Self Extracting Encrypted Archive

  • I was hasty creating a self extracting encrypted archive at one point. I may not be able to get to the original files. The file size is over 4GB and Windows XP indicates that it is not a valid format. Is there a way to manually access this file of course assuming one supplies the correct password?

    I did try to rename the extension to .pae but PA gives a message about unknown encryption method.

  • Hi Atmoverse

    1st thing you need to do is atempt to fix the file in order for PA to recognise the format/encryption once you have done that then try entering the apparent password.

    However, on the chance the algorithm’s have been damaged due to a “hasty” creation or another reason then unfortunatly the bad news is it will be difficult and pritty much impossible to know where to start.

    ie… the container code which instructs applications such as pa on how to read the data or the encryption method.

    Hope you do find a way and if so let us know.

    “Good Luck”

  • What do you mean by fix? THe only option i find relating to that is to fix a zip file. This is an encrypted, self extracting executable.

  • Sometimes you can fix a self extracting file via windows notepad as I have in the past. But most the time if the file is badly currupt then its a no win situation.

    Unfortunetely, the fix function in PA wont work on such a file.

  • conexware

    we will see - you might be able to strip the .exe header, if that is possible. As you know by now, windows file system limit for executable files is 4GB.

    Did you try opening the archive in PowerArchiver?

  • Tried Hex editing the beginning of the file with some test files but was not successful. These were about 4MB. When I renamed the file from *.exe to *.pae it seems to see the file within PA but gives a message about unknown encryption method. I was going to try adding the name of the encryption method similar to a normal .PAE file.

  • conexware

    did you simply try opening .exe file with PA? I am not sure if that was ever added

  • The way the information is encoded seems different so no go there for now though the SHA-1 hash for the password is the same.

  • I got it with a smaller test file.
    Use the part from a .pae file using the same encryption method and password. The file name matters not. Take the beginning of the .PAE file including the seemingly blank space “0D0A0D0A”. I was leaving this as “00000000” originally. Add the part starting with SHA-1 from the .EXE file and save the combined as a .PAE file and voila. I’ll have to try the larger file later tonight. Heading over to visit family and watch President Bush on Deal or No Deal.

  • @Atmoverse:

    I Heading over to visit family and watch President Bush on Deal or No Deal.

    Now that will be good Entertainment! :D

  • :) He had pre-recorded a message for a soldier that had been on three tours through Iraq. The guy won $78K.

    Now back to our regular programming:

    What one has to do assuming one knows the password:
    1. Create a “.PAE” file with the same encryption method. The password HASH from the executable file matters. Even using the same password, the hashes can differ and PA would think it is the wrong password.
    2. Take the header of the “.PAE” file ending at the end of "SHA-1 ". The space is “20” in hex. Copy this into the beginning of the executable file.
    3. Cut/Delete the portion after the newly pasted "SHA-1 " up until the end of the "SHA-1 " the was originally in the “.EXE” file.
    4. Erase all but 4 bytes of emtpy space “00000000” after the hash in the “.EXE” file.
    5. Rewrite the remaining 4 bytes of empty space to “0D0A0D0A”. “0D0A” is used as a separator.
    6. Save the file as “something.pae”.

    The name indicated in the beginning of the file does not matter though it will become the name of the decrypted file.

    I used HxD Hex Editor which can handle files larger than 4GB. Not all hex editors can.

  • conexware

    good, good… I am glad you figured it out.


  • Is it possible to have PA warn the user when the file size may go above 4GB for an executable? That way they will be made aware that there may be an issue for them?

Log in to reply