HybridCrypt (Type 4)

Strength : Medium Not recommended

History : Unexistent | RFC Standard : Unexistent

This algorithm is considered to be one of the most secure algorithms introduced so far due to its ephemeral nature

Distinction

What makes this algorithm considered more secure compared to other types are two key factors

Cipher Selection

The cipher that is used to changes depending on the file name, meaning that various ciphers and cipher configuration are used (for example XTEA or Twofish) for different files

Encryption/Decryption Factors

The key and the IV used to decrypt a single file is unique, these two factors are only sent from the server after a successful login, forcing attackers to bruteforce a key for every single file encryption

Usage

This algorithm was introduced in the 40k branch, and it’s used until now (precise information is not confirmed)

Composition

The algorithm is divided in two parts:

  • The extension keys

  • The file encryption

Extension Keys

The extensions keys is a 16 byte key and 16 byte IV associated to an extension. The keys do not change based from the cryptation type used.

The keys are randomly generated during the creation of an EterPack.

An extension key is generated by performing the following actions:

  • Calculate an hash of the extension (the extension is written in lowercase and does not contain the . before the extension)

  • Generate two 16-byte values and associate them to the extension hash.

The hash used is simply a 32-bit FNV-1a hash function with the offset_basis set as 0. Written here, a modified version of a MIT implementation found here:

// License: MIT
// Famous 32 bits FNV-1a hash function by Glenn Fowler, Landon Curt Noll, and Phong Vo.
uint32_t fnv1a32(const char* apStr) {
    uint32_t hash = 0; // 32 bit offset_basis = 0

    for (uint32_t idx = 0; apStr[idx] != 0; ++idx) {
        // 32 bit FNV_prime = 224 + 28 + 0x93 = 16777619
        hash = (16777619U * hash) ^ static_cast<unsigned char>(apStr[idx]);
    }

    return hash;
}

File Encryption

A file is crypted with an unique key and IV generated from the extension key. Each file might be encrypted with a different cryptation type, as it’s chosen during the cryptation of the file.

A file is encrypted by doing the following actions:

  • Calculate a CRC32 of the filename (the filename will contain the extension and it’s all written in lower case)

  • Select the algorithm to use for cryptation

  • Get the extension key for the file

  • Generate the IV and key used for the algorithm from the extension key

The algorithm is chosen by doing the module of the filename crc with the encryption types (currently 3)

The key and IV are simply the extension key and IV XORed with the CRC filename (every 4 bytes of the key/IV is XORed)

Known encryption types

Camellia
Twofish
XTEA