Monday, February 27, 2012


Sharing information on the net has some risks associated with it. "..if you rear yourself against it, you shall fall, you shall be bruised, you shall be battered, you shall be flawed, you shall be smashed." Dickens, Bleak House (1853) Yet still, I would rather see more information and a healthy discussion or argument about the issue, than seeing nothing. I am glad to see more computer forensic blogs popping out, some of the are really great and some are just excellent. Periodically I get a chance to speak to a very knowledgeable people. These people have a lot to learn from, but they become algophobic of a very thought of putting snippets of their knowledge or ideas online.

Yes, there are risks if you haven't verified your information or your assumptions were wrong. You very well may end up in a situation like this snowman.

There might be some people out there showing off their "knowledge" without doing a thing themselves to contribute to Computer Forensic community. These people usually look and behave like this snowman :-)

Remember 'Star Thrower story' by Loren C. Eiseley where a young girl was at a beach full of washed after storm starfish. She was picking them up and throwing them back into the ocean. When she was told that she can't possibly make any difference bacuase there are thousands of them around, she picked up another one and said "Well, I made a difference to that one!".

Unfortunately I don't post often, simply because I am currently working in a country where computer forensics discipline is in its infancy and only one university recently launched a computer forensic course. There is a lot of work  in educating, training and explaining besides working the cases, which leaves me with a very little time for any research or blogging.

You cant say I am not trying though :-)

.. and yes, lots of snow around.

Friday, February 17, 2012

PFX – Personal inFormation eXchange

A password and PFX file are needed to open encrypted e-mail messages, whose content is enveloped and attached as smime.p7m. PRTK does a good job at cracking passwords, but some PFX files have different headers which PRTK would not recognise. Chilkat Python Modules come pretty handy in this situation. Modules come with a fully-functional 30-day trial and need to be purchased for use beyond this period or for commercial purposes. I wrote a script, which is based on one of the Chilkat module examples to allow a dictionary attack on PFX and p7m encrypted message. The code is quick and dirty, but gets the job done.
You will need your.p7m encrypted message, your.pfx file and a good ASCII formatted wordlist with .txt; .dic or .lst file extension.

A sample code is provided for illustrative purposes only and  "AS IS" without any warranties of any kind. :-) The code has not been thoroughly tested under all conditions, but should work fine if you know what 're you doing. Here is the LINK to it. It should work fine on Windows and maybe on Lin/Mac machines as well (some modifications may be needed). The script relies on Chilkat modules, which must be installed prior to running the script. Instructions are on pyPFX project home.