Manually Opening a 7-zip Self Extracting Archive
How to extract the contents of a self-extracting 7-zip archive without worrying about the contents being executed upon extraction.
Some software distributions opt to compress their executable binaries and other necessary packages into a self-extracting archive in order to reduce the size of installers. This can be a potential security concern if the contents are from a less reputable source. In the case that running the executable on your system is not possible for one reason or another, it is still possible to extract the contents of the embedded archive like a regular compressed file.
A 7-zip self extracting archive is made up of three parts. The first is an SFX module, which contains the logic required to extract the included archive. The second part is a configuration file which tells the SFX module information such as what program to run from the archive after extraction. The last part of the file is the archive that is being extracted. Each of these parts represents a specific section of the executable and it is therefore possible to isolate any one of them and treat it as a file on its own.
Now that we know that there is a way to isolate the archive being extracted, we can go about copying that section to its own file. In order to do that, we need to know the offset in the file where the archive starts. This can be different for each file so it is necessary to look for the specific address in a hex editor by looking for the string !@InstallEnd@! followed by 7z which is the start of the archive. So in the example above, the offset is 0x6FFCA or 458698 bytes into the file.
There are various methods of copying the archive into a new file, but one example would be to use the dd command-line utility for unix-based systems. For example, we could use the following command on our example archive:
dd bs=458698 skip=1 if=self-extractor.exe of=archive.7z
Afterwards, it is possible to simply extract the contents of the new archive file to your system without having to worry about any unknown side-effects of running an executable or even needing to be able to run the file in the first place.
Update (10/7/2017):
It turns out that 7zip, and potentially other decompression tools, allow self extracting archives to be handled the same as regular archives, so there is no need to do so manually except as an exercise for the reader to become more familiar with hex editors.
