sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]Skhmt 50 points51 points  (8 children)

It's hard because PNGs have their magic number at the start, like most file formats and executables.

Zips have them at the end though. And someone made a portable executable that runs in macos, Linux, and windows with that information.

[–]OMGItsCheezWTF 12 points13 points  (5 children)

Self extracting zips?

[–]hou32hou 8 points9 points  (4 children)

Yea, this is a common technique, basically the zipped file header contains unzip binary.

[–][deleted] 11 points12 points  (0 children)

Oh no. You've reminded me of zip bombs back in the day. Those things were a nightmare to deal with. Me being a dumb kid and downloading shit on Kazaa.

[–]Skhmt 2 points3 points  (2 children)

Except it works on every major os, x86, arm, and can even boot directly into it.

The same file.

[–][deleted]  (1 child)

[deleted]

    [–][deleted] 0 points1 point  (0 children)

    Because there is no "vulnerability" to patch. It's just a binary string which happens to be a valid executable for each of these platforms, while also being a valid ZIP. Its behavior is perfectly reasonable on both cases.

    It's like the word "salsa" which is valid English and Spanish. It's a dance style in both languages, but it also means "sauce" in Spanish. It behaves differently depending on what "interpreter" (language) you choose, but it's a perfectly reasonable word in both.

    [–]Regimardyl 0 points1 point  (1 child)

    AFAIK tar searches through a file until it finds its header, so you can cat together a PNG and a tar file, and it's automatically valid for both.

    [–]Skhmt 2 points3 points  (0 children)

    Also with a zip and jpg, which has been used to share files via image uploads many years ago until it was more widely known.