Is this a File Header / Magic Number?

Posted by Hammer Bro. on Super User See other posts from Super User or by Hammer Bro.
Published on 2012-07-27T00:11:20Z Indexed on 2012/08/31 9:41 UTC
Read the original article Hit count: 359

Filed under:
|

I've got 120,000 files (way more, actually; this is just an arbitrary subset) of an unknown type. Linux file does not identify them (not that they're necessarily Linux files), nor do any other methods I've tried. There are only two hints about them that I currently have. One is that I suspect some compression is employed -- I have metadata that claims the file sizes are always some amount larger than what I observe.

The other is that in 100,000 of these files, the first 16 bytes are always:

ff ee ee dd 00 00 00 00  01 00 00 00 00 00 00 00

That really looks like a file header/magic number to me, but I just can't place it. Does anyone know what kind of files this would indicate? Alternatively, can anyone convince me that these suspiciously common bytes certainly do not indicate a specific file type?

UPDATE

I don't know the exact reverse-engineering details, but most of the files in our case are zips after the first 29(? or so) bytes are ignored. So in practice the problem is solved (we know how to process the files) but in theory the question is still unanswered -- I don't know which application routinely prepends about 29 bytes to its zips. [I'm not sure if I should leave the question open or not at this point.]

© Super User or respective owner

Related posts about file-types

Related posts about hexdump