detect: add an entry for MOV in MacBinary II without mdat atom

author Kostya Shishkov <kostya.shishkov@gmail.com>

Thu, 5 Feb 2026 17:54:05 +0000 (18:54 +0100)

committer Kostya Shishkov <kostya.shishkov@gmail.com>

Thu, 5 Feb 2026 17:54:05 +0000 (18:54 +0100)
author Kostya Shishkov <kostya.shishkov@gmail.com>
Thu, 5 Feb 2026 17:54:05 +0000 (18:54 +0100)
committer Kostya Shishkov <kostya.shishkov@gmail.com>
Thu, 5 Feb 2026 17:54:05 +0000 (18:54 +0100)
diff --git a/nihav-registry/src/detect.rs b/nihav-registry/src/detect.rs

index 41702ed6998e27f5d133c94386a8f311150d7392..a92afa940aec39d6d399fd1b4dd73dc29350f6e8 100644 (file)
--- a/nihav-registry/src/detect.rs
+++ b/nihav-registry/src/detect.rs
@@ -253,6 +253,14 @@ const DETECTORS: &[DetectConditions] = &[
                        CheckItem{offs: 0x7B, cond: &CC::Eq(Arg::Byte(0x81))},
                        CheckItem{offs: 0x84, cond: &CC::Or(&CC::Str(b"mdat"), &CC::Str(b"moov"))}],
      },
+    DetectConditions {
+        demux_name: "mov-macbin",
+        extensions: ".mov,.bin",
+        conditions: &[CheckItem{offs: 0, cond: &CC::Eq(Arg::Byte(0))},
+                      CheckItem{offs: 0x41, cond: &CC::Str(b"MooVPrMr")},
+                      CheckItem{offs: 0x7A, cond: &CC::Eq(Arg::Byte(0x81))},
+                      CheckItem{offs: 0x7B, cond: &CC::Eq(Arg::Byte(0x81))}],
+    },
      DetectConditions {
          demux_name: "mov-resfork",
          extensions: ".mov",
author	Kostya Shishkov <kostya.shishkov@gmail.com>
	Thu, 5 Feb 2026 17:54:05 +0000 (18:54 +0100)
committer	Kostya Shishkov <kostya.shishkov@gmail.com>
	Thu, 5 Feb 2026 17:54:05 +0000 (18:54 +0100)