Magic value collision between MachO fat binaries and Java class files
Both Java .class files and Mach-O fat binaries have the same magic signature, 0xCAFEBABE. When reading binary files, what's a good way to disambiguate?
Here's Apple take on this: https://opensource.apple.com/source/file/file-80.40.2/file/magic/Magdir/cafebabe.auto.html
Since Java bytecode and Mach-O universal binaries have the same magic number, the test must be performed in the same "magic" sequence to get both right. The long at offset 4 in a mach-O universal binary tells the number of architectures; the short at offset 4 in a Java bytecode file is the JVM minor version and the short at offset 6 is the JVM major version. Since there are only only 18 labeled Mach-O architectures at current, and the first released Java class format was version 43.0, we can safely choose any number between 18 and 39 to test the number of architectures against (and use as a hack). Let's not use 18, because the Mach-O people might add another one or two as time goes by...
Here's a visual comparison:
So it seems currently Apple does the
(int32 at offset4) < 0x20
check to interpret it as fat Mach-o in their tools like command line file for determining file types.
Since even Apple calls it a hack unfortunately there's no 100% reliable method, but it seems that's your best shot. You can always be dealing with malformed (deliberately or not) fat Mach-o files or Java class files which may or may not be relevant for your use case.
- What are possible causes of "failed to map segment from shared object: operation not permitted", and how to debug?
- Is it possible to run programs without any non-executable segment protection in modern Linux Kernels?
- The simplest way to create a jar file?
- How to detect Delphi compiler version in which exe was compiled?
- how to find function boundaries in binary code
- Packaging Visual Basic .net program and resources together to make it stand-alone exe
- Making an executable in Cython
- How to check the Language in which Exe is made
- How to determine which compiler has been used to compile an executable?
- Embed C++ compiler in application
- Is there a Perl equivalent to Python's `if __name__ == '__main__'`?
- possible to run RShiny app without opening an R environment?
- Adding multiple executables in CMake
- Make file not working?
- Checking for a variable in the executable
- Compile a Standalone Static Executable
- Getting the absolute path of the executable, using C#?
- Java - Execute External Windows Applications?
- Tutorial for building single exe for Qt
- Difference between Microsoft compiler and GNU compiler, in terms of output executable file size
- Using Python to execute programs on various processors through multiprocessing
- C++ Builder XE2 - different executable name for debug and release version
- Tool to analyze the executable
- Going from .py to .exe
- MATLAB Stand alone executable
- Can an executable file display a website by precising the url? Can I run a specific website on my own .exe file?
- Get path of executable
- r script fail to executate
- MWE among object file compiled with and without `-fPIC`
- Compiling python project with external modules to machine code using Cython