acefile - read/test/extract ACE 1.0 and 2.0 archives in pure python
This single-file, pure python 3, no-dependencies implementation is intended to be used as a library, but also provides a stand-alone unace utility. As mostly pure-python implementation, it is significantly slower than native implementations, but more robust against vulnerabilities.
This implementation supports up to version 2.0 of the ACE archive format, including the EXE, DELTA, PIC and SOUND modes of ACE 2.0, password protected archives and multi-volume archives. It does not support writing to archives. It is an implementation from scratch, based on the 1998 document titled “Technical information of the archiver ACE v1.2” by Marcel Lemke, using unace 2.5 and WinAce 2.69 by Marcel Lemke as reference implementations.
For more information, API documentation, source code, packages and update notifications, refer to:
- https://www.roe.ch/acefile
- https://apidoc.roe.ch/acefile
- https://github.com/droe/acefile
- https://pypi.python.org/pypi/acefile
- https://twitter.com/droethlisberger
Packages/Ports
Primary distribution of acefile is via PyPI, but it is also available as a package or port on at least the following platforms:
- PyPI: acefile
- macOS (MacPorts): py-acefile
- FreeBSD: archivers/py-acefile
- DragonFly BSD: archivers/py-acefile
- openSUSE: python-acefile
- Arch Linux AUR: python-acefile
Projects Using acefile
- phishfinder – A tool designed to traverse phishing URL paths to search for phishing kit source code
- Analysis Correlation Engine – A detection system and automation framework
- Evil WinRAR Gen – CVE-2018-20250 exploit generator targetting WinRAR before 5.70 beta 1
- Qu1cksc0pe – All-in-One malware analysis tool
- monobit – Tools for working with monochrome bitmap fonts
Further Reading and Success Stories
These links are provided in the hope that they may be useful, but without implying endorsement of any kind.
- Remember ACE files? by Didier Stevens in SANS Internet Storm Center Diary
- General advice on mods in OpenMW by Darklocq
- Extracting a 19 Year Old Code Execution from WinRAR by Nadav Grossman of Checkpoint
- Extracting Files from ACE files (CVE-2019-20250) by Sketchymoose
- Remote Code Execution WinRAR (CVE-2018-20250) POC by Manuel López Pérez
- Ящик Пандоры: разбираем эксплуатацию уязвимости WinRAR на примере задания NeoQUEST-2019 by NWOcs
- WinRAR漏洞复现过程 by 0x24bin
- RAR漏洞复现 CVE-2018-20250 by r4bbit
- WinRAR目录穿越神洞复现及防御
Other Implementations of ACE 1.0 and/or ACE 2.0
Besides acefile.py
, there exist the following other implementations:
- WinAce 2.x,
acev2.dll
,unacev2.dll
(closed source, ACE 2.0)
The canonical implementation in c by Marcel Lemke. Powers WinAce and pretty much every Windows archiver able to handle the ACE 2.0 format.
Windows only; no source code available.
http://www.winace.de/ ace
2.x (closed source, ACE 2.0)
The full command-line implementation in c by Marcel Lemke. Appears to be based on essentially the same codebase asacev2.dll
.
DOS, OS/2 and Windows; no source code available.
http://www.winace.de/unace
2.x (open source, ACE 2.0, read-only)
The stripped-down command-line implementation in c by Marcel Lemke. Appears to be based on essentially the same codebase asunacev2.dll
.
DOS, OS/2, Windows, Unix; very old binary releases (PPC-only for Mac); source code for Linux available under the Public UnAce Licence (non-free).
This is the Debianunace-nonfree
package.
http://www.winace.de/
http://http.debian.net/debian/pool/non-free/u/unace-nonfree/unace-nonfree_2.5.orig.tar.gzunace
1.x (open source, ACE 1.0 only, read-only)
Older version of the stripped-down command-line implementation in c by Marcel Lemke.
DOS, OS/2, Amiga, Windows and Unix; source code originally published without explicit license, later under the GPL 2.0.
This is the Debianunace
package.
http://members.aol.com/mlemke6413/(search forunacepub.zip
to find mirrors)
http://http.debian.net/debian/pool/main/u/unace/unace_1.2b.orig.tar.gz- XAD-Master, libxad (open source, ACE 1.0 only, read-only)
The XAD library system for archive handling in c by Dirk Stöcker.
Amiga, Unix; originally Amiga Shareware, later LGPL 2.1.
This is the implementation that powers support for older archive formats in The Unarchiver and other non-Windows meta-unarchivers that don’t shell out to an externalunace
utility.
https://www.dstoecker.eu/xadmaster.html
https://sourceforge.net/projects/libxad/
Please drop me a line if I missed any other publicly available implementations.