3

I'm trying to get to the original data stored on a Micros POS. Under the DB folder, I found over a 100 files, arranged in pairs: x.bin, x.key; y.bin, y.key etc. The file names look like table names, and each has a .key and a .bin.

After searching a lot, I got hints and rumors that the DB used by the POS is SQLite and that the files are encrypted, each with it's own key.

My question: is there a programmatic way to get at the data in those .bin files? Bonus: is there a way to create one unencrypted SQLite file containing all tables and all data?

Thanks for your time!

Charles
  • 50,943
  • 13
  • 104
  • 142
Traveling Tech Guy
  • 27,194
  • 23
  • 111
  • 159
  • 2
    That doesn't sound like any SQLite file layout I've ever seen. What's the hardware model number? Where did you read that these files are SQLite? – Charles Jan 25 '12 at 05:51
  • It's a Micros E7. Read about it on Tek-Tips and posforum.net. Would love to hear it's something simple to reverse engineer... – Traveling Tech Guy Jan 25 '12 at 06:45
  • 1
    What version of the software? – MyItchyChin Feb 02 '12 at 18:17
  • @MyItchyChin I'm not sure, but can easily find out. Is it relevant? Is there documentation for the DB structure anywhere? – Traveling Tech Guy Feb 02 '12 at 20:14
  • Older versions of the software didn't encrypt data, the newer versions have an export function. – MyItchyChin Feb 03 '12 at 02:37
  • @MyItchyChin When you say "export function", you mean in the software, or is there an API? – Traveling Tech Guy Feb 03 '12 at 21:11
  • @TravelingTechGuy - It's via the software but from what I've read there's an API for it but you need a 15k SDK license to get docs for it. The later versions of their Manager Software are written in .NET and use SOAP Services. – MyItchyChin Feb 03 '12 at 21:39
  • @MyItchyChin was afraid that would be the conclusion :(. Thanks for the info though. Now I'll have to find out what part of the software triggers an export and automate that. Oh well, reverse engineering was always my favorite part of problem resolution :) – Traveling Tech Guy Feb 03 '12 at 23:25

1 Answers1

1

Just staring at the encrypted files will not likely to do much good (unless you have experience with crypto analysis). However, if you have the whole firmware from the device, there's a simpler (IMO) way:

  1. Find the code which works with those files (e.g. by searching for .key and .bin in files).
  2. Reverse-engineer (disassemble/decompile) it and figure out what it does.
  3. Reproduce the decryption step either manually or write a small program to do it.
  4. Check if the decrypted data is SQLite format or not.
Igor Skochinsky
  • 24,629
  • 2
  • 72
  • 109