[tor-bugs] #6181 [Ooni]: Evaluate Alkasir
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Mon Jun 18 10:43:40 UTC 2012
#6181: Evaluate Alkasir
---------------------+------------------------------------------------------
Reporter: hellais | Owner: hellais
Type: task | Status: new
Priority: normal | Milestone: Sponsor H: June 2012
Component: Ooni | Version:
Keywords: | Parent: #5865
Points: | Actualpoints:
---------------------+------------------------------------------------------
Changes (by Shondoit):
* cc: Shondoit (added)
Comment:
The installer unpacks the files to a folder.
alkasir.exe, alkasirB.dll, proxy.dll, servrlib.dll,
./ar/alkasir.resources.dll and ./en/alkasir.resources.dll are all .NET
binaries.
I've been able to decompile these to C#.
Now, what would be the best course of action to share these amongst
ourselves without disclosing it to the public?
Other than that, it contains alkasirS.exe which looks like a modified
version of PuTTY with obfusction, called PoTTY; See:
http://www.mrhinkydink.com/potty.htm
libeay32.dll and ssleay32.dll look like OpenSSL 0.9.8k.
And the folder xulrunnner contains all sorts of binaries, which looks like
a stock version of xulrunner 1.9.1.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6181#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list