1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
//! SQLite and WAL binary format constants.
//!
//! These constants describe the on-disk layout of SQLite database files
//! and Write-Ahead Log (WAL) files. They are used for forensic carving,
//! integrity checking, and free-page recovery.
//!
//! All multi-byte integer fields in SQLite headers are big-endian.
/// SQLite database file magic bytes (first 16 bytes of any valid SQLite file).
///
/// Reference: SQLite file format spec §1.2
pub static SQLITE_MAGIC: & = b"SQLite format 3\0";
/// Minimum valid SQLite file size in bytes (the 100-byte file header).
pub const SQLITE_HEADER_SIZE: usize = 100;
/// Byte offset of the page size field in the SQLite header.
///
/// 2-byte big-endian unsigned integer. The value 1 is a special encoding for
/// a page size of 65536 bytes.
pub const SQLITE_PAGE_SIZE_OFFSET: usize = 16;
/// Byte offset of the freelist trunk page number in the SQLite header.
///
/// 4-byte big-endian unsigned integer. Points to the first freelist trunk page;
/// 0 if no free pages exist. Carving free pages recovers deleted records.
pub const SQLITE_FREELIST_TRUNK_OFFSET: usize = 32;
/// Size of the SQLite WAL file header in bytes.
///
/// The WAL file begins with a 32-byte header followed by zero or more frames.
pub const SQLITE_WAL_HEADER_SIZE: usize = 32;
/// Size of a WAL frame header in bytes.
///
/// Each frame in the WAL file begins with a 24-byte header, followed by
/// `page_size` bytes of page data.
pub const SQLITE_WAL_FRAME_HEADER_SIZE: usize = 24;
/// Firefox mozLz4 session file magic bytes.
///
/// Firefox compresses `sessionstore.jsonlz4` with a custom LZ4 variant
/// preceded by this 8-byte magic header.
pub static MOZLZ4_MAGIC: & = b"mozLz40\0";