What Type of File Is It?

[aaphid]

I have a file that I don't know how to open. It's 2GB and from what I remember it was either a .zip or .dmg file. However some time ago when I made it I also removed the last 3 characters from the name and renamed it .mov. This changed the way that finder dealt with it. Now I would like to open it but when I change the suffix to either of the above they aren't recognised making me wonder if either the file is corrupt or maybe it's not a zip or dmg.

How can I tell what the file is? I've gone into terminal and queried it with the "file" command but it just tells me that it's data.

Any ideas?

 

[MisterMe]

...

How can I tell what the file is? ...

First off, yhe extension is merely a special part of the file's name. You cannot change the file type by changing its extension.

One of the criteria by which the Finder decides how to handle a file is determined by the extension. However, the extension should be compatible with the file's type.

Nothing that you have described should have damaged the file. However, you don't seem to have to have a handle on the original file type. Quite frankly, it is not at all clear that you have told everything that you did.

My advice to you is to restore the proper extension. If you don't get it right the first time, then try and try again. In the future, don't do that.

 

[aaphid]

Thanks MisterMe but that doesn't actually help. I've already tried changing the suffix.

Does anyone else have any ideas?

 

[Satcomer]

How can I tell what the file is? I've gone into terminal and queried it with the "file" command but it just tells me that it's data.

Any ideas?

Sounds like a trojan. Do you truly trust the source where you got that file?

 

[ElDiabloConCaca]

A file is simply a collection of bytes, so if you don't know what the file is, then there's really no way to find out without knowing how to read and parse the actual binary data. Something within the file may give you a clue as to what program originally created it, but as for a "magic application" that can tell you what the contents of a file are, well, that just doesn't exist.

Try opening the file with your favorite text editor and see if there are any recognizable strings in the first part of the file.

 

[macbri]

Try opening the file with your favorite text editor and see if there are any recognizable strings in the first part of the file.

Given that you've got a 2 GB file, a quicker way might be to open the Terminal and then:

strings [I]yourmystery2gbfile[/I] | more

 

[aaphid]

Given that you've got a 2 GB file, a quicker way might be to open the Terminal and then:

strings [I]yourmystery2gbfile[/I] | more

This is what I get:-

Desktop aa$ strings Test.zip | more
strings: can't map file: Test.zip (Cannot allocate memory)

 

[artov]

It seems that strings attempts to read the file to memory, but cannot (you do not have 2GB free memory), so the it attempts to map it to memory. Mapping file to memory means that the file comes part of the virtual memory. Most likely this fails, since you have 32 bit system, and already have more than 2GB (32 bit means max memory address is 32 bit long, i.e. there are 4GB possible memory locations).

If you like to use strings to study the file (I'd prefer od command , like od -a thefile),
you might like to split it to smaller parts, with the split command.

 

[aaphid]

If you like to use strings to study the file (I'd prefer od command , like od -a thefile),
you might like to split it to smaller parts, with the split command.

OK I really have no idea what I'm doing here but I'm happy to give it a go.
This is what I get...

Desktop aa$ od -a Test.zip
0000000 sp nul nul nul nul nul nul nul nul nul nul nul nul nul nul nul
0000020 nul nul nul nul nul nul nul nul nul nul nul nul nul nul nul nul
*
22054220720


Have I done that right?

 

[macbri]

OK I really have no idea what I'm doing here but I'm happy to give it a go.
This is what I get...

Desktop aa$ od -a Test.zip
0000000 sp nul nul nul nul nul nul nul nul nul nul nul nul nul nul nul
0000020 nul nul nul nul nul nul nul nul nul nul nul nul nul nul nul nul
*
22054220720


Have I done that right?

Yup - exactly right. The "od" command basically lets you see arbitrary data in readable form. What it shows here is you have a very large basically empty file. It's got two bytes at the beginning (the "s" and "p") and everything after is null, or zero. (The "od" command will skip all identical output lines, which is why the output is so short for such a large file).

It looks like whatever data was in that file is gone.

 

[aaphid]

It looks like whatever data was in that file is gone.

OK. So I'm guessing that the result would be the same if I changed the file suffix to .sit or .dmg . And if that is the case then possibly it was an empty drive image to start with. Does that sound possible?