Could checking also check for a password rar inside a rar?

Want something added? Ask for it here.
Post Reply
louisvd
Newbie
Newbie
Posts: 3
Joined: January 16th, 2013, 7:07 pm

Could checking also check for a password rar inside a rar?

Post by louisvd » January 26th, 2013, 8:39 pm

Lately I have been getting very very frustrated by files containing a rar, which contains a password protected rar and a URL to visit to "get" the password. You really don't need to waste your time trying the URL. It has warning written all over it!

Is there a way for sabnzbd to check for that before downloading all the files? Or perhaps after downloading enough to determine that there is a password protected rar inside an unprotected one?

I can send you a sample if need be.

User avatar
shypike
Administrator
Administrator
Posts: 21039
Joined: January 18th, 2008, 12:49 pm

Re: Could checking also check for a password rar inside a ra

Post by shypike » January 27th, 2013, 5:42 am

The are several detection methods already in SABnzbd, but scammers come up with
new ideas all the time.

You do need to enable the appropriate option in Config->Switches first.
If that doesn't help, email an example to [email protected]

nzbmonkey
Newbie
Newbie
Posts: 5
Joined: November 1st, 2008, 11:51 pm

Re: Could checking also check for a password rar inside a ra

Post by nzbmonkey » February 7th, 2013, 12:10 am

I would also like to chime in on this request. What Ive been seeing is a a group of RARs that NOT password protected, but the RARs inside ARE password protected. The Switch in Sabnzbd seems like it only checks the "outer" RAR file. Would be possible to add another Switch to check if there are RARs within a RAR?

User avatar
shypike
Administrator
Administrator
Posts: 21039
Joined: January 18th, 2008, 12:49 pm

Re: Could checking also check for a password rar inside a ra

Post by shypike » February 7th, 2013, 10:53 am

There's a limit to what you test on the fly.
SABnzbd detects certain patterns, but it's always possible to come up with a different way of hiding encryption.
Typically I never get an answer when I ask for examples.

bharrisau
Newbie
Newbie
Posts: 1
Joined: March 18th, 2013, 10:13 pm

Re: Could checking also check for a password rar inside a ra

Post by bharrisau » March 18th, 2013, 10:17 pm

Current detection works for most things. I just need to manually put the last rar part at the start of the queue so it can check the beginning and end for password files. Maybe there could be an option to automatically put the last rar part at the start of the queue?

User avatar
shypike
Administrator
Administrator
Posts: 21039
Joined: January 18th, 2008, 12:49 pm

Re: Could checking also check for a password rar inside a ra

Post by shypike » March 19th, 2013, 3:35 am

Encryption can be detected in all RAR segment files, so order doesn't matter.
Do you have an example that behaves different?

yukichigai
Newbie
Newbie
Posts: 8
Joined: May 5th, 2013, 10:27 pm

Re: Could checking also check for a password rar inside a ra

Post by yukichigai » May 5th, 2013, 11:11 pm

shypike wrote:Encryption can be detected in all RAR segment files, so order doesn't matter.
Do you have an example that behaves different?
This collection here does it:

http://binsearch.info/?b=game.of.throne ... 3E&max=250

Place the last segment of the rar file first and it'll detect it right off the bat. Leave the default order and it'll download 90% of it before it finds it.

rhombus
Newbie
Newbie
Posts: 2
Joined: April 10th, 2014, 6:38 am

Re: Could checking also check for a password rar inside a ra

Post by rhombus » April 10th, 2014, 6:51 am

shypike wrote:The are several detection methods already in SABnzbd, but scammers come up with new ideas all the time.
seeing how scammers will always try to confuse the software can you just add really basic check for nested rars and give us the option of what to do with them if found?

ie exactly like the existing option for dealing with encrypted rars?
off - for those that dont care and want them all downloaded
pause - for those that may need them (in which case perhaps a list of files within the rar be displayed)
abort - for those that just dont want to deal with them

you can continue to update the smart auto processing but the above "sledgehammer" options would be very helpful in the mean time

User avatar
shypike
Administrator
Administrator
Posts: 21039
Joined: January 18th, 2008, 12:49 pm

Re: Could checking also check for a password rar inside a ra

Post by shypike » April 10th, 2014, 9:58 am

How is this different from what is already in SABnzbd?
Your new idea is "really basic check for nested rars".
My experience is that such a basic test will generate lots of false positives,
without it being clear to the user what to decide.

rhombus
Newbie
Newbie
Posts: 2
Joined: April 10th, 2014, 6:38 am

Re: Could checking also check for a password rar inside a ra

Post by rhombus » April 12th, 2014, 3:05 am

shypike wrote:How is this different from what is already in SABnzbd?
the detection of nested rars may be in the code already but its not user accessible, we cant determine what happens when thats encountered (as far as i am aware)
shypike wrote:Your new idea is "really basic check for nested rars".
yes, its a simple top level check, one i presume should be fairly simple to code in considering the existing checks already being done. and the user can then determine what happens.
shypike wrote:My experience is that such a basic test will generate lots of false positives,
without it being clear to the user what to decide.
sure, understandable for people that download certain stuff, it might cause too many issues, but thats the point of making it an option - default it to off

if the majority of a users downloads end up being scams then theyll lower it to abort, if there are too many false positives then theyll turn it off.

you could even consider adding extra functionality like the encrypted rar handling where you can set the password via the job name, you could add a {{ALLOWNESTED}} override capability for those that only use it every now and then

Post Reply