Threat Research

AngeCryption at Insomni'Hack

By Axelle Apvrille | March 31, 2014

A few days ago, I was happy to go to Insomni'Hack. I presented some updates on how to detect hidden methods in Dalvik Executable files. But it's not my talk I want to discuss in this post, but Ange Albertini's "Angecryption".

With Angecryption, you can basically encrypt anything into whatever you want (there are a few restrictions on input and output formats, but it's the general idea).

Basically, Ange Albertini wrote a (Python) script to which you provide the input you wish, the output you wish and the key you wish. The script manipulates the input, without altering the information it contains (i.e if it's an image of Anakin Skywalker it remains an image of Anakin Skywalker and looks the same), so that the input encrypted with the provided key and a generated initialization vector (IV) turns into the output.

I tested his Python script with my own Anakin Skywalker / Darth Vador images. It works great: it slightly modified the Anakin image (but nothing the eye can see), generated an IV, and indeed, when that picture (on the left) is encrypted with AES, it becomes the image of Darth Vador (on the right). Reciprocally, if you decrypt Darth Vador, you get Anakin Skywalker. The proof illustrated below:

angecrypt anakin poc

If you want to try by yourself and check that it works indeed:

$ git clone
$ cd angepoc/anakin
$ make all
Look at image angecrypt-darthvador.png: should be Darth Vador
View image angedecrypt-anakin-skywalker.png: should be Anakin Skywalker

Amusing! But is useful?

This is really cool, because it shows it is possible to manipulate encrypted output. Haven't you ever been told the encryption of this or that item would be "pure binary, nothing readable"? Angecrypt proves this is wrong - in theory and in practice.

Besides the amusement, angecryption can be used for steganography. Let's say you intercept the image of a cat. Will you think that, with the right key, that cat turns into a secret PDF with information on your future business strategy? In particular, this technique could be useful to Datarmine, a service which aims at securing social networking posts. To unknown people, your post would appear as a given unsuspecting image. Only people with the right secret key could decrypt the image and read your personal post.

Good work!

-- the Crypto Girl

References: - A. Albertini, how Angecryption works -- illustrated: - A. Albertini, "This PDF is a JPEG; or This Proof of Concept is a Picture of Cats", Journal of PoC || GTFO , issue #3

Join the Discussion