Loading

Corrupt files after uploading

Get help with problems, or report & discuss bugs in Collabtive

Re: Corrupt files after uploading

Postby Philipp » 17.10.2014, 12:40

When you upgrade from Collabtive 1.2 to 2.0, running update.php will encrypt existing files.

I have tested this again (uploading in 1.2 and updating to 2.0) , and could not reproduce any issue with the file encryption.
I am sorry for your trouble.
User avatar
Philipp
Site Admin
 
Posts: 1118
Joined: 14.12.2007, 03:06
Location: Saarbrücken, germany

Re: Corrupt files after uploading

Postby Remiguel » 17.10.2014, 13:51

Analyzing the code, previews upload files are encrypt with a random password during the update process while migrating from 1.2 to 2.0.
This password is saved in the database. If the update fail and user update a second time, a new random password is created and saved in the same database table under "filePass". I found 8 passwords saved :(
By file decrypting, password is fetched from the DB, but only the first occurrence is picked up :roll:

Does it possible that a file has been encrypted 8 times?
How could I check how many time the files has been encrypted.
Does it make sense to apply my files all passwords, one after the other (in a loop) to fully decrypt them?
Remiguel
 
Posts: 96
Joined: 10.06.2014, 09:34
Location: Spain / France

Re: Corrupt files after uploading

Postby some person » 18.10.2014, 01:37

Remiguel wrote:Analyzing the code, previews upload files are encrypt with a random password during the update process while migrating from 1.2 to 2.0.
This password is saved in the database. If the update fail and user update a second time, a new random password is created and saved in the same database table under "filePass". I found 8 passwords saved :(
By file decrypting, password is fetched from the DB, but only the first occurrence is picked up :roll:

Does it possible that a file has been encrypted 8 times?
How could I check how many time the files has been encrypted.
Does it make sense to apply my files all passwords, one after the other (in a loop) to fully decrypt them?

Quickly looking at the update.php code it looks like that on each run of update.php it will encrypt all the files.

If you ran the update.php page multiple times then, from the looks of it, your files were encrypted multiple times.

The only way I can see for you to get your files back is to make a loop that runs through each of the passwords.

You are going to have to save the file on each password decryption, and then rerun the decryption again with the next password.
some person
 
Posts: 439
Joined: 16.04.2011, 12:46

Re: Corrupt files after uploading

Postby Philipp » 18.10.2014, 01:53

I agree with some person. Also it is important to cycle through the passwords in the right order.

I will add a check to the updater, so this can not happen in the future.
Again, i am sorry for your trouble.
User avatar
Philipp
Site Admin
 
Posts: 1118
Joined: 14.12.2007, 03:06
Location: Saarbrücken, germany

Re: Corrupt files after uploading

Postby Remiguel » 20.10.2014, 09:17

some person wrote:Quickly looking at the update.php code it looks like that on each run of update.php it will encrypt all the files.
If you ran the update.php page multiple times then, from the looks of it, your files were encrypted multiple times.
The only way I can see for you to get your files back is to make a loop that runs through each of the passwords.
You are going to have to save the file on each password decryption, and then rerun the decryption again with the next password.


Thank you some person to confirm my suspicion. On Friday I started to write a php script to decrypt files with the possible 8 passwords I found ;) .
I will post the code, as soon I get it working.

For those with this problem, please keep safe the setting table where passwords are saved

Philipp wrote:I agree with some person. Also it is important to cycle through the passwords in the right order.
I will add a check to the updater, so this can not happen in the future.


Thank you Philipp to modify the updater to avoid this issue or to add a warning text when update.php is used :) .
Remiguel
 
Posts: 96
Joined: 10.06.2014, 09:34
Location: Spain / France

Re: Corrupt files after uploading

Postby Remiguel » 20.10.2014, 12:56

Ok I have a working script. I have modify the downloadfile function in "managefile.php" to make my tests.
As pointed out by Philipp, passwords have to be applied, from the last created to the first created one.

To simplify the code and save time, I have also slightly modified the decrypt function and named it decryptPFile

downloadfile function modified:
Code: Select all
elseif($action == "downloadfile")
{
   if (!$userpermissions["files"]["view"]) {
      $errtxt = $langfile["nopermission"];
      $noperm = $langfile["accessdenied"];
      $template->assign("errortext", "$errtxt<br>$noperm");
      $template->display("error.tpl");
      die();
   }

   //get the file ID.
   $fileId = getArrayVal($_GET,"file");
   $thefile = $myfile->getFile($fileId);

   //getFile path and filesize
   $filePath = $thefile["datei"];
   $fsize =  filesize($filePath);

   //Send HTTP headers for dowonload
   header('Content-Description: File Transfer');
   header('Content-Type: application/octet-stream');
   header('Content-Disposition: attachment; filename="'.basename($filePath).'"');
   header('Content-Transfer-Encoding: binary');
   header('Connection: Keep-Alive');
   header('Expires: 0');
   header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
   header('Pragma: public');
   header("Content-length: $fsize");
   //Try to decrypt the file
   //$plaintext = $myfile->decryptFile($filePath, $settings["filePass"]);

// please replace each pass with your passwords (from db)
$list = array('pass8','pass7','pass6','pass5','pass4','pass3','pass2','pass1');
// loop to decrypt with the n pass
$test = file_get_contents($filePath);
$flag = false; // test flag
foreach ($list as $contrasena) {
   $plaintext = $myfile->decryptPFile($test, $contrasena); // call the duplicated function with the modification
      if($plaintext) {
         $test = $plaintext;
         $good = $plaintext; // save as decrypt
         $flag = true; // indicator that the file has been decrypted once
      } else {
         if ($flag == false) {
         $test = file_get_contents($filePath); // will use the original file
         } else {
         $test = $good; // will use the last good decrypted file
         }
      }
}
   if(!$plaintext){
      if($good){
         $plaintext = $good;
         } else {
         $plaintext = file_get_contents($filePath); // line added, to work also with no encrypted files
         }      
   }
   //Render the content
   echo $plaintext;
}


Modification of decryptFile to create decryptPFile

decryptFile
Code: Select all
$ciphertext = file_get_contents($filename);


decryptPFile
Code: Select all
$ciphertext = $filename;


Now in the updater (update.php), I have to use this same method to decrypt all my files and encrypt them again, with only the last password or a new one.
Hope this code will help those with the same problem :P
Last edited by Remiguel on 18.05.2016, 17:09, edited 6 times in total.
Remiguel
 
Posts: 96
Joined: 10.06.2014, 09:34
Location: Spain / France

Re: Corrupt files after uploading

Postby Eva » 20.10.2014, 21:37

It's fascinating to see that your octuple decryptor actually works. ^^

In general we encourage everyone to backup their files before starting an update.
Project Management the way you like it: Collaborative - Open Source - Free

facebook.com/Collabtive
twitter.com/Collabtive
xing.com/companies/collabtive
linkedin.com/company/collabtive
User avatar
Eva
 
Posts: 1471
Joined: 01.01.2008, 23:31
Location: Saarbrücken, Germany

Re: Corrupt files after uploading

Postby Remiguel » 21.10.2014, 12:10

Yes indeed it's fascinating that works, in total transparency for end users.
We backup all, before the update. Unfortunately this problem has been raised by our users too late and many files were uploaded afterward.
We've got files 8 times encrypted other maybe 3 or 4 times and the last files only one time.
As soon I have the script, to mass-decrypt all our files, I will clean up all this mess :D

Just edit my code to work with no encrypted files as well ;)

Code: Select all
if(!$plaintext){
      if($good){
         $plaintext = $good; // last good decrypted stream
         } else {
         $plaintext = file_get_contents($filePath); // no encrypted stream
         }      
   }
Last edited by Remiguel on 22.10.2014, 18:48, edited 2 times in total.
Remiguel
 
Posts: 96
Joined: 10.06.2014, 09:34
Location: Spain / France

Re: Corrupt files after uploading

Postby Remiguel » 22.10.2014, 18:41

I have tested a new code to decrypt all my files at once.
In my case, since we have a huge numbers of files on the server, I preferred running the script, project by project.

Use this code with caution, unlike the previous code, files on server will be modified.
Backup your files before running this code. Test the code on one project folder first.

Here the php code (save the code in a file, eg. extra.php)

Code: Select all
<?php
require("./init.php");
$path = "./include/phpseclib";
set_include_path(get_include_path() . PATH_SEPARATOR . $path);

$filesList = $conn->query("SELECT * FROM `files` WHERE `project` = 28")->fetchAll(); // line to fetch one project
//$filesList = $conn->query("SELECT * FROM `files`")->fetchAll(); // fetch all project of the database
$myfile = new datei();

foreach($filesList as $file){

   $tmpFile = CL_ROOT . "/" . $file["datei"];
   $list = array('pass8','pass7','pass6','pass5','pass4','pass3','pass2','pass1');
   $test = file_get_contents($tmpFile);
   $flag = false;
   $good = ""; // clear stream at every loop
        // loop to decrypt with the 8 pass
   foreach ($list as $contrasena) {
   $plaintext = $myfile->decryptPFile($test, $contrasena);
      if($plaintext) {
         $test = $plaintext;
         $good = $plaintext;
         $flag = true;
      } else {
         if ($flag == false) {
         $test = file_get_contents($tmpFile);
         } else {
         $test = $good;
         }
      }   
   }
   
   //will leave the file as it is, if no decryption has occurred
   if(!$plaintext){
      if($good){
         file_put_contents($tmpFile,$good);      
         }
   } else {
   file_put_contents($tmpFile,$plaintext);
   }

}

?>


All files will be decrypted on the server. You can now run update.php, to encrypt them with one unique password. Check the database to be sure to leave only the last password under "filePass"
Remiguel
 
Posts: 96
Joined: 10.06.2014, 09:34
Location: Spain / France

Re: Corrupt files after uploading

Postby davidgarcia0001 » 25.10.2014, 03:48

I have the same problem. Unfortunately I am not skilled enough to fix the encryption problem. Any help would be appreciated.

Thanks
David
davidgarcia0001
 
Posts: 16
Joined: 10.03.2013, 03:48

PreviousNext

Return to Problems and Bugs

Who is online

Users browsing this forum: Bing [Bot]

cron