Update: In retrospect of writing this, I think I’m going to start a new section in the blog called “Tips from a Hack” to hopefully educate people and try to prevent issues like this in the future. If anyone else has suggestion on tips or things they would like to know about, email me.
There are somethings I get asked to do quite frequently, most I won’t do because they are illegal or unethical or some combination of the two. Occasionally, I’ll have people ask me to recover password for them. Most times it’s easy and very doable; however, sometimes there isn’t much I can do due to the nature the request. The other day I got one from a lady that had fallen into a scam.
If you’re ever really bored sometime, find a software product you like and drop it into to Google. For example, Photoshop. You’ll notice one of the “sponsored” links is a site that offers you a download and all you have to do is complete several small, stupid tasks. We’ll after moving around from site to site, they provide you with a file to download, but you’ll need to provide a “password” found by going to another site and searching for some magic term. This is of course all done in an effort to get referrals and advertising and malarkey of that crap.
Most users would hope that after they finshed doing all of this, they would get their software … yea, right. Most times, these site provide corrupted files. Other times, they are password protected with passwords that would never appear on any site. So that’s where I came in. This lady had gone through probably 15 different sites and around $50 to get an update to Photoshop CS3 and just couldn’t seem to get anywhere.
Enter Hacker for Hire.
So I get the file she’s looking at and I can tell right away that things aren’t adding up. First off, I hear the story and I know that it’s just not going to end well. Second, when I get the file, it’s only 6mb. Now I’ve not used Photoshop recently, but I have downloaded other Adobe and it can only be described as bloatware. Don’t get me wrong, Photoshop is great and does and excellent job but it falls into that category where programmers have just given up on how bloated their code gets. Micro-rant asside, there is no way an update from CS2 to CS3 is going to be only 6mb.
So I start to crack the zip file (thank you [fcrackzip]!) and just let the crack run overnight. The result?
PASSWORD FOUND!!!!: pw == t5MbAQ
Some would think this is success, but I like to check again just to make sure …
skipping: TheProduct/product.zip incorrect password
Anyone else see the problem? It’s the right password for the first file in the zip, the directory, but not for the actual content, which is probably another password protected zip file. I thought about taking the time to patch fcrackzip to deal with this, but I already knew the truth. This was a sham, plain and simple.
So a lesson for everyone out there, think twice before you submit any information online. If it sounds to good to be true, it almost certainly is. Try to remember to buy from trusted sources, like Amazon.com or something like that instead of these scam artists.: http://www.goof.com/pcg/marc/fcrackzip.html