Objasnjenje za dekriptovanje file-ova imas na:
hxxp://forum.mininova.org/lofiversion/index.php?t234994521.html (xx=tt)
Ukratko:
instaliraj: hxxp://www.activestate.com/store/download.aspx?prdGUID=81fbce82-6bd5-49bc-a915-08d58c2648ca
za odgovarajuci OS.

iskopiraj sledeci kod u .txt dokument i preimenuj file u decode.pl



# Turn of output buffer
$|++;

# The key for XOR decryption
my $key = 'UIERYQWORTWEHLKDNKDBISGLZNCBZCVNBADFIEYLJ' . chr(0);

print "Reading from \"$ARGV[0]\":\n";
$insize = -s $ARGV[0];
# Open the bogus AVI file
open(IN, $ARGV[0]) or die $!;
binmode IN;

# Read Header to check
read(IN, $buffer, 4);
if ($buffer ne 'RIFF') {
print " ERROR: \"$ARGV[0]\" is not an AVI\n";
close IN;
exit(1);
}
# Get Length of the unencrypted movie
read(IN, $buffer, 4);
$offset = unpack 'L', $buffer;
print " End of the unencrypted movie is at byte offset $offset\n";

# Jump to the read offset
seek(IN, $offset, 0);

# The next 4 or 8 Bytes seem to be either an unsinged long
# or an unsigned quad. This is another offset to jump
# over some filler bytes. Right now I can't really tell if
# it's 4 or 8 bytes, because I only have 1 file to test with.
# I assume it's a quad.

# low word
read(IN, $buffer, 4);
$offlo = unpack 'L', $buffer;
# high word
read(IN, $buffer, 4);
$offhi = unpack 'L', $buffer;
# Calculate offset
$offset = $offhi * 4294967296 + $offlo;

print " Offset after the unencrypted movie is $offset\n";
seek(IN, $offset, 0);

# Then there seem to be another 100 filler bytes
# with value 0xff. Jump over those too, to get
# to the offset where the real movie starts.
printf " Adding extra filler bytes, final offset is %s\n", $offset+100;
seek(IN, 100, 1);

# Update the size
$insize -= $offset+100;

# Open a file for writing the decrypted data to
print "Decrypting to \"$ARGV[1]\":\n";
open(OUT, ">$ARGV[1]");
binmode OUT;
truncate OUT, 0;

$bytes = 0;
$klen = length($key);
# Read key length bytes, decrypt them and
# write them to the output file untill you reach
# the end of the file
while ( read(IN, $buffer, $klen) ) {
$buffer ^= $key;
print OUT $buffer;
$bytes += $klen;
# print the status
printf "\r %d written (% .1f %%)", $bytes, ($bytes / $insize * 100);
}
# Close both files
close OUT;
close IN;
print "\n\nDONE!\n";



prebaci .avi i decode.pl u isti folder (npr. C:\New)
u command prompt-u kucaj:
perl decode.pl ENCRYPTED_FILE.avi DECRYPTED_FILE.avi (ENCRYPTED_FILE.avi je naziv postojeceg .avi-ja ukoliko ima razmaka u nazivu stavi pod znake navoda) npr.
C:\New>perl decode.pl Spiderman3.avi DECRYPTED_Spiderman3.avi
DECRYPTED .avi ces moci da pustis iz bilo kog playera

P.S. 3wplayer ima virus



_{[Ovu poruku je menjao nesa1 dana 04.07.2007. u 10:14 GMT+1]}

i ja imam isti problem posto hocu da dekriptujem film , jednom sam se vec opeko sa virusom tako da ne zelim da skidam 3wplayer jer ima virus koji salje informacije sta radite u racunaru itd . evo informacije sa wikipedije

3wplayer is a rogue media player software application bundled with trojans that can infect computers running Microsoft Windows. It is designed to exploit users who download video files, instructing them to download and install the program in order to view the video. The 3wplayer is infected with Trojan.Win32.Obfuscated.en according to Kaspersky Anti-virus.

The 3wplayer employs a form of social engineering to infect computers. Seemingly desirable video files, such as recent movies, are released via BitTorrent or other distribution channels. These files resemble conventional AVI files, but are engineered to display a message when played on most media player programs, instructing the user to visit the 3wplayer website and download the software to view the video. The program is bundled with malware that has various undesirable effects, including attempting to disable anti-virus software.

This malware-related article is a stub. You can help Wikipedia by expanding


sve sam uradio kako je gore navedeno ali nece , javlja poruku da je pristup zabranjen dal i sam smeo da menjam naziv avi fajla ili ne. mozda je tu greska . Ako dekriptujem da li fajl moze da se iskopira kao takav ( otvoren ) za gledanje ili mora uvek da se prodje ista procedura molim Vas da mi odgovorite jer se prvi put srecem sa ovim .

Universal Mind, skini VLC i pokusaj sa njim. Trebalo bi da ti tvoji problematicini filmovi mogu da se puste na njemu.

VLC nece ni da cuje ,isto se ponasa kao i svi drugi plejeri na displeju i dalje pise da pronadjem 3Wplayer ipak cu da probam sa dekriptovanjem.

evo uspeo sam ovo gore navedeno radi hvala Neso !!!

E, sad sam video da je u pitanju kriptovan fajl.

samo da znate pod jednim naslovom koji je cesto trenutno aktuelan krije se drugi film, no sve jedno evo dobio sam i bolje od onog sto sam trazio

@nesa1: Hvala punoooo!!!

Hmmm, evo skidam Perl, samo jel ima veze koji paket se skida, ima AS Package i MSI, ja skidam MSI od 15.5 MB, i to verziju 5.8.8.820. Jel dobro skidam?

Pišem ovde jer mi je dokurčilo više s tim plejerom, skinuh ga, film radi, ali uplašio sam se zbog tog virusa u plejeru.

Jel postoji neki način da se taj trojanac ručno ukloni iz plejera?


Jel može neko obrazovaniji da mi objasni kako je uopšte moguće da se fajl toliko dobro šifruje da pokazuje onu glupo obaveštenje, a čak ni Mediainfo ili GSpot ne mogu da prikažu koji je to fajl. Ni virtualdub neće da da otvara, tj hoće ali sa onom porukom.




Dakle, ja sam zgranut ovim šifrovanjem, pa ljudi čak ni BlueRay nije tako dobro šifrovan kao ovo čudo. Baš me zanima kako su to odradili i da li se može, recimo, šifrovati neki video fajl tako da se pušta samo u BSPlayeru, na primer?

Dakle, sve se ovo ponavlja, samo što je sada u pitanju neki Doom Player i ne znam sajt gde je okačena dekoding procedura. Molim za pomoć.

Hvala.

Postoji vec napisan program za to, ako dozvole admini okacicu ga ovde. Zove se 3wFuc*er. Potrebno samo da instalirate dotnet i radi perfektno.