DarkCryptTC - Total Commander now is the best encryptor!!!

Discuss and announce Total Commander plugins, addons and other useful tools here, both their usage and their development.

Moderators: Stefan2, white, sheep, Hacker

Post Reply
User avatar
alexanderwdark
Senior Member
Senior Member
Posts: 253
Joined: 2008-04-14, 07:20 UTC
Location: Russia
Contact:

Post by *alexanderwdark » 2008-04-20, 13:47 UTC

Full encryption key You can view by right-clicking on disk button, then hex-viewer will be shown;

Update

User avatar
ts4242
Power Member
Power Member
Posts: 2063
Joined: 2004-02-02, 20:08 UTC
Contact:

Post by *ts4242 » 2008-04-20, 15:11 UTC

alexanderwdark wrote:Full encryption key You can view by right-clicking on disk button, then hex-viewer will be shown;
Nice addition
Suggestion:
1. Move [x] Show encryption key option under Password box will make it more recognizable.
2. Change its caption to Show password
3. When this option is checked, no need for password confirmation (like Winrar does)

waiting for fixing auto language switch :wink:

User avatar
alexanderwdark
Senior Member
Senior Member
Posts: 253
Joined: 2008-04-14, 07:20 UTC
Location: Russia
Contact:

Post by *alexanderwdark » 2008-04-20, 16:45 UTC

ts4242 wrote:
alexanderwdark wrote:Full encryption key You can view by right-clicking on disk button, then hex-viewer will be shown;
Nice addition
Suggestion:
1. Move [x] Show encryption key option under Password box will make it more recognizable.
2. Change its caption to Show password
3. When this option is checked, no need for password confirmation (like Winrar does)

waiting for fixing auto language switch :wink:

2. Caption changed to reccomended
3. Winrar-like non confirmation if key showed
4. MS-Richedit control now must'nt do autokeyboard



New build

User avatar
ts4242
Power Member
Power Member
Posts: 2063
Joined: 2004-02-02, 20:08 UTC
Contact:

Post by *ts4242 » 2008-04-20, 17:17 UTC

Thanks for considering my suggestions.
It is perfect now!

User avatar
alexanderwdark
Senior Member
Senior Member
Posts: 253
Joined: 2008-04-14, 07:20 UTC
Location: Russia
Contact:

Post by *alexanderwdark » 2008-04-20, 18:21 UTC

ts4242 wrote:Thanks for considering my suggestions.
It is perfect now!
Thanks for testing, criticism and nice suggestions!

User avatar
Nigurrath
Senior Member
Senior Member
Posts: 221
Joined: 2003-02-05, 12:41 UTC

Post by *Nigurrath » 2008-04-21, 08:45 UTC

the exe file into the distribution is reported my mcafee as malware. It is not surely but the result is that the file is deleted and I cannot install the plugin.
always latest 32b TC on a WIN10 64b

User avatar
alexanderwdark
Senior Member
Senior Member
Posts: 253
Joined: 2008-04-14, 07:20 UTC
Location: Russia
Contact:

Post by *alexanderwdark » 2008-04-21, 10:11 UTC

Nigurrath wrote:the exe file into the distribution is reported my mcafee as malware. It is not surely but the result is that the file is deleted and I cannot install the plugin.


It's compressed with UPACK, free and one of the best compressors.
Please, send this files to McAfee. Other AV-tools works correctly and there are no problems. Best antiviruses, such as DrWeb, Kaspersky free of such bugs in their bases and av-engines.


You can switch av monitor off before installing and after it turn it on. Or You can add file to exclusions.
Last edited by alexanderwdark on 2008-04-21, 15:36 UTC, edited 1 time in total.

User avatar
ts4242
Power Member
Power Member
Posts: 2063
Joined: 2004-02-02, 20:08 UTC
Contact:

Post by *ts4242 » 2008-04-21, 12:01 UTC

Scan result for the latest darkcryptrtc.WCX version
Scan result for xdc.exe

2alexanderwdark
Do you have any explanation?

User avatar
alexanderwdark
Senior Member
Senior Member
Posts: 253
Joined: 2008-04-14, 07:20 UTC
Location: Russia
Contact:

Post by *alexanderwdark » 2008-04-21, 14:59 UTC

ts4242 wrote:Scan result for the latest darkcryptrtc.WCX version
Scan result for xdc.exe

2alexanderwdark
Do you have any explanation?
YES!
Normal antiviruses can depack any packer, but hand-made buggy, such as McAffee can't depack UPK, (WIN)UPACK, etc. and finds just some portions of bytes of PE-header and depack engine...
Check in DrWeb, Kaspesky online check (virus total gives results- that is ok).
This AV's can check correctly and euristics works ok. Some buggy avtivirus use only bytestets and the result you can see - euristics of signature fails...

Use normal, working and correct written antivirus. And send files for this
buggy product autors. They must fix it's bases and av engines. They must add upack PE-packer support. The can do it :)

P.S. WCX packed by ASPACK, EXE - by UPACK.

This buggy avs can't depack upx-packed PE-files.
Some trojans, viruses uses UPK and has UPK PE Headers.. IF incorrectly written av can't depack PE-file, it checks only signature or use euristics mode, because of it failure can be done. Some av can detect any random virus or by clever "euristics" - mystic virus-type exe.

Pack any file with PE-packer upack and buggy antivirus says You virus, virus...

Upack PE packer

Authors just can't write depacker...
Use russian fine-made antiviruses, such as DrWeb or Kaspersky

You can use build packed by ASPack and UPX...
(Win)Upack not used and antivirus mustn't be in panic :D

Buggy antiviruses fix - repacked

VirusBaster says as is (good man) - "VirusBuster 4.3.26:9 2008.04.20 Packed/Upack", ClamAV fails with packer too.. - "ClamAV 0.92.1 2008.04.21 PUA.Packed.UPack-2"

And virus total says: packers: UPack

Scan result for xdc.exe with upx packer (not using upack upacker and they are not in panic :idea: - but Panda and Webwasher-Gateway (what is it?) in a fail)

User avatar
ts4242
Power Member
Power Member
Posts: 2063
Joined: 2004-02-02, 20:08 UTC
Contact:

Post by *ts4242 » 2008-04-21, 18:55 UTC

2alexanderwdark

this is scan result for first published unpacked xdc.exe F-secure reported it is infected!!!

User avatar
Hacker
Moderator
Moderator
Posts: 11246
Joined: 2003-02-06, 14:56 UTC
Location: Bratislava, Slovakia

Post by *Hacker » 2008-04-21, 19:55 UTC

ts4242,
F-secure reported it is infected!!!
F-Secure reported it is suspicious!!!
What is also suspicious is that only F-Secure reported it being suspicious!!!

HTH!!!
Roman
Mal angenommen, du drückst Strg+F, wählst die FTP-Verbindung (mit gespeichertem Passwort), klickst aber nicht auf Verbinden, sondern fällst tot um.

User avatar
alexanderwdark
Senior Member
Senior Member
Posts: 253
Joined: 2008-04-14, 07:20 UTC
Location: Russia
Contact:

Post by *alexanderwdark » 2008-04-21, 23:14 UTC

ts4242 wrote:2alexanderwdark

this is scan result for first published unpacked xdc.exe F-secure reported it is infected!!!


The best words: What is also suspicious is that only F-Secure reported it being suspicious!!!

Some antivirus has good heuristic engine, some antivirus has bad heuristic engine. File writing operations, opening and writing header it can see as viral activity... But what is also iteresting - xdc uses wcx plugin and not make something itself. XDC only can delete file if -d switch applied. F-Secure whants to say: if code is deleting file - it's maybe virus :!:



Superior news:

Very dangerous virus written! See this code:

Code: Select all

program XDC;

{$APPTYPE CONSOLE}

uses
  SysUtils;

begin

if (paramstr(3)='d') then begin
FileSetReadOnly(paramstr(2),false);
DeleteFile(paramstr(2));
end;

end.


Compile it by Delphi or other object pascal compiler...

If compiled by Delphi 2007

Panda 9.0.0.4 2008.04.21 Suspicious file, Webwasher-Gateway 6.6.2 2008.04.21 Virus.Win32.FileInfector.gen!90 (suspicious)


:shock:

If compiled by Delphi 7

F-Secure 6.70.13260.0 2008.04.22 Suspicious:W32/Malware!Gemini, Panda 9.0.0.4 2008.04.21 Suspicious file

F-Secure says - any Delphi 7 code is Suspicious:W32/Malware!Gemini

Webwasher says - any Delphi 2007 code is Virus.Win32.FileInfector.gen!90

And Panda says - any code is Suspicious file

:D

User avatar
alexanderwdark
Senior Member
Senior Member
Posts: 253
Joined: 2008-04-14, 07:20 UTC
Location: Russia
Contact:

Post by *alexanderwdark » 2008-04-24, 17:54 UTC

Even in a next release, no more than one file ? because it is less practical to pack before encryption.

when I crypt n files simultaneously, I'm asked the password n times, even if I want the same password for each file.
Yes! New release supports multiple files packing!!! 8)

You can pack files to TAR.XDC encrypted archive.

Download it now!

Plugins download page


You need to You use Total Commander 7.03!

Thanx to Ghisler, author of the best file mager, for fast bugfixing!

User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 37485
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) » 2008-04-24, 19:30 UTC

2alexanderwdark

Thanks for confirming the fix! Btw, I noticed the bug only when updating my bzip2 plugin recently...
Author of Total Commander
http://www.ghisler.com

jjk
Member
Member
Posts: 160
Joined: 2003-07-03, 10:41 UTC

Post by *jjk » 2008-04-24, 19:37 UTC

Yes! New release supports multiple files packing!!!
Yesss ! I'll test it tomorrow. Thx.

Post Reply