2

I have a blob of binary data (network capture) that is parsed by a binary on my machine. I am assuming that because the binary expects a type of data, no header information indicating the type of compression is necessary as that would be wasted bandwidth. How then, if given an arbitrary amount of binary data, can I determine the method of compression? Also how do I go about decompressing?

PEiD plugin "Kanal" tells me the binary has "BZIP2 [long]" and "ZLIB deflate [long]" features in it, but what program can I use to say "treat this arbitrary data like it's bzip2, even though there is no header/magic number, and see what the decompression result is" and where "bzip2" can be replaced with any compression method? Is this possible?

edit: this is similar to: How to detect type of compression used on the file? (if no file extension is specified) only this time, no header info is specified.

Thanks!

Community
  • 1
  • 1
zz3star90
  • 165
  • 1
  • 11

1 Answers1

0

Just start decompressing. zlib will detect very quickly if it is not deflate data being fed to it. I don't know how quickly libbzip2 will figure that out, but if you have only those two choices then just try zlib first.

Mark Adler
  • 101,978
  • 13
  • 118
  • 158