Principles of encryption methods for USB flash drive encryption tools for security crisis cracking

Source: Internet
Author: User

Comments: After using a USB flash drive or a mobile hard drive encryption tool to encrypt folders, I cannot use the File sniffer tool to see the encrypted files. When I use Kingsoft drug overlord to scan and find that these files are hidden and saved in Thumbs. dn7. medium (where 7. 7 is sometimes another number), but I still cannot access it directly, so I specially studied this encryption tool.

After I used a USB flash drive or a mobile hard drive encryption tool to encrypt the folder, I used a file sniffer tool and I couldn't see the encrypted files. When I detected the files by using Kingsoft drug overlord, it seems that these files were hidden and saved in \ Thumbs. dn \ 7. \ (where 7. 7 is sometimes another number), but I still cannot access it directly, so I have studied this encryption tool specially. Next I will share some of my experiences.

Create a folder such as lskr in drive D, that is, the file address is D: \ folder.

In "my computer-tools-Folder Options-View", we checked "show all files and folders" and "Hide protected operating system files (recommended) ". Check" Display System Folder content ". Two other hidden files are displayed. dn and desktop. ini, In the desktop. the content in ini is :[. shellClassInfo] InfoTip = folder IconIndex = 2 iconfile#addpass.exe ConfirmFileOp = 1. It seems useless to us. You don't have to worry about it. Let's look at Thumbs again. the dn size is 850KB, which is similar to the total size of the two files. You don't have to worry about it. The two files must be hidden in it. Double-click them to access Thumbs. dn, found there is a "Add Printer" and "Microsoft Office Document Image Writer", did not find the file we are looking for, where are the two files?

Let's start-run-Enter cmd, OK, enter MS-DOS, enter cd \ press enter to enter C:, enter D: Press enter to enter D:, enter cd d: \ lskr \ Thumbs. dn "to go to Thumbs. dn, and then enter "dir/a". At this time, we found several files: 117789687,117 789687LIST. men, 1.mem, 2. mem and desktop. ini, we found 1.mem, 2. mem is about the same size as the two files that were first put in. Therefore, they should be encrypted custom format files. We can copy them directly, run the command "copy 1.mem D: \" and "copy 2.mem D: \" to copy these two files to the D drive, and then change their Suffix from .memto .exe. At this time, we are surprised to find that they both restore the cost, it is the same as the file to be put in, except the file name. It seems that this so-called USB flash drive encryption is just a simple change to the suffix, and then hide it.



500) this. width = 500 "title =" Click here to browse images in a new window "/>

But even though we can find the encrypted file, can we crack the encrypted password next? We found another file 117789687LIST. this file is probably used to save the password. Run the command "copy 117789687LIST. men D: \ "and" start 117789687LIST. the system prompts that the specified file cannot be found. In this case, we use "attrib 117789687LIST. mem-s-h-r, delete the shr attribute of the file, and then run the command "start 117789687LIST. mem ", opened in a text document, found that it is a long string of characters, originally thought this is the code after the password is encrypted, and then I changed the password to re-encryption, I found that the content of the Code has not changed, but when I increase or decrease the number of files to be encrypted, the content will change.

So I guess this is to store the encrypted file name and other information, and I read another file desktop. ini, which contains [. shellClassInfo] CLSID =, there is also a file 117789687 with the content of 343636303032. When the encryption password is changed, the Code also changes. For example, when the password is changed to 123, the Code becomes 343636, so I decided this was the real password storage file, but I had no idea what encryption method it used.

However, we can use the replacement method to solve the problem. If we forget the password during encryption or view others' encrypted files, we can replace the encryption code that we know the password, so we can use the known password to decrypt the encrypted folder. For example, we can replace code 343636303032 with the code of other encrypted files, and then the decryption password will become 123456.

In this way, our cracking will come to an end. It seems that this encryption does not simply encrypt the file data using an encryption algorithm, but simply hides the file information with a suffix, this prevents the average person from browsing the file content easily. When the software is encrypted, a Thumbs is automatically created. dn folder, convert the original file to 1, 2, 3... is the file name,. mem files are hidden in Thumbs. in the dn folder, create 117789687LIST. men saves the file name, location, and other information. 117789687 saves the password and associates it with the USB flash drive encryption tool. Once you double-click the tool again, the pop-up dialog box requires the password to be confirmed. If the password is correct, restore those files, otherwise they will be rejected.





Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.