All geek questions in one place

The most efficient way to decrypt data when the encryption method is unknown?

I have a large amount of data that was encrypted by a third-party tool before it was backed up, now we no longer have access to the tool, and I NEED the data that is the most effective way to try to determine how the data was encrypted?

+3
source share
12 answers

Hope is not lost. There are good changes, you can find out what encryption was used, and possibly decrypt it. First, in Cygwin or unix, enter the file command:

$ file mydata
mydata: SQLite 3.x database

. :

  • 100%
  • ,
  • , .

, , . , , . , , , . , .

, 'strings'.

$ strings mydata

. , . . , , "" .

, , .

- . - . -, .

$ ruby -e 'ARGF.each_byte {|b| puts b >> 4; }' <  mydata | sort -n | uniq -c

0-255, . , , , . , :

     15 0
     54 2
     93 3
    248 4
    165 5
    177 6
    135 7

, . , 127. , ASCII. . .

$ ruby -e 'ARGF.each_byte {|b| puts b; }' <  mydata | sort -n | uniq -c

ASCII, , , base64 base96. .

, , , . - , . , , . 8, , , , blowfish.

, . , , , . , , . , , , .

, - XOR'ing . , .

+9

NEED, , .

, , .., , .

+9

:

  • ;
  • , .

( ) - , , .

, , - , XOR, .

. , : -)

+8

, , .

, . , (.. , ).

, - "" ( , ). , - .

, , , , ( - ).

+7

, , , . ? ? ? , !

. .

, , . , , , , , . , , , , , .

+4

, ?

+3

, , , , . , , , .

+3

, , , .

, , , , .

+2

, , , .

, , . - , . , , . CYA.

. , , , , , . , - , .

+1

, , - .

+1

, - .

0
source

If the data was encrypted, presumably this was protected from what you are trying to do now: access to plaintext without the corresponding credentials.

Either it is impossible to do, and in this case the encryption tool did a good job; or it can be done, and you need to start to worry very much (in proportion to the value that you attach to keep secret data) about who else could do this without your knowledge.

0
source

Source: https://habr.com/ru/post/1710243/

More articles:


All Articles