Solution for passworded downloads

B@z · Post by **B@z** » Mon Mar 15, 2010 8:07 pm

Please all, help think of the best way to attack the passworded-rar-in-download problem.

This seems a new wat to spead mallware and receive ad fundings, but sure is annoying.

I thought something like to open file after the first few rar's have downloaded to review the contents.
But a better solution would be some sort of nuke system where if more than x nukes the post will be filtered. I don't know how this extends to newsgroup policy.

But the bottom line must be, this has to stop. So help brainstorm for the best (long term) solution.

Digitoxin · Post by **Digitoxin** » Sun Aug 29, 2010 10:43 am

Seems like there should be a way to analyze the rar file and abort as soon as Newsleecher is able to detect that is is password protected. This could also be extended to a content filter that can scan within the rar file to get rid of downloads containing files with extensions like .avi.exe

Downstream · Post by **Downstream** » Sat Oct 02, 2010 3:41 pm

Some free .nzb sites mark hits with "password protected".
But they are not failproof.

https://bugs.launchpad.net/sabnzbd/+bug/562296
I want to add if the header of the first RAR is corrupted this test can give false results.

===========================
Sorry, that is not true. It is true that WinRAR can not distinguish between password protected data and corrupted data based on the data and the checksum alone, but the RAR format has a flag for password protected files in the header, this is the way the software knows when to prompt the user for a password.
Password protected files can usually be detected by just having the first MESSAGE PART of the first .rar file, like this:
The following is some code I have used for another project:
$data is the first n bytes of a RAR archive file.
$rar=unpack('H14header/H6junk/S1encrypted', $data);
if ($rar['header']!='526172211a0700') {
output('Not a RAR archive: '.$filename.' - header is '.$rar['header']);
}
if ($rar['encrypted'] & 128) {
output('Encrypted archive!');
$encrypted=true;
} else {
$file=tempnam('/tmp','unrar-test-file');
file_put_contents($file, $data);
exec('unrar lt -ep -c- -id -r -kb -p- '.$file, $output);
unlink($file);
foreach ($output as $line) if (substr($line,0,1)=='*') $encrypted=true;
if ($encrypted) {
output('Encrypted file in archive!');
}
}

Downstream · Post by **Downstream** » Sat Oct 02, 2010 3:55 pm

Anyone got a similar header check for .wmv files?

deedubb · Post by **deedubb** » Sat Oct 02, 2010 5:19 pm

I would love to see this feature

tygrys · Post by **tygrys** » Tue Nov 23, 2010 7:01 pm

One way is to download the first rar and open it..can be annoying but I find it easier then downloading the whole thing lol

Downstream · Post by **Downstream** » Tue Nov 23, 2010 7:23 pm

tygrys wrote:One way is to download the first rar and open it..can be annoying but I find it easier then downloading the whole thing lol

NL could/should do that.

B@z · Post by **B@z** » Thu Nov 25, 2010 8:37 pm

Downstream wrote:NL could/should do that.

Agreed, and thanks tygrys for bumping this up again.

This should not be that hard to implement.

Could a NL developer/admin/mod at least say if this is on the roadmap?

Post by **Spiril** » Sat Nov 27, 2010 11:46 am

A feature that prevents NewsLeecher from downloading RAR-in-RAR sets is on the roadmap for NewsLeecher V4.1 or NewsLeecher V5.0.

Malignant · Post by **Malignant** » Mon Dec 13, 2010 7:16 pm

Is it also possible to enter a password in R&E ?

I.E.

Right click on a set and have the option to "Set extraction password" ?

This way NL can cope with PW protected files.

BlizzardUK · Post by **BlizzardUK** » Sat Feb 26, 2011 6:57 pm

That feature of stopping rar in rar downloads sounds great. These people uploading all these passworded files must be making money, but surely after a while people should have learnt just to bin them and not go to the site they send you to.

Just a handy little tip, always download the LAST rar file and not the first one, the last one is usually not only much smaller than the first, but also the one that contains the password.txt file.

Also perhaps there is a way to use http://www.mysterbin.com software within the supersearch ?

Lazruss66 · Post by **Lazruss66** » Wed Mar 02, 2011 5:33 am

Spiril wrote:A feature that prevents NewsLeecher from downloading RAR-in-RAR sets is on the roadmap for NewsLeecher V4.1 or NewsLeecher V5.0.

So does the 5.0 beta contain this? REALLY tired of downloading crap or having to download what I dont need so that I can view what is inside. A preview feature would be the bomb.

Thanks

dlmvegas · Post by **dlmvegas** » Fri Mar 11, 2011 2:52 am

There is only one retard that is doing most, if not all of the passworded crap on the news servers. DO NOT WASTE YOUR TIME DOWNLOADING ANYTHING POSTED BY [b]Yenc-PP-A&A[/b]. Movies by this scum are showing up primarily in A.B.Movies group. I have seen some in other groups by this same scum bag.

Makes you wish there were group monitors out there that could just filter out or have an auto delete for certain poster's files.

highwaykind · Post by **highwaykind** » Mon Mar 14, 2011 1:23 pm

I would LOVE a 'passworded' alert too!
binsearch and other have this, so I hope NL can mark passworded posts a certain color (grey them out? red?)

Blocking the Yenc-PP-A&A poster does NOT work - it's what Yenc defaults to so this will mean you also block good posts..

mrpopo · Post by **mrpopo** » Wed Apr 13, 2011 4:59 pm

I would love the ability to add a password to a download.

So if I download something of which I know the password. I would like to enter this password for that specific download so NL can download and unrar it when done downloading / repairing.