How do I....

Y

Youngie1337

New member
Open an encrypted Winrar ZIP file? I had this file on my old Windows and I encrypted it using Winrar, I thought it was passwording but it won't let me open it and it has some very important files in it! Can someone please help me recover and open this?

! Cannot open E:\HDD\Reports_ODB.zip

! Access is denied.

Apparently this makes it so you can only open it on that computer??? Same computer just fresh install of Windows. I can't seem to find anything that works, I can't remember setting a password or anything.

If someone can save me I'll be very happy, very very very happy.

Thank you!
 
not sure how to get around encryption, but are you sure you haven't used windows to encrypt the file (EFS)? *shrug*

in windows explorer (is the file green?), enable the attributes column and check to see if there's an E

are you the owner and/or have full permissions for the file in the properties, security tab?
 
Ive got a winrar password cracker, I can remember if it works or not though, I did have a few at one point. PM me an addy and Ill email it to you.
 
name='Pyr0' said:
not sure how to get around encryption, but are you sure you haven't used windows to encrypt the file (EFS)? *shrug*

in windows explorer (is the file green?), enable the attributes column and check to see if there's an E

are you the owner and/or have full permissions for the file in the properties, security tab?
Click to expand...

I think I did it in Winrar but yes it's got an E attribute.

I'm on a new install of Windows with a different username
 
oh dear... :(

i take it you didn't export/backup the key then? :(

EFS security relies on public/private key pair which is stored on local computer. Windows protects all private keys by encrypting them through Protected Storage service. Protected Storage encrypts all private keys with Session Key, derived from 512 bit Master Key, and stores them in %User Profile%\Application Data\Microsoft\Crypto\RSA\User SID. The Master Key is encrypted by Master Key Encryption Key, which is derived from user password by using a Password Based Key Derivation Function and stored in %User Profile%\Application Data\Microsoft\Protect\User SID.
Click to expand...

By far, the most frequent problem with EFS occurs when EFS encryption keys and/or recovery keys aren't archived. If keys aren't backed up, they cannot be replaced when lost. If keys cannot be used or replaced, data can be lost. If Windows is reinstalled (perhaps as the result of a disk crash) the keys are destroyed. If a user's profile is damaged, then keys are destroyed. In these, or in any other cases in which keys are damaged or lost and backup keys are unavailable, then encrypted files cannot be decrypted. The encryption keys are bound to the user account, and a new iteration of the operating system means new user accounts. A new user profile means new user keys. If keys are archived, or exported, they can be imported to a new account. If a revocation agent for the files exists, then that account can be used to recover the files. However, in many cases in which keys are destroyed, both user and revocation keys are absent and there is no backup, resulting in lost data.
Click to expand...

there are utils available to search the drives for keys, but they can be quite expensive...

and since it's been formatted and clean installed, the sectors containing the certificate/key may have been overwritten...

Elcomsoft Advanced EFS Data Recovery

http://www.elcomsoft.com/aefsdr.html

basically without the original account or the key(s) it seems that there is no way to recover EFS encrypted files

then again, if it was easy to bypass, what would be the point ;)

just remember in the future, if you are going to use EFS, then export/backup the key too

[edit]

How to recover EFS-encrypted data when it gets lost

http://www.securitypark.co.uk/security_article262943.html

Solution

Neil browsed the Internet for software capable of recovering EFS-encrypted data. After trying some recovery programs that yielded no results, he finally came across Advanced EFS Data Recovery.

Advanced EFS Data Recovery allows to decrypt files even if the user database is protected with SYSKEY. First, AEFSDR searches for all EFS keys, scanning the hard drive sector by sector. After the user has entered the user password into the program, the software decrypts the keys, or at least one key, needed for decryption of user’s encrypted data. On the second stage AEFSDR looks for EFS-encrypted files in the file system and attempts to recover them. The recovery rate is usually very high, 99% or more.

Neil explains how he managed to save his data: “I finally stumbled upon the Elcomsoft software, and when I installed it and searched for the files using its searching feature, it seemed to find most all the files I needed. Also, when I searched for the decryption keys, it actually found many keys on the hard drive that were thankfully not written over by the reformatting process (since it gradually writes over the hard drive as it needs to, but leaves whatever it doesn't need there, although not accessible except with certain software such as Elcomsoft provides).”

Results

Some of the files still did not work. According to Mr. Strom, their rate was less than 1%, „perhaps a hundred out of approximately 20,000 [files] or so”. The encrypted files that could be decrypted turned green in the software window. Neil concludes, “I was then able to choose where to move the files, and the program automatically decrypted them and moved them to that folder.”
Click to expand...
 
Apparently it's Not Decryptable :(. I'm surprised noone has hacked this yet to be honest, wouldn't be to hard to emulate a certificate lol.
 
i don't think emulating would be the way forward, i think the keys are 256-bit Advanced Encryption Standard (AES)

[edit] almost right

Default Encryption Algorithms

All exported versions of Windows 2000 use 56-bit key sizes by default unless the 128-bit encryption pack is applied. Workstations that have the 128-bit encryption pack installed may decrypt files with 56-bit key lengths and will encrypt all new files with 128-bit key lengths. However, machines that are only 56-bit-capable may not open files that have been encrypted with 128-bit key lengths. This scenario is especially important where a user has a roaming user profile and may use different machines that have different encryption capabilities.

The Windows XP operating system supports the use of a stronger symmetric algorithm than the default DESX algorithm included with the Windows 2000 operating system. The default algorithm for Windows 2000 and Windows XP is DESX. The default algorithm for Windows XP Service Pack 1 and Windows Server 2003 is Advanced Encryption Standard (AES) using a 256-bit key. For users requiring greater symmetric key strength with a FIPS 140-1 compliant algorithm, the 3DES algorithm can be enabled.
Click to expand...
 
Thanks for the help Pyr0 much appreciated, after so long I just gave up, I did however find a backup of the file NOT encrypted :D so I was very happy, but not after spending hours trying to work it out. I managed to get to the encrypted file BUT asked for password of the account that made the file, which was blank so I was screwed there.
 
Yeah 256bit.There are a bunch of forcible tools 'around' that will take as long as it takes to find out what the password/encryption is - but in my experience these things tend to spit out incorrect keys also.

Good job u found an unzipped one :p
 
You must log in or register to reply here.

Similar threads

Dawelio
Corsair iCUE Issue
Replies
1
Views
1K
Warchild
W
AlienALX
The Fairchild Ghost subwoofer project
2
Replies
35
Views
597
AlienALX
AlienALX
P
Do some people never learn from the past?
Replies
2
Views
851
Pugsport
P
P
Smooth old school Corsair 600T
Replies
16
Views
7K
WillSK
WillSK
Zoot
100TB New(ish) Home Server Build
Replies
6
Views
3K
hmmblah
hmmblah
Back
Top