crypthook's Introduction

CryptHook

CryptHook is a modular implementation for securing existing applications with symmetrical block cipher encryption. It works by hooking the base system calls for network communication send/sendto and recv/recvfrom. Crypthook will work with any existing application that relies on these system calls.

Crypto

CryptHook relies on AES in GCM mode using a 256 bit key. Keys are generated from passphrases using PBKDF2. IVs are constructed on the fly using random bytes of data, and the same key derivation technique to reconstruct the initialization vector on the receiving end in order to keep overhead to a minimum. Authentication of each packet is also verified.

DISCLAIMER

The following characteristics must be changed if you are going to use this for anything reasonably secure. All configuration can be changed in crypthook.c using the following #defines.

#define KEY_SALT "changeme"
#define IV_SALT "changeme"
#define ITERATIONS 1000

#define PASSPHRASE "Hello NSA"

KEY_SALT and ITERATIONS are used in the key derivation process to change the plain text passphrase into a 256 bit key.

IV_SALT and ITERATIONS are used in the IV derivation process to change the 8 bytes of random data into a full IV for use with the algorithm.

PASSPHRASE is simply the default passphrase if none is provided via the CH_KEY environment variable.

Dependencies

libcrypto / openssl

Compiling

$ make

Example Use

Server
$ LD_PRELOAD=./crypthook.so CH_KEY=donthackmebro ncat -l -p 5000

Client
$ LD_PRELOAD=./crypthook.so CH_KEY=donthackmebro ncat server 5000

crypthook's People

Contributors

Stargazers

Watchers

crypthook's Issues

Add a release

Dude thank you for this code =)
Is it possible for you to tag a release with a version to your repo?
I am creating pisi packages (for PisiLinux ) and i need a download from github.

Cya!

Distribution request

Can you add a license to this one as well please?

doesn't work

[!] Error in EVP_DecryptUpdate()
this is what I'm getting when I try to send data through the ncat tunnel

I installed it on a few vmware operating systems and had the same problem on all of them

Security Audit

I have a hobby of auditing random crypto code I find on github, so I took a look at this one. There are two problems I found:

First, the way it checks if the key has already been generated will lead to unnecessary calls to PBKDF2, which could slow it down a lot:

    if (glob_key[0] == 0x00) // Generate key if its the first packet
            gen_key();

A random key will have the first byte 0 with probability 1 in 256. For such keys, PBKDF2 will be re-run for every call to encrypt_data.

Second, the same key is used for both directions (from the client to server, and server to client). This makes it possible to re-send one side of the connection's own packets back to itself and it will accept them as though the other client is sending them. Also, there are no sequence numbers, so packets can be re-ordered by the adversary and it will not be detected.

I suggest adding to the disclaimer section that it does not provide message authentication, since to claim message authentication those properties must be satisfied as well.

Recommend Projects

chokepoint / crypthook Goto Github PK

crypthook's Introduction

CryptHook

Crypto

DISCLAIMER

Dependencies

Compiling

Example Use

crypthook's People

Contributors

Stargazers

Watchers

Forkers

crypthook's Issues

Add a release

Distribution request

doesn't work

Security Audit

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent