Page MenuHomePhabricator
Create Task
Maniphest T151794

Install unrar on Tool Labs
Closed, DeclinedPublic
Actions

Description

Install unrar [non-free] on Tool Labs. Source code license restricts reverse engineering. Needed to confirm T12847 affected files.

Related Objects

Event Timeline

Dispenser created this task.Nov 28 2016, 7:44 PM
Restricted Application added a project: Cloud-Services. · View Herald TranscriptNov 28 2016, 7:44 PM
Restricted Application added subscribers: JEumerus, Aklapper. · View Herald Transcript
Platonides added a subscriber: Platonides.Nov 28 2016, 8:03 PM

It has been a long time since I last looked at that problem, but… isn't the free unrar enough for detecting that it is indeed a rar file and not a random file containing Rar! ?

Dispenser added a comment.Nov 28 2016, 9:34 PM

The Free unrar can only decompress archives created by RAR versions prior to 2.9 (2002). All hidden archives I've found were using the new format.

Platonides added a comment.Nov 29 2016, 11:42 PM

But is full decompression needed? Just an unrar -l would be enough to confirm that there's an extra file added, wouldn't it?

Dispenser added a comment.Nov 30 2016, 3:48 PM

$ unrar-free --list Camera_10125.jpg

unknown archive type, only plain RAR 2.0 supported(normal and solid archives), SFX and Volumes are NOT supported!

Pathname/Comment
                  Size   Packed Ratio  Date   Time     Attr      CRC   Meth Ver
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
    0                0        0 -nan%

$ unrar-nonfree L Camera_10125.jpg

Archive: Camera_10125.jpg
Details: RAR 5, SFX

 Attributes      Size    Date   Time   Name
----------- ---------  -------- -----  ----
 -rwxrwxr-x  26812422  28-11-16 14:06  Tutorial.mp4
----------- ---------  -------- -----  ----
             26812422                  1
scfc triaged this task as Low priority.Feb 16 2017, 10:45 PM
scfc moved this task from Triage to Backlog on the Toolforge board.
zhuyifei1999 added a subscriber: zhuyifei1999.Apr 10 2017, 12:55 PM

The source code is available at http://www.rarlab.com/rar_add.htm and I got it compiled on tool labs. Due to the increasing complexity of abuse in T129845 I would very much like to use this tool as a sidekick for existing anti-abuse algorithms. The license is certainly more restrictive and not very libre; but I would like clarification of whether running it on tool labs is allowed.

tom29739 added a subscriber: tom29739.Apr 10 2017, 1:01 PM
valhallasw added a subscriber: valhallasw.Apr 10 2017, 5:24 PM

As far as I can see, the license of unrar is non-libre, so it would (unfortunately) not be allowed on Labs.

However, for the purpose of detecting RAR files, uncompressing is maybe not necessary -- just detecting the RAR header (52 61 72 21 1A 07 01 00 for RAR5) might already enough. Of course, there could be some false positives, but these can for example be improved upon by adding better heuristics (e.g. based on notes on the file structure, http://www.forensicswiki.org/wiki/RAR).

I would suggest to start with the RAR header detection; it's 8 bytes long, so false positives should only happen roughly once every ~1e19 bytes = million TB, which sounds not too bad :-)

zhuyifei1999 closed this task as Declined.Apr 11 2017, 12:17 AM

Sure, we are working towards this direction.

jcrespo mentioned this in T12847: Detect RAR concatenation in jpeg images.Apr 12 2017, 8:25 AM
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL