New Posts  All Forums:Forum Nav:

what are this .enc files?

post #1 of 9
3/2/10 at 7:53pm
Thread Starter 
Hello

Does anyone knows what are the MODxxxxxxx.enc files thar are in the windows folder and on the preload folder?
Can anyone know how to decode it?

thanks
Reply
Reply
post #2 of 9
3/2/10 at 8:06pm
A good read here.

cheers ...
Reply
Reply
post #3 of 9
3/2/10 at 8:24pm
Thread Starter 
thanks but allready tried/read that info. For what i saw in my experiments reading the log this is a encoded xml file. Acer alaunchx can decrypt it but without making a copy. here is a part of the log
Code:
2009-12-07 23:24:59    [   83C]    INFO    CMainFrame::Launch -    -----------------------------------------
2009-12-07 23:24:59    [   83C]    INFO    CMainFrame::Launch -    Install Action19
2009-12-07 23:24:59    [   83C]    INFO    CMainFrame::Launch -    Moduel PN: MOD01SET0600860014
2009-12-07 23:24:59    [   83C]    INFO    CMainFrame::Launch -    Moduel Path: C:\\WINDOWS\\SYSTEM32\\OEM\\
2009-12-07 23:24:59    [   83C]    INFO    CMainFrame::Launch -    Module answer file: C:\\WINDOWS\\SYSTEM32\\OEM\\MOD01SET0600860014.enc
2009-12-07 23:24:59    [   83C]    TRACE    CCryptData::decryptFile -    ENTER: CCryptData::decryptFile
2009-12-07 23:25:04    [   83C]    TRACE    CCryptData::decrypt -    Device ID length:0
2009-12-07 23:25:04    [   83C]    TRACE    CCryptData::decrypt -    CryptEncrypt Finished
2009-12-07 23:25:04    [   83C]    TRACE    CCryptData::decryptFile -    EXIT: CCryptData::decryptFile
2009-12-07 23:25:04    [   83C]    TRACE    parseXMLDoc -    ENTER: parseXMLDoc
2009-12-07 23:25:04    [   83C]    TRACE    parseXMLDoc -    EXIT: parseXMLDoc
2009-12-07 23:25:04    [   83C]    INFO    CMainFrame::Launch -    Module Name: Cleanup
2009-12-07 23:25:04    [   83C]    TRACE    CMainFrame::Launch -    EXIT: CMainFrame::Launch
2009-12-07 23:25:04    [   B88]    TRACE    ExecuteApp -    ENTER: ExecuteApp
2009-12-07 23:25:04    [   B88]    TRACE    CCryptData::decryptFile -    ENTER: CCryptData::decryptFile
2009-12-07 23:25:04    [   B88]    TRACE    CCryptData::decrypt -    Device ID length:0
2009-12-07 23:25:04    [   B88]    TRACE    CCryptData::decrypt -    CryptEncrypt Finished
2009-12-07 23:25:04    [   B88]    TRACE    CCryptData::decryptFile -    EXIT: CCryptData::decryptFile
2009-12-07 23:25:04    [   B88]    TRACE    parseXMLDoc -    ENTER: parseXMLDoc
2009-12-07 23:25:04    [   B88]    TRACE    parseXMLDoc -    EXIT: parseXMLDoc
2009-12-07 23:25:04    [   B88]    INFO    ExecuteApp -    execute process 1
2009-12-07 23:25:04    [   B88]    INFO    ExecuteApp -    process 1 install command: C:\\WINDOWS\\SYSTEM32\\OEM\\\\cleanup.cmd 
2009-12-07 23:29:53    [   B88]    INFO    ExecuteApp -    Return code check: False
2009-12-07 23:29:53    [   B88]    INFO    ExecuteApp -    Execute process 1 success
cheers
Reply
Reply
post #4 of 9
3/2/10 at 8:28pm
You meant sort of virus attack?

cheers ...
Reply
Reply
post #5 of 9
3/3/10 at 5:20am
Thread Starter 
no
this is not a virus attack. this is part o a log just after oobe in windows and during the install of drivers and other acer stuff in the computer. This has nothing to do with a virus.

The .enc files are like ini files that indicate to the exe program if it can be installed or not.

If there are some NAPP and pqservice expertes i think they know what i want, update the pqservice d2d folder to windows 7 but mantaining all the other acer stuff. And this is quite simple because acer now uses imagex to compress their recover images.

cheers
Reply
Reply
post #6 of 9
3/3/10 at 5:27am
Interesting. If you want we can move your thread to Software General for more feedback.

cheers ...
Reply
Reply
post #7 of 9
3/3/10 at 6:55am
Thread Starter 
move it

cheers
Reply
Reply
post #8 of 9
3/3/10 at 1:05pm
And it is done!
Reply
Reply
post #9 of 9
3/3/10 at 5:58pm
Thread Starter 
A few history

All acer users know the erecovery program. It has the ability of restore the O.S. to factory state (like the first time you turned the computer).
The recover images are on a hidden partition called PQSERVICE.
It used a software called ImageIT to save the OS files in D2d/IMAGES folder. In that folder was a huge amount of files with *.dsi, *.wsi and *.000 to *.xxx.
To extract those files you needed a IIT.exe and the password (can found it trough Google).
Also in D2D folder is a PATCH folder that containes some programs installed in first OS boot.
If you wanted to change some of this it was quite easy cause the PQservice contained all you needed.

The actual
The file structure in PQSERVICE still is the same but with 2 different things
First acer techs puted away the image it soft and now uses Imagex from microsoft, which is more available to extract de OS files to a large WIM file.
Second now the patch folder contains a new file extension *.enc that are like ini files for install but cannot be decoded/decrypted (at least i can not decode it). Without this *.enc files you cannot add new files like new drivers or updated programs to be installed on first boot or OOBE.

Few of us have bought our notebooks with MS Windows Vista but if you upgraded to MS Windows 7 this upgrade will not update your hidden partition with the new OS.

The objective - Try to update the OS in the hidden partition to windows 7. but now here is the problem, if you extract the image with Image IT or Imagex you will see inside windows folder and/or OEM folder some files with *.enc extension. they are a sort of ini files with the configuration to be installed on the computer.
To be able to install new software on first boot you need to add a new enc file to the install, otherwise it will not be installed

Tools you need:
partedit.exe
gimagex
imagex
a windows pe on a pendrive with imagex on it
IMAGEIT in case your files are in wsi, dsi

(to be continued)
Reply
Reply
New Posts  All Forums:Forum Nav:
  Return Home