**Questions:**
* Which AES algorithm mode is used in 7z? (Is it
ECB, CBC, CFB, OFB, or CTR?)
* When executing the command 7z a ArchiveName SomeDir -p, how does 7z perform encryption? Does it treat all data as a single solid file, or does it encrypt files individually, or maybe it creates blocks of a specific size for encryption?
* If 7z uses data-blocks, how are these blocks created and what is their size?
* How does 7z validate a password during decryption? Like, when it displays ERROR: Wrong password?, how does it deduce that the password is incorrect? Does it add certain headers before encryption or something?
* Does 7z arrange files in alphabetical order for encryption/archiving when using the command 7z a ArchiveName SomeDir -p?
**Motivation:**
I managed to recover a deleted 7z archive (see this question for more details). The archive was password-protected and contained 17 sub-archives, all in 7z format. I managed to decrypt and extract 14 of them, but three of them remain inaccessible (_one of these three "B.7z" is 90% decrypted/decompressed but lacks the final block, including file names and sizes_). I guess the data-blocks (?) for these files may be corrupted. Here are some additional details about the archive:
7-Zip 16.02 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-21
p7zip Version 16.02 (locale=en_US.UTF-8,Utf16=on,HugeFiles=on,64 bits,8 CPUs Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz (806EA),ASM,AES-NI)
Scanning the drive for archives:
1 file, 125245022698 bytes (117 GiB)
Listing archive: Archive.7z
--
Path = Archive.7z
Type = 7z
Physical Size = 125245022698
Headers Size = 890
Method = LZMA2:24 7zAES
Solid = -
Blocks = 17
Date Time Attr Size Compressed Name
------------------- ----- ------------ ------------ ------------------------
2024-07-31 00:58:29 D.... 0 0 DirName
2023-12-19 05:09:59 ....A 709350805 709388448 DirName/A.7z
2024-07-31 00:01:33 ....A 1586475200 1586559392 DirName/B.7z
2024-02-16 05:23:20 ....A 5813424658 5813733152 DirName/C.7z
2023-11-14 21:52:41 ....A 25460362975 25461713984 DirName/D.7z
2023-11-14 22:19:30 ....A 1713616561 1713707504 DirName/E.7z
2023-12-19 03:45:36 ....A 10539749018 10540308304 DirName/F.7z
2023-12-27 05:36:51 ....A 3637788779 3637981824 DirName/G.7z
2024-02-27 04:20:54 ....A 2566526729 2566662928 DirName/H.7z
2024-03-21 04:59:37 ....A 1180988362 1181051040 DirName/I.7z
2024-03-19 06:42:05 ....A 3751427829 3751626896 DirName/J.7z
2023-08-28 13:37:06 ....A 22618868536 22620068768 DirName/K.7z
2024-01-28 16:44:37 ....A 2768329573 2768476480 DirName/L.7z
2023-09-26 03:42:19 ....A 12245436464 12246086256 DirName/M.7z
2023-09-07 07:34:45 ....A 8162568245 8163001392 DirName/N.7z
2024-02-24 04:26:55 ....A 3300729037 3300904192 DirName/O.7z
2024-03-27 03:32:53 ....A 4387445171 4387677984 DirName/P.7z
2023-07-02 06:10:47 ....A 14795288170 14796073264 DirName/Q.7z
------------------- ----- ------------ ------------ ------------------------
2024-07-31 00:58:29 125238376112 125245021808 17 files, 1 folders###########################
# ERRORS WHEN EXTRACTING:
###########################
ERROR: Data Error in encrypted file. Wrong password? : DirName/B.7z
ERROR: Data Error in encrypted file. Wrong password? : DirName/C.7z
ERROR: Data Error in encrypted file. Wrong password? : DirName/D.7z37 7a bc af 27 1c 00 04), and knowing the password allows us to calculate its SHA-256 value for AES, is it possible to implement a reverse approach to recover the damaged parts?
Also, if I am certain that the corruption is within the first 8 GB of the file, can I decrypt/decompress some segments of DirName/D.7z?
I would greatly appreciate any guidance on recovering the damaged sections. I apologize for the lengthy and detailed question, and I would also appreciate any references for further reading.
Asked by behrad
(31 rep)
Sep 5, 2024, 08:19 PM