从恶意软件识别的角度来看,我的 WPF .NET 4 应用程序有几个问题:
- 它必须直接从拇指驱动器运行
- 它必须允许用户设置与主机相关的设备安全性
- 设置设备安全性后,设备上绝不能有解密文件
- 它必须将文件解密到主机的临时目录
事实证明,现在存在“勒索软件”,它会加密用户的文件,然后要求为解密密钥付费。
尤其是卡巴斯基,将文件加密过程标记为恶意软件,并非常有效地杀死了应用程序。加密时,卡巴斯基会识别恶意软件,标识为PDM:Win32.Generic,然后继续检测、终止和删除。对已加密设备的扫描返回 100% 干净 - 没有问题。
这是文件加密/解密代码。它改编自 CodeProject 文件加密文章。这段代码中是否有一些东西会引发 AV 软件的怀疑?我只使用纯 .NET,没有 3rd-party 库:
/// <summary>
/// Encrypt a file with a user-supplied password.
/// WARNING: File will be lost if password is forgotton.
/// </summary>
/// <param name="inputFile">
/// The name of the unencrypted file to encrypt.
/// </param>
/// <param name="encryptedFile">
/// The name of the newly encrypted file to created.
/// </param>
/// <param name="clearTextPassword"></param>
/// <param name="salt">
/// You can bypass this and use the predefined salt in this class
/// BUT IT IS NOT RECOMMENDED. Your code should provide an 8-byte
/// array for the salt.
/// </param>
public static void EncryptFile( string inputFile, string encryptedFile,
string clearTextPassword, byte[] salt = null )
{
salt = salt ?? FileSalt;
byte[] key = new Rfc2898DeriveBytes( clearTextPassword, salt ).GetBytes( 16 );
FileStream fsCrypt = new FileStream( encryptedFile, FileMode.Create );
RijndaelManaged rmCrypto = new RijndaelManaged();
rmCrypto.Padding = PaddingMode.PKCS7;
CryptoStream cs = new CryptoStream( fsCrypt,
rmCrypto.CreateEncryptor( key, key ),
CryptoStreamMode.Write );
FileStream fsIn = new FileStream( inputFile, FileMode.Open );
int data;
while( ( data = fsIn.ReadByte() ) != -1 )
cs.WriteByte( (byte)data );
fsIn.Close();
cs.Close();
fsCrypt.Close();
}
/// <summary>
/// Decrypt a file with a user-supplied password.
/// </summary>
/// <param name="inputFile">
/// The name of the encrypted file to decrypt.
/// </param>
/// <param name="unencryptedFile">
/// The name of the unencrypted file to create.
/// </param>
/// <param name="clearTextPassword"></param>
/// <param name="salt">
/// You can bypass this and use the predefined salt in this class
/// BUT IT IS NOT RECOMMENDED. Your code should provide an 8-byte
/// array for the salt.
/// </param>
public static void DecryptFile( string inputFile, string unencryptedFile,
string clearTextPassword, byte[] salt = null )
{
salt = salt ?? FileSalt;
byte[] key = new Rfc2898DeriveBytes( clearTextPassword, salt ).GetBytes( 16 );
FileStream fsCrypt = new FileStream( inputFile, FileMode.Open );
RijndaelManaged rmCrypto = new RijndaelManaged();
rmCrypto.Padding = PaddingMode.PKCS7;
CryptoStream cs = new CryptoStream( fsCrypt,
rmCrypto.CreateDecryptor( key, key ),
CryptoStreamMode.Read );
FileStream fsOut = new FileStream( unencryptedFile, FileMode.Create );
int data;
while( ( data = cs.ReadByte() ) != -1 )
fsOut.WriteByte( (byte)data );
fsOut.Close();
cs.Close();
fsCrypt.Close();
}
请注意,我对关于我使用字符串与 SecureString 作为明文密码等的评论并不十分感兴趣,除非该信息有助于解决 AV 问题。