Encryption recovery of file in external storage "Dropbox"

ℹ️ Support
3

This procedure worked perfectly for us:

Username: admin
Password: password
Ciphersuite: HBEGIN:cipher:AES-256-CTR
Salt: PBKDF2, sha256 100000 times (can be looked up here https://github.com/nextcloud/server/blob/master/apps/encryption/lib/Crypto/Crypt.php )

The instanceid and secret is available at /nextcloud/config/config.php file

instanceid: ockoa0vm1m34
secret: 63Ca9s0LIJCf7ctbgFP3QrkMZkD8kzLhwXfMgsFFvor2T6Qg

User’s encrypted RSA private key:
/admin/files_encryption/OC_DEFAULT_MODULE/admin.privateKey

User’s file you want to decrypt:
/admin/files/ssh-manual.txt

User’s file shareKey:
/admin/files_encryption/keys/files/ssh-manual.txt/OC_DEFAULT_MODULE/admin.shareKey

User’s file key:
/admin/files_encryption/keys/files/ssh-manual.txt/OC_DEFAULT_MODULE/fileKey

‘instanceid’ => ‘ockoa0vm1m34’,
‘passwordsalt’ => ‘HwNI0u8r0vHRdnHON86Rbl5x4Jcgiu’,
‘secret’ => ‘63Ca9s0LIJCf7ctbgFP3QrkMZkD8kzLhwXfMgsFFvor2T6Qg’,

Decrypt user’s RSA private key

openssl enc -AES-256-CTR -d -base64 -A -nosalt -K $( php -r “echo hash_pbkdf2(‘sha256’, ‘password’, hash(‘sha256’, ‘admin’.‘ockoa0vm1m34’.‘63Ca9s0LIJCf7ctbgFP3QrkMZkD8kzLhwXfMgsFFvor2T6Qg’, true), 100000, 32, true);” | xxd -p -c 999999 ) -iv $(perl -pne ‘s/^HBEGIN.00iv00//;s/00sig00.xxx$//’ “/admin/files_encryption/OC_DEFAULT_MODULE/admin.privateKey” | xxd -p -c 999999 ) -in <( perl -pne 's/^HBEGIN:.+:HEND-//;s/(00iv00.)?00iv00.*xxx$/\1/’ “/admin/files_encryption/OC_DEFAULT_MODULE/admin.privateKey” ) > myrsa.pem

Decrypt a shareKey using decrypted RSA private key

openssl rsautl -decrypt -inkey <(cat “myrsa.pem”) -in “/admin/files_encryption/keys/files/ssh-manual.txt/OC_DEFAULT_MODULE/admin.shareKey” > mysharekey

Decrypt a fileKey using decrypted shareKey

openssl rc4 -d -in “/admin/files_encryption/keys/files/ssh-manual.txt/OC_DEFAULT_MODULE/fileKey” -iv 0 -K $(xxd -p -c 999999 mysharekey) > myfilekey

Decrypt the file using decrypted fileKey

export BLOCKSIZE=8192
export COUNTER=1
export FILE="/admin/files/ssh-manual.txt"
export FILESIZE=$(stat -c%s $FILE)
export BLOCKS=$((FILESIZE/BLOCKSIZE))
export LASTCHUNK=$[FILESIZE-(BLOCKS*BLOCKSIZE)] # haven’t tested case when LASTCHUNK=0
while [ $COUNTER -lt $[BLOCKS+1] ]; do
PAYLOADSIZE=$((BLOCKSIZE-96))
[ $COUNTER -eq $BLOCKS ] && PAYLOADSIZE=$((LASTCHUNK-96))
PAYLOAD="$(dd bs=$BLOCKSIZE skip=$COUNTER count=1 if="$FILE" status=noxfer 2>/dev/null | dd bs=$PAYLOADSIZE count=1 status=noxfer 2>/dev/null )“
SHIFT=$((PAYLOADSIZE+6))
IV=”$(dd bs=$BLOCKSIZE skip=$COUNTER count=1 if="$FILE" status=noxfer 2>/dev/null | dd bs=$SHIFT skip=1 count=1 status=noxfer 2>/dev/null | dd bs=16 count=1 status=noxfer 2>/dev/null | xxd -p -c 999)"
echo -e “PAYLOAD SIZE =\t” $PAYLOADSIZE >&2
echo -e “SHIFT =\t\t” $SHIFT >&2
echo -e “IV =\t\t” $IV >&2
openssl enc -AES-256-CTR -d -nosalt -base64 -A -K $(xxd -p -c 9999 myfilekey) -iv “$IV” -in <(echo -ne “$PAYLOAD”)
COUNTER=$[$COUNTER+1]
done > decryptedFile

sha256sum decryptedFile

Шифрование nextcloud