hannob
commented
3 years ago This looks identical to me. The "ascii part" - i.e. 7zXZ - translates to the hex codes 37 7A 58 5A. This ends up being the same what you pasted from your hex editor.
Maybe you got confused that the string does not contain all the characters in hex and just the ones that aren't ascii representable?
security-companion
Hi, I've got a question about your verification for .tar.xz files. I can see your check in the code as follows https://github.com/hannob/snallygaster/blob/505df4729164302c234cc45143a11606334460a1/snallygaster#L367
However if I look with notepad++ HEX Editor plugin eg. into https://github-releases.githubusercontent.com/80314213/94a2a200-bbf5-11eb-9955-54e74d16d48a?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20210618%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210618T120127Z&X-Amz-Expires=300&X-Amz-Signature=c3698f1382643372fa427cc802aa97b692a65a5001e4209d4416dea7bdce86bb&X-Amz-SignedHeaders=host&actor_id=11234621&key_id=0&repo_id=80314213&response-content-disposition=attachment%3B%20filename%3Dexpat-2.4.1.tar.xz&response-content-type=application%2Foctet-stream I can see another byte order:
Am I doing something wrong here?