我正在尝试从专有文件类型中提取数据:.take. 我不熟悉文件压缩和编码,但看起来好像这种文件类型充当了其他文件的某种包装器。请参阅以下 Google Drive“预览”。我猜这个文件有某种 MIME 元数据,所以 Drive 可以找出它的内容,但我无法使用任何解压缩程序打开它!
从这个来看,这个文件包含了一些非常常见的文件格式(XML、视频、图片、protobuf)。我需要解压这些文件,但是不能直接下载!我可以打开文件的唯一应用程序是文本编辑器,当我打开文件时,数据会整齐地组织成 32 位块。可能的FourCC识别?
我显然可以编写一个脚本来读取这些数据,但我什至不确定编码! 我可以采用哪些建议或技术来提取文件?. 我可以利用我知道压缩文件详细信息的事实吗?
在此处下载文件:http : //www.filehosting.org/file/details/666710/QkDRIV0yPMo9llWF/file.take
幸运的是,在这种情况下,文件提取是微不足道的。binwalk可用于提取所有文件。
生成的熵图binwalk -E -J file.take显示其中的某些文件file.take未压缩。
通过binwalk file.take显示执行的签名扫描file.take包含多个Zip档案:
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 Zip archive data, at least v2.0 to extract, compressed size: 3171, uncompressed size: 3171, name: Bryan Potter - 2017 04 26 110613-balltrajectory.pbuf
3289 0xCD9 Zip archive data, at least v2.0 to extract, compressed size: 364, uncompressed size: 364, name: Bryan Potter - 2017 04 26 110613-clubtrajectory.pbuf
3771 0xEBB Zip archive data, at least v2.0 to extract, compressed size: 428064, uncompressed size: 428064, name: Bryan Potter - 2017 04 26 110613-forceplate.pbuf
431949 0x6974D Zip archive data, at least v2.0 to extract, compressed size: 8760940, uncompressed size: 8760940, name: Bryan Potter - 2017 04 26 110613-pressure.pbuf
9193001 0x8C4629 Zip archive data, at least v2.0 to extract, compressed size: 7138962, uncompressed size: 7138962, name: Bryan Potter - 2017 0426 110616 AVT Manta_G-033C Down the line.avi
16332095 0xF9353F Zip archive data, at least v2.0 to extract, compressed size: 8412, uncompressed size: 8412, name: Bryan Potter - 2017 0426 110616 AVT Manta_G-033C Down the line.jpg
16340639 0xF9569F Zip archive data, at least v2.0 to extract, compressed size: 13693928, uncompressed size: 13693928, name: Bryan Potter - 2017 0426 110616 AVT Manta_G-033C Face on right.avi
30034699 0x1CA4B0B Zip archive data, at least v2.0 to extract, compressed size: 6096, uncompressed size: 6096, name: Bryan Potter - 2017 0426 110616 AVT Manta_G-033C Face on right.jpg
30040927 0x1CA635F Zip archive data, at least v2.0 to extract, compressed size: 5483, uncompressed size: 5483, name: data.xml
30047692 0x1CA7DCC End of Zip archive, footer length: 22
通过执行提取binwalk -e file.take具有以下结果:
total 58792
drwxr-xr-x 2 user01 user01 4096 May 19 14:43 ./
drwxr-xr-x 3 user01 user01 4096 May 19 14:43 ../
-rw-r--r-- 1 user01 user01 30047714 May 19 14:43 0.zip
-rw-r--r-- 1 user01 user01 3171 May 3 07:24 Bryan Potter - 2017 04 26 110613-balltrajectory.pbuf
-rw-r--r-- 1 user01 user01 364 May 3 07:24 Bryan Potter - 2017 04 26 110613-clubtrajectory.pbuf
-rw-r--r-- 1 user01 user01 428064 Apr 26 11:06 Bryan Potter - 2017 04 26 110613-forceplate.pbuf
-rw-r--r-- 1 user01 user01 8760940 Apr 26 11:06 Bryan Potter - 2017 04 26 110613-pressure.pbuf
-rw-r--r-- 1 user01 user01 7138962 Apr 26 11:06 Bryan Potter - 2017 0426 110616 AVT Manta_G-033C Down the line.avi
-rw-r--r-- 1 user01 user01 8412 Apr 26 11:06 Bryan Potter - 2017 0426 110616 AVT Manta_G-033C Down the line.jpg
-rw-r--r-- 1 user01 user01 13693928 Apr 26 11:06 Bryan Potter - 2017 0426 110616 AVT Manta_G-033C Face on right.avi
-rw-r--r-- 1 user01 user01 6096 Apr 26 11:06 Bryan Potter - 2017 0426 110616 AVT Manta_G-033C Face on right.jpg
-rw-r--r-- 1 user01 user01 5483 May 3 07:24 data.xml
<?xml version="1.0"?>
<Take>
<ExporterVersion>10</ExporterVersion>
<Id>1458</Id>
<Rating>Unrated</Rating>
<Date>636288015738944466</Date>
<Comment xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" />
<SportID>Golf</SportID>
<OnlineID>0</OnlineID>
<Club>
<Type>Iron</Type>
<Name>8 Iron</Name>
</Club>
<Session>
<Name xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" />
<DateTicks>636288009579666379</DateTicks>
</Session>
<StudentData>
<Firstname>Bryan</Firstname>
<Lastname>Potter</Lastname>
<BirthYear xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" />
<Address xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" />
<- snip ->
等等等等...
这个文件没有什么特别之处。这只是一个 ZIP 档案。
看到了50 4B 03 04吗?PK当你达到顶峰时,这是一个致命的赠品。这是 ZIP 存档的“幻数”标识符。
您的标准unzip将正常工作:
~/Downloads » unzip file.take
Archive: file.take
extracting: Bryan Potter - 2017 04 26 110613-balltrajectory.pbuf
extracting: Bryan Potter - 2017 04 26 110613-clubtrajectory.pbuf
extracting: Bryan Potter - 2017 04 26 110613-forceplate.pbuf
extracting: Bryan Potter - 2017 04 26 110613-pressure.pbuf
extracting: Bryan Potter - 2017 0426 110616 AVT Manta_G-033C Down the line.avi
extracting: Bryan Potter - 2017 0426 110616 AVT Manta_G-033C Down the line.jpg
extracting: Bryan Potter - 2017 0426 110616 AVT Manta_G-033C Face on right.avi
extracting: Bryan Potter - 2017 0426 110616 AVT Manta_G-033C Face on right.jpg
extracting: data.xml
binwalk @SYS_V 跑了这么多,只是不太清楚。它提到了找到页脚并假设您理解这意味着什么。
30047692 0x1CA7DCC End of Zip archive, footer length: 22