ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between revisions of "RAR"

From ForensicsWiki
Jump to: navigation, search
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
RAR Archives (Roshal Archive file format) is a proprietary format for storing information created by Eugene Roshal. The format is currently handled by Alexander Roshal, Eugene's relative.
+
RAR Archives ('''R'''oshal '''AR'''chive file format) is a proprietary format for storing information created by Eugene Roshal. The format is currently handled by Alexander Roshal, Eugene's brother.
  
 
==Format==
 
==Format==
 
The file has the magic number of:
 
The file has the magic number of:
<pre>52 61 72 21 1A 07 00</pre>
+
<pre>0x 52 61 72 21 1A 07 00</pre>
 +
which is a break down of the following to describe an Archive Header:
 +
:* 0x6152 - HEAD_CRC
 +
:* 0x72 - HEAD_TYPE
 +
:* 0x1a21 - HEAD_FLAGS
 +
:* 0x0007 - HEAD_SIZE
 +
 
  
 
==Metadata==
 
==Metadata==
 +
  
  
Line 11: Line 18:
  
 
The RAR format is comprised of many sub-formats that have changed over the years. The different formats and their descriptions are as follows:
 
The RAR format is comprised of many sub-formats that have changed over the years. The different formats and their descriptions are as follows:
:*  
+
:* 1.3 (Does not have the RAR! signature)
 +
:** There is difficulty finding information regarding this sub-format. Please update if you know something.
 +
:* 1.5
 +
:** Utilizes a proprietary compression method that is not available to the public.
 +
:** Considered the root model of subsequent formats.
 +
:** A detailed list of information can be found [http://www.win-rar.com/index.php?id=24&kb_article_id=162 here].
 +
:* 2.0
 +
:** Utilizes a proprietary compression method that is not available to the public.
 +
:* 3.0
 +
:** Utilizes the [http://en.wikipedia.org/wiki/Prediction_by_Partial_Matching PPMII] and [http://en.wikipedia.org/wiki/LZ77_and_LZ78 Lempel-Ziv (LZSS)]] algorithms.
 +
:** Encryption now uses cipher block chaining (CBC) instead of Advanced Encryption Standard (AES).
 +
 
 +
 
 +
 
  
 
==Software==
 
==Software==
Line 49: Line 69:
 
:* [http://www.7-zip.org/download.html Download Link]
 
:* [http://www.7-zip.org/download.html Download Link]
  
 +
 +
There is a lot more software to open RAR files, but have been omitted due to redundancy.
 
==See Also==
 
==See Also==
 
* [http://en.wikipedia.org/wiki/RAR Wikipedia: RAR]
 
* [http://en.wikipedia.org/wiki/RAR Wikipedia: RAR]
 +
* [http://acritum.com/winrar/rar-format RAR file Format Information]
  
  
 
[[Category:File Formats]]
 
[[Category:File Formats]]

Revision as of 16:06, 3 April 2012

RAR Archives (Roshal ARchive file format) is a proprietary format for storing information created by Eugene Roshal. The format is currently handled by Alexander Roshal, Eugene's brother.

Format

The file has the magic number of:

0x 52 61 72 21 1A 07 00

which is a break down of the following to describe an Archive Header:

  • 0x6152 - HEAD_CRC
  • 0x72 - HEAD_TYPE
  • 0x1a21 - HEAD_FLAGS
  • 0x0007 - HEAD_SIZE


Metadata

Sub-formats

The RAR format is comprised of many sub-formats that have changed over the years. The different formats and their descriptions are as follows:

  • 1.3 (Does not have the RAR! signature)
    • There is difficulty finding information regarding this sub-format. Please update if you know something.
  • 1.5
    • Utilizes a proprietary compression method that is not available to the public.
    • Considered the root model of subsequent formats.
    • A detailed list of information can be found here.
  • 2.0
    • Utilizes a proprietary compression method that is not available to the public.
  • 3.0
    • Utilizes the PPMII and Lempel-Ziv (LZSS)] algorithms.
    • Encryption now uses cipher block chaining (CBC) instead of Advanced Encryption Standard (AES).



Software

This only way to create a RAR file is using the Winrar software. There are several implementations of the process to open a RAR file (commonly known as the "unrar" process). Some of them are:

unrarLib
  • RAR file unarchiver written in C
  • Easy implementation with a header file and the source code file
  • Information Link
WinRAR
UnRAR
  • Created by Eugene Roshal for opening up RAR files only
  • May not be used to reverse engineer the RAR file format and create RAR files
  • Source code provided for people to implement/integrate methods of opening RAR files
  • Additionally, implementations of UnRAR are available for a plethora of operating systems
  • Download Link
The Unarchiver
7-Zip
  • Utility made for Windows applications to open a multitude of files, including RAR files
  • Download Link


There is a lot more software to open RAR files, but have been omitted due to redundancy.

See Also