Sometimes you also find hidden things lurking accidentally left behind in IPAs and APKs that are nice and juicy and realize they've been shipped on Google Play/App Store for years.
I've found everything from entire copies of internal company manuals to working test credentials for a physical place with a membership barcode in debug logs left inside the app from developers.
Also sometimes changelogs left inside by accident which include things like "It hasn't been sanitized for outside consumption and thus should remain internal
to <company>. Deliver it externally at your own risk of embarassment."
.docx and .xlsx are also just zip files with XML and attachments. The bad thing is that the XML is Word's internal document structure serialized and behavior for some values is only defined in Microsoft's code.
I've worked on docx and xlsx import/export and the public documentation for the formats was sufficient for normal documents (maybe excluding some very exotic features). That was ca 2010.
Well the executable binaries inside IPAs are encrypted, but the IPA bundles themselves are typically unencrypted. You should be able to see unencrypted assets inside of them
Even better, wait until people discover 7zip's 'parser mode' on Windows (especially). Right click a file -> 7zip -> Open archive -> #:e mode. Really fun way to quickly carve out files and snoop around. I use it like a poor man's binwalk to extract firmware files and updates and etc out of things to usual success.
(#:e Parser mode, ignoring full archives, and checks every single byte position of a file for 'start of archive' bytes to parse archives out of a larger file.)
Sometimes you also find hidden things lurking accidentally left behind in IPAs and APKs that are nice and juicy and realize they've been shipped on Google Play/App Store for years.
I've found everything from entire copies of internal company manuals to working test credentials for a physical place with a membership barcode in debug logs left inside the app from developers.
Also sometimes changelogs left inside by accident which include things like "It hasn't been sanitized for outside consumption and thus should remain internal to <company>. Deliver it externally at your own risk of embarassment."
.docx and .xlsx are also just zip files with XML and attachments. The bad thing is that the XML is Word's internal document structure serialized and behavior for some values is only defined in Microsoft's code.
I've worked on docx and xlsx import/export and the public documentation for the formats was sufficient for normal documents (maybe excluding some very exotic features). That was ca 2010.
Even pk3 files from the id Tech engine are just zip files.
For many things. Change .epub to .zip for example, you get html text and jpg images
It is zip files all the way down
They are typically encrypted, though.
Well the executable binaries inside IPAs are encrypted, but the IPA bundles themselves are typically unencrypted. You should be able to see unencrypted assets inside of them
Wait till people discover file(1)!
Even better, wait until people discover 7zip's 'parser mode' on Windows (especially). Right click a file -> 7zip -> Open archive -> #:e mode. Really fun way to quickly carve out files and snoop around. I use it like a poor man's binwalk to extract firmware files and updates and etc out of things to usual success.
(#:e Parser mode, ignoring full archives, and checks every single byte position of a file for 'start of archive' bytes to parse archives out of a larger file.)
That's helpful. I always wondered what the * and # modes were for and why some sometimes only one of them worked.
The elites don’t want you to know this but the distribution file formats on the web are zips you can just unzip them I have 458 zips.
Indeed so