ESLockDecryptor

ESLockDecryptor is a command-line utility designed to recover and decrypt files encrypted by ES File Explorer (files with the .eslock extension). It supports processing both individual files and entire directories.

Warning

FOR LEGAL USE ONLY! This software is designed for educational purposes, security research, and lawful digital forensics use. It is intended to help users recover their own data or to assist authorized professionals in analyzing artifacts/evidence.

The author is not responsible for any illegal use of this tool. Usage of this software for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state, and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.

Features

• Batch Processing: Decrypt entire directories containing .eslock files.
• Single File Mode: Decrypt specific files.
• Auto-Detection: Automatically detects input/output paths if not specified.
• Fast and Lightweight: Simple CLI interface, parallel decryption of multiple files.

Downloads & Supported Platforms

You can download the latest pre-built binaries for your system from the Releases page.

No .NET Runtime installation required.

Supported Platforms:

• Windows: x64, x86, Arm64
• Linux: x64, Arm64 (tested on Ubuntu, Fedora, Kali; compatible with Debian, Arch, Mint, openSUSE, and other glibc-based distributions)
• macOS: Arm64 (Apple Silicon), x64 (Intel)

How to Run (Important)

This is a Command Line Interface (CLI) tool. It is meant to be executed from a terminal (Command Prompt, PowerShell, Bash).

❌ Do not run by double-clicking:

• Windows: The terminal window will close immediately after the process finishes, preventing you from seeing the success/error logs.
• Linux: The process may run in the background with no visual feedback, making it unclear if the decryption finished.

✅ Correct way:

1. Open your terminal.
2. Navigate to the folder containing the tool (cd path/to/tool).
3. Run the command as shown below.

Usage

ESLockDecryptor [input_path] [output_path]

Output Directory Logic

If the [output_path] argument is omitted (Scenarios 1 & 2), the utility automatically creates a new directory in the current working location using the format: ./decrypted-yyyyMMdd-hhmmss (e.g., decrypted-20251201-150000)

Scenarios

1. Auto-mode (Current Folder)

Requirement: Place the ESLockDecryptor executable directly inside the folder containing the encrypted .eslock files.

./ESLockDecryptor

The tool will scan the current directory and save decrypted files to a new timestamped folder.

2. Specific Input (Auto-Output)

Specify the path to the directory containing encrypted files. The output folder (decrypted-...) will be created inside the specified directory.

./ESLockDecryptor "path/to/encrypted_directory"

Result location: path/to/encrypted_directory/decrypted-yyyyMMdd-hhmmss

3. Explicit Input and Output

Specify exactly where to take files from and where to save the decrypted versions.

./ESLockDecryptor "encrypted/path" "decrypted/path"

Building from Source

If you prefer to build the application yourself, ensure you have the .NET 10 SDK installed.

1. Clone the repository:

   git clone https://github.com/Piotr-Kniaz/ESLockDecryptor.git
   cd ESLockDecryptor

2. Build the project:

   dotnet build --configuration Release

Issues & Contributing

Contributions are welcome! If you found a bug, have a feature request, or want to improve the code, feel free to help.

License

This project is licensed under the MIT License.