Bzip2

From Just Solve the File Format Problem
(Difference between revisions)
Jump to: navigation, search
(add details from ForensicsWiki entry)
(Identification)
Line 12: Line 12:
 
== Identification ==
 
== Identification ==
  
Files begin with magic number "BZ" (bytes 42 5A). Then either an "h" (0x68; [[Huffman coding]]) or "0" (0x30; deprecated original version), then the block size, in 100kb units (TODO: clarify this).
+
A bzip2 file starts with the byte pattern {{magic|42 5a 68 ?? 31 41 59 26 53 59}}.
  
Each compressed block starts with a magic number 0x314159265359 (yes, that is the start of decimal π, but in hex.)
+
The first three bytes are ASCII "{{magic|BZh}}". (For signature "{{magic|BZ0}}", refer to the original [[bzip]] format.) The "<code>h</code>" has been said to stand for "Huffman coding", but confirmation is needed.
  
The end of file marker uses magic number 0x177245385090 (square root of π, in the same ... interesting ... format.)
+
The byte at offset 3 is a code for the block size. Its possible values range from <code>0x31</code> to <code>0x39</code> (ASCII "<code>0</code>" to "<code>9</code>").
 +
 
 +
The bytes at offset 4-9 are derived from the digits of the mathematical constant π ([[Binary-coded decimal|BCD]]-encoded).
 +
 
 +
The end-of-file marker uses magic number (hex) {{magic|17 72 45 38 50 90}}, derived from the square root of π. However, it is not byte-aligned. The result is that one of the following byte sequences appears beginning 10 bytes from the end of the file:
 +
 
 +
b9 22 9c 28 48
 +
dc 91 4e 14 24
 +
ee 48 a7 0a 12
 +
77 24 53 85 09
 +
bb 92 29 c2 84
 +
5d c9 14 e1 42
 +
2e e4 8a 70 a1
 +
17 72 45 38 50
  
 
== Software ==
 
== Software ==

Revision as of 19:06, 16 December 2023

File Format
Name bzip2
Ontology
Extension(s) .bz2
MIME Type(s) application/x-bzip2
PRONOM x-fmt/268
Released 1997

bzip2 is a data compression algorithm and compressed file format.

Contents

Identification

A bzip2 file starts with the byte pattern 42 5a 68 ?? 31 41 59 26 53 59.

The first three bytes are ASCII "BZh". (For signature "BZ0", refer to the original bzip format.) The "h" has been said to stand for "Huffman coding", but confirmation is needed.

The byte at offset 3 is a code for the block size. Its possible values range from 0x31 to 0x39 (ASCII "0" to "9").

The bytes at offset 4-9 are derived from the digits of the mathematical constant π (BCD-encoded).

The end-of-file marker uses magic number (hex) 17 72 45 38 50 90, derived from the square root of π. However, it is not byte-aligned. The result is that one of the following byte sequences appears beginning 10 bytes from the end of the file: 

b9 22 9c 28 48
dc 91 4e 14 24
ee 48 a7 0a 12
77 24 53 85 09
bb 92 29 c2 84
5d c9 14 e1 42
2e e4 8a 70 a1
17 72 45 38 50

Software

Sample files

See also

Links

Retrieved from "http://fileformats.archiveteam.org/index.php?title=Bzip2&oldid=46452"
Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox