Breaking Wondershare Repairit Using Process Hacker

Monitoring system file handles to obtain repaired files.

Introduction

Wondershare provides many software solutions from video editing software to file recovery utility. I came across Wondershare Repairit when attempting to fix corrupted video which would not load into Sony Vegas when trying to import downloaded Twitch Clips. At first impression I believed this software could be used for free. However I quickly came to the realization that it will recover your video, but will not let you obtain the recovered files until you pay.

After repairing a video, the software prompts you to purchase a license so that you could save the repaired file to disk.

Making use of Process Hacker

After clicking repair in the tool, you can see a screen notifying you about the success of the video repair. In addition to this, the software lets you preview the video clip that it had fixed.

Clicking preview creates a video player within the application. Behind the scenes Wondershare creates a child process “videoplayer_repairit.exe ” under Repairit.

Process Hacker view of Repairit process tree.

Checking this this process’ properties and investigating the opened handles reveals that it has has a handle to “D:\Wondershare_Repairit\RepairedVideo\a50e108d-980a-47fa-ab28-931ba23bcae2.mp4

This file seemingly has not been lowered in quality as an attempt to prevent attacks like this. Checking the file reveals that it has been slightly modified but retains the same quality:

Original File:
248 KB (254,665 bytes)
Length: 00:00:03
Frame Height: 360
Frame Width: 360
Data rate: 408KBPS
Total Bitrate: 504KBPS
Frame Rate 30.00frames/second
Wondershare File:
250 KB (256,993 bytes)
Length: 00:00:03
Frame Height: 360
Frame Width: 360
Data rate: 408KBPS
Total Bitrate: 504KBPS
Frame Rate 30.00frames/second

There you have it, a fixed file without paying a single penny.

Conclusion

Wondershare uses a very poor system in its trial software which easily allows the user to extract repaired video files without paying a dime. This does not necessarily have many fixes. Wondershare may implement a file encryption routine which would allow the player to decrypt the file stream as it loads, however this can be costly, annoying, and not worth company resources. Additionally, they can lower the quality at which the video is repaired at. Realistically most users downloading this “freeware” will not go this far to investigate and figure out a way to use the product for free.

Hopefully this could serve as one great example of Process Hacker and its real world applications.