PDA

View Full Version : NTSF encryption



Killy
01-24-2006, 11:52 PM
I had an NTSFencrypted folder on my main drive before it failed. I was able to copy the folder to a safe location, but I am now unable to read the files within, is there a way to get them back?

edczxcvbnm
01-25-2006, 12:17 AM
I am not sure but I believe this is what you want.

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/cipher.mspx

Or from this page

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/encrypt_overview.mspx

"Encrypted files can become decrypted if you copy or move the file to a volume that is not an NTFS volume"

o_O
01-25-2006, 12:29 AM
Why can't you access the folder? Is it because you're running Windows 98? If so, you can go <a href="http://www.sysinternals.com/Utilities/NtfsWindows98.html">here</a> for drivers that will allow you read capabilities for NTFS partitions.

Failing that, is your partition mounted?

EDIT: ed's link looks good. :p

edczxcvbnm
01-25-2006, 12:43 AM
I just went straight to the MSDN! It is your friend for windows ills.

Killy
01-25-2006, 01:30 AM
This is not what I was looking for. The files were encrypted using my old WinXP install. But my main partition failed and I had to reinstall windows from scratch. Now these files cannot be read or moved, what do I do?

edczxcvbnm
01-25-2006, 01:35 AM
How is cipher not what you need? If it isn't what you needed then please explain why it failed when you tried it so I can get a better idea of what is going on. It sounds like what you need to me.

Anyone else have ideas?

Killy
01-25-2006, 01:46 AM
D:\Test>cipher /d

Décryptage des répertoires dans D:\Test\

ARC [OK]
CC [OK]
Temp [OK]

3 répertoire(s) sur 1 ont été décryptés.

Translation:

Decrypting directories in D:\Test\

ARC [OK]
CC [OK]
Temp [OK]

3 directories out of 1 were decrypted

Now, it still shows the files as encrypted and they are still unacessable.

Now from looking at one of the pages you showed me, you seem to need a key of some sort to decrypt the files, since I am missing this key, does that mean my files are lost?

Is there a way to crack the NTSF encryption without needing a quantum-based computer?

edczxcvbnm
01-25-2006, 01:55 AM
Try doing a specific file that is decrypted.

cipher /d /a D:/Test/ARC/*
cipher /d /a D:/Test/CC/*
cipher /d /a D:/Test/Temp/*

I don't know what folder is encrypted but that might decrypt all the specific files.

Killy
01-25-2006, 02:05 AM
The main folder Test is what is encrypted.

So I tried what you said, and it said: 0 files were decrypted

edczxcvbnm
01-25-2006, 02:08 AM
I don't know then. I would have to try stuff but I am at work now. Maybe someone else can pick this up. I assume you are using the administrator account.

EDIT: I don't know. Look at cipher and try some stuff. Who knows. Maybe q to see if it recognized stuff as encrypted. Resetting your computer can be a good thing. Who knows. Look at cipher and try some stuff as I don't know why you still can't open up the files. Can you check the permissions? That might be a problem also if it says it isn't encrypted.

Killy
01-25-2006, 02:11 AM
Of course, however I think that the problem is the fact that I had to reinstall windows. Due to the fact that I could acess the files easily before then.

edczxcvbnm
01-25-2006, 02:18 AM
You could access the files before hand because you were the owner. You are now NOT the owner because you are on a new account. There is a way around it but it isn't coming to right now. It could be any number of stupid quirks.

Someone else?

Killy
01-25-2006, 02:22 AM
I tried the obvious and my account name is the same, same with password.

edczxcvbnm
01-25-2006, 03:01 AM
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_setroubleencrypt.mspx

Samuraid
01-25-2006, 03:17 AM
AFAIK, I've been able to take ownership of the files back with the administrator account and decrypt them. Either that or moving them among partitions.

edczxcvbnm
01-25-2006, 03:24 AM
Thank you for making me feel better about not leading him down the wrong path :D

crono_logical
01-25-2006, 08:31 PM
If you formatted your old installation's partition, then chances are the data's lost :D Basically, doing so would have destroyed the keys/certificates associated with your old user account that would have allowed you to read the file, so there is no longer any way to decrypt them :p Making a new user account in a new installation with all the same names and passwords doesn't recreate the keys needed. Doesn't matter what permissions you stick on the files or take ownership either, you still can't decrypt them.


Now from looking at one of the pages you showed me, you seem to need a key of some sort to decrypt the files, since I am missing this key, does that mean my files are lost?Correct :monster:


Things change though if your machine was in a domain environment and not standalone though :p In this case, the machine would have had a recovery agent policy from the domain such that by default, the domain admin can decrypt files if the user's lost/destroyed their key, like it seems you've gone and done. The policy may also specify other domain users too with this kind of power. Standalone WinXP has no recovery agents by default, not even administrators. I think standalone Windows 2003 specifies the local admin as an agent by default though - I'll take a guess that Samuraid did his tests on a Win2k3 machine (either standalone or on a domain) and didn't do a reinstall on the OS partition between encrypting the files and trying to recover them, hence he would have had no problems decrypting local files made by other users :p



"Encrypted files can become decrypted if you copy or move the file to a volume that is not an NTFS volume"Only works if you can read/decrypt the files in the first place :p



Well, if you've got a copy of your old installation or it's partition somewhere, you might be able to recover the keys and import them into your new user account, but I have no idea how to recover the keys in this manner :kaoplain:

Samuraid
01-25-2006, 09:17 PM
I'll take a guess that Samuraid did his tests on a Win2k3 machine (either standalone or on a domain) and didn't do a reinstall on the OS partition between encrypting the files and trying to recover them, hence he would have had no problems decrypting local files made by other users :p
I did it on my XP Pro machine on a home workgroup. The files were stored on a non-system NTFS parition. I completely reformatted the system partition and reinstalled windows. After reformatting/reinstalling windows, I used the same admin account name and the same password and simply took ownership of the files. I then was able to deencrypt them. Don't ask me how this was possible, I don't have a clue why. But it did work. :p

edczxcvbnm
01-25-2006, 09:48 PM
Only works if you can read/decrypt the files in the first place :p

I figured but they don't say that explicitly. I have never messed with this encrypted file crap so I did the best I could. My only experience is questioning why a company I was doing work for was including that in their SOE as it could cause more problems than it is worth.

Killy
01-25-2006, 11:40 PM
Samuraid, how does one take ownership of the files?

Also, would it be possible to break the code if I had a copy of one of the crypted files? Because as far as I know, it is one of the only ways to break encryption

Samuraid
01-26-2006, 01:09 AM
Disable simple file sharing (In folder options).
Right-click -&gt; Properties on the files in question
In the Security tab, press the Advanced button.
All the options you need should be listed there.

edczxcvbnm
01-26-2006, 01:17 AM
Aww...just as I was about to post

http://support.microsoft.com/default.aspx?scid=kb;en-us;308421

:(

Killy
01-26-2006, 01:40 AM
I did that, and I seems that I am now the owner of the files. However, I am still not allowed to decrpt them, does that mean that they are lost?

edczxcvbnm
01-26-2006, 01:52 AM
If you took ownership of the file then maybe you could attempt to create a new key with cipher. If that doesn't work then like cl_out said...you are SOL.

Samuraid
01-26-2006, 03:38 AM
I just tried it and wasn't able to get a file to decrypt. I wonder if it has to do with creating the same user account and password to take ownership and decrypt the file.

edczxcvbnm
01-26-2006, 03:59 AM
When all else fails try to e-mail microsoft and see what they tell you. Samuraid might have just gotten really awesomely lucky that one time. It could happen...Mc-WOOOOOOORLD!

ShunNakamura
01-26-2006, 10:59 AM
I hate to say but I think you are SoL. The reason being even my linux professor at the college says that the NTFS encryption was good. And I can count on one hand the number of 'goods' he has given windows. He said that if you lost the encryption key then it was virutually(someone somwhere can probably do it.. but probably not many someones) impossible to break the encryption. And there were a lot of variable to the encryption key if I remember right. User name and pass being only two of them.

Killy
01-26-2006, 12:00 PM
Well, thanks to all of you anyway.

ShunNakamura
01-26-2006, 01:40 PM
Cancel that about difficult to crack.

I just googled it for the fun of it, and it already looks as if there is software that can crack it. But from I have seen you are looking at awfully expensive software.

So I guess if you can find a cracked cracker you could possibly retrieve. Or if the files are so important that you are willing to buy it, or at least to rely your trouble to one of th makers of these programs(to ensure it will work before you buy it).