What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » Messenger Plus! for Live Messenger » WLM Plus! Help » Recover encrypted chat logs.

Pages: (2): « First « 1 [ 2 ] Last »
Recover encrypted chat logs.
Author: Message:
RaceProUK
Elite Member
*****

Avatar

Posts: 6073
Reputation: 57
39 / Male / Flag
Joined: Oct 2003
RE: Recover encrypted chat logs.
I think, but don't quote me on it, that the first few bytes of the file, if correctly decrypted, are a kind of 'checksum'. I don't know the encrypted format in any detail, but that's how I guess Plus! can tell the right password.
[Image: spartaafk.png]
05-18-2006 12:50 PM
Profile PM Web Find Quote Report
muratyilmaz
New Member
*


Posts: 7
Joined: May 2006
O.P. RE: Recover encrypted chat logs.
race,

You are right, plus need first a few bytes to correction password is correct or not. It s mean all logs may have same first few byte so this bytes can tell to coder password encryption even password.

am I right?
05-18-2006 01:00 PM
Profile E-Mail PM Find Quote Report
Ezra
Veteran Member
*****

Avatar
Forgiveness is between them and God

Posts: 1960
Reputation: 31
37 / Male / Flag
Joined: Mar 2003
RE: Recover encrypted chat logs.
If that's true you should be abled to do an analytical attack, but it could still take years and it's very difficult :P
[Image: 1-0.png]
             
05-18-2006 01:36 PM
Profile PM Web Find Quote Report
CookieRevised
Elite Member
*****

Avatar

Posts: 15517
Reputation: 173
– / Male / Flag
Joined: Jul 2003
Status: Away
RE: RE: Recover encrypted chat logs.
quote:
Originally posted by raceprouk
the password is stored encrypted itself.
The password isn't stored at all.

quote:
Originally posted by muratyilmaz
You are right, plus need first a few bytes to correction password is correct or not. It s mean all logs may have same first few byte so this bytes can tell to coder password encryption even password.

am I right?
No

As said, the password itself is the encryption key. This means that every file encrypted with a different password has different "starting"[*] bytes as the "checksum"[*] is obviously encrypted too.

You can not reverse engineer the encrypted bytes to catch the password, in any way.

In fact, the password is not stored in the file at all; it is just used as the key to decrypt (thus doesn't need to be stored anywhere anyways).

The only way you could decrypt a encrypted log succesfully without knowing the password is by applying a brute force attack to the file. And that can take, without exagrating, thousands of years[**].

--

[*]Raceprouk, the special 'checksum' bytes aren't located at the beginning of each file. And the 'checksum' isn't a checksum but a specific word as you can read in one of the threads about the log format.

What Plus! does to check if a password is correct or not is decrypting that encrypted word with the given password and if that specific word isn't what it should be, it knows the password wasn't correct. Again, the password is not stored in the file itself, nor the length, nor any other thing to know even the slightest thing or get the slightest hint about the password.


[**]To have an idea:
If a password has a maximum length of 10 characters (note that the password can actually be far longer than that) and can contain all printeable characters, you have 60.510.544.115.717.378.340 possible passwords. Say an average computer can process roughly 35.000.000 passwords per second (which would be relative fast though), it would still take you more than 55.000 years!

This post was edited on 05-19-2006 at 01:28 AM by CookieRevised.
.-= A 'frrrrrrrituurrr' for Wacky =-.
05-18-2006 05:37 PM
Profile PM Find Quote Report
can16358p
Junior Member
**

WLM + MP!L User

Posts: 58
34 / Male / –
Joined: Oct 2005
Status: Away
RE: Recover encrypted chat logs.
Uhm, I have an idea maybe it'll help.

Don't all chat logs start as:
.--------------------------------------------------------------------.
| Session Start: Datte of the conversation                                   |
| Participants:                                                      |

If we then can learn the encryption algorithm (which, I assume, only Patchou knows), we may find some possible values for the domain of the function. I mean; the data decrypted is known, and the encrypted part is known. Can't we find something with it? I know there won't be one result for this. But I've been thinking of catching something with these.
05-20-2006 08:44 AM
Profile E-Mail PM Find Quote Report
RaceProUK
Elite Member
*****

Avatar

Posts: 6073
Reputation: 57
39 / Male / Flag
Joined: Oct 2003
RE: Recover encrypted chat logs.
quote:
Originally posted by CookieRevised
Raceprouk, the special 'checksum' bytes aren't located at the beginning of each file. And the 'checksum' isn't a checksum but a specific word as you can read in one of the threads about the log format.
Hence why I used 'checksum' in inverted commas ;P
quote:
Originally posted by CookieRevised
The password isn't stored at all.
But you don't have to keep re-entering the password when new logs are created. I did find a value called 'LogEncryptionDataEx', which may not strictly be the password, but would be used to not require re-entering the password? Much like DataP is used for the Preferences Lock.
[Image: spartaafk.png]
05-20-2006 01:11 PM
Profile PM Web Find Quote Report
CookieRevised
Elite Member
*****

Avatar

Posts: 15517
Reputation: 173
– / Male / Flag
Joined: Jul 2003
Status: Away
RE: RE: Recover encrypted chat logs.
quote:
Originally posted by can16358p
Uhm, I have an idea maybe it'll help.

Don't all chat logs start as:
.--------------------------------------------------------------------.
| Session Start: Datte of the conversation                                   |
| Participants:                                                      |

If we then can learn the encryption algorithm (which, I assume, only Patchou knows), we may find some possible values for the domain of the function. I mean; the data decrypted is known, and the encrypted part is known. Can't we find something with it? I know there won't be one result for this. But I've been thinking of catching something with these.
Logs don't neccesairly begin with that though, normally they do... but you can't be 100% sure if you have a log in your hands from someone else. Logs are just a bunch of characters, it doesn't matter what they contain. So to base your reverse engeneering on that is applying guesswork...

Anyways...
The encryption/decryption method is known, it isn't a secret. But without the password (as the key) you can do absolutely nothing with encrypted text/logs.

Also, as you said so yourself: the encrypted text is different each time (because the password was different), so what or how are you going to "catch" anything? With extremly basic "encryptions" (mind the quotes) where the encryption key is always the same you _could_ find something out, but reverse engineering encryptions (even if the encryption itself is dead easy) which use keys is as good as impossible.

So, no it isn't possible.... Moreover, what would the purpose be to "catch" anything? To know how the encryption method works? As said, that isn't a secret and is already know. But even knowing the encryption method, you can not decrypt anything without the proper encryption key (which is what the password is used for).

---------------------------------------------

It is absolutely NOT possible to recover encrypted log files WITHOUT the exact correct password.

It is abdolutely NOT possible to strip/catch/extract anything from the encrypted logs files in a way you would get even the smallest hint of the password; the password is NOT even stored!

No matter what things or ideas people might come up with: it is NOT possible...

---------------------------------------------

quote:
Originally posted by raceprouk
quote:
Originally posted by CookieRevised
The password isn't stored at all.
But you don't have to keep re-entering the password when new logs are created. I did find a value called 'LogEncryptionDataEx', which may not strictly be the password, but would be used to not require re-entering the password? Much like DataP is used for the Preferences Lock.
That doesn't have anything to do with this (except for the fact that the password _may_ be stored there, but that will not help at all):

We are obviously talking about (not) stored stuff in the log files itself to "break" the encryption. The registry wont help you at all in this, even if the password was stored unencrypted!!

People wanting to "recover" an encrypted log obviously haven't the (old) password stored in the registry (anymore), otherwise they wouldn't have the problem in the first place as Plus! would be able to open the log.

This post was edited on 05-20-2006 at 04:05 PM by CookieRevised.
.-= A 'frrrrrrrituurrr' for Wacky =-.
05-20-2006 02:25 PM
Profile PM Find Quote Report
muratyilmaz
New Member
*


Posts: 7
Joined: May 2006
O.P. RE: Recover encrypted chat logs.
Ok. i see, logs are not decrypt.

So, when i logged in msn messenger(same time plus!), it ask me password. right? then i need to enter my password. This mean plus knows my password then check it my entering keys. Plus saves password to anywhere?
05-20-2006 07:39 PM
Profile E-Mail PM Find Quote Report
Voldemort
Veteran Member
*****

Avatar

Posts: 3504
Reputation: 49
– / – / Flag
Joined: Jul 2005
Status: Away
RE: Recover encrypted chat logs.
No, it doesnt. See CookieRevised's reply..
*All posts are a purely speculative hypothesis based on abstract reasoning.
Not my daughter, you bitch!
[Image: ico-mollytrix16.gif]
05-20-2006 07:51 PM
Profile E-Mail PM Find Quote Report
RaceProUK
Elite Member
*****

Avatar

Posts: 6073
Reputation: 57
39 / Male / Flag
Joined: Oct 2003
RE: Recover encrypted chat logs.
quote:
Originally posted by CookieRevised
except for the fact that the password _may_ be stored there
Hence why I said the key isn't strictly the password, like DataP. However, my guess is the value is used so the user doesn't have to keep re-entering the password.
[Image: spartaafk.png]
05-21-2006 08:41 PM
Profile PM Web Find Quote Report
Pages: (2): « First « 1 [ 2 ] Last »
« Next Oldest Return to Top Next Newest »


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts
HTML is Off
myCode is On
Smilies are On
[img] Code is On