Recent Posts

Pages: 1 [2] 3 4 ... 10
11
Definitions DB change log / Re: Current - Year 2024
« Last post by Mark0 on March 09, 2024, 10:17:33 PM »
Updated:
  • INSTALL Professional project (DAT)
  • INSTALL Professional project (with rem) (DAT)
  • MS-DOS DJGPP go32 DOS extender executable (EXE)
  • Lotus Organizer Paper Layout (new) (PLT)
  • Slide saved game (v1.x) (SLD)
Added:
  • MAGIX data (generic) ()
  • Spycraft: The Great Game Animation data (ATS)
  • Tools Media Corp. Ambient light (binary) (AVM)
  • Tools Media Corp. Ambient light (text) (AVM)
  • Tools Media Corp. level data (BSF)
  • 16bit COM executable Com4Mail (C4M/COM)
  • 16bit COM executable BATtoCOM (COM)
  • 16bit COM executable TXT2COM (Uwe Schlenther, new) (COM)
  • 16bit COM executable TXT2COM (Uwe Schlenther, old) (COM)
  • Bernd Wetzel OS/2 Install Data (DAT)
  • Caiman graphics Data (DAT)
  • Caiman Font data (FNT)
  • Tools Media Corp. GUI elements (GUI)
  • HyperSlide presentation (HSL)
  • HyperSlide presentation (compiled) (HSL)
  • OS/2 Install Catalog File (ICF)
  • OS/2 Install Catalog File (with CRLF) (ICF)
  • OS/2 Install Catalog File (with rem) (ICF)
  • TOSBOX configuration (INI)
  • Tools Media Corp. Texture (MCGIL)
  • MAGIX Video Project (MVP)
  • Caiman Video data (MXV)
  • MAGIX Video (MXV)
  • Lotus Organizer data (old) (ORG)
  • Tools Media Corp. Mesh (OTM)
  • OS/2 install Package (with rem) (PKG)
  • Lotus Organiser Paper Layout (old) (PLT)
  • Tornado 3D Project (PRJ)
  • Game Studio Resource data (RESOURCE)
  • Valve Studiomdl Data (with rem) (SMD)
  • Tools Media Corp. material (SSS)
  • Tools Media Corp. material (with rem) (SSS)
  • Tools Media Corp. Texture (TCGIL)
  • Tornado 3D model/Material (TOR/MAT)
12
Definitions DB change log / Re: Current - Year 2024
« Last post by Mark0 on March 06, 2024, 09:37:30 PM »
Updated:
  • Eagle PCB drawing (XML) (BRD)
  • 16bit DOS COM PKLite compressed (generic) (COM)
Added:
  • PICAXE compiled code (AXE)
  • Sango Fighter Configuration (CFG)
  • West Adventure Configuration (CFG)
  • Broderbund audio Driver (DRV)
  • DOS Executable PowerBASIC (generic) (EXE)
  • Gerber Job data (GBRJOB)
  • MovieCart video (MVC)
  • Playmaker Football Playbook (PBK)
  • Playmaker Football Team data (PDR)
  • TouchDesigner Environment/project (TOE)
13
Definitions DB change log / Re: Current - Year 2024
« Last post by Mark0 on March 04, 2024, 02:37:25 PM »
Updated:
  • Dr. Halo Font (FON/FNT)
  • Melco DesignShop Project (OFM)
  • Pfaff Compatible design card (PCM/PCS)
Added:
  • JETPilot CCH data ()
  • JETPilot SUP data ()
  • JETPilot audio ()
  • JETPilot bitmap ()
  • JETPilot docs/text ()
  • JETPilot field data ()
  • JETPilot scenery ()
  • JETPilot screen ()
  • JETPilot segment data ()
  • JETPilot sprite ()
  • Aquarius+ machine language program executable (AQX)
  • cnd/Dos Condensed embroidery format (CND)
  • Dr. Halo IV Display driver (DSP)
  • exp/Dos Expanded embroidery format (EXP)
  • Yape configuration (INI)
  • Dr. Halo IV Locator driver (LOC)
  • Dr. Halo IV Printer driver (PRT)
  • Aura: Fate of the Ages game data (PSC/PSP)
  • Aura: Fate of the Ages game data (PVD)
  • Callahans Crosstime Saloon video/animation (Q)
  • Mission Critical video/animation (Q)
  • Shannara video/animation (Q)
  • Yamaha SysEx preset command (SYX)
  • ThaiMenu configuration (TMN)
14
Definitions DB change log / Re: Current - Year 2024
« Last post by Mark0 on February 28, 2024, 09:30:20 PM »
Updated:
  • Korg Trinity/Triton multisample (KMP)
  • Korg Trinity/Triton sample (KSF)
  • Power BI report (PBIX)
  • Commodore 64 Tape container (T64)
Added:
  • EmmaCompress compressed ()
  • Steem configuration (INI)
  • Korg SysEx preset command (SYX)
  • jetAudio theme (UIB)
  • Nmap scan results (XML) (XML)
deleted:
  • Power BI template (PBIT)
15
Thanks for the new def. I scanned some other results files.
16
Definitions DB change log / Re: Current - Year 2024
« Last post by Mark0 on February 22, 2024, 02:33:49 PM »
Updated:
  • Corel DESIGNER graphics (v10) (DES)
  • Corel DESIGNER graphics (v10.5) (DES)
  • Corel DESIGNER graphics (v12) (DES)
  • Corel DESIGNER graphics (zipped v14-16) (DES)
  • Corel DESIGNER graphics (zipped v17-21) (DES)
  • Texinfo source (TEXI/TEXINFO)
Added:
  • 4D Write document (4WR)
  • BGI/Ethornell game engine data (v1.0) (ARC)
  • BGI/Ethornell game engine data (v2.0) (ARC)
  • Corel DESIGNER graphics (generic RIFF) (DES)
  • Bootable Mac HFS Volume/Disk image (DSK/HFV)
  • Active Soft visual novels data format (ED8)
  • Active Soft visual novels data format (EDT)
  • Cobra Adress Plus Format (generic) (FM-)
  • C2PA manifest (JSON)
  • HstWB Installer image info (JSON)
  • HstWB Installer package info (JSON)
  • SKick Relocation/patch  Table (RTB)
  • Tierra genome (ASCII, generic) (TIE)
  • Tierra genome (ASCII, v2) (TIE)
  • Tierra genome (ASCII, v3) (TIE)
  • HstWB Installer package (ZIP)
17
Hello trid users,

some days ago i want to install a bridge stick that should send data of my
inverter getting energy from solar panels via WLAN in the cloud. Something was
not working.

In my desperation i try to connect to WLAN access point offered by that device
and run network scanning tool nmap or zenmap to see what ports are used on
that device. The reports can be saved. One format use XML as file names
suffix. That is expressed in new definition by line like:
   <Ext>XML</Ext>

There exist other formats with GNMAP or NMAP suffix. Unfortunately there seems
to exist variants or name collisions with other formats. So in this session i
will handle only XML format.

It took some time to get some different samples. On an old SUSE system i get
samples with lowest version 6.47 dated about October 2014. I also compiled
newest version 7.94. I also run nmap on Windows system, Mint x64 and Rasbian
system. I have created such samples a long time ago, but i do not put all
samples in a known directory. So spend some time to find more old samples,
which is difficult because the XML suffix is also used by many other different
file formats.

So i run trid utility on my examples with XML suffix. The samples are
recognized and described with highest priority generic as "Generic XML
(ASCII)" by xml.trid.xml with mime type text/xml. Some older samples are also
described as "HyperText Markup Language" by html.trid.xml with mime type
text/html (see appended trid-v-old.txt in output).

When comparing such samples with GNMAP samples there exist a similar page
about that output format on nmap server. This is done by line like:
 <RefURL>https://nmap.org/book/output-formats-xml-output.html</RefURL>

For comparison reason i also run the file format identification utility DROID
(See https://sourceforge.net/projects/droid/). Here the samples recognized and
described generic as "Extensible Markup Language" with version 1.0 by PUID
fmt/101. Here application/xml and text/xml are listed as mime types.

For comparison reason i also run file command (version 5.45) on such
samples. Here most samples are "recognized". These are here described generic
as "XML 1.0 document text". Some samples are also described as "exported SGML
document text" (see appended file-k-5.45.txt in output).  Therefor here the
mime type text/xml is shown (see appended file-i-5.45.txt in output). Here no
file name suffix is shown (see appended file-ext-5.45.txt in output).

So i run tridscan on my samples to generate xml-nmap.trid.xml. Apparently the
characteristics inside Front Block section are triggered by first lines. These
can be show for example by command like:
   head -3 *.gnmap
(see appended head-3.txt in output).

So the XML characteristic is expressed inside Front Block section similar to
xml.trid.xml by first and only XML construct. That looks like:
   <Bytes>3C3F786D6C2076657273696F6E3D22312E3022</Bytes>
   <ASCII> . ? x m l   v e r s i o n = " 1 . 0 "</ASCII>
   <Pos>0</Pos>

Triggered by XML nature are inside global strings section by lines like:
   <String>XML-STYLESHEET HREF</String>
   <String>XMLOUTPUTVERSION</String>
   <String>XML VERSION</String>
   <String>NMAP.XSL</String>

Starting with only few samples from Windows systems the mentioned and specific
XSL is located at "C:/Program Files (x86)/Nmap/". So i got more XML fragments
when starting. Furthermore newer nmap version has fragment with encoding
phrase as "iso-8859-1" "UTF-8" as last part on first line. So i got more XML
fragments at the beginning like:
 <Bytes>3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D22</Bytes>
 <ASCII> . ? x m l   v e r s i o n = " 1 . 0 "   e n c o d i n g = "</ASCII>
 <Pos>0</Pos>
 <Bytes>2D38</Bytes>
 <ASCII> - 8</ASCII>
 <Pos>33</Pos>

In output generated by older nmap version the encoding is missing. So the
above lines vanish when running tridscan with more older samples. An example
like nmap-output-error.xml without encoding hint and containing "strange"
characters is considered by file command as data. That means "binary" and not
text.

Then there exist inside global strings section nmap specific lines like:
   <String>NMAP DONE</String>
   <String>NMAPRUN S</String>

Them there lines are found with phrase used in context of network scanner
like:
   <String>ADDRESS ADDR</String>
   <String>IP ADDRESS</String>
   <String>HOSTNAMES</String>
   <String>ADDRTYPE</String>
   <String>SCANNER</String>
   <String>1 HOST</String>
   <String>HOSTS</String>
   <String>PORTS</String>

Then i got lines similar to gnmap.trid.xml. These are like:
   <String>UP) SCANNED IN</String>
   <String>SECONDS</String>

The samples are apparently text files in XML format. So the generic mime type
like text/xml is OK for such samples. I found no own mime type for such nmap
samples. So i choose this generic one. that is expressed by line like:
   <Mime>text/xml</Mime>

With the new definition all my XML based nmap reports are now recognized and
described with correct suffix (see appended trid-v-new.txt in output).

TrID definitions, some samples and output are stored in archive
xml_nmap.zip. I hope that my definition can be used in future version of
triddefs. As mentioned there exist other output formats of nmap. I will try to
handle these in a future session.

With best wishes
J?rg Jenderek

18
Definitions DB change log / Re: Current - Year 2024
« Last post by Mark0 on February 19, 2024, 03:15:33 PM »
Updated:
  • DTS encoded audio (raw, BE) (DTS)
  • NuGet Package (NUPKG)
  • IFF Retargetable Graphics bitmap (RGFX/RGX)
  • IRIS Showcase drawing / presentation (v3) (SHOWCASE/SC)
Added:
  • Blockbench Keymap (BBKEYMAP)
  • Blockbench Theme (BBTHEME)
  • 16bit COM executable EXE2COM (v2.00) (COM)
  • Compact Pro compressed archive (CPT)
  • DTS encoded audio (14bit, BE) (DTS)
  • DTS encoded audio (14bit, LE) (DTS)
  • DTS encoded audio (raw, LE) (DTS)
  • Anex86 PC98 floppy image (generic) (FDI)
  • Nmap scan results (Grepable) (GNMAP)
  • IRIX software distribution format Installation DB (d) (IDB)
  • IRIX software distribution format Installation DB (f) (IDB)
  • IRIX software distribution format Installation DB (l) (IDB)
  • ART baseline binary Profile (PROF)
  • ART baseline binary Profile (Memory) (PROF)
  • DDA2 Self-Extracting-Archive (SEA)
  • UYAP Document Format (UDF)
  • Microsoft Windows Live Writer Post (WPOSTX)
Deleted:
19
Thanks for the new def!
20
Hello trid users,

some days ago i want to install a bridge stick that should send data of my
inverter getting energy from solar panels via WLAN in the cloud. Something was
not working. That was bad because configuration via APP on smartphone was not
working. Nowadays most devices rely on such features. But when things are not
working as expected the devices send light signals via coloured LEDs. Then you
must look up in the description what this means. Often this is not really
helpful because you get only a generic error hint. For around 200 years ago
Samuel Morse code was invented and this is more easier to read because it is
standardized, whereas for most electric devices every manufacturer implements
it own blinking system.

In my desperation i try to connect to WLAN access point offered by that device
and run network scanning tool nmap or zenmap to see what ports are used on
that device. The reports can be saved. One format use GNMAP as file names
suffix. That is expressed in new definition by line like:
   <Ext>GNMAP</Ext>

There exist other formats with XML or NMAP suffix. Unfortunately there seems
to exist variants or name collisions with other formats. So in this session i
will handle only GNMAP format.

It took some time to get some different samples. On an old SUSE system i get
samples with lowest version 6.47 dated about October 2014. I also compiled
newest version 7.94. I also run nmap on Windows system, Mint x64 and Rasbian
system.

So i run trid utility on my examples with GNMAP suffix. Some samples (16/31)
are recognized and described as "Nmap scan results" by log-nmap.trid.xml dated
about February 2011. But here LOG is shown as file name suffix and no mime
type is displayed. As reference a page about Nmap on Wikipedia is listed. This
is done by line like:
   <RefURL>http://en.wikipedia.org/wiki/Nmap</RefURL>

But half of my samples are not recognized and described as "Unknown!"  (see
appended trid-v-old.txt in output).

For comparison reason i also run the file format identification utility DROID
(See https://sourceforge.net/projects/droid/). Here the samples are not
recognized.

For comparison reason i also run file command (version 5.45) on such samples.
Here the samples are "recognized". These are here described generic as "ASCII
text" (see appended file-5.45.txt in output). Therefor here the mime type
text/plain is shown (see appended file-i-5.45.txt in output). Here no file
name suffix is shown (see appended file-ext-5.45.txt in output).

Luckily i found page about this Grepable Output format on nmap web server. So
this expressed by line like:
 <RefURL>https://nmap.org/book/output-formats-grepable-output.html</RefURL>

So i run tridscan on my samples to generate gnmap.trid.xml. Apparently the
characteristics inside Front Block section are triggered by first lines. These
can be show for example by command like:
   head -1 *.gnmap
which gives output like:
==> 4Gmodem-tcp.gnmap <==
# Nmap 7.93 scan initiated Sat Jan 13 18:38:57 2024 as:
"C:\\Program Files (x86)\\Nmap\\nmap.exe" -p 1-65535 -T4 -A -v -oA 4Gmodem-tcp 192.168.100.1
==> athom-quick-pi.gnmap <==
# Nmap 7.94 scan initiated Thu Feb  1 13:47:18 2024 as:
/home/tmp/nmap-7.94/nmap -T4 -F -oA athom-quick-pi 192.168.4.1
==> opendtu-udp.gnmap <==
# Nmap 7.93 scan initiated Tue Nov  7 00:30:59 2023 as:
"c:/Program Files (x86)/Nmap/nmap.exe" -sS -sU -T4 -A -v -oA opendtu-udp 192.168.4.1
==> scanme.nmap.org-.gnmap <==
# Nmap 6.47 scan initiated Thu Feb 15 15:40:06 2024 as:
nmap -v -oA scanme.nmap.org- scanme.nmap.org
==> scanme.nmap.org-2.gnmap <==
# Nmap 7.93 scan initiated Thu Feb 15 18:40:49 2024 as:
nmap -T4 -A -v -oG - scanme.nmap.org

So i looked at generated patterns and compare it with patterns inside
log-nmap.trid.xml. First construct is triggered by comment marker followed by
capitalized program name surrounded by space characters. So that is expressed
by first XML construct that looks like:
   <Bytes>23204E6D617020</Bytes>
   <ASCII> #   N m a p</ASCII>
   <Pos>0</Pos>
If there exist samples with low cased program name than i get constructs like
in log-nmap.trid.xml.

The next construct like in gnmap.trid.xml is triggered by 4 byte versions
(like 6.47 7.93 7.94) So shared point character is expressed in both
definitions by construct like:
   <Bytes>2E</Bytes>
   <Pos>8</Pos>
On reference page an example 13.14 is mentioned. There version number is
5.35DC18. If there exist in reality such samples then of course this is the
last construct because all other characteristic phrases are shifted right and
disappear in front block section.

Next construct in both definitions is like:
   <Bytes>207363616E20696E6974696174656420</Bytes>
   <ASCII>   s c a n   i n i t i a t e d</ASCII>
   <Pos>11</Pos>

The next 3 XML constructs are triggered by space character separating the day,
month-name and hour digits. That is expressed by constructs like:
   <Pattern>
      <Bytes>20</Bytes>
      <Pos>30</Pos>
   </Pattern>
   <Pattern>
      <Bytes>20</Bytes>
      <Pos>34</Pos>
   </Pattern>
   <Pattern>
      <Bytes>20</Bytes>
      <Pos>37</Pos>
   </Pattern>

The next 2 XML constructs are triggered by colon character separating the
hour, minutes and seconds digits. That is expressed in both definitions by
constructs like:
   <Pattern>
      <Bytes>3A</Bytes>
      <ASCII> :</ASCII>
      <Pos>40</Pos>
   </Pattern>
   <Pattern>
      <Bytes>3A</Bytes>
      <ASCII> :</ASCII>
      <Pos>43</Pos>
   </Pattern>

The next XML constructs are triggered by year digits. So all my examples are
generated in twenty century. So that was expressed by constructs like:
   <Bytes>20323032</Bytes>
   <ASCII>   2 0 2</ASCII>
   <Pos>46</Pos>
Assuming that there could exist samples in far past or future the digit will
vanish and only separating space character will survive. So this become like:
   <Bytes>20</Bytes>
   <ASCII>  </ASCII>
   <Pos>46</Pos>

The next phrase before naming program name and arguments is expressed in both
definitions by last XML construct like:
   <Bytes>2061733A20</Bytes>
   <ASCII>   a s :</ASCII>
   <Pos>51</Pos>

So in front block section both definitions seems to describe the same or
similar format, when neglecting space characters. In both definitions from
first line the same patterns is described inside global strings section by
line like:
   <String>SCAN INITIATED</String>

Then i my definition the plural form of port is found. So that is expressed by
line like:
   <String>PORTS</String>

Now comes the main difference between the 2 definitions. In mine i got
additional lines like:
   <String>HOST</String>
   <String>SECONDS</String>
   <String>UP) SCANNED IN</String>
   <String>NMAP DONE AT</String>
   <String>IP ADDRESS</String>
Apparently these are triggered by last line of nmap reports. These can be
shown for example by command like:
      tail  -1 *.gnmap
which gives output like:
==> 4Gmodem-tcp.gnmap <==
# Nmap done at Sat Jan 13 18:43:06 2024 -- 1 IP address (1 host up) scanned in 249.65 seconds
==> athom-quick-pi.gnmap <==
# Nmap done at Thu Feb  1 13:47:25 2024 -- 1 IP address (1 host up) scanned in 7.00 seconds
==> opendtu-udp.gnmap <==
# Nmap done at Tue Nov  7 00:33:29 2023 -- 1 IP address (1 host up) scanned in 150.83 seconds
==> plug-win-quick.gnmap <==
# Nmap done at Fri Feb  2 02:31:38 2024 -- 1 IP address (1 host up) scanned in 1.31 seconds
==> scanme.nmap.org-.gnmap <==
# Nmap done at Thu Feb 15 15:40:20 2024 -- 1 IP address (1 host up) scanned in 14.17 seconds
==> scanme.nmap.org-2.gnmap <==
# Nmap done at Thu Feb 15 18:41:16 2024 -- 1 IP address (1 host up) scanned in 27.41 seconds

Furthermore log-nmap.trid.xml contain 2 lines like:
   <String>NMAP -</String>
   <String>STATE</String>

The first lines is apparently triggered by program name followed argument
options which start with minus character. But this only true for UNIX like
systems. On Window systems the program name is followed by .exe and also
enclosed in quote characters. So that in other definition that line vanished.

So i do not know what exactly is described by log-nmap.trid.xml. Maybe it is
older variant.

The samples are apparently text files. So the generic mime type like
text/plain is not wrong for such samples. Many text editors can colorize
output according to keywords known for sub classes of text.  So i choose an
used defined sub class of text that is expressed by line like:
   <Mime>text/x-gnmap</Mime>

With the new definition all my GNMAP reports are now recognized and described
with correct suffix (see appended trid-v-new.txt in output).

TrID definitions, some samples and output are stored in archive gnmap_.zip. I
hope that my definition can be used in future version of triddefs. As
mentioned there exist other output formats of nmap. I will try to handle these
in a future session.

Later i found the reason for annoying error with wireless connection. If
weather is too bad then produced energy is too low to get enough power for
wireless module.

With best wishes
J?rg Jenderek

Pages: 1 [2] 3 4 ... 10