954,500 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
4 Years Ago
0

Read encrypted file header

How would one read an encrypted file's (encrypted using windows' EFS) header? I would like to be able to read the header and extract FEK that was encrypted by either the public or private key of the file.

From reading up I understand the structure of the file header I'm just not sure how to go about reading the header. Also it would be a great help if you could point me in the direction of any apps that read a file header and display it on screen.

EDIT: By encrypted file I mean that it was encrypted using EFS on my previous system and backed up and put onto my current system so they aren't treated as encrypted files anymore but they are encrypted.

Thanks

bops
Posting Whiz in Training
214 posts since Aug 2005
Reputation Points: 23
Solved Threads: 5
 
4 Years Ago
0

First of all I am not familiar with the EFS structure.
Is the header encrypted or not?
If the header is not encrypted, then reading it is the same as reading normal files. Look up for code that reads a bitmap file and extracts the header and image contents. It should be similar.

If the header in encrypted too, then you should decrypt it before trying anything else.

WolfPack
Postaholic
Moderator
2,051 posts since Jun 2005
Reputation Points: 572
Solved Threads: 115
 
4 Years Ago
0

No I don't think the header itself is encrypted because you need some of the content of the header to decrypt the file content in EFS. i have tried looking around but I can't find any kind of method to it, do any API's exist or is there a specific format for a header of a file, anything at all to get me started would be great, thanks.

bops
Posting Whiz in Training
214 posts since Aug 2005
Reputation Points: 23
Solved Threads: 5
 
4 Years Ago
0

did you read this ? Or research these google links ?

Ancient Dragon
Retired & Loving It
Team Colleague
30,049 posts since Aug 2005
Reputation Points: 5,662
Solved Threads: 2,343
 
4 Years Ago
0

you'd read them the same as any other, and then pull them through some decryption system...
It's just bits and bytes after all, same as any other part of any other file.

jwenting
duckman
Team Colleague
8,392 posts since Nov 2004
Reputation Points: 1,662
Solved Threads: 337
 
4 Years Ago
0

Yes, I've researched it quite a lot. I've read that MSDN page aswell as most google links that I think are relevant. My question is how I would read the file header, i.e. how I would be able to allocate memory and then read the file header into memory, for example, reading a .jpg file like a normal file does not give me the file header in any kind of format visible instead it comes out with a lot of random characters, i.e. the file is stored in some way which I don't yet understand, thats what I'm asking for, basically I want to read a file header into seperate variables and work with them from there..

An short simple example or a link to an example of say reading a JPG fileheader into seperate variables in memory would be ideal.

bops
Posting Whiz in Training
214 posts since Aug 2005
Reputation Points: 23
Solved Threads: 5
 
4 Years Ago
0

Well common file formats are listed here
http://www.wotsit.org/

Simply typing in say "jpg file format" into your favourite search engine would reveal as much.

Windows EFS on the other hand is proprietary for sure, deliberately kept secret (perhaps), and an altogether different prospect.
Perhaps this would help.

> My question is how I would read the file header
You allocate 'n' bytes.
You read 'n' bytes into the memory you allocated.
You examine each byte in turn, and using your knowledge of the file format, decide what that byte actually means.

Most file formats begin with some fixed sized header (this is your first 'n'). Within that header, there is usually something which tells you how big the variable sized data is going to be.

Salem
Posting Sage
Team Colleague
11,531 posts since Dec 2005
Reputation Points: 5,862
Solved Threads: 953
 
4 Years Ago
0

"reading a .jpg file like a normal file does not give me the file header in any kind of format visible instead it comes out with a lot of random characters"

Hardly random. There's a definite structure there which is well defined in the JPEG file format specification.
Same for all other file formats. Of course the specification may not be public.
And of course there may be more information scattered across the rest of the file determining its makeup and layout, again well defined in the file format specification.

Your task is to find that specification some way and write some software to read it.

jwenting
duckman
Team Colleague
8,392 posts since Nov 2004
Reputation Points: 1,662
Solved Threads: 337
 
4 Years Ago
0

Yea, agreed...

draftjoker
Newbie Poster
2 posts since Jul 2007
Reputation Points: 10
Solved Threads: 0
 
1 Year Ago
0

I know this is an old thread, but for the record, EFS headers are kept on a separate hidden file. Specifically, it's kept on the MFT. Filename should be "mySecret.txt:$EFS" . There is no way to read the header unless you use a hex editor.

grehe
Newbie Poster
1 post since Apr 2011
Reputation Points: 10
Solved Threads: 0
 

This article has been dead for over three months

Post: Markdown Syntax: Formatting Help
You
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed