alexanderwdark wrote:
I.e. when you enter in archive you see some random name, when you extract (with valid password or key), you get real file name? Or you need some special option - "show hidden file name" to decrypt hidden names by password.
Both
And it would be nice if darkcrypt could remember a password the way truecrypt handels the driver cache. I.e. you have to enter the password only once and it stays there until you wipe the cache.
You can try latest build of plugin, where there is new option to restore original file name, which is encrypted. This is combination of fake file name option and auto-renaming of decrypted file to it's real, hidden name.
29.05.2010: New build of DarkCryptTC and DarkCryptGUI was uploaded. Some ciphers were added, such as FCrypt from RedHat. Main site not working now, so use mirror links.
ghisler(Author) wrote:Some users with McAfee Antivirus have recently complained about a troyan in xdc.EXE, which is part of DarkCryptTC.
Here are two scans of xdc.EXE from virustotal, one is part of your latest package, and one part of TCUP: 1 and 2.
These look like false alerts, but what might be causing them? And can you do something to prevent them?
XDC.EXE - simple dynamic link library wrapper. I see, such problem with heuristic engines of some AV give false alarm on all wrappers (for console app mode) of my plugins. Code is very simple, and has no destructive part I see only one way - send false alarm sample to AV. I have no McAfee, but my Kaspersky, DrWeb and Avast says ok with no f/a.
P.S. I find some way to prevent this f/a. Unpack binary. Just use latest UPX packer: "upx -d xdc.exe". I think, I can put unpacked version of utility in packages..
Ah, so it was caused by UPX? That's the main reason why I stopped using UPX for Total Commander - Antivirus programs which were either terribly slow unpacking it, or saw it as a suspious program...
ghisler(Author) wrote:Ah, so it was caused by UPX? That's the main reason why I stopped using UPX for Total Commander - Antivirus programs which were either terribly slow unpacking it, or saw it as a suspious program...
I think yes - some of av simple do signature scan without unpacking or say "it's suspicious" for every program of library. This is trick of some av software, bad approach - there are lots of false alarms, in such a cases we can't pack our programs. Some vendors think: PE packer can use only virus writers. Good user can use only not packed software. (instead of good heuristics and fast/universal unpacker/emulator)
08/23/2010: Plugin was updated. Lots of ciphers are moved to blockapi engine, duplicate ciphers are excluded. Also some fixes applied. Libraries are moved to kernel subdirectory. Warning: before update you need to decipher data, if non-blockapi and non-stream cipher was used.
I am new to this plugin. And I have couple questions if you do not mind
-How do I use it?
-What key files does it accept? Can I use my gpg or ssh key files?
thanks
Hi, kerem!
- This plugin you can use as TC wcx (packer) plugin. Simple "pack" one file to encrypted xdc container or more files/folders to tar.xdc container.
- You can use simple passwords or key files in some file for symmetric encryption or public/secret keys when non-symmetric encryption (RSA, etc.) used
Keys has their own format, no compatibility.
06.03.2011: Plugin has been updated. Now you can hide you data in any Win32/PE .exe or .dll file - new steganographic feature. You can get new buid of plugin here.
08.07.2011: Plugin has been updated. New innovative steganographic algorithm implemented. Patent-pending Random secret distribution (RSD) mode is the way for absolute protection against restoring encrypted data array. Target of this algorithm is generation of unique secret matrix for each data set, so only way for get data back is password-based regeneration of this matrix.
08.07.2011: Plugin has been updated. Some RSD mode optimizations. By default implemented RSD password query and caching. Now you can generate RSD stream cache for stego speed up. How to use it read in steganography.txt