After using the U plate, the motion hard disk encryption tool encryption folder, after I use the document sniffer tool also does not look at the encryption, the real document, when scans the discovery with the Jinshan poisonous tyrant, probably these documents are hidden the preservation in \ Thumbs.dn \ 7. in \ (sometimes that 7. 7 are other digit), but I like this cannot enter directly, therefore I specially have studied to this section of encryption tool, below said my dessert.
We in D plate newly built folder like lskr, namely the address are D:\lskr first, puts a document casually in inside, I have put the size respectively am 168KB and 681KB exe document lskr1.exe and lskr2.exe, then (document named addpass.exe) puts the U plate encryption tool green color print, moves this addpass.exe, after the password is 123456 encryptions, front two document vanishing, are only left over addpass.exe this document.
We in “my computer pneumatic tool - folder option - examined that” cancels chooses “demonstration all documents and the folder”, also “the osfile which protects (recommendation) is checked off before the hideaway”, colludes with “the display system folder's content”, by now demonstrated another two hideaway document Thumbs.dn and desktop.ini, in the desktop.ini content are: [.ShellClassInfo] InfoTip= folder IconIndex=2 IconFile=addpass.exe ConfirmFileOp=1 looked under has been probably useless to us, did not need to manage it, looked again Thumbs.dn the size had 850KB, was similar with that two document's overall size, did not use the suspicion, that two documents were certainly hide in inside, the direct double click entered Thumbs.dn, discovered that inside had “to increase the printer” and “Microsoft Office Document Image Writer”, had not discovered we sought the document, which that two documents have run go?
We in start - the movement - to input cmd, determined, enters MS-DOS, the input “cd \” the carriage return enters C: , input “D: ” the carriage return enters D: , the input “the cd d:\lskr\Thumbs.dn” enters Thumbs.dn, inputs “the dir /a” again, at this time we discovered that inside has several documents: 117789687,117789687LIST.men,1.mem,2.mem and desktop.ini, we discovered that 1.mem,2.mem the size with that two documents which puts first just almost, after therefore they should be the encryptions from the definition form document, we comes out their copy to look directly, the use order “copy the 1.mem D:\” and “copy the 2.mem D:\” these two document copying D plate, then changes theirs suffix by .mem .exe, by now we surprised discovered they restore the original appearance, with puts when document besides filename same, looks like this kind of so-called U plate encryption is only simple changes suffix, then hides again.
Although we can find encryption from now on document, could next step we explain that encryption the password? We discovered that also has document 117789687LIST.men, but this document is very possible to use for to preserve the password, the use order “copy the 117789687LIST.men D:\” and “start 117789687LIST.men”, prompts the document which the system could not find assigns, by now we used “attrib 117789687LIST.mem - s - h - r”, delete files' shr attribute, used the order again “start 117789687LIST.mem”, opened with the text documents, discovered that inside was a long string character, thought originally this will be the password after encryption from now on code, afterward I traded a password to encrypt, discovered that inside the code content has not changed, but when I needed to encryptWhen the document increases or the reduction, inside content along with it change.
Other pages: : 1 * 2 * Next>>
|
You are here: hacking technology
> encryption decipher
> Content
Category: Home
> encryption decipher
