# ripxr file format



## fruithead (Dec 18, 2011)

hi i downloaded a compressed that uses the following format ".ripxr"

to extract the archive you need to download the ripxr tool apparently.

i think this is not a real file format and is intended to be some sort of scam, i cant find info ANYWHERE on the net about this, and they ask for money to extract anything!

i have a feeling that there is no ripxr format, and they are somehow re-tooling files to require their software. i cheked with multiple virus scanners, the utility is virus-free. and creating archives is free, but extracting them costs money (even 10 seconds after you create them!) if someone could download this program, create a file, and tell me what it really is, i would be very grateful indeed.

thanks all!


----------



## fruithead (Dec 18, 2011)

if you do, please let me know what happens. 

i am still hoping some tech-advanced guy will have a min to look at the file and figure out what it really is.


----------



## Triple6 (Dec 26, 2002)

What is this file all of you have downloaded and where did it come from?


----------



## bluebloods (Oct 2, 2004)

here is an example: http://wallywashis.name/mp3/Nature+Podcast/The+Best+of+the+Nature+Podcast+2008/

with link to download: http://rapidshare.com/files/2010880026/album-824560.ripxr


----------



## Triple6 (Dec 26, 2002)

The first site shows MP3 files, the second one is a Rapideshare site, when you download content from such as a site it can be anything from something legit, to illegal content, to viruses and malware. If this is legit content then ask the uploader to upload it in a common format.

This whole thing smells of scam/malware and possible illegal content.

I wouldn't even download the Ripxr Java application to my computer, there's no way that unknown JAR file would enter my PC.


----------



## Uninformed-Spew (Dec 19, 2011)

Triple6 said:


> The first site shows MP3 files, the second one is a Rapideshare site, when you download content from such as a site it can be anything from something legit, to illegal content, to viruses and malware. If this is legit content then ask the uploader to upload it in a common format.
> 
> This whole thing smells of scam/malware and possible illegal content.
> 
> I wouldn't even download the Ripxr Java application to my computer, there's no way that unknown JAR file would enter my PC.


As for illegal content, clearly the original poster is trying to open pirated media. I ran into the same issue when downloading a torrent.

I checked virustotal and there were no results for the scan of the jar file. Instead of registering like good citizen, I used http://hex-rays.com/products/ida/support/download.shtml IDA pro to analyze the source. The files appear to be compressed and encrypted with triple DES. The file listing is also encrypted, but that key is stored locally in the file. I am not sure of the motivation behind that design decision. Why encrypt the file listing if you are just going to include the key? The encryption key for the actual file data is posted to the file utility's server after you create an archive. That is as far I as I made it in this process. The method to retrieve keys is empty, you probably have to register the software to see that code. It appears to use a remote class loader which dynamically loads the actual extraction code. I used http://portswigger.net/burp/proxy.html to intercept the remotely loaded code and then analyzed it with the above tool.

What I did not find was anything resembling malware or shell code. Although if this were a truly elaborate scheme the author(s) could load other code on demand via the remote class loader, I find that unlikely. I understand that some people are more cautious about software etc; but to assume this is something malicious without the information to back it up seems irresponsible. It borders on scaremongering. If someone does register this software, they can pm me the burp proxy intercept of the registered version of the code. I can walk you through this process.

BTW there is a way to bypass the 'serial' protection in this software, but this is not a cracking forum. So I will not post that information. One person would have to register to give the required info to create a cracked version. Hopefully, the server does not track how many IPs are using the same key at once.


----------



## bluebloods (Oct 2, 2004)

There is an mp3 album that I am interested in but am worried about legal issues. The album is very rare, WAS only available in Australia, but now isn't even available there. The artists' website says the cd has been discontinued. 

I really want this album to give to someone for Christmas - but I can't get it anywhere, because it was only available from the artist himself, in his country, on CD. I can't get it on iTunes or Amazon.

If a product is not available anywhere else, is downloading it from this website (the only place it is available) illegal?

The price of extracting the files is the same as the cost of the CD, so it's not a question of money.


----------



## fruithead (Dec 18, 2011)

lol i actually have a similar issue. that website has a bunch of archived rockapella cd's that were never produced in america. i have searched everywhere for them - they are simply not findable. but this guy has them.


----------



## Triple6 (Dec 26, 2002)

Sorry, you guys are on your own, the CD's or content are more then likely copyrighted and as such cannot be distributed in this manner.

You may want to contact the artist to see if he can send you a copy.


----------



## fruithead (Dec 18, 2011)

im not allowed to pm or post visitor messages or email anyone so this is the only way i could think of to get in contact with you i saw you closed down my thread, but i wish you had let in one more post! bluebloods was about to post this: (maybe you can add it to the thread so people searching the net will find it? when i searched i could not find anything so i wound up posting here)



bluebloods said:


> Hey your thread was closed as I was replying, looks like it is a scam u were right - thought it sounded too good to be true! Google the website name for warnings against that site. Here's one
> 
> http://thesoundofdarkness.blogspot.com/2009/12/word-of-caution-scam-site-possibly.html
> 
> Glad I didn't go through with it!


that site appears to have quite a bit of info about the wallywashis.name site, which is the site you can get ripxr files from.

thank you!


----------



## Squashman (Apr 4, 2003)

You probably could have just clicked the REPORT button in the thread and posted your comments in that.


----------



## Cookiegal (Aug 27, 2003)

I've combined all posts here and left the thread closed.

In the future, either use the Report button as Squashman pointed out or use the Contact Us e-mail address that is at the bottom of every page.


----------

