Re: File Encryption
From: Drew Cooper [MSFT] (dcoop_at_online.microsoft.com)
Date: 02/12/04
- Next message: Doug Knox MS-MVP: "Re: Starting XP with user that is not in the Admin group."
- Previous message: Drew Cooper [MSFT]: "Re: MS-DOS??"
- In reply to: Marli: "File Encryption"
- Next in thread: martie: "File Encryption"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 12 Feb 2004 14:24:39 -0800
Elcomsoft reverse-engineered DPAPI, the mechanism used to protect the EFS
private key. There's no Microsoft documentation for what they did. I have
never seen external documentation. If you're a coder you could probably do
the same thing Elcomsoft did (or see what their tool is doing).
Microsoft does offer this architectural overview of DPAPI:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecure/html/windataprotection-dpapi.asp
-- Drew Cooper [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights. "Marli" <marlimox@hotmail.com> wrote in message news:f25a01c3f11d$d09be890$a601280a@phx.gbl... > Thanks for the help. I wasn't logged into Administrator > at the time I made the files encrypted, I was in another > account (which is a shame because my Administrator > account appears to be the only account whose security > information survived intact). I am getting somewhere on > the problem though. Being the person I am, I wasn't just > going to sit there and look at all these encrypted files, > I just decided that if I can't get into them the nice > way, I would just damn well have to break the encryption > myself somehow (which was obviously a stupid idea at the > time). Anyway, while I was looking around for a way to > break EFS, I came accross the program Advanced EFS Data > Recovery (of which there was a link to on the site you > gave me). It was interesting because it appears that all > my certificate and security information is intact (the > program allows you to search your hard drives for EFS > related files, encryption keys, etc). The only problem is > that I now have the files that contain the security > information I need, but I'm not sure what to do with > them. It's impossible to import them back into the > certificate repository (the files don't even have a file > extension, I assume they are just raw security files). > AEFSDR however allows you to unlock the files if you know > the username and password of the account that created > them (which of course I know). I can then unencrypt the > files with the now available private keys, only I'm using > the trial version which means only the first 512 bytes > get decrypted (it worked too, for the part that got > unencrypted). So basically, all my files are garunteed > ok, the only way I can get them though is to either pay > $60 US ($120 AUD or something :( ) for a full version of > AEFSDR to unencrypt the rest of each file or find out > exactly what this program does with these raw security > files and find a work around myself. > > Geez, well there you go. I hope this helps someone in the > future somehow, I think I'm just lucky I didn't > completely reformat my computer though.
- Next message: Doug Knox MS-MVP: "Re: Starting XP with user that is not in the Admin group."
- Previous message: Drew Cooper [MSFT]: "Re: MS-DOS??"
- In reply to: Marli: "File Encryption"
- Next in thread: martie: "File Encryption"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
