[CDG5] Random questions
Daniel B-J
danielbj314 at verizon.net
Thu Nov 29 06:16:02 AWST 2018
Wow. This looks like such a big security flaw.
Compression resources are code that can be run inside a resource file.
Resources can be marked 'preload', which makes them run when the file is open.
Some files, such as the Desktop Database or any file with a custom icon, can be opened by the Finder automatically under certain circumstances.
I'm pretty sure I could make a file that has code within it that gets run as soon as the disk is inserted.
As another fun trick, what happens if a 'dcmp' is marked compressed and says it gets decompressed by itself? Endless loop ending in a stack overflow? File of crash?
> On Nov 28, 2018, at 9:44 AM, Jason Duerstock <jason.duerstock at gmail.com> wrote:
>
> I haven't found a whole lot about resource compression so far, but
> there is this:
>
> http://preserve.mactech.com/articles/mactech/Vol.09/09.01/ResCompression/index.html
>
> Surprisingly, there is also this tidbit from:
> http://preserve.mactech.com/articles/mactech/Vol.12/12.08/OS8Checklist/index.html
>
> "9. Don’t use compressed resources. Resources which are decompressed
> with the undocumented “dcmp” mechanism in System 7 will not be
> compatible with Mac OS 8. Resources which are compressed with other
> third-party mechanisms such as Application VISE will continue to
> work."
>
> Considering they're still being used in OS 9, I don't know what to
> think of that other than "huh?".
>
> The following files detail the "Donn" and "Greggy" codecs:
>
> https://github.com/elliotnunn/CubeE/blob/master/Patches/GreggyBitsDefProc.a
> https://github.com/elliotnunn/CubeE/blob/master/Patches/DeCompressDefProc.a
>
> I can try to make a Python decompress for the above if you want.
>
> Jason
>
> On Tue, Nov 27, 2018 at 10:00 PM Elliot Nunn <elliotnunn at fastmail.com> wrote:
>>
>> 1. The Classic file seems to act as a System Enabler ("Gibbly").
>>
>> 2. Hadn't seen that new Lua port -- very cool! I wonder if MPW could
>> eventually be persuaded to run binary Tools reentrantly. It would
>> obviate a lot of MPW Shell hackery.
>>
>> Sadly I had trouble ever getting ToolDaemon to work. My workaround
>> for a while was to SSH into a Tiger machine and send an Apple Event
>> to ToolServer from there.
>>
>> 3. I have briefly looked into the on-disk encoding of compressed
>> resources, in order to prevent
>> [SimpleDeRez](https://pypi.org/project/macresources/) from choking on
>> them. The scheme seems to rely on executable resources in the same
>> file, and I'm naturally not keen to emulate those. But if you have
>> some docs on the common format(s), then I am all ears!
>>
>> Bin-patching compressed resources for BuildCubeE has been
>> frustrating. So far I have just opened them in ResEdit for
>> decompression.
>>
>>> On 28 Nov 2018, at 12:57 am, Jason Duerstock <jason.duerstock at gmail.com> wrote:
>>>
>>> 1) Does anyone know how things get loaded from the "Classic" file in
>>> the System Folder? Does this happen under native 9.x, or only under
>>> OS X?
>>>
>>> 2) If you haven't seen these before:
>>> https://github.com/SolraBizna/MacLua5.3
>>> https://github.com/fblondiau/ToolDaemon
>>> http://www.kallisys.com/files/mac/toolserver(1)-1.2.dmg
>>>
>>> 3) Has anyone looked into compressed resources and the associate
>>> 'dcmp' and 'ncmp' resources? I'm wondering if it would be handy to
>>> have an lz4 resourcecompressor/decompressor. Or if there would be
>>> another lossless codec that would be more appropriate.
>>>
>>> Thanks,
>>>
>>> Jason
>>> _______________________________________________
>>> cdg5 mailing list
>>> cdg5 at ucc.asn.au
>>> https://lists.ucc.gu.uwa.edu.au/mailman/listinfo/cdg5
>>
>> _______________________________________________
>> cdg5 mailing list
>> cdg5 at ucc.asn.au
>> https://lists.ucc.gu.uwa.edu.au/mailman/listinfo/cdg5
> _______________________________________________
> cdg5 mailing list
> cdg5 at ucc.asn.au
> https://lists.ucc.gu.uwa.edu.au/mailman/listinfo/cdg5
More information about the cdg5
mailing list