Follow

TIL WinRAR had support for RarVM, a special VM which would execute code the archive included.
The original thought was to incorporate newer compression algorithms without breaking backward or forward compatibility.
RAR dropped support for it in newer versions, but its still widely deployed and fully RE'd (just search for RarVM).
You could in theory use it to generate data as well, such as for looping videos or other interesting exploits.
Given Spectre, maybe its a good thing it got dropped.

@lynne
You could probably use it.to.mess with antiviruses by generating infinite archives, right?

@wolf480pl Don't know the specifics of rar archives but I don't think so, On Windows programs generally handle OOM, and you have to output at some point to generate OOM. You could hold the thread in an infinite loop, but it would be crazy for an antivirus program to not use a separate process or a thread in a sandbox.
But then again, its Windows, so anything goes.

Sign in to participate in the conversation
Parsee

A Mastodon instance for people interested in multimedia, codecs, assembly, SIMD, and the occasional weeb stuff.