View Source Infer.App (Infer v0.2.4)

Application type matchers based on the magic number

Link to this section Summary

Functions

Takes the binary file contents as arguments. Returns true if it's a Common Object File Format.

Takes the binary file contents as arguments. Returns true if it's a Common Object File Format for i386 architecture.

Takes the binary file contents as arguments. Returns true if it's a Common Object File Format for Itanium architecture.

Takes the binary file contents as arguments. Returns true if it's a Common Object File Format for x64 architecture.

Takes the binary file contents as arguments. Returns true if it's a DER encoded X.509 certificate.

Takes the binary file contents as arguments. Returns true if it's a Dalvik Executable (DEX).

Takes the binary file contents as arguments. Returns true if it's a Optimized Dalvik Executable (ODEX).

Takes the binary file contents as arguments. Returns true if it's a EXE or DLL.

Takes the binary file contents as arguments. Returns true if it's a elf.

Takes the binary file contents as arguments. Returns true if it's a EXE or DLL.

Takes the binary file contents as arguments. Returns true if it's compiled java bytecode.

Takes the binary file contents as arguments. Returns true if it's LLVM bitcode.

Takes the binary file contents as arguments. Returns true if it's a Mach-O binary. Mach-O binaries can be one of four variants: x86, x64, PowerPC, "Fat" (x86 + PowerPC)

Takes the binary file contents as arguments. Returns true if it's a WASM.

Link to this section Functions

Specs

coff?(binary()) :: boolean()

Takes the binary file contents as arguments. Returns true if it's a Common Object File Format.

Specs

coff_i386?(binary()) :: boolean()

Takes the binary file contents as arguments. Returns true if it's a Common Object File Format for i386 architecture.

Specs

coff_ia64?(binary()) :: boolean()

Takes the binary file contents as arguments. Returns true if it's a Common Object File Format for Itanium architecture.

Specs

coff_x64?(binary()) :: boolean()

Takes the binary file contents as arguments. Returns true if it's a Common Object File Format for x64 architecture.

Specs

der?(binary()) :: boolean()

Takes the binary file contents as arguments. Returns true if it's a DER encoded X.509 certificate.

See: https://github.com/ReFirmLabs/binwalk/blob/master/src/binwalk/magic/crypto#L25-L37 See: https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs

examples

Examples

iex> binary = File.read!("test/app/sample.der")
iex> Infer.App.der?(binary)
true

iex> binary = File.read!("test/app/sample.wasm")
iex> Infer.App.der?(binary)
false

Specs

dex?(binary()) :: boolean()

Takes the binary file contents as arguments. Returns true if it's a Dalvik Executable (DEX).

See: https://source.android.com/devices/tech/dalvik/dex-format#dex-file-magic

Specs

dey?(binary()) :: boolean()

Takes the binary file contents as arguments. Returns true if it's a Optimized Dalvik Executable (ODEX).

See: https://source.android.com/devices/tech/dalvik/dex-format#dex-file-magic

Specs

dll?(binary()) :: boolean()

Takes the binary file contents as arguments. Returns true if it's a EXE or DLL.

DLL and EXE share the same magic number.

examples

Examples

iex> binary = File.read!("test/app/sample.exe")
iex> Infer.App.dll?(binary)
true

iex> binary = File.read!("test/app/sample.wasm")
iex> Infer.App.dll?(binary)
false

Specs

elf?(binary()) :: boolean()

Takes the binary file contents as arguments. Returns true if it's a elf.

DLL and EXE share the same magic number.

examples

Examples

iex> binary = File.read!("test/app/sample_elf")
iex> Infer.App.elf?(binary)
true

iex> binary = File.read!("test/app/sample.wasm")
iex> Infer.App.elf?(binary)
false

Specs

exe?(binary()) :: boolean()

Takes the binary file contents as arguments. Returns true if it's a EXE or DLL.

DLL and EXE share the same magic number.

examples

Examples

iex> binary = File.read!("test/app/sample.exe")
iex> Infer.App.exe?(binary)
true

iex> binary = File.read!("test/app/sample.wasm")
iex> Infer.App.exe?(binary)
false

Specs

java?(binary()) :: boolean()

Takes the binary file contents as arguments. Returns true if it's compiled java bytecode.

Specs

llvm?(binary()) :: boolean()

Takes the binary file contents as arguments. Returns true if it's LLVM bitcode.

Specs

mach?(binary()) :: boolean()

Takes the binary file contents as arguments. Returns true if it's a Mach-O binary. Mach-O binaries can be one of four variants: x86, x64, PowerPC, "Fat" (x86 + PowerPC)

See: https://ilostmynotes.blogspot.com/2014/05/mach-o-filetype-identification.html

examples

Examples

iex> binary = File.read!("test/app/sample_mach_fat")
iex> Infer.App.mach?(binary)
true

iex> binary = File.read!("test/app/sample_mach_ppc")
iex> Infer.App.mach?(binary)
true

iex> binary = File.read!("test/app/sample_mach_x64")
iex> Infer.App.mach?(binary)
true

iex> binary = File.read!("test/app/sample_mach_x86")
iex> Infer.App.mach?(binary)
true

iex> binary = File.read!("test/app/sample.wasm")
iex> Infer.App.mach?(binary)
false

Specs

wasm?(binary()) :: boolean()

Takes the binary file contents as arguments. Returns true if it's a WASM.

See: http://webassembly.github.io/spec/core/binary/modules.html#binary-magic

examples

Examples

iex> binary = File.read!("test/app/sample.wasm")
iex> Infer.App.wasm?(binary)
true

iex> binary = File.read!("test/app/sample.exe")
iex> Infer.App.wasm?(binary)
false