Brush up on Dropbox DBX decryption
![Image](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgnt9naqWElQ-HdqAWA8_bGDN5YPVUynNX1WfCLKT6XPkGb1jq8atqVG4pgDuD5YVYshpzuIsDlA3qhL0jHmTPoCms57qRvm9pD4c-xHZFekjAKtARktrgDwi-rYm-p6bfa3Yxdma-M9dA/s200/dropbox.jpeg)
Few weeks ago I was contacted about how to decrypt Windows Dropbox DBX files and the same topic appeared on SANS DFIR mailing list too. So I decided to create an Open Source toolkit and this post to brush up on the DBX files create by the Dropbox client on a Windows machine. The Windows Dropbox client keeps its own files - user info, configuration, ' my dropbox ' files sync status and even more - inside the user profile: on the Windows 7 and Windows 10 machines I used for test they reside in ' \Users\%USERNAME%\AppData\Local\Dropbox\ ' and sub folders. Among them there are files with .DBX extension, which are the target of this post. When you take a raw look at them, you see garbage, noise ... encryption is in place. Without too much suspence , this is well-known. Nicolas Ruff and Florian Ledoux had a talk at hack.lu 2012 on the topic, “ A critical analysis of Dropbox software security ” ( here ). They discovered that the encryption key used for DBX fi