0

So I am trying to decrypt a connection over SSH using pycryptodome. I have the key and the IV extracted from memory (I am working inside a virtual environment), which are 100% correct, which were used for encrypting the data. Now I want to decrypt the stuff afterwards. My code looks as follows:

key="1A0A3EBF96277C6109632C5D96AC5AF890693AC829552F33769D6B1A4275EAE2"
iv="EB6444718D73887B1DF8E1D5E6C3ECFC"

key_hex=binascii_a2b_hex(key)  
iv_hex=binascii_a2b_hex(iv)    
ctr = Counter.new(128, prefix=iv_hex, initial_value = 0)    
aes = AES.new(key, AES.MODE_CTR, counter = ctr)    
decrypted = aes.decrypt(binascii.a2b_hex(cipher).rstrip())    
print(decrypted)

The problem is now that the counter is too big (32 bytes) for the blocksize which is 16 byte in AES. However, I found out that you need the IV as the prefix in your counter if you want to decrypt AES-CTR plus the initial_value set to 0. Therefore I already have 16 Byte with only the Prefix. When I know want to set the first value in the counter object to 0 it does not work. Is it even possible to decrypt AES-CTR with a 16 Byte IV using pycryptodome? Or maybe someone of you sees my error. Any help would be much appreciated. Thanks in advance!

Edit: Thanks to SquareRootOfTwentyThree I solved the pycryptodome problem. Unfortunately the decryption is still not working so I opened a new Thread. openssh/opensshportable, which key should I extract from memory?

JustPlayin
  • 89
  • 11
  • Welcome to crypto.stackexchange - This appears to be a programming question, and programming questions are off-topic here even if they are about cryptography. Programming questions belong on stackoverflow. I can migrate this there for you. – Ella Rose May 16 '19 at 15:15
  • Why do you say that "the counter is too big (32 bytes)"? – SquareRootOfTwentyThree May 17 '19 at 16:54
  • @SquareRootOfTwentyThree I get the error that the counter is too big. Apparently the counter is only allowed to be as big as the Block size. Which is 16 Byte. But my prefix has to have already 16 Byte.... – JustPlayin May 18 '19 at 11:52

1 Answers1

2

As per Chapter 4 in RFC4344, SSH uses SDCTR mode (stateful-decryption CTR mode), which means that the counter block is a 128-bit counter, starting with a value represented in the IV as encoded in network order, and with no fixed parts (unlike NIST CTR mode).

With PyCryptodome, you do that with:

aes = AES.new(key_hex, AES.MODE_CTR, initial_value=iv_hex, nonce=b'')

Note: there seems to be an error in your code - you initialize the cipher with key (hexadecimal string) and not key_hex (bytes).

SquareRootOfTwentyThree
  • 7,606
  • 32
  • 43
  • thanks a lot.But now I get the error: "Valueerror: Incorrect length for counter byte string (16 Bytes, expected 8). Do you know maybe what could be the problem. After the definition the counter byte string should be 16 Byte shouldn't it? – JustPlayin May 19 '19 at 19:19
  • I edited the answer (as I forgot the `nonce` parameter). – SquareRootOfTwentyThree May 19 '19 at 20:25
  • Ok. Unfortunately, my output is still not the correct one. But At least I now no longer get errors by executing this function. Thanks a lot. – JustPlayin May 19 '19 at 20:57
  • I am new to stackoverflow, so if I know want to ask my new problem, should I do this here? Or should I open a new thread? – JustPlayin May 20 '19 at 08:12
  • Ok. Did it hear: https://stackoverflow.com/questions/56217725/openssh-opensshportable-which-key-should-i-extract-from-memory – JustPlayin May 20 '19 at 09:14