Apr 07, 2020 07:00:00

What was in the file requested to open encrypted files even if you paid over 10 million yen?

Mike Stay, who has worked as a crypto analyst at

AccessData , which provides tools and services such as e-discovery and searching for legal evidence of crime from data on a computer, said in October 2019, I received a message from a Russian man requesting to analyze encrypted files at LinkedIn , the subject's SNS. Mr. Stay says on his blog what was included in the file that the man asked for analysis and what he did to analyze the file

How we recovered over $ 300K of Bitcoin | reperiendi
https://reperiendi.wordpress.com/2020/04/03/how-i-recovered-over-300k-of-bitcoin/

The client requested that Mr. Stay read a paper on encryption of ZIP files written in 2001 (PDF file) in 2001, and therefore asked Mr. Stay to analyze the code.

He heard the details from the man and found that although there were only two files to be analyzed, the expected cryptographic key pattern was about 100 tongues (10 to the 22nd power). Mr. Stay determined that a lot of processing time and money was required, and told the man that 'analysis would take about a year and cost about $ 100,000.'

Mr. Stay said he would give up on the man, but the reply from the man was 'I want to pay $ 100,000 and analyze the file.' Mr. Stay was quite surprised at the reply.

According to the client's man, around January 2016, the man purchased bitcoin worth about $ 15,000 (about 1.64 million yen) and put a password to trade bitcoin in an encrypted ZIP file Was. It seems that the bitcoin purchased by men was worth more than $ 300,000 (about 32.76 million yen) as of 2019 when the man asked Mr. Stay. However, because men forgot the password to decrypt the ZIP file, they could not trade Bitcoin.

Fortunately, the man had a laptop with the ZIP file encrypted and remembered exactly when the ZIP file was encrypted. The timestamp provided clues for guessing the encryption of the ZIP file, so he was able to save a lot of time.

In addition, since Mr. Stay had written about 19 years since he wrote the paper, he noticed that he had made a calculation error when estimating the time it took to analyze the cryptography.

After re-reading the paper he wrote many times, Stay rewrote the analysis code and analyzed the code on a male laptop. There are some bugs, they took about two weeks to fix, and finally ran the code to find the right key within a day. The client's man was very happy that the password removal, which was initially said to take over a year, was completed in about two weeks, and said he paid a large bonus to Mr. Stay.