search

DFIR-ORC / dfir-orc

Forensics artefact collection tool for systems running Microsoft Windows
https://dfir-orc.github.io
GNU Lesser General Public License v2.1
388 stars 42 forks source link

7zip compressor issue with v10.0.22 #55

Closed amaulave closed 2 years ago

amaulave commented 2 years ago

Hello,

Following fix on issue #49 I downloaded 10.0.22 release and unfortunately I still have an error when I tried to extract the archive with py7zr:

$ py7zr x Collect_Full_DESKTOP-S3MCBR3_20211202_181230_System.7z out
Traceback (most recent call last):
  File "/usr/local/bin/py7zr", line 8, in <module>
    sys.exit(main())
  File "/home/user/.local/lib/python3.8/site-packages/py7zr/__main__.py", line 25, in main
    return cli.Cli().run()
  File "/home/user/.local/lib/python3.8/site-packages/py7zr/cli.py", line 99, in run
    return args.func(args)
  File "/home/user/.local/lib/python3.8/site-packages/py7zr/cli.py", line 356, in run_extract
    a.extractall(path=args.odir, callback=cb)
  File "/home/user/.local/lib/python3.8/site-packages/py7zr/py7zr.py", line 948, in extractall
    self._extract(path=path, return_dict=False, callback=callback)
  File "/home/user/.local/lib/python3.8/site-packages/py7zr/py7zr.py", line 604, in _extract
    self.worker.extract(
  File "/home/user/.local/lib/python3.8/site-packages/py7zr/py7zr.py", line 1198, in extract
    if not any([self.target_filepath.get(f.id, None) for f in folders[i].files]):
TypeError: 'NoneType' object is not iterable

$ py7zr t Collect_Full_DESKTOP-S3MCBR3_20211202_181230_System.7z
Testing archive: Collect_Full_DESKTOP-S3MCBR3_20211202_181230_System.7z
--
Path = Collect_Full_DESKTOP-S3MCBR3_20211202_181230_System.7z
Type = 7z
Phisical Size = 173442461
Headers Size = 1108
Method = LZMA2
Solid = +
Blocks = 44

Bad 7zip file

If I uncompress then recompress the archive using 7-Zip tool without modification to files, the new archive can be proceed without issues:

$ py7zr t Collect_Full_DESKTOP-S3MCBR3_20211202_181230_System_repaired.7z
Testing archive: Collect_Full_DESKTOP-S3MCBR3_20211202_181230_System_repaired.7z
--
Path = Collect_Full_DESKTOP-S3MCBR3_20211202_181230_System_repaired.7z
Type = 7z
Phisical Size = 173337431
Headers Size = 1004
Method = LZMA2
Solid = +
Blocks = 1

Everything is Ok

$ py7zr x Collect_Full_DESKTOP-S3MCBR3_20211202_181230_System_repaired.7z out2
$ echo $?
0

Sample and configuration are available here: https://e1.pcloud.link/publink/show?code=XZQWkFZciR11eziyhJxn3IfHQYxoSWRGuyy

Regards

sc-anssi commented 2 years ago

Hi, We are currently testing a potential fix for this problem. We'll keep you updated. Regards

fabienfl-orc commented 2 years ago

This is published with 10.0.23, I hope it will fix your issues with py7z. I tested with multiple archives using Ubuntu 20.04, py7zr 0.17.2, Python 3.8.10.