// Detect It Easy: detection rule file
// Author: LinXP
// doc-ref: https://www.sqlite.org/fileformat.html

meta("format", "SQLite 3 database (.SQLITE)");

function detect() {
    if (Binary.compare("'SQLite format 3'00")) {
        bDetected = true;

        var nAppID = Binary.read_uint32(0x44, _BE),
            nSQLiteVersionNumber = Binary.read_uint32(0x60, _BE),
            nChangeCount = Binary.read_uint32(0x18, _BE);

        var nMajor = nSQLiteVersionNumber / 1000000 >> 0,
            nMinor = (nSQLiteVersionNumber - nMajor * 1000000) / 1000 >> 0,
            nRelease = nSQLiteVersionNumber - (nMajor * 1000000) - (nMinor * 1000) >> 0;

        sVersion = nMajor + "." + nMinor + "." + nRelease;

        switch (Binary.read_uint32(0x38, _BE)) {
            case 1: sOption("UTF-8"); break;
            case 2: sOption("UTF-16LE"); break;
            case 3: sOption("UTF-16BE"); break;
            default: return;
        }

        if (nAppID && Binary.isVerbose()) {
            sOption("AppID: " + nAppID);
        }

        if (nChangeCount && Binary.isVerbose()) {
            sOption("Changes: " + nChangeCount);
        }
    }

    return result();
}