cryptomator / sanitizer Goto Github PK

View Code? Open in Web Editor NEW

33.0 12.0 9.0 182 KB

Utility to find and fix problems within vaults

Home Page: https://cryptomator.org/

License: GNU General Public License v3.0

Java 100.00%

sanitizer's Introduction

Utility to find and fix problems within vaults, restoring files and mapping cleartext to encrypted paths.

Download

Sanitizer is a Java program. The current version can be downloaded from the releases page.

You will need Java 9 installed to run it.

Usage

java -jar sanitizer-0.16.jar command ...

commands:
* check - check a vault for problems
* decryptFile - decrypt the contents of a single file
* encryptPath - encrypt a cleartext path
* decryptVault - decrypt a complete vault and restore inaccessible data

A more detailed guide on how to use Sanitizer can be found here.

check command usage

java -jar sanitizer-0.16.jar check -vault vaultPath [-passphraseFile passphraseFile] [-deep] [-solve enabledSolution ...] [-output outputPrefix]

Detects problems in Cryptomator vaults.

    --deep                              Check file integrity (Could take a long
                                        time).
    --output <outputPrefix>             The prefix of the output files to write
                                        results to. Will create two output
                                        files:
                                        * <outputPrefix>.structure.txt and
                                        * <outputPrefix>.check.txt.
                                        Default: name of vault
    --passphrase <passphrase>           DO NOT USE. ONLY FOR TESTING PURPOSES.
                                        The cleartext vault passphrase. Omit
                                        this and you will be promted for the
                                        passphrase.
    --passphraseFile <passphraseFile>   A file to read the password from. Omit
                                        this and you will be promted for the
                                        passphrase.
    --solve <solve>                     Name of one or more problems to solve.
                                        Available: MissingEqualsSign,
                                        UppercasedFile, LowercasedFile,
                                        OrphanMFile, FileSizeOfZeroInHeader,
                                        FileSizeInHeader, NameNormalization
    --vault <vaultPath>                 On which vault to work.

decryptFile command usage

java -jar sanitizer-0.16.jar decryptFile -vault vaultPath [-passphraseFile passphraseFile]

Decrypts single Cryptomator files.

    --passphrase <passphrase>           DO NOT USE. ONLY FOR TESTING PURPOSES.
                                        The cleartext vault passphrase. Omit
                                        this and you will be promted for the
                                        passphrase.
    --passphraseFile <passphraseFile>   A file to read the password from. Omit
                                        this and you will be promted for the
                                        passphrase.
    --vault <vaultPath>                 On which vault to work.

encryptPath command usage

java -jar sanitizer-0.16.jar encryptPath -vault vaultPath [-passphraseFile passphraseFile] [-cleartextPath cleartextPath] [-cleartextListFile cleartextListFile] [-outputPath outputPath]

Encrypt cleartext paths for a Cryptomator vault.

    --passphrase <passphrase>           DO NOT USE. ONLY FOR TESTING PURPOSES.
                                        The cleartext vault passphrase. Omit
                                        this and you will be promted for the
                                        passphrase.
    --passphraseFile <passphraseFile>   A file to read the password from. Omit
                                        this and you will be promted for the
                                        passphrase.
    --vault <vaultPath>                 On which vault to work.
    --cleartextPath <cleartextPath>     Path of the cleartext file in the
                                        vault. Omit this and you will be
                                        prompted for the path.
    --cleartextListFile <cleartextListFile>
                                        Path to a line-separated file that
                                        lists cleartexts in the vault. This
                                        can be used to substitute for
                                        cleartextPath.
    --outputPath <outputPath>           Path of the output file.
                                        Supported extensions: txt, csv

decryptVault command usage

java -jar sanitizer-0.16.jar decryptVault -vault vaultPath -target targetPath [-passphraseFile passphraseFile]

Decrypts all data from a vault and tries to restore inaccessible data.

    --passphrase <passphrase>           DO NOT USE. ONLY FOR TESTING PURPOSES.
                                        The cleartext vault passphrase. Omit
                                        this and you will be promted for the
                                        passphrase.
    --passphraseFile <passphraseFile>   A file to read the password from. Omit
                                        this and you will be promted for the
                                        passphrase.
    --target <targetPath>               Where to place the exported data.
    --vault <vaultPath>                 On which vault to work.

Requirements

You need to have Java 9 installed to run this tool.

Examples

When you have everything set up, you can run the integrity check from the command line (cmd.exe on Windows) using:

java -jar sanitizer-x.y.jar check --vault <vaultPath>

You will be asked for the vault passphrase in this case. If that fails, you may store your passphrase in a file (without line break at the end!) and use:

java -jar sanitizer-x.y.jar check --vault <vaultPath> --passphraseFile <passphraseFile>

After completion, the tool will print how many problems were found and create two files:

<vaultName>.structure.txt: The full structure of the vault including all files and directories. Contains only encrypted names and the exact size of small and the approximate size of larger ones so we can not see your data. This may help us to diagnose issues not already handled by Sanitizer.
<vaultName>.check.txt: A list of known issues and some information. This includes the name of the encrypted root directory. This is useful to check how the root directory looks like when analyzing the structure file.

Building

Dependencies

Java 9
Maven 3

Run Maven

mvn clean install

License

Distributed under the GPLv3. See the LICENSE.txt file for more info.

sanitizer's People

Contributors

Stargazers

Watchers

Forkers

wangkesen productinfo morristech dbird137 ajunboys msgpo joekrenek syldej meekyphotos

sanitizer's Issues

Full decryption of vault (for data rescue)

There might be vaults (due to partial data loss) that still have some data that can be decrypted. However, these files are unavailable to the user, because many directory links are broken (orphan directories).

We should add an operation to decrypt the whole vault. Details of implementation have to be discussed.

Some problems

When trying to use Sanitizer without a passphrase file, I cannot paste my passphrase into PowerShell (and my passphrase is rather long and complex, manually typing is not really an option).
When trying to use a passphrase file instead with the passphrase in it, I'm getting the following exception.

Edit: Actually, the cursor doesn't move at all or show anything when trying to type the passphrase manually. Is that by design? And it seems like pasting the passphrase does work, but there's no visual feedback at all.

Cryptomator vault sanitizer v0.14

Exception in thread "main" java.lang.IndexOutOfBoundsException
        at sun.nio.cs.StreamDecoder.read(Unknown Source)
        at java.io.InputStreamReader.read(Unknown Source)
        at org.cryptomator.sanitizer.commands.CheckCommand.passphraseFromFile(CheckCommand.java:189)
        at org.cryptomator.sanitizer.commands.CheckCommand.passphrase(CheckCommand.java:161)
        at org.cryptomator.sanitizer.commands.CheckCommand.parse(CheckCommand.java:130)
        at org.cryptomator.sanitizer.commands.Commands.<init>(Commands.java:61)
        at org.cryptomator.sanitizer.commands.Commands.parse(Commands.java:26)
        at org.cryptomator.sanitizer.Sanitizer.main(Sanitizer.java:12)

Restoring damaged database "Unable to read header from channel"

Hi there,

We are using Cryptomator with Google Team Drive, and we have had an unexplained incident where a whole load of files and folders were deleted from someone's machine that was syncing up to Google Team Drive.

The first thing I did was hit "Restore" in the Google Team Drive web UI - this was a massive mistake.

Their restore system didn't care about the order of the restore operations and consequently dumped thousands of files in the root folder of the drive because it had not yet come around to restoring the folders they belong in. The thought had crossed my mind for a second before I hit "Restore", and I dismissed the idea that Google could be so silly as to not restore files to the correct directory...

Long story short, here I am with thousands of encrypted files in the root directory. I've tried running Sanitizer decryptVault, in the hope that it could restore my folders and files (but with missing filenames?? not the worst outcome compared to total data loss), but I keep getting hit with exceptions such as:

2R\D5OLMSUE34KYVE76YH4QXIEARUA6TX\BSQFCT6MDQVZEOTOO62M5WFRT3VRUMFB.lng -> c:\vaultname\decrypted\root\blah\blah\blah\unknown-file.LNG Exception in thread "main" java.lang.IllegalArgumentException: Unable to read header from channel.

As I'm desperate (this is a huge data loss) I also tried to find out the directory paths for each file via the Google Drive API so that I could restore the folder structure that way, but that doesn't seem to be possible unless someone answers my StackOverflow with some magic.

Do you have any advice on what my next steps should be?

Sanitizer v0.6 (Java 12 / Windows) : decryptVault : Exception on loadHeaderIfNecessary(DecryptingReadableByteChannel.java:75)

Hi,
While using sanitizer's decryptVault command, many files are successfully getting decrypted but sometimes the process crashes with a similar exception stack as below.
A workaround consists of manually deleting the source file on which the process crashed, and restart the whole decryptVault process (which takes hours on my large vault) until the process crashes on another file, etc...
Is there a way to anticipate on which files the process will crash, in order to delete these files upfront ? Or a way to tell sanitizer to only log these exceptions in a log file but keep processing the next files ?

Failed to authenticate name of RC/7QMWWF7QIVTSS7ZRPAIJBTISLLFRDX/SVMBI5ATOICAXXY2TAQU6NTXMTS642UF.lng
RC/7QMWWF7QIVTSS7ZRPAIJBTISLLFRDX/SVMBI5ATOICAXXY2TAQU6NTXMTS642UF.lng -> /media/ext/flv2/root/unknown-file-2.LNG
Failed to authenticate name of RC/7QMWWF7QIVTSS7ZRPAIJBTISLLFRDX/TSC5272ZPIKOFAHXPH3QRVH7JOQOLZ5P.lng
RC/7QMWWF7QIVTSS7ZRPAIJBTISLLFRDX/TSC5272ZPIKOFAHXPH3QRVH7JOQOLZ5P.lng -> /media/ext/flv2/root/unknown-file-3.LNG
Exception in thread "main" java.lang.IllegalArgumentException: Unable to read header from channel.
	at org.cryptomator.cryptolib.v1.DecryptingReadableByteChannel.loadHeaderIfNecessary(DecryptingReadableByteChannel.java:75)
	at org.cryptomator.cryptolib.v1.DecryptingReadableByteChannel.read(DecryptingReadableByteChannel.java:48)
	at org.cryptomator.sanitizer.restorer.ScannedVault$EncryptedFile.tryDecryptTo(ScannedVault.java:310)
	at org.cryptomator.sanitizer.restorer.ScannedVault$Entry.decryptTo(ScannedVault.java:355)
	at org.cryptomator.sanitizer.restorer.ScannedVault$EncryptedDirectory.lambda$decryptContentsTo$1(ScannedVault.java:231)
	at java.base/java.util.ArrayList.forEach(ArrayList.java:1540)
	at org.cryptomator.sanitizer.restorer.ScannedVault$EncryptedDirectory.decryptContentsTo(ScannedVault.java:231)
	at org.cryptomator.sanitizer.restorer.ScannedVault$EncryptedDirectory.tryDecryptTo(ScannedVault.java:214)
	at org.cryptomator.sanitizer.restorer.ScannedVault$Entry.decryptTo(ScannedVault.java:355)
	at org.cryptomator.sanitizer.restorer.ScannedVault.lambda$decryptTo$0(ScannedVault.java:194)
	at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183)
	at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195)
	at java.base/java.util.HashMap$ValueSpliterator.forEachRemaining(HashMap.java:1675)
	at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484)
	at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)
	at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150)
	at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173)
	at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
	at java.base/java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:497)
	at org.cryptomator.sanitizer.restorer.ScannedVault.decryptTo(ScannedVault.java:194)
	at org.cryptomator.sanitizer.restorer.VaultDecryptor.run(VaultDecryptor.java:41)
	at org.cryptomator.sanitizer.commands.DecryptVaultRunner.run(DecryptVaultRunner.java:21)
	at org.cryptomator.sanitizer.commands.DecryptVaultCommand.run(DecryptVaultCommand.java:91)
	at org.cryptomator.sanitizer.commands.Commands.run(Commands.java:75)
	at org.cryptomator.sanitizer.Sanitizer.main(Sanitizer.java:16)
	at java.base/java.util.Optional.ifPresent(Optional.java:183)
	at org.cryptomator.sanitizer.Sanitizer.main(Sanitizer.java:12)

Does not support vault version 6

Exception in thread "main" java.lang.IllegalArgumentException: Unsupported vault version 6

Problems with decryptFile

I am having troubles running the decryptFile utility. Seems like is missing some dependency on the Janino library?

Here is what I did:

$ java -jar sanitizer-0.13.jar decryptFile -vault /Users/Eduardo/Cryptomator_vault/
# Cryptomator vault sanitizer v0.13 #

Vault password:
Enter absolute path of an encrypted file: /Users/Eduardo/Cryptomator_vault/d/35/JG366DHSZ7C2CF7JS6NHVBSAROACEH/2RYXDGZIR6S4W24IB5POARRVCMIOKMBXGFXZINSRLU5NU4MMAY6Q====
Enter absolute path of decrypted output: /Users/Eduardo
14:45:54,681 |-INFO in ch.qos.logback.classic.LoggerContext[default] - Could NOT find resource [logback-test.xml]
14:45:54,681 |-INFO in ch.qos.logback.classic.LoggerContext[default] - Could NOT find resource [logback.groovy]
14:45:54,681 |-INFO in ch.qos.logback.classic.LoggerContext[default] - Found resource [logback.xml] at [jar:file:/Users/Eduardo/Desktop/sanitizer-0.13.jar!/logback.xml]
14:45:54,705 |-INFO in ch.qos.logback.core.joran.spi.ConfigurationWatchList@3d24753a - URL [jar:file:/Users/Eduardo/Desktop/sanitizer-0.13.jar!/logback.xml] is not of type file
14:45:54,824 |-INFO in ch.qos.logback.classic.joran.action.ConfigurationAction - debug attribute not set
14:45:54,826 |-ERROR in ch.qos.logback.core.joran.conditional.IfAction - Could not find Janino library on the class path. Skipping conditional processing.
14:45:54,826 |-ERROR in ch.qos.logback.core.joran.conditional.IfAction - See also http://logback.qos.ch/codes.html#ifJanino
14:45:54,828 |-INFO in ch.qos.logback.classic.joran.action.ConfigurationAction - End of configuration.
14:45:54,829 |-INFO in ch.qos.logback.classic.joran.JoranConfigurator@59a6e353 - Registering current configuration as safe fallback point

Exception in thread "main" java.lang.IllegalStateException: Required key length not supported.
	at org.cryptomator.cryptolib.v1.Version1CryptorModule.assertRequiredKeyLengthIsAllowed(Version1CryptorModule.java:42)
	at org.cryptomator.cryptolib.v1.Version1CryptorModule.provideCryptorProvider(Version1CryptorModule.java:35)
	at org.cryptomator.cryptolib.v1.Version1CryptorModule_ProvideCryptorProviderFactory.get(Version1CryptorModule_ProvideCryptorProviderFactory.java:30)
	at org.cryptomator.cryptolib.v1.Version1CryptorModule_ProvideCryptorProviderFactory.get(Version1CryptorModule_ProvideCryptorProviderFactory.java:10)
	at org.cryptomator.cryptolib.DaggerCryptoLibComponent.version1(DaggerCryptoLibComponent.java:51)
	at org.cryptomator.cryptolib.Cryptors.version1(Cryptors.java:27)
	at org.cryptomator.sanitizer.CryptorHolder.bestGuessCryptorProvider(CryptorHolder.java:89)
	at org.cryptomator.sanitizer.restorer.FileDecryptor.decryptFile(FileDecryptor.java:36)
	at org.cryptomator.sanitizer.commands.DecryptFileRunner.run(DecryptFileRunner.java:21)
	at org.cryptomator.sanitizer.commands.DecryptFileCommand.run(DecryptFileCommand.java:79)
	at org.cryptomator.sanitizer.commands.Commands.run(Commands.java:75)
	at org.cryptomator.sanitizer.Sanitizer.main(Sanitizer.java:16)
	at org.cryptomator.sanitizer.Sanitizer$$Lambda$5/999966131.accept(Unknown Source)
	at java.util.Optional.ifPresent(Optional.java:159)
	at org.cryptomator.sanitizer.Sanitizer.main(Sanitizer.java:12)

Add support to Vault version 7

When trying to decrypt a vault with some files that Drive File Stream sent to lost and found, Sanitizer returns:

"Exception in thread "main" java.lang.IllegalArgumentException: Unsupported vault version 7 [...]"

Seems to be the same situation as this community post, so is it possible to add support for the newer version (7)?

Problems with encryptPath on Windows 10

I am using the script in powershell on windows 10 and it seems to work fine, it returns a valid path, however the returned path is definitely not the correct one (my vault is in google filestream)

Maybe the format is wrong? backslash instead of forward slash etc?

Example:

PS C:\Users\marku> java.exe -jar "G:\Meine Ablage\Encrypted Storage\sanitizer-0.15.jar" encryptPath -vault "G:\Meine Ablage\Encrypted Storage\Container"
# Cryptomator vault sanitizer v0.15 #

Vault password:
Enter a (cleartext) path of a file inside the vault: "D:\vault\folder1\folder2\folder3\theFileIcareAbout.exe"
G:\Meine Ablage\Encrypted Storage\Container\d\L6\64LURX5RDMNBGEXI5C2ZGQ475QGQPD\L5F53SYCMZOZWDG4ZELCRAMGBEUXLMWFC44CJDQHHBOGOKX5UPTDVRQYNOBCQAWL6JGS4O2F3L55LGLVUZLLD7MS2TWKEK7U3IWM3MXYQ7ZYUEUG6VRPLG7JQ2MGMMSPPJT75LPHVZ47ARVXOKWEIGIMMVSRNWHZ6DBCRWH2SA25PO4K3QSL6RSRTUIVEF4RJLVCAGVUVRZ3ROA7TCZ26LGBH6H4VWOANAPUYEPEOLTCUTTYJFQXKMTB2CCWZ3HBVBNJWBAUIPNYX7LKD4JN7TLZMEHF3IR6KEE3FS7UI4Z2ZI7TIHFL54OU2ZHUSJU3BNUDCJ5HEBXQ====

The correct path would be: "G:\Meine Ablage\Encrypted Storage\Container\d\EY\PG4T3KFULXLBJ72STWMAXSCXBJKX75\7COF7G2SYYMDU2X2JIQMTV2BRCU3MQYR.lng"

(I can tell by opening the file and see which file syncs in google filestream and also by the filesize)

I would appreciate your help!