You might have heard of a multimode decoder program for Windows that's been making the rounds of the utility scene lately. It's called sorcerer, and it's apparently a crack of a larger commercial package once offered by a company that at the time was widely known in COMINT circles.
Everything about this program is scary. Most of the sites it's available on seem to offer the same referrers to a couple of Internet bad neighborhoods. I can't find any evidence that these sites or their referral pages plant malware on your computer, but neither do they screen their downloads. It's definitely enter at your own risk time.
Upon download, most anti-viruses will detect sorcerer's zip archive as a Trojan dropper and unceremoniously delete its contents. Not just Norton, which is notorious for false positives and heavy-handedness, but most other AV programs as well. Again, after writing an exception for my AV to allow examination of the zipfile, I can find no files in the archive or its unzipped directory that look like Trojan droppers.
Sorcerer is basically one opaque executable. Upon running, it does nothing scary. The interface is pretty minimal, compared to what was available in the original package. You get a clickable FFT amplitude plot (no spectrum waterfall) and a list of decoders for a large number of modes. A couple of parsers are available, but well short of the "hundreds" advertised for the commercial package. Obviously, some modules are missing.
Some of the decoders work rather well. Others don't seem to work at all. A couple are for modes that usually aren't available except in packages costing thousands of US dollars. These modes work, but I have found that there's not much here in California really worth copying with them.
Other decoders have issues. Either fax or HFDL consistently launches a rogue process that grabs 99% of CPU and has to be killed from the task window. I can't remember which one it is, and I have no desire to once again replicate the problem to find out.
At some later point following this discovery, after closing sorcerer, something corrupted my recycle bin. Web logs showed no visits to malware sites, and in fact I was browsing through Symantec for information on sorcerer at the time. A coded directory appeared in the bin matching one documented online as a malware hiding place.
The recycle bin is a popular place to conceal this sort of thing, since its file tree is hidden and hard to manipulate even when you find it. One must always view recycle bin corruption with suspicion. I got Windows to rebuild it, the unauthorized directory vanished, and all was OK again - for a time.
Fairly soon after, my computer began randomly locking up. It's getting kind of old, and there's about a 99.9% chance that the issue is caused by memory or other mainboard hardware approaching end of life. However, there remains, in my estimation, about a 0.1% chance that the appearance of the problem was not just coincidental to sorcerer's appearance on my machine.
I've ordered a new computer, but sorcerer will never be on it. It's not worth the worry.
