I'm looking for curious people interested in helping me reverse a file format for my 3d printer at work (EOS M100 LPBF metal printer). I highly suspect the files are encrypted with a baked-in key in the software, so the task starts off with however one would go about finding that (key and algo). I have basically 0 practical experience with hooking up a debugger to a program or sifting through DLL's. Older software from the same company used .ini - like files for the same purpose, so I'm hoping once the data is decrypted / deobfuscated it will be a simple format. I can provide files, as well as the program itself, but actually running the program is dependent on a usb token I obviously can't send.
I just started in earnest this afternoon, and forgot to copy any files to take home with me, but here's what I found so far:
- there's a small header and footer without much info (file size, and possibly version?)(33 byte header 16 byte footer)
- crafted input: files created to be exactly the same (exact same edits within software then saved) are exactly the same, so suspected encryption key is static (no nonce, no timestamp included)
- crafted input: files with a change to a single parameter in the editor result in entirely different data (though exactly the same size)(hence why I'm convinced the data section is encrypted in some way).
- data size seems to be multiple 16 bytes (probably more. I didn't think to check greatest common denominator between many files before I left work.)
- The software included a 3rd party dll for zip files that I briefly looked up to also have encryption tools, so best case scenario we find a simple call into that library with a static password (fingers crossed
I'm a bit new to zenhax, but you can also @ me on discord: Aaron#8011
I'd be super grateful for any help!