Hi!
Short story
I need some help in a personal programming project. Specifically, I have to decrypt a set of files (about 300) which are "encrypted". They are between 8k and 5M in size. All of them are in the same format.
I have done some basic research browsing the proc file system, modifying the data files, etc,but I'm not able to think in a clever way to attack this format. It is writen in a kind of database format and it is compressed as well.
I have access to clear text files, so I thought to take one of the shortest files and do a frequency attack (looking for patterns repeated the same times in both encrypted and clear texts), or any other kind of brute force procedure, but after doing some estimations, I don't think that the computers I have access to are going to live enough to finish the work (at least if I do it naively)

Anyone has experience with that type of tasks?
Anyone has a constructive advise? (I know this a very difficult work, so, please, abstain of saying that "you're not going to get it" unless you have a decisive argument).

More info...

• The files are from a kind of library I use regularly. This library comes in a cd which works under Windows . I was able to get it working using wine, but it doesn't work properly (crashes, uncontrolled "wine-preloader" processes, etc). Moreover one needs a dll which is not avaliable unless you have windoze (legally speaking).
• I asked to the developers. There is no linux version. I asked them about the format: they didn't help me. I asked if I could write a program able to read the files natively in linux: they said I was allowed to write such program, as far as I keep it for me personal use (I hope this excuses this thread from being banned).
• I remark that wine is not a choice: I'd like to avoid using wine or any other kind of emulator. Specially because I'm doing it for fun, and as a way to learn linux programming.
• I have searched in google: I didn't find anything directly related.
• The "file" utility doesn't recognizes a known format. It doesn't seem to be a generic format.

I repeat, any constructive idea is welcome...

Regards

If a dll exists in Windows, then write code on Windows using the dll to put the file in cleartext. Copy the cleartext over to Linux.

As an aside, if the files are of some defined type - ie.,
Windows uses associations against file-types - the extention.

Assume the files are all *.pdq -

go to www.wotsit.org and see if the pdq file format is fully explained there. If this is a commonly used format then it will be. Even if it is proprietary.

You can then see how to "decrypt" or more correctly convert the files.

Thanks for the quick reply!
See above...
It is a nice site, indeed.
But I haven't found it (.pub files). It seems to be that they invented some sort of format and they didn't published it (I deduce that from my talk with the developers)

Best regards, and thanks again for the comments.

sounds like you not only have the plain text, and the cipher, but *also* access to the encryption mechanism. that is a very good start. The next thing to do would be to research and see if they use a real encryption algo, and what type of compression if any. What program is this? Two posts and not a mention of what program, are you a spy or somthing. Rogue agent? This is usually where they come for help with *nix and GNU related questions.

Anyhow, that sounds like it should be quite possible to reverse. Get a disassembler and take the dll apart, see what you see.. It should be possible (but not simple) depending on the encryption.

Isn't this .pub file a public key? If so, it may be pseudo-random and "decrypting" it may be a waste of time.

Yeh thats what I thought, but the way it was described it sounds like some other format with same extension.

If it is a key.. you are right and it is a waste of time.

but if this is true..
>> It seems to be that they invented some sort of format and they didn't published it

then it is more than likely able to be busted...

Hi!
That is because I don't intend to mention it.
I know, it sounds strange, but after talking with the developers, I have valid reasons for doing it. Moreover, it is a very specialized program unknown for most of the people: even if I mentioned, you would not know it.
Anyway, this is not the point. I don't intend to get free workers (or something similar): it is my personal project, and I'm decided to do the dirty work. Maybe I wasn't clear in the first post but what I'm lust asking for some advice about generic techniques for this task.
Why do you need to know the name of the program? Would that change the facts? I mean, I cannot prove that I have permission from developers to do what I'm doing. If I'd say the name of the program, would this somehow change?
I cannot believe you are serious...


About this infamous dll: it is a common windoze dll; I just mentioned to stress that although I can (hardly, but I can) make the program run under wine, I'm not strictly windoze free because I still nedd using this dll which is not freely avaliable (I already searched in M$ site).
So, I mean that this dll is not the corner stone of the program. In fact, I think it is just necessary for installation process.

About the .pub format: it is not public key, that is for sure.

Thanks for the interest and the help.
Any other suggestion?

Regards.

if you are just looking for general decryption techniques the first thing to be done is research the specifics. without the ability to do any research you cut down on the possibility of constructive advice.

only in the context of looking for specific help for a specific problem on a specific program
ok?.?..

usually there are no dlls that are unique to an installation process. does it not use one of the 3 or so common windows installers?

you are still at the point where you are going to have to reverse it to write it... starting point of reversing is researching..

Anyhow.. there are quite a few posts here in this thread and I now have no idea exactly what type of *help* you are looking for, maybe somthing along the lines of

you need to figure out what it does and then write it for linux

Asking for help and then saying oh I cant tell you that, or no thats a secret, or sorry thats illegal to divulge that informaiton, will not get you a whole lot of constructive advice anywhere.. oh and by the way you did ask for help

I owe you an apologize, xhi. You were just trying to help me kindly, and my answer was very rude. I'm sorry.

In case you are still interested in knowing why this secret, I'm going to explain it (I didn't do it before to avoid make people read a long story, but I think my explanation was a bit "mystic")
I have a friend who knows one of the developers of the program, so I could have a talk with him. He told me what I know about the program and he explained me that they don't allow, in general, this type of activity. However, after talking to his boss, they allowed me to do it as an exception. They asked me to keep the project for personal usage, and moreover I have to avoid to "talk about it", ie, keep it secret. And I'm decided to respect their requirements.
It could be a difficult work, I know, however I like programming, and I have never worked in a project like this one, so I thought it could be a nice exercise.

So, what I'm asking here is exactly the title of the thread: what is the best starting point in order to begin the attack to this closed format.
Maybe some of you have done a simmilar work before and can offer nice tricks or advices. That's all.

Thank's in advance.

Regards