Magic Bytes: Helps file go undetectable!


To identify the file format or signatures, one typically only needs to look for the first few bytes of the file in question. This is what’s often called magic bytes, which help in identifying the type of file. It can be helpful to look for file format signatures and inferring how the application is using them based on these signatures, as well as how these formats may be abused to provoke undefined behavior within the application.

Where it can be used?

Wrapping of Malware

  • A malware wrapper is an otherwise non-malicious file that can have a malware file bound to them.
  • It is possible for malicious software to disguise its magic number, potentially masquerading as another file type. Typically, detecting a certain magic number will indicate the file type but the specific file type may not always have the correct magic number. 
  • The vulnerability advisory basically states that the majority of virus scanners are unable to detect some malware if a fake file header is prepended to the malicious file.
  • This more or less boils down to script-like malware, such as .bat and .html, going undetected if an MZ header, for an instance is prepended to the file. Most virus scanners seem to assume that such a file is an executable, and will therefore no longer detect the malware.


File Upload Vulnerabilities

  • File upload functionality is commonly associated with a number of vulnerabilities.
  • Exploiting this vulnerability can be done by:
    • Checking whether it is possible to place executable HTML/JavaScript into the file, which executes when the file's contents are viewed.
    • Checking whether the application performs any filtering on the file extension or MIME type of the uploaded file and embedding the file with a script by bypassing the possible checks.
    • Checking whether it is possible to construct a hybrid file containing both executable and non-executable content, to bypass any content filters - for example, a file containing both a GIF image and a Java archive (known as a GIFAR file) by adding proper headers and segregating the two to execute differently.

Steganography

  • Steganography is a technique for allowing two or more people to silently communicate with each other by hiding any secret message on a media cover. There are various types of steganography methods and techniques used for embedded data called cover or host data: Audio Steganography, Text Steganography, Image Steganography, and video Steganography.
  • File Signatures can be used to fool the man in the middle and deliver the message to the other end. This can be done by disguising a text file (.txt) or video file (.mp4) by embedding it into a new file like a .png or .jpeg file.
  • Check Hide Files behind Audio or Image File (S-Tools)
  • Also, Check Hide files behind an Image File (Without Using Software)

You might also interest in,
  • Magic Bytes and Important File Formats - Click Here!
  • List of Common Magic Bytes or File Signatures - Click Here!

We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

To identify the file format or signatures, one typically only needs to look for the first few bytes of the file in question. Thi...

India Information Technology Rules – 2021

Information technology law or cyberlaw concerns the law of information technology, including computing and the internet related to legal informatics, and governs the digital dissemination of both (digitized) information and software, information security, and electronic commerce aspects and it has been described as "paper laws" for a "paperless environment". IT Rules raises specific issues of intellectual property in computing and online, contract law, privacy, freedom of expression, and jurisdiction.


The IT Act, 2000 came into force on 17 October 2000.


The Information Technology Act, 2000, serves as a useful illustration of the dearth of dynamism in digital rule-making in India. Though Information Technology Act, 2000 forms the legislative bedrock of the country’s online edifice, it has only been significantly amended once in 2008; And while it witnessed minor revisions from time to time since then, these were largely informed by political exigencies rather than any long-term digital vision.


The IT Rules should grant legal sanction to officers for processes involving the collection and preservation of electronic evidence. Though the IT Act and its accompanying rules hint at these norms there is nothing in the way of a concrete playbook that informs cyber-policing capabilities. As such, a majority of cybercrime cases in India are left unreconciled. Illustratively, according to a report by the National Crime Records Bureau, only 38% of the 24,187 cybercrime incidents reported in 2016 were disposed of by the end of the year.


Amidst growing concerns around lack of transparency, accountability, and rights of users related to digital media and after elaborate consultation with the public and stakeholders, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021 has been framed in exercise of powers under section 87 (2) of the Information Technology Act, 2000 and in supersession of the earlier Information Technology (Intermediary Guidelines) Rules 2011.


New Guidelines for Social Media/Intermediaries:

Categories of Social Media Intermediaries:

Based on the number of users, on the social media platform intermediaries have been divided into two groups:
  • Significant social media intermediaries.
  • Due Diligence to be Followed by Intermediaries: In case, due diligence is not followed by the intermediary, Safe Harbor Provisions will not apply to them.
The safe harbor provisions have been defined under Section 79 of the IT Act, and protect social media intermediaries by giving them immunity from legal prosecution for any content posted on their platforms.

Grievance Redressal Mechanism is Mandatory:

  • Intermediaries shall appoint a Grievance Officer to deal with complaints and share the name and contact details of such officers.
  • The Grievance Officer shall acknowledge the complaint within twenty-four hours and resolve it within fifteen days from its receipt.

Ensuring Online Safety and Dignity of Users:

  • Intermediaries shall remove or disable access within 24 hours of receipt of complaints of contents that exposes the private areas of individuals, show such individuals in full or partial nudity or in sexual activity or is in the nature of impersonation including morphed images etc.
  • Such a complaint can be filed either by the individual or by any other person on his/her behalf.

Additional Due Diligence for the Significant Social Media Intermediaries:

  • Appointments: Need to appoint Chief Compliance Officer, a Nodal Contact Person, and a Resident Grievance Officer, all of whom should be residents in India.
  • Compliance Report: Need to publish a monthly compliance report mentioning the details of complaints received and action taken on the complaints as well as details of contents removed proactively.

Enabling Identity of the Originator:

  • Significant social media intermediaries providing services primarily in the nature of messaging shall enable the identification of the first originator of the information.
  • Required only for the purposes of prevention, detection, investigation, prosecution, or punishment of an offense related to sovereignty and integrity of India, the security of the State, friendly relations with foreign states, or public order.
  • Or incitement to an offense relating to the above or in relation to rape, sexually explicit material, or child sexual abuse material punishable with imprisonment for a term of not less than five years.

Removal of Unlawful Information:

  • An intermediary upon receiving actual knowledge in the form of an order by a court or being notified by the Appropriate Govt. or its agencies through an authorized officer should not host or publish any information which is prohibited under any law in relation to the interest of the sovereignty and integrity of India, public order, friendly relations with foreign countries, etc.

Grievance Redressal Mechanism: 

A three-level grievance redressal mechanism has been established under the rules with different levels of self-regulation.
  • Level-I: Self-regulation by the publishers
    • The publisher should appoint a Grievance Redressal Officer who is a resident of India.
    • The officer should take his/her decision on complaints within 15 days.
  • Level-II: Self-regulation by the self-regulation bodies of the publishers
      • The self-regulating bodies of the publishers should register themselves with the Ministry of Information & Broadcasting.
        • One publisher can have more than one self-regulating body.
          • Such bodies would be headed by a retired judge of the Supreme Court, a High Court, or an eminent independent person and shall not have more than six members.
            • This body should oversee that the publisher adheres to the Code of Ethics.
              • The body will also address grievances that are not resolved within 15 days by the publisher.
            • Level-III: Oversight mechanism
              • An oversight mechanism will be framed by the Information and Broadcasting Ministry.
              • It shall publish a charter for self-regulating bodies, including Codes of Practices.
              • It shall also establish an Inter-Department Committee for hearing grievances. 

            Self-regulation by the Publisher:

            • Publisher shall appoint a Grievance Redressal Officer based in India who shall be responsible for the redressal of grievances received by it.
            • The officer shall take a decision on every grievance received within 15 days.

            New IT Concerns

            Some of the concerns expressed about these new Rules are mentioned below.

            Some people say that instead of soft-touch monitoring, the government has opted for predatory new rules.
            • The mandate that social media intermediaries should help authorities trace the first originator of contentious messages can be problematic, experts opine. Tracking the first originator would entail storing sensitive information or breaking end-to-end encryption protocol, moves that could weaken overall security. Here, the users’ right to privacy could be potentially violated. The issue gets even more complicated if the message originator is outside India.
            • While many lauds the steps to mitigate and penalize child sexual abuse online, some worry that the lack of nuanced automated tools to filter material could have a deleterious effect on free speech.

            We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

            Information technology law or cyberlaw concerns the law of information technology, including computing and the internet related to...