0

I am trying to decrypt AES-CTR in SSH using the keys generated by the openssh/openssh-portable library. I extracted the keys successfully from memory. Now, after some printfs and research I found out that it seems like the initial counter is incremented for every encrypted packet, which means that a successor packet(not byte) has a different Counter value as the pre-packet. For my decryption I want to decrypt packet by packet, so now my question is:

  • Can I somehow get the "end" counter of the AES counter in the pycryptodome, so that I can use the "end" counter as my new initial counter for the decryption?

My pycrypo line looks like this: 

aes = AES.new(key_hex, AES.MODE_CTR, initial_value=iv_hex, nonce=b'')

Some links:

jww
  • 97,681
  • 90
  • 411
  • 885
JustPlayin
  • 89
  • 11
  • The counter is incremented for each block of plain text or cipher text processed. For AES, the block size is 16. – jww May 27 '19 at 23:53
  • Thanks. Jww. But Unfortunately that's not the question :) Do you maybe know how I can get the New counter value? Or is my thinking process completely wrong? I used console outputs to detect that the incrementing of the counter seems to start at the authentication step. In my opinion this means that the counter is a completely different one, once the actual decryption starts over the tunnel – JustPlayin May 28 '19 at 06:32
  • ah. You're right of course. Thanks – JustPlayin May 28 '19 at 06:56
  • Also, for CTR mode, you use the forward transformation for both encryption and decryption. The stream is produced by encrypting the counter, and then XOR'ing with the plain text or cipher text. If encryption starts with counter `0x00...01`, then decryption starts with `0x00...01`. – jww May 28 '19 at 07:04

0 Answers0