search

SafeExamBrowser / seb-win

Safe Exam Browser 2.x for Windows. IMPORTANT: This is the legacy version which isn't actively developed anymore.
https://safeexambrowser.org/windows/win_usermanual_en.html
69 stars 52 forks source link

.seb encryption/decryption for python #73

Closed harveyslash closed 5 years ago

harveyslash commented 5 years ago

I am using the python implementation of RNCryptor

https://github.com/RNCryptor/RNCryptor-python

From what I understand, all of the encryption/decryption happens via RNCryptor so it should be pretty much plug and play.

This is what I have done so far: My password for the file is 'password'

import rncryptor
cryptor = rncryptor.RNCryptor()
binary = open("./SebClientSettings.seb",'rb').read()
decrypted_data = rncryptor.decrypt(binary, 'password')

However, I get the error:

Bad data

What am I doing wrong?

dbuechel commented 5 years ago

SEB configuration files are usually gzip-compressed, as is described here: https://safeexambrowser.org/developer/seb-file-format.html. Thus, you probably need to decompress the file before attempting to decrypt it.

harveyslash commented 5 years ago

Thanks for the help!

I tried this:

import rncryptor
cryptor = rncryptor.RNCryptor()
f = gzip.open('/Users/harshvardhangupta/beatest/SEB/SebClientSettings.seb', 'rb')
file_content = f.read()
f.close()
decrypted_data = rncryptor.decrypt(file_content, 'password')

And I get the same error

DecryptionError: Bad data

danschlet commented 5 years ago

Have you had a look at the format of .seb config files at all? The format uses prefixes to specify the encryption method(s) used (password, for which RNCryptor is used) or X.509 identity certificates. You need to parse the encrypted .seb file first and strip those prefix headers before you get the encrypted settings data.

harveyslash commented 5 years ago

Thanks. I missed the part where I needed to strip the first 4 bytes. 

import gzip
import rncryptor
cryptor = rncryptor.RNCryptor()
f = gzip.open('somefile.seb', 'rb')
file_content = f.read()
f.close()
decrypted_data = rncryptor.decrypt(file_content[4:], 'mypass')

(my first three bytes are: pswd) And now the error is:

UnicodeDecodeError: 'utf-8' codec can't decode byte 0x8b in position 1: invalid start byte

dbuechel commented 5 years ago

It is imperative that you study the file format, all necessary information is recorded there: https://safeexambrowser.org/developer/seb-file-format.html. Case in point:

[...] an encrypted .seb file uses the gzip compression twice: Once on the plain XML text data to reduce its size and a second time on the final, encrypted and prefixed data.

I do not know the library you're using, but I suspect that it expects the decrypted data to be a Unicode string, whereas it actually is gzip compressed data (containing the UTF-8-encoded XML).

harveyslash commented 5 years ago

Thanks for the response. I am sorry if it sounds like I have not done my research, but I am trying my best.

I did try 

gzip.decompress( file_content[4:])

to decompress the file without the headers (after decompressing it once already).

But this gives me an OS error:

Not a gzipped file (b'\x03\x01')

dbuechel commented 5 years ago

I think the issue now is, as mentioned above, the library you're using: It expects the decrypted data to be a Unicode string and thus tries to decode it as such, but in reality the decrypted data is gzip compressed. This means, after decryption, you need to decompress the decrypted data and only then do you end up with the UTF-8-encoded, raw XML data.

You're trying: GZIP(file) -> RNC(file without header) -> XML The format is: GZIP(file) -> RNC(file without header) -> GZIP(decrypted data) -> XML

harveyslash commented 5 years ago

Hi, Thanks for the help.

I had to modify the library to make it not try to decode.

When I do use rncryptor, it is able to decrypt it without errors (putting a wrong password throws an error, so its working).

But when I am trying to decompress that result like this:

gzip.decompress(MYRNC.decrypt(file_content[4:], 'myPass'))

I get error: Not a gzipped file (b'\x0e\x0e')

harveyslash commented 5 years ago

I was able to successfully decrypt the data using this:

zlib.decompress(RESULTFROMRNC,15 + 32)

Thanks for your patience

dbuechel commented 5 years ago

Great, happy to help.

ganzyhax commented 3 years ago

Can you guys send me code???)

ganzyhax commented 3 years ago

I was able to successfully decrypt the data using this:

zlib.decompress(RESULTFROMRNC,15 + 32)

Thanks for your patience

can you send me code?

ganzyhax commented 3 years ago

I was able to successfully decrypt the data using this:

zlib.decompress(RESULTFROMRNC,15 + 32)

Thanks for your patience

import zlib import gzip import rncryptor cryptor = rncryptor.RNCryptor()

binary = gzip.open("winseb.seb", 'rb') f = binary.read() binary.close()

im getting error here

dec_data = (rncryptor.decrypt(f[4:], 'iitu'))

print(zlib.decompress(dec_data,15 + 32))

ganzyhax commented 3 years ago

is it true???

janzmazek commented 3 years ago

@ganzyhax check my answer on stackoverflow: https://stackoverflow.com/questions/65978849/is-it-possible-to-decrypt-seb-file-having-password/66081415?noredirect=1#comment116841128_66081415