nolze
commented
1 year ago Thank you for relaying!
After doing some investigation into the issue, I found that it seems that OneNote embedded objects do not re-new IVs for AES-CBC in every 4096 bytes as described in the MS-OFFCRYPTO spec, despite their close similarity. (This is the reason why the corruptions happen only around the boundaries.) Do you have any references on the encryption of OneNote embedded objects? Anyway, ultimately they are probably different, and it is likely that one-extract will need to use your modified version of ECMA376Agile.
I also found that both msoffcrypto-tool and one-extract need some small fixes regarding decryption. They haven't caused this problem, however. I'll report them later.
tlansec
Hello,
We maintain a small tool for extracting embedded objects in OneNote documents here:
https://github.com/volexity/threat-intel/tree/main/tools/one-extract
One of the things that is supported is the extracted of password-protected objects, for this we were using the following method from your library:
https://github.com/nolze/msoffcrypto-tool/blob/master/msoffcrypto/method/ecma376_agile.py
One user noticed that at each 4096 byte boundary there were 16 bytes of invalid data that were being added and provided test case files illustrating the issue:
https://github.com/volexity/threat-intel/issues/7
We have added a temporary fix here:
https://github.com/volexity/threat-intel/commit/42dc4f4f6559b606eda1fe0f34ef3e360eb70352
It's not 100% clear why our temporary fix (setting the
SEGMENT_LENGTHvalue to a size greater than the size of the file) works, some possible hypotheses are:emca376_agile.pycode.emca376_agile.py, is different (hard to figure out if this is the case, since there isn't a lot of material online describing it in detail.Cheers, Tom