How Python Decrypts Encrypted Files and Reads

Asked 2 years ago, Updated 2 years ago, 118 views

I would like to decrypt the python (pygame) pre-encrypted file for processing.
By decrypting it and writing it out to a file, I was able to restore it to the state before encryption.
I'm worried that if things go on like this, users will be able to handle the files they've written.

I would like you to tell me how to deal with this situation.

Below is the sample source

importos
import pygame
from Crypto.PublicKey import RSA
from Crypto.Cipher import AES, PKCS1_OAEP

TARGET_PATH=os.path.join(os.path.dirname(__file__), "../data")

PEM="===himitsukagi==="

defdecrypto_file(path):
    # decoding
    file_in=open(path, "rb")
    private_key=RSA.import_key(PEM)
    enc_session_key, nonce, tag, ciphertext = [ file_in.read(x) for x in (private_key.size_in_bytes(), 16, 16, -1)]
    # Decrypt session keys with RSA private keys
    cipher_rsa = PKCS1_OAEP.new(private_key)
    session_key=cipher_rsa.decrypt(enc_session_key)
    # Decrypt data with AES session key
    cipher_aes=AES.new(session_key, AES.MODE_EAX, nonce)
    data=cipher_aes.decrypt_and_verify(ciphertext, tag)

    return data


if__name__=="__main__":
    # initialization
    pygame.init()
    screen=pygame.display.set_mode(1280,720))
    

    path=TARGET_PATH+"/crypto_file.sample"
    data=decrypto_file(path)

    # I really want to read music files here.
    # pygame.mixer.music.load(data)

    # be written and read in a file as a breakthrough
    file_out=open("decrypto_file.ogg", "wb")
    file_out.write(data)
    file_out.close()
    pygame.mixer.music.load("decrypto_file.ogg")

    pygame.mixer.music.play()
    is_end=False
    while(1):
        # background
        screen.fill((100,100,100))

        for event in pygame.event.get():
            if event.type==pygame.QUIT:
                pygame.quit()
                is_end = True

        if is_end —break

2/04/2022 Add:
I was pointed out that analysis is easy, so I would appreciate it if you could let me know if it is impossible to protect even in the following cases.

Now, I have a question, is this procedure also easy to extract the variables and media data used in the program from memory?
Also, is the extraction method a commercial tool or a standard OS tool?
If I know how to extract it, I would like to consider the following additional steps.

I apologize for the inconvenience, but I appreciate your cooperation

python pygame pycrypto

2022-09-30 19:31

2 Answers

If you pass the decrypted data to pygame.mixer.music.load in the binary stream, you can play it without creating a file.

#Actually, I want to load the music file here.
    # pygame.mixer.music.load(data)
    # be written and read in a file as a breakthrough
    # file_out=open("decrypto_file.ogg", "wb")
    # file_out.write(data)
    # file_out.close()
    # pygame.mixer.music.load("decrypto_file.ogg")

    importio
    bytesIO=io.BytesIO(bytes(data))
    pygame.mixer.music.load (bytesIO)

    pygame.mixer.music.play()

According to music-Pygame documentation Japanese translation, pygame.mixer.music.load reads "Load music file names and objects."
When I tried reading the data from the music file into binary stream and passed it to pygame.mixer.music.load, I was able to play the music.

2022-09-30 19:31

I'm worried that users can handle the files they've written.

Assumed

  • Allows "users" to extract decrypted data
  • When a "user" touches a file, the program behaves unintentionally

I think that's the problem.

As for the former, there is not much difference whether you write to a file or use on-memory.As long as the data is played back in the "User" environment, the "User" has easy access to the data.In addition, this code base provides easy access to encryption keys, so there is no point in encrypting them in the first place.

Conversely, when you try to protect your data from users, this becomes what you call "protection" and becomes a fairly difficult task.

As for the latter, it's meaningful to use on-memory because it's useless, but as mentioned above, encryption doesn't make sense in the first place, so it's better to have the original data read as it is.

"It seems that what is required is the story of ""Protect,"" but as I wrote above, this is a very difficult task."If you have to do it at a cost, you should consult a specialist company.Or you can develop it for your own use.

There is no point in sending the key online.The key is easy to read.So why don't you encrypt the key?Where do I keep the keys to decrypt the keys?If it's local, you just have to use the key from the beginning, and it's just useless to send it online.

First of all, I recommend that you learn the basics of cryptography.You should understand what the code provides protection for (what it does not provide protection for).

2022-09-30 19:31

If you have any answers or tips

Popular Tags
python x 4647
android x 1593
java x 1494
javascript x 1427
c x 927
c++ x 878
ruby-on-rails x 696
php x 692
python3 x 685
html x 656
Popular Questions

537 Uncaught (inpromise) Error on Electron: An object could not be cloned

542 Unable to install versioned in Google Colab

548 rails db:create error: Could not find mysql2-0.5.4 in any of the sources

547 Who developed the "avformat-59.dll" that comes with FFmpeg?

642 /usr/bin/google-chrome:symbol lookup error:/usr/bin/google-chrome: undefined symbol:gbm_bo_get_modifier

© 2024 OneMinuteCode. All rights reserved.