Hello.

I just thought I'd post this up here incase it helps anyone. Attached is a tool to encrypt or decrypt log files, I'll bring out a tool which will encrypt/decrypt a whole directory when I have more time.

To decrypt Messenger Plus! log files (C++):


Fileformat of .ple files

First 10 bytes are the same for all log files.
const char standardHeader[] = {0x10,0x01,'M','P','L','E','1','<','<',0};

The next 4 bytes, I'm not sure what they are for, but in all log files I've seen they are
const char unknownbytes[] = {1,0,0,0};

After this is the length of the password check string (4 bytes). This is usually 13
Then comes the encrypted password check string. Ill talk about how to decrypt it later.


All that was the header. For the rest of the file, it is in multiple chunks of data.
Each of these chunks start with the 'signature' :
const char sig[] = {0xE9,0xFF,0xA3,0x00};
After this, there is the length of the following data (4 bytes).
Then there is the encrypted text.



To decrypt text :

Messenger Plus! uses the CryptoAPI to encrypt and decrypt text.
This is set up with the following call
CryptAcquireContextW(&hProv,L"MessengerPlusEncryptProvider",L"Microsoft Enhanced Cryptographic Provider v1.0",1,0);

I discovered that for some reason, the password is scrambled, and that the password is unicode (2 bytes).
The algorithm for this in pseudo code is:

for i = 0 to length of password - 1
        newpassword [i] = password[i] + password [i + 1]
next i
newpassword[last letter] = password[last letter] + password[0]


The calls to continue setting up so that you can decrypt text are:

CryptCreateHash(hProv,0x8003,0,0,&hHash);
CryptHashData(hHash,newpassword,len,0);
CryptDeriveKey(hProv,0x6801,hHash,0x800000,&hKey);

This final call gives you a HCRYPTKEY which you can use in the CryptEncrypt and CryptDecrypt functions on the text

Sorry if this is all a bit confusing, I dont think i formatted it, or explained it very well

Solus


Edit - I replaced the file with one which has the VC runtime library statically linked, so it *should* work now

Edit 2 - Ok, so I converted it all to unicode, and made a few changes so it'll run on computers which haven't got Messenger Plus on.

This thread was temporarily moved to a staff-only forum for a few days, pending approval from Patchou, who is busy coding.

He finally replied about an hour ago, and he doesn't seem to have a problem with this thread, so I have moved it back.

Thanks for the tool, will come in handy

seems like the file is corrupt

quote:

---

Originally posted by WDZ
he doesn't seem to have a problem with this thread

---

quote:

---

Originally posted by solus
Attached is a tool to encrypt or decrypt log files

---

quote:

---

Originally posted by solus
This is usually 13

---

quote:

---

Originally posted by solus
I discovered that for some reason, the password is scrambled, and that the password is unicode (2 bytes).

---

I'm not sure what the problem is. I just tried downloading it and it works fine on my computer....

Maybe it requires a DLL file you havent got?
Have you got MSVCR80.DLL?

Thanks for moving it back WDZ

quote:

---

Originally posted by solus
I'm not sure what the problem is. I just tried downloading it and it works fine on my computer....

Maybe it requires a DLL file you havent got?
Have you got MSVCR80.DLL?

Thanks for moving it back WDZ

---

Try putting this DLL in the same folder as the exe.

If that doesn't  work, install the C++ runtime maybe? I don't know...

quote:

---

Originally posted by solus
Try putting this DLL in the same folder as the exe.

If that doesn't  work, install the C++ runtime maybe? I don't know...

---

quote:

---

Originally posted by .Norma

I put the dll in the same directory as the exe, as well as in C:/Windows/System but I still get the same error message.

---

quote:

---

Originally posted by .Norma

Very good job deciphering the logs though!

---

After doing some quick research it would seem this is possibly because of a Side by Side issue. This link addresses the issue:

http://support.microsoft.com/default.aspx?scid=kb;en-us;835322

As well as this thread on a forum:

http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=72965&SiteID=1

quote:

---

Originally posted by .Norma
After doing some quick research it would seem this is possibly because of a Side by Side issue. This link addresses the issue:

http://support.microsoft.com/default.aspx?scid=kb;en-us;835322

As well as this thread on a forum:

http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=72965&SiteID=1

---

Ah, I can verify that this version works without the runtimes.

Very good job!

The tool still does not work properly, solus.

The password is incorrectly formed, making the encryption and decryption wrong.

quote:

---

Originally posted by CookieRevised

quote:

---

Originally posted by solus
I discovered that for some reason, the password is scrambled, and that the password is unicode (2 bytes).

---

The password is unicode because you can enter unicode characters. Remember that this also has implications of how the password is scrambled. Your pseudo-code is correct (appart from "0 to length" which should be "length-1") although lacks the big notice that all characters must be interpreted as unicode characters, as that is what they are, not as ascii characters.

(and this is also where one of those bugs were in old Plus! versions in regards to the "changing password")

---

quote:

---

Originally posted by CookieRevised
The tool still does not work properly, solus.

The password is incorrectly formed, making the encryption and decryption wrong.

---

quote:

---

Originally posted by solus

quote:

---

Originally posted by CookieRevised
The tool still does not work properly, solus.

The password is incorrectly formed, making the encryption and decryption wrong.

---

Oh yes, sorry I just noticed that the password is not retrieved as a unicode string, so for the moment if your password contains unicode characters it will not work correctly.

I'll change it later

---

quote:

---

Originally posted by CookieRevised
People using your tool (and even sticking to ascii passwords) will find that their logs will either be encrypted wrongly (and opening them up in Plus! will fail because it will say "password incorrect") and decrypting some logs will also fail with some (ascii) passwords.

---

quote:

---

Your pseudo-code is correct (appart from "0 to length" which should be "length-1")

---

In extremely many cases...

Like I said, the password's characters should be handled as unicode, not as ascii. It isn't some small limitation that you can fix later. It is a very serious bug which will result in wrong (un)scrambled passwords and thus in wrong encryption/decryption (no matter if the original password is ascii or not).

eg: test your program with the (pure ascii) password "éééé" (=4 times 0xE9) and you'll see. The scrambled new password is not "ÒÒÒÒ" (=4 times 0xD2), like it is in your current tool, but should be a unicode string containing 4 times the unicode character 0x01D2.

quote:

---

Originally posted by CookieRevised
In extremely many cases...

Like I said, the password's characters should be handled as unicode, not as ascii. It isn't some small limitation that you can fix later. It is a very serious bug which will result in wrong (un)scrambled passwords and thus in wrong encryption/decryption (no matter if the original password is ascii or not).

eg: test your program with the (pure ascii) password "éééé" (=4 times 0xE9) and you'll see. The scrambled new password is not "ÒÒÒÒ" (=4 times 0xD2), like it is in your current tool, but should be a unicode string containing 4 times the unicode character 0x01D2.

---

Nice job solus!

It works nicely for me for single files. In its current state I don't find it particularly useful, though, so I have a request for you!

Essentially, I have 2 years of encrypted log files, which I would like to decrypt. Doing so file by file with your tool would be cumbersome. Obviously the log files are divided into directories (by date, in my case).

My suggestion to you is to add a function where your program takes a directory and a password as inputs, then searches for all *.ple files in that directory tree, and decrypts them, naming the output files as *.txt. Possibly with an option of deleting the old .ple files after decryption.

That would make me a verry happy man!

Mikael

quote:

---

Originally posted by ostehaps
Nice job solus!

---

quote:

---

My suggestion to you is to add a function where your program takes a directory and a password as inputs, then searches for all *.ple files in that directory tree, and decrypts them, naming the output files as *.txt. Possibly with an option of deleting the old .ple files after decryption.

---

quote:

---

Originally posted by ostehaps
My suggestion to you is to add a function where your program takes a directory and a password as inputs

---

quote:

---

Originally posted by CookieRevised
Important correction/note: files in the same directory can be encrypted with different passwords. In other words, instead of "a password", the tool must be able to take "several passwords" when doing batch decryptions...

---

Read thru these forums (all the threads about the encrypted logs), and you'll see that it is essential.

A lot of people change their passwords regulary and since many also archive logs, many logs are encrypted with different passwords, and this is also the reason why many people say that they can't decrypt logs anymore because they thought they were encrypted with some password, while it actually was encrypted with the other (older) one, etc...

It isn't just one of many smaller and other "options" or "features" which can be added though; it's pretty much mandatory in a batch decrypter

Note: for those who wonder, I did accept this thread because I have to reason to hide the way the file is internally structured. And for those of you less "geeky", let me make something very clear: eve with this information, you cannot decrypt a log without the proper password.

Also, for those interested, the whole encryption mechanism has been redone in Messenger Plus! Live in a much more secure way. Each log can now have its own password and everythins is internally crypted using a public/private 1024bits key pair (in combination to a 256bits synmetric key) and I'm using the latest algorythms that comes with Windows XP.

is there an api to call the decryption of a log? For mplus! live that is.

quote:

---

Originally posted by Patchou
Note: for those who wonder, I did accept this thread because I have to reason to hide the way the file is internally structured. And for those of you less "geeky", let me make something very clear: eve with this information, you cannot decrypt a log without the proper password.

Also, for those interested, the whole encryption mechanism has been redone in Messenger Plus! Live in a much more secure way. Each log can now have its own password and everythins is internally crypted using a public/private 1024bits key pair (in combination to a 256bits synmetric key) and I'm using the latest algorythms that comes with Windows XP.

---

quote:

---

Originally posted by Patchou
Note: for those who wonder, I did accept this thread because I have to reason no hide the way the file is internally structured. And for those of you less "geeky", let me make something very clear: eve with this information, you cannot decrypt a log without the proper password.

---

quote:

---

Originally posted by CookieRevised
Though, with this information, it is dead easy now to make brute-force attackers/decrypters.

---

Do certainly not underestimate to power of brute-forcers!!

And in this case they are the most effective way btw...

As I said, with the info on this page, brute-forcers can be extremely easy made, not to mention relative fast ones.

PS, look at some of the zip decryption brute forcers: 30 million passwords a second on an average computer. Least effective? I don't think so...

Many log file passwords of people are very easly 'guessed'...

Well, that may be true however, someone with the knowledge to do a brute force checker wouldn't need the info on this post anyway... and, if you're that worries that someone is going to brute force the password in your logs, you should probably choose a more complicated password (with only 8 characters you generally have a good enough protection anyway).

And as for brute forcing 30 million passwords a second: that's absolutely impossible to do with the crypto api, the access is just way too slow. Brute forcing the average 400,000 billion possibilities of an average 8 characters passwords would take months, if not years. Taking Winzip as an example is just using the one software that's using one of the poorest protections ever .

I still sorta disagree about this tool...it makes me uneasy

quote:

---

Originally posted by riahc4
I still sorta disagree about this tool...it makes me uneasy

---

Ok, the problem I am currently facing is decrypting the password.

I wrote a Java code but it isnt working correctly at all.. Maybe I can provide someone with the encrypted,scrambelled password and you decrypt it for me?

Thanks

quote:

---

Originally posted by brainy
Ok, the problem I am currently facing is decrypting the password.

I wrote a Java code but it isnt working correctly at all.. Maybe I can provide someone with the encrypted,scrambelled password and you decrypt it for me?

Thanks

---

Ah.. I thought from the first post, that pseudo code was to decrypt the password

This hash is in what crypt format? DES, AES? or it is just one that made Patchou, because i want to do a program too, but i want it to compare the hash that the user enter with the one that has the encrypted log, if its not the same, the program will close it self, but i cannot see to figure out if the hash is a normal hash, or if it hash been encrypted with somethod.

did i explain well my self?

there is no reason to compare the hash of anything, the new Messenger Plus! Live comes with 2 "Log Viewer.exe" program that accepts command line parameters to encrypt/decrypt/change password.

I used you software to decrypt a file (*.ple). I havent the password of course. In the "input file", I put the .ple file. In the output file I put a .txt file, but the software ask me the password. But I havent it ! and i want to decrypt the .ple file. How can I do ?? thanks

quote:

---

Originally posted by marie-canard
I used you software to decrypt a file (*.ple). I havent the password of course. In the "input file", I put the .ple file. In the output file I put a .txt file, but the software ask me the password. But I havent it ! and i want to decrypt the .ple file. How can I do ?? thanks

---

How can I do to decrypt the file or to recover the password ??

quote:

---

Originally posted by marie-canard
How can I do to decrypt the file or to recover the password ??

---

And to juste decrypt the text of the file ?

quote:

---

Originally posted by marie-canard
And to juste decrypt the text of the file ?

---

i need help people i think my girlfriend is having fun with another, y took from her computer some logs but, this are .ple. i need to decrypt this logs, i opened the file with word and noticed all logs started the same, i think there in a code i dont undertstand is the password or the way i can see the logs.

  MPLE1<<     
   tÌz¥µ(/ùVÎÄ­ éÿ£     
€$ûïjp°8‹Œã_
4ÛåT

this is the header of the file. the logs are from a old plus! please help me

You cannot decrypt logs without the password.

i see everywhere that, but i have in my head  that somewhere in the pc that password is, in some msn dll file or the system dll files or even somewhere, when you put the password the programs read the real one form somewhere and it compares with the one you put, somewhere the password is, i need to find where and how i can get it, the problem is i dont know of programing or cracking, i dont know about cryptography thats my problem but im doing my best to try to find it.

im breaking my head, i am traying to find something with the hex work shop, i already see the logviewer and a dll on the same folder but i cant find something to start on a project

I discovered that when i open the file with the note pad and the heading is written in  CryptoAPI code fi someone nows about this code or has a program to read it and translate it please help me. My head is wrong when i realised that my girlfirend was with another, and i want to confirm this but without this i can't

quote:

---

Originally posted by tomi206
i need help people i think my girlfriend is having fun with another, y took from her computer some logs but, this are .ple. i need to decrypt this logs

---

quote:

---

Originally posted by tomi206
i opened the file with word and noticed all logs started the same, i think there in a code i dont undertstand is the password or the way i can see the logs.

---

quote:

---

Originally posted by tomi206
im breaking my head, i am traying to find something with the hex work shop, i already see the logviewer and a dll on the same folder but i cant find something to start on a project

---

quote:

---

Originally posted by tomi206
My head is wrong when i realised that my girlfirend was with another, and i want to confirm this but without this i can't

---

i asked her if she had problem if i see the logs and she wasnt, she send me all the logs to my pc, but told me she didnt remember the password, so im not breaking her privacy

in the regedit i went to HKEY_CURRENT_USER\Software\Patchou\Messenger Plus! Live\hermail@hotmail.com\Preferences and i fonuded that there are more files that in other contacts folder, i founded three intresting files LogKeyLenght (REG_DWORD) LogPriveteKey1024 (REG_BINARY) and LogPublicKey1024 (REG_BINARY) i think this files contains the password but, how can i open them to read it? i think the 1024 numer is a encrypted file, so... how can i decrypt and read those files? ty

quote:

---

Originally posted by tomi206
i asked her if she had problem if i see the logs and she wasnt, she send me all the logs to my pc, but told me she didnt remember the password, so im not breaking her privacy

---

Wow, a lot of people have misinterpretted this thread.

I'm just curious... The password must be stored on the computer to allow the chats to be encrypted. I'm assuming with Messenger Plus Live! the password is hashed and this is some how passed through to the crypto API.
I haven't looked at this in a long time and wonder if you know anything else about this?

Perhaps the registry keys suggested earlier were the hashed versions of the password?

From reading, I believe the keys are stored in the registry.

If you could get the key would it not be possible to somehow figure out the encription method thinger.

Or am I just an encryption newb?

EDIT: sorry, disregard this, it seems I misunderstood as well

quote:

---

Originally posted by Voziv
I don't believe in lying to people about things, which I do believe is being done.

---

Hello, I have a problem with this program, every time that I try to decrypt a file, the program gives me the same error: "An error ocurred opening the file. Posible reason: File doesnt exists"

What happen?

DP: Im hex-editing the logs and I dont see the signature of chunks (E9 FF A3 00)

For starters, the tool only works for Messenger Plus! 3 logs.

The logs in Messenger Plus! Live are encrypted differently and have a different format.

You can decrypt your Messenger Plsu! Live log files with Log Viewer.exe (run it with /? for the command line arguments).

quote:

---

Originally posted by Patchou
You can decrypt your Messenger Plsu! Live log files with Log Viewer.exe (run it with /? for the command line arguments).

---

quote:

---

Originally posted by bigproblem
can't you help me, if i prove to you i am the owner of the logs??

---

ohh please!! so there's no way?

i have some old logs, from the first time i used PLUS around 2004,

but then i didn't use it for 3 years, now that i have it again, my password isn't saved, and there's no way i'll remember my old password!

can't you help me, if i prove to you i am the owner of the logs??

i can send the logs from the very same e-mail they correspond to, and someone can help me with this password problem!

sorry to bother you with this, but i'd really like to unearth some of my conversations from 3 years ago onwards...

quote:

---

Originally posted by Patchou
And as for brute forcing 30 million passwords a second: that's absolutely impossible to do with the crypto api, the access is just way too slow. Brute forcing the average 400,000 billion possibilities of an average 8 characters passwords would take months, if not years. Taking Winzip as an example is just using the one software that's using one of the poorest protections ever .

---

Try to generate rainbow tables for case sensitive alphanumerical charset of 10 characters, it would take a bit longer than one afternoon I think...

The only difference between a rainbow crack and a brute force is that with the rainbox crack you calculate all the possible hashes first before doing the actuall comparisson. While with brute force you do the exact same calculations, but you compare each result immediatly.

Saying that with a rainbow crack you can crack the logs virtually in an instant is not true, you first need to have the rainbow tables, which can take years to create (on a single PC).

is there any software to decrypt the log files with password in linux??
i need a program to do that...

or the algorithm to decrypt ... i can write a program to do that if i know how it works...

quote:

---

Originally posted by Taborda
is there any software to decrypt the log files with password in linux??

---

quote:

---

Originally posted by CookieRevised
The only difference between a rainbow crack and a brute force is that with the rainbox crack you calculate all the possible hashes first before doing the actuall comparisson. While with brute force you do the exact same calculations, but you compare each result immediatly.

---

quote:

---

... you first need to have the rainbow tables, which can take years to create (on a single PC).

---

quote:

---

Originally posted by Taborda
is there any software to decrypt the log files with password in linux??
i need a program to do that...

or the algorithm to decrypt ... i can write a program to do that if i know how it works...

---

quote:

---

Originally posted by Noproblemo

quote:

---

Originally posted by CookieRevised
The only difference between a rainbow crack and a brute force is that with the rainbox crack you calculate all the possible hashes first before doing the actuall comparisson. While with brute force you do the exact same calculations, but you compare each result immediatly.

---

You forget the most important difference ! Now that I have these tables I can recover the content of ANY .ple 'secured' using a numeric [0-8 digits] password within minutes.

---

quote:

---

with the rainbox crack you calculate all the possible hashes first before doing the actuall comparisson.

---

quote:

---

Originally posted by Noproblemo
That is what I call an 'implementation' error !

---

quote:

---

Originally posted by Noproblemo

quote:

---

... you first need to have the rainbow tables, which can take years to create (on a single PC).

---

... calculating tables ...

---

Well, hello.

Has anyone done something since the last post?

I was wondering if decrypting ple files without password can be done at this date.

I've done some research and apparently AccessData Recover Password ToolKit (PRTK) 6.1 can decrypt ple files with a "dictionary attack" the problem is i have no money to buy the program and the module that decrypt these files is not available in the demo.

Can anyone help please?

The thing is that my father forgot the password for his logs and there are very important financial information from his company and he needs it desperately

help would be appreciated!
Thanks

As you can read in many many posts on these forums, decrypting without a password is not possible.

It was never possible, it is not possible, and it will never be possible.

There would be absolutely no point in encrypting stuff with a password if there is a tool to simply decrypt it without a password.

--

The password is needed since the password itself is the key to decrypt the logs.
The encryption/decryption system is not a simple "if the password is not correct you aren't allowed to view it"-system (which can be bypassed easly), but a "I need the correct password to know what calculations I need to do to decrypt"-system

--

Brute force attacks are possible for any any decryption/encryption system in the world... in theory(!). That's not rocket science.

However, in practice, a brute force attack takes an extreme lot of time, in the order of years, even decades(!), and that's even using an über-super-computer....

Even using rainbow-tables will take a lot of time, despite what some people might say. The reason is very simple: you need to calculate the rainbow tables first. Which takes the same amount of time as with brute force attackers.

A dictionary attack is nothing more than a brute force attack using only known words. In other words, if you have a password which is not an existing word, a dictionary attack will be completely useless. Even using 1 digit in your password renders almost all dictionary attacks useless.

The point is that in almost all cases you don't know what password is used; It can be an existing word, but chances are just the same that it isn't.

------------

Forgive me for saying this also, but using Messenger to communicate "very important financial information" is not smart to do. There are better, more secure ways, to do this sort of thing. Even then, if he needs this info, why don't he ask the info again from his contact he got it from, or request it in a more official way via his company.

Also, the point of a password is that you also can remember it. If you have trouble remembering passwords, either don't use them, or either write them down.

------------

In the next version of Messenger Plus! Live you will be able to set a password hint. In that way remembering a password would be somewhat easier (but less secure ofcourse). See Patchou's reply to forgoten password from chatlog of v4.0.0.214.

that was very helpful thanks mate

A bruteforcing app and rainbow tables was mentioned earlier in this thread, does anyone have a link? I forgot a password to some of my older logs, and I'm pretty sure it was a shortish one that could be bruteforced...

The only information regarding rainbow tables in reference to decrypting chat logs is given from like 10 posts ago. Read up a little, it contains a link to some brute force concept project.

However, rainbow tables are massive... hundreds of megabytes at the least, gigabytes normally...

The guy who first posted about using rainbow tables said his tables are 500MB big and that's just for numbers and a password length of up to 8 digits.

So that's roughly 10^8 combinations = 100.000.000 combinations (not taking in account the fact that you can also have pwds with 7 or 6 or 5, etc digits).

Now throw in the alphabet and your possible combinations for 8 characters will sky rocket up to 62^8 or 218 trillion combinations!!!

That's 2 million times the amount of the only-numerical combinations.

Rainbow tables have an unique setup so you don't need 2 million times 500MB of space. But still, the time it takes to generate those tables would be years if not decades if you try this at your own computer (assuming it is a super-fast computer).

In short, there is no rainbow table for Messenger Plus! Live logs, there is no "link" to one. And I'm afraid you wont be able to decrypt your logs.


-----

EDIT, PS: Oh, and I even forgot to mention the fact that you now can choose between different sets of key lengths in Messenger Plus! Live. So, multiply all the time taken to generate such a table by 4 (since you can choose from 4 different key lengths to base the encryption on).

Yeah, I know how large rainbow tables are and I know how long it takes to generate them. I've done a couple for myself, and downloaded several hundred gigabytes of others. I also know how long bruteforcing takes, as I've done some experimenting with it.

I'm pretty sure that the password was less than 8 characters lower-alpha numeric, which is relatively easy to bruteforce...I just don't have any software that can bruteforce them, and I don't have the coding capabilities to modify rainbowcrack like the other guy, which was why I was asking

Ok guys, I need help.
When I try to decrypt a log file I get the following message:
An error occured opening the file. Possible reason: File doesn't exist

I have tried a few times. I moved the log file to the same folder as the program, hoping it would help. I have checked the permissions just in case those were the problem. I still can't fix this.
Please help

I have lots of encrypted files. Is it possible somehow to loop through folders of files with your tool to decrypt logs?

It would be awesome!

That tool no unfortunately not. It doesn't look like it accepts command line parameters.

This script will do what you need it to do however [Release] Log Manager - Version 1.1.008

quote:

---

Originally posted by rullen
I have lots of encrypted files. Is it possible somehow to loop through folders of files with your tool to decrypt logs?

It would be awesome!

---

quote:

---

Originally posted by matty
This script will do what you need it to do however [Release] Log Manager - Version 1.1.008

---

Alright, I have a very basic and noobish question... How do I run the script?

Thanks in advance.

quote:

---

Originally posted by CookieRevised


It is not possible. period.

---

quote:

---

Originally posted by Dythor
Alright, I have a very basic and noobish question... How do I run the script?

---

quote:

---

Originally posted by Dythor
How do hackers make their way in despite password-protected systems then? Don't they use scripts or something? We all have the image of a hack bot inside our heads, there must be something?

---

quote:

---

Originally posted by Dythor
Or they just social engineer their way into being told the password by the one who knows it?

---

So you are suggesting that the top hackers of the world can't break into my .ple files without knowing the password? I'm not being ironic, I'm just trying to figure out how tragic my situation is because I really miss those logs

quote:

---

Originally posted by Dythor
So you are suggesting that the top hackers of the world can't break into my .ple files without knowing the password? I'm not being ironic, I'm just trying to figure out how tragic my situation is because I really miss those logs

---

Hi,

I'm trying to write a funtion using visual basic 6 and the CryptDecrypt call always returns 0

Can anyone tell me what am I doing wrong?

here is the code:

'read the full encrypted file and convert it to string

F = App.Path & "\encryptedfile.ple"
FN = FreeFile
dlen = FileLen
ReDim data(dlen)

Open F For Binary As FN
Get #FN, , data
Close FN

For pos = 0 To dlen
    Stemp = Stemp & Chr(data(pos))
Next pos

'set the correct password (I have encrypted using this pwd)
'no password scramble needed as al the chars are the same.

pwd = "bbbb"

'api calls the constants are expressed as decimal.. it should work..

Rst = CryptAcquireContext(hProv, "MessengerPlusEncryptProvider", "Microsoft Enhanced Cryptographic Provider v1.0", 1, 0)

Rst = CryptCreateHash(hProv, 32771, 0, 0, hHash)
Rst = CryptHashData(hHash, pwd, l, 0)
Rst = CryptDeriveKey(hProv, 26625, hHash, 8388608, Hkey)

Rst = CryptDecrypt(Hkey, 0, 1, 0, Stemp, Len(Stemp))


the last call returns "0" and the stemp content is not decrypted..

thank you!!!!

Have you tried calling GetLastError to see what the error is?

There are many things wrong though. If that is your entire code, it will never work properly. Instead post everything, including declarations.

Either way, with such an 'old' and dirty code style debugging is very difficult. Determining why that last API fails is the least of your worries.

Start by at least properly declaring and initializing all your variables! Especially if you are using Windows APIs it is essential you use proper code style and don't rely on defaults and the Variant types. Also note that there is no 'decimal' type in VB.

Second, you need to know the difference between unicode and ansi strings and how VB handles them, and thus how to implement it properly. For example, your password is not send as unicode to the APIs to begin with. Also learn what byte arrays are and the proper way to handle them and how they relate to ansi and unicode strings.

Third, the routines (cryptogrpahic provider and context) for decrypting a Messenger Plus! log might have changed since that first post in this thread, so using those might only work for old logs.

Fourth, you can't simply use the entire contents of the encrypted log file like that! It has a specific format with a header, data, contents, etc.

---

So, in a nutshell, there is so much wrong with that code that correcting it would simply result in giving you a complete working code. It is not a matter of just fixing a line or two, it needs a complete rewrite from scratch. Hence my next question and comments:

Have you programmed in VB before or is this one of your first things you've programmed? Because that entire code looks like it has been made by a first-time programmer, no offense though (everybody needs to start somewhere). But if it is one of your first programs, I strongly suggest to first learn a few things (eg: proper ansi/unicode handling and how VB handles it internally, proper binary file reading, etc) and first make easier things you completely understand, before copy/pasting and trying to make your own logfile decrypter.

I have pasted just the part of the code I thought that was wrong.
I have declared  apis and variables , but I understand that it was not necesary to paste that..
The code is like that becuase I was just trying to verify if the MsgPlus encryption and decryption worked that way, so I wrote something quick.
You are right, I need to learn a lot before trying with this stuff.
Thanks anyway.
Willy

Ah, I see.
Forgive me for being a bit blunt in my previous post though.

But, yes, the encryption works in that way, sort of. That is, the cryptographic provider and context strings might have change, just as the key values, since the time the first post in this thread has been made. Also the file format of encrypted logs has changed. But the prinicple is just the same. Deltailed pseudo-code to read a version 1 encrypted log can be seen in that first post in this thread.

If you're interested in using the Cryptography APIs in VB I can suggest two very good books: http://www.amazon.com/gp/product/0672318369 and http://www.amazon.com/gp/product/0471381896
But they are not exactly aimed for the novice user though. Also see http://www.cryptovb.com/

As for the VB code itself: yes declarations of variables and APIs are very important and must always be included. A wrong type declaration of a variable can make or break an entire code.

thank you so much for the information!

Best..

Willy