Adam, I have received and examined your file, adatok.ods.
The document appears to have been tampered with or produced in a defective manner. I can't determine what software produced it since that information is only available in the decrypted file. Based on discrepancies I see in the file, it has been produced by software other than Apache OpenOffice 4.1.2 or LibreOffice (up to 5.0) and/or has been tampered with. I have no suggestion on how the content of such a file might be recovered, considering that the defects, whatever their origin, are indistinguishable from tampering and the encryption is such that there is no general means to overcome that. It is an irreversible characteristic of the cryptographic encryption employed for password-protected documents. - Dennis FORENSIC ANALYSIS 1. The adatok.ods file is a valid Zip as used in the packaging of Calc ODF documents into .ods files. The components of the Zip .ods package are easily extracted into a folder of the individual components. 2. On attempting to open the file in OpenOffice Calc, I receive the Password entry dialog. (I read the original report too quickly. I did not realize attempts get this far.) This means that Calc is opening the .ods correctly and also extracting the META-INF/manifest.xml file that is in the package. It is information in manifest.xml that identifies the file as encrypted. 3. On providing an arbitrary password entry (e.g., "12345"), I immediately receive a corrupted file dialog. This is very immediate, suggesting that the failure happened without attempting much decryption, if any. When I open the file with LibreOffice 5.0, I receive a "Read Error" at this same point. 4. I created a trivial Apache OpenOffice 4.1.2 Calc document and gave it the actual password "12345", using the default encryption. When I attempt to open that document with the correct password, it opens correctly. When I use an incorrect password, I receive the message "The password is incorrect. The file cannot be opened." For adatok.ods, this point is not reached. 5. There are a number of differences between adatok.ods and encrypted files produced with Apache OpenOffice 4.1.2 and LibreOffice 5.0 by default. The file appears to be produced by LibreOffice 5.0 with Advanced Experimental options selected. Although not produced by AOO 4.1.2, these files are opened and decrypted correctly by AOO 4.1.2 and the result of an incorrect password is the same as case (4). (I have not checked with LibreOffice 5.1 where there may be further differences.) 6. Two characteristics of adatok.ods suggests that it was produced by different software or has been tampered with. In the Zip packaging, the file content.xml is last in the Zip data stream, whereas META-INF/manifest.xml is always recorded last with original encrypted files. Furthermore, in the META-INF/manifest.xml, the checksum carried for content.xml is empty. That is incorrect in accordance with the ODF 1.2 specification. That checksum, if present, is a cryptographic hash used to assess whether decryption is producing the correct unencrypted file and, if not, the password is assumed to be incorrect. Absence of such a checksum makes the decryption of the content.xml unverifiable although defects in the decryption and subsequent decompression would likely provoke detection of corruption. 7. Treating a document with differences (6) as corrupted is rather appropriate in this case. However, if the only alteration is having a blank checksum for content.xml, AOO 4.1.2 and LibreOffice 5.0 will both open and decrypt such a document successfully. This is a verification deficiency, although further corruption would likely be apparent because of compression/decompression problems. At this point, there was no further checking to see what about adatok.ods triggers the detection of corruption or reporting of a read failure. There are a number of prospects for that. Knowing what those defects are is not likely to allow recovery of the file by someone knowing the correct password. > -----Original Message----- > From: Adam Bujdoso [mailto:[email protected]] > Sent: Sunday, February 28, 2016 00:32 > To: [email protected] > Cc: [email protected] > Subject: Re: Encrypted Calc file got corrupted > > Dear Dennis, > > Many thanks indeed for your reply. > > I just sent an email to [email protected] with the link to > the > file, hopefully you can see it and can donwload to file. Please let me > know > if there are any issues. > > When I try to open the file, I in fact first get prompted to type in the > password, and when I do that, that's when I get the error message. So > the > corruption error message does not happen immediately, it does offer the > opportunity to decrypt the file. > > Let me know please if you are able to get anything out of the file. > > Thanks a lot indeed for your help! > > Best, > Adam > > On Sun, Feb 28, 2016 at 3:33 AM, Dennis E. Hamilton <[email protected]> > wrote: > > > Since the file is encrypted, can you upload it somewhere where one of > us > > can examine it? We do not need to know the password. In fact, it > might > > not be useful at all. > > > > I am assuming that the corruption message happens immediately and you > are > > not offered an opportunity to decrypt it. > > > > This can result when a file is not saved completely on exiting > OpenOffice > > and/or shutting down the computer. You can send the link for > accessing it > > to [email protected] and I will see it. > > > > If the file is actually corrupted, it will probably not be > decryptable, > > especially if the *last* part of the file, which has the manifest of > its > > parts, is lost or damaged. The manifest holds parameters that must be > > known, as well as the password, in order to accomplish decryption. > > > > - Dennis > > > > > > > > > -----Original Message----- > > > From: Adam Bujdoso [mailto:[email protected]] > > > Sent: Saturday, February 27, 2016 13:53 > > > To: [email protected] > > > Subject: Encrypted Calc file got corrupted > > > > > > Dear Group, > > > > > > I have a problem for which I am hoping to get some help from you. > > > > > > I am trying to open an encrypted Calc ods file with some quite > important > > > data in it, however, when I type in the password after being > prompted to > > > do so, I get an error message "The file is corrupt and therefore > cannot > > > be > > > opened. OpenOffice can try to repair the file." > > > > > > When I press 'Yes' to repair the file, nothing really happens, the > file > > > still doesn't open, and next time I try to open the file, I get the > same > > > error message. > > > > > > Could you please help me fix this somehow? As mentioned this file > > > contains > > > some important data. > > > > > > Thanks a lot indeed in advance, really appreciated! > > > > > > Best, > > > Adam > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
