Update SecureMyBit Stable - Released

tim one

Level 21
Trusted
AV-Tester
Joined
Jul 31, 2014
Messages
1,072
OS
Windows 10
Antivirus
F-Secure
#84
First of all great new UI and update @JM Security :)
I want to give just a graphic suggestion:

Cattura.PNG

Just to write a description of the menu indicated in the screenshot, otherwise maybe not all people know to select an item from the menu and if you don't select any item in the menu, the tab content doesn't provide any information.
 

JM Security

Level 30
Trusted
Joined
Apr 12, 2015
Messages
1,963
#86
Me three ;)

Thanks @JM Security for creating and sharing this new version of your indispensable software program. It just gets better and better!
Thank you @askmark :) :)
Thank you @Svoll I will submit as False Positive ;)
First of all great new UI and update @JM Security :)
I want to give just a graphic suggestion:


Just to write a description of the menu indicated in the screenshot, otherwise maybe not all people know to select an item from the menu and if you don't select any item in the menu, the tab content doesn't provide any information.
Great suggestion @tim one thank you :)
 

JM Security

Level 30
Trusted
Joined
Apr 12, 2015
Messages
1,963
#89
Download SecureMyBit 1.9 Stable (added new encoding extension system, several bug fixes, minor graphic improvements, other bug fixes in log file)



The new version include a more powerful and secure encoding system for the extension of the encrypted file(s), which can protect more the encrypted file(s) against a ransomware.
An encrypted file now becomes:

Code:
filenameSMB_<encodedextension>-[Encrypted]
smbext.PNG


System Specs graphic improvement done (Thanks to @tim one )

Thanks also to @Wave and @DardiM for the suggestions about the encoded extension.
 
Last edited:

tim one

Level 21
Trusted
AV-Tester
Joined
Jul 31, 2014
Messages
1,072
OS
Windows 10
Antivirus
F-Secure
#91
Awesome new version bro, that's for sure! Now the encrypted files are safer versus ransomware which use for example "contains" function to search files by extensions IMO. A test or review, would verify if it works fine. Already updated now ;)
 

JM Security

Level 30
Trusted
Joined
Apr 12, 2015
Messages
1,963
#92
Awesome new version bro, that's for sure! Now the encrypted files are safer versus ransomware which use for example "contains" function to search files by extensions IMO. A test or review, would verify if it works fine. Already updated now ;)
Thank you @tim one ,yes I think it would be more difficult for ransomware to identify files and encrypt them, since these files have the extensions encoded.
 
Joined
Jan 24, 2016
Messages
9
#96
This program does not erase your password from memory when it is entered. If you run a malicious program after you encrypt or decrypt a file, or if law enforcement decides to dump your memory, you are screwed, though I doubt this would be generically targeted by malware at the moment. Closing the application gives you something (mainly protection against userland malware), though it will likely remain in memory for some time (or until a reboot). The fact it can minimize itself to the system tray (thus preserving the password in memory) is amusing.

This will be an annoying issue to fix (sorry) because you have little control over memory in C#. Essentially, you need to zero all instances of the password once you're done with it. This is pretty hard. The UI elements or cryptography libraries might store their own non-zeroizable version of the password, and any string manipulation you do on the password might result in it being silently copied, making it hard to actually find what memory regions to zero. For example, my password is stored in 73 distinct memory regions inside the process. This is C#'s fault, but something that needs to be addressed.

Obviously, if you rewrite the cryptography portion in C(++), it will become much easier to zero memory.

If you want me to look at the cryptography behind this as well, feel free to send me the source code (the obfuscation is unnecessary and a bit off-putting for a sensitive application like this).
 

JM Security

Level 30
Trusted
Joined
Apr 12, 2015
Messages
1,963
#97
This program does not erase your password from memory when it is entered. If you run a malicious program after you encrypt or decrypt a file, or if law enforcement decides to dump your memory, you are screwed, though I doubt this would be generically targeted by malware at the moment. Closing the application gives you something (mainly protection against userland malware), though it will likely remain in memory for some time (or until a reboot). The fact it can minimize itself to the system tray (thus preserving the password in memory) is amusing.

This will be an annoying issue to fix (sorry) because you have little control over memory in C#. Essentially, you need to zero all instances of the password once you're done with it. This is pretty hard. The UI elements or cryptography libraries might store their own non-zeroizable version of the password, and any string manipulation you do on the password might result in it being silently copied, making it hard to actually find what memory regions to zero. For example, my password is stored in 73 distinct memory regions inside the process. This is C#'s fault, but something that needs to be addressed.

Obviously, if you rewrite the cryptography portion in C(++), it will become much easier to zero memory.

If you want me to look at the cryptography behind this as well, feel free to send me the source code (the obfuscation is unnecessary and a bit off-putting for a sensitive application like this).
Hello, thanks for your feedback. I will try to fix this critical bug. About the source code I decided to not share it with anyone, because it is closed-source. The main purpose of SecureMyBit is to protect against backdoors and malware which are able to send files remotely. A virtual keyboard is already provided against keylogger. I think you misunderstood the fact of system tray: if you minimize the window of SecureMyBit the program remains in memory, and there is no difference to minimize it with or without the system tray icon. If you close SecureMyBit, it will be deleted from memory.
 

JM Security

Level 30
Trusted
Joined
Apr 12, 2015
Messages
1,963
#99
Some explanations on SecureMyBit:

I would want to explain that every software is developed with a specific purpose, surely it is possible to implement new features and improve the ones already in place, and this is my work. But the main purpose of SecureMyBit, as I already mentioned, is to encrypt files and folders against malware, such as Backdoors, etc. So, even if the malware manages to connect to a server and send file(s), then the files are protected (or a PC access by someone). And by closing the program it will be removed from memory. With the latest version also the extension encoding system has been implemented, so there is more chance to be safer with ransomware(this doesn't mean all ransomware).
I will add additional info on the software on the homepage, in the "key features"
thanks for understanding.
 
W

Wave

Guest
@iangcarroll Sorry to burst your bubble but I've got a few problems with your post, I'll outline them, of course this is just my personal opinions...

This program does not erase your password from memory when it is entered. If you run a malicious program after you encrypt or decrypt a file, or if law enforcement decides to dump your memory, you are screwed, though I doubt this would be generically targeted by malware at the moment.
Of course, law enforcement can dump he memory and obtain the password... A malware analyst could do the same, or an attacker who has a bit of knowledge with reversing software... In fact, there would be easier ways to do it depending on how the password is stored and since the product is developed with the Microsoft Intermediate Language (MSIL - basically the .NET framework since it runs under the Common Language Runtime), anyone can reverse it to obtain some pseudo-code which is readable back to a language based in .NET (and deobfuscate it should it have these mechanisms applied, or unpack it, etc... Same way malware analysts do).

I don't think what you are talking about is really a concern which should be necessary to the developer, he's probably focusing on other things right now. There are tons of encryption programs which will have the same problem you are referring too, and if someone is determined enough then there's nothing you can do - for example, you can watch the network traffic to obtain the decryption keys from ransomware as it transmits the keys, depending on numerous factors.

Closing the application gives you something (mainly protection against userland malware)
This has nothing to do with user-mode or kernel-mode, it's a user-mode application and therefore it can be attacked from other user-mode applications - a device driver to protect the process and the process' threads is not necessary, it's not an Anti-Virus product.

This will be an annoying issue to fix (sorry) because you have little control over memory in C#. Essentially, you need to zero all instances of the password once you're done with it. This is pretty hard. The UI elements or cryptography libraries might store their own non-zeroizable version of the password, and any string manipulation you do on the password might result in it being silently copied, making it hard to actually find what memory regions to zero. For example, my password is stored in 73 distinct memory regions inside the process. This is C#'s fault, but something that needs to be addressed.

Obviously, if you rewrite the cryptography portion in C(++), it will become much easier to zero memory.

If you want me to look at the cryptography behind this as well, feel free to send me the source code (the obfuscation is unnecessary and a bit off-putting for a sensitive application like this).
He can still free the memory, and .NET has a garbage collector which automatically free's up memory - essentially, if he really wants, he can probably Platform Invoke to the Win32/NTAPI and use those functions for the encryption methods as opposed to using the .NET APIs which lead back to the Win32 -> NTAPI anyway. Then he can use functions like NtClose, ZeroMemory,... Or he can make a ASM/C/C++ DLL (native) and have the encryption take place there, and then P/Invoke to call the functions so the main functionality is done in ASM/C/C++ but the GUI is based in .NET.

Honestly I don't think any of this is necessary for him to bother focusing on right now, it's just a normal encryption utility project he is working on, and to me it looks like he's going in the direction of hiding files from ransomware and encryption against normal people, not advanced analysts and forensic teams.

Sorry but I don't know what you expect, he's a .NET developer, he can't just learn a lower-level language overnight... It seems to me you just want the source code, you even checked about his obfuscation? ....
 

Similar Threads

Similar Threads