Hello all,
I know file decryption is always a very very hard task to do, and I personally would like not to have to do it… but you know guys that sometimes a file that seems very important for a case is encrypted. I am currently in such a case D
The program used to encrypt the file is Zero Footprint Crypt, which is described as a program using the Blowfish algorithm (64 bits). It doesn't seem it is going to be easy to decrypt it. Any idea from anyone, please?
I have thought to tackle it from a different perspective to recover the password from inside the hard-drive itself (maybe its noted somewhere… not a lot of hopes on this, frankly D)
By the way, and also relating to decryption… has anyone ever used the famous Jack The Ripper with a certain success for these kind of purposes?
Thank you all for your collaboration.
If you are going to use JTRiper then what is your password file?
AFAIK, JTR will help you match a hash with the password/phrase that created it.
If you could get the hash of the password the program uses to check against the encrypted file. Then you could put that hash in a file with the other parts of the format (MD5 is different then LM and so on).
Then you can sick JTRipper on it and when it finds a password that creates the same has it will tell you.
I do not know a thing about zero footprint crypt (yet) so I'm not sure what pocess it uses to password protect the blowfish encryption. That being said, I am also not aware of a program designed to automate your brute force of the file encryption or automate zero footprint crypt.
My favorite brute force program is HYDRA (not the webserver) but that is online access to various networked applications (FTP, SSH, HTTPForm-Post).
Let us know how things develop,
Skip
EDIT After looking at a few posts on this same topic, Solar Designer, brought up a few interesting points. They are below…
JTR will do decryption of passwords encrypted using the blowfish algo. bcrypt 'd passwords can be brute forced with JTR
./john –format=BF PwdFile
In PwdFile you would have something like
usernamea5b62d8565be5c20
It might be safe to assume that your file that is encrypted with blowfish and the key/password used to decrypt the file is "hashed" with bcrypt.
I would go get my hands on the zero footprint crypt package (its free) try encrypting some of your own files with an easy password. Then go looking for where zfc puts the hashs (and if it uses the bcrypt algo to hash the passord).
Then go to the same place on the the file/image you have.
—PS. With a name like zero footprint, I don't like your odds. gl
I'm gettin into JTR world… and it doesn't seem that easy. Any idea about how am I supposed to get the "encrypted" password JTR uses as an input? I'm afraid I'm still a little bit lost D
I've found that evey encrypted file has a header consisting of an alphanumeric string, that could possibly be the hash I'm looking for. How am i know supposed to "decrypt" that heather.
I post three examples in case this helps
Case 1) File encrypted with the password "a"
51B12886F7E437FAA5A7FCE15D1DDCB9EAEAEA377667B8B23456789012345678901234567890123456789X
Case 2) File encrypted with the password "ab"
51B128DA23614E02469A0D7C7BD1BDAB5C9C474B1904DCB23456789012345678901234567890123456789X
Case 3) File encrypted with the password "abc"
51B128A9993E364706816ABA3E25717850C26C9CD0D89DB23456789012345678901234567890123456789X
Case 4) File encrypted with a complex password (numbers, letters, special characters and quite long)
51B128A40911B47CC7E2C9BB91F9DA92329D15192E16E2B23456789012345678901234567890123456789X
Can someone help me? Thank you
I've found that evey encrypted file has a header consisting of an alphanumeric string, that could possibly be the hash I'm looking for. How am i know supposed to "decrypt" that heather.
I post three examples in case this helps
Case 1) File encrypted with the password "a"
51B12886F7E437FAA5A7FCE15D1DDCB9EAEAEA377667B8B23456789012345678901234567890123456789XCase 2) File encrypted with the password "ab"
51B128DA23614E02469A0D7C7BD1BDAB5C9C474B1904DCB23456789012345678901234567890123456789XCase 3) File encrypted with the password "abc"
51B128A9993E364706816ABA3E25717850C26C9CD0D89DB23456789012345678901234567890123456789XCase 4) File encrypted with a complex password (numbers, letters, special characters and quite long)
51B128A40911B47CC7E2C9BB91F9DA92329D15192E16E2B23456789012345678901234567890123456789XCan someone help me? Thank you
It doesn't seem to be base 64 encoded. And that isn't bcrypt format..
Take note that the last 30-32 characters are just 1234…890 and an X?
51B1 2886 F7E4 37FA A5A7 FCE1 5D1D DCB9 EAEA EA37 7667 B8B2
Plenty of those are not Hex ASCII characters….
sooooo….um…
Search for documentation on how ZFC encodes their password hashes.
(unless that is the hash, its just not the blowfish bcrypt hash).
Skip
Hi again,
after testing the program the whole morning I have extracted some interesting points
1) That header has to be the password somehow hashed, since encrypting several different files with the same password results into the same header (i.e. that hash is not file-dependat, but only password dependant)
2) After looking carefully to a lot of different tests, there are only 40 characters changing in that header (… by chance, the same length as SHA hashes).
Using the same examples as before, I believe the passwords are just inside these strings
Case 1) File encrypted with the password "a"
86F7E437FAA5A7FCE15D1DDCB9EAEAEA377667B8
Case 2) File encrypted with the password "ab"
DA23614E02469A0D7C7BD1BDAB5C9C474B1904D
Case 3) File encrypted with the password "abc"
A9993E364706816ABA3E25717850C26C9CD0D89D
Case 4) File encrypted with a complex password (numbers, letters, special characters and quite long)
A40911B47CC7E2C9BB91F9DA92329D15192E16E2
So… the question know is… does anyone know how to obtain an ASCII string (the password) from the SHA hash (any piece of software…??)
Thanks for youy attention!
I've never used Rainbow Tables before. I have seen that the most important site about this subject is
… by the way… confirmed it is a SHA-1 hash. I've been trying with more complex passwords, different encryption algorithms, different files, an there is always this header with the SHA-1 hash in it.
So… could someone please help me? Any tool, software to break this hash?
… by the way… confirmed it is a SHA-1 hash. I've been trying with more complex passwords, different encryption algorithms, different files, an there is always this header with the SHA-1 hash in it.
So… could someone please help me? Any tool, software to break this hash?
Thank you skip. I think I'll eventually use the Rainbow Tables generator, as it is said to be more efficient (besides, once the tables are generated, you can use them again whenever you need them).