Add hash check for RipGuard (#252)

* Add hash check for RipGuard * Make sure the file exists before trying to hash it * It's the safety dance
2026-02-14 05:36:07 +00:00 · 2023-05-14 13:45:30 -06:00
parent a8c759be55
commit adcf9ee27e
1 changed files with 22 additions and 2 deletions
--- a/BinaryObjectScanner.Protection/Macrovision.RipGuard.cs
+++ b/BinaryObjectScanner.Protection/Macrovision.RipGuard.cs
@@ -1,10 +1,10 @@
 using System;
 using System.Collections.Concurrent;
 using System.Collections.Generic;
-using System.Linq;
-using System.Text;
+using System.IO;
 using BinaryObjectScanner.Matching;
 using BinaryObjectScanner.Wrappers;
+using static BinaryObjectScanner.Utilities.Hashing;

 namespace BinaryObjectScanner.Protection
 {
@@ -14,6 +14,7 @@ namespace BinaryObjectScanner.Protection
    /// Discs known to have it: 
    /// https://forum.redfox.bz/threads/resolved-installs-rootkit-black-lagoon-vol-2-3-region-1.29660/
    /// https://forum.redfox.bz/threads/resolved-one-on-one-with-tony-horton-vol2-disc3.33901/
+    /// https://moral.net.au/writing/2015/10/10/backing_up_dvds/
    /// </summary>
    public partial class Macrovision
    {
@@ -35,6 +36,25 @@ namespace BinaryObjectScanner.Protection
            if (name?.Equals("rgasdev", StringComparison.OrdinalIgnoreCase) == true)
                return "RipGuard";

+            if (!string.IsNullOrWhiteSpace(file) && File.Exists(file))
+            {
+                try
+                {
+                    FileInfo fi = new FileInfo(file);
+
+                    // So far, every seemingly-randomly named EXE on RipGuard discs have a consistent hash.
+                    if (fi.Length == 49_152)
+                    {
+                        string sha1 = GetFileSHA1(file);
+                        if (sha1 == "6A7B8545800E0AB252773A8CD0A2185CA2497938")
+                            return "RipGuard";
+                    }
+                }
+                catch
+                {
+                }
+            }
+
            return null;
        }