1
$\begingroup$

I am engaged in the translation of encrypted files. I have several files encrypted in the same way.

The files consist of two parts:

48 byte header example - 3d0cabf4d76b4390de2ec129e718e32306239ecab7b083ae53053d850067a16c52170eeef2d774e5fe6078dcd9177a6a)

The file body is an encrypted text. It can be decoded as follows:

KEY = b"@_#*&Reverse2806                "
IV = b"!_#@2022_Skyfly)"
cipher = AES.new(KEY, AES.MODE_CBC, IV)

However, I don't understand if this encryption method is related to header generation.

Next, I identified the following patterns:

  • Any change to the file body completely changes the header
  • Since the header size is 48 bytes, this is not RSA encryption (not sure?)

In total, I can decrypt the file, but I also need to learn how to encrypt it back so that it passes the file authenticity check.

Does anyone have ideas on how to figure out how the header is constructed and which method is used to generate it?

Improve this question
$\endgroup$
2
  • 2
    $\begingroup$ Welcome. This is off-topic here. Probably just a SHA(3)-384 of the body. It's unclear how you decode the body since it contains the key and IV in plain text. $\endgroup$ Commented Nov 2 at 18:18
  • $\begingroup$ On being off-topic, you may want to check out this and this. Reverse engineering a DRM in addition carries legal implication, so unless you're a pentest practitioner submitting CVEs, consult your lawyer. $\endgroup$ Commented Nov 2 at 23:59

0

Reset to default

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.