Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › Dirtydecrypt - Why you CANNOT decrypt or recover them to their original state
New Posts  All Forums:Forum Nav:

Dirtydecrypt - Why you CANNOT decrypt or recover them to their original state

post #1 of 4
Thread Starter 
The files CANNOT be decrypted. The technique they used was to overlay the beginning part of the file with that "File is encrypted" message screen with a PNG (Portable Network Graphics" format.

Open the affected file in NOTEPAD (make sure you select all files instead of *.txt files) and you will see the PNG header string which starts with IHDR. Then do a find (ctrl-f) and find IEND.

After the IEND will be whats left of your original file. In essence the PNG data string overlays the first 25,486 bytes.of your trashed file.

Whatever program you use to open the affected file recognizes the PNG format and processes it until it encounters the IEND. The remainder of your trashed file behind the IEND is ignored.

This is the reason the properties information for the file still reflects the original data so one might think that the entire file is there.

Wikipedia has an excellent description of the PNG format. Look under "2 PNG Working Group".

This is my story and I'm sticking to it.

Toyman

Ron H
post #2 of 4
is this a virus? if so, they are basically just ruining your files then? that's super lame. be sure to back stuff up tongue.gif
post #3 of 4
a customer brought in a computer that has that on it. we were wondering if was even recoverable. people say it is and others say it is a corrupted file header. interesting stuff
Go Skate
(16 items)
 
  
CPUMotherboardGraphicsRAM
intel i5 2500k  Gigabyte GA-Z68A NVIDIA GTX 1060 8 GB 1600 DDR3 GSKILL SNIPER 
Hard DriveHard DriveCoolingOS
Samsung 2.5-inch SSD 840 Seagate 1 TB 7200 RPM 32MB Cache Coolermaster hyper 212+ Windows 7 Home Premium 
MonitorKeyboardPowerCase
LG Flatron L227WTG Corsair K90 Mechanical Red Switch 910 watt PC Power and Cooling Coolermaster Elite 
MouseMouse PadAudio
Razer Naga Steel Series SC2 Edition Senheisser 
  hide details  
Reply
Go Skate
(16 items)
 
  
CPUMotherboardGraphicsRAM
intel i5 2500k  Gigabyte GA-Z68A NVIDIA GTX 1060 8 GB 1600 DDR3 GSKILL SNIPER 
Hard DriveHard DriveCoolingOS
Samsung 2.5-inch SSD 840 Seagate 1 TB 7200 RPM 32MB Cache Coolermaster hyper 212+ Windows 7 Home Premium 
MonitorKeyboardPowerCase
LG Flatron L227WTG Corsair K90 Mechanical Red Switch 910 watt PC Power and Cooling Coolermaster Elite 
MouseMouse PadAudio
Razer Naga Steel Series SC2 Edition Senheisser 
  hide details  
Reply
post #4 of 4
GPcode FTW
    
CPUMotherboardGraphicsRAM
2x intel Xeon E5-2650 Supermicro MBD-X9DR3-F-O Onboard awesomeness 8 x 8GB Kingston DDR3 1333 ECC 
Hard DriveCoolingOSMonitor
4x WD Green 2TB in RAID 10 2x Coolermaster Hyper 212 EVOs Windows Server 2012 Datacenter 3x Dell Ultrasharp U2410s 
PowerCase
Corsair AX1200 Case Labs TX10-D 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
2x intel Xeon E5-2650 Supermicro MBD-X9DR3-F-O Onboard awesomeness 8 x 8GB Kingston DDR3 1333 ECC 
Hard DriveCoolingOSMonitor
4x WD Green 2TB in RAID 10 2x Coolermaster Hyper 212 EVOs Windows Server 2012 Datacenter 3x Dell Ultrasharp U2410s 
PowerCase
Corsair AX1200 Case Labs TX10-D 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Windows
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › Dirtydecrypt - Why you CANNOT decrypt or recover them to their original state