This GitHub repository contains files that assist in cryptanalytic attacks on E-Safenet encryption. Several attacks were developed that may partially or fully recover E-Safenet encryption keys.
- Known-plaintext attack
- Probable-plaintext attack
- Against source code files
- Against binary files
- Ciphertext-only attack
All specifics and attacks are document in the research paper on E-Safenet encryption.
The python scripts provided can be used to encrypt and decrypt using the E-Safenet encryption, or to extract encryption keys.
Two main files are available:
- esafenet.py: command-line interface to known-plaintext and probable-plaintext attacks
- esafenet_gui.py: GUI interface for the ciphertext-only attack
Prior to using these scripts, the simplelzo1x module has to be compiled first. This module provides an interface to the LZO v1.00 compression library.
cd simplelzo1x && sudo python setup.py install
More information about the library can be found in the README file in the simplelzo1x directory.
usage: esafenet.py [-h] [--infile INFILE] [--key KEY] [--outfile OUTFILE]
[--infolder INFOLDER] [--outfolder OUTFOLDER]
[--comp_file COMP_FILE] [--type pattern_type]
[--language text_pattern_language]
action
E-safenet encryption/decryption/key generation
positional arguments:
action Action to perform
Should be one of ['encrypt', 'decrypt', 'encrypt_folder',
'decrypt_folder', 'keygen', 'findkey', 'pattern_decrypt']
optional arguments:
-h, --help show this help message and exit
--infile INFILE Input file
--key KEY Key file
--outfile OUTFILE Output file
--infolder INFOLDER Input folder
--outfolder OUTFOLDER
Output folder
--comp_file COMP_FILE
Plaintext comparison file used by findkey
--type pattern_type Type for pattern decrypt (binary or text)
--language text_pattern_language
Language for text pattern decrypt (C, PHP or CS)
- Recovering the encryption key of a binary file (probable-plaintext attack):
$ python esafenet.py pattern_decrypt --type binary --infile encrypted.xls --outfile key.dat
Decryption: key written to key.dat (4 0-bytes)
- Decrypting an E-Safenet file using a provided key:
$ python esafenet.py decrypt --infile encrypted.xls --key key.dat --outfile decrypted.xls
Decryption: 153400 bytes written to decrypted.xls
- Recovering the key using the known-plaintext attack:
$ python esafenet.py findkey --infile encrypted.xls --comp_file decrypted.xls --outfile key.dat
Succes: key written to key.dat
- Recovering the encryption key of source code files (probable-plaintext attack, C#):
$ python esafenet.py pattern_decrypt --type text --infolder srcfiles --outfolder /tmp --language CS --outfile key.dat
Match found!! ...
If you get errors/crashes, they are probably caused by the LZO compression library. The first 512 bytes of an E-Safenet encrypted file are compressed. When using a wrong key, decompression may fail and lead to a crash. You can temporarily disable decompression of the first block by changing the plain_header variable in esafenet.py to an empty string:
plain_header = ""
# plain_header = simplelzo1x.decompress(decr_header)
The GUI app esafenet_gui.py can be used for the ciphertext-only attack. More information about this attack can be found in the research paper.
- menu -> Open folder or file, select an E-Safenet file, or a folder containing only E-Safenet files encrypted with the same key.
- menu -> Analyze, analyzes the files, tries to maximize plaintext in the file(s), as described in the report.
Note: The analyze step may take some time (15s for 200kB on my 5y/o laptop, displaying results in thhe grid takes even longer...)
Results are displayed as-is, this program is not complete. Feel free to do with it as you see fit.
For the mathematical implementation of the ciphertext-only attack, cplex_coa.mod provides a CPLEX model for the Binary Integer Programming problem that represents the maximization of printable characters in an E-Safenet encrypted document.
The code was released under the GPLv2 license.