File encrypted! How can I open it!! HELP!!

Search This thread
By:
Advanced…
CXZa

CXZa

Senior Member
Apr 9, 2013
646
198
cxzstuff.blogspot.com
AkiraPerera04 said:
I'm kind of lost here. On hex editor, I searched favorites.list. That's what it highlighted?
Click to expand...

Here is another favorites.list dumper specially for you. Based on your screenshot.
1610490663727-png.5185485

It makes three files Favorites.list1.zip which can be used with my password tester.
Favorites.list2.zip has the extra tail in it. Favorites.list3.zip has a bit more just for checking.
(And making them all public doesn't reveal nothing of you...)

I could not do this any easier for you than this...:p
 

Attachments

  • Favorites.list_dumper2_[cxz].zip
    16.7 KB · Views: 5
Last edited:
CXZa

CXZa

Senior Member
Apr 9, 2013
646
198
cxzstuff.blogspot.com
My Favorites.list.zip made about normal. Normal enough that some other tools might give it green light and don't complain about it. For plaintext-attack it might not work, not with the older tools anyway, but bruteforce etc. methods work. Also something like the SureZip Recovery might work, but for that at least five files is needed from the zip file...
 

Attachments

  • Favorites.list.zip
    414 bytes · Views: 4
Last edited:
CXZa

CXZa

Senior Member
Apr 9, 2013
646
198
cxzstuff.blogspot.com
AkiraPerera04 said:
That's why I really wanted to try and separate 1 of the files in there and share publicly.
Click to expand...

Well...? It should not be difficult now...

Could not get that Kraken thing to work. Failed in error after start but some better if run as long as this thread is old, could be quite close to success by now...

I finally read something about zip format... (I usually like to figure out things the hard way.)

They have used data description that is what that tail is. Above compressed data is also file sizes. So, removed from one place and put into two...
-- > ZIP64 format...
00000000 50 4B 03 04 2D 00 09 08 08 PK..-....
Click to expand...
Compression is somehow wrong as one can see that compressed is bigger than the original. Zipcrypto Store it should be. Strong encryption flag is not set.
 
Last edited:
A

AkiraPerera04

Senior Member
Apr 15, 2018
167
7
CXZa said:
Well...? It should not be difficult now...

Could not get that Kraken thing to work. Failed in error after start but some better if run as long as this thread is old, could be quite close to success by now...

I finally read something about zip format... (I usually like to figure out things the hard way.)

They have used data description that is what that tail is. Above compressed data is also file sizes. So, removed from one place and put into two...
-- > ZIP64 format...

Compression is somehow wrong as one can see that compressed is bigger than the original. Zipcrypto Store it should be. Strong encryption flag is not set.
Click to expand...

Hi, thanks for your message. Hmmm, sounds pretty complicated. So the idea is to extract the favorites file, then crack that file right?

Alright, you sent quite a lot of information recently. As of now, what should I be doing? (Sorry, I just got a bit lost lol!)

Thanks!

EDIT: "Close to success". Sorry, I'm not understanding.
 
CXZa

CXZa

Senior Member
Apr 9, 2013
646
198
cxzstuff.blogspot.com
AkiraPerera04 said:
Hi, thanks for your message. Hmmm, sounds pretty complicated. So the idea is to extract the favorites file, then crack that file right?
Click to expand...
Right.
AkiraPerera04 said:
Alright, you sent quite a lot of information recently. As of now, what should I be doing? (Sorry, I just got a bit lost lol!)
Click to expand...
You should share that zip dumped (or all three), so others, if they like, could try their methods/tools if any. I can edit it same way I did mine if necessary.

Or, you can continue on your own... ¯\_(ツ)_/¯

AkiraPerera04 said:
Thanks!

EDIT: "Close to success". Sorry, I'm not understanding.
Click to expand...

Well, closer anyway... if run almost 2 months...
 
A

AkiraPerera04

Senior Member
Apr 15, 2018
167
7
CXZa said:
So, you found the right spot. Now just take a screen shot like mine. If necessary scroll it a bit up like two lines so that the word "PK" is showing. And so that at the end shows ÿÿÿÿÿÿÿÿ or as hex FF FF FF... That small bit. My Favorites.list is included in the last WonderShare-Zip-Password-Tester_[cxz].zip, also the zip so if interested one can test the bat and get the password used for it...

Or use the tool...

I chose the Favorites.list because it doesn't give any info. And also because it might be used in known-plaintext attack... What I noticed that my backup was packed using deflate while yours was deflate64, but there is tools for that format too...
Click to expand...

Alright, I found the "favorites.list" again. Scrolled up a bit and saw the PK. Here's the screenshot.
1611083898930.png


Is that alright?

Thanks.
 
CXZa

CXZa

Senior Member
Apr 9, 2013
646
198
cxzstuff.blogspot.com
AkiraPerera04 said:
Alright, I found the "favorites.list" again. Scrolled up a bit and saw the PK. Here's the screenshot.
View attachment 5192575

Is that alright?

Thanks.
Click to expand...

If you open that first zip you'll see that is starts about the same spot but is just a bit bigger. See that D4? That is the size we still need.

So, hex D4 or 212 bytes more down needed...

Why this trouble as the batch does it for you?

Anyways at least I would like to test some more basenames for it.

As Dr.Fone didn't work for me very well, I tried Cheat Engine to search values from its memory.
Could not find those that I had put to the basenames list. Maybe I didn't try all, but anyways it must be something quite simple like
it's in their other programs. But what, dammit.
 
A

AkiraPerera04

Senior Member
Apr 15, 2018
167
7
CXZa said:
If you open that first zip you'll see that is starts about the same spot but is just a bit bigger. See that D4? That is the size we still need.

So, hex D4 or 212 bytes more down needed...

Why this trouble as the batch does it for you?

Anyways at least I would like to test some more basenames for it.

As Dr.Fone didn't work for me very well, I tried Cheat Engine to search values from its memory.
Could not find those that I had put to the basenames list. Maybe I didn't try all, but anyways it must be something quite simple like
it's in their other programs. But what, dammit.
Click to expand...

Oh, I just followed what you said before.

I just don't feel safe to have a batch file automate a task when I'm not sure what it's doing.

So how much higher should I scroll up? I thought that was fine.
 
CXZa

CXZa

Senior Member
Apr 9, 2013
646
198
cxzstuff.blogspot.com
Okay. But you can see that it's just a batch file doing basic dd commands. And you see the results even...

Next 14 lines DOWN after that you now sent. That is the minimum needed... noT much...
 
Last edited:
CXZa

CXZa

Senior Member
Apr 9, 2013
646
198
cxzstuff.blogspot.com
AkiraPerera04 said:
Alright cool. Can you explain why it had to be selected like that? It seems a bit random.

So what happens now?

Thanks!
Click to expand...

I don't know. (It was you who made it a bit difficult - but it's better safe than sorry...)

Maybe someone with more knowledge comes and shows us how it's done giving us just the right password.. LOL
Probably not on next week, but at least now it's possible...

It could have been any file but for plain-text attack the favorites is ideal as in its case we know it's contents. Or can be pretty damn sure.
Now, somebody just trick a Wondershare product to do a zip without any password and we're done really. Or if someone with knowledge does some similar zip having the same specs but no encryption...
Also I haven't tested any new plain-text tools yet.. So, maybe these days everything doesn't have to be so exact - maybe...

edit: crc-32 value matches mine, so our favorites.list is the same.
 
Last edited:
A

AkiraPerera04

Senior Member
Apr 15, 2018
167
7
CXZa said:
I don't know. (It was you who made it a bit difficult - but it's better safe than sorry...)

Maybe someone with more knowledge comes and shows us how it's done giving us just the right password.. LOL
Probably not on next week, but at least now it's possible...

It could have been any file but for plain-text attack the favorites is ideal as in its case we know it's contents. Or can be pretty damn sure.
Now, somebody just trick a Wondershare product to do a zip without any password and we're done really. Or if someone with knowledge does some similar zip having the same specs but no encryption...
Also I haven't tested any new plain-text tools yet.. So, maybe these days everything doesn't have to be so exact - maybe...
Click to expand...

No, as in, why was that amount of info necessary. (What was wrong with the short one I shared initially).

Alright I see! So as of right now, we're waiting for someone to chime in, or for yourself to crack it with bruteforce?

Thanks.
 
CXZa

CXZa

Senior Member
Apr 9, 2013
646
198
cxzstuff.blogspot.com
The first one contained just the name of the file and it size. This next one has it and the file itself encrypted.

I try my own tool first - and most likely fail miserably...
But it's a start at least... And maybe I'll play with some other options too...

And then someday, after a year or twelve, I might answer to this thread: I finally cracked it!
The pass is: ******* (f... I forgot the rest...)
 
A

AkiraPerera04

Senior Member
Apr 15, 2018
167
7
CXZa said:
The first one contained just the name of the file and it size. This next one has it and the file itself encrypted.

I try my own tool first - and most likely fail miserably...
But it's a start at least... And maybe I'll play with some other options too...

And then someday, after a year or twelve, I might answer to this thread: I finally cracked it!
The pass is: ******* (f... I forgot the rest...)
Click to expand...

Ahhh right that makes sense.

I see haha! I appreciate you helping out, I really hope you can figure out that password! That would be the best thing ever honestly lol!

As for now, is there anything else I can do now to help?

Thanks!
 
CXZa

CXZa

Senior Member
Apr 9, 2013
646
198
cxzstuff.blogspot.com
AkiraPerera04 said:
As for now, is there anything else I can do now to help?

Thanks!
Click to expand...

Well, you could do the same as my dumper bat using that hex editor.
Like this. Press ctrl+e. Put hex 37113E36 to the first field and 128 to the last (lenght). Then ok and copy it ctrl+c. Then make a new file ctrl+n. Paste ctrl+v and save ctrl+s. And upload that file here.
It's the same as the Favorites.list2.zip. That is that tail is included.
 
CXZa

CXZa

Senior Member
Apr 9, 2013
646
198
cxzstuff.blogspot.com
AkiraPerera04 said:
best thing ever
Click to expand...

I extracted the text from you pic, but do the above anyway.
Or do Like this. Press ctrl+e. Put hex 37113E36 to the first field and 128 to the last (lenght). Then ok and go analysis alt+a, checksums c and there select crc-32 and ok. If the value is not 12E53A1A then the OCR failed and I have a typo...
Then do what is in previous post and upload here or PM the file...
 
Last edited:
A

AkiraPerera04

Senior Member
Apr 15, 2018
167
7
CXZa said:
Well, you could do the same as my dumper bat using that hex editor.
Like this. Press ctrl+e. Put hex 37113E36 to the first field and 128 to the last (lenght). Then ok and copy it ctrl+c. Then make a new file ctrl+n. Paste ctrl+v and save ctrl+s. And upload that file here.
It's the same as the Favorites.list2.zip. That is that tail is included.
Click to expand...

Hi, thanks for your message.

How exactly is this helping the situation?

"tail", I remember you mentioned that before. What does that mean?

Thanks.
 
You must log in or register to reply here.

Similar threads

sun_is_shinning
Q) How to open "encrypted" thermal-engine files??
Replies
0
Views
239
sun_is_shinning
sun_is_shinning
A
Can't open .bak file with encryption!
Replies
5
Views
161
A
AkiraPerera04
N
[Q] Can't open my encrypted files.
Replies
0
Views
657
N
n8west
ProfesorYeow
I don't have the optión for Encrypt my Android. How I can do it?
Replies
0
Views
429
ProfesorYeow
ProfesorYeow
N
[Q] How can I open .con files
Replies
0
Views
1K
N
nemo001

Top Liked Posts

24 Hours 30 Days All time
  • There are no posts matching your filters.
  • 1
    A
    AkiraPerera04
    CXZa said:
    Because I'm talking about that other package and programs inside it. You are still trying to use the command line versions...
    Do this, it's simpler...
    Click to expand...

    NOOO WAYYYY!!!!!! IT ACTUALLY WORKED!! I wish I could pay u a billion pounds loll!! I would never have figured any of this out, and probably would never have gotten the contents back.
    Can't believe it honestly, started this thread months ago and honestly wasn't expecting the backup to be retrieved!!

    A random key you posted earlier just worked when prompted with the password.


    All of my files and stupid photos on my S4 are all retrieved!! Dating back as far as Christmas 2014!!

    Thanks for all of your effort in this, appreciate it a ton. I'm sooo happpppyy!!


    Perhaps a moderator should pin/take notice on this thread, an amazing success story from a member at the XDA forums haha! Great advertising lol!!
    View
    1
    TheBurrow7
    TheBurrow7
    CXZa said:
    Yes, that looks like a Wondershare backup file for sure...

    Updated the batch file and readme too. Now it says if there is no list files. Also paths with spaces work now. Same download address.
    Click to expand...

    Dude, you're a God in disguise. IT WORKED. Thank you. THANK YOU. I am speechless. 3 years I tried and here you are my savior. THANK YOU again, from the bottom of me heart.
    View
  • 1
    A
    AkiraPerera04

    Alright, so I tried that exact file you linked. I dragged my bak file over the bat file and let it run. It didn't work!!

    Any ideas? Sees uncrackable at the moment lol! So annoying!

    Thanks.
    View
    1
    jwoegerbauer
    jwoegerbauer
    Me again:

    As you were already told the password is stored in AES 256 encrypted manner within the archive - keywords: Archive Decrpytion Header, Archive Extra Data Record.

    AFAIK there is no publicly-known way to extract - will say: decipher - the AES key with non-trivial probability, given any number of plaintext-ciphertext pairs, in a practical amount of time using a practical amount of computing resources.

    My advice: Stop wasting your time with this, or take the password-protected archive to NSA in order to decipher it - may be they have the appropriate tools and computer resources. :)
    View
    1
    A
    AkiraPerera04
    blackhawk said:
    I think what jwoegerbauer is saying is you might need a supercomputer to crack it.
    Click to expand...

    Ah, either that or I'll just leave my pc on for a few weeks lol!
    View
    1
    CXZa
    CXZa
    CXZa said:
    New version of WonderShare Zip Password Tester
    Download: https://yadi.sk/d/KLBMhwOL-or45g
    Click to expand...

    Updated. Now you can use spaces in passwords. Also added new default Dr.Fone password to the basenames.txt. Got it from the memory using Cheat Engine...

    What @AkiraPerera04 could do is get a Mac, virtual or real one and install every damn Wondershare software into it. And then grab those passwords from the memory. Cheat Engine is available for Mac too. Use program id (in installer filename or Info.plist / InfoPlist.strings ) as a search string. Try also UTF-16 strings.

    VirtualBox_IE11 - Win7_22_01_2021_20_58_08.png
    View
    1
    CXZa
    CXZa
    CXZa said:
    get a Mac, virtual
    Click to expand...

    Run a macOS High Sierra Mac OS X Virtual Machine on Windows | PCsteps.com

    Hackintosh won't work for every PC. If we want...
    www.pcsteps.com www.pcsteps.com
    View

New posts

Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone