12 May 2010

7-zip reveals thumbs.db content for you

Once again I was shocked by 7-zip tremendous decode ability. Especially the compound format or I'd say "the custom way to pack something with/without compression", other known 7-zip ability is to unpack chm file.

So what I have here? first choose thumbs.db somewhere in explorer (make sure you've checked "show hidden file" option).

Got one? Now right click and choose open with.. select 7zip archive manager. Tada! inside it you'll see numbered files there and a catalog file (where the number being mapped to a filename that got thumbnailed, probably with other info).

OK, you might already thinking that all of them are "supposedly" images right? Almost correct, in fact it's slightly modified jpeg file. Forensically (uh thats too fancy word) ok let me say binarily (does this word exist?) the difference is the thumbs.db format prepend 12 additional bytes in its header thus most image viewer didn't recognized it. If you remove (using frhed, HxD or other hex editor) those bytes and save it as jpg. You will able to open it using any image viewer.

On some situation that's a funny thing to play you know. And M$ always screw up your privacy

Or you could use SageThumbs to view the unaltered file. I also packaging SageThumbs here (for Windows XP)
Edit: ah, after quick googling there is a better way to see

BTW, I still haven't finished mirroring valadoc.org :)) even today, wget really working hard

No comments:

Post a Comment