LordHellFire
asked on
Decrypting EFS without certificates in XP Pro
It's nice to be able to create Recovery certificates in XP (cipher /r:recovery) and install them using MMS, but if a file has been encrypted before that happened and someone (that would be me) accidentally deleted the encryption certificate, so the encrypted files could not be decrypted.... then what?
I'm unable to assign a new recovery agent to the encrypted files... because they're encrypted...
I found a program that can decrypt the files (because I remember the code for the user they were encrypted under) but it's still in Beta and furthermore its a demo, so it wont let me save the decrypted file... I tried decrypting a txt file and it showed me the correct contents of the file after I provided it with the password.
http://www.lostpassword.com/efs.htm?id=efskey_5_5_400#demo
I dont have 95$ to purchase the program with...
If anyone has a solution I'd become a very happy idiot...
Thanx
I'm unable to assign a new recovery agent to the encrypted files... because they're encrypted...
I found a program that can decrypt the files (because I remember the code for the user they were encrypted under) but it's still in Beta and furthermore its a demo, so it wont let me save the decrypted file... I tried decrypting a txt file and it showed me the correct contents of the file after I provided it with the password.
http://www.lostpassword.com/efs.htm?id=efskey_5_5_400#demo
I dont have 95$ to purchase the program with...
If anyone has a solution I'd become a very happy idiot...
Thanx
ASKER
Hehe... thanx.... DAD! (It's me, Peter)
Already been there.. the program doesn't seem to work correctly on XP and still needs the certificate to work... I cant get it to decrypt any of the files.
Only efs Key demo works at that...
Already been there.. the program doesn't seem to work correctly on XP and still needs the certificate to work... I cant get it to decrypt any of the files.
Only efs Key demo works at that...
ASKER
Hehe... thanx.... DAD! (It's me, Peter)
Already been there.. the program doesn't seem to work correctly on XP and still needs the certificate to work... I cant get it to decrypt any of the files.
Only efs Key demo works at that...
Already been there.. the program doesn't seem to work correctly on XP and still needs the certificate to work... I cant get it to decrypt any of the files.
Only efs Key demo works at that...
Anybody wants to earn 500 points (205 for this thread and 295 for another thread)
https://www.experts-exchange.com/questions/20676589/Anybody-wants-to-earn-545-points-295-for-this-thread-and-250-for-another-thread.html
https://www.experts-exchange.com/questions/20676589/Anybody-wants-to-earn-545-points-295-for-this-thread-and-250-for-another-thread.html
ASKER
alas winternal's program requires the certificate to exist or something.. It was unsuccesfull in the search for a key it could use.... sofar it is only EFS Key Demo that have been successful.. Bounty now upped to 250 points..
Here http://www.securityfocus.com/archive/105/274089/2002-05-22/2002-05-28/2
and here http://www.securityfocus.com/archive/105/273838/2002-05-22/2002-05-28/2 are responses to a similar problem. What happened here is that he reinstalled windows so the SAM didn't match for the accounts, but he still had the key. His problem is a little different, but they still list a lot of good resources for EFS cracking and general information.
One good suggestion I saw that might work for you is to just copy the file to a non NTFS file system. Sometimes this will drop the encryption. (I've seen this before, but I still can't see how this could work if the file is truly encrypted)
Here http://www.infosecuritymag.com/articles/february01/features_applied_crypto.shtml is an article about EFS that describes the exact problem you have as an example but doesn't give a way around it. They just say it is "one example of why it's critical to establish a sound EFS recovery policy."
One other thing: I and others have been chastised on more than one occasion by people on this board including you, trywaredk, for supplying information on "cracking/hacking" and referencing applications like LC4 (that have legitimate uses in the security field) on the basis that I "don't know what they are going to use it for." But, now, when a question, that could easily be a cover story for a file that was stolen, is posted by your son(?), you not only try to offer help, but support it by offering more points? Maybe you’re being biased, or maybe you’re coming around, but I still hold to my claim that ignorance is not security.
and here http://www.securityfocus.com/archive/105/273838/2002-05-22/2002-05-28/2 are responses to a similar problem. What happened here is that he reinstalled windows so the SAM didn't match for the accounts, but he still had the key. His problem is a little different, but they still list a lot of good resources for EFS cracking and general information.
One good suggestion I saw that might work for you is to just copy the file to a non NTFS file system. Sometimes this will drop the encryption. (I've seen this before, but I still can't see how this could work if the file is truly encrypted)
Here http://www.infosecuritymag.com/articles/february01/features_applied_crypto.shtml is an article about EFS that describes the exact problem you have as an example but doesn't give a way around it. They just say it is "one example of why it's critical to establish a sound EFS recovery policy."
One other thing: I and others have been chastised on more than one occasion by people on this board including you, trywaredk, for supplying information on "cracking/hacking" and referencing applications like LC4 (that have legitimate uses in the security field) on the basis that I "don't know what they are going to use it for." But, now, when a question, that could easily be a cover story for a file that was stolen, is posted by your son(?), you not only try to offer help, but support it by offering more points? Maybe you’re being biased, or maybe you’re coming around, but I still hold to my claim that ignorance is not security.
BRAKKO..."a question, that could easily be a cover story for a file that was stolen"
I admit, that in my early days of an EE expert, I did misunderstand the EE rules about security issues not allowed, untill one of you (I can't remember if it was you BRAKK0), told me, that there's a difference between a domain user on a network, and a homeuser or a network-administrator. In this case, I know, that it's not a domain user on a network or a stolen file (LORDHELLFIRE..."after I provided it with the password")
BRAKK0..."but support it by offering more points"
I must admit, that I don't know how to help. Otherwise LORDHELLFIRE did'nt have to post his question here.
:o) But maybe you are a better expert in this case, and then you'll deserve the rating for this issue.
I admit, that in my early days of an EE expert, I did misunderstand the EE rules about security issues not allowed, untill one of you (I can't remember if it was you BRAKK0), told me, that there's a difference between a domain user on a network, and a homeuser or a network-administrator. In this case, I know, that it's not a domain user on a network or a stolen file (LORDHELLFIRE..."after I provided it with the password")
BRAKK0..."but support it by offering more points"
I must admit, that I don't know how to help. Otherwise LORDHELLFIRE did'nt have to post his question here.
:o) But maybe you are a better expert in this case, and then you'll deserve the rating for this issue.
ASKER
Someone elsewhere in the forum suggested that it is possible to cheat the EFS Key Demo program from deleting the decrypted file its previewing.
I tried write protecting the TEMP folder which the program uses for temp files... but to no avail.
Maybe I didn't do it correctly, but I found no usable files in the temp folder...
I now upped the ante with another 45 points...
I tried write protecting the TEMP folder which the program uses for temp files... but to no avail.
Maybe I didn't do it correctly, but I found no usable files in the temp folder...
I now upped the ante with another 45 points...
ASKER
I've upped it again with an extra 120 points... but if no answer shows soon, I'll award Trywaredk the points for trying and give up the search...
Let your question stay here, maybe someones know the answer out there. When your question is to old, a moderator will email you about it.
You should'nt award me any points, but can request a refund of your 500 points, because no one answered your question. Then you can use the 500 points for new questions.
https://www.experts-exchange.com/help/closing.jsp#5
You should'nt award me any points, but can request a refund of your 500 points, because no one answered your question. Then you can use the 500 points for new questions.
https://www.experts-exchange.com/help/closing.jsp#5
"I dont have 95$ to purchase the program with..."
According to http://www.lostpassword.com/efs.htm you could "Buy the beta software now with a 50% discount and receive the final version free"
According to http://www.lostpassword.com/efs.htm you could "Buy the beta software now with a 50% discount and receive the final version free"
Not answering your question, but this is interesting
Windows XP clients can encrypt data without a Recovery Agent?
http://www.jsiinc.com/SUBI/TIP4300/rh4345.htm
Windows XP clients can encrypt data without a Recovery Agent?
http://www.jsiinc.com/SUBI/TIP4300/rh4345.htm
Maybe follow the thread in this url
https://www.experts-exchange.com/questions/20750050/Regenrating-key-files.html
https://www.experts-exchange.com/questions/20750050/Regenrating-key-files.html
Maybe follow the thread in this url
https://www.experts-exchange.com/questions/20755210/File-Encryption.html
https://www.experts-exchange.com/questions/20755210/File-Encryption.html
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.elcomsoft.com/aefsdr.html
***quote***
Important! Unregistered version can be used during 30 days after installation (although it doesn't expire, actually) and has some limitations. You can order the fully licensed version of AEFSDR over the Internet from RegNow with any major credit card.
***end of quote***
Sorry that the fully licensed version costs $99
Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark
;o) Your brain is like a parachute. It works best when it's open