cronodump

The cronodump utility can parse most of the databases created by the CronosPro database software and dump it to several output formats.

The software is popular among Russian public offices, companies and police agencies.

Quick start

In its simplest form, without any dependencies, the croconvert command creates a CSV representation of all the database's tables and a copy of all files contained in the database:

bin/croconvert --csv test_data/all_field_types

By default it creates a cronodump-YYYY-mm-DD-HH-MM-SS-ffffff/ directory containing CSV files for each table found. It will under this directory also create a Files-FL/ directory containing all the files stored in the Database, regardless if they are (still) referenced in any data table. All files that are actually referenced (and thus are known by their filename) will be stored under the Files-Referenced directory. With the --outputdir option you can chose your own dump location.

When you get an error message, or just unreadable data, chances are your database is protected. You may need to look into the --dbcrack or --strucrack options, explained below.

Templates

The croconvert command can use the powerful jinja templating framework to render more file formats like PostgreSQL and HTML. The default action for croconvert is to convert the database using the html template. Use

python3 -m venv ./venc
. venv/bin/activate
pip install jinja2
bin/croconvert test_data/all_field_types > test_data.html

to dump an HTML file with all tables found in the database, files listed and ready for download as inlined data URI and all table images inlined as well. Note that the resulting HTML file can be huge for large databases, causing a lot of load on browsers when trying to open them.

The -t postgres command will dump the table schemes and records as valid CREATE TABLE and INSERT INTO statements to stdout. This dump can then be imported in a PostgreSQL database. Note that the backslash character is not escaped and thus the standard_conforming_strings option should be off.

Pull requests for more templates supporting other output types are welcome.

Inspection

There's a bin/crodump tool to further investigate databases. This might be useful for extracting metadata like path names of table image files or input and output forms. Not all metadata has yet been completely reverse engineered, so some experience with understanding binary dumps might be required.

The crodump script has a plethora of options but in the most basic for the strudump sub command will provide a rich variety of metadata to look further:

bin/crodump strudump -v -a test_data/all_field_types/

The -a option tells strudump to output ascii instead of a hexdump.

For a low level dump of the database contents, use:

bin/crodump crodump -v  test_data/all_field_types/

The -v option tells crodump to include all unused byte ranges, this may be useful when identifying deleted records.

For a bit higher level dump of the database contents, use:

bin/crodump recdump  test_data/all_field_types/

This will print a hexdump of all records for all tables.

decoding password protected databases

Cronos v4 and higher are able to password protect databases, the protection works by modifying the KOD sbox. cronodump has two methods of deriving the KOD sbox from a database:

Both these methods are statistics based operations, it may not always yield the correct KOD sbox.

1. strudump

When the database has a sufficiently large CroStru.dat file, it is easy to derive the nodified KOD-sbox from the CroStru file, the --strucrack option will do this.

crodump --strucrack  recdump <dbpath>

2. dbdump

When the Bank and Index files are compressed, we can derive the KOD sbox by inspecting the fourth byte of each record, which should decode to a zero.

The --dbcrack option will do this.

crodump --dbcrack  recdump <dbpath>

Installing

cronodump requires python 3.7 or later. It has been tested on Linux, MacOS and Windows. There is one optional requirement: the Jinja2 templating engine, but it will install fine without.

There are several ways of installing cronodump:

• You can run cronodump directly from the cloned git repository, by using the shell scripts in the bin subdirectory.
• You can install cronodump in your python environment by ruinning: python setup.py build install.
• You can install cronodump from the public pypi repository with pip install cronodump.
• You can install cronodump with the Jinja2 templating engine from the public pypi repository with pip install cronodump[templates].

Terminology

We decided to use the more common terminology for database, tables, records, etc. Here is a table showing how cronos calls these:

License

cronodump is released under the MIT license.

References

cronodump builds upon documentation of the file format found in older versions of Cronos and the subsequent implementation of a parser for the old file format but dropped the heuristic approach to guess offsets and obfuscation parameters for a more rigid parser. Refer to the docs for further details.