Is the file Encrypted with AES? [closed]

Answer 1

If you're open to using an external program, you can use openssl to attempt to decrypt the data. As long as you provide a non-blank password on unencrypted data it will return with a "bad magic number" error. Not sure yet exactly how openssl is generating that message (if I could you could do that in your code), but it's a start.

$ openssl enc -d -aes-256-cbc -in /Applications/Wireshark.app/Contents/MacOS/Wireshark
enter aes-256-cbc decryption password:
bad magic number

Another method would be to check the first 8 characters of the file are "Salted__" and the following 8 characters are the salt (provided the encryption was salted which the openssl binary does by default but can be disabled).

0000000: 5361 6c74 6564 5f5f 70d6 3655 ae12 58de Salted__p.6U..X.

Answer 2

there is no way to tell if anything has been encrypted with AES, it doesnt leave a signature, thats part of the point. although you can infer that its probably been encrypted with AES or some other 128bit block cipher by testing if the length of the data in bytes is a multiple of 16, suggesting a 128bit block cipher with padding on the last block

Answer 3

It depends on the unencrypted file format. If your unencrypted file has a specific file header, you can search for that header. If you find it, the file is unencrypted. If you don't find it the file could be encrypted.

If your unencrypted file does not have a specific file header ... then tough luck.