I have studied the behavior of the decryption program (unlock.exe) and have noticed some aspects of the decryption key structure.
To match ID and KEY:
1) At the beginning of the key is the ID in HEX followed by the character "_" (0x5F)
2) The last byte must be 0x00
3) If any byte is changed in the range between 0x5F and 0x00, the key is accepted.
4) If you delete bytes from this interval (shorten the key) the key is accepted.
Considering these I produced a fake key corresponding to Id 1:
When we click on the "Unlock One" button, the error "Access violation at address 005CC02E in module" unlock.exe "is displayed. From here I have concluded that a
minimum length is required.
Let's extend the key and test it:
When we click the "Unlock One" button, the key is accepted and we are invited to choose the encrypted file (whose original name we modified to match the id 1:
The content of the file is modified (decrypted with a wrong key), the extension is modified correctly in testfile.txt but the last 36 bytes from the end of the
encrypted file are not deleted.
The next test is the incremental addition of bytes in the key. From successive increments we reached the following key contents:
315F + 48x (0X00) + 2 * (0X00)
1_ + 48 x (null) + 2 x (null)
This key is accepted and this time in the decrypted file the last 36 bytes are also removed, but obviously with the fake key the decryption is incorrect.
I do not know if what I have exposed is helpful but I hope to help and encourage those more experienced than me.