ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between revisions of "RAR"

From ForensicsWiki
Jump to: navigation, search
Line 21: Line 21:
 
:** There is difficulty finding information regarding this sub-format. Please update if you know something.
 
:** There is difficulty finding information regarding this sub-format. Please update if you know something.
 
:* 1.5
 
:* 1.5
 +
:** Utilizes a proprietary compression method that is not available to the public.
 
:** Considered the root model of subsequent formats.
 
:** Considered the root model of subsequent formats.
 
:** A detailed list of information can be found [http://www.win-rar.com/index.php?id=24&kb_article_id=162 here].
 
:** A detailed list of information can be found [http://www.win-rar.com/index.php?id=24&kb_article_id=162 here].
 
:* 2.0
 
:* 2.0
 +
:** Utilizes a proprietary compression method that is not available to the public.
 
:* 3.0  
 
:* 3.0  
 
:** Utilizes the [http://en.wikipedia.org/wiki/Prediction_by_Partial_Matching PPMII] and [http://en.wikipedia.org/wiki/LZ77_and_LZ78 Lempel-Ziv (LZSS)]] algorithms.
 
:** Utilizes the [http://en.wikipedia.org/wiki/Prediction_by_Partial_Matching PPMII] and [http://en.wikipedia.org/wiki/LZ77_and_LZ78 Lempel-Ziv (LZSS)]] algorithms.

Revision as of 16:06, 3 April 2012

RAR Archives (Roshal ARchive file format) is a proprietary format for storing information created by Eugene Roshal. The format is currently handled by Alexander Roshal, Eugene's brother.

Format

The file has the magic number of:

0x 52 61 72 21 1A 07 00

which is a break down of the following to describe an Archive Header:

  • 0x6152 - HEAD_CRC
  • 0x72 - HEAD_TYPE
  • 0x1a21 - HEAD_FLAGS
  • 0x0007 - HEAD_SIZE


Metadata

Sub-formats

The RAR format is comprised of many sub-formats that have changed over the years. The different formats and their descriptions are as follows:

  • 1.3 (Does not have the RAR! signature)
    • There is difficulty finding information regarding this sub-format. Please update if you know something.
  • 1.5
    • Utilizes a proprietary compression method that is not available to the public.
    • Considered the root model of subsequent formats.
    • A detailed list of information can be found here.
  • 2.0
    • Utilizes a proprietary compression method that is not available to the public.
  • 3.0
    • Utilizes the PPMII and Lempel-Ziv (LZSS)] algorithms.
    • Encryption now uses cipher block chaining (CBC) instead of Advanced Encryption Standard (AES).



Software

This only way to create a RAR file is using the Winrar software. There are several implementations of the process to open a RAR file (commonly known as the "unrar" process). Some of them are:

unrarLib
  • RAR file unarchiver written in C
  • Easy implementation with a header file and the source code file
  • Information Link
WinRAR
UnRAR
  • Created by Eugene Roshal for opening up RAR files only
  • May not be used to reverse engineer the RAR file format and create RAR files
  • Source code provided for people to implement/integrate methods of opening RAR files
  • Additionally, implementations of UnRAR are available for a plethora of operating systems
  • Download Link
The Unarchiver
7-Zip
  • Utility made for Windows applications to open a multitude of files, including RAR files
  • Download Link


There is a lot more software to open RAR files, but have been omitted due to redundancy.

See Also