Aah yes! the Schrodinger's zip file.

The scene with dark background, a table and a simple t-shirt makes this feel like an interrogation scene where police is asking the criminal questions.

I remember my first time learning about this file format trick was probably about 2005-2006 on 4chan of all places. Someone uploaded an image, it was the cover of a C++ textbook, or some C language. I can't quite remember, but what I do remember was you could download the image, and extract that exact document from it. They embedded the textbook within the image itself, and used any image hosting site to discretely share it with people. I was blown away.

I'm someone in the category of people freaking out about closed source binwalk so I see files agnostically already. But I thought - "Hey, If I give this video a chance I'm sure LiveOverFlow will teach me something new" - All I can say is WOW The idea of not encapsulating but "programming" a file into the zip format is a complete paradigm shift. I will never be able to look at files in the same way again holy shit bro you just blew my mind.

I remember being blown away by file extensions when I played DDLC

You can do this in windows with the copy command and the /B switch for binary "copy /B picture.jpg+folder.zip new.jpg" I learned this when I heard that a promotional desktop wallpaper for Portal had an Easter egg in it. If you opened it as an archive the ending song "Still Alive" mp3 was in there. This was a triumph!

"grew up with a commandline" yes, you could say that i grew up when i started using linux a few years ago

I'd like to point out some flaw in the video 1. The Person A and Person B analogy, rather than just "liking" it should've been "only knowing" or "ignoring except". PDF program would read the PDF code, and not the ZIP code, and the other way around for Zip programs 2. Rather than changing the file name extensions, you could probably just run the file with the program right away. Though I'm not sure since I haven't tried it, but I'm sure it would run as is. Anyway, great video as usual, thanks for sharing this information with us!

11 minutes in "I don't know exactly why the pdf isn't shown in the zip file" Dude that's literally the only reason I watched this video.

Wow, you make it so easy for people to understand these complex topics!

This gives me new appreciation for the mantra: parse don't validate. If you just look for what you are expecting, you might admit more than you were bargaining for.

love the example with the "Town Musicians of Bremen " :)

À true hacker spirit, reminds me of my youth. It pleases me to see young talents, there are so few of them, while I thought 30 years ago that there would be countless hackers far better than us in the future. It never happened, everything has gone down, so these videos are refreshing.

This is one reason why simple things like the `file` command in Linux are *so useful*

I think the CTF about finding the hidden stuff in a file would be a great challenge for a stego CTF. And it is valuable experence in identifying stego. And if your getting into information security stego experence is very important.

This is great, the education was great, and the whole building up to the message about the CTFs was hilarious, but I 100% agree.

Great video, I love thinking of zip as interpreter for .zip "source code"! I also just love the concept of weird machines Recently, for educational purposes, I've written a couple of image file formats and also I'm writing an interpreter, so this is right up my alley :)

File formats based on extension: Windows virgin. File format based on actual content: Unix file CHAD basedlord

Great video. I recalled how many students were amazed when I had students extract an image from a PDF in my seminar course (a course where students teach the class) where I talked about stegosploit. Makes you think what files could be hidden in a PDF. However, that was only the start of it because the toolkit created by Saumil Shah, the person who created Stegosploit, hid the toolkit inside the image. So you had to rename the image extension to HTML and open it in the browser to obtain the toolkit. I was also very shocked when I first was researching the topic.

I used to do this with BMP images. Compress all your files, and combine them with a BMP image of your choice. Just a simple copy command in cmd will work and you can hide some stuff from people. copy /b image.bmp files.zip image2.bmp. I used to hide my games in school lab PC this way.

That was very informative and entertaining. Learn something new today. Thanks :D

No this type of ctf challenges are not at all annoying infact I solved this type of challenge yesterday and learned alot about file extension and that's how I reached to this video. You explained everything perfectly. Thanks

A video topic suggestion: how to make your own file format. That would give us more intuition in the topic.

This reminds me of that time I concatenated a shell script unzipping itself with a zip file to have basic self-extracting archives.

Thanks, I'll bring this example up at my Formal Language Theory classes. This is a fun way to talk about the intersection of formal languages. :-)

This seems like a really cool way to install a smallish program while making sure someone reads the README file first and foremost

This is really interesting, I’ve never heard of polyglot computing! This kinda reminds me of steganography.

6:26 Here's a triple syntax-highlighting image that can help understand how this can be valid PHP, C and Bash at the same time i.imgur.com/f7a4Uqu.png

I love how you turned on dark mode in the intro

Oh, expected there to be an error since PDF is not using deflate like docx and odf files. Clever way to manipulate file to run it in multiple programs successfully :)

Both approaches for flags are useful imo

Those animals on the thumbnail. Those are the Bremer Stadtmusikanten.

LiveOverflow has finally enabled Dark mode!

For a second there I thought this was some bare entry-level tutorial ... saw the channel name ... Wait a second 😂 Nice video btw. I was thinking about something similar and it's nice to know that it has been already researched (cus I'm lazy as fuu)

*.rar.jpeg was the file format monstrocity I knew about before. Considering what you showed here, wonder how much pairs or tripletts can be made with popular programs.

While challenges that teach how to apply steganographic techniques are great (like your example), I wonder what challenge you would create to actually teach someone how to identify stego. I agree with you that guessing at the technique seems silly, but maybe a challenge that gives you a normal looking website, with steganography applied somewhere, and you could be tasked with finding the file that contains another file. This way, you wouldn't have to guess at the method, but you could improve your analytic skills by, say, looking at the file sizes of images on the websites to see if one looks abnormally large, or if one has weird file headers like having both PK and JFIF. Maybe have a stretch goal giving a few extra points for getting the file out, but the main goal would be finding the "malicious" file in the first place. Or say "somewhere on this website there is a zip file containing a pdf hidden in one of the images". The solution to the challenge could be to scrape all the images from the site and sort them by file size to get the most likely candidates, or scraping them then writing a python script to search for the magic bytes of a zip file or something. That way you'd know ahead of time what technique you're going to be applying, and you'd learn how to identify when it is being used and gain some familiarity with looking at files hidden with this technique. Thoughts? (I've only done CTF challenges, never written any, so if this idea sucks feel free to say so!)

Very interesting video! I do recommend to change the title to something more fitting/attractive, maybe 'How a file can have multiple extensions'. I almost skipped this video because I thought it was just an explanation of file headers!

6:30 Agnosticism as a programming language

12:15 -> OverTheWire challenge Natas level 12 goes over this concept too but with images files and php.

Great video, minus perhaps the whiff of command line evangelism in the beginning. You can easily come across scenarios where you manually override which program you want a file to be opened with, even in a GUI environment, such as when you want to edit an image instead of viewing it - dismantling the argument right away (you consciously make the file consumed by a non-default app of your choice). Going back to CLI, consider shebangs: how often is it that you execute e.g. a shell script by passing it directly to a shell program, rather than invoking it straight away? Not so often, I'd imagine. But even beyond all this, I find the whole default program thing to not really be a barrier of any sort in understanding this. Maybe this is just me not being a computer novice though, I don't know. Thinking about files as being "programs" however was definitely a food for thought, I quite enjoyed that.

About 90% of the content you post is way over my head and i wouldnt be able to use it in real life. But i still love your videos. You explain these things in such a way that i can atleast gain a better understanding of basic computer functions. Which helps with my logic and thinking about certain issues i come accross sometimes. Love your stuff. Keep up the good stuff!

Whoa LiveOverflow dark mode

Awesome video!

Ehm.. Why does the thumbnail show the "Bremer Stadtmusikanten"? This is the symbol of my home city in Germany lol, didn't expect to ever see that on KZbin!

MS-Office malware applies often a combination of files to hide VBA-Code

i’m wildly simplifying, but i learned this “(malware) scanners look for code based on file extensions” thing ages ago - used to change file formats to get around automatic file rejection systems all the time. file hosting site rejecting your zip containing copyright music? it wont look for audio if you’re uploading a weirdly corrupted png file!

this is helpful knowledge

0:20 i made it by accident on win98, by overwriting an file... or something... back in the days i created an folder called "strange documents files" for all the experiments i did, i had a lot of files with strange bugs that i didnt knew why those bugs happens or what i did wrong that created those bugs. unfortunatelly i dont have those files anymore >.> , i doubt they work on modern systems anyway, but i lose then because i couldnt afford to backup anything back then.

These kinds of tricks seem very popular on Discord. People like making videos that are different every time you play them and weird things like that...

I can't find the 010 tool you mentioned anywhere, can you please link it in the description?

but what about matroshka challenges, that are only about cunning steganography?

I'm here a bit late, but I'm going to explain why I think it's not showing the pdf as a file: Basically, what I *believe* it's doing is the zip file doesn't think the file has "started" until _after_ the pdf. What I mean by that is: zip files are able to actually have a blob of arbitrary data in front of them which they will ignore. They only read everything after a file signature, which is 0x04034b50. I found this a while ago in a stack overflow post which basically took an executable script and a jar file and combined them. All the script did is it ran itself using the `java -jar` command. You can find it here if you want: stackoverflow.com/a/41829433 But I believe this is probably doing something similar: the zip file doesn't "start" until the end of the pdf, so it ignores that huge blob of data it doesn't understand. And the pdf file "ends" before the zip file, so it just ignores the blob of zip file data that _it_ doesn't understand. (Which I assume would be indicated by a couple of bytes that are used to "end" the pdf.) This way, you can contain multiple files within the same file and have them be read differently. Because each program starts reading after a certain set of bytes and stops after another set of bytes.

I've always thought of file extensions as part of the file name, but tell the user and the operating system what kind of data to expect when dealing with it

Do you know some hex editors for Linux with decoding abilities similar to 010?

Now u need a hoodie

Awesome 👍

A little sad this didn't touch on the behavior of different PDF viewers / zip archivers when looking at the same file. Although I understand this could be a bit besides the point, it's also interesting to note that because they are different implementations, they could differ in behavior. It's a bit less about file formats and more about about their "interpreters", I guess. Example: docx file format is open, but its rendering isn't. So Chrome, Word Mobile, Microsoft Word, LibreOffice, etc. can render an exact same file differently. I've also encountered some docx documents that opened fine on Chrome, but were said to be corrupt in Word.

I disagree regarding guessing challenges in CTF. Guessing has value in application of skillsets and building muscle memory. A good CTF challenge should include a balanced mixture of skill development portions, like you are advocating for and some elements of guessing.

Zip files can contain “deleted” files - it was easier to append to them and update the footer/index than to physically remove files from them. The PDF doesn’t show up as a file because the footer simply doesn’t reference it! Seems ironic that a zip file is allowed to be so inefficient in terms of storage, when that’s what I used to think it was for!! But I think that historically it was really just used as a way to group files together, optimized with respect to slow/old technologies! (Tape, disks) Responding to 10:40

Me windows pleb when he opened the same file as .zip and .pdf : **X-Files music**

This video is pretty fascinating. With many years of experience using Linux and command line, I am already familiar with the fact that file format is just a trick (every file is just a binary stream anyway), but I am sill surprised that you can easily craft files to be interpreted by multiple programs differently. I am not sure whether it's a good thing or a bad thing. From a developer's perspective, we want the file format to be unambiguous, because we know from experience that ambiguity is a common source of bugs and unexpected behaviors. However, sometimes we also want flexibility and tolerance. For example, we want to add more features to file format but not break the older version program, which means we shouldn't be overly strict on recognizing format. These two design principle are sometimes conflicting to each other, and I think it is the main cause of the issue.

Roger, LiveOverflow gone Dark Mode

The conversation went like this: - WTF did you do? - You dog... - Zip it man!

LiveOverflow: „You don’t want to do PDF by hand“ Me: *cries in LaTeX*

If anyone has seen this image going around on Discord; "Please don't open me in the browser". Basically 2 image png animation. Renamed to .zip, gives a .mp3 file inside, containing some metadata about opening the audio in a image viewer. Pretty cool, took half of the day to get to the end of it.

I really like this type of videos. The explanations where really good the quality is very high and overall I can confidently say that I've learnt something I didn't know before!

How dark should the background be? Live overflow: YES

"YOU decide what to open the file with" xdg-open: exists

LiveOverFlow: hiding files in files is not fun justCTF: yes

I always used to think that these formats are "strict" as in they wouldn't allow unknowns. Turns out they do and you can play tricks with them.

LiveOverflow 2016 - finding a parser differential in loading ELF LIveOverflow 2020 - what is a file format just joking. top notch stuff I didn't know.

Now that this secret is public, I want to confess. ✝️ It was my trick in all teen years to hide my private content in a shared pc with family. Of course, we had different users but windows 98, ME and XP were so kind to let me browse other users files. So, I imagined that maybe someone else can browse my files too... Even if they managed to gain access to my files they didn't know if they change the file suffix/extension they see a whole new thing I don't exactly remember which year I learned about file format, but it was between 2000 and 2002.

The 010 tool is pretty awesome, reminds me of something similar I made for terminals - but more advanced and with a hex editor. Thanks for sharing that!

omggg u finally made a dark mode intro. 🙏🏿🙏🏿🙏🏿

Love the musicians of bremen image and the new videos format!

2:38 There's is magic though! At the first bytes of the file

010's template feature is the best one I have seen yet in any hex editor. It's really useful for reversing proprietary file formats.

Thank you for dark mode!

YOU CAN DRAG FILES TO NOTEPAD???!!!!

A rather long winded video to say: PDF ignores bytes until it finds headers. Zip won't show files that have zero length set in headers. So you can make a file that is both a valid PDF and a valid ZIP with another file in it.

If u are here from jusctf gimme a link or else.

Dark mode for intro :)

Files being source code is so blatantly obvious I never though of it, but when you pointed it out it instantly made sense how one could play with the file. and espessially when you showed that ansicphpbash "file format" :) How many of us have struggled with one code trying to parts a bit of another code as a string/variable, or what ever, only to realize you forgot to reformat it so that the thing you're trying to pass is not a being interpreted as actual code.

2:38 LOL at no magic joke 😀 For those new to this, the linux file format recognizer (the file command) is configured in a file called /etc/magic

porn collectors be like: after all these years trying to hide our collections and now you show this?

I like this channel a lot :) I really liked how you explained that zip files actually program zip to make a file, rather than "contain" data. You could have brought in zip-bombs at this point, because then a 1Kb file making a 42Gb file kind of shows how it's generative. Having said that, I think you made one point unclear, which was that programs sometimes "ignore" bytes they don't understand, like scanning for a dog and not seeing the cat. PDF is weird in that it looks for it's magic sequence anywhere in the file, ignoring the zip at the beginning. ZIP, for example, wont do this. Python wont do this. etc etc. Nevertheless, through use of commenting, which is like programming zip to deliberately ignore code, you make polyglots. Polyglots almost always use commenting. If commenting wasn't possible, making polyglots would be WAY harder! Programs don't typically ignore anything, unless you trick them into it. Also this whole video strikes at the heart of a big problem in Europe, what does data privacy/security/illegal information actually mean? What if a picture file, for example, looks like a beautiful sunset in one image viewer application, but child-pron in another. Is the *file* child-pron, or is the image-viewer *making* child-pron when it's displayed? Or both? Do you need to have both on your computer to break the law? TL;DR we all have child-pron and state-secrets on our computers, sometimes in the same file, we just don't have the software to view it.

Should have been said Linux has "xdg-open" and "file" to not scare the windows users to much.

What if a CTF challenge goes like this: it's a .pdf file and also is a .zip file. The .pdf gonna be something that will make people to find for a real .txt that writes "Psst, this pdf file can also be executed by zip" lol

the thing that went in my head when I see 6:26 is C I didn't realise there's php and bash until you told us

loving the new brand design

My mind was absolutely blown away. I've never thought that the same file could be interpreted differently. This is eye-opening for me.

I remember my frustration when first switching from Windows to Ubuntu for work projects. I didn't understand how the Ubuntu file system structure worked, how I should manage individual files, and how to work with them. I asked people questions like "Where should I install programs in Ubuntu?" and similar. At that time I thought to myself self "Gosh, Windows seems like a much cleaner system, everything is neatly organized, I have a dedicated folder for Program Files and the only thing I should do is click shortcuts". But after learning the Ubuntu FS layout, understanding how PATH actually works and what is it intended for, and a lot of other tips and tricks Windows FS principles feel rather restrictive. Although I now daily-drive Windows for home and work stuff (Windows made MAJOR progress towards being a developer-friendly system in the last few years), I still miss some of that clean simplicity and infinite possibilities that a proper GNU/Linux system provides.

4:58 yo why the virus looking like sans

Tha thing from the Thumbnail is called "bremer Stadtmusikanten" it's a statue in bremen (germany) lel

I opened this video with Microsoft Excel.......now my Windows OS is patched and has 0 security bugs. Thanks.

Didn't have to be part of the zip structure (as long as the entire ZIP file is less than 1024 bytes). This is a side effect of the PDF format, which allows random data in the first 1024 bytes.

Don't start talking about .lnk files

from justctf

cool stuff. This is the time to weaponize it.

I can totally relate to this. Grew up with windows but entirely switched to Linux like 8 years ago. I have a completely different understanding for the filesystem now.