securedypkt 0.1.0__tar.gz

securedypkt-0.1.0/LICENSE

@@ -0,0 +1,19 @@
+Securedy Labs Proprietary License
+Copyright (c) 2026 Securedy Labs. All rights reserved.
+
+This software and its source code are the property of Securedy Labs.
+Unauthorized copying, distribution, modification, or use of this software,
+in whole or in part, is strictly prohibited without prior written permission
+from Securedy Labs.
+
+--- Third-Party Attributions ---
+
+Portions of this software (Decipher/twofish.py) are derived from an
+implementation by Dr. Brian Gladman (gladman@seven77.demon.co.uk), used
+with permission for free direct or derivative use, subject to acknowledgment
+of its origin. The original Twofish algorithm was authored by Bruce Schneier
+and colleagues.
+
+The original open-source codebase this project was derived from was released
+under the MIT License by Punkcake21 (2026). Securedy Labs' modifications,
+extensions, and proprietary additions are subject to the terms above.

securedypkt-0.1.0/PKG-INFO

@@ -0,0 +1,160 @@
+Metadata-Version: 2.4
+Name: securedypkt
+Version: 0.1.0
+Summary: Pure-Python toolkit for decrypting and re-encrypting Cisco Packet Tracer (.pkt) files
+Author-email: Securedy Labs <nathanrampersaud@gmail.com>
+Project-URL: Homepage, https://github.com/Nathan8044/SecuredyPKT
+Keywords: cisco,packet-tracer,pkt,twofish,eax,crypto,network
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Operating System :: OS Independent
+Classifier: Topic :: Security :: Cryptography
+Classifier: Topic :: Utilities
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Dynamic: license-file
+
+# SecuredyPKT
+
+**SecuredyPKT** is a pure-Python research tool by **Securedy Labs** for decrypting and re-encrypting Cisco Packet Tracer (`.pkt`) files.
+
+It fully reimplements the proprietary cryptographic and obfuscation pipeline used internally by Packet Tracer, enabling offline inspection, diffing, and version-controlling of lab topologies — without requiring the official application.
+
+This is an active research and development project. A custom crypto model and extended feature set are planned.
+
+---
+
+## Installation
+
+```bash
+pip install securedypkt
+```
+
+No additional dependencies required. Pure Python 3.8+.
+
+---
+
+## Python API (for agents and integrations)
+
+```python
+import securedypkt
+
+# Decrypt a .pkt file → XML bytes
+xml_bytes = securedypkt.decrypt_file("lab.pkt")
+
+# Or work directly with bytes (e.g. from an upload handler)
+with open("lab.pkt", "rb") as f:
+    xml_bytes = securedypkt.decrypt_pkt(f.read())
+
+# Re-encrypt XML bytes → .pkt bytes
+pkt_bytes = securedypkt.encrypt_pkt(xml_bytes)
+pkt_bytes = securedypkt.encrypt_file("lab.xml")
+```
+
+---
+
+## CLI Usage
+
+### Decrypt `.pkt` → XML
+
+```bash
+unpacket lab.pkt
+# Output: lab.xml
+
+unpacket lab.pkt -o decrypted.xml
+```
+
+### Re-encrypt XML → `.pkt`
+
+```bash
+repacket lab.xml
+# Output: lab.pkt
+
+repacket lab.xml -o rebuilt.pkt
+```
+
+### Options
+
+| Tool | Option | Description |
+|------|--------|-------------|
+| `unpacket` | `input_file` | Path to `.pkt` file |
+| | `-o, --output` | Output XML path |
+| `repacket` | `input_file` | Path to `.xml` file |
+| | `-o, --output` | Output `.pkt` path |
+
+---
+
+## How It Works
+
+Cisco Packet Tracer `.pkt` files are protected by a 4-layer scheme. SecuredyPKT reverses all four layers:
+
+```
+[ .pkt file on disk ]
+        |
+        v
+[1] Stage-1 Deobfuscation
+    Byte-order reversal + positional XOR
+    result[i] = data[L-1-i] ^ (L - i*L & 0xFF)
+        |
+        v
+[2] Twofish/EAX Decryption (authenticated)
+    128-bit Twofish block cipher in EAX mode
+    Key:  0x89 * 16  (hardcoded in Packet Tracer)
+    IV:   0x10 * 16  (hardcoded in Packet Tracer)
+    Last 16 bytes of ciphertext = AEAD authentication tag
+        |
+        v
+[3] Stage-2 Deobfuscation
+    Positional XOR with decreasing counter
+    result[i] = b ^ (L - i & 0xFF)
+        |
+        v
+[4] Qt Decompression
+    zlib stream with 4-byte big-endian size prefix (qCompress format)
+        |
+        v
+[ Plain XML topology ]
+```
+
+`repacket` runs this pipeline in reverse: XML → compress → obfuscate → encrypt → obfuscate → `.pkt`.
+
+---
+
+## Crypto Stack
+
+| Module | Purpose |
+|--------|---------|
+| `securedypkt/decipher/twofish.py` | Pure-Python Twofish block cipher (128-bit) |
+| `securedypkt/decipher/cmac.py` | CMAC / OMAC message authentication code |
+| `securedypkt/decipher/ctr.py` | CTR mode keystream engine (big-endian counter) |
+| `securedypkt/decipher/eax.py` | EAX authenticated encryption (AEAD) |
+| `securedypkt/decipher/pt_crypto.py` | Full Packet Tracer decryption pipeline |
+
+---
+
+## Security Notes
+
+- The hardcoded key and IV are **Cisco's**, reverse-engineered from the Packet Tracer binary
+- EAX tag verification is enforced — corrupted or tampered `.pkt` files are rejected
+- No network calls; fully offline
+- Known research items for future versions:
+  - Input file size guard
+  - zlib decompression size cap
+  - XML parsing hardening
+
+---
+
+## Legal
+
+This software is provided for **security research, educational, and interoperability purposes**.
+
+Cisco Packet Tracer and all related trademarks are property of Cisco Systems, Inc.
+SecuredyPKT is not affiliated with or endorsed by Cisco.
+
+See [LICENSE](LICENSE) for full terms.

securedypkt-0.1.0/README.md

@@ -0,0 +1,138 @@
+# SecuredyPKT
+
+**SecuredyPKT** is a pure-Python research tool by **Securedy Labs** for decrypting and re-encrypting Cisco Packet Tracer (`.pkt`) files.
+
+It fully reimplements the proprietary cryptographic and obfuscation pipeline used internally by Packet Tracer, enabling offline inspection, diffing, and version-controlling of lab topologies — without requiring the official application.
+
+This is an active research and development project. A custom crypto model and extended feature set are planned.
+
+---
+
+## Installation
+
+```bash
+pip install securedypkt
+```
+
+No additional dependencies required. Pure Python 3.8+.
+
+---
+
+## Python API (for agents and integrations)
+
+```python
+import securedypkt
+
+# Decrypt a .pkt file → XML bytes
+xml_bytes = securedypkt.decrypt_file("lab.pkt")
+
+# Or work directly with bytes (e.g. from an upload handler)
+with open("lab.pkt", "rb") as f:
+    xml_bytes = securedypkt.decrypt_pkt(f.read())
+
+# Re-encrypt XML bytes → .pkt bytes
+pkt_bytes = securedypkt.encrypt_pkt(xml_bytes)
+pkt_bytes = securedypkt.encrypt_file("lab.xml")
+```
+
+---
+
+## CLI Usage
+
+### Decrypt `.pkt` → XML
+
+```bash
+unpacket lab.pkt
+# Output: lab.xml
+
+unpacket lab.pkt -o decrypted.xml
+```
+
+### Re-encrypt XML → `.pkt`
+
+```bash
+repacket lab.xml
+# Output: lab.pkt
+
+repacket lab.xml -o rebuilt.pkt
+```
+
+### Options
+
+| Tool | Option | Description |
+|------|--------|-------------|
+| `unpacket` | `input_file` | Path to `.pkt` file |
+| | `-o, --output` | Output XML path |
+| `repacket` | `input_file` | Path to `.xml` file |
+| | `-o, --output` | Output `.pkt` path |
+
+---
+
+## How It Works
+
+Cisco Packet Tracer `.pkt` files are protected by a 4-layer scheme. SecuredyPKT reverses all four layers:
+
+```
+[ .pkt file on disk ]
+        |
+        v
+[1] Stage-1 Deobfuscation
+    Byte-order reversal + positional XOR
+    result[i] = data[L-1-i] ^ (L - i*L & 0xFF)
+        |
+        v
+[2] Twofish/EAX Decryption (authenticated)
+    128-bit Twofish block cipher in EAX mode
+    Key:  0x89 * 16  (hardcoded in Packet Tracer)
+    IV:   0x10 * 16  (hardcoded in Packet Tracer)
+    Last 16 bytes of ciphertext = AEAD authentication tag
+        |
+        v
+[3] Stage-2 Deobfuscation
+    Positional XOR with decreasing counter
+    result[i] = b ^ (L - i & 0xFF)
+        |
+        v
+[4] Qt Decompression
+    zlib stream with 4-byte big-endian size prefix (qCompress format)
+        |
+        v
+[ Plain XML topology ]
+```
+
+`repacket` runs this pipeline in reverse: XML → compress → obfuscate → encrypt → obfuscate → `.pkt`.
+
+---
+
+## Crypto Stack
+
+| Module | Purpose |
+|--------|---------|
+| `securedypkt/decipher/twofish.py` | Pure-Python Twofish block cipher (128-bit) |
+| `securedypkt/decipher/cmac.py` | CMAC / OMAC message authentication code |
+| `securedypkt/decipher/ctr.py` | CTR mode keystream engine (big-endian counter) |
+| `securedypkt/decipher/eax.py` | EAX authenticated encryption (AEAD) |
+| `securedypkt/decipher/pt_crypto.py` | Full Packet Tracer decryption pipeline |
+
+---
+
+## Security Notes
+
+- The hardcoded key and IV are **Cisco's**, reverse-engineered from the Packet Tracer binary
+- EAX tag verification is enforced — corrupted or tampered `.pkt` files are rejected
+- No network calls; fully offline
+- Known research items for future versions:
+  - Input file size guard
+  - zlib decompression size cap
+  - XML parsing hardening
+
+---
+
+## Legal
+
+This software is provided for **security research, educational, and interoperability purposes**.
+
+Cisco Packet Tracer and all related trademarks are property of Cisco Systems, Inc.
+SecuredyPKT is not affiliated with or endorsed by Cisco.
+
+See [LICENSE](LICENSE) for full terms.

securedypkt-0.1.0/pyproject.toml

@@ -0,0 +1,37 @@
+[build-system]
+requires = ["setuptools>=42", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "securedypkt"
+version = "0.1.0"
+description = "Pure-Python toolkit for decrypting and re-encrypting Cisco Packet Tracer (.pkt) files"
+readme = "README.md"
+license-files = ["LICENSE"]
+authors = [{ name = "Securedy Labs", email = "nathanrampersaud@gmail.com" }]
+requires-python = ">=3.8"
+dependencies = []
+keywords = ["cisco", "packet-tracer", "pkt", "twofish", "eax", "crypto", "network"]
+classifiers = [
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.8",
+    "Programming Language :: Python :: 3.9",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Programming Language :: Python :: 3.13",
+    "Operating System :: OS Independent",
+    "Topic :: Security :: Cryptography",
+    "Topic :: Utilities",
+]
+
+[project.scripts]
+unpacket = "securedypkt._unpacket:main"
+repacket = "securedypkt._repacket:main"
+
+[project.urls]
+"Homepage" = "https://github.com/Nathan8044/SecuredyPKT"
+
+[tool.setuptools.packages.find]
+where = ["."]
+include = ["securedypkt*"]

securedypkt-0.1.0/securedypkt/__init__.py

@@ -0,0 +1,26 @@
+"""
+securedypkt — Cisco Packet Tracer .pkt crypto toolkit.
+Securedy Labs, 2026.
+
+Quick start:
+    from securedypkt import decrypt_pkt
+    xml_bytes = decrypt_pkt(open("lab.pkt", "rb").read())
+"""
+
+from securedypkt.decipher.pt_crypto import decrypt_pkt
+from securedypkt._repacket import encrypt_pkt
+
+__version__ = "0.1.0"
+__all__ = ["decrypt_pkt", "encrypt_pkt", "decrypt_file", "encrypt_file"]
+
+
+def decrypt_file(path: str) -> bytes:
+    """Read a .pkt file and return the decrypted XML as bytes."""
+    with open(path, "rb") as fh:
+        return decrypt_pkt(fh.read())
+
+
+def encrypt_file(path: str) -> bytes:
+    """Read an XML file and return the encrypted .pkt bytes."""
+    with open(path, "rb") as fh:
+        return encrypt_pkt(fh.read())

securedypkt-0.1.0/securedypkt/_repacket.py

@@ -0,0 +1,110 @@
+#!/usr/bin/env python3
+import argparse
+import sys
+import os
+import zlib
+import struct
+from securedypkt.decipher.eax import EAX
+from securedypkt.decipher.twofish import Twofish
+
+def banner():
+    print("==============================================")
+    print("  SecuredyPKT - Cisco Packet Tracer Encryptor ")
+    print("  Securedy Labs                               ")
+    print("==============================================")
+
+def compress_qt(xml_data: bytes) -> bytes:
+    size = len(xml_data)
+    header = struct.pack(">I", size)
+    compressed = zlib.compress(xml_data)
+    return header + compressed
+
+def obf_stage2(data: bytes) -> bytes:
+    L = len(data)
+    return bytes(b ^ (L - i & 0xFF) for i, b in enumerate(data))
+
+def obf_stage1(data: bytes) -> bytes:
+    L = len(data)
+    output = bytearray(L)
+    for i in range(L):
+        key_byte = (L - i*L) & 0xFF
+        val = data[i] ^ key_byte
+        output[L-1-i] = val
+    return bytes(output)
+
+def encrypt_pkt(data: bytes) -> bytes:
+    key = bytes([137])*16
+    iv  = bytes([16])*16
+    tf = Twofish(key)
+    eax = EAX(tf.encrypt)
+    ciphertext, tag = eax.encrypt(nonce=iv, plaintext=data)
+    return ciphertext + tag
+
+def main():
+    banner()
+
+    parser = argparse.ArgumentParser(
+        description="Encrypts XML files back to Cisco Packet Tracer (.pkt) format."
+    )
+    parser.add_argument(
+        "input_file",
+        help="Path to the .xml file to encrypt."
+    )
+    parser.add_argument(
+        "-o", "--output",
+        help="Path to the output .pkt file. Defaults to <input_file>.pkt",
+        default=None
+    )
+
+    args = parser.parse_args()
+    input_path = args.input_file
+
+    if not os.path.exists(input_path):
+        print(f"[-] Error: Input file '{input_path}' not found.")
+        sys.exit(1)
+
+    if args.output:
+        output_path = args.output
+    else:
+        if input_path.lower().endswith(".xml"):
+            output_path = input_path[:-4] + ".pkt"
+        else:
+            output_path = input_path + ".pkt"
+
+    print(f"[*] Reading XML '{input_path}'...")
+    try:
+        with open(input_path, "rb") as f:
+            xml_data = f.read()
+    except IOError as e:
+        print(f"[-] Error reading file: {e}")
+        sys.exit(1)
+
+    try:
+        print("[*] Compressing data (zlib)...")
+        stage2_input = compress_qt(xml_data)
+
+        print("[*] Applying Stage 2 Obfuscation...")
+        decrypted_blob = obf_stage2(stage2_input)
+
+        print("[*] Encrypting (Twofish/EAX)...")
+        stage1_input = encrypt_pkt(decrypted_blob)
+
+        print("[*] Applying Stage 1 Obfuscation...")
+        final_pkt_data = obf_stage1(stage1_input)
+
+    except Exception as e:
+        print(f"[-] Encryption/Obfuscation failed: {e}")
+        sys.exit(1)
+
+    print(f"[*] Writing encrypted data to '{output_path}'...")
+    try:
+        with open(output_path, "wb") as f:
+            f.write(final_pkt_data)
+    except IOError as e:
+        print(f"[-] Error writing output file: {e}")
+        sys.exit(1)
+
+    print("[+] Success! File repacketed.")
+
+if __name__ == "__main__":
+    main()

securedypkt-0.1.0/securedypkt/_unpacket.py

@@ -0,0 +1,81 @@
+#!/usr/bin/env python3
+import argparse
+import sys
+import os
+import xml.etree.ElementTree as ET
+from securedypkt.decipher.pt_crypto import decrypt_pkt
+
+def banner():
+    print("==============================================")
+    print("  SecuredyPKT - Cisco Packet Tracer Decryptor ")
+    print("  Securedy Labs                               ")
+    print("==============================================")
+
+def main():
+    banner()
+
+    parser = argparse.ArgumentParser(
+        description="Decrypts Cisco Packet Tracer (.pkt) files to XML format."
+    )
+    parser.add_argument(
+        "input_file",
+        help="Path to the .pkt file to decrypt."
+    )
+    parser.add_argument(
+        "-o", "--output",
+        help="Path to the output XML file. Defaults to <input_file>.xml",
+        default=None
+    )
+
+    args = parser.parse_args()
+
+    input_path = args.input_file
+
+    if not os.path.exists(input_path):
+        print(f"[-] Error: Input file '{input_path}' not found.")
+        sys.exit(1)
+
+    if args.output:
+        output_path = args.output
+    else:
+        if input_path.lower().endswith(".pkt"):
+            output_path = input_path[:-4] + ".xml"
+        else:
+            output_path = input_path + ".xml"
+
+    print(f"[*] Reading '{input_path}'...")
+    try:
+        with open(input_path, "rb") as f:
+            data = f.read()
+    except IOError as e:
+        print(f"[-] Error reading file: {e}")
+        sys.exit(1)
+
+    print("[*] Decrypting...")
+    try:
+        xml_data = decrypt_pkt(data)
+    except Exception as e:
+        print(f"[-] Decryption failed: {e}")
+        sys.exit(1)
+
+    print("[*] Parsing XML...")
+    try:
+        root = ET.fromstring(xml_data)
+        tree = ET.ElementTree(root)
+        if hasattr(ET, "indent"):
+            ET.indent(tree, space="  ")
+    except ET.ParseError as e:
+        print(f"[-] XML Parsing failed: {e}")
+        sys.exit(1)
+
+    print(f"[*] Writing decrypted data to '{output_path}'...")
+    try:
+        tree.write(output_path, encoding="utf-8", xml_declaration=True)
+    except IOError as e:
+        print(f"[-] Error writing output file: {e}")
+        sys.exit(1)
+
+    print("[+] Success! Decryption complete.")
+
+if __name__ == "__main__":
+    main()

securedypkt-0.1.0/securedypkt/decipher/cmac.py

@@ -0,0 +1,58 @@
+from typing import Callable
+
+BLOCK_SIZE = 16  # 128 bit for Twofish
+
+def xor_bytes(a: bytes, b: bytes) -> bytes:
+    return bytes(x ^ y for x, y in zip(a, b))
+
+def left_shift_one(bitstring: bytes) -> bytes:
+    out = bytearray(len(bitstring))
+    carry = 0
+    for i in reversed(range(len(bitstring))):
+        new = (bitstring[i] << 1) & 0xFF
+        out[i] = new | carry
+        carry = (bitstring[i] & 0x80) >> 7
+    return bytes(out)
+
+def generate_subkeys(encrypt_block: Callable[[bytes], bytes]):
+    const_rb = 0x87
+    zero = bytes(BLOCK_SIZE)
+    L = encrypt_block(zero)
+
+    K1 = left_shift_one(L)
+    if L[0] & 0x80:
+        K1 = xor_bytes(K1, b'\x00' * 15 + bytes([const_rb]))
+
+    K2 = left_shift_one(K1)
+    if K1[0] & 0x80:
+        K2 = xor_bytes(K2, b'\x00' * 15 + bytes([const_rb]))
+
+    return K1, K2
+
+def pad(block: bytes) -> bytes:
+    padded = block + b'\x80'
+    return padded + b'\x00' * (BLOCK_SIZE - len(padded))
+
+class CMAC:
+    def __init__(self, encrypt_block: Callable[[bytes], bytes]):
+        self.encrypt_block = encrypt_block
+        self.K1, self.K2 = generate_subkeys(encrypt_block)
+
+    def digest(self, data: bytes) -> bytes:
+        if len(data) == 0:
+            last = xor_bytes(pad(b''), self.K2)
+            blocks = []
+        else:
+            blocks = [data[i:i+BLOCK_SIZE] for i in range(0, len(data), BLOCK_SIZE)]
+            if len(blocks[-1]) == BLOCK_SIZE:
+                last = xor_bytes(blocks[-1], self.K1)
+                blocks = blocks[:-1]
+            else:
+                last = xor_bytes(pad(blocks[-1]), self.K2)
+                blocks = blocks[:-1]
+
+        X = bytes(BLOCK_SIZE)
+        for block in blocks:
+            X = self.encrypt_block(xor_bytes(X, block))
+
+        return self.encrypt_block(xor_bytes(X, last))

securedypkt-0.1.0/securedypkt/decipher/ctr.py

@@ -0,0 +1,33 @@
+from typing import Callable
+
+BLOCK_SIZE = 16  # 128 bit
+
+
+def inc_counter_be(counter: bytearray):
+    """Incrementa un contatore big-endian a 128 bit (come Crypto++)."""
+    for i in range(BLOCK_SIZE - 1, -1, -1):
+        counter[i] = (counter[i] + 1) & 0xFF
+        if counter[i] != 0:
+            break
+
+
+class CTR:
+    def __init__(self, encrypt_block: Callable[[bytes], bytes], initial_counter: bytes):
+        assert len(initial_counter) == BLOCK_SIZE
+        self.encrypt_block = encrypt_block
+        self.counter = bytearray(initial_counter)
+
+    def process(self, data: bytes) -> bytes:
+        out = bytearray()
+        offset = 0
+
+        while offset < len(data):
+            keystream = self.encrypt_block(bytes(self.counter))
+            inc_counter_be(self.counter)
+
+            block = data[offset:offset + BLOCK_SIZE]
+            ks = keystream[:len(block)]
+            out.extend(b ^ k for b, k in zip(block, ks))
+            offset += BLOCK_SIZE
+
+        return bytes(out)

securedypkt-0.1.0/securedypkt/decipher/eax.py

@@ -0,0 +1,53 @@
+from typing import Callable
+from .cmac import CMAC, xor_bytes, BLOCK_SIZE
+from .ctr import CTR
+
+
+def _omac_with_prefix(cmac: CMAC, prefix: int, data: bytes) -> bytes:
+    # Prefisso di 16 byte: [0, 0, ..., prefix]
+    P = b'\x00' * (BLOCK_SIZE - 1) + bytes([prefix])
+    return cmac.digest(P + data)
+
+
+class EAX:
+    def __init__(self, encrypt_block: Callable[[bytes], bytes]):
+        self.encrypt_block = encrypt_block
+        self.cmac = CMAC(encrypt_block)
+
+    def encrypt(self, nonce: bytes, plaintext: bytes, aad: bytes = b''):
+        # OMAC_0 = CMAC(0x00 || nonce)
+        n_tag = _omac_with_prefix(self.cmac, 0x00, nonce)
+
+        # OMAC_1 = CMAC(0x01 || aad)
+        h_tag = _omac_with_prefix(self.cmac, 0x01, aad)
+
+        # CTR parte da n_tag
+        ctr = CTR(self.encrypt_block, n_tag)
+        ciphertext = ctr.process(plaintext)
+
+        # OMAC_2 = CMAC(0x02 || ciphertext)
+        c_tag = _omac_with_prefix(self.cmac, 0x02, ciphertext)
+
+        # TAG finale = n_tag ⊕ h_tag ⊕ c_tag
+        tag = xor_bytes(xor_bytes(n_tag, h_tag), c_tag)
+
+        return ciphertext, tag
+
+    def decrypt(self, nonce: bytes, ciphertext: bytes, tag: bytes, aad: bytes = b''):
+        # Ricalcolo OMAC_0
+        n_tag = _omac_with_prefix(self.cmac, 0x00, nonce)
+
+        # CTR
+        ctr = CTR(self.encrypt_block, n_tag)
+        plaintext = ctr.process(ciphertext)
+
+        # Ricalcolo OMAC_1 e OMAC_2
+        h_tag = _omac_with_prefix(self.cmac, 0x01, aad)
+        c_tag = _omac_with_prefix(self.cmac, 0x02, ciphertext)
+
+        # Verifica TAG
+        expected_tag = xor_bytes(xor_bytes(n_tag, h_tag), c_tag)
+        if expected_tag != tag:
+            raise ValueError("EAX authentication failed")
+
+        return plaintext

securedypkt-0.1.0/securedypkt/decipher/pt_crypto.py

@@ -0,0 +1,46 @@
+from .eax import EAX
+from .twofish import Twofish
+import zlib
+import struct
+
+def deobf_stage1(data: bytes) -> bytes:
+    L = len(data)
+    return bytes(data[L-1-i] ^ (L - i*L & 0xFF) for i in range(L))
+
+def deobf_stage2(data: bytes) -> bytes:
+    L = len(data)
+    return bytes(b ^ (L - i & 0xFF) for i, b in enumerate(data))
+
+def uncompress_qt(blob: bytes) -> bytes:
+    size = struct.unpack(">I", blob[:4])[0]
+    return zlib.decompress(blob[4:])[:size]
+
+def decrypt_pkt(pkt: bytes) -> bytes:
+    # Stage 1 deobfuscation
+    stage1 = deobf_stage1(pkt)
+
+    # Chiave e IV per i file .pkt
+    key = bytes([137])*16
+    iv  = bytes([16])*16
+
+    # Twofish block cipher
+    tf = Twofish(key)
+    encrypt_block = tf.encrypt
+
+    # EAX con nonce = iv
+    eax = EAX(encrypt_block)
+
+    # Supponiamo che negli .pkt il tag sia alla fine
+    ciphertext = stage1[:-16]
+    tag        = stage1[-16:]
+
+    # Decrypt usando nonce fisso
+    decrypted = eax.decrypt(nonce=iv, ciphertext=ciphertext, tag=tag)
+
+    # Stage 2 deobfuscation
+    stage2 = deobf_stage2(decrypted)
+
+    # Decompressione
+    xml = uncompress_qt(stage2)
+
+    return xml

securedypkt-0.1.0/securedypkt/decipher/twofish.py

@@ -0,0 +1,393 @@
+## twofish.py - pure Python implementation of the Twofish algorithm.
+## Bjorn Edstrom <be@bjrn.se> 13 december 2007.
+##
+## Copyrights
+## ==========
+##
+## This code is a derived from an implementation by Dr Brian Gladman 
+## (gladman@seven77.demon.co.uk) which is subject to the following license.
+## This Python implementation is not subject to any other license.
+##
+##/* This is an independent implementation of the encryption algorithm:   */
+##/*                                                                      */
+##/*         Twofish by Bruce Schneier and colleagues                     */
+##/*                                                                      */
+##/* which is a candidate algorithm in the Advanced Encryption Standard   */
+##/* programme of the US National Institute of Standards and Technology.  */
+##/*                                                                      */
+##/* Copyright in this implementation is held by Dr B R Gladman but I     */
+##/* hereby give permission for its free direct or derivative use subject */
+##/* to acknowledgment of its origin and compliance with any conditions   */
+##/* that the originators of t he algorithm place on its exploitation.    */
+##/*                                                                      */
+##/* My thanks to Doug Whiting and Niels Ferguson for comments that led   */
+##/* to improvements in this implementation.                              */
+##/*                                                                      */
+##/* Dr Brian Gladman (gladman@seven77.demon.co.uk) 14th January 1999     */
+##
+## The above copyright notice must not be removed.
+##
+## Information
+## ===========
+##
+## Anyone thinking of using this code should reconsider. It's slow.
+## Try python-mcrypt instead. In case a faster library is not installed
+## on the target system, this code can be used as a portable fallback.
+
+# pylint: disable-all
+
+block_size = 16
+key_size = 32
+
+class Twofish:
+    
+    def __init__(self, key=None):
+        """Twofish."""
+
+        if key:
+            self.set_key(key)
+
+
+    def set_key(self, key):
+        """Init."""
+        
+        key_len = len(key)
+        if key_len not in [16, 24, 32]:
+            # XXX: add padding?
+            raise KeyError("key must be 16, 24 or 32 bytes")
+        if key_len % 4:
+            # XXX: add padding?
+            raise KeyError("key not a multiple of 4")
+        if key_len > 32:
+            # XXX: prune?
+            raise KeyError("key_len > 32")
+        
+        self.context = TWI()
+        
+        key_word32 = [0] * 32
+        i = 0
+        while key:
+            key_word32[i] = struct.unpack("<L", key[0:4])[0]
+            key = key[4:]
+            i += 1
+
+        set_key(self.context, key_word32, key_len)
+
+        
+    def decrypt(self, block):
+        """Decrypt blocks."""
+        
+        if len(block) % 16:
+            raise ValueError("block size must be a multiple of 16")
+
+        plaintext = b''
+        
+        while block:
+            a, b, c, d = struct.unpack("<4L", block[:16])
+            temp = [a, b, c, d]
+            decrypt(self.context, temp)
+            plaintext += struct.pack("<4L", *temp)
+            block = block[16:]
+            
+        return plaintext
+
+        
+    def encrypt(self, block):
+        """Encrypt blocks."""
+
+        if len(block) % 16:
+            raise ValueError("block size must be a multiple of 16")
+
+        ciphertext = b''
+        
+        while block:
+            a, b, c, d = struct.unpack("<4L", block[0:16])
+            temp = [a, b, c, d]
+            encrypt(self.context, temp)
+            ciphertext += struct.pack("<4L", *temp)
+            block = block[16:]
+            
+        return ciphertext
+
+
+    def get_name(self):
+        """Return the name of the cipher."""
+        
+        return "Twofish"
+
+
+    def get_block_size(self):
+        """Get cipher block size in bytes."""
+        
+        return 16
+
+    
+    def get_key_size(self):
+        """Get cipher key size in bytes."""
+        
+        return 32
+
+
+#
+# Private.
+#
+
+import struct
+import sys
+
+WORD_BIGENDIAN = 0
+if sys.byteorder == 'big':
+    WORD_BIGENDIAN = 1
+
+def rotr32(x, n):
+    return (x >> n) | ((x << (32 - n)) & 0xFFFFFFFF)
+
+def rotl32(x, n):
+    return ((x << n) & 0xFFFFFFFF) | (x >> (32 - n))
+
+def byteswap32(x):
+    return ((x & 0xff) << 24) | (((x >> 8) & 0xff) << 16) | \
+           (((x >> 16) & 0xff) << 8) | ((x >> 24) & 0xff)
+
+class TWI:
+    def __init__(self):
+        self.k_len = 0 # word32
+        self.l_key = [0]*40 # word32
+        self.s_key = [0]*4 # word32
+        self.qt_gen = 0 # word32
+        self.q_tab = [[0]*256, [0]*256] # byte
+        self.mt_gen = 0 # word32
+        self.m_tab = [[0]*256, [0]*256, [0]*256, [0]*256] # word32
+        self.mk_tab = [[0]*256, [0]*256, [0]*256, [0]*256] # word32
+
+def byte(x, n):
+    return (x >> (8 * n)) & 0xff
+
+tab_5b = [0, 90, 180, 238]
+tab_ef = [0, 238, 180, 90]
+ror4 = [0, 8, 1, 9, 2, 10, 3, 11, 4, 12, 5, 13, 6, 14, 7, 15]
+ashx = [0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12, 5, 14, 7]
+qt0 = [[8, 1, 7, 13, 6, 15, 3, 2, 0, 11, 5, 9, 14, 12, 10, 4],
+       [2, 8, 11, 13, 15, 7, 6, 14, 3, 1, 9, 4, 0, 10, 12, 5]]
+qt1 = [[14, 12, 11, 8, 1, 2, 3, 5, 15, 4, 10, 6, 7, 0, 9, 13],
+       [1, 14, 2, 11, 4, 12, 3, 7, 6, 13, 10, 5, 15, 9, 0, 8]]
+qt2 = [[11, 10, 5, 14, 6, 13, 9, 0, 12, 8, 15, 3, 2, 4, 7, 1],
+       [4, 12, 7, 5, 1, 6, 9, 10, 0, 14, 13, 8, 2, 11, 3, 15]]
+qt3 = [[13, 7, 15, 4, 1, 2, 6, 14, 9, 11, 3, 0, 8, 5, 12, 10],
+       [11, 9, 5, 1, 12, 3, 13, 14, 6, 4, 7, 15, 2, 0, 8, 10]]
+
+def qp(n, x): # word32, byte
+    n %= 0x100000000
+    x %= 0x100
+    a0 = x >> 4;
+    b0 = x & 15;
+    a1 = a0 ^ b0;
+    b1 = ror4[b0] ^ ashx[a0];
+    a2 = qt0[n][a1];
+    b2 = qt1[n][b1];
+    a3 = a2 ^ b2;
+    b3 = ror4[b2] ^ ashx[a2];
+    a4 = qt2[n][a3];
+    b4 = qt3[n][b3];
+    return (b4 << 4) | a4;
+
+def gen_qtab(pkey):
+    for i in range(256):
+        pkey.q_tab[0][i] = qp(0, i)
+        pkey.q_tab[1][i] = qp(1, i)
+        
+def gen_mtab(pkey):
+    for i in range(256):
+        f01 = pkey.q_tab[1][i]
+        f01 = pkey.q_tab[1][i];
+        f5b = ((f01) ^ ((f01) >> 2) ^ tab_5b[(f01) & 3]);
+        fef = ((f01) ^ ((f01) >> 1) ^ ((f01) >> 2) ^ tab_ef[(f01) & 3]);
+        pkey.m_tab[0][i] = f01 + (f5b << 8) + (fef << 16) + (fef << 24);
+        pkey.m_tab[2][i] = f5b + (fef << 8) + (f01 << 16) + (fef << 24);
+
+        f01 = pkey.q_tab[0][i];
+        f5b = ((f01) ^ ((f01) >> 2) ^ tab_5b[(f01) & 3]);
+        fef = ((f01) ^ ((f01) >> 1) ^ ((f01) >> 2) ^ tab_ef[(f01) & 3]);
+        pkey.m_tab[1][i] = fef + (fef << 8) + (f5b << 16) + (f01 << 24);
+        pkey.m_tab[3][i] = f5b + (f01 << 8) + (fef << 16) + (f5b << 24);
+
+def gen_mk_tab(pkey, key):
+    if pkey.k_len == 2:
+        for i in range(256):
+            by = i % 0x100
+            pkey.mk_tab[0][i] = pkey.m_tab[0][pkey.q_tab[0][pkey.q_tab[0][by] ^ byte(key[1],0)] ^ byte(key[0],0)];
+            pkey.mk_tab[1][i] = pkey.m_tab[1][pkey.q_tab[0][pkey.q_tab[1][by] ^ byte(key[1],1)] ^ byte(key[0],1)];
+            pkey.mk_tab[2][i] = pkey.m_tab[2][pkey.q_tab[1][pkey.q_tab[0][by] ^ byte(key[1],2)] ^ byte(key[0],2)];
+            pkey.mk_tab[3][i] = pkey.m_tab[3][pkey.q_tab[1][pkey.q_tab[1][by] ^ byte(key[1],3)] ^ byte(key[0],3)];
+    if pkey.k_len == 3:
+        for i in range(256):
+            by = i % 0x100
+            pkey.mk_tab[0][i] = pkey.m_tab[0][pkey.q_tab[0][pkey.q_tab[0][pkey.q_tab[1][by] ^ byte(key[2], 0)] ^ byte(key[1], 0)] ^ byte(key[0], 0)];
+            pkey.mk_tab[1][i] = pkey.m_tab[1][pkey.q_tab[0][pkey.q_tab[1][pkey.q_tab[1][by] ^ byte(key[2], 1)] ^ byte(key[1], 1)] ^ byte(key[0], 1)];
+            pkey.mk_tab[2][i] = pkey.m_tab[2][pkey.q_tab[1][pkey.q_tab[0][pkey.q_tab[0][by] ^ byte(key[2], 2)] ^ byte(key[1], 2)] ^ byte(key[0], 2)];
+            pkey.mk_tab[3][i] = pkey.m_tab[3][pkey.q_tab[1][pkey.q_tab[1][pkey.q_tab[0][by] ^ byte(key[2], 3)] ^ byte(key[1], 3)] ^ byte(key[0], 3)];
+    if pkey.k_len == 4:
+        for i in range(256):
+            by = i % 0x100
+            pkey.mk_tab[0][i] = pkey.m_tab[0][pkey.q_tab[0][pkey.q_tab[0][pkey.q_tab[1][pkey.q_tab[1][by] ^ byte(key[3], 0)] ^ byte(key[2], 0)] ^ byte(key[1], 0)] ^ byte(key[0], 0)];
+            pkey.mk_tab[1][i] = pkey.m_tab[1][pkey.q_tab[0][pkey.q_tab[1][pkey.q_tab[1][pkey.q_tab[0][by] ^ byte(key[3], 1)] ^ byte(key[2], 1)] ^ byte(key[1], 1)] ^ byte(key[0], 1)];
+            pkey.mk_tab[2][i] = pkey.m_tab[2][pkey.q_tab[1][pkey.q_tab[0][pkey.q_tab[0][pkey.q_tab[0][by] ^ byte(key[3], 2)] ^ byte(key[2], 2)] ^ byte(key[1], 2)] ^ byte(key[0], 2)];
+            pkey.mk_tab[3][i] = pkey.m_tab[3][pkey.q_tab[1][pkey.q_tab[1][pkey.q_tab[0][pkey.q_tab[1][by] ^ byte(key[3], 3)] ^ byte(key[2], 3)] ^ byte(key[1], 3)] ^ byte(key[0], 3)];
+
+def h_fun(pkey, x, key):
+    b0 = byte(x, 0);
+    b1 = byte(x, 1);
+    b2 = byte(x, 2);
+    b3 = byte(x, 3);
+    if pkey.k_len >= 4:
+        b0 = pkey.q_tab[1][b0] ^ byte(key[3], 0);
+        b1 = pkey.q_tab[0][b1] ^ byte(key[3], 1);
+        b2 = pkey.q_tab[0][b2] ^ byte(key[3], 2);
+        b3 = pkey.q_tab[1][b3] ^ byte(key[3], 3);
+    if pkey.k_len >= 3:
+        b0 = pkey.q_tab[1][b0] ^ byte(key[2], 0);
+        b1 = pkey.q_tab[1][b1] ^ byte(key[2], 1);
+        b2 = pkey.q_tab[0][b2] ^ byte(key[2], 2);
+        b3 = pkey.q_tab[0][b3] ^ byte(key[2], 3);
+    if pkey.k_len >= 2:
+        b0 = pkey.q_tab[0][pkey.q_tab[0][b0] ^ byte(key[1], 0)] ^ byte(key[0], 0);
+        b1 = pkey.q_tab[0][pkey.q_tab[1][b1] ^ byte(key[1], 1)] ^ byte(key[0], 1);
+        b2 = pkey.q_tab[1][pkey.q_tab[0][b2] ^ byte(key[1], 2)] ^ byte(key[0], 2);
+        b3 = pkey.q_tab[1][pkey.q_tab[1][b3] ^ byte(key[1], 3)] ^ byte(key[0], 3);      
+    return pkey.m_tab[0][b0] ^ pkey.m_tab[1][b1] ^ pkey.m_tab[2][b2] ^ pkey.m_tab[3][b3];   
+
+def mds_rem(p0, p1):
+    i, t, u = 0, 0, 0
+    for i in range(8):
+        t = p1 >> 24
+        p1 = ((p1 << 8) & 0xffffffff) | (p0 >> 24)
+        p0 = (p0 << 8) & 0xffffffff
+        u = (t << 1) & 0xffffffff
+        if t & 0x80:
+            u ^= 0x0000014d
+        p1 ^= t ^ ((u << 16) & 0xffffffff)
+        u ^= (t >> 1)
+        if t & 0x01:
+            u ^= 0x0000014d >> 1
+        p1 ^= ((u << 24) & 0xffffffff) | ((u << 8) & 0xffffffff)
+    return p1
+
+def set_key(pkey, in_key, key_len):
+    pkey.qt_gen = 0
+    if not pkey.qt_gen:
+        gen_qtab(pkey)
+        pkey.qt_gen = 1
+    pkey.mt_gen = 0
+    if not pkey.mt_gen:
+        gen_mtab(pkey)
+        pkey.mt_gen = 1
+    pkey.k_len = (key_len * 8) // 64
+
+    a = 0
+    b = 0
+    me_key = [0,0,0,0]
+    mo_key = [0,0,0,0]
+    for i in range(pkey.k_len):
+        if WORD_BIGENDIAN:
+            a = byteswap32(in_key[i + 1])
+            me_key[i] = a            
+            b = byteswap32(in_key[i + i + 1])
+        else:
+            a = in_key[i + i]
+            me_key[i] = a            
+            b = in_key[i + i + 1]
+        mo_key[i] = b
+        pkey.s_key[pkey.k_len - i - 1] = mds_rem(a, b);
+    for i in range(0, 40, 2):
+        a = (0x01010101 * i) % 0x100000000;
+        b = (a + 0x01010101) % 0x100000000;
+        a = h_fun(pkey, a, me_key);
+        b = rotl32(h_fun(pkey, b, mo_key), 8);
+        pkey.l_key[i] = (a + b) % 0x100000000;
+        pkey.l_key[i + 1] = rotl32((a + 2 * b) % 0x100000000, 9);
+    gen_mk_tab(pkey, pkey.s_key)
+
+def encrypt(pkey, in_blk):
+    blk = [0, 0, 0, 0]
+
+    if WORD_BIGENDIAN:
+        blk[0] = byteswap32(in_blk[0]) ^ pkey.l_key[0];
+        blk[1] = byteswap32(in_blk[1]) ^ pkey.l_key[1];
+        blk[2] = byteswap32(in_blk[2]) ^ pkey.l_key[2];
+        blk[3] = byteswap32(in_blk[3]) ^ pkey.l_key[3];
+    else:
+        blk[0] = in_blk[0] ^ pkey.l_key[0];
+        blk[1] = in_blk[1] ^ pkey.l_key[1];
+        blk[2] = in_blk[2] ^ pkey.l_key[2];
+        blk[3] = in_blk[3] ^ pkey.l_key[3];        
+
+    for i in range(8):
+        t1 = ( pkey.mk_tab[0][byte(blk[1],3)] ^ pkey.mk_tab[1][byte(blk[1],0)] ^ pkey.mk_tab[2][byte(blk[1],1)] ^ pkey.mk_tab[3][byte(blk[1],2)] ); 
+        t0 = ( pkey.mk_tab[0][byte(blk[0],0)] ^ pkey.mk_tab[1][byte(blk[0],1)] ^ pkey.mk_tab[2][byte(blk[0],2)] ^ pkey.mk_tab[3][byte(blk[0],3)] );
+        
+        blk[2] = rotr32(blk[2] ^ ((t0 + t1 + pkey.l_key[4 * (i) + 8]) % 0x100000000), 1);
+        blk[3] = rotl32(blk[3], 1) ^ ((t0 + 2 * t1 + pkey.l_key[4 * (i) + 9]) % 0x100000000);
+
+        t1 = ( pkey.mk_tab[0][byte(blk[3],3)] ^ pkey.mk_tab[1][byte(blk[3],0)] ^ pkey.mk_tab[2][byte(blk[3],1)] ^ pkey.mk_tab[3][byte(blk[3],2)] ); 
+        t0 = ( pkey.mk_tab[0][byte(blk[2],0)] ^ pkey.mk_tab[1][byte(blk[2],1)] ^ pkey.mk_tab[2][byte(blk[2],2)] ^ pkey.mk_tab[3][byte(blk[2],3)] );
+        
+        blk[0] = rotr32(blk[0] ^ ((t0 + t1 + pkey.l_key[4 * (i) + 10]) % 0x100000000), 1);
+        blk[1] = rotl32(blk[1], 1) ^ ((t0 + 2 * t1 + pkey.l_key[4 * (i) + 11]) % 0x100000000);         
+
+    if WORD_BIGENDIAN:
+        in_blk[0] = byteswap32(blk[2] ^ pkey.l_key[4]);
+        in_blk[1] = byteswap32(blk[3] ^ pkey.l_key[5]);
+        in_blk[2] = byteswap32(blk[0] ^ pkey.l_key[6]);
+        in_blk[3] = byteswap32(blk[1] ^ pkey.l_key[7]);
+    else:
+        in_blk[0] = blk[2] ^ pkey.l_key[4];
+        in_blk[1] = blk[3] ^ pkey.l_key[5];
+        in_blk[2] = blk[0] ^ pkey.l_key[6];
+        in_blk[3] = blk[1] ^ pkey.l_key[7];
+        
+    return
+
+def decrypt(pkey, in_blk):
+    blk = [0, 0, 0, 0]
+    
+    if WORD_BIGENDIAN:
+        blk[0] = byteswap32(in_blk[0]) ^ pkey.l_key[4];
+        blk[1] = byteswap32(in_blk[1]) ^ pkey.l_key[5];
+        blk[2] = byteswap32(in_blk[2]) ^ pkey.l_key[6];
+        blk[3] = byteswap32(in_blk[3]) ^ pkey.l_key[7];
+    else:
+        blk[0] = in_blk[0] ^ pkey.l_key[4];
+        blk[1] = in_blk[1] ^ pkey.l_key[5];
+        blk[2] = in_blk[2] ^ pkey.l_key[6];
+        blk[3] = in_blk[3] ^ pkey.l_key[7];    
+
+    for i in range(7, -1, -1):
+        t1 = ( pkey.mk_tab[0][byte(blk[1],3)] ^ pkey.mk_tab[1][byte(blk[1],0)] ^ pkey.mk_tab[2][byte(blk[1],1)] ^ pkey.mk_tab[3][byte(blk[1],2)] )
+        t0 = ( pkey.mk_tab[0][byte(blk[0],0)] ^ pkey.mk_tab[1][byte(blk[0],1)] ^ pkey.mk_tab[2][byte(blk[0],2)] ^ pkey.mk_tab[3][byte(blk[0],3)] )
+
+        blk[2] = rotl32(blk[2], 1) ^ ((t0 + t1 + pkey.l_key[4 * (i) + 10]) % 0x100000000)
+        blk[3] = rotr32(blk[3] ^ ((t0 + 2 * t1 + pkey.l_key[4 * (i) + 11]) % 0x100000000), 1)
+
+        t1 = ( pkey.mk_tab[0][byte(blk[3],3)] ^ pkey.mk_tab[1][byte(blk[3],0)] ^ pkey.mk_tab[2][byte(blk[3],1)] ^ pkey.mk_tab[3][byte(blk[3],2)] )
+        t0 = ( pkey.mk_tab[0][byte(blk[2],0)] ^ pkey.mk_tab[1][byte(blk[2],1)] ^ pkey.mk_tab[2][byte(blk[2],2)] ^ pkey.mk_tab[3][byte(blk[2],3)] )
+
+        blk[0] = rotl32(blk[0], 1) ^ ((t0 + t1 + pkey.l_key[4 * (i) + 8]) % 0x100000000)
+        blk[1] = rotr32(blk[1] ^ ((t0 + 2 * t1 + pkey.l_key[4 * (i) + 9]) % 0x100000000), 1)        
+
+    if WORD_BIGENDIAN:
+        in_blk[0] = byteswap32(blk[2] ^ pkey.l_key[0]);
+        in_blk[1] = byteswap32(blk[3] ^ pkey.l_key[1]);
+        in_blk[2] = byteswap32(blk[0] ^ pkey.l_key[2]);
+        in_blk[3] = byteswap32(blk[1] ^ pkey.l_key[3]);
+    else:
+        in_blk[0] = blk[2] ^ pkey.l_key[0];
+        in_blk[1] = blk[3] ^ pkey.l_key[1];
+        in_blk[2] = blk[0] ^ pkey.l_key[2];
+        in_blk[3] = blk[1] ^ pkey.l_key[3];
+    return
+
+__testkey = b'\xD4\x3B\xB7\x55\x6E\xA3\x2E\x46\xF2\xA2\x82\xB7\xD4\x5B\x4E\x0D\x57\xFF\x73\x9D\x4D\xC9\x2C\x1B\xD7\xFC\x01\x70\x0C\xC8\x21\x6F'
+__testdat = b'\x90\xAF\xE9\x1B\xB2\x88\x54\x4F\x2C\x32\xDC\x23\x9B\x26\x35\xE6'
+assert b'l\xb4V\x1c@\xbf\n\x97\x05\x93\x1c\xb6\xd4\x08\xe7\xfa' == Twofish(__testkey).encrypt(__testdat)
+assert __testdat == Twofish(__testkey).decrypt(b'l\xb4V\x1c@\xbf\n\x97\x05\x93\x1c\xb6\xd4\x08\xe7\xfa')
+

securedypkt-0.1.0/securedypkt.egg-info/PKG-INFO

@@ -0,0 +1,160 @@
+Metadata-Version: 2.4
+Name: securedypkt
+Version: 0.1.0
+Summary: Pure-Python toolkit for decrypting and re-encrypting Cisco Packet Tracer (.pkt) files
+Author-email: Securedy Labs <nathanrampersaud@gmail.com>
+Project-URL: Homepage, https://github.com/Nathan8044/SecuredyPKT
+Keywords: cisco,packet-tracer,pkt,twofish,eax,crypto,network
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Operating System :: OS Independent
+Classifier: Topic :: Security :: Cryptography
+Classifier: Topic :: Utilities
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Dynamic: license-file
+
+# SecuredyPKT
+
+**SecuredyPKT** is a pure-Python research tool by **Securedy Labs** for decrypting and re-encrypting Cisco Packet Tracer (`.pkt`) files.
+
+It fully reimplements the proprietary cryptographic and obfuscation pipeline used internally by Packet Tracer, enabling offline inspection, diffing, and version-controlling of lab topologies — without requiring the official application.
+
+This is an active research and development project. A custom crypto model and extended feature set are planned.
+
+---
+
+## Installation
+
+```bash
+pip install securedypkt
+```
+
+No additional dependencies required. Pure Python 3.8+.
+
+---
+
+## Python API (for agents and integrations)
+
+```python
+import securedypkt
+
+# Decrypt a .pkt file → XML bytes
+xml_bytes = securedypkt.decrypt_file("lab.pkt")
+
+# Or work directly with bytes (e.g. from an upload handler)
+with open("lab.pkt", "rb") as f:
+    xml_bytes = securedypkt.decrypt_pkt(f.read())
+
+# Re-encrypt XML bytes → .pkt bytes
+pkt_bytes = securedypkt.encrypt_pkt(xml_bytes)
+pkt_bytes = securedypkt.encrypt_file("lab.xml")
+```
+
+---
+
+## CLI Usage
+
+### Decrypt `.pkt` → XML
+
+```bash
+unpacket lab.pkt
+# Output: lab.xml
+
+unpacket lab.pkt -o decrypted.xml
+```
+
+### Re-encrypt XML → `.pkt`
+
+```bash
+repacket lab.xml
+# Output: lab.pkt
+
+repacket lab.xml -o rebuilt.pkt
+```
+
+### Options
+
+| Tool | Option | Description |
+|------|--------|-------------|
+| `unpacket` | `input_file` | Path to `.pkt` file |
+| | `-o, --output` | Output XML path |
+| `repacket` | `input_file` | Path to `.xml` file |
+| | `-o, --output` | Output `.pkt` path |
+
+---
+
+## How It Works
+
+Cisco Packet Tracer `.pkt` files are protected by a 4-layer scheme. SecuredyPKT reverses all four layers:
+
+```
+[ .pkt file on disk ]
+        |
+        v
+[1] Stage-1 Deobfuscation
+    Byte-order reversal + positional XOR
+    result[i] = data[L-1-i] ^ (L - i*L & 0xFF)
+        |
+        v
+[2] Twofish/EAX Decryption (authenticated)
+    128-bit Twofish block cipher in EAX mode
+    Key:  0x89 * 16  (hardcoded in Packet Tracer)
+    IV:   0x10 * 16  (hardcoded in Packet Tracer)
+    Last 16 bytes of ciphertext = AEAD authentication tag
+        |
+        v
+[3] Stage-2 Deobfuscation
+    Positional XOR with decreasing counter
+    result[i] = b ^ (L - i & 0xFF)
+        |
+        v
+[4] Qt Decompression
+    zlib stream with 4-byte big-endian size prefix (qCompress format)
+        |
+        v
+[ Plain XML topology ]
+```
+
+`repacket` runs this pipeline in reverse: XML → compress → obfuscate → encrypt → obfuscate → `.pkt`.
+
+---
+
+## Crypto Stack
+
+| Module | Purpose |
+|--------|---------|
+| `securedypkt/decipher/twofish.py` | Pure-Python Twofish block cipher (128-bit) |
+| `securedypkt/decipher/cmac.py` | CMAC / OMAC message authentication code |
+| `securedypkt/decipher/ctr.py` | CTR mode keystream engine (big-endian counter) |
+| `securedypkt/decipher/eax.py` | EAX authenticated encryption (AEAD) |
+| `securedypkt/decipher/pt_crypto.py` | Full Packet Tracer decryption pipeline |
+
+---
+
+## Security Notes
+
+- The hardcoded key and IV are **Cisco's**, reverse-engineered from the Packet Tracer binary
+- EAX tag verification is enforced — corrupted or tampered `.pkt` files are rejected
+- No network calls; fully offline
+- Known research items for future versions:
+  - Input file size guard
+  - zlib decompression size cap
+  - XML parsing hardening
+
+---
+
+## Legal
+
+This software is provided for **security research, educational, and interoperability purposes**.
+
+Cisco Packet Tracer and all related trademarks are property of Cisco Systems, Inc.
+SecuredyPKT is not affiliated with or endorsed by Cisco.
+
+See [LICENSE](LICENSE) for full terms.

securedypkt-0.1.0/securedypkt.egg-info/SOURCES.txt

@@ -0,0 +1,18 @@
+LICENSE
+README.md
+pyproject.toml
+setup.py
+securedypkt/__init__.py
+securedypkt/_repacket.py
+securedypkt/_unpacket.py
+securedypkt.egg-info/PKG-INFO
+securedypkt.egg-info/SOURCES.txt
+securedypkt.egg-info/dependency_links.txt
+securedypkt.egg-info/entry_points.txt
+securedypkt.egg-info/top_level.txt
+securedypkt/decipher/__init__.py
+securedypkt/decipher/cmac.py
+securedypkt/decipher/ctr.py
+securedypkt/decipher/eax.py
+securedypkt/decipher/pt_crypto.py
+securedypkt/decipher/twofish.py

securedypkt-0.1.0/securedypkt.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

securedypkt-0.1.0/securedypkt.egg-info/entry_points.txt

@@ -0,0 +1,3 @@
+[console_scripts]
+repacket = securedypkt._repacket:main
+unpacket = securedypkt._unpacket:main

securedypkt-0.1.0/securedypkt.egg-info/top_level.txt

@@ -0,0 +1 @@
+securedypkt

securedypkt-0.1.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

securedypkt-0.1.0/setup.py

@@ -0,0 +1,2 @@
+from setuptools import setup
+setup()