd possible item
+>>>&(&-2.s-2) uleshort >0
+>>>>&-2 use lnk-item
+# 4th possible item
+>>>>&(&-2.s-2) uleshort >0
+>>>>>&-2 use lnk-item
+# Because HasLinkInfo is set, a LinkInfo structure follows
+>20 lelong&2 2
+# if no LINKTARGET_IDLIST (no HasLinkTargetIDList) then direct after header; no example found
+>>20 lelong&1 =0
+>>>76 use lnk-info
+# if LINKTARGET_IDLIST (HasLinkTargetIDList) then after LINKTARGET_IDLIST by addtional IDListSize bytes
+>>20 lelong&1 =1
+>>>76 uleshort >0
+#>>>>(76.s+78) use lnk-info
+>>>>(76.s+78) ubelong x
+# move pointer to beginnig of LinkInfo structure
+>>>>>&-8 ubelong x
+#>>>>>>&16 ulelong x \b, LocalBasePathOffset=%#8.8x
+>>>>>>&(&16.l) string x \b, LocalBasePath "%s"
+# check and then display link item (size,data)
+0 name lnk-item
+# size value 0x0000 means TerminalID; indicates the end of the item IDs list
+>0 uleshort >0
+#>>0 uleshort x \b, ItemIDSize %#4.4x
+# item Data
+#>>2 ubequad x \b, Item data=%#16.16llx
+#>>2 ubyte x \b, Item type=%#x
+>>2 ubyte =0x1f \b, Root folder
+# like: "26EE0668-A00A-44D7-9371-BEB064C98683" Control Panel
+# "20D04FE0-3AEA-1069-A2D8-08002B30309D" My Computer
+# "871C5380-42A0-1069-A2EA-08002B30309D" Internet Explorer
+>>>4 guid x "%s"
+>>2 ubyte =0x2f \b, Volume
+# like: "C:\" "D:\"
+>>>3 string x "%s"
+# Control panel category
+#>>2 ubyte foo \b, Control panel category
+# display LinkInfo structure (size,flags,offsets)
+0 name lnk-info
+# LinkInfoSize; size of the LinkInfo structure
+>0 ulelong x \b, LinkInfoSize %#x
+# LinkInfoHeaderSize; if 1C no optional fields; >=24 optional fields are specified
+>4 ulelong x \b, LinkInfoHeaderSize %#x
+# LinkInfoFlags;
+#>8 ulelong x \b, LinkInfoFlags=%#x
+>8 ulelong&1 1 \b, VolumeIDAndLocalBasePath
+# VolumeIDOffset; location of the VolumeID field (VolumeIDSize DriveType DriveSerialNumber VolumeLabelOffset ... ) inside LinkInfo structure
+>>12 ulelong x \b, VolumeIDOffset %#x
+# LocalBasePathOffset; location of LocalBasePath field like "C:\test\a.txt" inside LinkInfo structure
+>>16 ulelong x \b, LocalBasePathOffset %#x
+# LocalBasePathOffsetUnicode; location of the LocalBasePathUnicode field inside LinkInfo structure
+>>4 ulelong >23
+>>>28 ulelong x \b, LocalBasePathOffsetUnicode %#x
+>8 ulelong&2 2 \b, CommonNetworkRelativeLinkAndPathSuffix
+# CommonNetworkRelativeLinkOffset; location of the CommonNetworkRelativeLink field inside LinkInfo structure
+>>20 ulelong x \b, CommonNetworkRelativeLinkOffset %#x
+# CommonPathSuffixOffset; location of CommonPathSuffix field
+>24 ulelong x \b, CommonPathSuffixOffset %#x
+# CommonPathSuffixOffsetUnicode; location of CommonPathSuffixUnicode field inside LinkInfo structure
+>4 ulelong >23
+>>32 ulelong x \b, CommonPathSuffixOffsetUnicode %#x
+
+# Summary: Outlook Personal Folders
+# Created by: unknown
+# Update: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/Personal_Folder_File
+# https://en.wikipedia.org/wiki/Personal_Storage_Table
+# Reference: https://interoperability.blob.core.windows.net/files/MS-PST/%5bMS-PST%5d.pdf
+# http://mark0.net/download/triddefs_xml.7z/defs/p/pab.trid.xml
+# dwMagic !BDN
+0 lelong 0x4E444221
+# skip DROID x-fmt-75-signature-id-472.pab x-fmt-248-signature-id-260.pst x-fmt-249-signature-id-261.pst
+# by check for existance of bPlatformCreate value
+>14 ubyte x Microsoft Outlook
+#!:mime application/octet-stream
+# NOT official registered !
+!:mime application/vnd.ms-outlook
+# dwCRCPartial; 32-bit cyclic redundancy check (CRC) value of followin 471 bytes; zero for 64-bit
+#>>4 ulelong !0 \b, CRC %#x
+# wMagicClient; AB (4142h) is used for PAB files; SM (534Dh) is used for PST files; SO (534Fh) is used for OST files
+#>>8 leshort x \b, wMagicClient=%#x
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/p/pab.trid.xml
+# Note: called "Microsoft Personal Address Book" by TrID and
+# "Microsoft Outlook Personal Address Book" by DROID via x-fmt/75
+>>8 leshort 0x4142 Personal Address Book
+#!:mime application/x-ms-pab
+!:ext pab
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/p/pst.trid.xml
+# http://mark0.net/download/triddefs_xml.7z/defs/p/pst-unicode.trid.xml
+# Note: called "Microsoft OutLook Personal Folder" by TrID and
+# by DROID via x-fmt/248 for ANSI and via x-fmt/249 for Unicode
+#>>8 leshort 0x4D53 \b, PST~
+# called "Microsoft Outlook email folder" in ./windows version 1.37 and older
+>>8 leshort 0x4D53 Personal Storage
+#!:mime application/x-ms-pst
+!:ext pst
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/o/ost.trid.xml
+# Note: called "Outlook Exchange Offline Storage" by TrID
+>>8 leshort 0x4F53 Offline Storage
+#!:mime application/x-ms-ost
+!:ext ost
+# wVer; file format version. 14 or 15 if the file is ANSI; > 21 or 23(=17h) if Unicode; 37 for written by Outlook with WIP
+>>10 uleshort x (
+# probably NO intermediate versions exist
+>>10 leshort <0x10 \b<=2002, ANSI,
+>>10 leshort >0x14 \b>=2003, Unicode,
+>>10 uleshort x version %u)
+# wVerClient; client file format version like: 19 22
+#>>12 uleshort x \b, wVerClient=%u
+# bPlatformCreate; This value MUST be set to 1 but also found 2
+>>14 ubyte >1 \b, bPlatformCreate=%u
+# bPlatformAccess; This value MUST be set to 1 but also found 2
+>>15 ubyte >1 \b, bPlatformAccess=%u
+# dwReserved1; SHOULD ignore and NOT modify this value; SHOULD initialize to zero
+>>16 ulelong !0 \b, dwReserved1=%#x
+# dwReserved2; SHOULD ignore and NOT modify this value; SHOULD initialize to zero
+>>20 ulelong !0 \b, dwReserved2=%#x
+# ANSI 32-bit variant Outlook 1997-2002
+>>10 uleshort <16
+# bidNextB; next BlockID (ANSI 4 bytes)
+#>>>24 ulelong !0 \b, bidNextB=%#x
+# bidNextP; Next available back BlockID pointer
+#>>>28 ulelong !0 \b, bidNextP=%#x
+# dwUnique; value monotonically increased when modifying PST; so CRC is changing
+>>>32 ulelong !0 \b, dwUnique=%#x
+# rgnid[128]; A fixed array of 32 NodeIDs, each corresponding to one of the 32 possible NID_TYPEs
+#>>>36 ubequad x \b, rgnid=%#llx...
+# dwReserved; Implementations SHOULD ignore this value and SHOULD NOT modify it; Initialized zero
+>>>164 ulelong !0 \b, dwReserved=%#x
+# ibFileEof; the size of the PST file, in bytes (ANSI 4 bytes)
+>>>168 ulelong x \b, %u bytes
+# ibAMapLast; offset to the last AMap page
+#>>>172 ulelong x \b, ibAMapLast=%#x
+# bSentinel; MUST be set to 0x80
+>>>460 ubyte !0x80 \b, bSentinel=%#x
+# bCryptMethod: 0~No encryption 1~encryption with permutation 2~encryption with cyclic 16~encryption with Windows Information Protection (WIP)
+>>>461 ubyte >0 \b, bCryptMethod=%u
+# UNICODE 64-bit variant Outlook 2003-2007
+>>10 uleshort >20
+# bidUnused; Unused 8 bytes padding (Unicode only); sometimes like: 0x0000000100000004
+>>>24 ulequad !0x0000000100000004 \b, bidUnused=%#16.16llx
+# dwUnique; value monotonically increased when modifying PST; so CRC is changing
+>>>40 ulelong !0 \b, dwUnique=%#x
+# rgnid[] (128 bytes): A fixed array of 32 NIDs, each corresponding to one of the 32 possible
+#>>>44 ubequad x \b, rgnid=%#llx...
+# ibFileEof; the size of the PST file, in bytes (Unicode 8 bytes)
+>>>184 ulequad x \b, %llu bytes
+# bSentinel; MUST be set to 0x80
+>>>512 ubyte !0x80 \b, bSentinel=%#x
+# bCryptMethod; Encryption type like: 0 1 2 16
+>>>513 ubyte >0 \b, bCryptMethod=%u
+# dwCRC; 32-bit CRC of the of the previous 516 bytes
+>>>524 ulelong x \b, CRC32 %#x
+
+
+# Summary: Windows help cache
+# Created by: unknown
+0 string \164\146\115\122\012\000\000\000\001\000\000\000 MS Windows help cache
+
+
+# Summary: IE cache file
+# Created by: Christophe Monniez
+0 string Client\ UrlCache\ MMF Internet Explorer cache file
+>20 string >\0 version %s
+
+
+# Summary: Registry files
+# Created by: unknown
+# Modified by (1): Joerg Jenderek
+0 string regf MS Windows registry file, NT/2000 or above
+0 string CREG MS Windows 95/98/ME registry file
+0 string SHCC3 MS Windows 3.1 registry file
+
+
+# Summary: Windows Registry text
+# URL: https://en.wikipedia.org/wiki/Windows_Registry#.REG_files
+# Reference: http://fileformats.archiveteam.org/wiki/Windows_Registry
+# Submitted by: Abel Cheung <abelcheung@gmail.com>
+# Update: Joerg Jenderek
+# Windows 3-9X variant
+0 string REGEDIT
+# skip ASCII text like "REGEDITor.txt" but match
+# L1WMAP.REG with only 1 CRNL or org.gnome.gnumeric.reg with 2 NL
+>7 search/3 \n Windows Registry text
+!:mime text/x-ms-regedit
+!:ext reg
+# Windows 9X variant
+>>0 string REGEDIT4 (Win95 or above)
+# Windows 2K ANSI variant
+0 string Windows\ Registry\ Editor\
+>&0 string Version\ 5.00\r\n\r\n Windows Registry text (Win2K or above)
+!:mime text/x-ms-regedit
+!:ext reg
+# Windows 2K UTF-16 variant
+2 lestring16 Windows\ Registry\ Editor\
+>0x32 lestring16 Version\ 5.00\r\n\r\n Windows Registry little-endian text (Win2K or above)
+# relative offset not working
+#>&0 lestring16 Version\ 5.00\r\n\r\n Windows Registry little-endian text (Win2K or above)
+!:mime text/x-ms-regedit
+!:ext reg
+# WINE variant
+# URL: https://en.wikipedia.org/wiki/Wine_(software)
+# Reference: https://www.winehq.org/pipermail/wine-cvs/2005-October/018763.html
+# Note: WINE use text based registry (system.reg,user.reg,userdef.reg)
+# instead binary hiv structure like Windows
+0 string WINE\ REGISTRY\ Version\ WINE registry text
+# version 2
+>&0 string x \b, version %s
+!:mime text/x-wine-extension-reg
+!:ext reg
+
+# Windows *.INF *.INI files updated by Joerg Jenderek at Apr 2013, Feb 2018
+# empty ,comment , section
+# PR/383: remove unicode BOM because it is not portable across regex impls
+#0 regex/s \\`(\\r\\n|;|[[])
+# empty line CRLF
+0 ubeshort 0x0D0A
+>0 use ini-file
+# comment line starting with semicolon
+0 string ;
+# look for phrase of Windows policy ADMinistrative template (with starting remark)
+# like: WINDOW_95_CD/TOOLS/RESKIT/netadmin/poledit/conf.adm
+>1 search/3548 END\040CATEGORY
+# ADM with remark (by adm-rem.trid.xml) already done by generic ASCII variant
+# if no Windows policy ADMinistrative template then Windows INItialization
+>1 default x
+>>0 use ini-file
+# section line starting with left bracket
+0 string [
+>0 use ini-file
+# check and then display Windows INItialization configuration
+0 name ini-file
+# look for left bracket in section line
+>0 search/8192 [
+# https://en.wikipedia.org/wiki/Autorun.inf
+# https://msdn.microsoft.com/en-us/library/windows/desktop/cc144200.aspx
+# space after right bracket
+# or AutoRun.Amd64 for 64 bit systems
+# or only NL separator
+>>&0 regex/c \^autorun
+# but sometimes total commander directory tree file "treeinfo.wc" with lines like
+# [AUTORUN]
+# [boot]
+>>>&0 string =]\r\n[ Total commander directory treeinfo.wc
+!:mime text/plain
+!:ext wc
+# From: Pal Tamas <folti@balabit.hu>
+# Autorun File
+>>>&0 string !]\r\n[ Microsoft Windows Autorun file
+!:mime application/x-setupscript
+!:ext inf
+# https://msdn.microsoft.com/en-us/library/windows/hardware/ff549520(v=vs.85).aspx
+# version strings ASCII coded case-independent for Windows setup information script file
+>>&0 regex/c \^(version|strings)] Windows setup INFormation
+!:mime application/x-setupscript
+#!:mime application/x-wine-extension-inf
+!:ext inf
+# NETCRC.INF OEMCPL.INF
+>>&0 regex/c \^(WinsockCRCList|OEMCPL)] Windows setup INFormation
+!:mime application/x-setupscript
+!:ext inf
+# http://www.winfaq.de/faq_html/Content/tip2500/onlinefaq.php?h=tip2653.htm
+# https://msdn.microsoft.com/en-us/library/windows/desktop/cc144102.aspx
+# .ShellClassInfo DeleteOnCopy LocalizedFileNames ASCII coded case-independent
+>>&0 regex/1024c \^(\\.ShellClassInfo|DeleteOnCopy|LocalizedFileNames)] Windows desktop.ini
+!:mime application/x-wine-extension-ini
+#!:mime text/plain
+# https://support.microsoft.com/kb/84709/
+>>&0 regex/c \^don't\ load] Windows CONTROL.INI
+!:mime application/x-wine-extension-ini
+!:ext ini
+>>&0 regex/c \^(ndishlp\\$|protman\\$|NETBEUI\\$)] Windows PROTOCOL.INI
+!:mime application/x-wine-extension-ini
+!:ext ini
+# https://technet.microsoft.com/en-us/library/cc722567.aspx
+# http://www.winfaq.de/faq_html/Content/tip0000/onlinefaq.php?h=tip0137.htm
+>>&0 regex/c \^(windows|Compatibility|embedding)] Windows WIN.INI
+!:mime application/x-wine-extension-ini
+!:ext ini
+# https://en.wikipedia.org/wiki/SYSTEM.INI
+>>&0 regex/c \^(boot|386enh|drivers)] Windows SYSTEM.INI
+!:mime application/x-wine-extension-ini
+!:ext ini
+# http://www.mdgx.com/newtip6.htm
+>>&0 regex/c \^SafeList] Windows IOS.INI
+!:mime application/x-wine-extension-ini
+!:ext ini
+# https://en.wikipedia.org/wiki/NTLDR Windows Boot Loader information
+>>&0 regex/c \^boot\x20loader] Windows boot.ini
+!:mime application/x-wine-extension-ini
+!:ext ini
+# https://en.wikipedia.org/wiki/CONFIG.SYS
+>>&0 regex/c \^menu] MS-DOS CONFIG.SYS
+# @CONFIG.UI configuration file of previous DOS version saved by Caldera OPENDOS INSTALL.EXE
+# CONFIG.PSS saved version of file CONFIG.SYS created by %WINDIR%\SYSTEM\MSCONFIG.EXE
+# CONFIG.TSH renamed file CONFIG.SYS.BAT by %WINDIR%\SYSTEM\MSCONFIG.EXE
+# dos and w40 used in dual booting scene
+!:ext sys/dos/w40
+# https://support.microsoft.com/kb/118579/
+>>&0 regex/c \^Paths]\r\n MS-DOS MSDOS.SYS
+!:ext sys/dos
+# http://chmspec.nongnu.org/latest/INI.html#HHP
+>>&0 regex/c \^options]\r\n Microsoft HTML Help Project
+!:mime text/plain
+!:ext hhp
+# From: Joerg Jenderek
+# URL: https://documentation.basis.com/BASISHelp/WebHelp/b3odbc/ODBC_Driver/obdcdriv_character_translation.htm
+# Reference: https://www.garykessler.net/library/file_sigs.html
+# http://mark0.net/download/triddefs_xml.7z/defs/c/cpx.trid.xml
+# Note: stored in directory %WINDIR%\SysWOW64 or %WINDIR%\system
+# second word often Latin but sometimes Cyrillic like in 12510866.CPX
+>>&0 regex/c \^Windows\ (Latin|Cyrillic) Windows codepage translator
+#!:mime text/plain
+!:mime text/x-ms-cpx
+# like: 12510866.CPX
+!:ext cpx
+# From: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/File_Explorer
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/s/scf-exp.trid.xml,scf-exp-old.trid.xml
+# Note: called "Windows Explorer Command Shell File" by TrID and "File Explorer Command" by Windows via SHCmdFile
+>>&0 regex/c \^Shell]\r\n Windows Explorer Shell Command File
+#!:mime text/plain
+!:mime text/x-ms-scf
+# like: channels.scf desktop.scf explorer.scf "Desktop anzeigen.scf"
+!:ext scf
+# look for icon file directive maybe pointing to malicious file
+>>>1 search/128 IconFile= \b, icon
+>>>>&0 string x "%s"
+# From: Joerg Jenderek
+# URL: http://en.wikipedia.org/wiki/VIA_Technologies
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/s/scf-via.trid.xml
+# Note: called "VIA setup configuration file" by TrID
+>>&0 regex/c \^SCF]\r\n VIA setup configuration
+#!:mime text/plain
+!:mime text/x-via-scf
+# like: SETUP.SCF
+!:ext scf
+# From: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/InstallShield
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/l/lid-is.trid.xml
+# Note: contain also 3 keywords like: count Default key0
+>>&0 regex/c \^Languages] InstallShield Language Identifier
+#!:mime text/plain
+!:mime text/x-installshield-lid
+# like: SETUP.LID
+!:ext lid
+# From: Joerg Jenderek
+# URL: https://www.file-extensions.org/tag-file-extension
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/t/taginfo.trid.xml
+# Note: contain also keywords like: Application Category Company Misc Version
+>>&0 regex/c \^TagInfo] TagInfo
+#!:mime text/plain
+#!:mime text/prs.lines.tag
+!:mime text/x-ms-tag
+# like: DATA.TAG
+!:ext tag
+# URL: https://en.wikipedia.org/wiki/Flatpak
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/f/flatpakref.trid.xml
+# Note: called "Flatpack Reference" by TrID
+>>&0 string Flatpak\ Ref] Flatpak repository reference
+#!:mime text/plain
+# https://reposcope.com/mimetype/application/vnd.flatpak.ref
+!:mime application/vnd.flatpak.ref
+!:ext flatpakref
+# From: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/CloneCD
+# Reference: https://en.wikipedia.org/wiki/CloneCD_Control_File
+# http://mark0.net/download/triddefs_xml.7z/defs/c/cdimage-clonecd-cue.trid.xml
+# Note: called "CloneCD CDImage (description)" by TrID and "CloneCD Control File" by DROID via PUID fmt/1760
+>>&0 string CloneCD] CloneCD CD-image Description
+#!:mime text/plain
+!:mime text/x-ccd
+!:ext ccd
+# unknown keyword after opening bracket
+>>&0 default x
+#>>>&0 string/c x UNKNOWN [%s
+# look for left bracket of second section
+>>>&0 search/8192 [
+# version Strings FileIdentification
+>>>>&0 string/c version Windows setup INFormation
+!:mime application/x-setupscript
+!:ext inf
+# From: Joerg Jenderek
+# URL: https://cdrtfe.sourceforge.io/
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/c/cfp-cdrtfe.trid.xml
+>>>>&0 string FileExplorer] cdrtfe Project
+!:mime text/x-cfp
+!:ext cfp
+# https://en.wikipedia.org/wiki/Initialization_file Windows Initialization File or other
+>>>>&0 default x
+>>>>>&0 ubyte x
+# characters, digits, underscore and white space followed by right bracket
+# terminated by CR implies section line to skip BOOTLOG.TXT DETLOG.TXT
+>>>>>>&-1 regex/T \^([A-Za-z0-9_\(\)\ ]+)\]\r Generic INItialization configuration [%-.40s
+# NETDEF.INF multiarc.ini
+#!:mime application/x-setupscript
+!:mime application/x-wine-extension-ini
+#!:mime text/plain
+!:ext ini/inf
+# samples with only 1 and unknown section name
+# XXX: matches a file containing '[1] 2'
+#>>>&0 default x Generic INItialization configuration
+#>>>>0 string x \b, 1st line "%s"
+# UTF-16 BOM
+0 ubeshort =0xFFFE
+# look for phrase of Windows policy ADMinistrative template (UTF-16 by adm-uni.trid.xml)
+# like: wuau.adm
+>2 search/0x384A E\0N\0D\0\040\0C\0A\0T\0E\0G\0O\0R\0Y\0
+>>0 use windows-adm
+# if no Windows policy ADMinistrative template then Windows INFormation
+>2 default x
+# UTF-16 BOM followed by CR~0D00 , comment~semicolon~3B00 , section~bracket~5B00
+>>0 ubelong&0xFFff89FF =0xFFFE0900
+# look for left bracket in section line
+>>>2 search/8192 [
+# keyword without 1st letter which is maybe up-/down-case
+>>>>&3 lestring16 ersion] Windows setup INFormation
+!:mime application/x-setupscript
+# like: hdaudio.inf iscsi.inf spaceport.inf tpm.inf usbhub3.inf UVncVirtualDisplay.inf
+!:ext inf
+>>>>&3 lestring16 trings] Windows setup INFormation
+!:mime application/x-setupscript
+# like: arduino_gemma.inf iis.inf MSM8960.inf
+!:ext inf
+>>>>&3 lestring16 ourceDisksNames] Windows setup INFormation
+!:mime application/x-setupscript
+# like: atiixpag.inf mdmnokia.inf netefe32.inf rdpbus.inf
+!:ext inf
+# netnwcli.inf start with ;---[ NetNWCli.INX ]
+>>>>&3 default x
+# look for NL followed by left bracket
+>>>>>&0 search/8192 \x0A\x00\x5b
+# like: defltwk.inf netvwifibus.inf WSDPrint.inf
+>>>>>>&3 lestring16 ersion] Windows setup INFormation
+!:mime application/x-setupscript
+!:ext inf
+
+# Summary: Windows Policy ADMinistrative template
+# From: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/Administrative_Template
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/a/adm.trid.xml
+# Note: typically stored in directory like: %WINDIR%\system32\GroupPolicy\ADM
+# worst case ASCII variant starting with remark line like: inetset.adm
+0 search/0x4E CLASS\040
+>&0 string MACHINE
+>>0 use windows-adm
+>&0 string USER
+>>0 use windows-adm
+# display information about Windows policy ADMinistrative template
+0 name windows-adm Windows Policy Administrative Template
+!:mime text/x-ms-adm
+!:ext adm
+# UTF-16 BOM implies UTF-16 encoded ADM (by adm-uni.trid.xml)
+>0 ubeshort =0xFFFE
+>>2 lestring16 x \b, 1st line "%s"
+# look for UTF-16 encoded CarriageReturn LineFeed
+>>>2 search/0x3A \r\0\n\0
+>>>>&0 lestring16 x \b, 2nd line "%s"
+# no UTF-16 BOM implies "ASCII" encoded ADM (by adm.trid.xml)
+>0 ubeshort !0xFFFE
+>>0 string x \b, 1st line "%s"
+#>>>&0 ubequad x \b, 2ND %16.16llx
+# 2nd line empty
+>>>&2 beshort =0x0D0A
+>>>>&0 beshort !0x0D0A \b, 3th line
+>>>>>&-2 string x "%s"
+# 2nd line with content
+>>>&2 beshort !0x0D0A \b, 2nd line
+>>>>&-2 string x "%s"
+
+# Windows Precompiled INF files *.PNF added by Joerg Jenderek at Mar 2013 of _PNF_HEADER inf.h
+# http://read.pudn.com/downloads3/sourcecode/windows/248345/win2k/private/windows/setup/setupapi/inf.h__.htm
+# URL: http://fileformats.archiveteam.org/wiki/INF_(Windows)
+# Reference: http://en.verysource.com/code/10350344_1/inf.h.html
+# Note: stored in %Windir%\Inf %Windir%\System32\DriverStore\FileRepository
+# check for valid major and minor versions: 101h - 303h
+0 leshort&0xFcFc =0x0000
+# GRR: line above (strength 50) is too general as it catches also "PDP-11 UNIX/RT ldp" ./pdp
+>0 leshort&0x0303 !0x0000
+# test for valid InfStyles: 1 2
+>>2 uleshort >0
+>>>2 uleshort <3
+# look for colon in WinDirPath after PNF header
+#>>>>0x59 search/18 :
+# skip few Adobe Photoshop Color swatch ("Mac OS.aco" TRUMATCH-Farben.aco Windows.aco) and some
+# Targa image (money-256.tga XING_B_UCM8.tga x-fmt-367-signature-id-604.tga) with "invalid low section name" \0
+>>>>(20.l) ubelong >0x40004000
+>>>>>0 use PreCompiledInf
+0 name PreCompiledInf
+>0 uleshort x Windows Precompiled iNF
+!:mime application/x-pnf
+!:ext pnf
+# major version 1 for older Windows like XP and 3 since about Windows Vista
+# 101h~95-XP; 301h~Windows Vista-7 ; 302h~Windows 10 14393; 303h~Windows 10 18362-Windows11
+>1 ubyte x \b, version %u
+>0 ubyte x \b.%u
+>0 uleshort =0x0101 (Windows
+>>4 ulelong&0x00000001 !0x00000001 95-98)
+>>4 ulelong&0x00000001 =0x00000001 XP)
+>0 uleshort =0x0301 (Windows Vista-8.1)
+>0 uleshort =0x0302 (Windows 10 older)
+>0 uleshort =0x0303 (Windows 10-11)
+# 1 ,2 (windows 98 SE)
+>2 uleshort !2 \b, InfStyle %u
+# PNF_FLAG_IS_UNICODE 0x00000001
+# PNF_FLAG_HAS_STRINGS 0x00000002
+# PNF_FLAG_SRCPATH_IS_URL 0x00000004
+# PNF_FLAG_HAS_VOLATILE_DIRIDS 0x00000008
+# PNF_FLAG_INF_VERIFIED 0x00000010
+# PNF_FLAG_INF_DIGITALLY_SIGNED 0x00000020
+# UNKNOWN8 0x00000080
+# UNKNOWN 0x00000100
+# UNKNOWN1 0x01000000
+# UNKNOWN2 0x02000000
+>4 ulelong&0x03000180 >0 \b, flags
+>>4 ulelong x %#x
+>4 ulelong&0x00000001 0x00000001 \b, unicoded
+>4 ulelong&0x00000002 0x00000002 \b, has strings
+>4 ulelong&0x00000004 0x00000004 \b, src URL
+>4 ulelong&0x00000008 0x00000008 \b, volatile dir ids
+>4 ulelong&0x00000010 0x00000010 \b, verified
+>4 ulelong&0x00000020 0x00000020 \b, digitally signed
+# >4 ulelong&0x00000080 0x00000080 \b, UNKNOWN8
+# >4 ulelong&0x00000100 0x00000100 \b, UNKNOWN
+# >4 ulelong&0x01000000 0x01000000 \b, UNKNOWN1
+# >4 ulelong&0x02000000 0x02000000 \b, UNKNOWN2
+#>8 ulelong x \b, InfSubstValueListOffset %#x
+# many 0, 1 lmouusb.PNF, 2 linkfx10.PNF , f webfdr16.PNF
+# , 6 bth.PNF, 9 usbport.PNF, d netnwifi.PNF, 10h nettcpip.PNF
+#>12 uleshort x \b, InfSubstValueCount %#x
+# only < 9 found: 8 hcw85b64.PNF
+#>14 uleshort x \b, InfVersionDatumCount %#x
+# only found values lower 0x0000ffff ??
+#>16 ulelong x \b, InfVersionDataSize %#x
+# only found positive values lower 0x00ffFFff for InfVersionDataOffset
+>20 ulelong x \b, at %#x
+>4 ulelong&0x00000001 =0x00000001
+# case independent: CatalogFile Class DriverVer layoutfile LayoutFile SetupClass signature Signature
+>>(20.l) lestring16 x "%s"
+>4 ulelong&0x00000001 !0x00000001
+>>(20.l) string x "%s"
+# FILETIME is number of 100-nanosecond intervals since 1 January 1601
+#>24 ulequad x \b, InfVersionLastWriteTime %16.16llx
+>24 qwdate x \b, InfVersionLastWriteTime %s
+# for Windows 98, XP
+>0 uleshort <0x0102
+# only found values lower 0x00ffFFff
+# often 70 but also 78h for corelist.PNF
+# >>32 ulelong x \b, StringTableBlockOffset %#x
+# >>36 ulelong x \b, StringTableBlockSize %#x
+# >>40 ulelong x \b, InfSectionCount %#x
+# >>44 ulelong x \b, InfSectionBlockOffset %#x
+# >>48 ulelong x \b, InfSectionBlockSize %#x
+# >>52 ulelong x \b, InfLineBlockOffset %#x
+# >>56 ulelong x \b, InfLineBlockSize %#x
+# >>60 ulelong x \b, InfValueBlockOffset %#x
+# >>64 ulelong x \b, InfValueBlockSize %#x
+# WinDirPathOffset
+# like 58h, which means direct after PNF header
+#>>68 ulelong x \b, at %#x
+>>68 ulelong x
+>>>4 ulelong&0x00000001 =0x00000001
+#>>>>(68.l) ubequad =0x43003a005c005700
+# normally unicoded C:\Windows
+#>>>>>(68.l) lestring16 x \b, WinDirPath "%s"
+>>>>(68.l) ubequad !0x43003a005c005700
+>>>>>(68.l) lestring16 x \b, WinDirPath "%s"
+>>>4 ulelong&0x00000001 !0x00000001
+# normally ASCII C:\WINDOWS
+#>>>>(68.l) string =C:\\WINDOWS \b, WinDirPath "%s"
+>>>>(68.l) string !C:\\WINDOWS
+>>>>>(68.l) string x \b, WinDirPath "%s"
+# found OsLoaderPathOffset values often 0 , once 70h corelist.PNF, once 68h ASCII machine.PNF
+>>>72 ulelong >0 \b,
+>>>>4 ulelong&0x00000001 =0x00000001
+>>>>>(72.l) lestring16 x OsLoaderPath "%s"
+>>>>4 ulelong&0x00000001 !0x00000001
+# seldom C:\ instead empty
+>>>>>(72.l) string x OsLoaderPath "%s"
+# 1fdh
+#>>>76 uleshort x \b, StringTableHashBucketCount %#x
+# https://docs.microsoft.com/en-us/openspecs/office_standards/ms-oe376/6c085406-a698-4e12-9d4d-c3b0ee3dbc4a
+# only 407h found
+>>>78 uleshort !0x409 \b, LanguageID %x
+#>>>78 uleshort =0x409 \b, LanguageID %x
+# InfSourcePathOffset often 0
+>>>80 ulelong >0 \b, at %#x
+>>>>4 ulelong&0x00000001 =0x00000001
+>>>>>(80.l) lestring16 x SourcePath "%s"
+>>>>4 ulelong&0x00000001 !0x00000001
+>>>>>(80.l) string >\0 SourcePath "%s"
+# OriginalInfNameOffset often 0
+>>>84 ulelong >0 \b, at %#x
+>>>>4 ulelong&0x00000001 =0x00000001
+>>>>>(84.l) lestring16 x InfName "%s"
+>>>>4 ulelong&0x00000001 !0x00000001
+>>>>>(84.l) string >\0 InfName "%s"
+
+# for newer Windows like Vista, 7 , 8.1 , 10
+>0 uleshort >0x0101
+>>80 ulelong x \b, at %#x WinDirPath
+>>>4 ulelong&0x00000001 0x00000001
+# normally unicoded C:\Windows
+#>>>>(80.l) ubequad =0x43003a005c005700
+#>>>>>(80.l) lestring16 x "%s"
+>>>>(80.l) ubequad !0x43003a005c005700
+>>>>>(80.l) lestring16 x "%s"
+# language id: 0 407h~german 409h~English_US
+>>90 uleshort !0x409 \b, LanguageID %x
+#>>90 uleshort =0x409 \b, LanguageID %x
+>>92 ulelong >0 \b, at %#x
+>>>4 ulelong&0x00000001 0x00000001
+# language string like: de-DE en-US
+>>>>(92.l) lestring16 x language %s
+
+# Summary: backup file created with utility like NTBACKUP.EXE shipped with Windows NT/2K/XP/2003
+# Extension: .bkf
+# Created by: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/NTBackup
+# Reference: http://laytongraphics.com/mtf/MTF_100a.PDF
+# Descriptor BloCK name of Microsoft Tape Format
+0 string TAPE
+# Format Logical Address is zero
+>20 ulequad 0
+# Reserved for MBC is zero
+>>28 uleshort 0
+# Control Block ID is zero
+>>>36 ulelong 0
+# BIT4-BIT15, BIT18-BIT31 of block attributes are unused
+>>>>4 ulelong&0xFFfcFFe0 0 Windows NTbackup archive
+#!:mime application/x-ntbackup
+!:ext bkf
+# OS ID
+>>>>>10 ubyte 1 \b NetWare
+>>>>>10 ubyte 13 \b NetWare SMS
+>>>>>10 ubyte 14 \b NT
+>>>>>10 ubyte 24 \b 3
+>>>>>10 ubyte 25 \b OS/2
+>>>>>10 ubyte 26 \b 95
+>>>>>10 ubyte 27 \b Macintosh
+>>>>>10 ubyte 28 \b UNIX
+# OS Version (2)
+#>>>>>11 ubyte x OS V=%x
+# MTF_CONTINUATION Media Sequence Number > 1
+#>>>>>4 ulelong&0x00000001 !0 \b, continued
+# MTF_COMPRESSION
+>>>>>4 ulelong&0x00000004 !0 \b, compressed
+# MTF_EOS_AT_EOM End Of Medium was hit during end of set processing
+>>>>>4 ulelong&0x00000008 !0 \b, End Of Medium hit
+>>>>>4 ulelong&0x00020000 0
+# MTF_SET_MAP_EXISTS A Media Based Catalog Set Map may exist on tape
+>>>>>>4 ulelong&0x00010000 !0 \b, with catalog
+# MTF_FDD_ALLOWED However File/Directory Detail can only exist if a Set Map is also present
+>>>>>4 ulelong&0x00020000 !0 \b, with file catalog
+# Offset To First Event 238h,240h,28Ch
+#>>>>>8 uleshort x \b, event offset %4.4x
+# Displayable Size (20e0230h 20e024ch 20e0224h)
+#>>>>>8 ulequad x dis. size %16.16llx
+# Media Family ID (455288C4h 4570BD1Ah 45708F2Fh 4570BBF5h)
+#>>>>>52 ulelong x family ID %8.8x
+# TAPE Attributes (3)
+#>>>>>56 ulelong x TAPE %8.8x
+# Media Sequence Number
+>>>>>60 uleshort >1 \b, sequence %u
+# Password Encryption Algorithm (3)
+>>>>>62 uleshort >0 \b, %#x encrypted
+# Soft Filemark Block Size * 512 (2)
+#>>>>>64 uleshort =2 \b, soft size %u*512
+>>>>>64 uleshort !2 \b, soft size %u*512
+# Media Based Catalog Type (1,2)
+#>>>>>66 uleshort x \b, catalog type %4.4x
+# size of Media Name (66,68,6Eh)
+>>>>>68 uleshort >0
+# offset of Media Name (5Eh)
+>>>>>>70 uleshort >0
+# 0~, 1~ANSI, 2~UNICODE
+>>>>>>>48 ubyte 1
+# size terminated ansi coded string normally followed by "MTF Media Label"
+>>>>>>>>(70.s) string >\0 \b, name: %s
+>>>>>>>48 ubyte 2
+# Not null, but size terminated unicoded string
+>>>>>>>>(70.s) lestring16 x \b, name: %s
+# size of Media Label (104h)
+>>>>>72 uleshort >0
+# offset of Media Label (C4h,C6h,CCh)
+>>>>>74 uleshort >0
+>>>>>>48 ubyte 1
+#Tag|Version|Vendor|Vendor ID|Creation Time Stamp|Cartridge Label|Side|Media ID|Media Domain ID|Vendor Specific fields
+>>>>>>>(74.s) string >\0 \b, label: %s
+>>>>>>48 ubyte 2
+>>>>>>>(74.s) lestring16 x \b, label: %s
+# size of password name (0,1Ch)
+#>>>>>76 uleshort >0 \b, password size %4.4x
+# Software Vendor ID (CBEh)
+>>>>>86 uleshort x \b, software (%#x)
+# size of Software Name (6Eh)
+>>>>>80 uleshort >0
+# offset of Software Name (1C8h,1CAh,1D0h)
+>>>>>>82 uleshort >0
+# 1~ANSI, 2~UNICODE
+>>>>>>>48 ubyte 1
+>>>>>>>>(82.s) string >\0 \b: %s
+>>>>>>>48 ubyte 2
+# size terminated unicoded coded string normally followed by "SPAD"
+>>>>>>>>(82.s) lestring16 x \b: %s
+# Format Logical Block Size (512,1024)
+#>>>>>84 uleshort =1024 \b, block size %u
+>>>>>84 uleshort !1024 \b, block size %u
+# Media Date of MTF_DATE_TIME type with 5 bytes
+#>>>>>>88 ubequad x DATE %16.16llx
+# MTF Major Version (1)
+#>>>>>>93 ubyte x \b, MFT version %x
+#
+
+# URL: https://en.wikipedia.org/wiki/PaintShop_Pro
+# Reference: https://www.cryer.co.uk/file-types/p/pal.htm
+# Created by: Joerg Jenderek
+# Note: there exist other color palette formats also with .pal extension
+0 string JASC-PAL\r\n PaintShop Pro color palette
+#!:mime text/plain
+# PspPalette extension is used by newer (probably 8) PaintShopPro versions
+!:ext pal/PspPalette
+# 2nd line contains palette file version. For example "0100"
+>10 string !0100 \b, version %.4s
+# third line contains the number of colours: 16 256 ...
+>16 string x \b, %.3s colors
+
+# URL: https://en.wikipedia.org/wiki/Innosetup
+# Reference: https://github.com/jrsoftware/issrc/blob/master/Projects/Undo.pas
+# Created by: Joerg Jenderek
+# Note: created by like "InnoSetup self-extracting archive" inside ./msdos
+# TrID labeles the entry as "Inno Setup Uninstall Log"
+# TUninstallLogID
+0 string Inno\ Setup\ Uninstall\ Log\ (b) InnoSetup Log
+!:mime application/x-innosetup
+# unins000.dat, unins001.dat, ...
+!:ext dat
+# " 64-bit" variant
+>0x1c string >\0 \b%.7s
+# AppName[0x80] like "Minimal SYStem", ClamWin Free Antivirus , ...
+>0xc0 string x %s
+# AppId[0x80] is similar to AppName or
+# GUID like {4BB0DCDC-BC24-49EC-8937-72956C33A470} start with left brace
+>0x40 ubyte 0x7b
+>>0x40 string x %-.38s
+# do not know how this log version correlates to program version
+>0x140 ulelong x \b, version %#x
+# NumRecs
+#>0x144 ulelong x \b, %#4.4x records
+# EndOffset means files size
+>0x148 ulelong x \b, %u bytes
+# Flags 5 25h 35h
+#>0x14c ulelong x \b, flags %8.8x
+# Reserved: array[0..26] of Longint
+# the non Unicode HighestSupportedVersion may never become greater than or equal to 1000
+>0x140 ulelong <1000
+# hostname
+>>0x1d6 pstring x \b, %s
+# user name
+>>>&0 pstring x \b\%s
+# directory like C:\Program Files (x86)\GnuWin32
+>>>>&0 pstring x \b, "%s"
+# version 1000 or higher implies unicode
+>0x140 ulelong >999
+# hostname
+>>0x1db lestring16 x \b, %-.9s
+# utf string variant with prepending fe??ffFFff
+>>0x1db search/43 \xFF\xFF\xFF
+# user name
+>>>&0 lestring16 x \b\%-.9s
+>>>&0 search/43 \xFF\xFF\xFF
+# directory like C:\Program Files\GIMP 2
+>>>>&0 lestring16 x \b, %-.42s
+
+# URL: https://jrsoftware.org/ishelp/index.php?topic=setup_signeduninstaller
+# Reference:https://github.com/jrsoftware/issrc/blob/main/Projects/Struct.pas
+# From: Joerg Jenderek
+0 string Inno\ Setup\ Messages\ (
+# null padded til 0x40 boundary
+>0x38 quad 0 InnoSetup messages
+!:mime application/x-innosetup-msg
+# unins000.msg, unins001.msg, ...
+!:ext msg
+# version like 5.1.1 5.1.11 5.5.0 5.5.3 6.0.0
+>>0x15 string x \b, version %.5s
+# look for 6th char of version string or terminating right parentheses
+>>>0x1a ubyte !0x29 \b%c
+# NumMessages
+>>0x40 ulelong x \b, %u messages
+# TotalSize: Cardinal;
+#>>0x44 ulelong x \b, TotalSize %u
+# NotTotalSize: Cardinal;
+#>>0x48 ulelong x \b, NotTotalSize %u
+# CRCMessages: Longint;
+#>>0x4C ulelong x \b, CRC %#x
+>>0x40 ulelong x
+# (u) after version means unicoded messages
+>>>0x1c search/2 (u) (UTF-16),
+>>>>0x50 lestring16 x %s
+# ASCII coded message
+>>>0x1c default x (ASCII),
+>>>>0x50 string x %s
+
+# Windows Imaging (WIM) Image
+# Update: Joerg Jenderek at Mar 2019, 2021
+# URL: https://en.wikipedia.org/wiki/Windows_Imaging_Format
+# http://fileformats.archiveteam.org/wiki/Windows_Imaging_Format
+# Reference: https://download.microsoft.com/download/f/e/f/
+# fefdc36e-392d-4678-9e4e-771ffa2692ab/Windows%20Imaging%20File%20Format.rtf
+# Note: verified by like `7z t boot.wim` `wiminfo install.esd --header`
+0 string MSWIM\000\000\000
+>0 use wim-archive
+# https://wimlib.net/man1/wimoptimize.html
+0 string WLPWM\000\000\000
+>0 use wim-archive
+0 name wim-archive
+# _WIMHEADER_V1_PACKED ImageTag[8]
+>0 string x Windows imaging
+!:mime application/x-ms-wim
+# TO avoid in file version 5.36 error like
+# Magdir/windows, 760: Warning: Current entry does not yet have a description
+# file: could not find any valid magic files! (No error)
+# split WIM
+>16 ulelong &0x00000008 (SWM
+!:ext swm
+# usPartNumber; 1, unless the file was split into multiple parts
+>>40 uleshort x \b %u
+# usTotalParts; The total number of WIM file parts in a spanned set
+>>42 uleshort x \b of %u) image
+# non split WIM
+>16 ulelong ^0x00000008
+# https://wimlib.net/man1/wimmount.html
+# solid WIMs; version 3584; usually contain LZMS-compressed and the .esd extension
+>>12 ulelong 3584 (ESD) image
+!:ext esd
+>>12 ulelong !3584 (
+# look for archive member RunTime.xml like in Microsoft.Windows.Cosa.Desktop.Client.ppkg
+>>>156 search/68233/s RunTime.xml \bWindows provisioning package)
+!:ext ppkg
+# if is is not a Windows provisioning package, then it is a WIM
+>>>156 default x \bWIM) image
+# second disk image part created by Microsoft's RecoveryDrive.exe has name Reconstruct.WIM2
+!:ext wim/wim2
+>0 string/b WLPWM\000\000\000 \b, wimlib pipable format
+# cbSize size of the WIM header in bytes like 208
+#>8 ulelong x \b, headersize %u
+# dwVersion version of the WIM file 00010d00h~1.13 00000e00h~0.14
+>14 uleshort x v%u
+>13 ubyte x \b.%u
+# dwImageCount; The number of images contained in the WIM file
+>44 ulelong >1 \b, %u images
+# dwBootIndex
+# 1-based index of the bootable image of the WIM, or 0 if no image is bootable
+>0x78 ulelong >0 \b, bootable no. %u
+# dwFlags
+#>16 ulelong x \b, flags %#8.8x
+#define FLAG_HEADER_COMPRESSION 0x00000002
+#define FLAG_HEADER_READONLY 0x00000004
+#define FLAG_HEADER_SPANNED 0x00000008
+#define FLAG_HEADER_RESOURCE_ONLY 0x00000010
+#define FLAG_HEADER_METADATA_ONLY 0x00000020
+#define FLAG_HEADER_WRITE_IN_PROGRESS 0x00000040
+#define FLAG_HEADER_RP_FIX 0x00000080 reparse point fixup
+#define FLAG_HEADER_COMPRESS_RESERVED 0x00010000
+#define FLAG_HEADER_COMPRESS_XPRESS 0x00020000
+#define FLAG_HEADER_COMPRESS_LZX 0x00040000
+#define FLAG_HEADER_COMPRESS_LZMS 0x00080000
+#define FLAG_HEADER_COMPRESS_XPRESS2 0x00100000 wimlib-1.13.0\include\wimlib\header.h
+# XPRESS, with small chunk size
+>16 ulelong &0x00100000 \b, XPRESS2
+>16 ulelong &0x00080000 \b, LZMS
+>16 ulelong &0x00040000 \b, LZX
+>16 ulelong &0x00020000 \b, XPRESS
+>16 ulelong &0x00000002 compressed
+>16 ulelong &0x00000004 \b, read only
+>16 ulelong &0x00000010 \b, resource only
+>16 ulelong &0x00000020 \b, metadata only
+>16 ulelong &0x00000080 \b, reparse point fixup
+#>16 ulelong &0x00010000 \b, RESERVED
+# dwCompressionSize; Uncompressed chunk size for resources or 0 if uncompressed
+#>20 ulelong >0 \b, chunk size %u bytes
+# gWIMGuid
+#>24 ubequad x \b, GUID %#16.16llx
+#>>32 ubequad x \b%16.16llx
+# rhOffsetTable; the location of the resource lookup table
+# wim_reshdr_disk[24]= u8 size_in_wim[7] + u8 flags + le64 offset_in_wim + le64 uncompressed_size
+#>48 ubequad x \b, rhOffsetTable %#16.16llx
+# rhXmlData; the location of the XML data
+#>0x50 ulelong x \b, at %#8.8x
+# NOT WORKING \xff\xfe<\0W\0I\0M\0
+#>(0x50.l) ubequad x \b, xml=%16.16llx
+# rhBootMetadata; the location of the metadata resource
+#>0x60 ubequad x \b, rhBootMetadata %#16.16llx
+# rhIntegrity; the location of integrity table used to verify files
+#>0x7c ubequad x \b, rhIntegrity %#16.16llx
+# Unused[60]
+#>148 ubequad !0 \b,unused %#16.16llx
+#
+
+# From: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/Windows_Easy_Transfer
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/m/mig.trid.xml
+# Note: called "Windows Easy Transfer migration data" by TrID,
+# "Migration Store" or "EasyTransfer file" by Microsoft
+0 string 1giM Windows Easy Transfer migration data
+#!:mime application/octet-stream
+!:mime application/x-ms-mig
+!:ext mig
+>0x18 string =MRTS without password
+# data offset with 1 space at end
+>>0x1c ulelong+0x38 x \b, at %#x
+# look for zlib compressed data by ./compress
+>>(0x1c.l+0x38) ubyte x
+>>>&-1 indirect x
+# in password protected examples MRTS comes some bytes further
+>0x18 string !MRTS with password
+# look for first MRTS tag
+>0x18 search/29/b MRTS
+# probably first file name length like 178, ...
+#>>&0 ulelong x \b, 1st length %u
+# URL like File\C:\Users\nutzer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
+>>&20 lestring16 x \b, 1st %-s
+
+# Microsoft SYLK
+# https://en.wikipedia.org/wiki/SYmbolic_LinK_(SYLK)
+# https://outflank.nl/upload/sylksum.txt
+0 string ID;P Microsoft SYLK program
+>4 string >0 \b, created by %s
+!:ext slk/sylk
+
+# Summary: Windows Performance Monitor Alert
+# From: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/Performance_Monitor
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/p/pma.trid.xml
+# Note: called "Windows Performance Monitor Alert" by TrID
+0 ubelong =0xDC058340
+>4 ubyte =0 Windows Performance Monitor Alert
+#!:mime application/octet-stream
+# https://www.thoughtco.com/mime-types-by-content-type-3469108
+# https://filext.com/file-extension/PAM
+!:mime application/x-perfmon
+#!:mime application/x-ms-pma
+!:ext pma
+# metric type like: "BrowserMetrics" "CrashpadMetrics" "SetupMetrics"
+>>80 string x \b, "%s"
+
+# From: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/InstallShield
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/i/ins.trid.xml
+# Note: contain also keywords like: BATCH_INSTALL ISVERSION LOGHANDLE SRCDIR SRCDISK WINDIR WINSYSDISK
+0 ubelong 0xB8C90C00 InstallShield Script
+#!:mime application/octet-stream
+!:mime application/x-installshield-ins
+# like test.ins Setup.ins
+!:ext ins
+# UNKNOWN like: 160034121de07e00 1600341260befe00 16003412e0783700
+# 5000010021083f00 50000100b0335600 50000100cbfdf800 50000100dfbc4700
+#>4 ubequad x \b, at 4 %#16.16llx
+# copyright text like: "Stirling Technologies, Inc. (c) 1990-1994"
+# "InstallSHIELD Software Corporation (c) 1990-1997"
+>13 pstring/h x "%s"
+# look for specific ASCII variable names
+>1 search/0x121/s SRCDIR \b, variable names:
+# 1st like: SRCDIR
+>>&-4 leshort x #%u
+>>&-2 pstring/h x %s
+# 2nd like: SRCDISK
+>>>&0 leshort x #%u
+>>>&2 pstring/h x %s
+# 3rd like: TARGETDISK
+>>>>&0 leshort x #%u
+>>>>&2 pstring/h x %s
+# 4th like: TARGETDIR
+#>>>>>&0 leshort x #%u
+#>>>>>&2 pstring/h x %s
+# 5th like: WINDIR
+#>>>>>>&0 leshort x #%u
+#>>>>>>&2 pstring/h x %s
+# 6th like: WINDISK
+#>>>>>>>&0 leshort x #%u
+#>>>>>>>&2 pstring/h x %s
+# 7th like: WINSYSDIR
+#>>>>>>>>&0 leshort x #%u
+#>>>>>>>>&2 pstring/h x %s
+# ... LOGHANDLE
+>0 ubelong x ...
+#
+
+# Summary: Microsoft Remote Desktop Protocol connection
+# From: Joerg Jenderek
+# URL: https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/rdp-files
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/r/rdp.trid.xml
+# Note: called "Remote Desktop Connection Settings" by TrID
+0 string screen\040mode\040id:i: Remote Desktop Protocol connection
+#!:mime text/plain
+!:mime text/x-ms-rdp
+!:ext rdp
+# Screen mode: 1~session appear in a window 2~session appear full screen
+>17 string 1 \b, window mode
+>17 string 2 \b, full screen mode
+
+0 guid 7B5C52E4-D88C-4DA7-AEB1-5378D02996D3 Microsoft OneNote
+!:ext one
+!:mime application/onenote
+0 guid 43FF2FA1-EFD9-4C76-9EE2-10EA5722765F Microsoft OneNote Revision Store File
+
+# Microsoft XAML Binary Format
+# From: Alexandre Iooss <erdnaxe@crans.org>
+# URL: https://github.com/WalkingCat/XbfDump/blob/8832d2ffcaa738434d803fefa2ba99d3af37ed29/xbf_data.h
+0 string XBF\0
+>12 ulelong <0xFF
+>>16 ulelong <0xFF Microsoft XAML Binary Format
+!:ext xbf
+>>>12 ulelong x %d
+>>>16 ulelong x \b.%d
+>>>4 ulelong x \b, metadata size: %d bytes
+>>>8 ulelong x \b, node size: %d bytes
+
+# Metaswitch MetaView Service Assurance Server exports
+0 string MetaView\x20Service\x20Assurance\x20Export\x20File MetaView SAS export
+>39 string Version\x20
+>>47 byte x \b, version %c
+
+# Active Directory Group Policy Registry Policy File Format
+# From: Yuuta Liang <yuuta@yuuta.moe>
+# URL: https://learn.microsoft.com/en-us/previous-versions/windows/desktop/policy/registry-policy-file-format
+0 string PReg
+>4 lelong x Group Policy Registry Policy, Version=%d
diff --git a/magic/Magdir/wireless b/magic/Magdir/wireless
new file mode 100644
index 0000000..badb73b
--- /dev/null
+++ b/magic/Magdir/wireless
@@ -0,0 +1,7 @@
+
+#------------------------------------------------------------------------------
+# $File: wireless,v 1.2 2009/09/19 16:28:13 christos Exp $
+# wireless-regdb: file(1) magic for CRDA wireless-regdb file format
+#
+0 string RGDB CRDA wireless regulatory database file
+>4 belong 19 (Version 1)
diff --git a/magic/Magdir/wordprocessors b/magic/Magdir/wordprocessors
new file mode 100644
index 0000000..3a2e1ce
--- /dev/null
+++ b/magic/Magdir/wordprocessors
@@ -0,0 +1,630 @@
+
+#------------------------------------------------------------------------------
+# $File: wordprocessors,v 1.34 2023/01/24 20:13:40 christos Exp $
+# wordprocessors: file(1) magic fo word processors.
+#
+####### PWP file format used on Smith Corona Personal Word Processors:
+2 string \040\040\040\040\040\040\040\040\040\040\040ML4D\040'92 Smith Corona PWP
+>24 byte 2 \b, single spaced
+>24 byte 3 \b, 1.5 spaced
+>24 byte 4 \b, double spaced
+>25 byte 0x42 \b, letter
+>25 byte 0x54 \b, legal
+>26 byte 0x46 \b, A4
+
+# URL: http://fileformats.archiveteam.org/wiki/Microsoft_Works_Word_Processor
+# reference: http://mark0.net/download/triddefs_xml.7z
+# /defs/w/wps-works-dos.trid.xml
+# From: Joerg Jenderek
+# Note: older non OLE 2 Compound based versions
+0 ubeshort =0x01FE
+>112 ubeshort =0x0100 Microsoft Works 1-3 (DOS) or 2 (Windows) document
+# title like THE GREAT KHAN GAME
+>>0x100 string x %s
+!:mime application/vnd-ms-works
+#!:mime application/x-msworks
+# https://www.macdisk.com/macsigen.php
+!:apple ????AWWP
+!:ext wps
+
+# Corel/WordPerfect
+# URL: https://en.wikipedia.org/wiki/WordPerfect
+# Reference: https://github.com/OneWingedShark/WordPerfect/blob/master/doc/SDK_Help/FileFormats/WPFF_DocumentStructure.htm
+# http://mark0.net/download/triddefs_xml.7z/defs/w/wp-generic.trid.xml
+0 string \xffWPC
+# WordPerfect
+>8 byte 1
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/w/wpm-macro.trid.xml
+# Note: there exist other macro variants
+>>9 byte 1 WordPerfect macro
+#!:mime application/octet-stream
+!:mime application/x-wordperfect-wpm
+# like: ALTD.WPM ENDFOOT.WPM FOOTEND.WPM LABELS.WPM REVEALTX.WPM
+!:ext wpm
+# Note: used in WordPerfect 5.1; there exist other FIL variants
+>>9 byte 2 WordPerfect help file
+#!:mime application/octet-stream
+!:mime application/x-wordperfect-help
+# like: WPHELP.FIL
+!:ext fil
+# pointer to document area like: 10h
+>>>4 ulelong !0x10 \b, at %#x document area
+>>9 byte 3 WordPerfect keyboard file
+#!:mime application/octet-stream
+!:mime application/x-wordperfect-keyboard
+!:ext wpk
+# no document area, so point to end of file; so this is file size like: 23381 2978 32835 3355 3775 919
+>>>4 ulelong x \b, %u bytes
+>>9 byte 4 WordPerfect VAX keyboard definition
+#!:mime application/octet-stream
+!:mime application/x-wordperfect-keyboard
+#!:ext foo
+# URL: http://fileformats.archiveteam.org/wiki/WordPerfect
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/w/wpd-doc-gen.trid.xml
+>>9 byte 10 WordPerfect document
+# https://www.iana.org/assignments/media-types/application/vnd.wordperfect
+!:mime application/vnd.wordperfect
+#!:apple ????WPC2
+# TODO: distinguish different suffix
+!:ext wpd/wpt/wkb/icr/tut/sty/tst/crs
+>>9 byte 11 WordPerfect dictionary
+>>9 byte 12 WordPerfect thesaurus
+>>9 byte 13 WordPerfect block
+>>9 byte 14 WordPerfect rectangular block
+>>9 byte 15 WordPerfect column block
+>>9 byte 16 WordPerfect printer data
+#!:mime application/octet-stream
+!:mime application/x-wordperfect-prs
+# like: STANDARD.PRS WORKBOOK.PRS
+!:ext prs
+# like: "Standard Printer" "Workbook Printer"
+>>>0x64 pstring/B >A "%s"
+#>>9 byte 18 WordPerfect Prefix information file
+# printer resource .ALL
+>>9 byte 19 WordPerfect printer data
+#!:mime application/octet-stream
+!:mime application/x-wordperfect-all
+!:ext all
+# display Resource
+>>9 byte 20 WordPerfect driver resource data
+#!:mime application/octet-stream
+!:mime application/x-wordperfect-drs
+# like: WPSMALL.DRS
+!:ext drs
+# pointer to index area with string "smalldrs" like: 46h
+>>>4 uleshort !0x46 \b, at %#x index area
+>>9 byte 21 WordPerfect Overlay file
+#!:mime application/octet-stream
+!:mime application/x-wordperfect-fil
+# like: WP.FIL
+!:ext fil
+# URL: http://fileformats.archiveteam.org/wiki/WordPerfect_Graphics
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/b/bitmap-wpg.trid.xml
+# Note: called "WordPerfect Graphics bitmap" by TrID and
+# "WordPerfect Graphics Metafile" by DROID via x-fmt/395 fmt/1042
+# "WPG (Word Perfect Graphics)" by ImageMagick `identify -verbose BUTTRFLY.WPG`
+>>9 byte 22 WordPerfect graphic image
+# TODO: skip DROID x-fmt-395-signature-id-132.wpg by check for existing document area
+#>>>4 ulelong >15 WordPerfect_graphic_OK
+#!:mime application/octet-stream
+# http://extension.nirsoft.net/wpg
+!:mime image/x-wordperfect-graphics
+# https://reposcope.com/mimetype/application/x-wpg
+#!:mime application/x-wpg
+# like: BUTTRFLY.WPG STAR-5.WPG input.wpg WORDPFCT.WPG
+!:ext wpg
+# pointer to document area like: 10h 1Ah
+>>>4 ulelong !0x1A \b, at %#x document area
+>>9 byte 23 WordPerfect hyphenation code
+>>9 byte 24 WordPerfect hyphenation data
+>>9 byte 25 WordPerfect macro resource data
+#!:mime application/octet-stream
+!:mime application/x-wordperfect-mrs
+# like: WP.MRS
+!:ext mrs
+>>9 byte 27 WordPerfect hyphenation lex
+>>9 byte 29 WordPerfect wordlist
+>>9 byte 30 WordPerfect equation resource data
+#!:mime application/octet-stream
+!:mime application/x-wordperfect-qrs
+# like: WQ.QRS wpDE.qrs wpen.qrs
+!:ext qrs
+# jump to document area with some marker and equation
+>>>(4.l) ubyte x
+# equation like: "Fraction: x OVER y"
+>>>>&1 string >A (...%-.19s...)
+# pointer to document area like: 17C4h
+>>>4 ulelong x \b, at %#x document area
+#>>9 byte 31 reserved
+#>>9 byte 32 WordPerfect VAX .SET
+>>9 byte 33 WordPerfect spell rules
+>>9 byte 34 WordPerfect dictionary rules
+#>>9 byte 35 reserved
+# video resource device driver
+# Note: filetype 26 for VRS and filetype 36 for WPD apparently is wrong
+>>9 byte 36 WordPerfect Video Resource
+#!:mime application/octet-stream
+!:mime application/x-wordperfect-vrs
+# like: STANDARD.VRS
+!:ext vrs
+# like: "IBM CGA (& compatibles)"
+>>>0x20 string >A "%.23s"
+>>9 byte 39 WordPerfect spell rules (Microlytics)
+#>>9 byte 40 reserved
+>>9 byte 41 WordPerfect Install options
+#!:mime application/octet-stream
+!:mime application/x-wordperfect-ins
+# like: WP51.INS
+!:ext ins
+# probably default directory name like: "C:\WP51\"
+>>>0x12 string >A "%.8s"
+# maybe mouse driver for WP5.1
+>>9 byte 42 WordPerfect Resource
+#!:mime application/octet-stream
+!:mime application/x-wordperfect-irs
+# like: STANDARD.IRS
+!:ext irs
+# like: "Mouse Driver (MOUSE.COM)"
+>>>0x28 string >A "%.24s"
+>>9 byte 43 WordPerfect settings file
+# maybe Macintosh WP2.0 document
+>>9 byte 44 WordPerfect 3.5 document
+!:mime application/vnd.wordperfect
+!:apple ????WPD3
+# like: WP3.wpd
+!:ext wpd
+>>9 byte 45 WordPerfect 4.2 document
+# External spell code module (WP5.1)
+#>>9 byte 46 WordPerfect external spell
+# external spell dictionary .LEX
+#>>9 byte 47 WordPerfect external spell dictionary
+# Macintosh SOFT graphics file (SOFT (Sequential Object Format)
+#>>9 byte 48 WordPerfect SOFT graphics
+#>>9 byte 49 reserved
+#>>9 byte 50 reserved
+# WPWin 5.1 Application Resource Library added for WPWin 5.1
+#>>9 byte 51 WordPerfect application resource library
+>>9 byte 69 WordPerfect dialog file
+# From: Joerg Jenderek
+# Note: found in sub directory WritingTools inside WordPerfect 2021 program directory
+>>9 byte 70 WordPerfect Writing Tools
+#!:mime application/octet-stream
+!:mime application/x-wordperfect-cbt
+# like: Wt13cbede.cbt Wt13cbeit.cbt Wt13cbefr.cbt WT21cbede.cbt Wt13cbeEN.CBD WT21cbeEN.CBD
+!:ext cbd/cbt
+>>9 byte 76 WordPerfect button bar
+>>9 default x
+>>>9 byte x Corel WordPerfect: Unknown filetype %d
+# Corel Shell
+>8 byte 2
+>>9 byte 1 Corel shell macro
+>>9 byte 10 Corel shell definition
+>>9 default x
+>>>9 byte x Corel Shell: Unknown filetype %d
+# Corel Notebook
+>8 byte 3
+>>9 byte 1 Corel Notebook macro
+>>9 byte 2 Corel Notebook help file
+>>9 byte 3 Corel Notebook keyboard file
+>>9 byte 10 Corel Notebook definition
+>>9 default x
+>>>9 byte x Corel Notebook: Unknown filetype %d
+# Corel Calculator
+>8 byte 4
+>>9 byte 2 Corel Calculator help file
+>>9 default x
+>>>9 byte x Corel Calculator: Unknown filetype %d
+# Corel File Manager
+>8 byte 5
+>>9 default x
+>>>9 byte x Corel File Manager: Unknown filetype %d
+# Corel Calendar
+>8 byte 6
+>>9 byte 2 Corel Calendar help file
+>>9 byte 10 Corel Calendar data file
+>>9 default x
+>>>9 byte x Corel Calendar: Unknown filetype %d
+# Corel Program Editor/Ed Editor
+>8 byte 7
+>>9 byte 1 Corel Editor macro
+>>9 byte 2 Corel Editor help file
+>>9 byte 3 Corel Editor keyboard file
+>>9 byte 25 Corel Editor macro resource file
+>>9 default x
+>>>9 byte x Corel Program Editor/Ed Editor: Unknown filetype %d
+# Corel Macro Editor
+>8 byte 8
+>>9 byte 1 Corel Macro editor macro
+>>9 byte 2 Corel Macro editor help file
+>>9 byte 3 Corel Macro editor keyboard file
+>>9 default x
+>>>9 byte x Corel Macro Editor: Unknown filetype %d
+# Corel Plan Perfect
+>8 byte 9
+>>9 default x
+>>>9 byte x Corel Plan Perfect: Unknown filetype %d
+# Corel DataPerfect
+>8 byte 10
+# CHECK: Don't these belong into product 9?
+>>9 byte 1 Corel PlanPerfect macro
+>>9 byte 2 Corel PlanPerfect help file
+>>9 byte 3 Corel PlanPerfect keyboard file
+>>9 byte 10 Corel PlanPerfect worksheet
+>>9 byte 15 Corel PlanPerfect printer definition
+>>9 byte 18 Corel PlanPerfect graphic definition
+>>9 byte 19 Corel PlanPerfect data
+>>9 byte 20 Corel PlanPerfect temporary printer
+>>9 byte 25 Corel PlanPerfect macro resource data
+>>9 default x
+>>>9 byte x Corel DataPerfect: Unknown filetype %d
+# Corel Mail
+>8 byte 11
+>>9 byte 2 Corel Mail help file
+>>9 byte 5 Corel Mail distribution list
+>>9 byte 10 Corel Mail out box
+>>9 byte 11 Corel Mail in box
+>>9 byte 20 Corel Mail users archived mailbox
+>>9 byte 21 Corel Mail archived message database
+>>9 byte 22 Corel Mail archived attachments
+>>9 default x
+>>>9 byte x Corel Mail: Unknown filetype %d
+# Corel Printer
+>8 byte 12
+>>9 byte 11 Corel Printer temporary file
+>>9 default x
+>>>9 byte x Corel Printer: Unknown filetype %d
+# Corel Scheduler
+>8 byte 13
+>>9 byte 2 Corel Scheduler help file
+>>9 byte 10 Corel Scheduler in file
+>>9 byte 11 Corel Scheduler out file
+>>9 default x
+>>>9 byte x Corel Scheduler: Unknown filetype %d
+# Corel WordPerfect Office
+>8 byte 14
+>>9 byte 10 Corel GroupWise settings file
+>>9 byte 17 Corel GroupWise directory services
+>>9 byte 43 Corel GroupWise settings file
+>>9 default x
+>>>9 byte x Corel WordPerfect Office: Unknown filetype %d
+# Corel DrawPerfect
+# URL: http://fileformats.archiveteam.org/wiki/Corel_Presentations
+# Update: Joerg Jenderek
+>8 byte 15
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/s/shw-wp-2.trid.xml
+# Note: called "WordPerfect Presentations (v2)" by TrID and
+# "Corel Presentation" with version "7-8-9" by DROID via PUID fmt/877
+>>9 byte 10 WordPerfect Presentation
+#!:mime application/octet-stream
+#!:mime application/vnd.wordperfect
+!:mime application/x-drawperfect-shw
+# like: BENEFITS.SHW chartbar.shw chartbul.shw chartgal.shw chartorg.shw fig-demo.shw figurgal.shw mastrgal.shw scuba.shw tutorial.shw
+!:ext shw
+# pointer to document area like: 10h
+>>>4 ulelong !0x10 \b, at %#x document area
+# according to TrID this is nil
+>>>12 ulelong !0 \b, at 0xC %#x
+# search for embedded WP file like in tutorial.shw
+#>>>16 search/638/sb \xffWPC WPC_MAGIC_FOUND
+# GRR: indirect call leads to recursion! WHY?
+#>>>>&0 indirect x \b; contains
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/s/shw-wp-3.trid.xml
+# Note: called "WordPerfect/Corel Presentations (v3)" by TrID and
+# "Corel Presentation" with version "3" by DROID via PUID fmt/878
+>>9 byte 15 Corel Presentation
+#!:mime application/octet-stream
+#!:mime application/vnd.wordperfect
+!:mime application/x-drawperfect-shw
+# like: FIG_ANIM.SHW presenta.shw
+!:ext shw
+# pointer to document area like: 1ah
+>>>4 ulelong !0x1a \b, at %#x document area
+# according to TrID this is nil
+>>>12 ulelong !0 \b, at 0xC %#x
+# reserved like: 3
+>>>16 ulelong !0x3 \b, at 0x10 %#x
+# file size, not including pad characters at EOF
+>>>0x14 ulelong x \b, %u bytes
+# search for embedded WP file like in foo
+#>>>24 search/638/sb \xffWPC WPC_MAGIC_FOUND
+# GRR: indirect call leads to recursion! WHY?
+#>>>>&0 indirect x \b; contains
+# embedded inside Compound Document variant handled by ./ole2compounddocs
+>>9 byte 16 Corel Presentation (embeded)
+#!:mime application/octet-stream
+#!:mime application/vnd.wordperfect
+!:mime application/x-corelpresentations
+# like: PerfectOffice_MAIN
+!:ext /
+# pointer to document area like: 1ah
+>>>4 ulelong !0x1a \b, at %#x document area
+>>>12 ulelong !0 \b, at 0xC %#x
+# reserved like: 3
+>>>16 ulelong !0x3 \b, at 0x10 %#x
+# file size, not including pad characters at EOF
+>>>0x14 ulelong x \b, %u bytes
+# search for embedded WP file
+#>>>24 search/638/sb \xffWPC WPC_MAGIC_FOUND
+# GRR: indirect call leads to recursion! WHY?
+#>>>>&0 indirect x \b; contains
+>>9 default x
+>>>9 byte x Corel DrawPerfect: Unknown filetype %d
+# Corel LetterPerfect
+>8 byte 16
+>>9 default x
+>>>9 byte x Corel LetterPerfect: Unknown filetype %d
+# Corel Terminal
+>8 byte 17
+>>9 byte 10 Corel Terminal resource data
+>>9 byte 11 Corel Terminal resource data
+>>9 byte 43 Corel Terminal resource data
+>>9 default x
+>>>9 byte x Corel Terminal: Unknown filetype %d
+# Corel loadable file
+>8 byte 18
+>>9 byte 10 Corel loadable file
+>>9 byte 11 Corel GUI loadable text
+>>9 byte 12 Corel graphics resource data
+>>9 byte 13 Corel printer settings file
+>>9 byte 14 Corel port definition file
+>>9 byte 15 Corel print queue parameters
+>>9 byte 16 Corel compressed file
+>>9 default x
+>>>9 byte x Corel loadable file: Unknown filetype %d
+>>15 byte 0 \b, optimized for Intel
+>>15 byte 1 \b, optimized for Non-Intel
+# Network service
+>8 byte 20
+>>9 byte 10 Corel Network service msg file
+>>9 byte 11 Corel Network service msg file
+>>9 byte 12 Corel Async gateway login msg
+>>9 byte 14 Corel GroupWise message file
+>>9 default x
+>>>9 byte x Corel Network service: Unknown filetype %d
+# GroupWise
+>8 byte 31
+>>9 byte 20 GroupWise admin domain database
+>>9 byte 21 GroupWise admin host database
+>>9 byte 23 GroupWise admin remote host database
+>>9 byte 24 GroupWise admin ADS deferment data file
+>>9 default x
+>>>9 byte x GroupWise: Unknown filetype %d
+# Corel Writing Tools WT*.*
+# From: Joerg Jenderek
+# URL: https://support.corel.com/hc/en-us/articles/215876258-Writing-Tools-Spell-Check-Dictionary-does-not-work-in-WordPerfect-X5
+# http://wordperfect.helpmax.net/en/editing-and-formatting-documents/using-the-writing-tools/working-with-user-word-lists/
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/u/uwl-wp.trid.xml
+>8 byte 32
+>>9 byte 10 Corel Writing Tools User Word List
+#!:mime application/octet-stream
+!:mime application/x-wordperfect-wordlist
+# personal user word list UWL under user directory like: WTDE.UWL WTUS.UWL WT21DE.UWL WT21US.UWL WT13DE.UWL ...
+# and "template" SAV/HWL variant under program directory like: wt13en.hwl Wt13de.sav Wt13it.sav wt13ru.sav WT21us.sav Wtcz.sav ...
+!:ext uwl/hwl/sav
+# jump to document area with some marker and word list
+>>>(4.l) ubyte x
+# look for beginning of word list starting mostly with letter a as UTF-16 like: Wt13es.sav
+# but not found in russian wt13ru.sav
+>>>>&0 search/91/sb a\0
+# word list starting like: "acsesory\022accessory.\001\026acomodate\026accommodate4\001"
+>>>>>&0 lestring16 x (...%-.33s...)
+# pointer to document area like: 200h
+>>>4 ulelong !0x200 \b, at %#x document area
+# file size, not including pad characters at EOF
+>>>0x14 uleshort x \b, %u bytes
+# IntelliTAG
+>8 byte 33
+>>9 byte 10 IntelliTAG (SGML) compiled DTD
+>>9 default x
+>>>9 byte x IntelliTAG: Unknown filetype %d
+# Summary: Corel WordPerfect WritingTools advise part
+# From: Joerg Jenderek
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/a/adv-wp.trid.xml
+>8 byte 34
+>>9 byte 11 Corel WordPerfect dictionary advise
+#!:mime application/octet-stream
+!:mime application/x-wordperfect-adv
+#!:mime application/vnd.wordperfect.adv
+# like: WT21de.adv Wt13de.adv Wt13es.adv Wt13fr.adv wt13us.adv
+!:ext adv
+# advise text part often start with tag like: 580A
+#>>>(16.s) ubequad x ADVISE PART %#llx
+# part of advise text like: "This is too informal for most writing."
+>>>(16.s+16) string x (...%-.33s...)
+# everything else
+>8 default x
+>>8 byte x Unknown Corel/Wordperfect product %d,
+>>>9 byte x file type %d
+>10 byte 0 \b, v5.
+# version of WP file; 2.1~WP 8.0
+# major version of WP file like: 1 2
+>10 byte !0 \b, v%d.
+# minor version of WP file like: 0 1
+>11 byte x \b%d
+
+# Hancom HWP (Hangul Word Processor)
+# Hangul Word Processor 3.0 through 97 used HWP 3.0 format.
+# URL: https://www.hancom.com/etc/hwpDownload.do
+0 string HWP\ Document\ File Hancom HWP (Hangul Word Processor) file, version 3.0
+!:ext hwp
+
+# CosmicBook, from Benoit Rouits
+0 string CSBK Ted Neslson's CosmicBook hypertext file
+
+2 string EYWR AmigaWriter file
+
+# chi: file(1) magic for ChiWriter files
+0 string \\1cw\ ChiWriter file
+>5 string >\0 version %s
+0 string \\1cw ChiWriter file
+
+# Quark Express from https://www.garykessler.net/library/file_sigs.html
+2 string IIXPR3 Intel Quark Express Document (English)
+2 string IIXPRa Intel Quark Express Document (Korean)
+2 string MMXPR3 Motorola Quark Express Document (English)
+!:mime application/x-quark-xpress-3
+2 string MMXPRa Motorola Quark Express Document (Korean)
+
+# From: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/PageMaker
+# https://en.wikipedia.org/wiki/Adobe_PageMaker
+# Reference: http://mark0.net/download/triddefs_xml.7z/defs/p
+# pm4-pagemaker.trid.xml
+# pm5-pagemaker.trid.xml
+# Note: since version 6 in 1995 called Adobe PageMaker and
+# embedded in Compound Document handled by ./ole2compounddocs
+# mainly tested little endian variant
+4 ubelong =0x0000FF99
+>0 use PageMaker
+# big endian variant
+4 ubelong =0x000099FF
+>0 use \^PageMaker
+# display information of Aldus/Adobe PageMaker document/publication
+0 name PageMaker
+>110 uleshort <0x0600 Aldus
+>110 uleshort >0x05FF Adobe
+>110 uleshort x PageMaker
+# "MP" marker for newer version 4 and above according to TrID
+#>108 string x \b, MARKER "%.2s"
+# http://www.nationalarchives.gov.uk/pronom/fmt/876
+!:mime application/vnd.pagemaker
+#!:mime application/x-pagemaker
+# different file name extensions are used depending on version
+# older version like 3
+>110 uleshort/256 =0 document
+# https://www.macdisk.com/macsigen.php
+!:apple ALB3ALD3
+# PT3 for template and no example for PageMaker document/publication with PM3 extension
+!:ext pm3/pt3
+>110 uleshort/256 =4 document
+!:apple ALD4ALB4
+# no example for PT4 template
+!:ext pm4/pt4
+>110 uleshort/256 =5 document
+!:apple ALD5ALB5
+# no example for PT5 template
+!:ext pm5/pt5
+>110 uleshort =0x0600 document
+!:apple ALD6ALB6
+# PT6 for template
+!:ext pm6/pt6
+# HOWTO to distinguish version 7 from 6.5 ?
+>110 uleshort =0x0632 document
+!:apple AD65AB65
+# no example for T65 template
+!:ext p65/t65/pmd/pmt
+# version 7 with PMT extension for template
+#!:ext pmd/pmt
+#!:apple ????PUBF
+# endian marker FF 99 for little endian
+>6 ubyte =0xFF \b, little-endian
+>6 ubyte =0x99 \b, big-endian
+# newer numeric version like: 4 5 6 6.50
+#>110 uleshort x \b, VERSION=%#x
+>110 uleshort >0x03FF
+>>110 uleshort/256 x \b, version %u
+>>110 uleshort%256 >0 \b.%u
+# older version like 3
+>110 uleshort <0x0400 \b, maybe version 3
+
+# adobe indesign (document, whatever...) from querkan
+0 belong 0x0606edf5 Adobe InDesign
+>16 string DOCUMENT Document
+
+#------------------------------------------------------------------------------
+# ichitaro456: file(1) magic for Just System Word Processor Ichitaro
+#
+# Contributor kenzo-:
+# Reversed-engineered JS Ichitaro magic numbers
+#
+
+0 string DOC
+>43 byte 0x14 Just System Word Processor Ichitaro v4
+!:mime application/x-ichitaro4
+>144 string JDASH application/x-ichitaro4
+
+0 string DOC
+>43 byte 0x15 Just System Word Processor Ichitaro v5
+!:mime application/x-ichitaro5
+
+0 string DOC
+>43 byte 0x16 Just System Word Processor Ichitaro v6
+!:mime application/x-ichitaro6
+
+# Type: Freemind mindmap documents
+# From: Jamie Thompson <debian-bugs@jamie-thompson.co.uk>
+0 string/w \<map\ version Freemind document
+!:mime application/x-freemind
+
+# Type: Freeplane mindmap documents
+# From: Felix Natter <fnatter@gmx.net>
+0 string/w \<map\ version="freeplane Freeplane document
+!:mime application/x-freeplane
+
+# Type: Scribus
+# From: Werner Fink <werner@suse.de>
+0 string \<SCRIBUSUTF8\ Version Scribus Document
+0 string \<SCRIBUSUTF8NEW\ Version Scribus Document
+!:mime application/x-scribus
+
+# help files .hlp compiled from html and used by gfxboot added by Joerg Jenderek
+# markups page=0x04,label=0x12, followed by strings like "opt" or "main" and title=0x14
+0 ulelong&0x8080FFFF 0x00001204 gfxboot compiled html help file
+
+# From: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/StarOffice
+# Reference: http://mark0.net/download/triddefs_xml.7z
+# /defs/t/thm-staroffice.trid.xml
+# Note: used in Star-, Open- and Libre-Office
+# named as soffice.StarConfigFile.6 or OpenOffice.org configuration by others
+0 ubeshort 0x0400
+# non nil gap
+#>(2.s+8) ubequad x \b, gap %#16.16llx
+# test for null value in gap after theme name maybe unreliable
+#>(2.s+9) ubyte 0 \b, 0-byte
+# look for keyword GALRESRV near the end
+# "C:\Program Files (x86)\StarOffice6.0\share\gallery\sg27.thm" Navigation, 238 objects
+#>0 search/8415 GALRESRV \b, GALRESRV found
+# "neues thema6.thm" MorePictures, 315 objects
+#>0 search/19299 GALRESRV \b, GALRESRV FOUND
+#>2 uleshort x \b, name length %u
+# skip file2147.chk by check for positive name length like for sg16.thm "3D"
+>2 uleshort >0
+# skip dBase printer form T6.PRF with misidentified gallery
+# name :\DBASE\IV\T6.txts by check for 1st object name or RESRV keyword
+# https://www.clicketyclick.dk/databases/xbase/xbase/dbase_ex.zip
+# template/t6/with_data/T6.PRF
+# by first char of object name or RESRV part of keyword GALRESRV
+>>(2.s+13) ubyte >0x1F StarOffice Gallery theme
+!:mime application/x-stargallery-thm
+# thm is also used for JPEG thumbnail images
+!:ext thm
+# gallery name often 1 word like: 3D sounds Diagrams Flussdiagramme Fotos
+# or like private://gallery/hidden/imgppt "Cisco - WAN - LAN"
+>>>2 pstring/h x %s
+# number of objects
+>>>(2.s+4) ulelong x \b, %u object
+# plural s
+>>>(2.s+4) ulelong !1 \bs
+# if available then display first object name
+>>>(2.s+4) ulelong >0
+# partial file name, URL or internal name like "dd2*" of 1st object or RESRV
+>>>>(2.s+11) pstring/h x \b, 1st %s
+
+# From: Joerg Jenderek
+# URL: http://fileformats.archiveteam.org/wiki/StarOffice_Gallery
+# Note: used in Star-, Open- and Libre-Office and found in directories like
+# %APPDATA%\Roaming\LibreOffice\4\user\gallery
+# $HOME/.config/libreoffice/4/user/gallery
+0 string SGA3 StarOffice Gallery thumbnails
+# Unknown like 0x04000?0001000142
+#>4 ubequad x \b, UNKNOWN %#16.16llx
+#!:mime application/x-sdg
+!:mime application/x-stargallery-sdg
+!:ext sdg
+# display image magic for debugging purpose like 'BM'
+# looking like PC bitmap, Windows 3.x format with unknown compression
+#>11 string x \b, image magic '%-.2s'
+# inspect 1st GALLERY thumbnail magic by ./images with 1 space at end
+#>11 indirect x \b; contains
+
diff --git a/magic/Magdir/wsdl b/magic/Magdir/wsdl
new file mode 100644
index 0000000..1c9e60a
--- /dev/null
+++ b/magic/Magdir/wsdl
@@ -0,0 +1,23 @@
+
+#------------------------------------------------------------------------------
+# $File: wsdl,v 1.6 2021/04/26 15:56:00 christos Exp $
+# wsdl: PHP WSDL Cache, https://www.php.net/manual/en/book.soap.php
+# Cache format extracted from source:
+# https://svn.php.net/viewvc/php/php-src/trunk/ext/soap/php_sdl.c?revision=HEAD&view=markup
+# Requires file >= 5.05
+# By Elan Ruusamae <glen@delfi.ee>, Patryk Zawadzki <patrys@pld-linux.org>, 2010-2011
+0 string wsdl PHP WSDL cache,
+>4 byte x version %#02x
+>6 ledate x \b, created %s
+
+# uri
+>10 lelong <0x7fffffff
+>>10 pstring/l x \b, uri: "%s"
+
+# source
+>>>&0 lelong <0x7fffffff
+>>>>&-4 pstring/l x \b, source: "%s"
+
+# target_ns
+>>>>>&0 lelong <0x7fffffff
+>>>>>>&-4 pstring/l x \b, target_ns: "%s"
diff --git a/magic/Magdir/x68000 b/magic/Magdir/x68000
new file mode 100644
index 0000000..927b96d
--- /dev/null
+++ b/magic/Magdir/x68000
@@ -0,0 +1,25 @@
+#------------------------------------------------------------------------------
+# x68000: file(1) magic for the Sharp Home Computer
+# v1.0
+# Fabio R. Schmidlin <sd-snatcher@users.sourceforge.net>
+
+# Yanagisawa PIC picture
+0 string PIC
+>3 search/0x200 \x1A
+>>&0 search/0x200 \x0
+>>>&0 ubyte 0 Yanagisawa PIC image file,
+>>>>&0 ubyte&15 0 model: X68000,
+>>>>&0 ubyte&15 1 model: PC-88VA,
+>>>>&0 ubyte&15 2 model: FM-TOWNS,
+>>>>&0 ubyte&15 3 model: MAC,
+>>>>&0 ubyte&15 15 model: Generic,
+>>>>&3 ubeshort x %dx
+>>>>&5 ubeshort x \b%d,
+>>>>&1 ubeshort 4 colors: 16
+>>>>&1 ubeshort 8 colors: 256
+>>>>&1 ubeshort 12 colors: 4096
+>>>>&1 ubeshort 15 colors: 32768
+>>>>&1 ubeshort 16 colors: 65536
+>>>>&1 ubeshort >16 colors: %d-bit
+
+
diff --git a/magic/Magdir/xdelta b/magic/Magdir/xdelta
new file mode 100644
index 0000000..fde1d26
--- /dev/null
+++ b/magic/Magdir/xdelta
@@ -0,0 +1,13 @@
+
+#------------------------------------------------------------------------------
+# $File: xdelta,v 1.5 2011/08/08 09:01:05 christos Exp $
+# file(1) magic(5) data for xdelta Josh MacDonald <jmacd@CS.Berkeley.EDU>
+#
+0 string %XDELTA% XDelta binary patch file 0.14
+0 string %XDZ000% XDelta binary patch file 0.18
+0 string %XDZ001% XDelta binary patch file 0.20
+0 string %XDZ002% XDelta binary patch file 1.0
+0 string %XDZ003% XDelta binary patch file 1.0.4
+0 string %XDZ004% XDelta binary patch file 1.1
+
+0 string \xD6\xC3\xC4\x00 VCDIFF binary diff
diff --git a/magic/Magdir/xenix b/magic/Magdir/xenix
new file mode 100644
index 0000000..fc8027b
--- /dev/null
+++ b/magic/Magdir/xenix
@@ -0,0 +1,106 @@
+
+#------------------------------------------------------------------------------
+# $File: xenix,v 1.15 2022/10/19 20:15:16 christos Exp $
+# xenix: file(1) magic for Microsoft Xenix
+#
+# "Middle model" stuff, and "Xenix 8086 relocatable or 80286 small
+# model" lifted from "magic.xenix", with comment "derived empirically;
+# treat as folklore until proven"
+#
+# "small model", "large model", "huge model" stuff lifted from XXX
+#
+# XXX - "x.out" collides with PDP-11 archives
+#
+0 string core core file (Xenix)
+# URL: http://www.polarhome.com/service/man/?qf=86rel&tf=2&of=Xenix
+# http://fileformats.archiveteam.org/wiki/OMF
+# Reference: http://www.azillionmonkeys.com/qed/Omfg.pdf
+# Update: Joerg Jenderek
+# recordtype~TranslatorHEADerRecord
+0 byte 0x80
+# GRR: line above is too general as it catches also Extensible storage engine DataBase,
+# all lif files like forth.lif hpcc88.lif lex90b.lif ( See ./lif)
+# and all compressed DEGAS low-res bitmaps like: MUNCHIE.PC1 PIDER1.PC1
+# skip examples like GENA.SND Switch.Snd by looking for record length maximal 1024-3
+>1 uleshort <1022
+# skip examples like GAME.PICTURE Strange.Pic by looking for positive record length
+>>1 uleshort >0
+# skip examples like Xtable.Data FRACTAL.GEN SHR.VIEW by looking for positive string length
+>>>3 ubyte >0
+# skip examples like OMBRE.6 with "UUUUUU" name by looking for valid high second record type
+>>>>(1.s+3) ubyte >0x6D
+# skip few Atari DEGAS bitmap TPDEMO.PC2 RECIPE.PC2 with invalid "high" second record type FEh FFh
+>>>>>(1.s+3) ubyte <0xF2 8086 relocatable (Microsoft)
+#!:mime application/octet-stream
+!:mime application/x-object
+!:ext obj/o/a
+# T-module name often source name like "hello.c" or "jmppm32.asm" in JMPPM32.OBJ or
+# "kbhit" in KBHITS.OBJ or "CAUSEWAY_KERNAL" in CWAPI.OBJ
+>>>>>>3 pstring x \b, "%s"
+# data length probably lower 256 according to TrID obj_omf.trid.xml
+>>>>>>1 uleshort x \b, 1st record data length %u
+# checksum
+#>>>>>>(3.b+4) ubyte x \b, checksum %#2.2x
+# second recordtype: 96h~LNAMES 88h~COMENT 8CH~EXTDEF
+# highest F1h~Library End Record
+>>>>>>(1.s+3) ubyte x \b, 2nd record type %#x
+>>>>>>(1.s+4) uleshort x \b, 2nd record data length %u
+0 leshort 0xff65 x.out
+>2 string __.SYMDEF randomized
+>0 byte x archive
+0 leshort 0x206 Microsoft a.out
+>8 leshort 1 Middle model
+>0x1e leshort &0x10 overlay
+>0x1e leshort &0x2 separate
+>0x1e leshort &0x4 pure
+>0x1e leshort &0x800 segmented
+>0x1e leshort &0x400 standalone
+>0x1e leshort &0x8 fixed-stack
+>0x1c byte &0x80 byte-swapped
+>0x1c byte &0x40 word-swapped
+>0x10 lelong >0 not-stripped
+>0x1e leshort ^0xc000 pre-SysV
+>0x1e leshort &0x4000 V2.3
+>0x1e leshort &0x8000 V3.0
+>0x1c byte &0x4 86
+>0x1c byte &0xb 186
+>0x1c byte &0x9 286
+>0x1c byte &0xa 386
+>0x1f byte <0x040 small model
+>0x1f byte =0x048 large model
+>0x1f byte =0x049 huge model
+>0x1e leshort &0x1 executable
+>0x1e leshort ^0x1 object file
+>0x1e leshort &0x40 Large Text
+>0x1e leshort &0x20 Large Data
+>0x1e leshort &0x120 Huge Objects Enabled
+>0x10 lelong >0 not stripped
+
+0 leshort 0x140 old Microsoft 8086 x.out
+>0x3 byte &0x4 separate
+>0x3 byte &0x2 pure
+>0 byte &0x1 executable
+>0 byte ^0x1 relocatable
+>0x14 lelong >0 not stripped
+
+0 lelong 0x206 b.out
+>0x1e leshort &0x10 overlay
+>0x1e leshort &0x2 separate
+>0x1e leshort &0x4 pure
+>0x1e leshort &0x800 segmented
+>0x1e leshort &0x400 standalone
+>0x1e leshort &0x1 executable
+>0x1e leshort ^0x1 object file
+>0x1e leshort &0x4000 V2.3
+>0x1e leshort &0x8000 V3.0
+>0x1c byte &0x4 86
+>0x1c byte &0xb 186
+>0x1c byte &0x9 286
+>0x1c byte &0x29 286
+>0x1c byte &0xa 386
+>0x1e leshort &0x4 Large Text
+>0x1e leshort &0x2 Large Data
+>0x1e leshort &0x102 Huge Objects Enabled
+
+0 leshort 0x580 XENIX 8086 relocatable or 80286 small model
+# GRR: line above is too general as it catches also all 8086 relocatable (Microsoft) with 1st record data length 5 C0M.OBJ C0T.OBJ C0S.OBJ
diff --git a/magic/Magdir/xilinx b/magic/Magdir/xilinx
new file mode 100644
index 0000000..fd14678
--- /dev/null
+++ b/magic/Magdir/xilinx
@@ -0,0 +1,58 @@
+
+#------------------------------------------------------------------------------
+# $File: xilinx,v 1.10 2022/12/18 14:59:32 christos Exp $
+# This is Aaron's attempt at a MAGIC file for Xilinx .bit files.
+# Xilinx-Magic@RevRagnarok.com
+# Got the info from FPGA-FAQ 0026
+#
+# Rewritten to use pstring/H instead of hardcoded lengths by O. Freyermuth,
+# fixes at least reading of bitfiles from Spartan 2, 3, 6.
+# http://www.fpga-faq.com/FAQ_Pages/0026_Tell_me_about_bit_files.htm
+#
+# First there is the sync header and its length
+0 beshort 0x0009
+>2 belong =0x0ff00ff0
+>>&0 belong =0x0ff00ff0
+>>>&0 byte =0x00
+>>>&1 beshort =0x0001
+>>>&3 string a Xilinx BIT data
+# Next is a Pascal-style string with the NCD name. We want to capture that.
+>>>>&0 pstring/H x - from %s
+# And then 'b'
+>>>>>&1 string b
+# Then the model / part number:
+>>>>>>&0 pstring/H x - for %s
+# Then 'c'
+>>>>>>>&1 string c
+# Then the build-date
+>>>>>>>>&0 pstring/H x - built %s
+# Then 'd'
+>>>>>>>>>&1 string d
+# Then the build-time
+>>>>>>>>>>&0 pstring/H x \b(%s)
+# Then 'e'
+>>>>>>>>>>>&1 string e
+# And length of data
+>>>>>>>>>>>>&0 belong x - data length %#x
+
+# Raw bitstream files
+0 long 0xffffffff
+>&0 belong 0xaa995566 Xilinx RAW bitstream (.BIN)
+
+# AXLF (xclbin) files used by AMD/Xilinx accelerators.
+# The file format is defined by XRT source tree:
+# https://github.com/Xilinx/XRT/blob/master/src/runtime_src/core/include/xclbin.h
+# Display file size, creation date, accelerator shell name, xclbin uuid and
+# number of sections.
+
+0 string xclbin2 AMD/Xilinx accelerator AXLF (xclbin) file
+>0x130 lequad x \b, %lld bytes
+>0x138 leqdate x \b, created %s
+>0x160 string >0 \b, shell "%.64s"
+>0x1a0 ubelong x \b, uuid %08x
+>0x1a4 ubeshort x \b-%04x
+>0x1a6 ubeshort x \b-%04x
+>0x1a8 ubeshort x \b-%04x
+>0x1aa ubelong x \b-%08x
+>0x1ae ubeshort x \b%04x
+>0x1c0 lelong x \b, %d sections \ No newline at end of file
diff --git a/magic/Magdir/xo65 b/magic/Magdir/xo65
new file mode 100644
index 0000000..f7b555f
--- /dev/null
+++ b/magic/Magdir/xo65
@@ -0,0 +1,37 @@
+
+#------------------------------------------------------------------------------
+# $File: xo65,v 1.5 2022/07/17 15:36:20 christos Exp $
+# https://cc65.github.io/doc/sim65.html
+# xo65 object files
+# From: "Ullrich von Bassewitz" <uz@cc65.org>
+#
+0 string \x55\x7A\x6E\x61 xo65 object,
+>4 leshort x version %d,
+>6 leshort&0x0001 =0x0001 with debug info
+>6 leshort&0x0001 =0x0000 no debug info
+
+# xo65 library files
+0 string \x6E\x61\x55\x7A xo65 library,
+>4 leshort x version %d
+
+# o65 object files
+0 string \x01\x00\x6F\x36\x35 o65
+>6 leshort&0x1000 =0x0000 executable,
+>6 leshort&0x1000 =0x1000 object,
+>5 byte x version %d,
+>6 leshort&0x8000 =0x8000 65816,
+>6 leshort&0x8000 =0x0000 6502,
+>6 leshort&0x2000 =0x2000 32 bit,
+>6 leshort&0x2000 =0x0000 16 bit,
+>6 leshort&0x4000 =0x4000 page reloc,
+>6 leshort&0x4000 =0x0000 byte reloc,
+>6 leshort&0x0003 =0x0000 alignment 1
+>6 leshort&0x0003 =0x0001 alignment 2
+>6 leshort&0x0003 =0x0002 alignment 4
+>6 leshort&0x0003 =0x0003 alignment 256
+
+# sim65 executable files
+0 string \x73\x69\x6d\x36\x35 sim65 executable,
+>5 byte x version %d,
+>6 leshort&0x0000 =0x0000 6502
+>6 leshort&0x0001 =0x0001 65C02
diff --git a/magic/Magdir/xwindows b/magic/Magdir/xwindows
new file mode 100644
index 0000000..d8c08c8
--- /dev/null
+++ b/magic/Magdir/xwindows
@@ -0,0 +1,43 @@
+
+#------------------------------------------------------------------------------
+# $File: xwindows,v 1.13 2022/03/24 15:48:58 christos Exp $
+# xwindows: file(1) magic for various X/Window system file formats.
+
+# Compiled X Keymap
+# XKM (compiled X keymap) files (including version and byte ordering)
+1 string mkx Compiled XKB Keymap: lsb,
+>0 byte >0 version %d
+>0 byte =0 obsolete
+0 string xkm Compiled XKB Keymap: msb,
+>3 byte >0 version %d
+>3 byte =0 obsolete
+
+# xfsdump archive
+0 string xFSdump0 xfsdump archive
+>8 belong x (version %d)
+
+# Jaleo XFS files
+0 long 395726 Jaleo XFS file
+>4 long x - version %d
+>8 long x - [%d -
+>20 long x \b%dx
+>24 long x \b%dx
+>28 long 1008 \bYUV422]
+>28 long 1000 \bRGB24]
+
+# Xcursor data
+# X11 mouse cursor format defined in libXcursor, see
+# https://www.x.org/archive/X11R6.8.1/doc/Xcursor.3.html
+# https://cgit.freedesktop.org/xorg/lib/libXcursor/tree/include/X11/Xcursor/Xcursor.h
+0 string Xcur Xcursor data
+!:mime image/x-xcursor
+>10 leshort x version %d
+>>8 leshort x \b.%d
+
+# X bitmap https://en.wikipedia.org/wiki/X_BitMap
+0 search/2048 #define\040
+>&0 regex [a-zA-Z0-9]+_width\040 xbm image
+>>&0 regex [0-9]+ (%sx
+>>>&0 string \n#define\040
+>>>>&0 regex [a-zA-Z0-9]+_height\040
+>>>>>&0 regex [0-9]+ \b%s)
diff --git a/magic/Magdir/yara b/magic/Magdir/yara
new file mode 100644
index 0000000..6156cc6
--- /dev/null
+++ b/magic/Magdir/yara
@@ -0,0 +1,17 @@
+
+
+#------------------------------------------------------------------------------
+# $File: yara,v 1.4 2021/04/26 15:56:00 christos Exp $
+# yara: file(1) magic for https://virustotal.github.io/yara/
+#
+
+0 string YARA
+>4 lelong >2047
+>8 byte <20 YARA 3.x compiled rule set
+# version
+>>8 clear x
+>>8 byte 6 created with version 3.3.0
+>>8 byte 8 created with version 3.4.0
+>>8 byte 11 created with version 3.5.0
+>>8 default x
+>>>8 byte x development version %#02x
diff --git a/magic/Magdir/zfs b/magic/Magdir/zfs
new file mode 100644
index 0000000..5cb0fdd
--- /dev/null
+++ b/magic/Magdir/zfs
@@ -0,0 +1,96 @@
+#------------------------------------------------------------------------------
+# zfs: file(1) magic for ZFS dumps
+#
+# From <rea-fbsd@codelabs.ru>
+# ZFS dump header has the following structure (as per zfs_ioctl.h
+# in FreeBSD with drr_type is set to DRR_BEGIN)
+#
+# enum {
+# DRR_BEGIN, DRR_OBJECT, DRR_FREEOBJECTS,
+# DRR_WRITE, DRR_FREE, DRR_END,
+# } drr_type;
+# uint32_t drr_pad;
+# uint64_t drr_magic;
+# uint64_t drr_version;
+# uint64_t drr_creation_time;
+# dmu_objset_type_t drr_type;
+# uint32_t drr_pad;
+# uint64_t drr_toguid;
+# uint64_t drr_fromguid;
+# char drr_toname[MAXNAMELEN];
+#
+# Backup magic is 0x00000002f5bacbac (quad word)
+# The drr_type is defined as
+# typedef enum dmu_objset_type {
+# DMU_OST_NONE,
+# DMU_OST_META,
+# DMU_OST_ZFS,
+# DMU_OST_ZVOL,
+# DMU_OST_OTHER, /* For testing only! */
+# DMU_OST_ANY, /* Be careful! */
+# DMU_OST_NUMTYPES
+# } dmu_objset_type_t;
+#
+# Almost all uint64_t fields are printed as the 32-bit ones (with high
+# 32 bits zeroed), because there is no simple way to print them as the
+# full 64-bit values.
+
+# Big-endian values
+8 string \000\000\000\002\365\272\313\254 ZFS snapshot (big-endian machine),
+>20 belong x version %u,
+>32 belong 0 type: NONE,
+>32 belong 1 type: META,
+>32 belong 2 type: ZFS,
+>32 belong 3 type: ZVOL,
+>32 belong 4 type: OTHER,
+>32 belong 5 type: ANY,
+>32 belong >5 type: UNKNOWN (%u),
+>40 byte x destination GUID: %02X
+>41 byte x %02X
+>42 byte x %02X
+>43 byte x %02X
+>44 byte x %02X
+>45 byte x %02X
+>46 byte x %02X
+>47 byte x %02X,
+>48 ulong >0
+>>52 ulong >0
+>>>48 byte x source GUID: %02X
+>>>49 byte x %02X
+>>>50 byte x %02X
+>>>51 byte x %02X
+>>>52 byte x %02X
+>>>53 byte x %02X
+>>>54 byte x %02X
+>>>55 byte x %02X,
+>56 string >\0 name: '%s'
+
+# Little-endian values
+8 string \254\313\272\365\002\000\000\000 ZFS snapshot (little-endian machine),
+>16 lelong x version %u,
+>32 lelong 0 type: NONE,
+>32 lelong 1 type: META,
+>32 lelong 2 type: ZFS,
+>32 lelong 3 type: ZVOL,
+>32 lelong 4 type: OTHER,
+>32 lelong 5 type: ANY,
+>32 lelong >5 type: UNKNOWN (%u),
+>47 byte x destination GUID: %02X
+>46 byte x %02X
+>45 byte x %02X
+>44 byte x %02X
+>43 byte x %02X
+>42 byte x %02X
+>41 byte x %02X
+>40 byte x %02X,
+>48 ulong >0
+>>52 ulong >0
+>>>55 byte x source GUID: %02X
+>>>54 byte x %02X
+>>>53 byte x %02X
+>>>52 byte x %02X
+>>>51 byte x %02X
+>>>50 byte x %02X
+>>>49 byte x %02X
+>>>48 byte x %02X,
+>56 string >\0 name: '%s'
diff --git a/magic/Magdir/zilog b/magic/Magdir/zilog
new file mode 100644
index 0000000..1c861fb
--- /dev/null
+++ b/magic/Magdir/zilog
@@ -0,0 +1,12 @@
+
+#------------------------------------------------------------------------------
+# $File: zilog,v 1.7 2009/09/19 16:28:13 christos Exp $
+# zilog: file(1) magic for Zilog Z8000.
+#
+# Was it big-endian or little-endian? My Product Specification doesn't
+# say.
+#
+0 long 0xe807 object file (z8000 a.out)
+0 long 0xe808 pure object file (z8000 a.out)
+0 long 0xe809 separate object file (z8000 a.out)
+0 long 0xe805 overlay object file (z8000 a.out)
diff --git a/magic/Magdir/zip b/magic/Magdir/zip
new file mode 100644
index 0000000..abf5284
--- /dev/null
+++ b/magic/Magdir/zip
@@ -0,0 +1,126 @@
+#------------------------------------------------------------------------------
+# $File: zip,v 1.8 2021/10/24 15:53:56 christos Exp $
+# zip: file(1) magic for zip files; this is not use
+# Note the version of magic in archive is currently stronger, this is
+# just an example until negative offsets are supported better
+# Note: All fields unless otherwise noted are unsigned!
+
+# Zip Central Directory record
+0 name zipcd
+>0 string PK\001\002 Zip archive data
+!:mime application/zip
+# no "made by" in local file header with PK\3\4 magic
+>>4 leshort x \b, made by
+>>4 use zipversion
+>>4 use ziphost
+# inside ./archive 1.151 called "at least" zipversion "to extract"
+>>6 leshort x \b, extract using at least
+>>6 use zipversion
+# This is DOS date like: ledate 21:00:48 19 Dec 2001 != DOS 00:00 1 Jan 2010 ~ 0000213C
+>>12 ulelong x \b, last modified
+>>14 lemsdosdate x \b, last modified %s
+>>12 lemsdostime x %s
+# uncompressed size of 1st entry; FFffFFff means real value stored in ZIP64 record
+>>24 ulelong !0xFFffFFff \b, uncompressed size %u
+# inside ./archive 1.151 called "compression method="zipcompression
+>>10 leshort x \b, method=
+>>10 use zipcompression
+
+# URL: https://en.wikipedia.org/wiki/Zip_(file_format)
+# reference: https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT (Version: 6.3.9)
+# Zip known compressions
+0 name zipcompression
+>0 leshort 0 \bstore
+>0 leshort 1 \bShrinking
+>0 leshort 6 \bImploding
+>0 leshort 7 \bTokenizing
+>0 leshort 8 \bdeflate
+>0 leshort 9 \bdeflate64
+>0 leshort 10 \bLibrary imploding
+#>0 leshort 11 \bReserved by PKWARE
+>0 leshort 12 \bbzip2
+#>0 leshort 13 \bReserved by PKWARE
+>0 leshort 14 \blzma
+#>0 leshort 15 \bReserved by PKWARE
+>0 leshort 16 \bCMPSC (IBM z/OS)
+#>0 leshort 17 \bReserved by PKWARE
+>0 leshort 18 \bIBM TERSE
+>0 leshort 19 \bIBM LZ77 (z/Architecture)
+>0 leshort 20 \bZstd (deprecated)
+>0 leshort 93 \bZstd
+>0 leshort 94 \bMP3
+>0 leshort 95 \bxz
+>0 leshort 96 \bJpeg
+>0 leshort 97 \bWavPack
+>0 leshort 98 \bPPMd
+>0 leshort 99 \bAES Encrypted
+>0 default x
+>>0 leshort x \b[%#x]
+
+# Zip known versions
+0 name zipversion
+# The lower byte indicates the ZIP version of this file. The value/10 indicates
+# the major version number, and the value mod 10 is the minor version number.
+>0 ubyte/10 x v%u
+>0 ubyte%10 x \b.%u
+# >0 leshort 0x09 v0.9
+# >0 leshort 0x0a v1.0
+# >0 leshort 0x0b v1.1
+# >0 leshort 0x14 v2.0
+# >0 leshort 0x15 v2.1
+# >0 leshort 0x19 v2.5
+# >0 leshort 0x1b v2.7
+# >0 leshort 0x2d v4.5
+# >0 leshort 0x2e v4.6
+# >0 leshort 0x32 v5.0
+# >0 leshort 0x33 v5.1
+# >0 leshort 0x34 v5.2
+# >0 leshort 0x3d v6.1
+# >0 leshort 0x3e v6.2
+# >0 leshort 0x3f v6.3
+# >0 default x
+# >>0 leshort x v?[%#x]
+
+# display compatible host system name of ZIP archive
+0 name ziphost
+# The upper byte indicates the compatibility of the file attribute information.
+# If the file is compatible with MS-DOS (v 2.04g) then this value will be zero.
+#>1 ubyte 0 DOS
+>1 ubyte 1 Amiga
+>1 ubyte 2 OpenVMS
+>1 ubyte 3 UNIX
+>1 ubyte 4 VM/CMS
+>1 ubyte 6 OS/2
+>1 ubyte 7 Macintosh
+>1 ubyte 11 MVS
+>1 ubyte 13 Acorn Risc
+>1 ubyte 16 BeOS
+>1 ubyte 17 Tandem
+# 9 untested
+>1 ubyte 5 Atari ST
+>1 ubyte 8 Z-System
+>1 ubyte 9 CP/M
+>1 ubyte 10 Windows NTFS
+>1 ubyte 12 VSE
+>1 ubyte 14 VFAT
+>1 ubyte 15 alternate MVS
+>1 ubyte 18 OS/400
+>1 ubyte 19 OS X
+# unused
+#>1 ubyte >19 unused %#x
+
+# Zip End Of Central Directory record
+# GRR: wrong for ZIP with comment archive
+-22 string PK\005\006
+#>4 uleshort !0xFFff \b, %u disks
+#>6 uleshort !0xFFff \b, central directory disk %u
+#>8 uleshort !0xFFff \b, %u central directories on this disk
+#>10 uleshort !0xFFff \b, %u central directories
+#>12 ulelong !0xFFffFFff \b, %u central directory bytes
+# offset of central directory
+#>16 ulelong x \b, central directory offset %#x
+>(16.l) use zipcd
+# archive comment length n
+#>>20 uleshort >0 \b, comment length %u
+# archive comment
+>>20 pstring/l >0 \b, %s
diff --git a/magic/Magdir/zyxel b/magic/Magdir/zyxel
new file mode 100644
index 0000000..d3a43e4
--- /dev/null
+++ b/magic/Magdir/zyxel
@@ -0,0 +1,17 @@
+
+#------------------------------------------------------------------------------
+# $File: zyxel,v 1.6 2009/09/19 16:28:13 christos Exp $
+# zyxel: file(1) magic for ZyXEL modems
+#
+# From <rob@pe1chl.ampr.org>
+# These are the /etc/magic entries to decode datafiles as used for the
+# ZyXEL U-1496E DATA/FAX/VOICE modems. (This header conforms to a
+# ZyXEL-defined standard)
+
+0 string ZyXEL\002 ZyXEL voice data
+>10 byte 0 - CELP encoding
+>10 byte&0x0B 1 - ADPCM2 encoding
+>10 byte&0x0B 2 - ADPCM3 encoding
+>10 byte&0x0B 3 - ADPCM4 encoding
+>10 byte&0x0B 8 - New ADPCM3 encoding
+>10 byte&0x04 4 with resync