Shoutbox

Tool to encrypt or decrypt log files - Printable Version

-Shoutbox (https://shoutbox.menthix.net)
+-- Forum: MsgHelp Archive (/forumdisplay.php?fid=58)
+--- Forum: Messenger Plus! for Live Messenger (/forumdisplay.php?fid=4)
+---- Forum: Scripting (/forumdisplay.php?fid=39)
+----- Forum: Plug-Ins (/forumdisplay.php?fid=28)
+------ Thread: Tool to encrypt or decrypt log files (/showthread.php?tid=54794)

Tool to encrypt or decrypt log files by solus on 01-09-2006 at 07:25 PM

Hello.

I just thought I'd post this up here incase it helps anyone. Attached is a tool to encrypt or decrypt log files, I'll bring out a tool which will encrypt/decrypt a whole directory when I have more time.

To decrypt Messenger Plus! log files (C++):


Fileformat of .ple files

First 10 bytes are the same for all log files.
const char standardHeader[] = {0x10,0x01,'M','P','L','E','1','<','<',0};

The next 4 bytes, I'm not sure what they are for, but in all log files I've seen they are
const char unknownbytes[] = {1,0,0,0};

After this is the length of the password check string (4 bytes). This is usually 13
Then comes the encrypted password check string. Ill talk about how to decrypt it later.


All that was the header. For the rest of the file, it is in multiple chunks of data.
Each of these chunks start with the 'signature' :
const char sig[] = {0xE9,0xFF,0xA3,0x00};
After this, there is the length of the following data (4 bytes).
Then there is the encrypted text.



To decrypt text :

Messenger Plus! uses the CryptoAPI to encrypt and decrypt text.
This is set up with the following call
CryptAcquireContextW(&hProv,L"MessengerPlusEncryptProvider",L"Microsoft Enhanced Cryptographic Provider v1.0",1,0);

I discovered that for some reason, the password is scrambled, and that the password is unicode (2 bytes).^o)
The algorithm for this in pseudo code is:

for i = 0 to length of password - 1
        newpassword [i] = password[i] + password [i + 1]
next i
newpassword[last letter] = password[last letter] + password[0]


The calls to continue setting up so that you can decrypt text are:

CryptCreateHash(hProv,0x8003,0,0,&hHash);
CryptHashData(hHash,newpassword,len,0);
CryptDeriveKey(hProv,0x6801,hHash,0x800000,&hKey);

This final call gives you a HCRYPTKEY which you can use in the CryptEncrypt and CryptDecrypt functions on the text :D

Sorry if this is all a bit confusing, I dont think i formatted it, or explained it very well :$

Solus


Edit - I replaced the file with one which has the VC runtime library statically linked, so it *should* work now

Edit 2 - Ok, so I converted it all to unicode, and made a few changes so it'll run on computers which haven't got Messenger Plus on.


RE: Tool to encrypt or decrypt log files by WDZ on 01-13-2006 at 09:44 PM

This thread was temporarily moved to a staff-only forum for a few days, pending approval from Patchou, who is busy coding.

He finally replied about an hour ago, and he doesn't seem to have a problem with this thread, so I have moved it back. :)


RE: Tool to encrypt or decrypt log files by Dane on 01-16-2006 at 08:03 AM

Thanks for the tool, will come in handy


RE: Tool to encrypt or decrypt log files by ipab on 01-16-2006 at 08:57 AM

seems like the file is corrupt :s


RE: Tool to encrypt or decrypt log files by CookieRevised on 01-16-2006 at 09:11 AM

quote:
Originally posted by WDZ
he doesn't seem to have a problem with this thread
:O:O:O:O
TBH, I was extremely surprised reading that...

quote:
Originally posted by solus
Attached is a tool to encrypt or decrypt log files
Your tool does not work!; it doesn't start...

[Image: attachment.php?pid=591415]


--------

PS: The explanations are indeed a bit confussing, but I'm not going to explain it in a better way to keep this somewhat away from "script kiddies" though :D

Though:
quote:
Originally posted by solus
This is usually 13
It is always 13. Though, nothing says this could be changed in the futur. Although I doubt it for backward compatibility reasons.

quote:
Originally posted by solus
I discovered that for some reason, the password is scrambled, and that the password is unicode (2 bytes).^o)
The password is "scrambled" for better security (so the API isn't called with the text password in plain sight). Although that didn't kept you from discovering it though, hehehe :p

But more importantly, the password is unicode because you can enter unicode characters. Remember that this also has implications of how the password is scrambled. Your pseudo-code is correct (appart from "0 to length" which should be "length-1") although lacks the big notice that all characters must be interpreted as unicode characters, as that is what they are, not as ascii characters.

(and this is also where one of those bugs were in old Plus! versions in regards to the "changing password")

PS2: And don't forget to destroy the handles of the key, hash and crypto provider.
RE: Tool to encrypt or decrypt log files by solus on 01-16-2006 at 07:19 PM

I'm not sure what the problem is. I just tried downloading it and it works fine on my computer....

Maybe it requires a DLL file you havent got?
Have you got MSVCR80.DLL?

Thanks for moving it back WDZ :D


RE: Tool to encrypt or decrypt log files by dotNorma on 01-16-2006 at 07:26 PM

quote:
Originally posted by solus
I'm not sure what the problem is. I just tried downloading it and it works fine on my computer....

Maybe it requires a DLL file you havent got?
Have you got MSVCR80.DLL?

Thanks for moving it back WDZ :D

I get the same error and a system search did not turn up the dll.
RE: Tool to encrypt or decrypt log files by solus on 01-16-2006 at 07:31 PM

Try putting this DLL in the same folder as the exe.

If that doesn't  work, install the C++ runtime maybe? I don't know...*-)


RE: Tool to encrypt or decrypt log files by dotNorma on 01-16-2006 at 08:19 PM

quote:
Originally posted by solus
Try putting this DLL in the same folder as the exe.

If that doesn't  work, install the C++ runtime maybe? I don't know...*-)

I put the dll in the same directory as the exe, as well as in C:/Windows/System but I still get the same error message.

As for installing the C++ Runtimes, I dont actually have a use for this tool at the moment so I dont feel like going through the trouble.

Very good job deciphering the logs though!
RE: RE: Tool to encrypt or decrypt log files by solus on 01-16-2006 at 08:32 PM

quote:
Originally posted by .Norma

I put the dll in the same directory as the exe, as well as in C:/Windows/System but I still get the same error message.


Ok, I'll test it out a bit more and see if I can find the problem

quote:
Originally posted by .Norma

Very good job deciphering the logs though!


Thanks :)
RE: Tool to encrypt or decrypt log files by dotNorma on 01-16-2006 at 08:40 PM

After doing some quick research it would seem this is possibly because of a Side by Side issue. This link addresses the issue:

http://support.microsoft.com/default.aspx?scid=kb;en-us;835322

As well as this thread on a forum:

http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=72965&SiteID=1


RE: RE: Tool to encrypt or decrypt log files by solus on 01-16-2006 at 10:03 PM

quote:
Originally posted by .Norma
After doing some quick research it would seem this is possibly because of a Side by Side issue. This link addresses the issue:

http://support.microsoft.com/default.aspx?scid=kb;en-us;835322

As well as this thread on a forum:

http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=72965&SiteID=1


Ahh ok thanks. Those links are quite helpful (Y)


Edit - I've updated the first post with a version of the tool which shouldn't need the runtime librarys in a DLL, so hopefully that will work

RE: Tool to encrypt or decrypt log files by dotNorma on 01-18-2006 at 01:18 AM

Ah, I can verify that this version works without the runtimes.

Very good job!


RE: Tool to encrypt or decrypt log files by CookieRevised on 01-18-2006 at 06:53 AM

The tool still does not work properly, solus.

The password is incorrectly formed, making the encryption and decryption wrong.

quote:
Originally posted by CookieRevised
quote:
Originally posted by solus
I discovered that for some reason, the password is scrambled, and that the password is unicode (2 bytes).^o)
The password is unicode because you can enter unicode characters. Remember that this also has implications of how the password is scrambled. Your pseudo-code is correct (appart from "0 to length" which should be "length-1") although lacks the big notice that all characters must be interpreted as unicode characters, as that is what they are, not as ascii characters.

(and this is also where one of those bugs were in old Plus! versions in regards to the "changing password")

RE: RE: Tool to encrypt or decrypt log files by solus on 01-18-2006 at 08:26 AM

quote:
Originally posted by CookieRevised
The tool still does not work properly, solus.

The password is incorrectly formed, making the encryption and decryption wrong.


Oh yes, sorry I just noticed that the password is not retrieved as a unicode string, so for the moment if your password contains unicode characters it will not work correctly.

I'll change it later

Thanks CookieRevised :)
RE: RE: RE: Tool to encrypt or decrypt log files by CookieRevised on 01-18-2006 at 06:18 PM

quote:
Originally posted by solus
quote:
Originally posted by CookieRevised
The tool still does not work properly, solus.

The password is incorrectly formed, making the encryption and decryption wrong.

Oh yes, sorry I just noticed that the password is not retrieved as a unicode string, so for the moment if your password contains unicode characters it will not work correctly.

I'll change it later
It is not only that... even with passwords in ascii you will have the very same problems. (I even didn't tested unicode with your program yet, only ascii passwords, but the cause is the same: your scrambling/descrambling routine)... Retrieving the password from the textbox is one thing (which isn't the cause of the problem), handling the password another (which is the cause); you need to handle it as unicode (even if it is ascii).

People using your tool (and even sticking to ascii passwords) will find that their logs will either be encrypted wrongly (and opening them up in Plus! will fail because it will say "password incorrect") and decrypting some logs will also fail with some (ascii) passwords.

Important for downloaders of this tool: As it is now, chances are very high that you will corrupt log files by using this tool (even by using ascii passwords). => EDIT: it has been fixed
RE: RE: RE: RE: Tool to encrypt or decrypt log files by solus on 01-18-2006 at 06:22 PM

quote:
Originally posted by CookieRevised
People using your tool (and even sticking to ascii passwords) will find that their logs will either be encrypted wrongly (and opening them up in Plus! will fail because it will say "password incorrect") and decrypting some logs will also fail with some (ascii) passwords.


I'm not sure I understand what you mean...
In what case would they be encrypted/decrypted wrongly?

quote:
Your pseudo-code is correct (appart from "0 to length" which should be "length-1")


Ok, I'll change this in the first post. Thanks :)
RE: Tool to encrypt or decrypt log files by CookieRevised on 01-18-2006 at 06:55 PM

In extremely many cases...

Like I said, the password's characters should be handled as unicode, not as ascii. It isn't some small limitation that you can fix later. It is a very serious bug which will result in wrong (un)scrambled passwords and thus in wrong encryption/decryption (no matter if the original password is ascii or not).

eg: test your program with the (pure ascii) password "éééé" (=4 times 0xE9) and you'll see. The scrambled new password is not "ÒÒÒÒ" (=4 times 0xD2), like it is in your current tool, but should be a unicode string containing 4 times the unicode character 0x01D2.


RE: Tool to encrypt or decrypt log files by solus on 01-18-2006 at 09:04 PM

quote:
Originally posted by CookieRevised
In extremely many cases...

Like I said, the password's characters should be handled as unicode, not as ascii. It isn't some small limitation that you can fix later. It is a very serious bug which will result in wrong (un)scrambled passwords and thus in wrong encryption/decryption (no matter if the original password is ascii or not).

eg: test your program with the (pure ascii) password "éééé" (=4 times 0xE9) and you'll see. The scrambled new password is not "ÒÒÒÒ" (=4 times 0xD2), like it is in your current tool, but should be a unicode string containing 4 times the unicode character 0x01D2.

Ahhh thanks, I understand now.
I've modified it so that unicode is used now. I'll never underestimate unicode again :D
RE: Tool to encrypt or decrypt log files by ostehaps on 01-18-2006 at 09:05 PM

Nice job solus!

It works nicely for me for single files. In its current state I don't find it particularly useful, though, so I have a request for you!

Essentially, I have 2 years of encrypted log files, which I would like to decrypt. Doing so file by file with your tool would be cumbersome. Obviously the log files are divided into directories (by date, in my case).

My suggestion to you is to add a function where your program takes a directory and a password as inputs, then searches for all *.ple files in that directory tree, and decrypts them, naming the output files as *.txt. Possibly with an option of deleting the old .ple files after decryption.

That would make me a verry happy man! ;-)

Mikael


RE: RE: Tool to encrypt or decrypt log files by solus on 01-18-2006 at 09:21 PM

quote:
Originally posted by ostehaps
Nice job solus!


Thanks :)

quote:
My suggestion to you is to add a function where your program takes a directory and a password as inputs, then searches for all *.ple files in that directory tree, and decrypts them, naming the output files as *.txt. Possibly with an option of deleting the old .ple files after decryption.


Thats what I'm planning to do next ;)
Deleting the old files afterwards is a good idea though.
RE: Tool to encrypt or decrypt log files by CookieRevised on 01-18-2006 at 09:33 PM

quote:
Originally posted by ostehaps
My suggestion to you is to add a function where your program takes a directory and a password as inputs
Important correction/note: files in the same directory can be encrypted with different passwords. In other words, instead of "a password", the tool must be able to take "several passwords" when doing batch decryptions...

(and verify that the decryption is correct before deleting the original encrypted files, but that speaks for itself of course. Just as asking the user what to do when a text log already exists; "overwrite or skip")
RE: RE: Tool to encrypt or decrypt log files by ostehaps on 01-18-2006 at 09:36 PM

quote:
Originally posted by CookieRevised
Important correction/note: files in the same directory can be encrypted with different passwords. In other words, instead of "a password", the tool must be able to take "several passwords" when doing batch decryptions...


Sure it's possible, but it's a good assumption that a person's logs have the same password. But by all means it could be included as an option, it's just not essential.
RE: Tool to encrypt or decrypt log files by CookieRevised on 01-18-2006 at 09:42 PM

Read thru these forums (all the threads about the encrypted logs), and you'll see that it is essential.

A lot of people change their passwords regulary and since many also archive logs, many logs are encrypted with different passwords, and this is also the reason why many people say that they can't decrypt logs anymore because they thought they were encrypted with some password, while it actually was encrypted with the other (older) one, etc...

It isn't just one of many smaller and other "options" or "features" which can be added though; it's pretty much mandatory in a batch decrypter ;)


RE: Tool to encrypt or decrypt log files by Patchou on 01-19-2006 at 03:59 AM

Note: for those who wonder, I did accept this thread because I have to reason to hide the way the file is internally structured. And for those of you less "geeky", let me make something very clear: eve with this information, you cannot decrypt a log without the proper password.

Also, for those interested, the whole encryption mechanism has been redone in Messenger Plus! Live in a much more secure way. Each log can now have its own password and everythins is internally crypted using a public/private 1024bits key pair (in combination to a 256bits synmetric key) and I'm using the latest algorythms that comes with Windows XP.


RE: Tool to encrypt or decrypt log files by ipab on 01-19-2006 at 04:16 AM

is there an api to call the decryption of a log? For mplus! live that is.


RE: Tool to encrypt or decrypt log files by qgroessl on 01-19-2006 at 04:32 AM

quote:
Originally posted by Patchou
Note: for those who wonder, I did accept this thread because I have to reason to hide the way the file is internally structured. And for those of you less "geeky", let me make something very clear: eve with this information, you cannot decrypt a log without the proper password.

Also, for those interested, the whole encryption mechanism has been redone in Messenger Plus! Live in a much more secure way. Each log can now have its own password and everythins is internally crypted using a public/private 1024bits key pair (in combination to a 256bits synmetric key) and I'm using the latest algorythms that comes with Windows XP.

I could've guessed that there was some reason similar to this as to why he'd let the thread out :p....
RE: Tool to encrypt or decrypt log files by CookieRevised on 01-19-2006 at 11:06 AM

quote:
Originally posted by Patchou
Note: for those who wonder, I did accept this thread because I have to reason no hide the way the file is internally structured. And for those of you less "geeky", let me make something very clear: eve with this information, you cannot decrypt a log without the proper password.
Though, with this information, it is dead easy now to make brute-force attackers/decrypters.
RE: RE: Tool to encrypt or decrypt log files by brian on 01-19-2006 at 11:57 AM

quote:
Originally posted by CookieRevised
Though, with this information, it is dead easy now to make brute-force attackers/decrypters.


Brute-forcers are the least effective of all types of decypting.
RE: Tool to encrypt or decrypt log files by CookieRevised on 01-20-2006 at 03:03 AM

Do certainly not underestimate to power of brute-forcers!!

And in this case they are the most effective way btw...

As I said, with the info on this page, brute-forcers can be extremely easy made, not to mention relative fast ones.

PS, look at some of the zip decryption brute forcers: 30 million passwords a second on an average computer. Least effective? I don't think so...

Many log file passwords of people are very easly 'guessed'...


RE: Tool to encrypt or decrypt log files by Patchou on 01-20-2006 at 09:52 AM

Well, that may be true however, someone with the knowledge to do a brute force checker wouldn't need the info on this post anyway... and, if you're that worries that someone is going to brute force the password in your logs, you should probably choose a more complicated password (with only 8 characters you generally have a good enough protection anyway).

And as for brute forcing 30 million passwords a second: that's absolutely impossible to do with the crypto api, the access is just way too slow. Brute forcing the average 400,000 billion possibilities of an average 8 characters passwords would take months, if not years. Taking Winzip as an example is just using the one software that's using one of the poorest protections ever :p.


RE: Tool to encrypt or decrypt log files by riahc4 on 01-21-2006 at 08:03 PM

I still sorta disagree about this tool...it makes me uneasy


RE: Tool to encrypt or decrypt log files by Millenium_edition on 01-21-2006 at 08:14 PM

quote:
Originally posted by riahc4
I still sorta disagree about this tool...it makes me uneasy
it's not your pick, and patchou is pretty much right about what he says ;)
RE: Tool to encrypt or decrypt log files by brainy on 02-16-2006 at 02:55 AM

Ok, the problem I am currently facing is decrypting the password.

I wrote a Java code but it isnt working correctly at all.. Maybe I can provide someone with the encrypted,scrambelled password and you decrypt it for me?

Thanks


RE: Tool to encrypt or decrypt log files by Plik on 02-16-2006 at 08:39 AM

quote:
Originally posted by brainy
Ok, the problem I am currently facing is decrypting the password.

I wrote a Java code but it isnt working correctly at all.. Maybe I can provide someone with the encrypted,scrambelled password and you decrypt it for me?

Thanks
The password is a hash, so you have no way of decryting it. And if you could decrypt it that would make the log encryption a bit pointless wouldn't it :P
RE: Tool to encrypt or decrypt log files by brainy on 02-16-2006 at 11:51 AM

Ah.. I thought from the first post, that pseudo code was to decrypt the password :)


RE: Tool to encrypt or decrypt log files by Iv4n on 06-23-2006 at 01:57 PM

This hash is in what crypt format? DES, AES? or it is just one that made Patchou, because i want to do a program too, but i want it to compare the hash that the user enter with the one that has the encrypted log, if its not the same, the program will close it self, but i cannot see to figure out if the hash is a normal hash, or if it hash been encrypted with somethod.

did i explain well my self?


RE: Tool to encrypt or decrypt log files by Patchou on 06-23-2006 at 04:21 PM

there is no reason to compare the hash of anything, the new Messenger Plus! Live comes with 2 "Log Viewer.exe" program that accepts command line parameters to encrypt/decrypt/change password.


RE: Tool to encrypt or decrypt log files by marie-canard on 09-19-2006 at 09:18 PM

I used you software to decrypt a file (*.ple). I havent the password of course. In the "input file", I put the .ple file. In the output file I put a .txt file, but the software ask me the password. But I havent it ! and i want to decrypt the .ple file. How can I do ?? thanks


RE: Tool to encrypt or decrypt log files by CookieRevised on 09-19-2006 at 11:33 PM

quote:
Originally posted by marie-canard
I used you software to decrypt a file (*.ple). I havent the password of course. In the "input file", I put the .ple file. In the output file I put a .txt file, but the software ask me the password. But I havent it ! and i want to decrypt the .ple file. How can I do ?? thanks
you can't....

The algorithm showed in the first post is the same as what Plus!3 does to decrypt an encrypted log file. In other words you can make a logviewer out of it. But it also means you need the password as the password is the key for the decryption.

This software, tool, or even Plus! itself are not password crackers nor decryption crackers.
RE: Tool to encrypt or decrypt log files by marie-canard on 09-20-2006 at 06:07 AM

How can I do to decrypt the file or to recover the password ??


RE: Tool to encrypt or decrypt log files by CookieRevised on 09-20-2006 at 06:30 AM

quote:
Originally posted by marie-canard
How can I do to decrypt the file or to recover the password ??
As said you can't.

There is no way to recover a password from a file.

sorry
RE: Tool to encrypt or decrypt log files by marie-canard on 09-20-2006 at 07:21 AM

And to juste decrypt the text of the file ?


RE: Tool to encrypt or decrypt log files by cloudhunter on 09-20-2006 at 08:53 AM

quote:
Originally posted by marie-canard
And to juste decrypt the text of the file ?

Not without the password, sorry.
RE: Tool to encrypt or decrypt log files by tomi206 on 02-08-2007 at 03:43 PM

i need help people i think my girlfriend is having fun with another, y took from her computer some logs but, this are .ple. i need to decrypt this logs, i opened the file with word and noticed all logs started the same, i think there in a code i dont undertstand is the password or the way i can see the logs.

  MPLE1<<     
   tÌz¥µ(/ùVÎÄ­ éÿ£     
€$ûïjp°8‹Œã_
4ÛåT

this is the header of the file. the logs are from a old plus! please help me:(


RE: Tool to encrypt or decrypt log files by Vilkku on 02-08-2007 at 04:27 PM

You cannot decrypt logs without the password.


RE: Tool to encrypt or decrypt log files by tomi206 on 02-08-2007 at 05:32 PM

i see everywhere that, but i have in my head  that somewhere in the pc that password is, in some msn dll file or the system dll files or even somewhere, when you put the password the programs read the real one form somewhere and it compares with the one you put, somewhere the password is, i need to find where and how i can get it, the problem is i dont know of programing or cracking, i dont know about cryptography :S thats my problem but im doing my best to try to find it.

im breaking my head, i am traying to find something with the hex work shop, i already see the logviewer and a dll on the same folder but i cant find something to start on a project :S

I discovered that when i open the file with the note pad and the heading is written in  CryptoAPI code fi someone nows about this code or has a program to read it and translate it please help me. My head is wrong when i realised that my girlfirend was with another, and i want to confirm this but without this i can't :(


RE: RE: Tool to encrypt or decrypt log files by CookieRevised on 02-09-2007 at 10:17 AM

quote:
Originally posted by tomi206
i need help people i think my girlfriend is having fun with another, y took from her computer some logs but, this are .ple. i need to decrypt this logs
Why? You will be breaking her privacy. Something nobody on this forum will help you with...

quote:
Originally posted by tomi206
i opened the file with word and noticed all logs started the same, i think there in a code i dont undertstand is the password or the way i can see the logs.
Absolutely not. The password is not stored in the logs at all. And there is also no way you can decrypt logs with the info from the logs itself. It is impossible.

quote:
Originally posted by tomi206
im breaking my head, i am traying to find something with the hex work shop, i already see the logviewer and a dll on the same folder but i cant find something to start on a project :S
Forget about it, the password can not be retrieved like that, niether is it saved in the logs, a dll or whatever...

quote:
Originally posted by tomi206
My head is wrong when i realised that my girlfirend was with another, and i want to confirm this but without this i can't :(
Yes you can, simply ask her. Be honest and straightforward. Breaking into her privacy and such stuff is the totally wrong thing todo and you will not gain her sympathy if you did.

EDIT: fixed some spelling
RE: RE: RE: Tool to encrypt or decrypt log files by tomi206 on 02-09-2007 at 03:13 PM

i asked her if she had problem if i see the logs and she wasnt, she send me all the logs to my pc, but told me she didnt remember the password, so im not breaking her privacy

in the regedit i went to HKEY_CURRENT_USER\Software\Patchou\Messenger Plus! Live\hermail@hotmail.com\Preferences and i fonuded that there are more files that in other contacts folder, i founded three intresting files LogKeyLenght (REG_DWORD) LogPriveteKey1024 (REG_BINARY) and LogPublicKey1024 (REG_BINARY) i think this files contains the password but, how can i open them to read it? i think the 1024 numer is a encrypted file, so... how can i decrypt and read those files? ty


RE: RE: RE: RE: Tool to encrypt or decrypt log files by CookieRevised on 02-09-2007 at 11:04 PM

quote:
Originally posted by tomi206
i asked her if she had problem if i see the logs and she wasnt, she send me all the logs to my pc, but told me she didnt remember the password, so im not breaking her privacy
sorry but I don't believe that. Second, as said multiple times before, it is impossible to read encrypted logs without having the correct password and it is impossible to retrieve the password.
RE: Tool to encrypt or decrypt log files by solus on 02-09-2007 at 11:30 PM

Wow, a lot of people have misinterpretted this thread.

I'm just curious... The password must be stored on the computer to allow the chats to be encrypted. I'm assuming with Messenger Plus Live! the password is hashed and this is some how passed through to the crypto API.
I haven't looked at this in a long time and wonder if you know anything else about this?

Perhaps the registry keys suggested earlier were the hashed versions of the password?


RE: Tool to encrypt or decrypt log files by Baggins on 02-09-2007 at 11:47 PM

From reading, I believe the keys are stored in the registry.

If you could get the key would it not be possible to somehow figure out the encription method thinger.

Or am I just an encryption newb?

EDIT: sorry, disregard this, it seems I misunderstood as well


RE: Tool to encrypt or decrypt log files by CookieRevised on 02-19-2007 at 08:41 PM

quote:
Originally posted by Voziv
I don't believe in lying to people about things, which I do believe is being done.
No-one lied here at all.

Making a brute forcer is ofcourse possible, but it would take thousands of years to let it run, which makes this solution very obviously not possible to do.

All which arguments like "nothing is impossible" do is creating hope where there really is none. Post after post we tried to make that clear in this thread:

It is not possible. period.


In your theory, it is possible to travel to Pluto. Of course that is possible, but by the time you're there you would be already dead.
RE: Tool to encrypt or decrypt log files by Juen on 02-27-2007 at 05:45 AM

Hello, I have a problem with this program, every time that I try to decrypt a file, the program gives me the same error: "An error ocurred opening the file. Posible reason: File doesnt exists"

What happen?

DP: Im hex-editing the logs and I dont see the signature of chunks (E9 FF A3 00)


RE: Tool to encrypt or decrypt log files by CookieRevised on 02-27-2007 at 11:22 PM

For starters, the tool only works for Messenger Plus! 3 logs.

The logs in Messenger Plus! Live are encrypted differently and have a different format.


RE: Tool to encrypt or decrypt log files by Patchou on 02-27-2007 at 11:53 PM

You can decrypt your Messenger Plsu! Live log files with Log Viewer.exe (run it with /? for the command line arguments).


RE: Tool to encrypt or decrypt log files by CookieRevised on 02-28-2007 at 03:03 AM

quote:
Originally posted by Patchou
You can decrypt your Messenger Plsu! Live log files with Log Viewer.exe (run it with /? for the command line arguments).
Juen,

but when you run it from a command prompt, enclose the name of the program in quotes (since it contains a space), Thus:
"log viewer" /?

Also to automate this a bit, the old DecryptAll batch file I once wrote still works. It decrypts all the files in the current directory. See:
"CookieRevised's reply to About uncrypting logs (i've got password!)"

;)

EDIT:
quote:
Originally posted by bigproblem
can't you help me, if i prove to you i am the owner of the logs??
Even if we wanted to help you we can not. It is not possible without having the original password!
RE: Tool to encrypt or decrypt log files by bigproblem on 06-06-2007 at 04:38 AM

ohh please!! so there's no way?

i have some old logs, from the first time i used PLUS around 2004,

but then i didn't use it for 3 years, now that i have it again, my password isn't saved, and there's no way i'll remember my old password!

can't you help me, if i prove to you i am the owner of the logs??

i can send the logs from the very same e-mail they correspond to, and someone can help me with this password problem!

sorry to bother you with this, but i'd really like to unearth some of my conversations from 3 years ago onwards...


RE: RE: Tool to encrypt or decrypt log files by Noproblemo on 06-27-2007 at 05:00 PM

quote:
Originally posted by Patchou
And as for brute forcing 30 million passwords a second: that's absolutely impossible to do with the crypto api, the access is just way too slow. Brute forcing the average 400,000 billion possibilities of an average 8 characters passwords would take months, if not years. Taking Winzip as an example is just using the one software that's using one of the poorest protections ever :p.

Well ... all of this could be true if their wasn't a design error in the encryption of the .ple files. The way the encryption has been implemented makes the .ple files vulnerable to pre-computation attacks (e.g. using Rainbow tables).
As a proof of concept I modified the code from project Rainbow crack (http://www.antsight.com/zsl/rainbowcrack/) to generate keys for .ple files. Using five 100MB rainbowtables (generated in one afternoon) I'm able to recover the password for all .ple files protected with a numeric password (1-8 digits) and this within 2 minutes !
I also noticed that the password scrambling routine (described earlier) creates password collisions. For instance a .ple protected with password 57341224 can be read using password 48250315.
I hope you have corrected these errors in your new version !
RE: Tool to encrypt or decrypt log files by CookieRevised on 06-28-2007 at 01:14 AM

Try to generate rainbow tables for case sensitive alphanumerical charset of 10 characters, it would take a bit longer than one afternoon I think...

The only difference between a rainbow crack and a brute force is that with the rainbox crack you calculate all the possible hashes first before doing the actuall comparisson. While with brute force you do the exact same calculations, but you compare each result immediatly.

Saying that with a rainbow crack you can crack the logs virtually in an instant is not true, you first need to have the rainbow tables, which can take years to create (on a single PC).


RE: Tool to encrypt or decrypt log files by Taborda on 07-07-2007 at 10:20 PM

is there any software to decrypt the log files with password in linux??
i need a program to do that...

or the algorithm to decrypt ... i can write a program to do that if i know how it works...


RE: Tool to encrypt or decrypt log files by CookieRevised on 07-07-2007 at 11:26 PM

quote:
Originally posted by Taborda
is there any software to decrypt the log files with password in linux??
No, encrypting/decrypting is done using Windows APIs. They don't exist in *nix.
RE: RE: Tool to encrypt or decrypt log files by Noproblemo on 07-15-2007 at 08:20 PM

quote:
Originally posted by CookieRevised
The only difference between a rainbow crack and a brute force is that with the rainbox crack you calculate all the possible hashes first before doing the actuall comparisson. While with brute force you do the exact same calculations, but you compare each result immediatly.

You forget the most important difference ! Now that I have these tables I can recover the content of ANY .ple 'secured' using a numeric [0-8 digits] password within minutes. That is what I call an 'implementation' error !

quote:
... you first need to have the rainbow tables, which can take years to create (on a single PC).

... calculating tables ... ;-)

quote:
Originally posted by Taborda
is there any software to decrypt the log files with password in linux??
i need a program to do that...

or the algorithm to decrypt ... i can write a program to do that if i know how it works...


If you have a working C source code implementation for "MultiByteToWideChar()" ... I have all the rest (OpenSSL based) :-D
RE: RE: RE: Tool to encrypt or decrypt log files by CookieRevised on 07-16-2007 at 02:52 AM

quote:
Originally posted by Noproblemo
quote:
Originally posted by CookieRevised
The only difference between a rainbow crack and a brute force is that with the rainbox crack you calculate all the possible hashes first before doing the actuall comparisson. While with brute force you do the exact same calculations, but you compare each result immediatly.
You forget the most important difference ! Now that I have these tables I can recover the content of ANY .ple 'secured' using a numeric [0-8 digits] password within minutes.
That's the exact same thing I said, it is not another difference:
quote:
with the rainbox crack you calculate all the possible hashes first before doing the actuall comparisson.
implying that once you have the calculations you only need to compare.

quote:
Originally posted by Noproblemo
That is what I call an 'implementation' error !
I fail to see how that is an error...

quote:
Originally posted by Noproblemo
quote:
... you first need to have the rainbow tables, which can take years to create (on a single PC).
... calculating tables ... ;-)
sure... Calculate the time needed to calculate the rainbow tables for all possible characters, from 1 to, let's say, 10 character long pwds. Examples of how long it can take are shown on the original Rainbow Crack page.
RE: Tool to encrypt or decrypt log files by BloodBlader on 11-19-2007 at 03:04 PM

Well, hello.

Has anyone done something since the last post?

I was wondering if decrypting ple files without password can be done at this date.

I've done some research and apparently AccessData Recover Password ToolKit (PRTK) 6.1 can decrypt ple files with a "dictionary attack" the problem is i have no money to buy the program and the module that decrypt these files is not available in the demo.

Can anyone help please?

The thing is that my father forgot the password for his logs and there are very important financial information from his company and he needs it desperately

help would be appreciated!
Thanks



RE: Tool to encrypt or decrypt log files by CookieRevised on 11-19-2007 at 07:02 PM

As you can read in many many posts on these forums, decrypting without a password is not possible.

It was never possible, it is not possible, and it will never be possible.

There would be absolutely no point in encrypting stuff with a password if there is a tool to simply decrypt it without a password.

--

The password is needed since the password itself is the key to decrypt the logs.
The encryption/decryption system is not a simple "if the password is not correct you aren't allowed to view it"-system (which can be bypassed easly), but a "I need the correct password to know what calculations I need to do to decrypt"-system

--

Brute force attacks are possible for any any decryption/encryption system in the world... in theory(!). That's not rocket science.

However, in practice, a brute force attack takes an extreme lot of time, in the order of years, even decades(!), and that's even using an über-super-computer....

Even using rainbow-tables will take a lot of time, despite what some people might say. The reason is very simple: you need to calculate the rainbow tables first. Which takes the same amount of time as with brute force attackers.

A dictionary attack is nothing more than a brute force attack using only known words. In other words, if you have a password which is not an existing word, a dictionary attack will be completely useless. Even using 1 digit in your password renders almost all dictionary attacks useless.

The point is that in almost all cases you don't know what password is used; It can be an existing word, but chances are just the same that it isn't.

------------

Forgive me for saying this also, but using Messenger to communicate "very important financial information" is not smart to do. There are better, more secure ways, to do this sort of thing. Even then, if he needs this info, why don't he ask the info again from his contact he got it from, or request it in a more official way via his company.

Also, the point of a password is that you also can remember it. If you have trouble remembering passwords, either don't use them, or either write them down.


------------

In the next version of Messenger Plus! Live you will be able to set a password hint. In that way remembering a password would be somewhat easier (but less secure ofcourse). See Patchou's reply to forgoten password from chatlog of v4.0.0.214.


RE: Tool to encrypt or decrypt log files by alextrevelian on 02-10-2008 at 01:09 AM

that was very helpful thanks mate


RE: Tool to encrypt or decrypt log files by thegpfury on 06-25-2008 at 05:44 PM

A bruteforcing app and rainbow tables was mentioned earlier in this thread, does anyone have a link? I forgot a password to some of my older logs, and I'm pretty sure it was a shortish one that could be bruteforced...


RE: Tool to encrypt or decrypt log files by CookieRevised on 06-25-2008 at 09:21 PM

The only information regarding rainbow tables in reference to decrypting chat logs is given from like 10 posts ago. Read up a little, it contains a link to some brute force concept project.

However, rainbow tables are massive... hundreds of megabytes at the least, gigabytes normally...

The guy who first posted about using rainbow tables said his tables are 500MB big and that's just for numbers and a password length of up to 8 digits.

So that's roughly 10^8 combinations = 100.000.000 combinations (not taking in account the fact that you can also have pwds with 7 or 6 or 5, etc digits).

Now throw in the alphabet and your possible combinations for 8 characters will sky rocket up to 62^8 or 218 trillion combinations!!!

That's 2 million times the amount of the only-numerical combinations.

Rainbow tables have an unique setup so you don't need 2 million times 500MB of space. But still, the time it takes to generate those tables would be years if not decades if you try this at your own computer (assuming it is a super-fast computer).

In short, there is no rainbow table for Messenger Plus! Live logs, there is no "link" to one. And I'm afraid you wont be able to decrypt your logs.


-----

EDIT, PS: Oh, and I even forgot to mention the fact that you now can choose between different sets of key lengths in Messenger Plus! Live. So, multiply all the time taken to generate such a table by 4 (since you can choose from 4 different key lengths to base the encryption on).


RE: Tool to encrypt or decrypt log files by thegpfury on 06-25-2008 at 10:37 PM

Yeah, I know how large rainbow tables are and I know how long it takes to generate them. I've done a couple for myself, and downloaded several hundred gigabytes of others. I also know how long bruteforcing takes, as I've done some experimenting with it.

I'm pretty sure that the password was less than 8 characters lower-alpha numeric, which is relatively easy to bruteforce...I just don't have any software that can bruteforce them, and I don't have the coding capabilities to modify rainbowcrack like the other guy, which was why I was asking


RE: Tool to encrypt or decrypt log files by Flamer46 on 09-07-2008 at 04:03 PM

Ok guys, I need help.
When I try to decrypt a log file I get the following message:
An error occured opening the file. Possible reason: File doesn't exist

I have tried a few times. I moved the log file to the same folder as the program, hoping it would help. I have checked the permissions just in case those were the problem. I still can't fix this.
Please help


RE: Tool to encrypt or decrypt log files by rullen on 09-24-2009 at 03:06 PM

I have lots of encrypted files. Is it possible somehow to loop through folders of files with your tool to decrypt logs?

It would be awesome!


RE: Tool to encrypt or decrypt log files by matty on 09-24-2009 at 03:32 PM

That tool no unfortunately not. It doesn't look like it accepts command line parameters.

This script will do what you need it to do however [Release] Log Manager - Version 1.1.008


RE: Tool to encrypt or decrypt log files by CookieRevised on 09-25-2009 at 01:43 AM

quote:
Originally posted by rullen
I have lots of encrypted files. Is it possible somehow to loop through folders of files with your tool to decrypt logs?

It would be awesome!
For a quick and simple tool to automatically decrypt or encrypt everything in a folder including subfolders see:
CookieRevised's reply to About uncrypting logs (i've got password!)
of course you must know the password(s)


quote:
Originally posted by matty
This script will do what you need it to do however [Release] Log Manager - Version 1.1.008
But AFAIK/IIRC, it can not decrypt/encrypt all the files in subfolders automatically. You must manualy navigate to each subfolder and select all the files first.

Though, I might be wrong since it has been a very long time since I used that script.

RE: RE: Tool to encrypt or decrypt log files by rullen on 09-28-2009 at 08:51 AM

quote:
Originally posted by matty
This script will do what you need it to do however [Release] Log Manager - Version 1.1.008
Thanks! It is perfect. Now I just need to select folders!
RE: Tool to encrypt or decrypt log files by Dythor on 03-22-2010 at 08:24 PM

Alright, I have a very basic and noobish question... How do I run the script?

Thanks in advance.


quote:
Originally posted by CookieRevised


It is not possible. period.

How do hackers make their way in despite password-protected systems then? Don't they use scripts or something? We all have the image of a hack bot inside our heads, there must be something? Or they just social engineer their way into being told the password by the one who knows it?
RE: RE: Tool to encrypt or decrypt log files by CookieRevised on 03-23-2010 at 12:53 AM

quote:
Originally posted by Dythor
Alright, I have a very basic and noobish question... How do I run the script?
What script do you mean?

quote:
Originally posted by Dythor
How do hackers make their way in despite password-protected systems then? Don't they use scripts or something? We all have the image of a hack bot inside our heads, there must be something?
Yes, they often use automated processes. But each protection scheme is different and requires different tools and/or methods. Brute forcing (what you refer to) is only rarely successfull and it can only be used in certain cases (eg: a very weak password was used).

quote:
Originally posted by Dythor
Or they just social engineer their way into being told the password by the one who knows it?
That is indeed, by far, the most used way... together with reverse engineering where possible...
RE: Tool to encrypt or decrypt log files by Dythor on 03-31-2010 at 08:35 PM

So you are suggesting that the top hackers of the world can't break into my .ple files without knowing the password? I'm not being ironic, I'm just trying to figure out how tragic my situation is because I really miss those logs :P


RE: Tool to encrypt or decrypt log files by CookieRevised on 04-01-2010 at 02:47 AM

quote:
Originally posted by Dythor
So you are suggesting that the top hackers of the world can't break into my .ple files without knowing the password? I'm not being ironic, I'm just trying to figure out how tragic my situation is because I really miss those logs :P
The top hackers in this world have dedicated machines to their disposal. But those machines only do what your computer is able to do. They aren't things which can break stuff by magic, they only can do calculations faster.

So, depending on the strength of the password, it would take a lot of their time too as they still would need brute force tools... unless someone finds a loophole in the Windows Cryptography APIs. But that is very doubtfull as those routines are created and updated especially to be inreversible without knowing the passwords, at this time*. And as soon as something is prooven to be reversible, it will be updated yet again with a stronger algorithm.

This said, no hacker in the world would probably be interested in your logs or putting time in trying to find the used password anyways, unless you pay them a few million dollars. And that is if you even can find those 'top hackers'.

So, yes, your situation is unfortunatly tragic I suppose. There is no way to decrypt the logs without knowing the correct password.


* The famous MD5 encryption/hashing method isn't reversible either. But nevertheless people have found ways to calculate collisions in a relative short time. This means that in theory it is possible to access something which is protected by a MD5 hash by an alternative password. But even so, you still would need a brute force attacker (even if you are using rainbow tables) to find the correct password or one of its alternatives.
RE: Tool to encrypt or decrypt log files by willy469 on 03-09-2011 at 06:09 PM

Hi,

I'm trying to write a funtion using visual basic 6 and the CryptDecrypt call always returns 0

Can anyone tell me what am I doing wrong?

here is the code:

'read the full encrypted file and convert it to string

F = App.Path & "\encryptedfile.ple"
FN = FreeFile
dlen = FileLen(F)
ReDim data(dlen)

Open F For Binary As FN
Get #FN, , data
Close FN

For pos = 0 To dlen
    Stemp = Stemp & Chr(data(pos))
Next pos

'set the correct password (I have encrypted using this pwd)
'no password scramble needed as al the chars are the same.

pwd = "bbbb"

'api calls the constants are expressed as decimal.. it should work..

Rst = CryptAcquireContext(hProv, "MessengerPlusEncryptProvider", "Microsoft Enhanced Cryptographic Provider v1.0", 1, 0)

Rst = CryptCreateHash(hProv, 32771, 0, 0, hHash)
Rst = CryptHashData(hHash, pwd, l, 0)
Rst = CryptDeriveKey(hProv, 26625, hHash, 8388608, Hkey)

Rst = CryptDecrypt(Hkey, 0, 1, 0, Stemp, Len(Stemp))


the last call returns "0" and the stemp content is not decrypted..

thank you!!!!




RE: Tool to encrypt or decrypt log files by matty on 03-09-2011 at 06:11 PM

Have you tried calling GetLastError to see what the error is?


RE: Tool to encrypt or decrypt log files by CookieRevised on 03-09-2011 at 11:58 PM

There are many things wrong though. If that is your entire code, it will never work properly. Instead post everything, including declarations.

Either way, with such an 'old' and dirty code style debugging is very difficult. Determining why that last API fails is the least of your worries.

Start by at least properly declaring and initializing all your variables! Especially if you are using Windows APIs it is essential you use proper code style and don't rely on defaults and the Variant types. Also note that there is no 'decimal' type in VB.

Second, you need to know the difference between unicode and ansi strings and how VB handles them, and thus how to implement it properly. For example, your password is not send as unicode to the APIs to begin with. Also learn what byte arrays are and the proper way to handle them and how they relate to ansi and unicode strings.

Third, the routines (cryptogrpahic provider and context) for decrypting a Messenger Plus! log might have changed since that first post in this thread, so using those might only work for old logs.

Fourth, you can't simply use the entire contents of the encrypted log file like that! It has a specific format with a header, data, contents, etc.

---

So, in a nutshell, there is so much wrong with that code that correcting it would simply result in giving you a complete working code. It is not a matter of just fixing a line or two, it needs a complete rewrite from scratch. Hence my next question and comments:

Have you programmed in VB before or is this one of your first things you've programmed? Because that entire code looks like it has been made by a first-time programmer, no offense though (everybody needs to start somewhere). But if it is one of your first programs, I strongly suggest to first learn a few things (eg: proper ansi/unicode handling and how VB handles it internally, proper binary file reading, etc) and first make easier things you completely understand, before copy/pasting and trying to make your own logfile decrypter.


RE: Tool to encrypt or decrypt log files by willy469 on 03-10-2011 at 01:38 AM

I have pasted just the part of the code I thought that was wrong.
I have declared  apis and variables , but I understand that it was not necesary to paste that..
The code is like that becuase I was just trying to verify if the MsgPlus encryption and decryption worked that way, so I wrote something quick.
You are right, I need to learn a lot before trying with this stuff.
Thanks anyway.
Willy


RE: Tool to encrypt or decrypt log files by CookieRevised on 03-10-2011 at 08:00 AM

Ah, I see.
Forgive me for being a bit blunt in my previous post though.

But, yes, the encryption works in that way, sort of. That is, the cryptographic provider and context strings might have change, just as the key values, since the time the first post in this thread has been made. Also the file format of encrypted logs has changed. But the prinicple is just the same. Deltailed pseudo-code to read a version 1 encrypted log can be seen in that first post in this thread.

If you're interested in using the Cryptography APIs in VB I can suggest two very good books: http://www.amazon.com/gp/product/0672318369 and http://www.amazon.com/gp/product/0471381896
But they are not exactly aimed for the novice user though. Also see http://www.cryptovb.com/

As for the VB code itself: yes declarations of variables and APIs are very important and must always be included. A wrong type declaration of a variable can make or break an entire code.


RE: Tool to encrypt or decrypt log files by willy469 on 03-12-2011 at 01:55 AM

thank you so much for the information!

Best..

Willy