00000000 cf fa ed fe 07 00 00 01 03 00 00 80 02 00 00 00 |................| 0000
ID: 3874004 • Letter: 0
Question
00000000 cf fa ed fe 07 00 00 01 03 00 00 80 02 00 00 00 |................|
00000010 17 00 00 00 20 0e 00 00 85 00 20 00 00 00 00 00 |.... ..... .....|
00000020 19 00 00 00 48 00 00 00 5f 5f 50 41 47 45 5a 45 |....H...__PAGEZE|
00000030 52 4f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |RO..............|
00000040 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 |................|
What is this file type?
D. PS4 Binary
00000000 ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 |......JFIF......|
00000010 00 01 00 00 ff db 00 43 00 05 03 04 04 04 03 05 |.......C........|
00000020 04 04 04 05 05 05 06 07 0c 08 07 07 07 07 0f 0b |................|
00000030 0b 09 0c 11 0f 12 12 11 0f 11 11 13 16 1c 17 13 |................|
00000040 14 1a 15 11 11 18 21 18 1a 1d 1d 1f 1f 1f 13 17 |......!.........|
What is this file type?
D. DLL
00000000 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 |............ .h.|
00000010 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 |..&... .... ...|
00000020 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 |......(....... .|
00000030 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 |.... ...........|
00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 15 a6 |................|
What type of file is this?
D. ASPX
00000000 72 65 67 66 02 00 00 00 02 00 00 00 62 eb 51 e0 |regf........b.Q.|
00000010 ad 37 cd 01 01 00 00 00 03 00 00 00 00 00 00 00 |.7..............|
00000020 01 00 00 00 20 00 00 00 00 10 00 00 01 00 00 00 |.... ...........|
00000030 3a 00 5c 00 57 00 69 00 6e 00 64 00 6f 00 77 00 |:..W.i.n.d.o.w.|
00000040 73 00 5c 00 53 00 79 00 73 00 74 00 65 00 6d 00 |s..S.y.s.t.e.m.|
D. PS4 Binary
00000000 ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 |......JFIF......|
00000010 00 01 00 00 ff db 00 43 00 05 03 04 04 04 03 05 |.......C........|
00000020 04 04 04 05 05 05 06 07 0c 08 07 07 07 07 0f 0b |................|
00000030 0b 09 0c 11 0f 12 12 11 0f 11 11 13 16 1c 17 13 |................|
00000040 14 1a 15 11 11 18 21 18 1a 1d 1d 1f 1f 1f 13 17 |......!.........|
What is this file type?
A. JPEG B. Windows Event File C. GIFD. DLL
00000000 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 |............ .h.|
00000010 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 |..&... .... ...|
00000020 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 |......(....... .|
00000030 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 |.... ...........|
00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 15 a6 |................|
What type of file is this?
A. ICON file B. PNG C. NullD. ASPX
00000000 72 65 67 66 02 00 00 00 02 00 00 00 62 eb 51 e0 |regf........b.Q.|
00000010 ad 37 cd 01 01 00 00 00 03 00 00 00 00 00 00 00 |.7..............|
00000020 01 00 00 00 20 00 00 00 00 10 00 00 01 00 00 00 |.... ...........|
00000030 3a 00 5c 00 57 00 69 00 6e 00 64 00 6f 00 77 00 |:..W.i.n.d.o.w.|
00000040 73 00 5c 00 53 00 79 00 73 00 74 00 65 00 6d 00 |s..S.y.s.t.e.m.|
Explanation / Answer
To understand, a file type, we need to parse the header. The first two bytes of the hex dump, tell us which mach header it is, which indicates the file type. Also, it is important to note that the endianness of hex file is little endian for Intel-compatible platforms.
1. Header = cf fa ed fe = 0xfeedfacf
This header is the magic number for MAC OS binaries. So, the answer is C. MAC OS Executable
MACH-O header structure:
You can take any header file from mach folder of apple open source codes and you will find the header to be
2. For files, the first two bytes will be the file signature, indicating the format of file
ff d8 ff e0 -- is the file signature for JPEG files
3. Again, for files, the first two bytes will be the file signature, indicating the format of file
00 00 01 00 -- is the file signature for ICON files
4. The Magic number for this file is regf
72 65 67 66 (regf in ascii) is the file signature for Windows Registry Hive
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.