HybridCrypt (Type 4)

Summary

Distinction

What makes this algorithm type explicitly considered more secure compared to other types are the two key factors below

Usability

The algorithm that is used changes from the file name, this means that new algorithms can be used and implement in newer versions

Cryptography

The key and the IV used to decrypt the data are sent from the server after a successful login, forcing the user to bruteforce a key for every single file extension encrypted.

Usage

This algorithm was introduced in the 40k branch and its used until now (precise information is not confirmed)

Composition

The algorithm is divided in two parts:

  • The extension keys

  • The file cryptation

Extension Keys

The extensions keys is a 16 byte key and 16 byte IV associated to an extension. The keys do not change based from the cryptation type used.

The keys are randomly generated during the creation of an EterPack.

An extension key is generated by performing the following actions:

  • Calculate an hash of the extension (the extension is written in lowercase and does not contain the . before the extension)

  • Generate two 16-byte values and associate them to the extension hash.

The hash used is simply a 32-bit FNV-1a hash function with the offset_basis set as 0. Written here, a modified version of a MIT implementation found here:

// License: MIT
// Famous 32 bits FNV-1a hash function by Glenn Fowler, Landon Curt Noll, and Phong Vo.
uint32_t fnv1a32(const char* apStr) {
    uint32_t hash = 0; // 32 bit offset_basis = 0

    for (uint32_t idx = 0; apStr[idx] != 0; ++idx) {
        // 32 bit FNV_prime = 224 + 28 + 0x93 = 16777619
        hash = (16777619U * hash) ^ static_cast<unsigned char>(apStr[idx]);
    }

    return hash;
}

File Encryption

A file is crypted with an unique key and IV generated from the extension key. Each file might be encrypted with a different cryptation type, as it’s chosen during the cryptation of the file.

A file is encrypted by doing the following actions:

  • Calculate a CRC32 of the filename (the filename will contain the extension and it’s all written in lower case)

  • Select the algorithm to use for cryptation

  • Get the extension key for the file

  • Generate the IV and key used for the algorithm from the extension key

The algorithm is chosen by doing the module of the filename crc with the encryption types (currently 3)

The key and IV are simply the extension key and IV XORed with the CRC filename (every 4 bytes of the key/IV is XORed)

Known encryption types

Camellia
Twofish
XTEA