Data File Format
The data.crypt file is a binary file with the following structure:
The whole file contains either random data (the salt) or encrypted data (the rest after the salt). There is no plain text content. The whole file seems to contain random data (encrypted data also cannot be distinguished from random data).
All categories and data entries including favorite category info are stored in the last part of the data.crypt file and is encrypted. Therefore any information about the entries data, number of categories, category names, favorite category, or number of entries is encrypted too and therefore hidden.
Supported cipher mode of operation
Unlocking data file with master password and salt
The data.crypt file is loaded into RAM and its first 512 bits are used as a 'salt' value. The salt and the master password are passed to the SHA-256 hash function as initial values. The result is iterated 1000 times using SHA-256 to provide the final key to unlock the data.crypt file. This hashed value is saved temporarily into RAM as a cipher key (not the user-provided master password).
Now all the combinations of cipher algorithm, key length, and cipher mode of operation (currently up to 24 combinations) are tried with this hashed password. When a shorter key than 256 bits is needed, the key is trimmed to the appropriate length.
If the 'TRUE' string from the data.crypt file (byte positions 64-67) is successfully decoded, CRC-32 checksum and data length are verified then the unlock is considered to be successful. After that, the rest of the file is processed. Finally, the XML data are uncompressed by GZIP and loaded into RAM memory.