Friday, July 12, 2013

Removing User Account encryption from your encrypted documents

I consider this title kind of misleading and hard to understand if you don’t know exactly what I’m talking about, so I’ll proceed to explain (read the story and learn from experience):
When you set a password to your user account you have the option to encrypt all your files and documents with a unique key that’s linked to your account and your account only. If you format your PC and forget to remove that encryption, there is a 99% chance of all your files being completely lost and gone for good. In fact, a quick Google search will tell you exactly that.
But I found a workaround… well, I was lucky. I reinstall Windows in a PC that had encrypted files and the user didn’t know about it, and all of her files where almost lost completely… but didn’t. I always use Ubuntu to make the backup of files, documents, and important stuff, that way I can delete what I don’t need and (if the PC is too slow) avoid programs running, virus, etc.
Here’s the important part: When moving the files (from Ubuntu) I actually had no problems, I was able to preview images and documents, and even listen to the music without any trouble whatsoever, but when I tried to open these on the freshly install Windows… well, fuck me.
encrypt1
I was so mad, and frustrated that I spend 20 minutes only accepting the fact that I lost over 10Gb in photos and documents, really important documents. After the shocked went away, I went to Google for help, only to find sadness and despair. Since that didn’t help, I went to Ubuntu again, I was even able to send files to my USB drive, but I wasn’t able to see these in my PC.
I had an idea, open each file and re-save it with a different name using Ubuntu. That worked like a charm, the only problem was that we’re talking about 2Gb on Word documents and over 5000 images… I was depressed.
After reading and reading I learned that the problem was with Windows’ user privileges; if Windows can’t “provide” an acceptable key, the files can’t be read or written, these will remain untouched until you stop being in a fetal position and delete them… or that’s what I though.
I have in my possession a small registry hack called “Take ownership” (I don’t even remember where, how or when I got it). This is a small modification on your registry that will allow you to take control over any file (not folder, or at least that didn’t work for me) and assign it to your account. AKA, the file will be yours.
encrypt2
I installed it as a desperate attempt to justify myself that I actually did everything in my power, and to my surprise, it worked.
encrypt3
I was amazed; after I asked the owner if she encrypted them, she told me that she did because Windows asked her and she though that nothing would happen… the usual.
The problem with this is that it’s hard to find a user with encrypted files and that is willing to risk losing all of them to test this out. I’m fairly sure that this was pure luck and nothing else, but if this helps you, please let me know. That way we can help many others, or make me sad again. Either way, is all up to you.
TL;DR:
  1. Can you see/edit the encrypted files with Ubuntu?
  2. Use Take Ownership.
  3. ???
  4. Profit.

No comments:

Post a Comment