Recover encrypted chat logs. - Printable Version -Shoutbox (https://shoutbox.menthix.net) +-- Forum: MsgHelp Archive (/forumdisplay.php?fid=58) +--- Forum: Messenger Plus! for Live Messenger (/forumdisplay.php?fid=4) +---- Forum: WLM Plus! Help (/forumdisplay.php?fid=12) +----- Thread: Recover encrypted chat logs. (/showthread.php?tid=59502) Recover encrypted chat logs. by muratyilmaz on 05-18-2006 at 10:22 AM
Hi all, RE: Recover encrypted chat logs. by user35870 on 05-18-2006 at 10:34 AM i'm sorry but without the password to the logs they are impossible to open. RE: Recover encrypted chat logs. by muratyilmaz on 05-18-2006 at 10:38 AM
but why, there is an algorythm to encrypt. thats right? RE: Recover encrypted chat logs. by Lou on 05-18-2006 at 10:41 AM
quote:There's only 1 single programmer for Plus!, and it's Patchou. He himself can't decrpyt encrypted logs without the password. RE: Recover encrypted chat logs. by muratyilmaz on 05-18-2006 at 10:46 AM
Thanks lou, RE: Recover encrypted chat logs. by qgroessl on 05-18-2006 at 12:18 PM
quote:So that only the person with the password can get into the logs... ... quote:Trying to contact him won't do anygood... he stops by the forum on occasion though. RE: Recover encrypted chat logs. by RaceProUK on 05-18-2006 at 12:24 PM
quote:If it's vital you get the logs, you'll just have to try guess the password. I'm afraid there's no tool to help. You can't even use the Registry entry: the password is stored encrypted itself. RE: Recover encrypted chat logs. by muratyilmaz on 05-18-2006 at 12:39 PM
So, how is application decrypt logs? I'm a programmer, and i know all encrypt algorythms are based on basic encryption. If application can decrypt it i think coder can do that. RE: Recover encrypted chat logs. by RaceProUK on 05-18-2006 at 12:41 PM
I don't think anyone's explained it fully: the password is the encryption key. Without the password, you won't have the encryption key, and therefore can't easily decrypt the logs. RE: Recover encrypted chat logs. by muratyilmaz on 05-18-2006 at 12:47 PM
I see. RE: Recover encrypted chat logs. by RaceProUK on 05-18-2006 at 12:50 PM I think, but don't quote me on it, that the first few bytes of the file, if correctly decrypted, are a kind of 'checksum'. I don't know the encrypted format in any detail, but that's how I guess Plus! can tell the right password. RE: Recover encrypted chat logs. by muratyilmaz on 05-18-2006 at 01:00 PM
race, RE: Recover encrypted chat logs. by Ezra on 05-18-2006 at 01:36 PM If that's true you should be abled to do an analytical attack, but it could still take years and it's very difficult RE: RE: Recover encrypted chat logs. by CookieRevised on 05-18-2006 at 05:37 PM
quote:The password isn't stored at all. quote:No As said, the password itself is the encryption key. This means that every file encrypted with a different password has different "starting"[*] bytes as the "checksum"[*] is obviously encrypted too. You can not reverse engineer the encrypted bytes to catch the password, in any way. In fact, the password is not stored in the file at all; it is just used as the key to decrypt (thus doesn't need to be stored anywhere anyways). The only way you could decrypt a encrypted log succesfully without knowing the password is by applying a brute force attack to the file. And that can take, without exagrating, thousands of years[**]. -- [*]Raceprouk, the special 'checksum' bytes aren't located at the beginning of each file. And the 'checksum' isn't a checksum but a specific word as you can read in one of the threads about the log format. What Plus! does to check if a password is correct or not is decrypting that encrypted word with the given password and if that specific word isn't what it should be, it knows the password wasn't correct. Again, the password is not stored in the file itself, nor the length, nor any other thing to know even the slightest thing or get the slightest hint about the password. [**]To have an idea: If a password has a maximum length of 10 characters (note that the password can actually be far longer than that) and can contain all printeable characters, you have 60.510.544.115.717.378.340 possible passwords. Say an average computer can process roughly 35.000.000 passwords per second (which would be relative fast though), it would still take you more than 55.000 years! RE: Recover encrypted chat logs. by can16358p on 05-20-2006 at 08:44 AM
Uhm, I have an idea maybe it'll help. RE: Recover encrypted chat logs. by RaceProUK on 05-20-2006 at 01:11 PM
quote:Hence why I used 'checksum' in inverted commas ;P quote:But you don't have to keep re-entering the password when new logs are created. I did find a value called 'LogEncryptionDataEx', which may not strictly be the password, but would be used to not require re-entering the password? Much like DataP is used for the Preferences Lock. RE: RE: Recover encrypted chat logs. by CookieRevised on 05-20-2006 at 02:25 PM
quote:Logs don't neccesairly begin with that though, normally they do... but you can't be 100% sure if you have a log in your hands from someone else. Logs are just a bunch of characters, it doesn't matter what they contain. So to base your reverse engeneering on that is applying guesswork... Anyways... The encryption/decryption method is known, it isn't a secret. But without the password (as the key) you can do absolutely nothing with encrypted text/logs. Also, as you said so yourself: the encrypted text is different each time (because the password was different), so what or how are you going to "catch" anything? With extremly basic "encryptions" (mind the quotes) where the encryption key is always the same you _could_ find something out, but reverse engineering encryptions (even if the encryption itself is dead easy) which use keys is as good as impossible. So, no it isn't possible.... Moreover, what would the purpose be to "catch" anything? To know how the encryption method works? As said, that isn't a secret and is already know. But even knowing the encryption method, you can not decrypt anything without the proper encryption key (which is what the password is used for). --------------------------------------------- It is absolutely NOT possible to recover encrypted log files WITHOUT the exact correct password. It is abdolutely NOT possible to strip/catch/extract anything from the encrypted logs files in a way you would get even the smallest hint of the password; the password is NOT even stored! No matter what things or ideas people might come up with: it is NOT possible... --------------------------------------------- quote:That doesn't have anything to do with this (except for the fact that the password _may_ be stored there, but that will not help at all): We are obviously talking about (not) stored stuff in the log files itself to "break" the encryption. The registry wont help you at all in this, even if the password was stored unencrypted!! People wanting to "recover" an encrypted log obviously haven't the (old) password stored in the registry (anymore), otherwise they wouldn't have the problem in the first place as Plus! would be able to open the log. RE: Recover encrypted chat logs. by muratyilmaz on 05-20-2006 at 07:39 PM
Ok. i see, logs are not decrypt. RE: Recover encrypted chat logs. by Voldemort on 05-20-2006 at 07:51 PM No, it doesnt. See CookieRevised's reply.. RE: Recover encrypted chat logs. by RaceProUK on 05-21-2006 at 08:41 PM
quote:Hence why I said the key isn't strictly the password, like DataP. However, my guess is the value is used so the user doesn't have to keep re-entering the password. |