WingNews logo WingNews GitHub [2]
top | item 40327631

PeaZip: Open-source file compression and encryption software

346 points| thunderbong | 1 year ago |peazip.github.io

89 comments

order
[+] Dwedit|1 year ago|reply
Programs like 7-zip and PeaZip both have an unusual feature: Ability to explore NT paths that Windows Explorer will refuse to load.

You can go to a path like "\\?\Harddisk0Partition2\" in 7-zip file manager or PeaZip. On my PC, that happens to be the EFI partition. (Need to run as Admin before it lets you access the EFI partition)

Sysinternals WinObj will let you see all the paths in the NT Object Namespace. To convert an NT Object Namespace path into a standard Windows path, put "\\?\GLOBALROOT\" at the beginning of the path. Windows Explorer and the File Dialogs will refuse to open such paths, but many Win32 applications will accept those paths as command line arguments.

[+] chungy|1 year ago|reply
Not so much "refuse", but lacking code to go down those paths. ReactOS includes built-in shell extensions to browse native NT device paths and the registry right in Explorer. Its same shell extensions can even be installed on Windows to achieve the same thing in Microsoft's Windows Explorer :)
[+] theandrewbailey|1 year ago|reply
I've been using this for over a decade. I keep using it because it extracts files directly where you want them, instead of extracting to a temp folder, then copying to where you want, multiplying IO traffic by up to 2. It also lets me use 7z files with zstd compression, though I'm not sure which other software supports it.
[+] shawnz|1 year ago|reply
Moving files from one directory to another directory on the same filesystem doesn't actually result in any data getting moved, only the directory entries are changed
[+] baal80spam|1 year ago|reply
The trick to do it using the default 7zip file manager is to open the .7z file in the manager (double clicking it, not right clicking it), and extract the archive whenever you want it - it will be extracted straight there with no transition using temporary folder.
[+] Adj_and_Styles|1 year ago|reply
The atool script is just a wrapper around many compression tools. Try atool -x which creates the temp folder under final destination.

https://www.nongnu.org/atool/

Edit: just noticed it was mentioned in other reply, but as aunpack, a symlink to atool. I got used to the -x|-l|-a|... style and rarely remember the alternative names.

[+] c0l0|1 year ago|reply
PeaZip is great software, and doubly so because it is written using Lazarus and compiled with Free Pascal. I highly recommend giving it a try, if only to experience that high quality software can be built using tools that lead you somewhat off the beaten path.

Unfortunately, its lead developer has recently posted[0] that he has to undergo what seems to be complicated, major eye surgery, and that he will probably be unable to continue development :(

[0]: https://old.reddit.com/r/PeaZip/comments/1bn7pu0/communicati...

[+] deaddodo|1 year ago|reply
Yeah, PeaZip is the best example of what Lazarus is capable of, if you feel like using it.

I remember back in my Pascal-loving days, especially after the .NET release of VB, looking at PeaZip+Lazarus and being inspired.

[+] zoom6628|1 year ago|reply
+100 for Lazarus and FreePascal
[+] hgyjnbdet|1 year ago|reply
Genuine question: why would I use this over 7zip?
[+] causality0|1 year ago|reply
Can anyone explain why this is better than 7zip?
[+] jsheard|1 year ago|reply
I don't know if this is better, but 7zips developer has an unnerving track record when it comes to security practices. He resisted adopting basic mitigations like DEP and ASLR for a long time, only relenting after a security researcher basically begged him to after finding arbitrary code execution exploits, and he still doesn't want to use any more advanced hardening techniques because they (slightly) bloat the binary size or have a (tiny) performance overhead.

I'm all for lean software but breaking ASLR by stripping the relocation tables, just to shave a few kilobytes off an executable which is primarily intended to parse untrusted files is just reckless.

[+] Sakos|1 year ago|reply
I've sworn by 7zip since forever and I still use it primarily, but I'd recommend peazip to anybody who wants 7zip but with a better, more convenient GUI (and workflow/behavior). I still think about switching back to peazip (only used it for a few months), but old habits die hard.
[+] tux21b|1 year ago|reply
I hate that PeaZip does not support passwords with a quotation mark (") in the UI. I haven't reviewed the code, but I am assuming that they are neither passing the password via a variable (linked library) nor via an execve call (less secure), but via some sub-shell which is a common attack vector and bad security practice. But as I said, I haven't reviewed the code.
[+] eviks|1 year ago|reply
Zstd support and x-platform
[+] canistel|1 year ago|reply
Cross-platform - works on Linux (with GUI).
[+] croemer|1 year ago|reply
Nitpicks:

1. Command to unquarantine in docs is wrong. It should be `xattr -d com.apple.quarantine /Applications/peazip.app` not `xattr -dr com.apple.quarantine /Applications/peazip.app`

2. Not available via homebrew

3. Can't open issues, neither on Github nor sourceforge

[+] sigzero|1 year ago|reply
There is noting wrong and it is probably better to use 'xattr -d -r' since an .app file is just a directory structure.
[+] teo_zero|1 year ago|reply
The fact that GTK3 is considered the new thing still in alpha is a red flag for me.
[+] bobbob1921|1 year ago|reply
LOVE peaZip! What I especially like about it is in my experience it’s been very portable on linux, and the gui has always been portable as well. (it works on Tails - so it’s great for putting onto a USB stick that contains encrypted zip / veracrypt archives for when you need to access those on an air gap d machine.)
[+] synergy20|1 year ago|reply
how is the GUI done for cross platform? not familiar with Pascal ecosystem
[+] gattilorenz|1 year ago|reply
Lazarus/FreePascal compile to a native binary for more platforms than you will realistically need
[+] aquova|1 year ago|reply
I've been using Ark on Linux for some time now, but have always heard people sing PeaZip's praises, curious if anyone has any experience or preference between the two.
[+] seam_carver|1 year ago|reply
If your needs are basic I just use tar. It's built into macOS and Windows 10. It even supports rar!
[+] jojohohanon|1 year ago|reply
It blends the CLI by incorporating scripting engine?! That’s not what mean by cli friendly.
[+] lucifer153|1 year ago|reply
I was surprised that the software was written in Pascal which is the dead language
[+] sneak|1 year ago|reply
> Offer two factor authentication (password + keyfile) for all formats supporting encryption, to increase security against guessing and dictionary based attacks on weak passwords.

uhhh, that’s not how symmetric encryption works. We have salted password-based (PB) KDFs for exactly this purpose.

Encryption probably doesn’t belong in the compression container format.

[+] lucb1e|1 year ago|reply
The quote is correct. It does not say they're not using a KDF or salting, which you seem to read into it? The keyfile is the "something you have" and the password "something you know", so two-factor checks out, even if it's not a time-based token that people expect nowadays (though TOTP is essentially the same but on another device, extracting time-based short codes from the long key to make it convenient to type over). No matter how good your KDF, a weak or reused password can still be crackable, so a key file can make sense even if you use a salted KDF
[+] Retr0id|1 year ago|reply
PeaZip also uses a PBKDF (PBKDF2). No longer the latest and greatest, but fine.