What does it mean to be able to crack the EMA encryption?
As has already been pointed out several times, EMA works with two different keys, the first replacing the values of the source data with its own values and the second mixing them using its own values.
It is therefore a matter of guessing, as an clairvoyant does, two keys, each of which can also be several MB in size. Unfortunately, it is not possible to replace one value at a time to find meaningful content, because the data is also mixed and the size of the byte block used for encryption is unknown.
Note that the default length for generating a key is 4.194.304 bytes. It contains two sub-keys of 2.097.152 bytes each. Theoretically, for each sub-key, there are 2562.097.152 combinations of its values and although many combinations may be improbable, the possibilities remain virtually infinite. There is no reason to use two sub-keys of such significant length if the size of the data to be encrypted is smaller than the size of the sub-key. In any case, it is better to configure a long key that is good for both a long and a short data size.
If the length of the key is n and the number of bytes in the data source or byte block is less than n, the first sub-key will use a limited set of sub-key values from index 0 to index n. For the second sub-key, the range will be from index n/2 to index n/2+n.
To decrypt encrypted data, it is necessary to have an understanding of masking/encryption and unmasking/decryption concepts and to use the EMA cryptographic method, as well as the data structure used for encryption.
Now we will take a closer look at the four main concepts on which the EMA project is based:
- The keys
- The byte block
- The pre-encryption data structure
- Settings before encryption
- Encryption
- Settings before decryption
- Decryption
The keys
In EMA, the key and the data are closely associated. The key performs minimal calculations, such as generating its checksum, verifying the first byte, and determining the number of bytes to add to the beginning of the data before masking it.
Keys are closely associated with byte blocks, as the size of the byte block determines which sub-keys values are used.
Generating a key for the EMA software means generating a file containing 2 keys. The first half is used by the substitution technique and the second half by the shuffling technique. It is therefore obvious that the size of the generated key file is an even number of bytes.
In the The Keys section we will see everything related to the keys in detail.
The byte block
Another very important concept is the byte block. The EMA byte block should not be confused with data buffering in Java, although they are somewhat related.
The byte block deals with encryption and decryption over files. Byte array uses a byte block defined by the user.
Encrypting and decrypting files involves vital and intricate steps that include the byte-block, unlike those performed solely on a byte array source. This is due to the need to write additional data to the preencryption data header and the requirement to read and write large files using buffered Java byte arrays. The first block is very important and must be read with a bit complicated procedure during decryption. This step includes crucial information about key correctness and integrity, byte block size, correctness of checksums and all file information.
The size of the EMA byte block is very important as it depends on the hardware and operating system used and ultimately determines the performance of the operations.
The larger the byte block, the fewer execution cycles the internal core will have to perform, but it will have to handle large amounts of I/O data; the smaller the byte block, the more execution cycles the core will have to perform, but it will have to handle a smaller amount of bytes. Only by experimenting will you find the byte block size that gives the best performance.
In the The byte block section we will see everything related to the byte block in detail.
The pre-encryption data structure
Before performing the actual encryption of the source data, it is necessary to create the header and enter all the information required for the subsequent decryption. Both, files and byte arrays must be prepared through the pre-encryption phase in which the data to be encrypted are normalized.
Encrypting a file can be a complex process due to the combination of fixed and variable data that must be written to the header. For all data/information written to the header we have to know their length. Data length that are fixed are written in a specific order and positions: the length of the file name (including the path), the size of the file in bytes, whether to enable checksum calculation and which algorithm to use, the file creation date, the date the file was last modified and the last access, the length of the file owner’s name and the size of the byte block used, whether encryption is enabled, the checksum of the key used (MD5, SHA-256 or SHA-512).
Following the preceding information, there is data of variable length. This data is: the name of the file owner, the file group if applicable, the attributes or the file permissions, the filesystem name and type, the origin data and its checksum calculated using the selected algorithm if required.
A number of random bytes based on the first two bytes of the key is placed on the top of the header before the encryption.
In the The pre-encryption data structure section we will see everything related to the pre-encryption data structure in detail.
Settings before encryption
Before encrypting the source data, you can set specific parameters and options that have preset values. It is possible to enhance the directory paths, set a specific key, enable or disable the view details of the encryption and/or decryption phase, enable or disable the of the encryption and/or decryption execution core, calculate the checksum of the byte array or file with a specific algorithm, set a byte block size different from the preset one and choose the naming type of the decrypted file.
In the Settings before encryption section we will see everything related to the encryption in detail.
Encryption
Encryption can be applied to byte arrays and files. Files are normally stored, but byte arrays are not. Byte arrays remain in memory as long as the session is active, and the user can deal with them as they wish.
Regarding byte arrays, their size can range from 1 byte to a maximum of 1 GB. For files, the minimum size is 0 bytes and the maximum size is determined by the software settings and hardware capabilities.
The minimum size of an encrypted byte array or file is 64KB, even if it is 0 bytes for the files and 1 byte for byte arrays.
Once pre-encryption has been completed the encryption can be performed.
The encryption stage require configuring certain parameters. To ensure successful encryption, a valid key should be set and the paths to the directories containing both the encrypted and decrypted files must also be specified.
In the Encryption section we will see everything related to the encryption in detail.
Settings before decryption
Before decrypting the encrypted data, you can only decide whether you want to see the details of the decryption process and enable the option to save the decrypted file in the source directory by overwriting the existing one. On the other hand, the byte block size, whether the checksum and its algorithm are enabled or not, and whether the core performing the decryption is enabled or not, cannot be reset because they are automatically read from the encrypted data.
In the Settings before decryption section we will see everything related to the encryption in detail.
Decryption
Decryption can be applied to byte arrays and files, just like encryption. To decrypt data, simply set the decryption key and enable or disable the details view. For encrypted files, it is also possible to view all the file’s information without having to decrypt the entire file, as the information is located in the first byte block.
The Decryption section will provide a detailed explanation of the decryption process.
The logs
Logs are enabled in both the terminal and log file by default. This allows for method execution results to be viewed in both the terminal and the log file. Once the log file is configured and enabled for writing, it will continue to be written to the queue until it is given a new name to identify it for a set period. Following this, it is recreated from scratch for the first execution. Manual management is required for log file maintenance. The log file is named “log.txt” and resides in the directory specified by the setLogFilesDirectory(“absolutePath”) method. The log are always append to the log.txt file and possible rotations may be done by user.
- To disable the log viewing on the terminal, use disableOutputToTerminal();
- To enable the log viewing on the terminal, use enableOutputToTerminal();
- To disable writing to the log file, use disableOutputToFile();
- To enable writing to the log file, use enableOutputToFile();
If you disable terminal output, nothing appears.
Log example :
The execution of the following methods output the following log:
- setTimeZone(“Europe/Rome”);
- setThousandsSeparator(‘,’);
- setKeyFilesDirectory(“C:\Users\guest\ema\key\”);
- setOriginFilesDirectory(“C:\Users\guest\ema\src\”);
- setEncryptedFilesDirectory(“C:\Users\guest\ema\msk\”);
- setDecryptedFilesDirectory(“C:\Users\guest\ema\usk\”);
- setLogFilesDirectory(“C:\Users\guest\ema\log\”);
- enableChecksumKeyName();
- keyCreation(0); // 0 means default (4.194.304-byte)
- setKey(“”); // empty set the just created key
- setEncryptionChecksumAlgorithm(3);
- fileEncryption(“Dracula.txt”, “”);
- fileDecryption(getEncryptedFilename(), “”);
Copyright 2021-2024 EMA (Encryption by Masking))
Program: Ema.jar (static not instantiatable)Version 1.24.0419.0 (2024.04.19)
Developer: Stefano Fazzino - Udine (Italy)
***
For info and documentation visit https://www.creoart.com
***
1. EMA (Encryption by Masking) is free to use for personal non-profit purposes.
2. Public and private companies, universities, colleges, schools, research
institutes, hospitals, governmental and non-governmental agencies and the
military are only allowed to test and try it freely. For all other purposes
they have to ask for permission to use it.
3. You may not copy and/or include parts of this software in your own code
without the explicit permission of the developer.
4. Before running the program:
- check its checksum and if it does not match to the one signed, DO NOT RUN
- also check the program Ema.jar (static not instantiatable)
by sites like https://www.virustotal.com
5. For bugs, suggestions, vulnerabilities or anything else send an email:
i n f o @ c r e o a r t . c o m
6. The developer cannot be held responsible in any way for any damages,
malfunctions or any other consequence related to the use of this software.
7. If you do not agree, please do not use this software.
***
***
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
This program 'Ema.jar' ver.Version 1.24.0419.0 - 2024.04.19, is running on Windows 11
Java vendor: Amazon.com Inc.
Java vendor URL: https://aws.amazon.com/corretto/
Java version: 1.8.0_382
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
2024.04.22 18:49:31.546 RUNNING setTimeZone() ::
2024.04.22 18:49:31.550 SETTING 'Europe/Rome' as new time zone
2024.04.22 18:49:31.550
2024.04.22 18:49:31.550 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
2024.04.22 18:49:31.550 RUNNING setThousandsSeparator() ::
2024.04.22 18:49:31.550 SETTING ',' as the new thousands separator
2024.04.22 18:49:31.550
2024.04.22 18:49:31.551 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
2024.04.22 18:49:31.551 RUNNING setKeyFilesDirectory() ::
2024.04.22 18:49:31.554 SETTING 'C:\Users\guest\ema\key\' as input/output keys files directory
2024.04.22 18:49:31.554
2024.04.22 18:49:31.554 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
2024.04.22 18:49:31.554 RUNNING setOriginFilesDirectory() ::
2024.04.22 18:49:31.555 SETTING 'C:\Users\guest\ema\src\' as origin files directory
2024.04.22 18:49:31.555
2024.04.22 18:49:31.555 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
2024.04.22 18:49:31.555 RUNNING setEncryptedFilesDirectory() ::
2024.04.22 18:49:31.556 SETTING 'C:\Users\guest\ema\msk\' as output encrypted files directory
2024.04.22 18:49:31.556
2024.04.22 18:49:31.557 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
2024.04.22 18:49:31.557 RUNNING setDecryptedFilesDirectory() ::
2024.04.22 18:49:31.557 SETTING 'C:\Users\guest\ema\usk\' as output decrypted files directory
2024.04.22 18:49:31.558
2024.04.22 18:49:31.558 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
2024.04.22 18:49:31.558 RUNNING setLogFilesDirectory() ::
2024.04.22 18:49:31.559 SETTING 'C:\Users\guest\ema\log\' as logs files directory
2024.04.22 18:49:31.559
2024.04.22 18:49:31.559 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
2024.04.22 18:49:31.559 RUNNING enableChecksumKeyName() ::
2024.04.22 18:49:31.560 ENABLING checksum as key name
2024.04.22 18:49:31.560
2024.04.22 18:49:31.561 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
2024.04.22 18:49:31.561 RUNNING keyCreation() ::
2024.04.22 18:49:31.842 CREATING the key
2024.04.22 18:49:31.843 Naming type: MD5 Checksum
2024.04.22 18:49:31.843 C:\Users\guest\ema\key\1713804571920692600_7e73e0a99fbf5a008808983529ebfe09.key 4,194,304-byte
2024.04.22 18:49:31.844 sub-key_1: from index '0' to index '2,097,151'
2024.04.22 18:49:31.844 sub-key_2: from index '2,097,152' to index '4,194,304'
2024.04.22 18:49:31.878
2024.04.22 18:49:31.879 This key adds 3581 random bytes to the top of pre-encryption data if origin data is a file
2024.04.22 18:49:31.880 and 111 random bytes to the top of pre-encryption data if origin data is a byte array
2024.04.22 18:49:31.880
2024.04.22 18:49:31.880 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
2024.04.22 18:49:31.881 RUNNING setKeyFilename() ::
2024.04.22 18:49:31.881 SETTING the key
2024.04.22 18:49:31.882 C:\Users\guest\ema\key\1713804571920692600_7e73e0a99fbf5a008808983529ebfe09.key 4,194,304-byte
2024.04.22 18:49:31.882 sub-key_1: from index '0' to index '2,097,151'
2024.04.22 18:49:31.882 sub-key_2: from index '2,097,152' to index '4,194,304'
2024.04.22 18:49:31.937
2024.04.22 18:49:31.937 This key adds 3581 random bytes to the top of pre-encryption data if origin data is a file
2024.04.22 18:49:31.938 and 111 random bytes to the top of pre-encryption data if origin data is a byte array
2024.04.22 18:49:31.938
2024.04.22 18:49:31.939 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
2024.04.22 18:49:31.939 RUNNING setEncryptionChecksumAlgorithm() ::
2024.04.22 18:49:31.941 SETTING checksum algorithm to 'SHA-256' for encryption
2024.04.22 18:49:31.942
2024.04.22 18:49:31.942 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
2024.04.22 18:49:31.943 RUNNING fileEncryption() ::
2024.04.22 18:49:31.943 FILE TO ENCRYPT
2024.04.22 18:49:31.944 C:\Users\guest\ema\src\Dracula.txt 635-byte
2024.04.22 18:49:31.944 ..................................................................................................
2024.04.22 18:49:31.944 ENCRYPTION KEY
2024.04.22 18:49:31.945 C:\Users\guest\ema\key\\1713804571920692600_7e73e0a99fbf5a008808983529ebfe09.key 4,194,304-byte
2024.04.22 18:49:31.945 sub-key_1: from index '0' to index '2,097,151'
2024.04.22 18:49:31.945 sub-key_2: from index '2,097,152' to index '4,194,304'
2024.04.22 18:49:31.946
2024.04.22 18:49:31.946 This key adds 3581 random bytes to the top of pre-encryption data if origin data is a file
2024.04.22 18:49:31.947 and 111 random bytes to the top of pre-encryption data if origin data is a byte array
2024.04.22 18:49:31.947 ..................................................................................................
2024.04.22 18:49:31.992 ENCRYPTION SETTINGS
2024.04.22 18:49:31.992 Encryption execution core: ENABLED
2024.04.22 18:49:31.993 Checksum calculation: ENABLED with SHA-256 algorithm
2024.04.22 18:49:31.993 Encryption details: ENABLED
2024.04.22 18:49:31.993 Use a random name to save the encrypted file: ENABLED
2024.04.22 18:49:31.994 ..................................................................................................
2024.04.22 18:49:31.994 STARTING THE CORE EXECUTION IN ENCRYPTION MODE
2024.04.22 18:49:31.997 Reading the prepared byte block 0000000001 00000744µs 65,536-byte
2024.04.22 18:49:31.998 Calculating SHA-256 checksum 00000243µs
2024.04.22 18:49:32.001 Encrypting the byte block 0000000001 00002682µs
2024.04.22 18:49:32.001 Writing the encrypted byte block 0000000001 00000156µs 65,536-byte
2024.04.22 18:49:32.002 FINISHED THE CORE EXECUTION IN ENCRYPTION MODE
2024.04.22 18:49:32.002 ..................................................................................................
2024.04.22 18:49:32.003 OVERALL TIMES
2024.04.22 18:49:32.003 Time to read 0000000001 byte blocks 00000000ms
2024.04.22 18:49:32.003 Time to calculate the SHA-256 checksum 00000000ms
2024.04.22 18:49:32.004 Time to complete the encryption 00000002ms
2024.04.22 18:49:32.004 Time to write 0000000001 byte blocks 00000000ms
2024.04.22 18:49:32.004 Total time 00000003ms
2024.04.22 18:49:32.004 ..................................................................................................
2024.04.22 18:49:32.005 SAVING THE ENCRYPTED FILE
2024.04.22 18:49:32.005 C:\Users\guest\ema\msk\1713804572014838700_wK2ZvtdTru9yGdpPvz8UgpeTXQYo6Ule.msk 65,536-byte
2024.04.22 18:49:32.005 ..................................................................................................
2024.04.22 18:49:32.006 The checksum SHA-256 was calculated
2024.04.22 18:49:32.006 Encryption performed successfully
2024.04.22 18:49:32.006
2024.04.22 18:49:32.006 FINISHED fileEncryption() ::
2024.04.22 18:49:32.007
2024.04.22 18:49:32.007 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
2024.04.22 18:49:32.007 RUNNING fileDecryption() ::
2024.04.22 18:49:32.008 FILE TO DECRYPT
2024.04.22 18:49:32.008 C:\Users\guest\ema\msk\1713804572014838700_wK2ZvtdTru9yGdpPvz8UgpeTXQYo6Ule.msk 65,536-byte
2024.04.22 18:49:32.009 ..................................................................................................
2024.04.22 18:49:32.009 DECRYPTION KEY
2024.04.22 18:49:32.009 C:\Users\guest\ema\key\\1713804571920692600_7e73e0a99fbf5a008808983529ebfe09.key 4,194,304-byte
2024.04.22 18:49:32.010 sub-key_1: from index '0' to index '2,097,151'
2024.04.22 18:49:32.010 sub-key_2: from index '2,097,152' to index '4,194,304'
2024.04.22 18:49:32.010
2024.04.22 18:49:32.011 This key adds 3581 random bytes to the top of pre-encryption data if origin data is a file
2024.04.22 18:49:32.011 and 111 random bytes to the top of pre-encryption data if origin data is a byte array
2024.04.22 18:49:32.058
2024.04.22 18:49:32.059 The decryption key is correct
2024.04.22 18:49:32.059 ..................................................................................................
2024.04.22 18:49:32.059 BYTE BLOCK SIZE
2024.04.22 18:49:32.060 Size = 65,536-byte
2024.04.22 18:49:32.060 ..................................................................................................
2024.04.22 18:49:32.060 ENCRYPTION WAS PERFORMED
2024.04.22 18:49:32.060 ..................................................................................................
2024.04.22 18:49:32.061 CHECKSUM FOUND
2024.04.22 18:49:32.061 Algorithm: SHA-256
2024.04.22 18:49:32.061 ..................................................................................................
2024.04.22 18:49:32.062 DECRYPTION SETTINGS
2024.04.22 18:49:32.062 Decryption details: ENABLED
2024.04.22 18:49:32.063 Save the decrypted file to origin directory: DISABLED
2024.04.22 18:49:32.063 ..................................................................................................
2024.04.22 18:49:32.064 STARTING THE CORE EXECUTION IN DECRYPTION MODE
2024.04.22 18:49:32.064 Reading the encrypted byte block 0000000001 00000085µs 65,536-byte
2024.04.22 18:49:32.065 Decrypting the byte block 0000000001 00000545µs
2024.04.22 18:49:32.066 Calculating SHA-256 checksum 00000135µs
2024.04.22 18:49:32.067 Writing the decrypted byte block 0000000001 00000119µs 635-byte
2024.04.22 18:49:32.067 FINISHED THE CORE EXECUTION IN DECRYPTION MODE
2024.04.22 18:49:32.069 ..................................................................................................
2024.04.22 18:49:32.069 OVERALL TIMES
2024.04.22 18:49:32.070 Time to read 0000000001 byte blocks 00000000ms
2024.04.22 18:49:32.070 Time to complete the decryption 00000001ms
2024.04.22 18:49:32.071 Time to calculate the SHA-256 checksum 00000000ms
2024.04.22 18:49:32.071 Time to write 0000000001 byte blocks 00000000ms
2024.04.22 18:49:32.072 Total time 00000001ms
2024.04.22 18:49:32.072 ..................................................................................................
2024.04.22 18:49:32.072 INFORMATION ABOUT THE ORIGIN (DECRYPTED) FILE
2024.04.22 18:49:32.073
2024.04.22 18:49:32.073 Directory C:\Users\guest\ema\src
2024.04.22 18:49:32.074 Filename Dracula.txt
2024.04.22 18:49:32.074 Size 635-byte
2024.04.22 18:49:32.076 Filesystem type NTFS
2024.04.22 18:49:32.077 Filesystem name Windows
2024.04.22 18:49:32.077 Date of encryption 2024.04.22 18:49:31
2024.04.22 18:49:32.078 Last modified date 2024.04.14 18:51:24
2024.04.22 18:49:32.078 Creation date 2024.03.01 16:41:20
2024.04.22 18:49:32.079 Last access date 2024.04.14 18:51:24
2024.04.22 18:49:32.079 Owner BUILTIN\Administrators (Alias)
2024.04.22 18:49:32.079 Group
2024.04.22 18:49:32.080 Permissions NT AUTHORITY\SYSTEM:READ_DATA/WRITE_DATA/APPEND_DATA/READ_NAMED_ATTRS
2024.04.22 18:49:32.081 /WRITE_NAMED_ATTRS/EXECUTE/DELETE_CHILD/READ_ATTRIBUTES/WRITE_ATTRIBU
2024.04.22 18:49:32.081 TES/DELETE/READ_ACL/WRITE_ACL/WRITE_OWNER/SYNCHRONIZE:ALLOW, BUILTIN\
2024.04.22 18:49:32.082 Administrators:READ_DATA/WRITE_DATA/APPEND_DATA/READ_NAMED_ATTRS/WRIT
2024.04.22 18:49:32.082 E_NAMED_ATTRS/EXECUTE/DELETE_CHILD/READ_ATTRIBUTES/WRITE_ATTRIBUTES/D
2024.04.22 18:49:32.083 ELETE/READ_ACL/WRITE_ACL/WRITE_OWNER/SYNCHRONIZE:ALLOW, BUILTIN\Users
2024.04.22 18:49:32.083 :READ_DATA/READ_NAMED_ATTRS/EXECUTE/READ_ATTRIBUTES/READ_ACL/SYNCHRON
2024.04.22 18:49:32.084 IZE:ALLOW, \Everyone:READ_DATA/READ_NAMED_ATTRS/EXECUTE/READ_ATTRIBUT
2024.04.22 18:49:32.084 ES/READ_ACL/SYNCHRONIZE:ALLOW
2024.04.22 18:49:32.084 ..................................................................................................
2024.04.22 18:49:32.085 SAVING THE ORIGIN (DECRYPTED) FILE AND ITS ORIGIN INFORMATION
2024.04.22 18:49:32.085 C:\Users\guest\ema\usk\Dracula.txt 635-byte
2024.04.22 18:49:32.087 C:\Users\guest\ema\usk\Dracula.txt.csv 975-byte
2024.04.22 18:49:32.087 ..................................................................................................
2024.04.22 18:49:32.087 CHECKSUM SHA-256 was verified and is correct
2024.04.22 18:49:32.088 Decryption performed successfully
2024.04.22 18:49:32.088
2024.04.22 18:49:32.088 FINISHED fileDecryption() ::
2024.04.22 18:49:32.089
2024.04.22 18:49:32.089 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::