Return Styles: Pseud0ch, Terminal, Valhalla, NES, Geocities, Blue Moon. Entire thread

Testing an image directory for hidden rars?

Name: Anonymous 2007-12-16 12:30

How would someone go about quickly testing each and every image to see if it had a rar or any other file hidden inside of it? What language would be best for doing this, if a tool isn't already available?

Name: Anonymous 2007-12-16 12:36

bash

Name: Anonymous 2007-12-16 12:36

Actually, bash + cat is all I say.

Name: Anonymous 2007-12-16 12:57

So, cat each image file and search for "Rar!" " (something like e that)

It looks that that's the header for each rar file. I'm thinking of searching each image file to find the telltale .Rar header, but .rar files aren't the only thing that someone could put in a file.

Writing a script to look for all possible files that could be put in is quite unnecessary and tedious. The optimal way to do this would be if I knew what part of my images were necessary/not junk, and then I could just extract the remaining part, regardless of what file format it was. Too bad I have no idea how to do that as of yet.

This is gonna take so long...

Name: Anonymous 2007-12-16 13:02


strings file | grep 'Rar!'
is quick enough, no need to over-engineer things.

Name: Anonymous 2007-12-16 13:06

thanks i actually came back to post that i found that out

grep 'Rar!' *.jpg tells me exactly what i want. bash is so fucking  useful. :)

strings doesn't work though. I'm using cygwin on windows, maybe thats why.

Name: Anonymous 2007-12-16 13:24

>>6
That's not bash, that's grep along with standard globbing.

No bash-specific features.

strings is for strings in binaries, it's not supposed to be used for this.

Name: Anonymous 2007-12-16 13:28

>>7
rar archives are binary files too, although not executable.

Name: Anonymous 2007-12-16 13:38

>>8
ASCII text files are binary too, so what?  I am talking about ``binaries,'' the term used exclusively for executable files (I should have mentioned libraries as well, and perhaps object files).

Name: Anonymous 2007-12-16 14:46

Stenographed RARs?

Iterate over all of the images with steghide

Name: Anonymous 2007-12-16 19:57

>>10
Re-read the thread then kill yourself.

Name: Anonymous 2007-12-17 1:36

>>11
Why?

You want to find RAR files inside Image files....

Name: Anonymous 2007-12-17 4:55

>>12 just killed himself

Name: Anonymous 2007-12-17 6:07

See http://www.jpeg.org/public/jfif.pdf - use it to write a program that determines what the size of the file should be. If the file is larger than that, then there is the hidden data.

Name: Anonymous 2007-12-17 7:56

>>14
THATS OMG HARD TO DO!!!1!11

Name: Anonymous 2007-12-17 8:03

I enjoy Haskell.

Name: Anonymous 2007-12-17 8:03

Greatly.

Name: Anonymous 2007-12-17 10:08

>>16
>>17
fck u

Name: Anonymous 2007-12-17 10:14

>>18
Don't you enjoy Haskell greatly?

Name: Anonymous 2007-12-17 12:37

>>18 here, I would enjoy Haskell if my brain was advanced enough to understand it. Alas, this is not the case, so all I can do is attack it with silly arguments and pretend C is the best language ever, in order to hide my stupidity.

Name: Anonymous 2007-12-17 16:35

>>20 here also im gay lolololol

Name: Anonymous 2007-12-17 20:47

>>19
no, It's crap, impossible to do anything and monads a just a hack to get mutable state, obviously you should just use C for everything since thats a real language people get things DONE with.

Name: Anonymous 2007-12-17 22:18

I actually suspect >>18 and >>20 are actually two separate humans.

Name: Anonymous 2007-12-17 22:23

>>22
do you even understand monads?

Name: Anonymous 2007-12-17 22:35

>>24
Do you even understand C?

Name: Anonymous 2007-12-18 1:34

>>25
Do you even understand understanding?

Name: Anonymous 2007-12-18 1:58

GetFileSize

Name: Anonymous 2007-12-18 2:34

>>26
Do you stand under even ing?

Name: Anonymous 2007-12-18 18:58

Fatal error! Message could not be posted.

Please post threads less often!

Name: Anonymous 2007-12-19 16:01

Just check whether the last two bytes are FFD9h. If not, something was appended to it.

Name: Anonymous 2007-12-19 19:22

for a in *; do cat $a | grep "RAR"; done

Name: Anonymous 2007-12-19 19:26

>>31
Doesn't work for encrypted rar files.

Name: Anonymous 2007-12-20 4:24

>>31

Too much work. just do:
for a in *; do grep RAR $a; done

Name: Anonymous 2007-12-20 5:36

>>32
If a RAR in an image is encrypted and you need a script to find out about it, chances are you won't know the password anyway.

Name: Anonymous 2007-12-20 7:45

>>30
That will fail if a JPG was appended to it.

Name: Anonymous 2007-12-20 14:02

>>35
Nobody does that, because there would be no easy way to view the second JPEG.

Name: Anonymous 2007-12-20 16:22

>>36
of course there is, just rename it to .jpg and open it. dumbass.

Name: Anonymous 2008-01-03 13:01

so with cygwin after downloading it do I just type in grep 'Rar!' *.jpg and its suppose to pull it up ? because its not working for me it tells me grep: *.jpg: No such file or directory.

Name: Anonymous 2008-01-03 13:12

>>38
Make sure you're using the actual cygwin shell and just cmd.exe

Name: Anonymous 2008-01-03 13:21

when I open it, it bring up a cmd.exe
says something about mkpasswd
Newer Posts
Don't change these.
Name: Email:
Entire Thread Thread List
All trademarks and copyrights on this site are owned by their respective parties. All comments and posts are the responsibility of their own posters.
- Tinychan + 2ch Mode -