d2jsp
Log InRegister
d2jsp Forums > Off-Topic > General Chat > Science, Technology & Nature > Multiple Odd Files > I Need Help Reading Them
Add Reply New Topic New Poll
Member
Posts: 3,226
Joined: Nov 1 2007
Gold: 93.00
Apr 17 2010 10:09am
Alright, I have some files here that have had something done to them. I need them made legible. I also need to know how you did it, and what tools you use, if any. As people who have helped me out before know, I am quite thankful when people help me out with this stuff. There are 3 word documents and 2 text documents.

http://www.box.net/shared/2f1z4csnm4

http://www.box.net/shared/gr30d3z7zl

http://www.box.net/shared/ngabb2agy6

http://www.box.net/shared/l9hp7db8bt

http://www.box.net/shared/6l4ttzt95b

This post was edited by GodFollower on Apr 17 2010 10:09am
Member
Posts: 10,812
Joined: Oct 15 2009
Gold: Locked
Warn: 20%
Apr 17 2010 11:57am
The first 3 documents are encrypted msword files. The first document (the only one of the three I took a serious look at with a hex editor) contains an unencrypted hyperlinks to:
http://www.psc.edu/science/Taylor/Taylor-bio.html
http://www.psc.edu/science/Taylor/LittleGreen.html
http://www.psc.edu/science/Taylor/Relativity.html

The last 2 documents contain nothing. Looking at them with a hex editor you will see only 0's. Nothing can be extracted from them. Their file names suggest what they originally contained and perhaps you could just find a copy of those famous works online.

I've never tried to break the encryption on a msword document before but I've broken plenty of ms excel documents. I don't have access to a windows machine right now. I take another look at the first 3 when I can get on a windows machine.

This post was edited by Azrad on Apr 17 2010 11:59am
Member
Posts: 3,226
Joined: Nov 1 2007
Gold: 93.00
Apr 17 2010 07:01pm
Sorry, I should have provided the passwords. The word documents all have read passwords of "binary", and the write password is "neutron". I broke those a while ago, just forgot to post them up.


The .txt files have to contain something, hence the file size and the spaces in the document. I tried changing the encoding, but nothing brought letters from what is there. I agree with the all 0s, but there has to be something there.

This post was edited by GodFollower on Apr 17 2010 07:17pm
Member
Posts: 10,812
Joined: Oct 15 2009
Gold: Locked
Warn: 20%
Apr 17 2010 08:28pm
Quote (GodFollower @ Apr 17 2010 06:01pm)

The .txt files have to contain something, hence the file size and the spaces in the document. I tried changing the encoding, but nothing brought letters from what is there. I agree with the all 0s, but there has to be something there.


The file size of the .txt files is similar to just a sack full of zeros. When i scrolled through them with a hex editor. I saw nothing but 0's. It is possible there were some non-zeros there I didn't notice but I don't think so. IF they only contain 0's then they can't possibly contain any data. Think about it this way:

If you are given the message:
00000000000

And the desired message is:
eat at joes

The algorithm to do this is literally "eat at joes". In other words to change the original message to the desired message you need the entire desired message. If you have the entire desired message then you don't need the original message. If you don't have the entire desired message, you can never transform the original into the desired message. If the original message was not just 0's, but was "eat at joes" scrambled we might have something to work with, but this does not appear to be the case. Summary: I'm sorry but those files contain nothing; there is nothing to restore :(

Your only hope is to find a different copy of those files.

I'll use your keys on the m$word files and have a look.
Member
Posts: 3,226
Joined: Nov 1 2007
Gold: 93.00
Apr 17 2010 08:59pm
Quote (Azrad @ Apr 17 2010 08:28pm)
The file size of the .txt files is similar to just a sack full of zeros. When i scrolled through them with a hex editor. I saw nothing but 0's. It is possible there were some non-zeros there I didn't notice but I don't think so. IF they only contain 0's then they can't possibly contain any data. Think about it this way:

If you are given the message:
00000000000

And the desired message is:
eat at joes

The algorithm to do this is literally "eat at joes". In other words to change the original message to the desired message you need the entire desired message. If you have the entire desired message then you don't need the original message. If you don't have the entire desired message, you can never transform the original into the desired message. If the original message was not just 0's, but was "eat at joes" scrambled we might have something to work with, but this does not appear to be the case. Summary: I'm sorry but those files contain nothing; there is nothing to restore  :(

Your only hope is to find a different copy of those files.

I'll use your keys on the m$word files and have a look.


Yeah, I do not have access to the image I got the files out of, but I would be willing to bet that he buried something in the slack of those text documents, rather than having it in the documents themselves. Thanks for confirming that they are worthless as-is though.

Just as a side note, I am a fairly competent Windows user (however, I am obviously ignorant as to *nix operations and objects), I was just looking for second opinions on these. These files were part of a huge image that was full of files that were encrypted, altered, and hidden in many other ways to test what we learned in our forensics class this semester. These were just the few that have evaded me, as of yet.

Thanks for looking at these mate, you seem like a nice guy.

This post was edited by GodFollower on Apr 17 2010 09:02pm
Member
Posts: 10,812
Joined: Oct 15 2009
Gold: Locked
Warn: 20%
Apr 17 2010 09:28pm
This is really going out on a limb:

For the 2 .txt documents. Did you get the files on a cd? Have you tried maybe using a disk editor on the original media? Yes the files you uploaded are certainly totally empty, but maybe they were just read wrong off the media? It's a long shot, I know.
Member
Posts: 3,226
Joined: Nov 1 2007
Gold: 93.00
Apr 17 2010 10:01pm
Quote (Azrad @ Apr 17 2010 09:28pm)
This is really going out on a limb:

For the 2 .txt documents. Did you get the files on a cd? Have you tried maybe using a disk editor on the original media? Yes the files you uploaded are certainly totally empty, but maybe they were just read wrong off the media? It's a long shot, I know.


No, I received the entire image on a flash drive, but extracted all encrypted files and all .txt files from the image, and turned it back in. Why I just did not duplicate the image is beyond me, I have already kicked myself multiple times for it.
Member
Posts: 3,226
Joined: Nov 1 2007
Gold: 93.00
Apr 19 2010 07:32pm
I got them figured out.

The text files were truly null, they were there as distractions. Quite effective ones at that.

The word documents exploited a flaw in Microsoft Word, where the Wingding font is unable to be unapplied when opened on another computer. However, if you copy the content and paste it in Wordpad, you can change the font to a typical type and it becomes clearly legible.
Member
Posts: 10,812
Joined: Oct 15 2009
Gold: Locked
Warn: 20%
Apr 19 2010 09:23pm
ah very nice!
Member
Posts: 3,226
Joined: Nov 1 2007
Gold: 93.00
Apr 19 2010 11:34pm
I had never seen nor hear of that exploit, I just happenstanced upon it wandering around the corners of cyberspace looking for answers. Quite amazing seeing that such a big name product is fooled so easily, by something anyone can do with no extra software.
Go Back To Science, Technology & Nature Topic List
Add Reply New Topic New Poll