Initial ISO Protection Detection

BinaryObjectScanner.Test/BinaryObjectScanner.Test.csproj

@@ -16,10 +16,10 @@
             <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
             <PrivateAssets>all</PrivateAssets>
         </PackageReference>
-        <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.14.1" />
-        <PackageReference Include="SabreTools.Serialization" Version="[2.0.2]" />
+        <PackageReference Include="Microsoft.NET.Test.Sdk" Version="18.0.0" />
+        <PackageReference Include="SabreTools.Serialization" Version="[2.1.0]" />
         <PackageReference Include="xunit" Version="2.9.3" />
-        <PackageReference Include="xunit.runner.visualstudio" Version="3.1.4">
+        <PackageReference Include="xunit.runner.visualstudio" Version="3.1.5">
             <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
             <PrivateAssets>all</PrivateAssets>
         </PackageReference>

BinaryObjectScanner/BinaryObjectScanner.csproj

@@ -49,9 +49,9 @@
         <PackageReference Include="GrindCore.SharpCompress" Version="0.40.4-alpha" Condition="!$(TargetFramework.StartsWith(`net2`)) AND !$(TargetFramework.StartsWith(`net3`)) AND !$(TargetFramework.StartsWith(`net40`)) AND !$(TargetFramework.StartsWith(`net452`))" />
         <PackageReference Include="MinThreadingBridge" Version="0.11.4" Condition="$(TargetFramework.StartsWith(`net2`)) OR $(TargetFramework.StartsWith(`net3`)) OR $(TargetFramework.StartsWith(`net40`))" />
         <PackageReference Include="SabreTools.Hashing" Version="[1.5.1]" />
-        <PackageReference Include="SabreTools.IO" Version="[1.7.6]" />
-        <PackageReference Include="SabreTools.Serialization" Version="[2.0.2]" />
-        <PackageReference Include="System.Text.Encoding.CodePages" Version="9.0.9" Condition="!$(TargetFramework.StartsWith(`net2`)) AND !$(TargetFramework.StartsWith(`net3`)) AND !$(TargetFramework.StartsWith(`net40`)) AND !$(TargetFramework.StartsWith(`net452`))" />
+        <PackageReference Include="SabreTools.IO" Version="[1.8.0]" />
+        <PackageReference Include="SabreTools.Serialization" Version="[2.1.0]" />
+        <PackageReference Include="System.Text.Encoding.CodePages" Version="9.0.10" Condition="!$(TargetFramework.StartsWith(`net2`)) AND !$(TargetFramework.StartsWith(`net3`)) AND !$(TargetFramework.StartsWith(`net40`)) AND !$(TargetFramework.StartsWith(`net452`))" />
     </ItemGroup>
 
 </Project>

BinaryObjectScanner/Data/StaticChecks.cs

@@ -22,6 +22,18 @@ public static IContentCheck[] ContentCheckClasses
             }
         }
 
+        /// <summary>
+        /// Cache for all IISOCheck<ISO> types
+        /// </summary>
+        public static IISOCheck<ISO9660>[] ISO9660CheckClasses
+        {
+            get
+            {
+                iso9660CheckClasses ??= InitCheckClasses<IISOCheck<ISO9660>>();
+                return iso9660CheckClasses;
+            }
+        }
+
         /// <summary>
         /// Cache for all IExecutableCheck<LinearExecutable> types
         /// </summary>
@@ -91,6 +103,12 @@ public static IExecutableCheck<PortableExecutable>[] PortableExecutableCheckClas
         /// </summary>
         private static IContentCheck[]? contentCheckClasses;
 
+
+        /// <summary>
+        /// Cache for all IISOCheck<ISO9660> types
+        /// </summary>
+        private static IISOCheck<ISO9660>[]? iso9660CheckClasses;
+
         /// <summary>
         /// Cache for all IExecutableCheck<LinearExecutable> types
         /// </summary>

BinaryObjectScanner/FileType/DiskImage.cs

@@ -0,0 +1,52 @@
+using System;
+using System.Collections.Generic;
+using System.IO;
+using BinaryObjectScanner.Data;
+using BinaryObjectScanner.Interfaces;
+using SabreTools.IO.Extensions;
+using SabreTools.Serialization.Wrappers;
+
+namespace BinaryObjectScanner.FileType
+{
+    /// <summary>
+    /// .iso file
+    /// </summary>
+    public abstract class DiskImage<T> : DetectableBase<T>
+        where T : WrapperBase
+    {
+        /// <inheritdoc/>
+        public DiskImage(T wrapper) : base(wrapper) { }
+
+        #region Check Runners
+
+        /// <summary>
+        /// Handle a single file based on all ISO check implementations
+        /// </summary>
+        /// <param name="file">Name of the source file of the ISO, for tracking</param>
+        /// <param name="iso">ISO to scan</param>
+        /// <param name="checks">Set of checks to use</param>
+        /// <param name="includeDebug">True to include debug data, false otherwise</param>
+        /// <returns>Set of protections in file, empty on error</returns>
+        protected IDictionary<U, string> RunISOChecks<U>(string file, T iso, U[] checks, bool includeDebug)
+            where U : IISOCheck<T>
+        {
+            // Create the output dictionary
+            var protections = new CheckDictionary<U>();
+
+            // Iterate through all checks
+            checks.IterateWithAction(checkClass =>
+            {
+                // Get the protection for the class, if possible
+                var protection = checkClass.CheckISO(file, iso, includeDebug);
+                if (string.IsNullOrEmpty(protection))
+                    return;
+
+                protections.Append(checkClass, protection);
+            });
+
+            return protections;
+        }
+
+        #endregion
+    }
+}

BinaryObjectScanner/FileType/Executable.cs

@@ -76,7 +76,6 @@ protected IDictionary<IContentCheck, string> RunContentChecks(string? file, Stre
         /// <param name="file">Name of the source file of the executable, for tracking</param>
         /// <param name="exe">Executable to scan</param>
         /// <param name="checks">Set of checks to use</param>
-        /// <param name="scanner">Scanner for handling recursive protections</param>
         /// <param name="includeDebug">True to include debug data, false otherwise</param>
         /// <returns>Set of protections in file, empty on error</returns>
         protected IDictionary<U, string> RunExecutableChecks<U>(string file, T exe, U[] checks, bool includeDebug)

BinaryObjectScanner/FileType/ISO9660.cs

@@ -0,0 +1,121 @@
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Text;
+using System.Text.RegularExpressions;
+using BinaryObjectScanner.Data;
+using SabreTools.Data.Models.ISO9660;
+using SabreTools.IO.Extensions;
+
+namespace BinaryObjectScanner.FileType
+{
+    /// <summary>
+    /// ISO9660
+    /// </summary>
+    public class ISO9660 : DiskImage<SabreTools.Serialization.Wrappers.ISO9660>
+    {
+        /// <inheritdoc/>
+        public ISO9660(SabreTools.Serialization.Wrappers.ISO9660 wrapper) : base(wrapper) { }
+
+        /// <inheritdoc/>
+        public override string? Detect(Stream stream, string file, bool includeDebug)
+        {
+            // Create the output dictionary
+            var protections = new ProtectionDictionary();
+
+            // Standard checks
+            var subProtections
+                = RunISOChecks(file, _wrapper, StaticChecks.ISO9660CheckClasses, includeDebug);
+            protections.Append(file, subProtections.Values);
+
+            // If there are no protections
+            if (protections.Count == 0)
+                return null;
+
+            // Create the internal list
+            var protectionList = new List<string>();
+            foreach (string key in protections.Keys)
+            {
+                protectionList.AddRange(protections[key]);
+            }
+
+            return string.Join(";", [.. protectionList]);
+        }
+
+        // Checks whether the sequence of bytes is pure data (as in, not empty, not text, just high-entropy data)
+        public static bool IsPureData(byte[] bytes)
+        {
+            // Check if there are three 0x00s in a row. Two seems like pushing it
+            byte[] containedZeroes = {0x00, 0x00, 0x00};
+            int index = 0;
+            for (int i = 0; i < bytes.Length; ++i) {
+                if (bytes[i] == containedZeroes[index])
+                {
+                    if (++index >= containedZeroes.Length)
+                        return false; 
+                }
+                else
+                    index = 0;
+            }
+
+            // Checks if there are strings in the data
+            // TODO: is this too dangerous, or too faulty?
+            // Currently-found worst cases:
+            // "Y:1BY:1BC" in Redump ID 23339
+            var strings = bytes.ReadStringsWithEncoding(charLimit: 7, Encoding.ASCII);
+            Regex rgx = new Regex("[^a-zA-Z0-9 -'!?,.]");
+            foreach (string str in strings)
+            {
+                if (rgx.Replace(str, "").Length > 7)
+                    return false;
+            }
+
+            return true;
+        }
+
+        // TODO: can these 2 "noteworthy" functions be cached?
+        // Checks whether the Application Use data is "noteworthy" enough to be worth checking for protection.
+        public static bool NoteworthyApplicationUse(PrimaryVolumeDescriptor pvd)
+        {
+            int offset = 0;
+            var applicationUse = pvd.ApplicationUse;
+            var noteworthyApplicationUse = true;
+            if (Array.TrueForAll(applicationUse, b => b == 0x00))
+                noteworthyApplicationUse = false;
+            string? potentialAppUseString = applicationUse.ReadNullTerminatedAnsiString(ref offset);
+            if (potentialAppUseString != null && potentialAppUseString.Length > 0) // Some image authoring programs add a starting string to AU data
+            {
+                if (potentialAppUseString.StartsWith("ImgBurn"))
+                    noteworthyApplicationUse = false;
+                else if (potentialAppUseString.StartsWith("ULTRAISO"))
+                    noteworthyApplicationUse = false;
+                else if (potentialAppUseString.StartsWith("Rimage"))
+                    noteworthyApplicationUse = false;
+                else if (Array.TrueForAll(Encoding.ASCII.GetBytes(potentialAppUseString), b => b == 0x20))
+                    noteworthyApplicationUse = false;
+                // TODO: Unhandled "norb" mastering that puts stuff everywhere, inconsistently. See RID 103641
+                // More things will have to go here as more disc authoring softwares are found that do this.
+                // Redump ID 24478 has a bunch of 0x20 with norb in the middle, some discs have 0x20 that ends in a "/"
+                // character. If these are found to be causing issues they can be added.
+            }
+
+            offset = 141;
+            potentialAppUseString = applicationUse.ReadNullTerminatedAnsiString(ref offset);
+            if (potentialAppUseString == "CD-XA001") 
+                    noteworthyApplicationUse = false;
+
+            return noteworthyApplicationUse;
+        }
+
+        // Checks whether the Reserved 653 Bytes are "noteworthy" enough to be worth checking for protection.
+        public static bool NoteworthyReserved653Bytes(PrimaryVolumeDescriptor pvd)
+        {
+            var reserved653Bytes = pvd.Reserved653Bytes;
+            var noteworthyReserved653Bytes = true;
+            if (Array.TrueForAll(reserved653Bytes, b => b == 0x00))
+                noteworthyReserved653Bytes = false;
+            // Unsure if more will be needed
+            return noteworthyReserved653Bytes;
+        }
+    }
+}

BinaryObjectScanner/Interfaces/IISOCheck.cs

@@ -0,0 +1,19 @@
+using SabreTools.Serialization.Wrappers;
+
+namespace BinaryObjectScanner.Interfaces
+{
+    /// <summary>
+    /// Check an ISO for protection
+    /// </summary>
+    public interface IISOCheck<T> where T : WrapperBase
+    {
+        /// <summary>
+        /// Check a path for protections based on file contents
+        /// </summary>
+        /// <param name="file">File to check for protection indicators</param>
+        /// <param name="iso">ISO representing the read-in file</param>
+        /// <param name="includeDebug">True to include debug data, false otherwise</param>
+        /// <returns>String containing any protections found in the file</returns>
+        string? CheckISO(string file, T iso, bool includeDebug);
+    }
+}

BinaryObjectScanner/Protection/AlphaROM.cs

@@ -1,4 +1,8 @@
-using BinaryObjectScanner.Interfaces;
+using System;
+using System.Text.RegularExpressions;
+using BinaryObjectScanner.Interfaces;
+using SabreTools.Data.Models.ISO9660;
+using SabreTools.IO.Extensions;
 using SabreTools.Serialization.Wrappers;
 
 namespace BinaryObjectScanner.Protection
@@ -39,7 +43,7 @@ namespace BinaryObjectScanner.Protection
     //      - SETTEC0000SETTEC1111
     //      - SOFTWARE\SETTEC
     // TODO: Are there version numbers?
-    public class AlphaROM : IExecutableCheck<PortableExecutable>
+    public class AlphaROM : IExecutableCheck<PortableExecutable>, IISOCheck<ISO9660>
     {
         /// <inheritdoc/>
         public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
@@ -84,5 +88,50 @@ public class AlphaROM : IExecutableCheck<PortableExecutable>
 
             return null;
         }
+
+        public string? CheckISO(string file, ISO9660 iso, bool includeDebug)
+        {
+            // Checks can be made even easier once UDF support exists, as most (although not all, some early discs like
+            // redump ID 124111 have no UDF partition) discs have "Settec" slathered over every field UDF lets them.
+
+            if (iso.VolumeDescriptorSet[0] is not PrimaryVolumeDescriptor pvd)
+                return null;
+
+
+            // Alpharom disc check #1: disc has varying (but observed to at least always be larger than 14) length 
+            // string made up of numbers and capital letters.
+            // TODO: triple-check that length is never below 14
+            int offset = 0;
+            var applicationIdentifierString = pvd.ApplicationIdentifier.ReadNullTerminatedAnsiString(ref offset)?.Trim();
+            if (applicationIdentifierString == null || applicationIdentifierString.Length < 14)
+                return null;
+
+            if (!Regex.IsMatch(applicationIdentifierString, "^[A-Z0-9]*$"))
+                return null;
+
+            offset = 0;
+
+            // Alpharom disc check #2: disc has publisher identifier filled with varying amount of data (26-50 bytes
+            // have been observed) followed by spaces. There's a decent chance this is just a Japanese text string, but
+            // UTF, Shift-JIS, and EUC-JP all fail to display anything but garbage.
+
+            var publisherIdentifier = pvd.PublisherIdentifier;
+            var firstSpace = Array.FindIndex(publisherIdentifier, b => b == 0x20);
+            if (firstSpace <= 10 || firstSpace >= 120)
+                return null;
+
+            var publisherData = new byte[firstSpace];
+            var publisherSpaces = new byte[publisherData.Length - firstSpace];
+            Array.Copy(publisherIdentifier, 0, publisherData, 0, firstSpace);
+            Array.Copy(publisherIdentifier, firstSpace, publisherSpaces, 0, publisherData.Length - firstSpace);
+
+            if (!Array.TrueForAll(publisherSpaces, b => b == 0x20))
+                return null;
+
+            if (!FileType.ISO9660.IsPureData(publisherData))
+                return null;
+
+            return "AlphaROM";
+        }
     }
 }