#------------------------------------------------------------------------------
# $File: pdf,v 1.6 2009/09/19 16:28:11 christos Exp $
# pdf:  file(1) magic for Portable Document Format
#
0       string  %PDF-       PDF document,
>6      byte    !0x2e       {invalid}
>5      string  x           version: "%3s"

#------------------------------------------------------------------------------
# $File: zyxel,v 1.6 2009/09/19 16:28:13 christos Exp $
# zyxel:  file(1) magic for ZyXEL modems
#
# From <rob@pe1chl.ampr.org>
# These are the /etc/magic entries to decode datafiles as used for the
# ZyXEL U-1496E DATA/FAX/VOICE modems.  (This header conforms to a
# ZyXEL-defined standard)

0       string          ZyXEL\002       ZyXEL voice data
>10     byte            0               \b, CELP encoding
>10     byte&0x0B       1               \b, ADPCM2 encoding
>10     byte&0x0B       2               \b, ADPCM3 encoding
>10     byte&0x0B       3               \b, ADPCM4 encoding
>10     byte&0x0B       8               \b, New ADPCM3 encoding
>10     byte&0x04       4               \b,with resync

0       string          LinuxGuestRecord        Xen saved domain file

0       string      \x3chtml        HTML document header
>5      byte        !0x20
>>5     byte        !0x3e           {invalid}
0       string      \x3cHTML        HTML document header
>5      byte        !0x20
>>5     byte        !0x3e           {invalid}

0    string        \x3c/html\x3e        HTML document footer
0    string        \x3c/HTML\x3e        HTML document footer

0    string        \x3c?xml\x20version      XML document,
>15  string        x                        version: "%.3s"

# CodeGate 2011 http://nopsrus.blogspot.com/2013/05/codegate-ctf-2011-binary-100-points.html
0    string    \x23\x40\x7e\x5e    Windows Script Encoded Data (screnc.exe)

0           regex   /[a-zA-Z0-9\.\-_]{1,25}/[a-zA-Z0-9\.\-_]{1,25}/[a-zA-Z0-9\.\-_/].*       Unix path:
>0          string  x                                                                        %s
>0          string  !/home/
>>0         string  !/bin/
>>>0        string  !/sbin/
>>>>0       string  !/usr/
>>>>>0      string  !/sys/
>>>>>>0     string  !/var/
>>>>>>>0    string  !/opt/
>>>>>>>>0   string  !/etc/
>>>>>>>>>0  string  !/lib/
>>>>>>>>>>0 string  !/dev/                                                                   {invalid}(likely false positive)

0   string      neighbor           Neighborly text,
>0  string      x                  "%s
>63 string      x                  \b%s"

0   string      Neighbor           Neighborly text,
>0  string      x                  "%s
>63 string      x                  \b%s"

0   string      neighborly         Neighborly text, best guess: Goodspeed, 
>0  string      x                  "%s
>63 string      x                  \b%s"

0   string      begin\x20           uuencoded data,
>9  byte        !0x20               {invalid}invalid format,
>6  byte        <0x30               {invalid}invalid permissions,
>6  byte        >0x39               {invalid}invalid permissions,
>7  byte        <0x30               {invalid}invalid permissions,
>7  byte        >0x39               {invalid}invalid permissions,
>8  byte        <0x30               {invalid}invalid permissions,
>8  byte        >0x39               {invalid}invalid permissions,
>10 string      x                   file name: "%s",
>6  string      x                   file permissions: "%.3s"

0       string      \x00\x53\x46\x48                                    OSX DMG image
>0x38   string      !d\x00i\x00s\x00k\x00\x20\x00i\x00m\x00a\x00g\x00e  invalid{invalid}

# Xilinx FPGA Bitstream
# Ref: http://www.xilinx.com/support/answers/7891.html
0       ubequad        0xffffffffaa995566  Xilinx Virtex/Spartan FPGA bitstream dummy + sync word