Help with old Encryption Software

Networking/Security Forums -> Cryptographic Software and Hardware

Author: mackasLocation: Newcastle upon Tyne, England PostPosted: Wed May 13, 2009 10:19 am    Post subject: Help with old Encryption Software
    ----
I know itís a long shot but I'm hoping someone can answer a question about a very old product called 'Sophos D-Fence v2.01' which was current circa 1994. Despite its age and lack of official support, it is in regular use where I work.

We have a DOS PC that has this product installed, but unfortunately the boot sector has become damaged. My tests lead me to believe that the partition is intact and the data conceivably retrievable, but I cannot find a way of mounting the disk in any OS.

Is there a utility available, provided the decryption key is entered, that will allow the drive/partition to be mounted and read?

Many thanks for your time, any response will be much appreciated.

Author: Fire AntLocation: London PostPosted: Wed May 13, 2009 3:37 pm    Post subject:
    ----
mackas,

Is the DOS boot drive encrypted with this product? If so then you will have to speak to Sophos as Whole Disk Encryption products are very proprietary in their workings. If the software was installed on the DOS box and this isn't the case then first off, make a bit-by-bit copy of the disk so you can try to recover it.

Matt_s

Author: mackasLocation: Newcastle upon Tyne, England PostPosted: Wed May 13, 2009 3:57 pm    Post subject:
    ----
Hi Matt,

Not too sure about the inner workings of this product. Because of its ancient-ness (is that a word ??? ...) there's no information on the net that I can find. Even Sophos don't acknowledge its existence, if I didn't have a floppy disk with a Sophos label on it, I wouldn't even know they produced it.

I have tried contacting Sophos actually, but they rather quickly replied saying they couldn't help me. I bet there's someone there who does know about it because it's not on a list I was quickly fobbed off.

Anyway, as far as I can tell, the boot sector isn't encrypted - but that's not a fact. My take on the way it works is that an appropriate driver is loaded at boot and after that the disk encryption operates in the background seamlessly. The partition and data are obfuscated in such a way that standard tools see it as either damaged or non-existent. My fear is that the data is essentially there, but the critical part at the beginning of the drive is damaged beyond repair - making the whole thing like an un-open able safe.

One thing we're looking at trying is to copy the boot sector from another machine with the same config, then write the bits to damaged machine's boot sector. Maybe you have any thoughts on whether that's likely to work?

Either way, I know it's a long shot. I was hoping that I might find someone out there with knowledge of this product. I was also hoping I would win the euro millions last Friday. Smile

Cheers,
Mark

Author: Fire AntLocation: London PostPosted: Wed May 13, 2009 6:27 pm    Post subject:
    ----
Mark,

Well I did some digging and it looks like an ancestor of WDE. I managed to find some old links relating to the product:

http://www.infosec-associates.com/framework/encryption-products.html

What is the error message when booting? It might be worth repairing the boot sector but before doing it I would make sure you have a bit-by-bit image of the disk just in case.

Matt_s



Networking/Security Forums -> Cryptographic Software and Hardware


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group