HybridCrypt (Type 4)¶
Strength : Medium Not recommended
History : Unexistent | RFC Standard : Unexistent
This algorithm is considered to be one of the most secure algorithms introduced so far due to its ephemeral nature
Distinction¶
What makes this algorithm considered more secure compared to other types are two key factors
Cipher Selection¶
The cipher that is used to changes depending on the file name, meaning that various ciphers and cipher configuration are used (for example XTEA or Twofish) for different files
Encryption/Decryption Factors¶
The key and the IV used to decrypt a single file is unique, these two factors are only sent from the server after a successful login, forcing attackers to bruteforce a key for every single file encryption
Usage¶
This algorithm was introduced in the 40k branch, and it’s used until now (precise information is not confirmed)
Composition¶
The algorithm is divided in two parts:
The extension keys
The file encryption
Extension Keys¶
The extensions keys is a 16 byte key and 16 byte IV associated to an extension. The keys do not change based from the cryptation type used.
The keys are randomly generated during the creation of an EterPack.
An extension key is generated by performing the following actions:
Calculate an hash of the extension (the extension is written in lowercase and does not contain the . before the extension)
Generate two 16-byte values and associate them to the extension hash.
The hash used is simply a 32-bit FNV-1a hash function with the offset_basis set as 0. Written here, a modified version of a MIT implementation found here:
// License: MIT
// Famous 32 bits FNV-1a hash function by Glenn Fowler, Landon Curt Noll, and Phong Vo.
uint32_t fnv1a32(const char* apStr) {
uint32_t hash = 0; // 32 bit offset_basis = 0
for (uint32_t idx = 0; apStr[idx] != 0; ++idx) {
// 32 bit FNV_prime = 224 + 28 + 0x93 = 16777619
hash = (16777619U * hash) ^ static_cast<unsigned char>(apStr[idx]);
}
return hash;
}
File Encryption¶
A file is crypted with an unique key and IV generated from the extension key. Each file might be encrypted with a different cryptation type, as it’s chosen during the cryptation of the file.
A file is encrypted by doing the following actions:
Calculate a CRC32 of the filename (the filename will contain the extension and it’s all written in lower case)
Select the algorithm to use for cryptation
Get the extension key for the file
Generate the IV and key used for the algorithm from the extension key
The algorithm is chosen by doing the module of the filename crc with the encryption types (currently 3)
The key and IV are simply the extension key and IV XORed with the CRC filename (every 4 bytes of the key/IV is XORed)
Known encryption types¶
Camellia
Twofish
XTEA