[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: encrypted SPSS .sav files

From: Ben Pfaff
Subject: Re: encrypted SPSS .sav files
Date: Sat, 26 Oct 2013 00:09:05 -0700
User-agent: Mutt/1.5.21 (2010-09-15)

On Fri, Oct 25, 2013 at 01:36:44PM -0700, Basti?n D?az wrote:
> Ben, I've modified the encrypted files in the repository PSPP-dev-utils. I 
> updated the folders "BDI-II", "demo" and "PSPP-examples".
> Inside, you will find a folder called "encrypted" with 3 sets of files (SAZ 
> and ZSAV files).
> The series keys are the following (without quotes):
> A series: "pspp"
> B series: "abc123"
> C series: "Abc123Dfg456"


I learned quite a bit on a first look here.  I'll say what I know, and
then I have a couple further requests for assistance at the end.

All of the files begin with the same 36 bytes:

00000000  1c 00 00 00 00 00 00 00  45 4e 43 52 59 50 54 45  |........ENCRYPTE|
00000010  44 53 41 56 15 00 00 00  00 00 00 00 00 00 00 00  |DSAV............|
00000020  00 00 00 00

All of the files that contain the same data are exactly the same size.
That tells me that there is (so far) no such thing as an encrypted
compressed file.  That might slightly simplify the implementation if I
can figure out the format.

All of the files' sizes, in bytes, are 4 greater than a multiple of 16.
That probably means that the files are compressed with a cipher that has
a block size of 16 bytes, which suggests AES.

It appears that the files that contain the same data, with the same
password, differ in either exactly 16 contiguous bytes (starting at
offset 132) or exactly 32 contiguous bytes (starting at offset 116) and
are otherwise byte-for-byte identical.  I guess that this means a few

        - It supports my guess of a 16-byte block size.

        - 116 and 133 are both 4 more than a multiple of 16, suggesting
          (as do the fixed-length 36-byte header and the file sizes)
          that each ciphertext block starts 4 bytes past a multiple of
          16 in the file.

        - Either ECB or CTR mode is likely in use.  This indicates weak
          cryptographic design, no decent cryptographer would have
          designed the file that way.  (That's good for me, it may make
          the work easier.)

          Actually it's very likely to be ECB mode, because I can see a
          number of ciphertext blocks repeated many times in the BDI II
          files.  (That's a terrible cryptographic design.  Whoever
          designed this flunked Crypto 101.)

Taking all this together, it suggests that the bytes that differ in the
encrypted files correspond to bytes found 36 bytes earlier in a
corresponding plaintext .sav file.  Looking at what appears at those
offsets in an ordinary .sav file, it includes the time at which the file
was saved:

00000050  28 00 00 00 00 00 00 00  00 00 59 40 30 34 20 4d  |(address@hidden M|
00000060  61 79 20 30 39 31 31 3a  30 30 3a 33 35 20 20 20  |ay 0911:00:35   |

which makes some sense: you obviously didn't save all those files within
a single second, so the time is different in each file.  But there's
still a little mystery, since that only accounts for 16 bytes changing,
not 32 bytes.  Maybe there's an additional offset so that the minute and
the second are in different ciphertext blocks.

So, here are some further requests:

    - Can you tell me the creation times as specifically as possible
      (down to the second, if you can), for each file, as recorded by
      the operating system?  If it's too much trouble to do that for all
      the files, then just for all the BDI files would give me almost as
      much information.

    - I see that there is some documentation for an ENCRYPTEDPW keyword
      on SAVE.  The documentation suggests that if you use a dialog box
      to save an encrypted file, but request pasting syntax instead of
      executing it, you get an encrypted password in the syntax.  Could
      you use this to generate the encrypted password for each password
      that you used, and show us the encrypted passwords?  If you paste
      syntax for the same password twice, is the encrypted password the
      same each time?

reply via email to

[Prev in Thread] Current Thread [Next in Thread]