Containers and archives
Before disrobe can decompile anything, it often has to get inside a container. The disrobe-binfmt layer detects 98 archive, installer, filesystem, and firmware formats and writes member bytes in-tree for all 98, with auto-detection, recursive chaining through nested layers, and shared zip-slip and decompression-bomb guards.
A recursive carve-everything engine scans for every known magic, models chunked payloads, recurses by depth, and uses entropy to separate code from padding.
Supported formats
| Category | Formats |
|---|---|
| Archives and installers | ZIP (incl. ZIP64 + AES), tar.gz / tar.bz2 / tar.xz / tar.zst, 7z, RAR4 and RAR5 (stored members from both; RAR5 LZ "normal" method decoded in-tree; RAR 2.9/3.x LZ used by compressed RAR4 is named per-entry, not decoded in-tree), .cab, MSI, MSIX / APPX, NSIS (solid and non-solid), Inno Setup (decoded setup-data block stream; per-file split via version-specific TSetupHeader parse is the documented limit), InstallShield (stored and zlib members), .deb, .rpm (metadata), AppImage, Flatpak, Snap |
| Bare compression streams | gzip, bzip2, zstd, lzma, lzip, lz4-frame, zlib, .Z (Unix compress) |
| Legacy archives | ar, arj (methods 1-3 decoded; method 4 carved verbatim), arc (rle / squeeze / lzw decoded; methods 5-7 carved verbatim), lzh, lzop, FreeBSD uzip, Xamarin xalz, par2, ELF appended-overlay carve, StuffIt (classic stored forks decoded; compressed forks carved verbatim with a documented note), partclone (decoded) |
| Embedded-linux filesystems | squashfs, cramfs, ext4, romfs, minixfs, jffs2, UBI + UBIFS, yaffs, erofs (chunk and lcluster lz4 / deflate / zstd decoded; microlzma and compact index carved), NTFS, android-sparse, btrfs-send |
| Disk images and partitions | GPT and MBR (partition tables parsed; each partition carved and recursed in-tree), VHD (fixed and dynamic BAT), VHDX (region table + BAT; logical disk materialized from the block-allocation table, then partition-carved and FAT12 / 16 / 32 walked to pull individual stored files), WIM (header resources with XPRESS / LZX / LZMS chunk payloads decompressed in-tree), FAT12 / 16 / 32 (boot sector, FAT chain walk, root and subdirectory traversal) |
| Apple | .dmg (UDIF: koly trailer + blkx mish chunks; ADC / zlib / bzip2 / LZFSE / LZMA chunk decoders; then HFS+ catalog walk extracts individual files, all in-tree), .pkg (xar TOC + gzip / bzip2 heap, extracted in-tree) |
| Vendor firmware | D-Link (SHRS / encrypted-img AES / alpha / fpkg), EnGenius XOR, Autel ECC table, QNAP PC1, plus CRC-verified Netgear (chk / trx), Xiaomi, Tesla, HP, Moxa, INSTAR, and Airoha carves; OTP-AES Airoha firmware is an information-theoretic wall and is carved verbatim |
| Standalone executables | Bun --compile binaries (embedded JS module graph + sourcemaps), Unity AssetBundle (UnityFS) |
| App / runtime | Electron .asar, Docker image tarball, OCI image manifest + layers, ISO 9660 + Joliet (extracted in-tree) |
Extraction
Most extraction happens implicitly inside disrobe auto, which detects a container, extracts it, and recurses into the contents. Archive-shaped inputs are also available directly:
disrobe py extract package.whl --out extracted/
disrobe auto installer.msi --out extracted/
disrobe auto firmware.bin --out extracted/ --recursive --max-depth 6
--recursive enables recursive carve; --max-depth limits nesting depth (default 8).
Safety guards
Every extractor shares the quota machinery in crates/disrobe-binfmt/src/quota.rs:
- Per-entry size cap and aggregate size cap defuse decompression bombs.
- Recursion-depth cap defuses container-in-container bombs.
- Zip-slip path sanitization (
sanitize_entry_path): every entry path is sanitized so no extraction can escape the output directory, on every format.
Bypasses of any of these are treated as security issues; see the security policy.