Axcrypt support
#7
Hello

I continued my research ...

I downloaded Axcrypt2john here: https://github.com/magnumripper/JohnTheR...pt2john.py

The program looks like this:

#! / usr / bin / python

# Analyseur de fichiers cryptés AxCrypt 1.x pour JtR
# 2016 par Fist0urs <eddy.maaalou at gmail.com>.

# Ce logiciel est Copyright (c) 2016, Fist0urs <eddy.maaalou at gmail.com>,
# et il est par la présente mis à la disposition du public en vertu des termes suivants:
# Redistribution et utilisation sous forme source et binaire, avec ou sans modification,
# sont autorisés.

import sys, struct

Le fichier # commence par un en-tête constant de 16 octets
GUID = '\ xc0 \ xb9 \ x07 \ x2e \ x4f \ x93 \ xf1 \ x46 \ xa0 \ x15 \ x79 \ x2c \ xa1 \ xd9 \ xe8 \ x21'
OFFSET_TYPE = 4
SIZE_KEYDATA = 24 # taille de la constante dans keywrap (0xA6 * 8) + taille de DEK (16)
SIZE_SALT = 16
SIZE_ITERATION = 4

StructKeys = []

def usage ():
print >> sys.stderr, 'utilisation:% s <axxfile> [fichier-clé] \ n'% sys.argv [0]
print >> sys.stderr, 'Script pour extraire le hachage du fichier crypté AxCrypt ou du binaire auto-décryptant \ n'
print >> sys.stderr, 'arguments optionnels: \ n chemin KEY-FILE vers le fichier clé facultatif fourni'
sys.exit (1)

def DWORD_to_int (string_dword):
string_dword_reversed = string_dword [:: - 1]
return int ('0x' + str (string_dword_reversed.encode ('hex')), 16)

def parse_PE (axxdata):
i = 0
while (axxdata [i: i + 16]! = GUID):
i + = 1
retour axxdata [i:]

def parse_axxfile (axxfile):
stream = ouvert (axxfile, 'rb')
axxdata = stream.read ()
stream.close ()

# si l'en-tête est 'MZ'
si axxdata [: 2] == '\ x4D \ x5a':
offset_PE_magic = struct.unpack ('<L', axxdata [60:64]) [0]
# si "PE" suppose que PE
si axxdata [offset_PE_magic: offset_PE_magic + 2] == '\ x50 \ x45':
axxdata = parse_PE (axxdata)

sizeof_file = len (axxdata)

if (axxdata [: 16]! = GUID):
print "Attention, GUID est différent de celui d'axcrypt ..."

header_datalen_offset = 16
headertype = '\ x02' # premier type rencontré

# headertype de la section dataencrypted est 0x3f
while (type d'en-tête! = 63):
header_datalen = ord (axxdata [header_datalen_offset])
headertype = ord (axxdata [header_datalen_offset + OFFSET_TYPE])

# probablement une clé StructKey
if (header_datalen == 49 et headertype == 04):
offset_to_keydata = header_datalen_offset + OFFSET_TYPE + 1
offset_to_salt = offset_to_keydata + SIZE_KEYDATA
offset_to_iteration = offset_to_salt + SIZE_SALT

dword_str = axxdata [offset_to_iteration: offset_to_iteration + SIZE_ITERATION]

StructKeys.append ({'KeyData': axxdata [offset_to_keydata: offset_to_salt]
, 'Salt': axxdata [offset_to_salt: offset_to_iteration]
, 'Itération': DWORD_to_int (dword_str)})

header_datalen_offset + = header_datalen

if (header_datalen_offset> = sizeof_file):
print "Impossible d'analyser le fichier, de quitter"
sys.exit (0)
return StructKeys [0] ['KeyData'], StructKeys [0] ['Salt'], StructKeys [0] ['Iteration']

si __name __ == "__ main__":
if (len (sys.argv)! = 2 et len (sys.argv)! = 3):
usage()

# A_DEK == wrappedKey
wrappedKey, Salt, nb_iteration = parse_axxfile (sys.argv [1])

version = 1

keyfile_content = ''
key_file_name = ''
# Bande muette sur le chemin relatif
axxfile = sys.argv [1] [sys.argv [1] .rfind ("/") + 1:]

if (len (sys.argv) == 3):
keyfile = ouvert (sys.argv [2], 'r')
keyfile_content = '*' + keyfile.read (). encoder ("hex")
key_file_name = '*' + sys.argv [2] [sys.argv [2] .rfind ("/") + 1:]
keyfile.close ()

print axxfile + nom_fichier_clé + ": $ axcrypt $" + "*" + str (version) + "*" + str (nb_iteration) + "*" + Salt.encode ("hex") + "*" + wrappedKey.encode ("hex") + keyfile_content




I downloaded Python 2.7

In the command line, I typed this:

C: \ Python27> python axcrypt2john.py R485hgtd-jpg.axx        (>it's my encrypted photo name)

But I get an error that is:
File "axcrypt2john.py", line 13
     The # file starts with a constant header of 16 bytes

I don't know what to do, does anyone have an idea?

Thank you


Messages In This Thread
Axcrypt support - by Nubbin - 06-27-2018, 08:25 PM
RE: Axcrypt support - by undeath - 06-27-2018, 11:49 PM
RE: Axcrypt support - by Nubbin - 06-28-2018, 12:33 AM
RE: Axcrypt support - by atom - 06-28-2018, 04:38 PM
RE: Axcrypt support - by Nubbin - 06-28-2018, 07:40 PM
RE: Axcrypt support - by laulaf - 07-21-2018, 06:33 PM
RE: Axcrypt support - by laulaf - 07-21-2018, 08:20 PM
RE: Axcrypt support - by undeath - 07-22-2018, 07:48 PM
RE: Axcrypt support - by laulaf - 07-24-2018, 06:04 PM
RE: Axcrypt support - by undeath - 07-24-2018, 08:41 PM
RE: Axcrypt support - by laulaf - 07-26-2018, 02:12 PM
RE: Axcrypt support - by undeath - 07-26-2018, 02:26 PM
RE: Axcrypt support - by laulaf - 07-27-2018, 04:30 PM
RE: Axcrypt support - by undeath - 07-27-2018, 04:50 PM
RE: Axcrypt support - by laulaf - 07-29-2018, 06:36 PM
RE: Axcrypt support - by undeath - 07-29-2018, 07:47 PM
RE: Axcrypt support - by atom - 07-30-2018, 07:43 PM
RE: Axcrypt support - by laulaf - 07-31-2018, 05:46 PM
RE: Axcrypt support - by laulaf - 07-31-2018, 05:56 PM
RE: Axcrypt support - by Nubbin - 07-31-2018, 06:51 PM
RE: Axcrypt support - by undeath - 07-31-2018, 07:24 PM
RE: Axcrypt support - by laulaf - 08-02-2018, 12:26 PM
RE: Axcrypt support - by laulaf - 08-02-2018, 01:36 PM
RE: Axcrypt support - by undeath - 08-02-2018, 04:27 PM
RE: Axcrypt support - by laulaf - 08-02-2018, 06:30 PM
RE: Axcrypt support - by laulaf - 08-03-2018, 11:35 AM
RE: Axcrypt support - by undeath - 08-03-2018, 11:38 AM
RE: Axcrypt support - by laulaf - 08-03-2018, 01:59 PM
RE: Axcrypt support - by laulaf - 08-03-2018, 05:08 PM