So I am trying to decrypt a connection over SSH using pycryptodome. I have the key and the IV extracted from memory (I am working inside a virtual environment), which are 100% correct, which were used for encrypting the data. Now I want to decrypt the stuff afterwards. My code looks as follows:
key="1A0A3EBF96277C6109632C5D96AC5AF890693AC829552F33769D6B1A4275EAE2"
iv="EB6444718D73887B1DF8E1D5E6C3ECFC"
key_hex=binascii_a2b_hex(key)
iv_hex=binascii_a2b_hex(iv)
ctr = Counter.new(128, prefix=iv_hex, initial_value = 0)
aes = AES.new(key, AES.MODE_CTR, counter = ctr)
decrypted = aes.decrypt(binascii.a2b_hex(cipher).rstrip())
print(decrypted)
The problem is now that the counter is too big (32 bytes) for the blocksize which is 16 byte in AES. However, I found out that you need the IV as the prefix in your counter if you want to decrypt AES-CTR plus the initial_value set to 0. Therefore I already have 16 Byte with only the Prefix. When I know want to set the first value in the counter object to 0 it does not work. Is it even possible to decrypt AES-CTR with a 16 Byte IV using pycryptodome? Or maybe someone of you sees my error. Any help would be much appreciated. Thanks in advance!
Edit: Thanks to SquareRootOfTwentyThree I solved the pycryptodome problem. Unfortunately the decryption is still not working so I opened a new Thread. openssh/opensshportable, which key should I extract from memory?
As per Chapter 4 in RFC4344, SSH uses SDCTR mode (stateful-decryption CTR mode), which means that the counter block is a 128-bit counter, starting with a value represented in the IV as encoded in network order, and with no fixed parts (unlike NIST CTR mode).
With PyCryptodome, you do that with:
aes = AES.new(key_hex, AES.MODE_CTR, initial_value=iv_hex, nonce=b'')
Note: there seems to be an error in your code - you initialize the cipher with key (hexadecimal string) and not key_hex (bytes).