How can I detect in kernel or user space that this binary is of some interpreter language like python ,Perl or java and not a simple binary like ls ,clear, df, etc.
Detection of python ,perl or java in linux system
78 Views Asked by yasirateeq857 At
3
There are 3 best solutions below
6
On
I have just done tests, using the file command:
For a Python file:
Linux Prompt>file "./Program Files/.../test_XOR.py"
./Program Files/.../test_XOR.py: Python script, ASCII text executable, with CRLF, LF line terminators
For a Java file (*.jar library):
Linux Prompt>file "./Program Files/.../fontbox.jar"
./Program Files/.../fontbox.jar: Java archive data (JAR)
For another Java file (*.class file):
Linux Prompt>file "./Program Files/.../JREProperties.class"
./Program Files/.../JREProperties.class: compiled Java class data, version 52.0 (Java 1.8)
For a Perl file:
Linux Prompt>file "./Program Files/.../docx2txt.pl"
./Program Files/Git/usr/bin/docx2txt.pl: Perl script text executable
So, as you see, parsing the result of the file command might be your solution.
Edit after first comment
In my answer, I thought you were talking about files, which are to be launched by Python, Java or Perl, but you seem to be interested by those files themselves.
The only advise I can give you, is to take the checksum of Python, Java or Perl on that machine, and verify this with the checksum of the suspected file, as in this example:
Linux Prompt>cksum $(which perl)
3199833323 3478464 /usr/bin/perl
Linux Prompt>cp /usr/bin/perl /mnt/c/Temp_Folder/Kopietje
Linux Prompt>cksum /mnt/c/Temp_Folder/Kopietje
3199833323 3478464 /mnt/c/Temp_Folder/Kopietje
Try using
readelf. I have used that succesfully in the past. It can destinguish between binaries or interpreted files, as well as which platform the binary was compiled for. The--program-headersmight be useful.