SabreTools/BinaryObjectScanner
1
0
Fork 0
mirror of https://github.com/SabreTools/BinaryObjectScanner.git synced 2026-04-21 21:54:13 +00:00
Code Issues 295 Packages Projects Releases 20 Wiki Activity

Add encrypted Link Data Security file detection (#223)

Browse Source 
* Add encrypted Link Data Security file (LDSCRYPT) detection.

* Update CD-Cops notes.
This commit is contained in:
TheRogueArchivist
2023-01-05 15:55:21 -07:00
committed by GitHub
parent dc53ebd378
commit aff43b7625
6 changed files with 78 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
BurnOutSharp/Enums.cs
View File

@@ -55,6 +55,11 @@
/// </summary>
InstallShieldCAB,
/// <summary>
/// Link Data Security encrypted file
/// </summary>
LDSCRYPT,
/// <summary>
/// Microsoft cabinet file
/// </summary>

49
BurnOutSharp/FileType/LDSCRYPT.cs Normal file
View File

@@ -0,0 +1,49 @@
using System;
using System.Collections.Concurrent;
using System.IO;
using BurnOutSharp.Interfaces;
using static BurnOutSharp.Utilities.Dictionary;
namespace BurnOutSharp.FileType
{
/// <summary>
/// Link Data Security encrypted file
/// </summary>
public class LDSCRYPT : IScannable
{
/// <inheritdoc/>
public ConcurrentDictionary<string, ConcurrentQueue<string>> Scan(Scanner scanner, string file)
{
if (!File.Exists(file))
return null;
using (var fs = File.Open(file, FileMode.Open, FileAccess.Read, FileShare.Read))
{
return Scan(scanner, fs, file);
}
}
/// <inheritdoc/>
public ConcurrentDictionary<string, ConcurrentQueue<string>> Scan(Scanner scanner, Stream stream, string file)
{
var protections = new ConcurrentDictionary<string, ConcurrentQueue<string>>();
try
{
byte[] magic = new byte[16];
stream.Read(magic, 0, 16);
if (Tools.Utilities.GetFileType(magic) == SupportedFileType.LDSCRYPT)
{
AppendToDictionary(protections, file, "Link Data Security encrypted file");
return protections;
}
}
catch (Exception ex)
{
if (scanner.IncludeDebug) Console.WriteLine(ex);
}
return null;
}
}
}

8
BurnOutSharp/ProtectionType/CDDVDCops.cs
View File

@@ -16,6 +16,8 @@ namespace BurnOutSharp.ProtectionType
// Embedded PKZIP archive that may contain the CD-Cops files
// `CDCOPS.DLL` (1.46) / `CDCOPS.DLL` (1.48)
// `WINCOPS.INI`
// Samples of CD-Cops can be found in IA items "der-brockhaus-multimedial-2002-premium" and "der-brockhaus-multimedial-2003-premium".
// A sample of CD-Cops that makes use of encrypted PDFs (LDSCRYPT) can be found in IA item "Faculty_Edition_People_Problems_and_Power_by_Joseph_Unekis_Textbytes".
public class CDDVDCops : IContentCheck, INewExecutableCheck, IPathCheck, IPortableExecutableCheck
{
/// <inheritdoc/>
@@ -121,6 +123,9 @@ namespace BurnOutSharp.ProtectionType
// TODO: Original had "CDCOPS.DLL" required and all the rest in a combined OR
var matchers = new List<PathMatchSet>
{
// A 400+ MB file called "WASTE.DAT" that is fully 00 padded can be found in IA item "Faculty_Edition_People_Problems_and_Power_by_Joseph_Unekis_Textbytes".
// Presumably used to increase the amount of data written to the disc to allow DPM checking to be used for the protection. It's unknown if this file is used on any other protected discs.
// Found in Redump entry 84517
new PathMatchSet(new PathMatch("CDCOPS.DLL", useEndsWith: true), "CD-Cops"),
new PathMatchSet(new PathMatch(".W_X", matchExact: true, useEndsWith: true), "CD-Cops"),
@@ -138,6 +143,9 @@ namespace BurnOutSharp.ProtectionType
{
var matchers = new List<PathMatchSet>
{
// A 400+ MB file called "WASTE.DAT" that is fully 00 padded can be found in IA item "Faculty_Edition_People_Problems_and_Power_by_Joseph_Unekis_Textbytes".
// Presumably used to increase the amount of data written to the disc to allow DPM checking to be used for the protection. It's unknown if this file is used on any other protected discs.
// Found in Redump entry 84517
new PathMatchSet(new PathMatch("CDCOPS.DLL", useEndsWith: true), "CD-Cops"),
new PathMatchSet(new PathMatch(".W_X", matchExact: true, useEndsWith: true), "CD-Cops"),

7
BurnOutSharp/Scanner.cs
View File

@@ -359,6 +359,13 @@ namespace BurnOutSharp
AppendToDictionary(protections, subProtections);
}
// LDSCRYPT
if (scannable is LDSCRYPT)
{
var subProtections = scannable.Scan(this, stream, fileName);
AppendToDictionary(protections, subProtections);
}
// PLJ
if (scannable is PLJ)
{

8
BurnOutSharp/Tools/Utilities.cs
View File

@@ -113,6 +113,13 @@ namespace BurnOutSharp.Tools
#endregion
#region LDSCRYPT
if (magic.StartsWith(new byte?[] { 0x4C, 0x44, 0x53, 0x43, 0x52, 0x59, 0x50, 0x54 }))
return SupportedFileType.LDSCRYPT;
#endregion
#region MicrosoftCAB
if (magic.StartsWith(new byte?[] { 0x4d, 0x53, 0x43, 0x46 }))
@@ -659,6 +666,7 @@ namespace BurnOutSharp.Tools
//case FileTypes.IniFile: return new FileType.IniFile();
case SupportedFileType.InstallShieldArchiveV3: return new FileType.InstallShieldArchiveV3();
case SupportedFileType.InstallShieldCAB: return new FileType.InstallShieldCAB();
case SupportedFileType.LDSCRYPT: return new FileType.LDSCRYPT();
case SupportedFileType.MicrosoftCAB: return new FileType.MicrosoftCAB();
case SupportedFileType.MicrosoftLZ: return new FileType.MicrosoftLZ();
case SupportedFileType.MPQ: return new FileType.MPQ();

1
README.md
View File

@@ -161,6 +161,7 @@ Below is a list of container formats that are supported in some way:
| InstallShield Archive V3 (Z) | No | Yes | Yes | Via `UnshieldSharp` |
| InstallShield CAB | No | Yes | Yes | Via `UnshieldSharp` |
| Linear Executable | No | No | No | Skeleton only |
| Link Data Security encrypted file | No | Yes | No | |
| Microsoft cabinet file | Yes | Yes | Yes | |
| Microsoft LZ-compressed files | No | Yes | Yes | |
| MoPaQ game data archive (MPQ) | No | Yes | Yes | Via `StormLibSharp` |