Professional Documents
Culture Documents
S FormatAnalyze File 2406
S FormatAnalyze File 2406
Example format:
Test_1.docx:$office$ *2007*20*128*16*e5cd4f385f8e37a4c72dfc688473c661
*633207a4a300e00f5650cdc66a778c57*fa111b113a17b90d4e33b652b5e3e093d5527a0b
filename:$office$ *Version*verifierHashSize*keySize*saltSize*Salt *
encryptedVerifier * encryptedVerifierHash
- Version : 2007
- VerifierHashSize (4byte): specifies the number of bytes used by the hash of the randomly
generated Verifier.
- KeySizDerive PBKDF2 key : KeyBits (AES 128/192/256)
- SaltSize : Size of Salt Value
- Salt : Salt Value
- EncryptedVerifier (16byte) : An encrypted form of a randomly generated, 16-byte verifier
value, which is the randomly generated Verifier value encrypted using the algorithm chosen
by the implementation.
- EncryptedVerifierHash: An array of bytes that contains the encrypted form of the hash of
the randomly generated Verifier value.
Format:
filename:$zip2$ * Ty * Mo * Ma * Sa * Va * Le * DF * Au*$/zip2$
* Metadata: Local File Header chứa thông tin của file nén (TY, Mo, Ma)
* Salt : Salt (8/12/16 byte) (Sa)
* Ciphertext: kết quả của quá trình mã hóa data. (DF)
* Password Verification Value PV (2byte): Giá trị dùng để kiểm tra (so sánh) với PV khi mã
hóa(Va)
* MAC : Authentication code (Au).
ZIP format:
filename:
$zip$*type*hex(CRC)*encryption_strength*hex(salt)*hex(password_verfication_value):
hex(authentication_code)
ZIP3 format:
filename:$zip3$*Ty*Al*Bi*Ma*Sa*Erd*Le*DF*Au*Fn
Ty : type (0) and ignored.
Al :algorithm (1 for AES)
Bi : bit length (128/192/256 bit)
Ma : magic (file magic), reserved, must be '0' now
Sa :salt(hex), 12 or 16 bytes of IV data
Erd : encrypted random data (max. 256 bytes)
Le : real compr len (hex) length of compressed/encrypted data (field DF), unused currently
DF : compressed data DF can be Le*2 hex bytes, and if so, then it is the ENTIRE file blob
written 'inline', unused currently
Au : authentication code, a 8 byte hex value that contains a CRC32 checksum, unused
currently
Fn : filename within zip file