Deciphering method and system of data protection application programming interface (DPAPI) enciphered data

The invention provides a deciphering method and system of data protection application programming interface (DPAPI) enciphered data. The method comprises the following steps: loading a device, wherein a data source is in the device, identifying a system partition from the data source and reading files in the system partition, wherein the Windows system is in the system partition, acquiring files which need to be deciphered and master key files of all users, acquiring all DPAPI enciphered blocks from the files which need to be deciphered, analyzing all the DPAPI enciphered blocks to acquire the first deciphering key information which comprises encipherment secret key unique identification, acquiring the master key files of each DPAPI enciphered block according to the encipherment secret key unique identification, analyzing the master key files to acquire the second deciphering key information which comprises a second annoyance value and a second secret key derive function iteration based on commands, and deciphering the DPAPI enciphered blocks according to a login password, system entropy parameters, the first deciphering key information and the second deciphering key information. The method and the system can achieve read only operation of the data source and meet the need of cross-platform without restriction of operating system.