summaryrefslogtreecommitdiffstats
path: root/src/file_axx.c
diff options
context:
space:
mode:
authorChristophe Grenier <grenier@cgsecurity.org>2012-02-11 19:32:59 +0100
committerChristophe Grenier <grenier@cgsecurity.org>2012-02-11 19:32:59 +0100
commitb1da8a3fcc5153708e47b85c9600307292d363ab (patch)
tree9c9fb8c97779be3d0817db7892260a3db281d166 /src/file_axx.c
parent3b81092d6af28b8fcc8525b717210b7fd94a122a (diff)
PhotoRec: recover AxCrypt .axx files
Diffstat (limited to 'src/file_axx.c')
-rw-r--r--src/file_axx.c108
1 files changed, 108 insertions, 0 deletions
diff --git a/src/file_axx.c b/src/file_axx.c
new file mode 100644
index 0000000..efbe49d
--- /dev/null
+++ b/src/file_axx.c
@@ -0,0 +1,108 @@
+/*
+
+ File: file_axx.c
+
+ Copyright (C) 2012 Christophe GRENIER <grenier@cgsecurity.org>
+
+ This software is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write the Free Software Foundation, Inc., 51
+ Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#ifdef HAVE_STRING_H
+#include <string.h>
+#endif
+#include <stdio.h>
+#include "types.h"
+#include "filegen.h"
+#include "common.h"
+#include "log.h"
+
+static void register_header_check_axx(file_stat_t *file_stat);
+
+const file_hint_t file_hint_axx= {
+ .extension="axx",
+ .description="AxCrypt",
+ .min_header_distance=0,
+ .max_filesize=PHOTOREC_MAX_FILE_SIZE,
+ .recover=1,
+ .enable_by_default=1,
+ .register_header_check=&register_header_check_axx
+};
+
+struct SHeader
+{
+ uint32_t aoLength;
+ uint8_t oType;
+} __attribute__ ((__packed__));
+
+static void file_check_axx(file_recovery_t *fr)
+{
+ struct SHeader header;
+ unsigned int len;
+ uint64_t offset=0x10;
+ while(1)
+ {
+ if(fseek(fr->handle, offset, SEEK_SET) < 0)
+ return ;
+ if (fread(&header, sizeof(header), 1, fr->handle)!=1)
+ return ;
+ len=le32(header.aoLength);
+#ifdef DEBUG_AAX
+ log_info("axx 0x%llx 0x%x 0x%x/%d\n", (long long int)offset, len, header.oType, header.oType);
+#endif
+ if(len<5)
+ return ;
+ offset+=len;
+ if(header.oType==63) // eData
+ {
+ uint64_t fsize;
+ if(len!=13)
+ return ;
+ if (fread(&fsize, sizeof(fsize), 1, fr->handle)!=1)
+ return ;
+ fsize=le64(fsize);
+ offset+=fsize;
+ fr->file_size=(fr->file_size < offset ? 0 : offset);
+ return ;
+ }
+ }
+}
+
+// guidAxCryptFileIdInverse (32 bytes) + length (4) + ePreamble=2
+static const unsigned char axx_header[0x15]= {
+ 0xc0, 0xb9, 0x07, 0x2e, 0x4f, 0x93, 0xf1, 0x46,
+ 0xa0, 0x15, 0x79, 0x2c, 0xa1, 0xd9, 0xe8, 0x21,
+ 0x15, 0x00, 0x00, 0x00, 0x02
+};
+
+static int header_check_axx(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new)
+{
+ if(memcmp(&buffer[0], axx_header, sizeof(axx_header))==0)
+ {
+ reset_file_recovery(file_recovery_new);
+ file_recovery_new->extension=file_hint_axx.extension;
+ file_recovery_new->file_check=&file_check_axx;
+ return 1;
+ }
+ return 0;
+}
+
+static void register_header_check_axx(file_stat_t *file_stat)
+{
+ register_header_check(0, axx_header, sizeof(axx_header), &header_check_axx, file_stat);
+}