Recent

Author Topic: How to decrypt encrypted SQLite blob data?  (Read 2804 times)

laznewb

  • New Member
  • *
  • Posts: 20
How to decrypt encrypted SQLite blob data?
« on: February 23, 2020, 12:28:04 am »
Hi,

I have a database and there is a field of data that is encrypted using the CryptProtectData function. Once encrypted, the data is in binary format.

I tried to use the following functions I wrote (heavily bastardized from somebody's old Delphi source) to decrypt this data:

Code: Pascal  [Select][+][-]
  1. function BlobDataToHexStr(P: PByte; I: Integer): string;
  2. var
  3.   HexStr: string;
  4. begin
  5.   HexStr := '';
  6.   while (I > 0) do begin
  7.     Dec(I);
  8.     HexStr := HexStr + IntToHex(P^, 2);
  9.     Inc(P);
  10.   end;
  11.   Result := HexStr;
  12. end;
  13.  
  14. function DecryptData(sData: string): string;
  15. var
  16.   DataIn: DATA_BLOB;
  17.   DataOut: DATA_BLOB;
  18.   DataHash: string;
  19. begin
  20.   DataOut.cbData := 0;
  21.   DataOut.pbData := nil;
  22.  
  23.   DataIn.pbData := Pointer(WideString(sData));
  24.   DataIn.cbData := Length(sData) * SizeOf(WChar);
  25.  
  26.   CryptUnprotectData(@DataIn, nil, nil, nil, nil, CRYPTPROTECT_UI_FORBIDDEN, @DataOut);
  27.  
  28.   DataHash := BlobDataToHexStr(DataOut.pbData, DataOut.cbData);
  29.   Result := DataHash;
  30.  
  31.   LocalFree(Cardinal(DataOut.pbData));
  32.   LocalFree(Cardinal(DataIn.pbData));
  33. end;

I then called the DecryptData function with the following code:

Code: Pascal  [Select][+][-]
  1. while not Query.Eof do
  2. begin
  3.   sEncrData := 'Encrypted Data: ' + Query.FieldByName('data_value').AsString + #13#10;
  4.   sDecrData := 'Decrypted Data: ' + DecryptData(Query.FieldByName('data_value').AsString) +#13#10;
  5. End;

When I write sEncrData, as expected, data that looks like this is returned:

Quote
ÑŒz ÀOÂ—ë   0@ [etc.]

However, when I write sDecrData nothing is returned.

If somebody can shed any light on this, it would be very much appreciated!
« Last Edit: February 23, 2020, 12:38:52 am by laznewb »

Leledumbo

  • Hero Member
  • *****
  • Posts: 8746
  • Programming + Glam Metal + Tae Kwon Do = Me
Re: How to decrypt encrypted SQLite blob data?
« Reply #1 on: March 24, 2020, 10:33:37 pm »
You should check the return value of CryptUnprotectData, if that's false then everything you do on DataOut is useless. GetLastError may also tell why it returns false, could be parameter incompatibility (like different pOptionalEntropy structure when encrypting vs decrypting).

Bi0T1N

  • Jr. Member
  • **
  • Posts: 85
Re: How to decrypt encrypted SQLite blob data?
« Reply #2 on: March 25, 2020, 03:50:32 pm »
Your code does different kinds of implicit and explicit conversions (Binary -> String -> WideString -> Binary? -> String). This isn't recommended.
Better use AsBytes and work with the TByte array ;)

Maybe something like this with <inputencoding> refering to the encoding (ASCII, UTF8, ANSI, etc) of the string which was encrypted:
Code: Pascal  [Select][+][-]
  1.     while not Query.Eof do
  2.     begin
  3.       sEncrData := 'Encrypted Data: ' + Query.FieldByName('data_value').AsString + #13#10;
  4.       sDecrData := 'Decrypted Data: ' + DecryptData(Query.FieldByName('data_value').AsBytes) +#13#10;
  5.     End;

Code: Pascal  [Select][+][-]
  1.     function DecryptData(sData: TBytes): string;
  2.     var
  3.       DataIn: DATA_BLOB;
  4.       DataOut: DATA_BLOB;
  5.       DataHash: string;
  6.     begin
  7.       DataOut.cbData := 0;
  8.       DataOut.pbData := nil;
  9.      
  10.       DataIn.cbData := Length(sData);
  11.       DataIn.pbData := @sData[0];
  12.      
  13.       CryptUnprotectData(@DataIn, nil, nil, nil, nil, CRYPTPROTECT_UI_FORBIDDEN, @DataOut);
  14.      
  15.       Result := TEncoding.<inputencoding>.GetString(DataOut.pbData, 0, DataOut.cbData);
  16.      
  17.       LocalFree(Cardinal(DataOut.pbData));
  18.       LocalFree(Cardinal(DataIn.pbData));
  19.     end;
« Last Edit: March 25, 2020, 04:06:29 pm by Bi0T1N »

Zvoni

  • Hero Member
  • *****
  • Posts: 2319
Re: How to decrypt encrypted SQLite blob data?
« Reply #3 on: March 26, 2020, 09:59:57 am »
From https://docs.microsoft.com/en-us/windows/win32/api/dpapi/nf-dpapi-cryptprotectdata
Quote
The CryptProtectData function performs encryption on the data in a DATA_BLOB structure. Typically, only a user with the same logon credential as the user who encrypted the data can decrypt the data. In addition, the encryption and decryption usually must be done on the same computer. For information about exceptions, see Remarks.
Quote
pOptionalEntropy
A pointer to a DATA_BLOB structure that contains a password or other additional entropy used to encrypt the data. The DATA_BLOB structure used in the encryption phase must also be used in the decryption phase. This parameter can be set to NULL for no additional entropy. For information about protecting passwords, see Handling Passwords.
Quote
dwFlags
This parameter can be one of the following flags.
CRYPTPROTECT_LOCAL_MACHINE
   When this flag is set, it associates the data encrypted with the current computer instead of with an individual user. Any user on the computer on which CryptProtectData is called can use CryptUnprotectData to decrypt the data.
Do you meet those criteria?
One System to rule them all, One Code to find them,
One IDE to bring them all, and to the Framework bind them,
in the Land of Redmond, where the Windows lie
---------------------------------------------------------------------
Code is like a joke: If you have to explain it, it's bad

 

TinyPortal © 2005-2018