보안수준보통으로 암호화된 한글 문서 파일 구조 5.0에 대한 hwp 파일 복호화 방안 연구

Hangle is a word processor developed by Hancom Corporation and is primarily used in South Korea. Hangle supports an encryption feature, but this feature can hinder investigative processes when used for purposes other than personal data protection. In contrast to Microsoft Word, which is widely used internationally and has disclosed its encryption process, there are no officially published studies or documents on the encryption process of hwp files. Additionally, when encrypted hwp files may serve as digital evidence in an investigation, the inability to read the encrypted data complicates digital forensic investigations. Additionally, when encrypted hwp files may serve as digital evidence in an investigation, the inability to read the encrypted data complicates digital forensic investigations. Therefore, in this paper, we derive the decryption process by performing reverse engineering on HWP files configured with a normal security level, focusing on password recovery. Furthermore, through experiments that verify the verification values of files structured according to the HWP Document Format 5.0 and encrypted with a normal security level, this paper proposes a password verification mechanism for HWP files encrypted at the normal security level. Through the decryption and verification process proposed in this paper, we successfully decrypt actual hwp files in hwp, and this is expected to be meaningfully utilized in digital forensic investigations.