ScamWatch

ScamWatch

About The Blog

Info, updates and miscellaneous about online scams and how to avoid them

New UnZixWin version

UnZixWinPosted by NeverShaveYourDuck Thu, August 04, 2016 21:22:11
An update has been released which introduces a number of new features. It now uses the Windows Common Controls plus a few other libraries, so need to be installed running an installer.

It can be downloaded at
http://www.kennethsorling.se/downloads/unzixwin_0_1_1.zip

window.onbeforeunload = function() {}
Unzip the contents, run the installer. It creates a program group and shortcut on the start menu. Launch it from there.

UnZixWin can now extract multiple files in one go. Internal paths should be preserved upon extraction, so any hierarchy in the archive would be preserved.

CTRL-A selects all files,
CTRL-N deselects all files, and you can select/deselect single files with CTRL-click, and a range of files with SHIFT-click. You can also invert the selection by pressing CTRL-I.

Rembember to be safe. Treat the contents of Zix files as highly suspect. Don't muck around with them without antivirus activated.


  • Comments(0)//scamwatch.kennethsorling.se/#post19

fUN(z)IX

UnZixWinPosted by NeverShaveYourDuck Sat, December 22, 2007 23:40:57

Good news for Linux/UNIX users:

Fellow scambuster Mike Frysinger has created a C program which extracts the contents of ZIX archives, and put the package online. He calls it funzix, and its homepage is located at http://funzix.sourceforge.net/

It's a command-line utility, and has been confirmed by Mike to work with both version 1.0 and 2.0 zix archives.

The package can be found at SourceForge, and is supposedly platform independent. Since his development platform is unix-based, developers working in other platforms may have to do some massageing to build. In particular, the makefile. What needs to be done should be obvious. Also, you'll need a copy of the ZLIB library, if you don't already have it installed.

Since I posted this entry, I've had the chance to check out his code. It's pretty good; nice, clean and well-commented.

If I have one hesitation, it is the choice of the stdio file handling functions. Invented in a time out of mind, I'm not sure they stand up to the 4GB barrier.(some internal file pointers need to be quad-words, a need unconceived of when the FILE structure was invented). This may have been patched in recent versions and builds of common C development kits and libraries, but you should check your development environment for this.

Kudos to Mike for getting involved, and for sharing his efforts with the rest of us.

  • Comments(1)//scamwatch.kennethsorling.se/#post14

Temporarily Out Of Commission

UnZixWinPosted by NeverShaveYourDuck Tue, December 18, 2007 22:37:53

First of all, thanks to all of you who have written me with praise and encouragement. Although I may not always reply, it means a lot to me.

This post is just to let you know I'll be offline for the next few weeks.
(Tip: pay your utilites bills! Those guys aren't kidding around!).
Until I can whip up the equivalent of roughly $3000, none of my computers will have the power to boot up. Consequently, for all practical purposes, I'll be offline until further notice. Living in the dark isn't all that bad; candle light is a romantic touch. But being offline... :P

Offline doesn't mean out of touch. I'll be checking in from time to time, and will be responding to e-mail, but will be unable to seed any new versions or fixes. Furthermore, I won't be able to investigate any error reports, since I can't download and test the files which may cause any errors. Don't let that discourage you from writing, however; I'll keep the mail, and will respond as soon as I have the power (pun intended) to do so. But you will need to have a bit of patience.

Happy holidays, everyone!

//NeverShaveYourDuck

  • Comments(0)//scamwatch.kennethsorling.se/#post13

New installer online

UnZixWinPosted by NeverShaveYourDuck Sun, November 25, 2007 21:46:35

Many people have had problems running the setup package last published, and I've identified the source of the problem.

The last installation package, unbeknownst to me, included a few system DLLs which really didn't need to be distributed, as they were almost certain to be on the user's system anyway, and probably in more recent versions.

To all who have tried to install UnZixWin 0.0.9 without success, try downloading this more svelte package. With just a bit of luck, it will work much better.

It is still version 0.0.9, with a minute bugfix. You can now open and analyze files which are still being seeded and/or played. Previously, UnZixWin required exclusive access to the file. This requirement has been removed.

  • Comments(2)//scamwatch.kennethsorling.se/#post12

About installing UnZixWin replacing DLLs

UnZixWinPosted by NeverShaveYourDuck Thu, October 11, 2007 05:20:53
A quick note to those who want to install UnZixWin 0.0.9 mentioned below:


During the installation process, you may get asked whether you want to replace your current version of a certain DLL with an older one from the installation.

Your gut reaction, off course, is to click 'no'. And that is precisely what you should do, especially if you're running Vista.

The DLLs in question do not affect the operation of UnZixWin, so do not need to be the version included in the installer. Keeping your current DLLs is the sensible thing to do. Replacing them should do no harm, but don't take the chance.

In case UnZixWin doesn't work on your particular ZIX or AVI file, the cause will be either that the file is damaged or garbage, or a bug somewhere in my code. It has nothing to do with DLL versions. Get in touch with me for help determining the cause of the problem.

Cause:
The development machine I used to create the setup package runs on Windows XP, and I've since discovered that the latest service pack hadn't been properly installed when I created the setup package. Boy is my face red!

WinVista uses newer DLLs and those should be used instead. Even XP users should be wary of DLL replacement.

Resolution:
The setup package containing the outdated DLLs are already in circulation beyond my control (that is how BitTorrent works). So I can't change that, only the package on my site (which I'll be doing very shortly).

Crap like this is why I didn't want to create a setup package to begin with.

  • Comments(0)//scamwatch.kennethsorling.se/#post9

UnZixWin finally available

UnZixWinPosted by NeverShaveYourDuck Tue, September 18, 2007 03:50:28

The new version, which handles the new ZIX format, is now finally available for download.

ZIP version (4.79 MB)

Bittorrent file (so you can share the burden of uploading)

Sorry about dragging my feet this last week, folks. As a small token of gratitude for your patience, I went ahead and added support for 3w-encoded AVI files.

Thus, if your'e unlucky enough to encounter another ZIX archive, or another encrypted AVI file, this utility should be all you need.

Cheers!

//NeverShaveYourDuck

  • Comments(7)//scamwatch.kennethsorling.se/#post7

New WinZix format cracked!

UnZixWinPosted by NeverShaveYourDuck Fri, September 07, 2007 15:54:08
Jump for joy!

Thanks to a few alert users who pointed me to a certain ZIX archive online, I hit paydirt. This archive contained multiple files and a folder hierarchy, which was all I needed to complete the puzzle. I have now dissected the new format almost completely.

As a consequence, I've been able to update UnZixWin to handle the new format in a reliable and stable way, beating a few of my fellow hackers to the punch.

Unfortunately, the new version of UnZixWin requires support from a few external COM components, which need to be installed and registered. Which is why I had to cave in and finally create a setup package. Oh well, it was really only a matter of time.
On the upside, I can finally add some UI features (toolbars, a proper status bar, listview, treeview) which makes the utility look like a real application and not just like a noob hack. That was long overdue.

All those who have gotten in touch with me will receive a mail with a torrent file which they can use to download the new version of UnZixWin. I'll naturally also post the torrent on a few select tracker sites (if you found this page, chances are you frequent them.)

A web page dedicated to the UnZixWin utility wiill soon be sited here. Those of you just joining the party can download the software from that page.

A full description of the new format will be found here.

Coming up:

The layout and encryption (such as it is) of the 3w-encoded AVI files (more on them under the Common Scams category) has been cracked. It isn't particularly complex, either.
Therefore, I'll shortly add functionality to UnZixWin to open and decode 3w-encoded AVIs as well. Look for that in version 0.1.0 or thereabouts.

  • Comments(0)//scamwatch.kennethsorling.se/#post4

NEED YOUR HELP

UnZixWinPosted by NeverShaveYourDuck Fri, August 10, 2007 00:15:16
A call to all users reading this because UnZixWin won't work with your downloaded ZIX archive: Get in touch!

The source of your problem is that the ZIX format has changed dramatically since my initial releases. Version 2.0 has hit the internet, just as virulent and just as bad, but even more challenging. Presently available utilities (including mine) won't work with these files. But good news is coming. Research is underway, by me as well as others, and we're slowly figuring out how this new format works.

I have even compiled a small command-line utility which just might work for some new ZIX files, some of the time.

My problem is, I have so far come across a total of 2 such files (thanks to alert users who got in touch and provided me with the torrents to them), each of which just contained garbage data.
I need more examples to cross-reference if I am to make any headway. More specifically, I require ZIX archives containing at least two or more valid data files inside. By valid, I mean data files of a known format which are not just a bunch of random garbage data. This, so I can verify that my extraction and decompression routines work as they should.

But where to find new ZIX archives? You can't actively search for ZIX archives on the torrent sites, since they are usually hidden inside RAR or ZIP archives. You have to actually hit a kind of unlucky jackpot to come across one. If you're reading this, it means you have. Which means we can help each other. I have the programming savvy to figure out how to get at the contents. You have the data I need to figure it out.

I need more example ZIX archives to analyze, so write me a message at nevershaveyourduck@gmail.com and attach the torrent you used to download whatever contained the ZIX archive. If you don't have the torrent, provide as much information as you can about where you downloaded it from (a full URL is always best). Don't worry about what the contents are or how many files might be inside (chances are, you won't be able to figure that out anyway). Just get in touch if you come across one of these ZIX files.
Yes, I will probably be the only one who willingly and consciously will download ZIX files. At least, until I crack the problem.

New Discoveries

We are making progress. Some of the structure of ZIX 2.0 archives has been deduced. There is already enough information that the first file of any archive might conceptually be extracted. Problem is, that file may not be the one you want extracted. Instead, you could get a virus-infested executable or spam pointing to other scam sites, such as 3wPlayer. And as yet, we don't know how the new format handles directory structure or how the internal directory is arranged.

Even more of my predictions have proven valid. The new WinZix 2.0 format uses zlib compression to do its work. As I guessed, the scam artists behind WinZix aren't smart enough to invent their own compression scheme. They had to rip off someone else's.

This is both good news and bad.

The good news is, I know a great deal about zlib and how to decode it. And, since zlib offers no encryption capability as yet, this means that (probably) no encryption is used in version 2.0. That is excellent. Decrypting is exceptionally difficult, expecially if you don't know what method is employed.

The bad news is, decoding this requires a C++ library which can't readily be used from Visual Basic (which is what UnZixWin is written in). There is a DLL, but it uses the wrong kind of calling convention. You don't have to know or understand what I'm talking about, only this:
It is unusable from VB without some wrapper code written in C++. And I might have to rewrite the whole damn thing in C++ from the ground up. And at the moment, I don't have the time to undertake such an endeavor.

So when UnZixWin 0.0.8 or 0.0.9 gets released, it will probably contain one or more new DLL's: the ZLIB1.DLL and a wrapper DLL to interface with VB. And this, friends and neighbors, means that I have to provide an installation package after all. Darn!

But: I won't release any more versions until I've gotten a full grasp of the new format! I want to save myself the embarrassment I experienced after the release of 0.0.5, when I didn't have enough information to handle all nuances of the initial ZIX format.

Bottom line: feed me more ZIX torrents. I need samples to analyze.
Thanks in advance.


Thanks also to those of you who have already gotten in touch and are waiting for news from me. A slowly growing list of UnZixWin users are in my news pipeline, but I want to have better news before I spam you with email. Thank you for your patience and understanding.

Cheers!
//NeverShaveYourDuck


  • Comments(0)//scamwatch.kennethsorling.se/#post3
Next »