The rules that define how the bytes of a particular file are supposed to be interpreted are called a file format. We described the format of a plain text file in the previous paragraph. You might have heard of .jpg files (JPEG files). JPEG is a file format for images, and any file whose bytes conform to the JPG rules can be viewed as an image with the proper Program. So usually to use a file you need to know what kind it is (i.e. what format it follows) and what Program(s) to use to operate on that kind of file. Here are some common formats:
One of the most important file types is one you might not have thought of: a Program. A Program is a regular old file whose bytes can be interpreted by the computer as instructions to be executed.
Filenames typically (by tradition) end in a '.' followed by
three letters — like
.jpg. This last part of the filename is called
the file extension. The operating system (Windows) and many programs trust the extension to tell them the file type,
and thus choose, for example, what Program to use when opening
the file. However, this trust is misplaced. The extension does
not tell you the file type reliably. Try this:
CSL.png(which is an image). Right-click on it and choose rename to change its name to
CSL.doc. You will have to scroll all the way to the right to rename the .png portion to .doc (the
.docextension is for MS Word). Answer yes to the "are you sure you want to change it" dialog box. Notice how the icon changed. Windows thinks this is a Word document now.
Here's a common example of playing games with file
extensions. The mail server here at USNA won't let you send a
zip file. Any
.zip attachment just mysteriously disappears.
In fact, the server only looks at the file name, not at the
bytes that make up the file. So you can simply rename the
file, say changing
foo.piz, and then attach it.
The file will be sent, no problem, and the recipient merely
needs to change the extension back to
.zip when he saves it.
So, don't believe what file extensions tell you!
ff d8 ff e0 00 10
52 49 46 46(this is actually printable as
d0 cf 11 e0 a1 b1 1a e1 00 00
Follow this link to an activity that should help you to understand: 1. that files really are just a bunch of bits/bytes, 2. that changing the bits in a file changes what happens when the file is opened with the appropriate program, and 3. that since many file formats have rules about what bytes a file starts with, you can often determine the type of a file by examining the first few bytes. We'll see that this can be important!
You can play games with file format rules — sometimes for unsavory purposes. One interesting example is the gifar. Basically, we can create a single file (sequence of bytes) that satisfies the formatting rules both for an image format and for an "archive" format. Specifically, for instance, we can create a single file that is a valid
.jpg image file and a valid Java
.jar (a file that's intended to be processed by the Program "java"). The gist is the first part of the file is the JPG image, and the second part is the Java jar file. This works because a JPG file must have a JPG header as its first several bytes, and must have a JPG footer indicating the end of the image data, but not necessarily the end of the file. There can be more bytes after the JPG footer, but any JPG viewer simply ignores them. Meanwhile, Java processes a jar file starting with the bytes at the back end of the file. These bytes act as a sort of "table of contents" that tells Java how far forward in the file to jump for other pieces of Java-specific data. The table of contents in a gifar never tells Java to look as far forward in the file as the JPG footer or beyond.
You might ask "What's the point?". Java jar files can instruct the Java Program to do seriously bad things to your computer — they can really be evil. JPG image files, on the other hand, are pretty benign. So websites that allow users to post content will often allow JPG image files to be posted, but definitely not Java
jar files. What the bad guys figured out, is that by posting a gifar, they could post files to these websites that the websites thought were innocuous JPG image files (and so would allow to be posted), but which were also malicious Java jar files.