2. NSIS Discussion
  3. Extract NSIS installations with 7-zip (4.40 beta and up)

Archive: Extract NSIS installations with 7-zip (4.40 beta and up)


Comperio
1st May 2006 15:04 UTC

Extract NSIS installations with 7-zip!
FYI:
7-zip (www.7-zip.org) just released 4.40 beta which has the ability to extract files from an NSIS installation.

The notes say that it exports "some" NSIS installations, so it must have something to do with the compression method used. (It seems to work OK with standard NSIS LZMA compression. Haven't tested any others.)

Here's the SourceForge page for it:
http://sourceforge.net/projects/sevenzip/

ggf31416
2nd May 2006 02:16 UTC

Re: Extract NSIS installations with 7-zip!

Originally posted by Comperio
FYI:
7-zip (www.7-zip.org) just released 4.40 beta which has the ability to extract files from an NSIS installation.

The notes say that it exports "some" NSIS installations, so it must have something to do with the compression method used. (It seems to work OK with standard NSIS LZMA compression. Haven't tested any others.)

Here's the SourceForge page for it:
http://sourceforge.net/projects/sevenzip/
According to my tests, 7-zip can extract installers with BCJ/LZMA, LZMA and Zlib compression. Extraction from bzip2 installers don't work.

ggf31416
2nd May 2006 05:58 UTC

From the 7-zip Open Discussion forum, "When does "7-Zip" support more formats ???"
http://sourceforge.net/forum/forum.p...forum_id=45797

"By: Igor Pavlov - ipavlov
RE: NSIS Support
2006-05-02 00:57
NSIS uses modified Deflate (zlib). 7-Zip supports it.
NSIS uses modified BZip2. 7-Zip doesn't support it now."

Yathosho
2nd May 2006 16:35 UTC

7-Zip 4.4
What's new:
- 7-Zip now can unpack some installers created by NSIS

any details on what it does?

Koopa
2nd May 2006 20:24 UTC

It simply unpacks the files, wich are integrated in the installer.

It is not able to decompile your installer. 7Zip users have no access to your .nsi script. ;)

DrO
2nd May 2006 20:31 UTC

what about the [NSIS].nsi entry? ;) but from what someone who knows said, there's a few things which could be done to improve the script decompile. the main thing really is to allow you to access any files in the installer exe assuming it was built in one of the methods that it currently supports (seems that bzip2 installers aren't going to work at the moment ref)

-daz

Koopa
2nd May 2006 20:32 UTC

what about the [NSIS].nsi entry?
I guess it's not a valid script, or am I wrong?

You have to change parts in the [NSIS].nsi, otherwise it will not compile.

Brummelchen
2nd May 2006 20:47 UTC

double posting
http://forums.winamp.com/showthread....hreadid=245098

## already merged ##

DrO
2nd May 2006 21:59 UTC

that's what needs the tweaks so it would create a compilable [NSIS].nsi

Brummelchen: already noted by the ref i did in my last post, just ran out of time to merge the two threads together like it is now ;)

-daz

Brummelchen
2nd May 2006 22:12 UTC

the extracted script is not ready to work - it only shows
an approximate script to get the idea behind.
i have in mind that nsis compiles the script for runtime use
and not for scripting base. works like aPatch or a codefusion
patch where the instructions are hold inside encoded.

DrO
2nd May 2006 23:46 UTC

all i'm going on is what kichik mentioned briefly when it was brought up that there was the [NSIS].nsi shown. i can't remember what was fully said but i'm sure he said that it's possible to improve what's decoded to get closer if not to be able to allow compiling of the script. i could be wrong so please don't hold me to it

-daz

rxs2k5
5th May 2006 10:17 UTC

well as you people know innosetup have a special unpacker to unpack installation and nicer arrange the script.

7zip also does the same to zlib and lzma, where it actually made the nsi script so nicerly that using username and password can be shown so clearly. basically the unauthorised just need to use one set of access to enter the installer or just grab the files being extracted.

I just really hope nsis could become a better security on this one as I see many many people using it because it is a really good installer compiler and " The Way Of Art Script ".

Thanks for all at least bzip2 should do the job.For the time being.

Brummelchen
5th May 2006 19:42 UTC

lzma is cracked in simple words :(

i made a test package for me with password in lzma and it
was clear to read either other methods were very clear.

i have my own solution now but using bzip2 is the only way
for the moment.

Koopa
5th May 2006 21:42 UTC

i have my own solution now but using bzip2 is the only way
Yep, but LZMA compression creates smaller files.

I guess later 7z versions will be able to unpack bzip2 compressed installers too

Joost Verburg
6th May 2006 01:00 UTC

If you put plain-text passwords in your script, they can be extracted anyway. The introduction of this 7-zip feature makes no difference.

The "decompiled" scripts are also completely useless for most purposes, it's a bit like viewing the assembly code of an application. Everything done by the preprocessor, all names, high-level logic etc. are gone. So it's not like someone could steal your complete script.

onad
8th May 2006 11:19 UTC

If you want to be sure of security you can write an Plugin for special functions.

As said before, 7Zip is not able to decompile your installer fully. 7Zip users have no access to your .nsi script.

Idea: Use an uncompressed NSIS installer and pack with UPX. (which is also unpackable, but not with 7ZIP ;)

* But better make a plugin if you want to be sure of security via special functions *

Or, since one has the NSIS source, one can alter the code and take some measure one think are useful (e.g. reversed/scrambleblock of LZMA format). That is one of the main advantages of having Open Source!

BTW
- MSI is "un-packable" also, MS own ORCA tool helps there ;)
- NSIS is an installer tool, not a protector tool

No login
11th May 2006 07:54 UTC

This shouldn't be a surprise
This shouldn't surprise anyone - I routinely extract NSIS, InstallShield and MSI files before I install them as a precautionary measure. When some ambitious developer thinks he'll disguise his installer, I use a virtual machine to make before/after snapshots to double-check, then package up the snapshot differences as a replacement for the faulty original installer.

Look, it's an installer. It's little more than a dressed-up self extracting archive. There are legitimate reasons for end users to browse installer .exe files, and I'm glad Igor implemented NSIS support into 7-Zip as the tool I was using was quite unfriendly. Depending on how modular his code is, I may adapt 7-Zip to support MSI and InstallShield as well.

Those of you trying to disguise your installers or convince Igor to cripple 7-Zip must have little experience in computer security - no matter what you do to your installers, you can't thwart a before/after snapshot from a virtual machine. If a user has bad intentions, this is what they'll do anyway - it doesn't matter what you do to the installer. And if they really want your script, they'll just attach a debugger and grab it from memory, or run the installer in a full CPU emulator.

toffo
3rd October 2007 09:52 UTC

I know this is an old thread, but it may be useful for others..
Normally I dont post just because I found a solution, but here I am..

I want my WinAmp so stripped I can, I have a license
for the Pro so I've used the full rock-on edition..
extracted it with 7zip and then just used the files in
the base folder..

winamp.exe, dll files and then started it up..
it created the ini file and such.. and I just saved my
settings.. now I have a perfect working fully stripped
and configured WinAmp just like I want it..

and the best of all.. just copy those files to a fresh
install of Windows and it works out of the box =D
no need to install it..

perfect for unattended windows xp ;)

// Chris

Fork me on GitHub