Video Screencast Help

Reverse engineering of Obfuscated Code

Created: 06 Sep 2013 | 7 comments
Spartacus81's picture

Friends,

I have a request here that most of you may find it strange but i need solution. The problem is i am using free Dell encryption software call EKM on one of my masters runnig NBU 7.1.0.4. Encryption software is set to encrypt the tapes at library level so its a libray based encryption. It has expired after 1095 days and now i can't login to the EKM server. I however manually copied the required backup files and reinstall the software replace the files with the backed up files but still can't login. If i dont put those file back to the location it allows me to login to the EKM server which means i can't restore the data from legacy tapes. i have done investigation and manage to open the backed up files to see if i can find the password string so that i could replace it with the new string so that i could log back into the server. I found three obfuscated codes two of them are key encyption password and one is SSL password and i have this feeling thats the password string that need decoding. Sorry for the long story but does any of you know how to decrypt the following obfuscated code into a human readable format.

ED08531E225550551E5D = ? ABCD ?

Operating Systems:

Comments 7 CommentsJump to latest comment

Mark_Solutions's picture

Looks like they use an AES-256 block cypher

It really shouldn't be easy to crack it!!

The re-set your login notes look like they should work but i do note that they say remove the date and time prefix from the files - did you do that?

I think the group of letters etc. you have actually need to the password to unencrypt it!

Authorised Symantec Consultant

Don't forget to "Mark as Solution" if someones advice has solved your issue - and please bring back the Thumbs Up!!.

Spartacus81's picture

Remove the data and time prefix, how would you do that? 

I did try to change the date on the server to go back in times but no luck... 

Bugs comes in through open windows!

Mark_Solutions's picture

The notes indicated that the files would have a prefix - details from here:

http://www.manualslib.com/manual/390639/Dell-Powervault-Ml6000.html?page=22

Authorised Symantec Consultant

Don't forget to "Mark as Solution" if someones advice has solved your issue - and please bring back the Thumbs Up!!.

Spartacus81's picture

Oh got ya.. well, i was not able to login to EKM server to backup the files that gets backed up with date and time prefix. i manually copied them and manualy put them back when i reinstall the EKM. i did not delete the old directory just renamed it.. 

when the EKM software installed i was successfully able to login but when i stopped the server and put the backed up files back i wasnt able to login.. i know i can start fresh but it means i wont be able to restore fromm the old tapes.. any other suggestion?

Bugs comes in through open windows!

Mark_Solutions's picture

Sorry no - can you speak to Dell, it is a Dell issue really

Authorised Symantec Consultant

Don't forget to "Mark as Solution" if someones advice has solved your issue - and please bring back the Thumbs Up!!.

Spartacus81's picture

call already logged.. anyway thanks Mark..

Bugs comes in through open windows!

Mark_Solutions's picture

Ok - sorry i couldn't help more - over to DELL i think

Authorised Symantec Consultant

Don't forget to "Mark as Solution" if someones advice has solved your issue - and please bring back the Thumbs Up!!.