archive – Cerbero Blog

ACE Format Package

We are happy to announce support for the ACE archive format in Cerbero Suite. The new ACE Format package lets you inspect and extract ACE archives directly within the application, including password-protected and solid archives.

ACE is a compression format that was widely popular in the late 1990s and early 2000s. While largely superseded by more modern formats, ACE files still appear regularly in malware analysis and digital forensics investigations. Having native support in Cerbero Suite means analysts no longer need to rely on external tools to inspect these archives.

ASAR Format Package

We’ve released the ASAR Format package, which adds support for the Atom Shell Archive Format, which is a lightweight archive format primarily used in Electron applications.

RPM Format Package

We have released the RPM Format package for all licenses of Cerbero Suite.

The RPM Package Manager (RPM) format is a package management system used primarily in Red Hat-based Linux distributions, including Fedora and CentOS. It is utilized for managing the installation, update, and removal of software on Linux systems. An RPM file contains the software itself, along with metadata about the software such as its version, dependencies, and instructions for installation. This format streamlines the process of software management, providing a standardized approach to handling packages on Linux platforms.

Continue reading “RPM Format Package”

AR Format Package

We have released the AR Format package for all licenses of Cerbero Suite.

The AR archive format, originally devised for Unix systems, serves as a straightforward file archiving tool, combining multiple files into a single archive without inherent compression. It’s primarily used in Unix-like environments for storing static libraries (‘.a’ files), and is also a key component in the structure of DEB packages for Debian-based Linux distributions. Furthermore, the AR format finds its application in the Windows operating system as well, where it is used for ‘.lib’ files.

Continue reading “AR Format Package”

XAR Format Package

We have released the XAR Format package for all licenses of Cerbero Suite.

XAR (eXtensible ARchive format) is an archive file format which is used for software installation routines in macOS as well as browser extensions in Safari.

Continue reading “XAR Format Package”

RAR Format Package

We have released the RAR Format package for all licenses of Cerbero Suite.

The support includes encrypted archives and the inspection of the format structures.

Continue reading “RAR Format Package”

TAR Format Package

We have released the “TAR Format” package for all licenses of Cerbero Suite Standard and Advanced.

The package is also exposed to the SDK:

from Pro.Core import *
from Pkg.TAR import *

def parseTARArchive(fname):
    c = createContainerFromFile(fname)
    if c.isNull():
        return
    obj = TARObject()
    if not obj.Load(c) or not obj.ParseArchive():
        return
    curoffs = None
    while True:
        entry, curoffs = obj.NextEntry(curoffs)
        if entry == None:
            break
        # skip directories
        if obj.IsDirectory(entry):
            continue
        print("file name:", entry.name, "file offset:", str(entry.offset_data), "file size:", str(entry.size))
        # retrieves the file data as NTContainer
        fc = obj.GetEntryData(entry)

Damaged Zip archive (video)

In this video we can see how to inspect a damaged Zip archive using the Profiler in a real-world scenario. Although soon the automatic recovery of damaged Zip archives will be available and it will be possible to perform this sort of task programmatically, it’s still useful to see how to do this kind of thing manually.