I deleted your post because it appears to me as a fake case just to promote some software.
If I had a particular JPEG issue I would try
www.disktuna.com
which is not priced as high as USD 30,- for 30 days of use - the software you are referring to.
I have not used this software but would be willing to give it a try as its USD 30 for an unlimited time.
26.10.2022 20:25 recuperation
Repair damaged jpeg files from ransomware
Forum rules
When asking for technical support:
- Search for posts on the same topic before posting a new question.
- Give clear, specific information in the title of your post.
- Include as many details as you can, MOST POSTS WILL GET ONLY ONE OR TWO ANSWERS.
- Post a follow up with a "Thank you" or "This worked!"
- When you learn something, use that knowledge to HELP ANOTHER USER LATER.
Before posting, please read https://www.cgsecurity.org/testdisk.pdf
When asking for technical support:
- Search for posts on the same topic before posting a new question.
- Give clear, specific information in the title of your post.
- Include as many details as you can, MOST POSTS WILL GET ONLY ONE OR TWO ANSWERS.
- Post a follow up with a "Thank you" or "This worked!"
- When you learn something, use that knowledge to HELP ANOTHER USER LATER.
Before posting, please read https://www.cgsecurity.org/testdisk.pdf
-
- Posts: 2737
- Joined: 04 Jan 2019, 09:48
- Location: Hannover, Deutschland (Germany, Allemagne)
Re: Repair damaged jpeg files from ransomware
I did not find this file type in the list of suported files:
https://www.cgsecurity.org/wiki/File_Fo ... y_PhotoRec
Test a sample file here:
https://www.cgsecurity.org/photorec/
No, Photorec is a file carver that typically ignores meta data like folder information. In case of the search in unallocated space it has to interpret the content of the file system to get the information about what is unallocated space.Is there a way to use photorec to recover partially damaged files form a specified folder?
https://www.cgsecurity.org/wiki/PhotoRe ... space_only
Are you XXXXXXXXXXXXX trying to promote your software? If yes, ask Christophe Grenier for permission, please.I had some success with XXXXXXXXXXXXX , which is not free, and leaves text over recovered images. It uses some heuristics to search files in specified folders, and partially recover images?
What is the interest of packing "olfg" (an extension I never heard about) pictures into an image file?I tried creating iso image which contains olfg pictures, and used as cd image, but photorec cannot recover part of jpeg files from iso.
Why are you switching between "olfg" files and jpeg files?
There is no need to create disk images, Photorec can search on a disk directly.Is there a way to create disk image in windows, or linux, and have photorec recover partial jpeg images from it?
No, Photorec is a file carver that typically ignores meta data like folder information. In case of the search in unallocated space it has to interpret the content of the file system to get the information about what is unallocated space.Or to point photorec to files with partially encrypted jpeg files?
Re: Repair damaged jpeg files from ransomware
Ok, perhaps I did not explain properly.
A friend of mine installed program with virus.
His pictures got encrypted with ransomware.
Jpeg files got encrypted. First part of the image got encrypted, and the jpeg file got renamed to olfg.
For example "house.jpg" becomes "house.jpg.olfg."
It cannot be opened in a picture viewer, because part of the picture at the beginning is not valid.
I found some software which can reconstruct open "house.jpg.olfg", scan the file for jpeg data, and save it as a new valid jpeg file. Part of the image might be missing, but part it saved as a new file.
I do not wish to scan the whole disk or partition for deleted files.
What I was hoping is that photorec can in some way be used to scan house.jpg.olfg (or folder with other encrypted pictures), and recover part of the image that is valid and save it as a new valid jpg.
I did not pack images into olfg. Olfg name as itself is not important, it could be any name, there are different versions of the ransomware.
It could be useful to a lot of people to be able to recover pictures after ransomware using high quality program like photorec.
Apparently it cannot be used that way.
Thank you for your response.
Sorry to see you deleted my post. It was not fake. I do not wish to buy the program, that is why I was hoping to use photorec which is free, for the same purpose.
Program I mentioned was recommended in bleeping computer forums, part that deals with ransomware. I also tried disk tuna, but did not succeed to recover files, cause it requiers to have reference file which I do not have.
A friend of mine installed program with virus.
His pictures got encrypted with ransomware.
Jpeg files got encrypted. First part of the image got encrypted, and the jpeg file got renamed to olfg.
For example "house.jpg" becomes "house.jpg.olfg."
It cannot be opened in a picture viewer, because part of the picture at the beginning is not valid.
I found some software which can reconstruct open "house.jpg.olfg", scan the file for jpeg data, and save it as a new valid jpeg file. Part of the image might be missing, but part it saved as a new file.
I do not wish to scan the whole disk or partition for deleted files.
What I was hoping is that photorec can in some way be used to scan house.jpg.olfg (or folder with other encrypted pictures), and recover part of the image that is valid and save it as a new valid jpg.
I did not pack images into olfg. Olfg name as itself is not important, it could be any name, there are different versions of the ransomware.
It could be useful to a lot of people to be able to recover pictures after ransomware using high quality program like photorec.
Apparently it cannot be used that way.
Thank you for your response.
Sorry to see you deleted my post. It was not fake. I do not wish to buy the program, that is why I was hoping to use photorec which is free, for the same purpose.
Program I mentioned was recommended in bleeping computer forums, part that deals with ransomware. I also tried disk tuna, but did not succeed to recover files, cause it requiers to have reference file which I do not have.
Re: Repair damaged jpeg files from ransomware
here are the encrypted files, if someone wishes to try and repair them, or create a program.
https://1drv.ms/u/s!AoaKwmm7ZUPLaUkDl5y ... I?e=Yusf58
Apparently "The encrypted part is often 153605 bytes"
https://1drv.ms/u/s!AoaKwmm7ZUPLaUkDl5y ... I?e=Yusf58
Apparently "The encrypted part is often 153605 bytes"
-
- Posts: 2737
- Joined: 04 Jan 2019, 09:48
- Location: Hannover, Deutschland (Germany, Allemagne)
Re: Repair damaged jpeg files from ransomware
Photorec is not decrypting files.
Re: Repair damaged jpeg files from ransomware
Not necessarily decrypt them, but recover part of jpeg that is not overwritten.
The way that this ransomware works, is to encrypt part of the file, about 150kb at the beginning of the file apparently, and saves the modified file as jpeg.
The rest of the jpeg file is untouched, and could be recovered and saved with a new header.
That is what the other program does, which is not free.
The way that this ransomware works, is to encrypt part of the file, about 150kb at the beginning of the file apparently, and saves the modified file as jpeg.
The rest of the jpeg file is untouched, and could be recovered and saved with a new header.
That is what the other program does, which is not free.
-
- Posts: 2737
- Joined: 04 Jan 2019, 09:48
- Location: Hannover, Deutschland (Germany, Allemagne)
Re: Repair damaged jpeg files from ransomware
Photorec is extracting files from a disk based on fingerprints which are typically located at the beginning of a file. If you encrypt the beginning of a file Photorec won't recognize them anymore.
- cgrenier
- Site Admin
- Posts: 5432
- Joined: 18 Feb 2012, 15:08
- Location: Le Perreux Sur Marne, France
- Contact:
Re: Repair damaged jpeg files from ransomware
It's not possible to test if it's possible to recover the picture of a jpg if you don't provide an unmodified jpg from the same camera/phone (same resolution) than the jpg you are trying to "repair".
Re: Repair damaged jpeg files from ransomware
I had some success with the program I mentioned before. Without the need for the unmodified jpeg from the same camera. About 50% success. If the picture is bigger, the chances are better to recover the picture. The program name was deleted from my first post.
I looked at the github, trying to find some opensource program that does the same. Best I could find was A1337CBS/Jpeg-Carver from github.
it carves out part of jpeg, from disk image with jpeg files (made with dd).
But it does not put jpeg fragments back together to one picture. So you have top 10 pixels, then, maybe 500 pixels of the jpeg, and the rest of the jpeg is missing.
Also does not need the unmodified jpeg from the same camera.
I suppose the chances would be higher, if I did have the it.
I looked at the github, trying to find some opensource program that does the same. Best I could find was A1337CBS/Jpeg-Carver from github.
it carves out part of jpeg, from disk image with jpeg files (made with dd).
But it does not put jpeg fragments back together to one picture. So you have top 10 pixels, then, maybe 500 pixels of the jpeg, and the rest of the jpeg is missing.
Also does not need the unmodified jpeg from the same camera.
I suppose the chances would be higher, if I did have the it.
Last edited by dbojan on 01 Nov 2022, 20:00, edited 1 time in total.
Re: Repair damaged jpeg files from ransomware
One could maybe use deleted files recovered from the disk of the same pc, as an 'unmodified jpg from the same camera'
tried with https://github.com/matwachich/recover_jpeg, which compares damaged files with unmodified jpgs, but did not have much success so far.
tried with https://github.com/matwachich/recover_jpeg, which compares damaged files with unmodified jpgs, but did not have much success so far.