thanks for the jpegs, I'd like to see more of the gifs is anybody has some. do they do this with PNG files as well? what about movie files or encoded text/html files?

cheers

helo, just a couple of thoughts about all of this.

It would seem like detection would be preferable to processing every file.

The gif file that I got had an invalid header but it's probably safe to say that most do have valid headers.

The gif licensing is pretty restrictive so processing every file may not even be an option. At a company I used to work for we decided not to compress gifs after we spoke to unisys about the licensing costs. Decompressing gifs is ok, compressing with unisys algorithms is not without a license.

Couldn't the files be identified by establishing a 'normal' ratio of bytes/pixel for each file type and testing the abnormal bytes/pixel ratios of these warez files against this normal? So far it looks like the jpeg headers contain the height and width of the valid image data with the rest of the crap tagged on to the end.

Let's that the r=b/(h*w) where r is our ratio, b is the number of bytes and h & w is the height and width reported in the header.

I grabbed 5 of the files posted earlier:
AGF2nd811.jpg 146618/(100 x 118) = 12.4252542372881
AGF2nd812.jpg 163365/(200 x 160) = 5.10515625
AGF2nd813.jpg 161336/(126 x 176) = 7.27525252525253
AGF2nd814.jpg 104842/(116 x 150) = 6.02540229885058
AGF2nd815.jpg 121379/(93 x 160) = 8.15719086021505

Compared with 5 (non warez) files reasonably compressed:
minnkim-035.jpg 34981/(600 x 457) = 0.127574762946754
minnkim-036.jpg 35846/(600 x 457) = 0.13072939460248
minnkim-037.jpg 30728/(600 x 457) = 0.112064186725018
minnkim-138.jpg 46571/(457 x 600) = 0.169843180160467

The ratios of bytes/pixel are severely out of whack with these warez files.

It would seem as though some c or asm code could read the headers of all new files on the system (either through hooking into ftp events or cron jobs on log files, doesn't really matter), compute the ratio of bytes per pixel, compare that against the normal and flag any abnormal ratios for delete or human examination.

any thoughts or comments on this?

cheers

The problem arises with animated gif's (which could be any number of frames, and could also be severly out of wack based on the imagesize:filesize ratio)

All one really needs to do is get a piece of code that unpacks a gif -- unpack the gif, and see if there is more than a few bytes of trailing data. If there is, the file is warez.

Most code that does this is written in C, and my C coding has become very rusty over the years.. haven't really done any hardcore coding of that nature since the 68000Assembly demo days on the Amiga.

unfortunately nobody has posted links to gifs other than the first one which was obviously not a gif so I haven't been able to look at any of these files as gifs. the bytes/pixel ratio should hold true for animated gifs by reading the framecount and dividing the total bytes by the number of frames reported r= (b/n)/(w*h) ... once again, I just have not seen any of the gif files though.

"All one really needs to do is get a piece of code that unpacks a gif -- unpack the gif, and see if there is more than a few bytes of trailing data. If there is, the file is warez. "

I agree, this should work. Personally I am more interested in low impact detection so if anyone has some of these gifs could you let me know?

cheers

Someone wanted a example of gifs. Here they are


http://www.greenapple.verisexy.net/t...bicross14.html

thanks, I grabbed a few and I'll take a peek. at first glance these gifs don't seem nearly as sophisticated as the jpegs, I wonder if it's the same program used to generate them both?

pretty clever really, they even include a checksum file. not as clever as it could be, but pretty clever.

cheers

if you ban .jp it will cut your warez problems down 70% :o)

here is the code I wrote, put this in a script and run it at upload time it checks for correct start of GIF file and correct header and footer of a JPEG

it uses sysread to be more efficient instead of usual perl file shit

# example - $pathfile = "/path/to/uploaded/file.gif";

if ($pathfile =~ /.gif$/gi)
{
open (TEST,"<$pathfile");
sysread (TEST,$check_header,4);
close (TEST);

$header = "GIF8";

unlink ("$pathfile") if ($check_header ne "$header");
}
elsif ($pathfile =~ /.jpg$/gi)
{
open (TEST,"<$pathfile");
sysread (TEST,$check_header,4);
sysseek (TEST,-2,2);
sysread (TEST,$check_footer,2);
close (TEST);

$header = "ÿØÿà";
$footer = "ÿÙ";

unlink ("$pathfile") if ($check_header ne "$header");
unlink ("$pathfile") if ($check_footer ne "$footer");
}


don't diss da jungle

Ok, heres some warez file names that I found on the server. Please share them =) Wait till traffic builds up and then delete the files and send the warez downloaders to popup hell.

*AGF1*
*AGF2*
*AGF3*
*AGF4*
*0425_do*
*kyohaku*
*elfan*
*wind_disc*
*eroken*
*dojin*
*ouma_disk*
*nsmdvd*
*kuraemon*
*mikoava*
*kango*
*zeroone*
*ayu*
*BB1WA*
*sp10*
*arisapv*
*ign0*
*ign1*
*ign2*
*ign3*
*ign4*
*minid*
*kiwoku*
*cubicross*
*afgan*
*megami0*
*megami1*
*megami2*
*ove0*
*ove1*
*ove2*
*ove3*
*ove4*
*IBM0*
*eva0*
*ds1*
*ds2*
*kojin*