ScamWatch

ScamWatch

About The Blog

Info, updates and miscellaneous about online scams and how to avoid them

NEED YOUR HELP

UnZixWinPosted by NeverShaveYourDuck Fri, August 10, 2007 00:15:16
A call to all users reading this because UnZixWin won't work with your downloaded ZIX archive: Get in touch!

The source of your problem is that the ZIX format has changed dramatically since my initial releases. Version 2.0 has hit the internet, just as virulent and just as bad, but even more challenging. Presently available utilities (including mine) won't work with these files. But good news is coming. Research is underway, by me as well as others, and we're slowly figuring out how this new format works.

I have even compiled a small command-line utility which just might work for some new ZIX files, some of the time.

My problem is, I have so far come across a total of 2 such files (thanks to alert users who got in touch and provided me with the torrents to them), each of which just contained garbage data.
I need more examples to cross-reference if I am to make any headway. More specifically, I require ZIX archives containing at least two or more valid data files inside. By valid, I mean data files of a known format which are not just a bunch of random garbage data. This, so I can verify that my extraction and decompression routines work as they should.

But where to find new ZIX archives? You can't actively search for ZIX archives on the torrent sites, since they are usually hidden inside RAR or ZIP archives. You have to actually hit a kind of unlucky jackpot to come across one. If you're reading this, it means you have. Which means we can help each other. I have the programming savvy to figure out how to get at the contents. You have the data I need to figure it out.

I need more example ZIX archives to analyze, so write me a message at nevershaveyourduck@gmail.com and attach the torrent you used to download whatever contained the ZIX archive. If you don't have the torrent, provide as much information as you can about where you downloaded it from (a full URL is always best). Don't worry about what the contents are or how many files might be inside (chances are, you won't be able to figure that out anyway). Just get in touch if you come across one of these ZIX files.
Yes, I will probably be the only one who willingly and consciously will download ZIX files. At least, until I crack the problem.

New Discoveries

We are making progress. Some of the structure of ZIX 2.0 archives has been deduced. There is already enough information that the first file of any archive might conceptually be extracted. Problem is, that file may not be the one you want extracted. Instead, you could get a virus-infested executable or spam pointing to other scam sites, such as 3wPlayer. And as yet, we don't know how the new format handles directory structure or how the internal directory is arranged.

Even more of my predictions have proven valid. The new WinZix 2.0 format uses zlib compression to do its work. As I guessed, the scam artists behind WinZix aren't smart enough to invent their own compression scheme. They had to rip off someone else's.

This is both good news and bad.

The good news is, I know a great deal about zlib and how to decode it. And, since zlib offers no encryption capability as yet, this means that (probably) no encryption is used in version 2.0. That is excellent. Decrypting is exceptionally difficult, expecially if you don't know what method is employed.

The bad news is, decoding this requires a C++ library which can't readily be used from Visual Basic (which is what UnZixWin is written in). There is a DLL, but it uses the wrong kind of calling convention. You don't have to know or understand what I'm talking about, only this:
It is unusable from VB without some wrapper code written in C++. And I might have to rewrite the whole damn thing in C++ from the ground up. And at the moment, I don't have the time to undertake such an endeavor.

So when UnZixWin 0.0.8 or 0.0.9 gets released, it will probably contain one or more new DLL's: the ZLIB1.DLL and a wrapper DLL to interface with VB. And this, friends and neighbors, means that I have to provide an installation package after all. Darn!

But: I won't release any more versions until I've gotten a full grasp of the new format! I want to save myself the embarrassment I experienced after the release of 0.0.5, when I didn't have enough information to handle all nuances of the initial ZIX format.

Bottom line: feed me more ZIX torrents. I need samples to analyze.
Thanks in advance.


Thanks also to those of you who have already gotten in touch and are waiting for news from me. A slowly growing list of UnZixWin users are in my news pipeline, but I want to have better news before I spam you with email. Thank you for your patience and understanding.

Cheers!
//NeverShaveYourDuck


  • Comments(0)//scamwatch.kennethsorling.se/#post3