Decrypt file in python that is encrypted by Inferno EtM_EncryptTransform

[niranjan94]

I have a file that was encrypted with EtM_EncryptTransform. I'm attempting to decrypt the file on python using the Cryptodome library.

But the decryption is not working. I'm am probably doing something wrong in terms of the counter or something. Any help would be great 😄

---

The following is the python code snippet

import os
import struct

from Cryptodome.Cipher import AES
from Cryptodome.Hash import SHA256

def decrypt_file(key, in_filename, out_filename=None, chunksize=2048):
    if not out_filename:
        out_filename = os.path.splitext(in_filename)[0]

    with open(in_filename, 'rb') as infile:
        fsz = struct.unpack('<Q', infile.read(struct.calcsize('<Q')))[0]
        decryptor = AES.new(key, AES.MODE_CTR, initial_value=1)

        with open(out_filename, 'wb') as outfile:
            while True:
                data = infile.read(chunksize)
                n = len(data)
                if n == 0:
                    break
                decd = decryptor.decrypt(data)
                n = len(decd)
                if fsz > n:
                    outfile.write(decd)
                else:
                    outfile.write(decd[:fsz])
                fsz -= n

key_bytes = 'NOT IN REPO'.encode('utf-8')

decrypt_file(key_bytes, 'in_file.enc', 'out_file.pdf')

[sdrapkin]

@niranjan94 EtM_EncryptTransform and its output-structure are more complicated than an simple AES_CTR encryption. The exact implementation is described here. I'm not familiar with PyCryptodome to provide a Python equivalent.

[niranjan94]

@sdrapkin thanks for the response. Will read more on the implementation and try to get an equivalent in python 😄