AES Crypt Error message: Message has been altered and shou

Discussion related to AES Crypt, the file encryption software for Windows, Linux, Mac, and Java.
minikus
Posts: 2
Joined: Tue Jul 26, 2011 11:30 pm

AES Crypt Error message: Message has been altered and shou

Post by minikus »

Hi there
I am new to this forum so I would like to say hello to everyone.

I am using Aes Crypt for some time and I am very pleased with it, but yesterday I couldn't decrypt a file. At the end of decryption process I got the error message: "Error in the file xxxxxxxxx.aes. Message has been altered and should not be trusted." After pressing ok the decrypted file is automatically deleted. The file is big 1.3GB and it is RAR archive. I am using Win7 64 bit. I tried to decrypt the file on other computer but still get the same message. Any idea what can be wrong?
Thanks
User avatar
paulej
Posts: 595
Joined: Sun Aug 23, 2009 7:32 pm
Location: Research Triangle Park, NC, USA
Contact:

Re: AES Crypt Error message: Message has been altered and sh

Post by paulej »

This error message means that the file has been corrupted. AES Crypt not only encrypts the file, but it also produces something called a "Message Authentication Code" (MAC) and appends that to the end of the file. If the MAC does not validate correctly, then AES Crypt assumes the file has been altered in some way. Assuming there isn't a bug in AES Crypt (and I've never heard of an error in this logic), then the file has been altered in some way. It might be a small alteration, such as adding some padding bytes to the end during a file transfer (unusual anymore, but common decades ago with old file transfer protocols), or perhaps major corruption due to errors on a drive, uploading via FTP and using the ASCII mode rather than binary, etc.

Given that I've never seen a false error in this area, I suspect the file is corrupt. To what extent, though, it's impossible to tell.

Paul
minikus
Posts: 2
Joined: Tue Jul 26, 2011 11:30 pm

Re: AES Crypt Error message: Message has been altered and sh

Post by minikus »

Thanks Paul

I have done some tests using different hdd. It seams that one of my hdd(brand new) has the problem with writing data. It fully confirms what you have said.

The decrypted file is automatically deleted after errors are found. I was able to save the file by closing the AES Crypt app from task manager before pressing ok on error message window. Is there any other way to save the decrypted file when it contains errors?
User avatar
paulej
Posts: 595
Joined: Sun Aug 23, 2009 7:32 pm
Location: Research Triangle Park, NC, USA
Contact:

Re: AES Crypt Error message: Message has been altered and sh

Post by paulej »

There isn't by default. If you modify the source code, of course it's doable. The program is written intentionally to delete the files since they are not supposed to be trusted.
CuriousChris
Posts: 3
Joined: Thu Jul 15, 2021 2:52 am

Re: AES Crypt Error message: Message has been altered and shou

Post by CuriousChris »

Hi, this is a very old thread but I just had the same error message on a 6Gb encrypt of a zip file.

I used the trick mentioned by the OP, namely of killing explorer instead of hitting the OK button, I needed to kill the top-level explorer task rather than the sub-task of the error message or the decrypt (and then had to restart the explorer process manually to get my start menu back !), and that did the trick. Killing just the AESCrypt task or the error still deleted the file.

The zip file it left was openable, with a message saying the header was corrupt but the content seemed to be complete.

I've not tried to alter the encrypted file manually, it was created about 3 weeks ago, copied to an external HDD, then yesterday copied back to local disk and unencrypted, I guess a bit or two got flipped somewhere along the way, fair enough.

If somebody finds themselves in this position, they're unlikely to decide they didn't want to get at the content anyway, they'll be waiting to at least end up with whatever can be recovered. Obviously it's good to tell the user that there was a problem and that they might not get all of what was originally encrypted or even that it may have been tampered with intentionally, but to delete the resulting file seems like exactly what the user wouldn't want.

Having noticed it's open source and with me looking for a little project to do I think I'll see about doing just that, I'll post back here if I get anywhere.
User avatar
paulej
Posts: 595
Joined: Sun Aug 23, 2009 7:32 pm
Location: Research Triangle Park, NC, USA
Contact:

Re: AES Crypt Error message: Message has been altered and shou

Post by paulej »

Sorry you had that issue. The simplest solution to this is to use the command line version and direct output to stdout (-) and direct it to a file. For example:

Code: Select all

aescrypt -d -p foo -o - file.doc.aes >file.doc
I didn't check the code to see if that last block is written, but I can look. If you want to change the code to just not delete the file on error, that's trivial, especially for the command line version. The GUI is messier to build and register.

I should add that the error is valid. Such errors mean the file is damaged in some way.
CuriousChris
Posts: 3
Joined: Thu Jul 15, 2021 2:52 am

Re: AES Crypt Error message: Message has been altered and shou

Post by CuriousChris »

Thanks Paul, good tip re command line, I use your software to crunch lots of little files here and there which contain login credentials and the like so it's really handy for me used via the explorer shell rather than opening a console to do it.

I have a handcrafted Powershell backup system that variously zips and encrypts a whole raft of files and folders and throws them out to various places, the 6Gb file that brought me there was created by that and I needed to dig an old SQL backup out of it yesterday, happily all was fine despite something untoward having happened to the file in the 3 weeks since I encrypted it.

I have 3 generations so probably had a good version somewhere but it was more fun this way, and a great excuse for me to get my hands on C++ again for the first time in over 30 years, even with a trivial change, so I hope it's OK with you guys but I took the liberty of having a bash myself.

I added a splinter version of v310, arguably a hack as it doesn't even have setup or proxy/stub projects, to GitHub at;

https://github.com/silentdiverchris/AESCrypt_v310_DDOF

That does the trick for me, my 6Gb .aes file now gives me a warning as you rightly say is absolutely necessary but leaves the guilty output file as-is.

https://github.com/silentdiverchris/AES ... essage.png
Last edited by CuriousChris on Thu Jul 15, 2021 7:15 am, edited 1 time in total.
User avatar
paulej
Posts: 595
Joined: Sun Aug 23, 2009 7:32 pm
Location: Research Triangle Park, NC, USA
Contact:

Re: AES Crypt Error message: Message has been altered and shou

Post by paulej »

I checked the source and, indeed, the call to remove the file happens only after the decrypt_stream() call is made to decrypt the file and an error value is returned. So, the approach I suggested would work to get around the unwanted delete on failure. I'd suggest that as opposed to changing the code. There's a good reason for removing the file (since it's truly wrong). What isn't known in these cases is whether it is wrong because the password is incorrect or the file is corrupt. It is possible to know, though, since there are two HMACs and the first would indicate whether the proper key was provided. I just didn't bother, since a corrupt file is a broken file. I understand why there are cases where you'd want to get around that issue, but I'd use the trick I suggest. I just worry about ignoring this error in the general case.

What concerns me is the fact that the file was corrupt in the first place. I sure hope it wasn't AES Crypt that produced the corrupt file! Do you have any idea how it might have gotten corrupted? I've been using AES Crypt for years (and it's a part of my automated backup solution) and I've never seen corrupt output.
CuriousChris
Posts: 3
Joined: Thu Jul 15, 2021 2:52 am

Re: AES Crypt Error message: Message has been altered and shou

Post by CuriousChris »

TL;DR - read next message instead.

>It is possible to know, though, since there are two HMACs and the first would indicate whether the proper key was provided.
Ah, good idea to have 2 levels, nice bit of design there. In my case the password is definitely OK as the output file, post error message is readable, it's actually an encrypted rar (I said zip before, it's actually a rar). The file/folder names are also encrypted but it opens successfully and shows the directory structure, albeit with a 'the header is corrupt' message which might imply the problem was at the the end of the file, or not, but it then extracts the structure and content. I didn't do any kind of serious check for completeness but if the AES password was wrong then surely I'd just get gobbledygook, it'd be deeply worrying otherwise :).

>I just worry about ignoring this error in the general case.
I'm certainly not ignoring the error, valuable info to know the file got changed somehow after encryption and makes me happy I keep generations and copies on other drives and cloud storage but I still wanted to see what could be recovered, and in this case couldn't find anything obviously missing. Of course if a bit or two got flipped in a piece of source or something it wouldn't be obvious anyway but presumably rar extract would give an error when a file checksum looked wonky, if it checksums at the file level anyway.

>What concerns me is the fact that the file was corrupt in the first place. I sure hope it wasn't AES Crypt that produced the corrupt file!
I really don't think it can be AES, a bug like that would have come out years ago surely, I'm not doing anything unusual with it.

AESCrypt command was of the form;

Code: Select all

$CommandText = "C:\Program Files\AESCrypt_console_v310_x64\aescrypt.exe"
$Arguments = @('-e', "-p" + $Password, "-o" + $AESFileName, $FileName)
The 6Gb file it happened to was created as an encrypted rar on a local drive, AESCrypt'd, then RoboCopy'd to an external USB drive (I checked the date, 20th June, I thought it was longer ago), then the other day I copied it back with File Explorer to local to dig out an old SQL backup. As impossible as it seems, I guess it must have happened during the copy back and forth... applying the old Sherlock Holmes maxim of once you have eliminated the impossible seems to leave no possibilities !

Would a hex dump of the first or last X bytes of the AES file be of any use ?

I can also check other copies of the same file from another archive, I'm downloading a cloud version of it right now but it's coming slowly, will report back later.

The wisdom of the 2-level AES encrypt of an encrypted rar may be questionable, not really my area of expertise ! - perhaps there are predictable patterns in the zip header that might make brute-force cracking the AES take a decade less than usual or whatever but in the end it's just my source code, not the recipe for coca cola so it's fine - the reason I AES the file is because I upload backups to cloud storage too, and figure AES is stronger than a plain rar but haven't really investigated, that's off topic though !
Last edited by CuriousChris on Fri Jul 16, 2021 6:41 am, edited 5 times in total.
CuriousChris
Posts: 3
Joined: Thu Jul 15, 2021 2:52 am

Re: AES Crypt Error message: Message has been altered and shou

Post by CuriousChris »

Solution / answer

OK, I got a copy of the same .aes file from cloud storage, which decrypts just fine, and recopied the duff one from the external drive and set UltraCompare a heavy task to spot the differences - turns out not to be too complicated, they are identical from byte 0 to the byte before 1C90 0000 (a curiously exact displacement there!) / 450Mb-ish then after that the duff file is all zero bytes to the end - which is most of it, my 'looks OK to me' was perhaps a tad optimistic but I got the .bak I needed from it anyway !

With both copies from the external drive being duff and the cloud one being OK, this completely exonerates AESCrypt and points the finger firmly at the RoboCopy from local to external disk - the cloud one uploads from the local drive not the external copy, so that makes sense.

That's scary of course but takes it out of the scope of this forum, my PS script doesn't check the ERRORLEVEL from RoboCopy so mea culpa. I think that's my next step, and/or maybe using Get-FileHash to do an actual compare, the backup process isn't in a big hurry, so it's rude not to really.

Thanks for your help, certainly no bug to fix for you guys. I would argue that if you're updating the code for some other reason anyway then it'd be nice to offer the user the option to keep the output file after a loud and clear warning, but the workarounds do the job just fine anyway for the intrepid user :)

Cheers again for such a useful utility.

Tell me if the diff report or a hex dump or anything would be any use, I'll keep the working data/duff file for a day or two though I'm sure you can reproduce a tampered with / corrupted file easily if you wanted to anyway.
Post Reply