Jump to content

cant decrypt files after clean install

Vietfobster

By Vietfobster
in Windows XP

 Share

Recommended Posts

Vietfobster

Vietfobster

Posted
Posted

i have 2 partitions. one...c drive. second....my important data. i recently clean installed xp pro sp1 on the c drive. and now, when i try to open some files on my second partition, it says "windows cannot access the specified device, path, or file. you may not have appropriate permissions to access them." theyre encrypted. i tried decrypting them on the properties but it says "access denied". half of my second drive is encrypted! and i didnt even know they were encrypted. theyre greenish color. whenever i extract from winrar, the extracted files are green.

how can i get around this? and how can i prevent it from encrypting again? plz tell me theres hope. i miss my data so much :(

post-34-1101726184_thumb.jpg

Link to comment
Share on other sites

Vietfobster

Vietfobster

Posted
  • Author
Posted

ok i just finished reading the link and its so confusing. i couldnt understand the stuff it was talking about. well it suggested some programs and i got the passware efs key. when i tried to decrypt with it, it asked for the password. password? i never even used no password!

is there a way to decrypt my files or find the password? plz i really really miss my data :(

edit: theres a "certificate" option where i can share my files with. how do i do that? i wanna create a new account and share the encrypted files so i can access them :D. once i do that, maybe i can decrypt them....or maybe im talking nonsense.

once again, I MISS MY DATA SO MUCH! plz help me save my data! stupid a** efs :realmad:

EDIT: army20 u removed ur post huh? was it something that could help me but against the forum rules? anyway pm me if u can help plzzzz i miss my data. ITS SO CLOSE YET SO FAR AWAY!

Link to comment
Share on other sites
ChunkDog

ChunkDog

Posted
Posted

It looks like its time for ya to build a PE disk. All you need is your Windows XP CD, go to this site and download PE Builder: http://www.nu2.nu/ . Go to this site and download the XPE Plugin: http://oss.netfarm.it/winpe/ , then build your LIVE Windows XP CD. If you did everything right, you'll be able to boot from the cd you made, access your encrypted files, change their permissions, then reboot, and decrypt the files from your normal windows installation on your hard drive. This will work and it is worth the effort to build the disk.

Link to comment
Share on other sites
Vietfobster

Vietfobster

Posted
  • Author
Posted

urgghh CHUNKDOG i hate you so much!!! because of ur reply, now im too excited to do my skoo homework!! lol. thanks for the reply. ill get on the pe disk asap. wutever the results are later on.....ill reply here. i just hope everyone goes smooth and my precious data is back in my fingertips. :thumbup

EDIT: do u need xpe plugin? the site is down :( can somebody send me a direct dl link to it?

ok i booted up to partpe without xpe plugin. but how do i change their permissions?

Link to comment
Share on other sites
Vietfobster

Vietfobster

Posted
  • Author
Posted

army20, i really hope its still possible. about 6 of my 11 gigs of important data are encrypted and i dont wanna lose them. i dont want to get my missing data all over again.

is bartPE the only way to recover my data? i tried but it still said "access denied". but i didnt have the xpe plugin (couldnt find a dl link). chunkdog where are u! i need guidance. please tell me step-by-step instructions (dont say "first, turn on ur comp by pressing that button". im not THAT newbish lol)

Link to comment
Share on other sites
army20

army20

Posted
Posted

A few FAQ about EFS:

1. When you crypt a file for the first time, a certificat is created combining your user SID & your NT passwd.

2. When NOT in a active directory environment, there's no "recovery agent"

3. When NOT exported, the certificat is not a file.

4. If admin or power user change your passwd, they will not able to access your data and you neither, your passwd must be changed by loging in and then Ctrl+alt+del or thru control pannel.

My personnal opnion is that there's always a way in computing, but at witch price, how long a you ready to wait and do you have the knowledge to do it. I don't think Microsoft had developed a solution to encrypt data that Will be SO easy to hack.

I think you should forget your data.

To other msfn expert: correct me if i'm wrong

Link to comment
Share on other sites
Vietfobster

Vietfobster

Posted
  • Author
Posted (edited)

im the administrator of my comp and its the only user account. i cant forget 6 gigs :blink: thanks for ur reply tho army20

hmm i got a thought. wut if i clean installed my xp again, used same username + password. then encrypted a new file? will that have the same certificate thumbnail as the ones im trying to decrypt. is there a way to make the certificate the same?

nothing is impossible!!!.......... lol i saw that on the tmac nike commercial

EDIT: heres a pic of the certificate thumbnail # i need. i dont care if its "personal info". im hoping theres someone who can duplicate this. anyone who can do it, plz help me so and do it. im missing my 6 gigs :(

post-34-1101856053_thumb.jpg

Edited by Vietfobster
Link to comment
Share on other sites
Vietfobster

Vietfobster

Posted
  • Author
Posted

heres heres the results......clean installed xp again and encrypted a file. but the thumbnail certificate wasnt the same. i used the same username and password too :( anyone open to suggestions other than forgetting about my data?

if no one knows an answer, ill post on another forum for help too :)

Link to comment
Share on other sites
prp17

prp17

Posted
Posted

If you do not have a backup of the original EFS key, you're out of luck. EFS keys are randomly generated private/public key pairs; the files are encrypted using the public key, and the private key is what you need to decrypt those files.

When you first encrypt a file on a standalone XP system, you do not have a key pair. The system automatically generates one for you, and stores it in your user profile using the Protected Storage subsystem. With XP, the key is additionally encrypted using a derivative of your login password, which is why resetting the password renders the key useless. (Changing your password via Ctrl-Alt-Del re-encrypts your EFS keys using your new password, so you don't lose them.)

The only way you will be able to recover your files is to find a backup of the EFS key. If you backed up your OS drive before you reformatted it, you can restore the old backup, log in and decrypt the files.

To create a recovery agent so that you can recover your files should you need to reformat the system drive in the future:

1. At a command prompt, enter "cipher /r:c:\efs"

2. Choose and enter a password to protect the key when prompted.

3. This will create two files: c:\efs.cer and c:\efs.pfx.

4. efs.pfx is your private key for file recovery. Back this up to a floppy or CD and put it somewhere safe. (You'd be better off to make more than one copy and put them in different places.)

5. efs.cer is the public key. Once installed as a recovery agent, all files encrypted on the machine will be readable using the matching private key.

6. To install the key as a recovery agent, first type "start secpol.msc" from a command prompt.

7. In the window that opens, find "Security Settings\Public Key Policies\Encrypting File System" in the tree. Select Add Data Recovery Agent from the Action menu.

8. Browse for and select C:\efs.cer.

9. Click thru the rest of the wizard to complete the installation.

Note that any files encrypted prior to installing the recovery agent key CANNOT be decrypted with the recovery key. You will need to decrypt and re-encrypt those files for the recovery key to work with them. In particular, this procedure won't help you recover the files you've already lost the key for. But it will enable you to use the encryption feature without worrying about this problem in the future.

Should you need to recover files created with the recovery agent installed, simply import the efs.pfx certificate into the Current User/Personal certificate store. (You can start the import process by simply double-clicking the .pfx file.)

Once you've set up the recovery key, be sure to remove efs.pfx from your system and keep it locked away, or the encryption is quite useless. Also, be sure to use strong passwords for windows login; if you use a weak password, it's easier for someone to bypass EFS by guessing it.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...