jbremer
commented
6 years ago Could make sense although you might want to move the logic slightly. Do you have a sample to showcase this behavior?
Open timeaston opened 6 years ago
jbremer
commented
6 years ago Could make sense although you might want to move the logic slightly. Do you have a sample to showcase this behavior?
I noticed some large ELF binaries having a package set as 'js' instead of 'generic' due to strings found within & that the ident.py identifiers check by looking across the entire file contents. As one mitigation method should the buffer/contents being checked be limited to 0x1000 to align with the check at the top of the identifier function (if not f.stream.read(0x1000):)?
Was the purpose of overwriting the package predominantly for archives? Is it worth placing a conditional within main.unpack() along the line of- if f.type == "container": # or != "file" ? ident(f)