summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorChristophe Grenier <grenier@cgsecurity.org>2012-02-11 19:32:59 +0100
committerChristophe Grenier <grenier@cgsecurity.org>2012-02-11 19:32:59 +0100
commitb1da8a3fcc5153708e47b85c9600307292d363ab (patch)
tree9c9fb8c97779be3d0817db7892260a3db281d166 /src
parent3b81092d6af28b8fcc8525b717210b7fd94a122a (diff)
PhotoRec: recover AxCrypt .axx files
Diffstat (limited to 'src')
-rw-r--r--src/Makefile.am1
-rw-r--r--src/file_axx.c108
-rw-r--r--src/file_list.c2
3 files changed, 111 insertions, 0 deletions
diff --git a/src/Makefile.am b/src/Makefile.am
index 9dba05b..9c06c41 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -47,6 +47,7 @@ file_C = filegen.c \
file_asm.c \
file_atd.c \
file_au.c \
+ file_axx.c \
file_bac.c \
file_bim.c \
file_bkf.c \
diff --git a/src/file_axx.c b/src/file_axx.c
new file mode 100644
index 0000000..efbe49d
--- /dev/null
+++ b/src/file_axx.c
@@ -0,0 +1,108 @@
+/*
+
+ File: file_axx.c
+
+ Copyright (C) 2012 Christophe GRENIER <grenier@cgsecurity.org>
+
+ This software is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write the Free Software Foundation, Inc., 51
+ Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#ifdef HAVE_STRING_H
+#include <string.h>
+#endif
+#include <stdio.h>
+#include "types.h"
+#include "filegen.h"
+#include "common.h"
+#include "log.h"
+
+static void register_header_check_axx(file_stat_t *file_stat);
+
+const file_hint_t file_hint_axx= {
+ .extension="axx",
+ .description="AxCrypt",
+ .min_header_distance=0,
+ .max_filesize=PHOTOREC_MAX_FILE_SIZE,
+ .recover=1,
+ .enable_by_default=1,
+ .register_header_check=&register_header_check_axx
+};
+
+struct SHeader
+{
+ uint32_t aoLength;
+ uint8_t oType;
+} __attribute__ ((__packed__));
+
+static void file_check_axx(file_recovery_t *fr)
+{
+ struct SHeader header;
+ unsigned int len;
+ uint64_t offset=0x10;
+ while(1)
+ {
+ if(fseek(fr->handle, offset, SEEK_SET) < 0)
+ return ;
+ if (fread(&header, sizeof(header), 1, fr->handle)!=1)
+ return ;
+ len=le32(header.aoLength);
+#ifdef DEBUG_AAX
+ log_info("axx 0x%llx 0x%x 0x%x/%d\n", (long long int)offset, len, header.oType, header.oType);
+#endif
+ if(len<5)
+ return ;
+ offset+=len;
+ if(header.oType==63) // eData
+ {
+ uint64_t fsize;
+ if(len!=13)
+ return ;
+ if (fread(&fsize, sizeof(fsize), 1, fr->handle)!=1)
+ return ;
+ fsize=le64(fsize);
+ offset+=fsize;
+ fr->file_size=(fr->file_size < offset ? 0 : offset);
+ return ;
+ }
+ }
+}
+
+// guidAxCryptFileIdInverse (32 bytes) + length (4) + ePreamble=2
+static const unsigned char axx_header[0x15]= {
+ 0xc0, 0xb9, 0x07, 0x2e, 0x4f, 0x93, 0xf1, 0x46,
+ 0xa0, 0x15, 0x79, 0x2c, 0xa1, 0xd9, 0xe8, 0x21,
+ 0x15, 0x00, 0x00, 0x00, 0x02
+};
+
+static int header_check_axx(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new)
+{
+ if(memcmp(&buffer[0], axx_header, sizeof(axx_header))==0)
+ {
+ reset_file_recovery(file_recovery_new);
+ file_recovery_new->extension=file_hint_axx.extension;
+ file_recovery_new->file_check=&file_check_axx;
+ return 1;
+ }
+ return 0;
+}
+
+static void register_header_check_axx(file_stat_t *file_stat)
+{
+ register_header_check(0, axx_header, sizeof(axx_header), &header_check_axx, file_stat);
+}
diff --git a/src/file_list.c b/src/file_list.c
index 4432fe0..8808c4b 100644
--- a/src/file_list.c
+++ b/src/file_list.c
@@ -49,6 +49,7 @@ extern const file_hint_t file_hint_asf;
extern const file_hint_t file_hint_asm;
extern const file_hint_t file_hint_atd;
extern const file_hint_t file_hint_au;
+extern const file_hint_t file_hint_axx;
extern const file_hint_t file_hint_bac;
extern const file_hint_t file_hint_bim;
extern const file_hint_t file_hint_bkf;
@@ -292,6 +293,7 @@ file_enable_t list_file_enable[]=
{ .enable=0, .file_hint=&file_hint_asm },
{ .enable=0, .file_hint=&file_hint_atd },
{ .enable=0, .file_hint=&file_hint_au },
+ { .enable=0, .file_hint=&file_hint_axx },
{ .enable=0, .file_hint=&file_hint_bac },
{ .enable=0, .file_hint=&file_hint_bim },
{ .enable=0, .file_hint=&file_hint_bkf },