01 Aug 2009 @ 4:21 PM 

wm6 storage card encryption Windows Mobile 6 Encryption feature = Double edges’ sword? I work in a world known brand’s official service center in my country. A couple of days ago, my coworker told me that our partner in Celebes Island is in trouble. They could not restore a backup they made from a customer’s Windows Mobile phone. This backup contains contact numbers, messages, tasks, appointments, etc. There is no error when they did the backup process. But somehow it refuse to be restored after the phone got reflashed. Oops…

So this coworker of mine asked them to send the backup file. So they sent it. The first time he saw the file, he knew that there’s something wrong in this file. The extension is .menc instead of .pib since this backup was made with PIMbackup, an application to backup phonebook, messages, tasks, etc for Windows Mobile phones. So he asked me, “Do you know anything about files with .menc extension?”. I replied, “Nope. Never bumped into any.” So do him some favor browsing the internet finding some informations about this .menc file.

I bumped into a forum with a member asking the same thing I’m trying to find out. Someone replied saying that this file is encrypted, and is only able to be opened in the original phone where the file has been created. But in our partner’s case, they tried to restore the file in the original phone where they did a backup. Why is it failed? Well… This member also put a link in his/her reply. This link landed on a Windows Mobile 6 Storage Card Encryption FAQ, and this is where I find out the answer. I’ll quote part of them here.

Where are the encryption keys stored?

The DPAPI master key is currently stored on the internal flash. It’s unreadable by untrusted applications.

What’s with the MENC extension?

The files are stored on disk with a MENC extension – this lets the encryption filter know quickly which files are encrypted and if they match the key on the device. If you put the storage card in a desktop card reader, or put it in another device, you will see that the files have a MENC extension. The point of the extension is that you can’t read those files, so the extension makes it harder for you to try to load those files into an application that won’t be able to read them anyway. We also were able to associate a lock icon with the extension to add an additional hint.

If the encryption filter on the device is able to read and decrypt the files, it hides the MENC extension so the file looks like normal.

What’s the 7726325a in test.txt.7726325a.menc?

The random data there is part of a GUID that is generated for decryption keys on the device. That GUID lets the encryption filter know at a glance whether or not it will be able to decrypt a given file. For files where the GUID matches, the filter will strip the GUID.MENC extension off of the file and show it to the operating system as the original filename. You can edit the filename on disk to change the GUID of a file so that the encryption filter thinks it can decrypt it, but when the file is actually opened the encryption filter won’t be able to decrypt it and you’ll get an error.

My files were encrypted and I lost my phone or hard reset it. Can Microsoft help me recover the files?

No, the keys are lost and the files cannot be recovered.

So this backup file is encrypted. Because when they create this backup file with PIMbackup, the encryption settings was turned on. And since this encryption keys are stored on the internal flash (which is already reflashed in my partner’s case), it’s replaced with a new one. Thus, the encrypted file in the storage card cannot be decrypted again. The storage card will “think” that it has been stolen and inserted into other cell phone.

This encryption feature was designed to secure the informations inside the storage card, so when the card is stolen, or lost, other people who found it cannot extracts any information from it. But when people don’t know the fact that the encryption key is located inside the internal flash, and it’s going to be replaced when the phone got reflashed, this feature will only bring suffer to the information owner. The information is locked forever.

To avoid headache caused by this problem, is simply by turning off the encryption setting before making a backup of your contacts, messages, etc and get it reflashed / repaired. After the phone has been repaired, you can turn it on again if you wish so.

Posted By: LiveDeviL
Last Edit: 01 Aug 2009 @ 04:24 PM



Responses to this post » (One Total)

  1. [...] Windows Mobile 6 Encryption feature = Double edges’ sword? ? LiveDeviL's Lab. __________________ bet online sites de [...]

Post a Comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>


 Last 50 Posts
Change Theme...
  • Users » 1
  • Posts/Pages » 30
  • Comments » 124
Change Theme...
  • VoidVoid « Default
  • LifeLife
  • EarthEarth
  • WindWind
  • WaterWater
  • FireFire
  • LightLight