Is it possible to analyze and decrypt personal message? [on hold]

Im working on my thesis to do some pentest on android application call Picmix. My research was test some vulnerability on this app if we using this on public WiFi. What im trying to do is test and analyzed some traffic or decrypt personal message without others devices knowing.

I use 2 smartphones with 2 my own account to do some personal message tests. It works fine for uploading and fetching image with driftnet on my kali.

This is for educational purpose only..

How do crypto coprocessors securely decrypt a disk without allowing bus sniffing?

I’m trying to understand how using a crypto co-processor chip can securely decrypt a disk without someone getting the decryption key by sniffing the bus it communicates on or loading the disk onto another computer and viewing the contents that way. Specifically, I’m trying to figure out how this works when someone has physical access to the device and the device needs to be decrypted without a password.

An example would be an ATM that has an embedded device that will boot on OS only if it is running on trusted hardware that has a crypto chip. In this case it is passwordless (there is no login to be able to use the ATM terminal). A malicious actor can get physical access to the board, but shouldn’t be allowed to sniff the bus between the crypto coprocessor and the main processor nor be allowed to remove the SD card and view the contents on a separate computer.

Consider the following situation:

  • Embedded system running Linux with a crypto chip that communciates over i2c
  • Disk is removable media such as an SD card and has full disk encryption
  • The device is passwordless, but only runs on the trusted hardware
  • The removable media cannot be loaded into another device and analyzed
  • The device/keys can be provisioned in a secure environment


  • How is it possible that the decryption key can be transmitted across the i2c bus without being intercepted?
    • I assume it uses public key encryption, but how is the private key on the disk side kept secret?
  • Can this setup work if the removable media is not paired with a specific crypto chip?
    • Example being the device gets a new SD card (but can still be decrypted with the crypto chip)

Decrypt T-SQL log backup header and read LSN

For some reason I need to read the LSN from the T-SQL logs backups without restoring them or even their headers (I assume even restoring only their headers will change the LSN on the database side too, but I’m not sure).

So is the T-SQL log backup files encrypted or does they have special structure? Any information as to where should I start?

Could anyone confirm or denies that restoring the header only wouldn’t affect the sys.fn_dblog or anything else?

Identity confirmation using PIN to decrypt previously issued token

I am building an app (for web and mobile) that requires a user pass two stages of authentication/authorisation in order to access a server-side API and subsequently use the app. First, they must supply valid credentials (username/password). Second, they must meet a series of variable criteria, for example the current time being within a defined range.

I am planning to implement this through the use of two tokens:

  • A long-term, randomly generated, opaque session token
  • A short-lived JWT authorisation token, with self-contained user and expiry data

On the client side, the presence of the session token would allow the user to skip re-entering their (hopefully long and complex) username/password. On the server side, a valid session token would be required to issue an authorisation token, and a valid authorisation token would be required to access the API.

While the goal of the session token is to simplify access (particularly on mobile devices) by removing the need to enter full username/password, I would prefer the user still re-confirm their identity before a new authorisation token is issued. A shorter numeric PIN (or potentially a fingerprint/face scan on supported devices) could allow this.

However, storing such a PIN along with the user’s other data on the server would require full management facilities, as with their password (“I forgot my PIN”). To avoid this overhead, I am thinking about the following approach.

On initial login (no known session token):

  • Ask for and submit username, password, and PIN.
  • If username/password are valid, generate the session token.
  • Encrypt the session token under a key derived from a server-known secret plus the submitted PIN.
  • Return the encrypted session token to the client.

On subsequent login (known session token):

  • Ask for PIN.
  • Submit PIN and encrypted session token.
  • Decrypt the session token, using the submitted PIN, and compare the result to that stored on the server.
  • If the decrypted session token matches a valid session, the user has confirmed their identity and an authorisation token can be issued.

In my mind, this allows a simple “identity confirmation” step with little overhead. The user can reset their PIN at any time simply by fully logging out and logging back in again, choosing a new PIN. And while the PIN is short and simple, it is combined with a server-known secret in order to derive the encryption key, so an offline brute-force of the encrypted session token should be extremely difficult. And server-side use of a slow key derivation function, rate limiting, and lockouts on failed attempts should mitigate online attacks on the PIN.

So my question is: is my thinking correct? Is this a secure way to achieve my goal?

Windows Forms decrypt password SQL Entity Framework

tengo la siguiente cuestión, necesito hacer un proyecto en windows forms que consulte datos de una base de SQL que fue generada por Entity Framework, entonces estoy tratando de comparar contraseñas entre la que ingreso por WF con la que tengo en la base de datos, la cuestion está en que EF encripta los datos de la contraseña y por tanto si lo tengo que comparar pues, necesito desencriptarlo. Esto es una suposición, no se haya otra forma de comparar estos datos. Y pues este es el código que tengo

public partial class MainWindow : Window {     private Models.SecurityController _security;     public MainWindow()     {         InitializeComponent();         _security = new Models.SecurityController();     }      private void Button_Click(object sender, RoutedEventArgs e)     {         var email = EmailInput.Text;         var pass = PassInput.Password;         email = email.Replace(" ", "");         if (email == "" )         {             EmailInput.Focus();             Errorlbl.Content = "Por favor utiliza un mail valido";         }         else if (pass == "")         {             PassInput.Focus();             Errorlbl.Content = "Por favor utiliza una contraseña";         }         else if (email != null && pass != null)         {             using (DBEnt db = new DBEnt())             {                 var item = db.AspNetUsers.Where(u => u.Email.Equals(email)).FirstOrDefault();                  if (item == null)                 {                     Errorlbl.Content = "Usuario mail invalido";                 }                 else {                     Errorlbl.Content = "Usuario valido";                 }                  var query =                 db.AspNetUsers.Where(u => u.Email.Equals(email)).FirstOrDefault();                 var hashedpassword = query.PasswordHash;                 var unhashed = _security.Decrypt(pass, hashedpassword);             }         }     } } 

hasta este punto hashedpassword me devuelve null

Y todo esta es la clase SecurityController

class SecurityController {     public string Encrypt(string key, string data)     {         string encData = null;         byte[][] keys = GetHashKeys(key);          try         {             encData = EncryptStringToBytes_Aes(data, keys[0], keys[1]);         }         catch (CryptographicException) { }         catch (ArgumentNullException) { }          return encData;     }      public string Decrypt(string key, string data)     {         string decData = null;         byte[][] keys = GetHashKeys(key);          try         {             decData = DecryptStringFromBytes_Aes(data, keys[0], keys[1]);         }         catch (CryptographicException) { }         catch (ArgumentNullException) { }          return decData;     }      private byte[][] GetHashKeys(string key)     {         byte[][] result = new byte[2][];         Encoding enc = Encoding.UTF8;          SHA256 sha2 = new SHA256CryptoServiceProvider();          byte[] rawKey = enc.GetBytes(key);         byte[] rawIV = enc.GetBytes(key);          byte[] hashKey = sha2.ComputeHash(rawKey);         byte[] hashIV = sha2.ComputeHash(rawIV);          Array.Resize(ref hashIV, 16);          result[0] = hashKey;         result[1] = hashIV;          return result;     }      //source:     private static string EncryptStringToBytes_Aes(string plainText, byte[] Key, byte[] IV)     {         if (plainText == null || plainText.Length <= 0)             throw new ArgumentNullException("plainText");         if (Key == null || Key.Length <= 0)             throw new ArgumentNullException("Key");         if (IV == null || IV.Length <= 0)             throw new ArgumentNullException("IV");          byte[] encrypted;          using (AesManaged aesAlg = new AesManaged())         {             aesAlg.Key = Key;             aesAlg.IV = IV;              ICryptoTransform encryptor = aesAlg.CreateEncryptor(aesAlg.Key, aesAlg.IV);              using (MemoryStream msEncrypt = new MemoryStream())             {                 using (CryptoStream csEncrypt =                         new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))                 {                     using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))                     {                         swEncrypt.Write(plainText);                     }                     encrypted = msEncrypt.ToArray();                 }             }         }         return Convert.ToBase64String(encrypted);     }      //source:     private static string DecryptStringFromBytes_Aes(string cipherTextString, byte[] Key, byte[] IV)     {         byte[] cipherText = Convert.FromBase64String(cipherTextString);          if (cipherText == null || cipherText.Length <= 0)             throw new ArgumentNullException("cipherText");         if (Key == null || Key.Length <= 0)             throw new ArgumentNullException("Key");         if (IV == null || IV.Length <= 0)             throw new ArgumentNullException("IV");          string plaintext = null;          using (Aes aesAlg = Aes.Create())         {             aesAlg.Key = Key;             aesAlg.IV = IV;              ICryptoTransform decryptor = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV);              using (MemoryStream msDecrypt = new MemoryStream(cipherText))             {                 using (CryptoStream csDecrypt =                         new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))                 {                     using (StreamReader srDecrypt = new StreamReader(csDecrypt))                     {                         plaintext = srDecrypt.ReadToEnd();                     }                 }             }         }         return plaintext;     } }    

Quiza me estoy complicando mucho, alguien sabe como puedo hacer esto mejor o si lo estoy haciendo bien?

Use TPM 2.0 to automatically decrypt the SD Card in Raspbian OS

I’m a college student trying to complete the first part of a rather large project, but I’m new to TPM, and Linux. What I’m trying to do is have TPM handle automatic decryption of the root ext4 partition on the sd card upon boot. I have a Raspberry Pi 4 with Raspbian Buster installed. I’ve successfully encrypted the root already using this guide:

Raspbian Stretch Luks Encrypt

After that, I was able to type in a password at boot, so my next step was to try and automatically decrypt the sd card at boot with an Infineon TPM I have installed on the GPIO. My supporting software environment for the TPM includes tpm2-tools, tpm2-tss, and the tpm2-abrmd, and I can verify that all are working correctly.

I saw another post on stack exchange that mentioned using clevis along with the clevis-luks and clevis-tpm2 packages to accomplish this:

Use TPM2.0 to securely decrypt the hard drive in Linux — unattended

A contributor’s answer to the post suggested to try the clevis bind command. I went ahead and tried it myself, and the command executes without issue, but when I reboot, it seems the TPM is not handling the decryption as I am still prompted for a password.

I even found another guide that mentions using dracut with clevis-dracut so that the clevis module is loaded early, thus the sd card should automatically decrypt – assuming that the clevis module is communicating with the TPM to “unlock” the sd card, but that still hasn’t worked for me. That guide can be found here:

TPM Encryption in Fedora Linux

I realize it’s not Fedora I’m working with, but most of what’s in that guide should still apply. My question is, what am I doing wrong here? If there’s anyone that may be able to shed some light on my approach, I would greatly appreciate it.

Decrypt file using Key and Initialization Vector in Linux

I am Salesforce developer but new to the Security World as well as Linux. We encrypted a file with Key and initialization Vector in Salesforce(only symmetric encryption is possible in Salesforce). No we are working with partner team to decrypt the same in their linux system using gpg and OpenSSL. But we were not able to.

Note : The Key and Vector we are using are in Hexadecimal. and the Algorithm we have used to encrypt is AES128.

GPG approach:

GPG seems to need the Passphrase which does not seem to be the key i’ve used for encrypting.Would it be possible to decrypt the file with just Key and IV in gpg at all?

OpenSSL approach:

We are also trying to explore OpenSSL if GPG does not work in our case. I have received the below command from the Salesforce product support but that does not work either. i got the response as bad decryption.

OpenSSL> enc -aes-128-cbc -d -a -nosalt -in C:\Testfiles\input.txt.enc -out C:\Testfiles\output.txt -K mywhateverkey -iv mywhateveriv

can the Experts of openssl or GPG shed some light?

How to decrypt captured GRE sessions

I have an old server (Windows Server 2003) that has a few externally visable services. Recently, I started collecting PCAP data through this machine and noticed a 500+ second GRE session from a suspicious IP address that involved an exchange of over 16MB. I have the SSL handshake in the PCAP data, and access to the box to pull certificates, but I don’t know how to decrypt this session to determine what the traffic involved. The suspicious IP established the connect to my server.

Does anyone have recommendations on how to decrypt the session to see what this person/people did during the 10 minute session?