Encryption of files and folders is a way for many users to protect data. Unfortunately, many do not choose EFS encryption, but use third-party tools for protection.
There is a major security risk, because many encryption tools use System bugs for data protection. Strictly speaking, this data protection is asymmetric. For those who know this, it is easy to enable encrypted data.
Generally, this type of ghost encryption software uses two methods for encryption:
1. by renaming and hiding files and placing them into the system recycle bin, the system will encrypt the files. records will be identified in the software for data recovery.
2. the file cannot be opened directly by using the BUG that the special folder cannot be accessed.
The effects of some encryption software are not flattering. Using WinRAR or TC tools that can view hidden files, the encrypted data is displayed.
Of course, it is not difficult to crack a little arrogant encryption software. In combination with several DOS Commands: CD and DIR (parameter X), you can find the encrypted data.
Because the operation in DOS is troublesome, we use a folder sniffing tool that has been encapsulated and has a GUI for testing.
Download a "XX folder encryption Protector", which has nearly 0.2 million downloads and is widely used. We have created a file folder on the fdisk, and a 1.txt file in the folder. The above content is used as an encryption sample.
"XX folder encryption and protection" is easy to use. after entering the program with the default password, you can set hidden items (including icons and pseudo folders ). Right-click the folder to be encrypted, select "encrypt local folder", and enter the password to complete encryption.
498) this. style. width = 498; "align = no>
Encryption Interface
The password is required to access the folder again. Everything looks normal. But let's see if you can use CMD first?
Go to the drive E, enter dir and press Enter. The folder 1234 is not found. Then enter cd 1234 to see it? It can be accessed normally! The typical use of the system BUG to hide! Input 1.txt again, and the corresponding text can also run normally.
498) this. style. width = 498; "align = no>
No encrypted folder found
498) this. style. width = 498; "align = no>
Direct access to encrypted folders
498) this. style. width = 498; "align = no>
You can directly run the encrypted file
Some may have questions: I know the name of the encrypted file and folder in advance. If the target name is not known to the other party in the normal encryption order, can the encryption effect be achieved? The above results show that the following dir method can completely crack this encryption method.
Open the folder sniffer. Select disk F for scanning. We found that all the so-called encrypted files are exposed and can be moved or copied at will.
498) this. style. width = 498; "align = no>
Attackers can easily sniff encrypted files.
498) this. style. width = 498; "align = no>
Test the HEX file type
Even for some encryption software that changes the file name, you can easily use HEX data identification to test the file type function through the sniffer.
Through this example, it is not difficult to find that many encryption software is hard to hurt. I would like to remind you that if an encryption software is fast and claims to be effective, you should be more vigilant. These encryption software may be using System bugs to encrypt data. They are not involved in real data encryption operations, resulting in fast encryption!
You can use the sniffer to test the encryption software you are using. Many "Masters" and "experts" will reveal the stuffing. If you really need to encrypt data, you may want to use the PGP encryption tool to use file operation monitoring in the Windows Kernel to protect files and folders. This is currently one of the best and most secure encryption methods.