Manual Decryption of Hybrid Backup Sync file

[Mikiya]

Big update today !
I think the big security issue is fixed, i still have to verify but at first sigth that seems ok
BUT my tool is broken with this update so i check if i can update it (because QNAP does not provide any tool yet...)

[Mikiya]

Update to 1.0, add compatibility with new HBS version (2.1). I can confirm, the security issue is fixed.

viewtopic.php?f=15&t=124323&p=578539#p578539

[karlegas]

Hi

I try use your tool in OSX for Mac and installed the Unlimited JCE policy files for JAVA versions 7 and 8, but still get the error requesting them. I have installed the version 1.6.0_37 by default by Apple but I don't know if that is making a conflict, or the Java App is looking a different path than this

/Library/Java/JavaVirtualMachines/jdk1.8.0_131.jdk/Contents/Home/lib/security/local_policy.jar

Please advise

Karl

[Mikiya]

Hi
If you have installed Java 1.6 before, i think you use java 1.6 by default even if you have install 1.7 ou 1.8.
Try to use "java -version" to check what version you use.
If you really want to use multiple versions of java on your system, i recommend "jenv" tool to manage them.

[karlegas]

java version "1.8.0_131"
Java(TM) SE Runtime Environment (build 1.8.0_131-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.131-b11, mixed mode)

That shows I created the security folder and put the JCE files on that but still asking for them?

[Mikiya]

Ok good, java 8 is supported. But i just see you put JCE files in a custom folder in JDK, you do not override JRE ones.
There should be here :
/Library/Java/JavaVirtualMachines/jdk1.8.0_131.jdk/Contents/Home/jre/lib/security/

(i don't have OSX to check now, tell me if it's ok)

[karlegas]

Yes I don't override JRE ones, I don't know where will be.

But the JCE files are in the path /Library/Java/JavaVirtualMachines/jdk1.8.0_131.jdk/Contents/Home/jre/lib/security/

So what is wrong?

[Mikiya]

Yes overriden them in /Library/Java/JavaVirtualMachines/jdk1.8.0_131.jdk/Contents/Home/jre/lib/security/ (like i said, unfortunatly i do not have OSX so i only read some topics for the path )
You can search and replace all "local_policy.jar" and "US_export_policy.jar" in /Library/Java/JavaVirtualMachines/jdk1.8.0_131.jdk/ with jar provided by Oracle.

[karlegas]

Ok I replaced the files for the provided for Oracle in the path you giveme but still appears the error with JCE files.

I will test wit other Mac to see makes any difference.

[Mikiya]

According to this : http://stackoverflow.com/questions/3774 ... -8-in-os-x for latest Mac, there are 2 paths for java (why did they do that ? ... it's so simple to change JCE files on Windows and Linux ) :
JRE: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/jre/lib/security (i'm not sure for the end of this path, search from /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/)
JDK: /Library/Java/JavaVirtualMachines/jdk1.x.x_xxx.jdk/Contents/Home/jre/lib/security
- If you install the JDK, it will also install the JRE at the JRE location listed above.
You have to change JCE files for both.
I could change these files automatically but i don't want to go against Oracle rules. I can't redistribuate them, user have to do this sorry

edit : you start the program from Explorer with double-click or from command line with java -jar ?

[karlegas]

According to this : http://stackoverflow.com/questions/3774 ... -8-in-os-x for latest Mac, there are 2 paths for java (why did they do that ? ... it's so simple to change JCE files on Windows and Linux ) :
JRE: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/jre/lib/security (i'm not sure for the end of this path, search from /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/)
JDK: /Library/Java/JavaVirtualMachines/jdk1.x.x_xxx.jdk/Contents/Home/jre/lib/security
- If you install the JDK, it will also install the JRE at the JRE location listed above.
You have to change JCE files for both.
I could change these files automatically but i don't want to go against Oracle rules. I can't redistribuate them, user have to do this sorry

edit : you start the program from Explorer with double-click or from command line with java -jar ?

Eureka you are right I update the JRE location folder and know runs, thanks for take the time. And yes I run the program from the Finder with .jar file

Karl

[karlegas]

Ok some points about the app:

The password window not permit copy/paste the password since is a password very long and with special characthers is a must that option if not possible maybe could you let the input not appears with ****** instead the characthers. I don't know if in PC the copy/paste works but in MacOS not.

Thanks

[marzell]

@mikiya will the source be available at github or different location?

[Mikiya]

Good to know it finally works !
About the password, on Windows, it works for copy&past (from standard copy and from keepass copy i tested both). But there is not "popup" menu to past. Did you test with Command-V to past ?

@marzell : source is provided in the zip file. For the moment i do not open a github location because i think this is a short project, but if QNAP do not release any official tool, maybe it worths it.

[trigtrig]

@Mikaya

Wow! Well done! I expected this thread to be dead, and now that I check back, you have a functioning script to decrypt files! Thank you very much for your hard work.

In regard to @karlegas's password pasting issue. It is true that we can't use COMMAND + V to paste, however the key bindings might be off inside Java. I am successfully able to paste by using CTRL + V as if I were on a windows machine.

@Mikaya In regard to MacOS support, I am having troubles decrypting with the GUI as well as the CLI. I have replicated the issue on two machines now (one of which is a fresh MacOS install) to ensure it is a problem.

When using the CLI, there is an error:

The file photo.jpg is not a QNAP-ciphered file.

When using the GUI, there is only the standard

All files fail to deciphered.

. The output file contains no extra information.

The file in question (photo.jpg) properly decrypts when running the same process on Windows 10, so that first error is faulty in this case. I am guessing that it may be an encoding issue? As I look at photo.jpg, it begins with "KÊ”r^ƒ". You are comparing against this (as QNAP_FILE_PREFIX_V2), in checkCipheredFile(), however for some reason the else statement at line 222 doesn't get entered, so the check fails to properly return 2, instead returning -1 and causing the decrypt to fail.

I have poked around a bit and attempted to compile your well-built code. My specialties are in c++/python/javascript and not java, so I haven't successfully compiled yet (getting stuck at needing a main manifest attribute?), but I would be happy to run tests for you on my mac if you can point me in the right direction.

Thanks again for your hard work here!