File encrypted! How can I open it!! HELP!!

Search This thread

CXZa

Senior Member
Apr 9, 2013
650
201
cxzstuff.blogspot.com
Hmmm okay. So, the laptop he had was a mac.

Perhaps some different basenames or something?

Aghhhh!!!! My words exactly... Yes, the basenames might differ. See here some old program versions, filter with "dmg":

The basename could be starting with text "mac" but how it's formatted... Now some mac users needed to give us the backup folder name.. or names... :rolleyes:

Have you contacted the company? Although they probably don't help without paying them as the idea behind this is purely some sort of blackmail...
 

blackhawk

Senior Member
Jun 23, 2020
2,442
457
Thats the thing. I can't remember. We did it years ago. Can't remember the password, or the program used. The laptop is my brothers, so I can't use it.

At the moment, we're trying bruteforce, but it isn't working.

Any ideas?

Thanks.


Kies was the Samsung backup solution at that time. It's my guess this is what he used.
See if it looks like a Kies file would.
You don't need to set a password to do backup but if memory serves me correctly you can't directly access the data in the Kies file to view it.
If so you need to use the Kies app to restore the file to a supported Samsung phone.

Just a thought... I hope it can help you.
Kies was a pain.
 

AkiraPerera04

Senior Member
Apr 15, 2018
167
7
Aghhhh!!!! My words exactly... Yes, the basenames might differ. See here some old program versions, filter with "dmg":

The basename could be starting with text "mac" but how it's formatted... Now some mac users needed to give us the backup folder name.. or names... :rolleyes:

Have you contacted the company? Although they probably don't help without paying them as the idea behind this is purely some sort of blackmail...

Hi, thanks for your message.

Ohhhhh I see, that makes sense. I'm fairly certain it was on a mac, however it was a few years ago, so I might be wrong?

Who should I contact?

Thanks.
 

AkiraPerera04

Senior Member
Apr 15, 2018
167
7
Kies was the Samsung backup solution at that time. It's my guess this is what he used.
See if it looks like a Kies file would.
You don't need to set a password to do backup but if memory serves me correctly you can't directly access the data in the Kies file to view it.
If so you need to use the Kies app to restore the file to a supported Samsung phone.

Just a thought... I hope it can help you.
Kies was a pain.

I see, kies was a suggestion on another thread. I just flat out couldn't find the kies download link. There were some links on some dodgy sites. But it seems to have been discontinued and replaced by that Samsung smart switch stuff.
 

blackhawk

Senior Member
Jun 23, 2020
2,442
457
I see, kies was a suggestion on another thread. I just flat out couldn't find the kies download link. There were some links on some dodgy sites. But it seems to have been discontinued and replaced by that Samsung smart switch stuff.

Smart Switch may recognize it but don't bet on it.
Someone here might be able to give you a copy of Kies or pick the less dodgy site and scan the app with Virustotal etc before loading it.
Samsung could also supply it if hit over the head hard enough.
A Samsung Experience Center might be able to help and have a better solution.
 

AkiraPerera04

Senior Member
Apr 15, 2018
167
7
Smart Switch may recognize it but don't bet on it.
Someone here might be able to give you a copy of Kies or pick the less dodgy site and scan the app with Virustotal etc before loading it.
Samsung could also supply it if hit over the head hard enough.
A Samsung Experience Center might be able to help and have a better solution.

Hmmm I'll take a look. Yeah, I tried smart switch, and the options to select a backup file just didn't exist.

Alright, thanks. I tried one of those dodgy links in a virtual machine to be safe. It didn't recognise it. Tried a few versions aswell.

Thanks.
 

blackhawk

Senior Member
Jun 23, 2020
2,442
457
Hmmm I'll take a look. Yeah, I tried smart switch, and the options to select a backup file just didn't exist.

Alright, thanks. I tried one of those dodgy links in a virtual machine to be safe. It didn't recognise it. Tried a few versions aswell.

Thanks.

Smart Switch automatically recognizes it's backup file. As best I can tell it allows you to store only one copy and overwrites it if you try to create more than one. Very basic.
 

AkiraPerera04

Senior Member
Apr 15, 2018
167
7
Try putting just "Mac" to the start of those basenames... maybe we are lucky... (this time...)

I thought I sent the message before!!

It didnt work, just came up the same as before sadly.

Any ideas now? The guy below is under the impression that it was used with kies.

Honestly, these brute force attacks last about 10 minutes. Is it worth it to have a huge dictionary which would last days?

Thanks!
 

CXZa

Senior Member
Apr 9, 2013
650
201
cxzstuff.blogspot.com
The guy below is under the impression that it was used with kies.

I don't know about other backups but there is too many similarities in it. It's done with some Wondershare tool, no doubt about it, IMO.

If the pics etc. in it are not that special or private then making it public could be solution. Some can have a method or a machine power enough to crack it in no time. Well, in a reasonable time anyway...

Problem is that many tools need the target zip to be as standard, and that these Wonderdorks have messed quite well.

There is also ways to remove/zero parts of it, so cracking can be targeted on some not so private file...
Still, finding the right tool can be difficult...
 

AkiraPerera04

Senior Member
Apr 15, 2018
167
7
I don't know about other backups but there is too many similarities in it. It's done with some Wondershare tool, no doubt about it, IMO.

If the pics etc. in it are not that special or private then making it public could be solution. Some can have a method or a machine power enough to crack it in no time. Well, in a reasonable time anyway...

Problem is that many tools need the target zip to be as standard, and that these Wonderdorks have messed quite well.

There is also ways to remove/zero parts of it, so cracking can be targeted on some not so private file...
Still, finding the right tool can be difficult...

I see.

Ah, the backup has too much personal stuff on there to share online. (There's about 20000 files in the backup.)
That's why I really wanted to try and separate 1 of the files in there and share publicly. Which isn't possible apparantly as it requires the password to move/copy a file that's inside the backup.

How would I go about removing some files from the backup? I think we discussed it a few weeks ago. As then I'd share it publicly. Then as you said, some tech genius can crack it hopefully, and I'd be grateful for eternity haha!

I see, hopefully we'll figure out something. I appreciate your help by the way, same for everyone else chipping in on this thread!

Thanks.
 

jwoegerbauer

Senior Member
  • Jul 11, 2009
    5,003
    5
    1,223
    European Union
    Me again:

    As you were already told the password is stored in AES 256 encrypted manner within the archive - keywords: Archive Decrpytion Header, Archive Extra Data Record.

    AFAIK there is no publicly-known way to extract - will say: decipher - the AES key with non-trivial probability, given any number of plaintext-ciphertext pairs, in a practical amount of time using a practical amount of computing resources.

    My advice: Stop wasting your time with this, or take the password-protected archive to NSA in order to decipher it - may be they have the appropriate tools and computer resources. :)
     
    Last edited:
    • Like
    Reactions: blackhawk

    AkiraPerera04

    Senior Member
    Apr 15, 2018
    167
    7
    Me again:

    As you were already told the password is stored in AES 256 encrypted manner within the archive - keywords: Archive Decrpytion Header, Archive Extra Data Record.

    AFAIK there is no publicly-known way to extract the AES key with non-trivial probability, given any number of plaintext-ciphertext pairs, in a practical amount of time using a practical amount of computing resources.

    My advice: Stop wasting your time with this, or take the password-protected archive to NSA in order to decipher it - may be they have the appropriate tools and computer resources. :)

    Hmmm alright thats a shame. Nsa, wouldn't be easy to ask them haha!

    But yeah, I see. I still have hope mainly because there's a password set, with no password attempts limit. So yeah, hopefully I can just outright crack it with bruteforce like before or something.

    Thanks.
     

    CXZa

    Senior Member
    Apr 9, 2013
    650
    201
    cxzstuff.blogspot.com
    That's why I really wanted to try and separate 1 of the files in there and share publicly.

    You could use that hex editor and search "favorites.list" and copy that file from it. It's the smallest and doesn't contain any info. Mine is the same length. So like in the pic from hex 50 4B 03 to next one. The zip will not be correct but for the new batch attached (4badzip version) it's usable. And maybe there is some other tools that can accept it too?? The Favorites.list.zip included is from the backup I made. Now what was its password again?...
     
    Last edited:

    Top Liked Posts

    • There are no posts matching your filters.
    • 1
      Because I'm talking about that other package and programs inside it. You are still trying to use the command line versions...
      Do this, it's simpler...

      NOOO WAYYYY!!!!!! IT ACTUALLY WORKED!! I wish I could pay u a billion pounds loll!! I would never have figured any of this out, and probably would never have gotten the contents back.
      Can't believe it honestly, started this thread months ago and honestly wasn't expecting the backup to be retrieved!!

      A random key you posted earlier just worked when prompted with the password.


      All of my files and stupid photos on my S4 are all retrieved!! Dating back as far as Christmas 2014!!

      Thanks for all of your effort in this, appreciate it a ton. I'm sooo happpppyy!!


      Perhaps a moderator should pin/take notice on this thread, an amazing success story from a member at the XDA forums haha! Great advertising lol!!
      1
      Yes, that looks like a Wondershare backup file for sure...

      Updated the batch file and readme too. Now it says if there is no list files. Also paths with spaces work now. Same download address.

      Dude, you're a God in disguise. IT WORKED. Thank you. THANK YOU. I am speechless. 3 years I tried and here you are my savior. THANK YOU again, from the bottom of me heart.
    • 1

      Alright, so I tried that exact file you linked. I dragged my bak file over the bat file and let it run. It didn't work!!

      Any ideas? Sees uncrackable at the moment lol! So annoying!

      Thanks.
      1
      Me again:

      As you were already told the password is stored in AES 256 encrypted manner within the archive - keywords: Archive Decrpytion Header, Archive Extra Data Record.

      AFAIK there is no publicly-known way to extract - will say: decipher - the AES key with non-trivial probability, given any number of plaintext-ciphertext pairs, in a practical amount of time using a practical amount of computing resources.

      My advice: Stop wasting your time with this, or take the password-protected archive to NSA in order to decipher it - may be they have the appropriate tools and computer resources. :)
      1
      I think what jwoegerbauer is saying is you might need a supercomputer to crack it.

      Ah, either that or I'll just leave my pc on for a few weeks lol!
      1
      New version of WonderShare Zip Password Tester
      Download: https://yadi.sk/d/KLBMhwOL-or45g

      Updated. Now you can use spaces in passwords. Also added new default Dr.Fone password to the basenames.txt. Got it from the memory using Cheat Engine...

      What @AkiraPerera04 could do is get a Mac, virtual or real one and install every damn Wondershare software into it. And then grab those passwords from the memory. Cheat Engine is available for Mac too. Use program id (in installer filename or Info.plist / InfoPlist.strings ) as a search string. Try also UTF-16 strings.

      VirtualBox_IE11 - Win7_22_01_2021_20_58_08.png
      1
      get a Mac, virtual

    Our Apps
    Get our official app!
    The best way to access XDA on your phone
    Nav Gestures
    Add swipe gestures to any Android
    One Handed Mode
    Eases uses one hand with your phone