DiabloHorn/cryptoshot
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
cryptoshot - making and saving encrypted screenshots
==== GENERAL
This application will make a screenshot of the desktop. If the desktop consists of multiple monitors
it should still work fine. However it has only been tested with a dual monitor setup.
The windows project has the added functionality of sending the screenshot to a server of your choosing.
cryptoshot uses public/private RSA keypairs to protect the AES 256bit session key.
Additionally a SHA512-HMAC is calculated over the encrypted data using a 256bit key.
All keys are random and you are encouraged to change the "personalization strings" in the code which are
used as input for the random number generation. The PRNG does not depend on them, but it's recommended
to change them.
==== USAGE
To use cryptoshot you need to prepare the cryptoshot binary with a public key:
C:\test>cryptoshot_init.py binaries\cryptoshot.exe http://youthost:portnumber/
Generating RSA keypair of size: 2048
Generation done
Saving private key to: private.key
Adding public key to binaries\cryptoshot.exe
Then you run cryptoshot which will produce a screen.enc file. You can decrypt this as follow:
C:\test>cryptoshot_decrypt.py binaries\screen.enc
Importing private rsa key private.key
Parsing encrypted screenshot screen.enc
Decrypting aes key and iv
Decrypting hmac key
Verifying hmac
Decrypting & decompressing screenshot
Saving decrypted screenshot
Make sure you don't loose the private RSA key or you will not be able to decrypt screenshosts.
If you want to test the cryptoshot_dll.dll you need to initialise the public key in the same manner.
You can take a screenshot using this:
rundll32.exe Release\cryptoshot_dll.dll,getencryptedscreenshot
Which will produce the same output as cryptoshot.exe.
You can setup the server by doing:
sudo apt-get install flask
Then you can just ./cryptoshot_server
==== FILE FORMATS
The modified executable file containing the public key looks like this:
|--------------------------|
| executable |
|--------------------------|
| public RSA key |
|--------------------------|
| length of public RSA key |
|--------------------------|
The encrypted file format looks like this:
|---------------------------------|
| length encrypted session key |
|---------------------------------|
| RSA-OAEP encrypted AES KEY + IV |
|---------------------------------|
| RSA-OAEP encrypted HMAC key |
|---------------------------------|
| HMAC of the encrypted data |
|---------------------------------|
| AES encrypted screenshot |
|---------------------------------|
==== FILE OVERVIEW
The following files are part of cryptoshot, the one with a * are the minimum required to use:
binaries/cryptoshot.exe*
uses winmain, thus it does not popup on screen when run
binaries/cryptoshot_cmd.exe
traditional main, mainly intended for debugging purposes
binaries/cryptoshot_dll.dll
Same as cryptoshot.exe but compiled as a DLL
python-code/cryptoshot_init.py*
generates rsa public/private keypair and appends them to cryptoshot
changes the post url
python-code/cryptoshot_decrypt.py*
verifies hmac and decrypts the screenshot
python-code/cryptoshot_server.py
enjoy,
DiabloHorn http://diablohorn.wordpress.comAbout
encrypted screenshots using RSA and AES
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published