Aukiman
23rd August 2007, 10:07 AM
If anyone has come across any torrent movies that only play a short (20 second) clip showing the following text “This media file can only be played using 3wPlayer that is completely FREE … Please visit go.play3w.com to download!”.
DON'T do what it says!
3wPlayer is full of Malware crap, lost and lots of it. Definitely something you don't want on your PC.
If the torrent you are downloading is actually viable and LEGAL material and you need to remove this message you can use the following steps which I have actually tried and tested to work.
You will need to download and install Active Perl (http://www.activestate.com/store/productdetail.as px?prdGuid=81fbce82-6bd5-49bc-a915-08d58c2648ca) (free) .
After Installing ActivePerl you need to make a new text file, but rename it to something like "decode.pl"
paste the following code into the.pl file you just created then save it
# Turn of output buffer
$|++;
# The key for XOR decryption
my $key = 'UIERYQWORTWEHLKDNKDBISGLZNCBZCVNBADFIEYLJ' . chr(0);
print "Reading from \"$ARGV[0]\":\n";
$insize = -s $ARGV[0];
# Open the bogus AVI file
open(IN, $ARGV[0]) or die $!;
binmode IN;
# Read Header to check
read(IN, $buffer, 4);
if ($buffer ne 'RIFF') {
print " ERROR: \"$ARGV[0]\" is not an AVI\n";
close IN;
exit(1);
}
# Get Length of the unencrypted movie
read(IN, $buffer, 4);
$offset = unpack 'L', $buffer;
print " End of the unencrypted movie is at byte offset $offset\n";
# Jump to the read offset
seek(IN, $offset, 0);
# The next 4 or 8 Bytes seem to be either an unsinged long
# or an unsigned quad. This is another offset to jump
# over some filler bytes. Right now I can't really tell if
# it's 4 or 8 bytes, because I only have 1 file to test with.
# I assume it's a quad.
# low word
read(IN, $buffer, 4);
$offlo = unpack 'L', $buffer;
# high word
read(IN, $buffer, 4);
$offhi = unpack 'L', $buffer;
# Calculate offset
$offset = $offhi * 4294967296 + $offlo;
print " Offset after the unencrypted movie is $offset\n";
seek(IN, $offset, 0);
# Then there seem to be another 100 filler bytes
# with value 0xff. Jump over those too, to get
# to the offset where the real movie starts.
printf " Adding extra filler bytes, final offset is %s\n", $offset+100;
seek(IN, 100, 1);
# Update the size
$insize -= $offset+100;
# Open a file for writing the decrypted data to
print "Decrypting to \"$ARGV[1]\":\n";
open(OUT, ">$ARGV[1]");
binmode OUT;
truncate OUT, 0;
$bytes = 0;
$klen = length($key);
# Read key length bytes, decrypt them and
# write them to the output file untill you reach
# the end of the file
while ( read(IN, $buffer, $klen) ) {
$buffer ^= $key;
print OUT $buffer;
$bytes += $klen;
# print the status
printf "\r %d written (% .1f %%)", $bytes, ($bytes / $insize * 100);
}
# Close both files
close OUT;
close IN;
print "\n\nDONE!\n";
copy the decode.pl file to the directory that your 3wplayer encrypted file is in.
go 'START' --> 'RUN' and type the following syntax
perl decode.pl NAME_OF_ENCRYPTED_FILE.avi NAME_OF_DECRYPTED_FILE.avi
don't forget to put the file names in quotes if you have spaces in them . . . those of you not comfortable with command driven syntax may want to rename the movie file without spaces first so you dont have to worry about using quotes.
questions/queries/doubtful points feel free to post here
DON'T do what it says!
3wPlayer is full of Malware crap, lost and lots of it. Definitely something you don't want on your PC.
If the torrent you are downloading is actually viable and LEGAL material and you need to remove this message you can use the following steps which I have actually tried and tested to work.
You will need to download and install Active Perl (http://www.activestate.com/store/productdetail.as px?prdGuid=81fbce82-6bd5-49bc-a915-08d58c2648ca) (free) .
After Installing ActivePerl you need to make a new text file, but rename it to something like "decode.pl"
paste the following code into the.pl file you just created then save it
# Turn of output buffer
$|++;
# The key for XOR decryption
my $key = 'UIERYQWORTWEHLKDNKDBISGLZNCBZCVNBADFIEYLJ' . chr(0);
print "Reading from \"$ARGV[0]\":\n";
$insize = -s $ARGV[0];
# Open the bogus AVI file
open(IN, $ARGV[0]) or die $!;
binmode IN;
# Read Header to check
read(IN, $buffer, 4);
if ($buffer ne 'RIFF') {
print " ERROR: \"$ARGV[0]\" is not an AVI\n";
close IN;
exit(1);
}
# Get Length of the unencrypted movie
read(IN, $buffer, 4);
$offset = unpack 'L', $buffer;
print " End of the unencrypted movie is at byte offset $offset\n";
# Jump to the read offset
seek(IN, $offset, 0);
# The next 4 or 8 Bytes seem to be either an unsinged long
# or an unsigned quad. This is another offset to jump
# over some filler bytes. Right now I can't really tell if
# it's 4 or 8 bytes, because I only have 1 file to test with.
# I assume it's a quad.
# low word
read(IN, $buffer, 4);
$offlo = unpack 'L', $buffer;
# high word
read(IN, $buffer, 4);
$offhi = unpack 'L', $buffer;
# Calculate offset
$offset = $offhi * 4294967296 + $offlo;
print " Offset after the unencrypted movie is $offset\n";
seek(IN, $offset, 0);
# Then there seem to be another 100 filler bytes
# with value 0xff. Jump over those too, to get
# to the offset where the real movie starts.
printf " Adding extra filler bytes, final offset is %s\n", $offset+100;
seek(IN, 100, 1);
# Update the size
$insize -= $offset+100;
# Open a file for writing the decrypted data to
print "Decrypting to \"$ARGV[1]\":\n";
open(OUT, ">$ARGV[1]");
binmode OUT;
truncate OUT, 0;
$bytes = 0;
$klen = length($key);
# Read key length bytes, decrypt them and
# write them to the output file untill you reach
# the end of the file
while ( read(IN, $buffer, $klen) ) {
$buffer ^= $key;
print OUT $buffer;
$bytes += $klen;
# print the status
printf "\r %d written (% .1f %%)", $bytes, ($bytes / $insize * 100);
}
# Close both files
close OUT;
close IN;
print "\n\nDONE!\n";
copy the decode.pl file to the directory that your 3wplayer encrypted file is in.
go 'START' --> 'RUN' and type the following syntax
perl decode.pl NAME_OF_ENCRYPTED_FILE.avi NAME_OF_DECRYPTED_FILE.avi
don't forget to put the file names in quotes if you have spaces in them . . . those of you not comfortable with command driven syntax may want to rename the movie file without spaces first so you dont have to worry about using quotes.
questions/queries/doubtful points feel free to post here