SabreTools/BinaryObjectScanner
1
0
Fork 0
mirror of https://github.com/SabreTools/BinaryObjectScanner.git synced 2026-05-06 20:43:44 +00:00
Code Issues 295 Packages Projects Releases 20 Wiki Activity

Initial addition of Rainbow Sentinel (#166)

Browse Source 
* Initial addition of Rainbow Sentinel

* Basic detection based off of one sample, no specific research/notes.

* Update README.

* Add additional sample sources for Rainbow Sentinel

* Add additional sample sources for Rainbow Sentinel, with no new functionality.

* Add Rainbow Sentinel text checks

* Add Rainbow Sentinel text checks.
This commit is contained in:
TheRogueArchivist
2022-11-06 22:03:23 -07:00
committed by GitHub
parent 703a132a61
commit e05ec3bcee
3 changed files with 182 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
BurnOutSharp/FileType/Textfile.cs
View File

@@ -43,6 +43,14 @@ namespace BurnOutSharp.FileType
if (magic.StartsWith(new byte?[] { 0x61, 0x4C, 0x75, 0x5A }))
return true;
// Windows Help File
if (magic.StartsWith(new byte?[] { 0x3F, 0x5F, 0x03, 0x00 }))
return true;
// Setup information
if (string.Equals(extension?.TrimStart('.'), "inf", StringComparison.OrdinalIgnoreCase))
return true;
// InstallShield Script
if (string.Equals(extension?.TrimStart('.'), "ins", StringComparison.OrdinalIgnoreCase))
return true;
@@ -118,6 +126,15 @@ namespace BurnOutSharp.FileType
if (fileContent.Contains("phenoProtect"))
Utilities.AppendToDictionary(protections, file, "phenoProtect");
// Rainbow Sentinel
// Found in "SENTW95.HLP" and "SENTINEL.HLP" in BA entry "Autodesk AutoCAD LT 98 (1998) (CD) [English] [Dutch]".
if (fileContent.Contains("Rainbow Sentinel Driver Help"))
Utilities.AppendToDictionary(protections, file, "Rainbow Sentinel");
// Found in "OEMSETUP.INF" in BA entry "Autodesk AutoCAD LT 98 (1998) (CD) [English] [Dutch]".
if (fileContent.Contains("Sentinel Driver Disk"))
Utilities.AppendToDictionary(protections, file, "Rainbow Sentinel");
// The full line from a sample is as follows:
//
// The files securom_v7_01.dat and securom_v7_01.bak have been created during the installation of a SecuROM protected application.