Difference between revisions of "RAR"

From Forensics Wiki
Jump to: navigation, search
(2 intermediate revisions by one user not shown)
Line 1: Line 1:
RAR Archives (Roshal Archive file format) is a proprietary format for storing information created by Eugene Roshal. The format is currently handled by Alexander Roshal, Eugene's relative.
+
RAR Archives ('''R'''oshal '''AR'''chive file format) is a proprietary format for storing information created by Eugene Roshal. The format is currently handled by Alexander Roshal, Eugene's brother.
  
 
==Format==
 
==Format==
 
The file has the magic number of:
 
The file has the magic number of:
<pre>52 61 72 21 1A 07 00</pre>
+
<pre>0x 52 61 72 21 1A 07 00</pre>
 +
which is a break down of the following to describe an Archive Header:
 +
:* 0x6152 - HEAD_CRC
 +
:* 0x72 - HEAD_TYPE
 +
:* 0x1a21 - HEAD_FLAGS
 +
:* 0x0007 - HEAD_SIZE
 +
 
  
 
==Metadata==
 
==Metadata==
 +
  
  
Line 11: Line 18:
  
 
The RAR format is comprised of many sub-formats that have changed over the years. The different formats and their descriptions are as follows:
 
The RAR format is comprised of many sub-formats that have changed over the years. The different formats and their descriptions are as follows:
:*  
+
:* 1.3 (Does not have the RAR! signature)
 +
:** There is difficulty finding information regarding this sub-format. Please update if you know something.
 +
:* 1.5
 +
:** Utilizes a proprietary compression method that is not available to the public.
 +
:** Considered the root model of subsequent formats.
 +
:** A detailed list of information can be found [http://www.win-rar.com/index.php?id=24&kb_article_id=162 here].
 +
:* 2.0
 +
:** Utilizes a proprietary compression method that is not available to the public.
 +
:* 3.0
 +
:** Utilizes the [http://en.wikipedia.org/wiki/Prediction_by_Partial_Matching PPMII] and [http://en.wikipedia.org/wiki/LZ77_and_LZ78 Lempel-Ziv (LZSS)]] algorithms.
 +
:** Encryption now uses cipher block chaining (CBC) instead of Advanced Encryption Standard (AES).
 +
 
 +
 
 +
 
  
 
==Software==
 
==Software==
Line 49: Line 69:
 
:* [http://www.7-zip.org/download.html Download Link]
 
:* [http://www.7-zip.org/download.html Download Link]
  
 +
 +
There is a lot more software to open RAR files, but have been omitted due to redundancy.
 
==See Also==
 
==See Also==
 
* [http://en.wikipedia.org/wiki/RAR Wikipedia: RAR]
 
* [http://en.wikipedia.org/wiki/RAR Wikipedia: RAR]
 +
* [http://acritum.com/winrar/rar-format RAR file Format Information]
  
  
 
[[Category:File Formats]]
 
[[Category:File Formats]]

Revision as of 11:06, 3 April 2012

RAR Archives (Roshal ARchive file format) is a proprietary format for storing information created by Eugene Roshal. The format is currently handled by Alexander Roshal, Eugene's brother.

Contents

Format

The file has the magic number of:

0x 52 61 72 21 1A 07 00

which is a break down of the following to describe an Archive Header:

  • 0x6152 - HEAD_CRC
  • 0x72 - HEAD_TYPE
  • 0x1a21 - HEAD_FLAGS
  • 0x0007 - HEAD_SIZE


Metadata

Sub-formats

The RAR format is comprised of many sub-formats that have changed over the years. The different formats and their descriptions are as follows:

  • 1.3 (Does not have the RAR! signature)
    • There is difficulty finding information regarding this sub-format. Please update if you know something.
  • 1.5
    • Utilizes a proprietary compression method that is not available to the public.
    • Considered the root model of subsequent formats.
    • A detailed list of information can be found here.
  • 2.0
    • Utilizes a proprietary compression method that is not available to the public.
  • 3.0
    • Utilizes the PPMII and Lempel-Ziv (LZSS)] algorithms.
    • Encryption now uses cipher block chaining (CBC) instead of Advanced Encryption Standard (AES).



Software

This only way to create a RAR file is using the Winrar software. There are several implementations of the process to open a RAR file (commonly known as the "unrar" process). Some of them are:

unrarLib
  • RAR file unarchiver written in C
  • Easy implementation with a header file and the source code file
  • Information Link
WinRAR
UnRAR
  • Created by Eugene Roshal for opening up RAR files only
  • May not be used to reverse engineer the RAR file format and create RAR files
  • Source code provided for people to implement/integrate methods of opening RAR files
  • Additionally, implementations of UnRAR are available for a plethora of operating systems
  • Download Link
The Unarchiver
7-Zip
  • Utility made for Windows applications to open a multitude of files, including RAR files
  • Download Link


There is a lot more software to open RAR files, but have been omitted due to redundancy.

See Also