Merge pull request #8 from spak9/encryption

Encryption

Author: spak9

README.md

@@ -1,6 +1,6 @@
 # mmkv_visualizer
 A web application that will allow you to visualize [MMKV](https://github.com/Tencent/MMKV) databases, with all processing done client-side.
-The [web service](https://www.mmkv-visualizer.com/) utilizes [Pyodide](https://pyodide.org/en/stable/) enables a python 
+The [web service](https://www.mmkv-visualizer.com/) utilizes [Pyodide](https://pyodide.org/en/stable/) which enables a python 
 runtime within the browser, in which the main MMKV parsing code is written in.
 It sends no data up to any server and all the parsing happens right in your browser.
 
@@ -13,7 +13,7 @@ There are three ways you can use the following code:
 The main way is to utilize the online web service provided at https://www.mmkv-visualizer.com/.
 You can simply drag & drop or choose an MMKV of your choice, then visualize the data.
 The visualizer allows you to iterate through different data type encodings (MMKV uses protobuf encoding)
-by simply clicking any table cell, as well as expand the data to get a deeper look. 
+by simply clicking any table cell, as well as expand the data to get a deeper look.
 
 2. Local Web Application:
 
@@ -30,8 +30,16 @@ does not allow you to see older data, while this parser can. This may be importa
 
 You can also find a set of python tests found at `tests`.
 
+## Decryption
+
+The MMKV library natives allows users to encrypt their MMKV files using AES-128 in CFB mode.
+If needed, the application allows decryption of the data, but must be given the following:
+
+1. The encrypted MMKV file AND corresponding .crc file (the .crc file contains the 16-byte IV)
+2. The AES key. (Will be prompted to enter the AES key in the form of a hexstring, allowing any length for the key)
+
 ## Roadmap
 
-- [ ] Expose more metadata: whether database size was found, or if it's a best effort approach, file is empty, file is probablistically encrypted.
+- [x] Expose more metadata: whether database size was found, or if it's a best effort approach, file is empty, file is probablistically encrypted.
 - [ ] Experiment with new UI design and see if Svelte Material is a viable solution.
-- [ ] Enable decryption with user input of encryption key.
+- [x] Enable decryption with user input of encryption key.

frontend/index.html

@@ -2,6 +2,7 @@
 <html lang="en">
   <head>
     <title>MMKV Visualizer</title>
+    <meta name="description" content="MMKV Viewer that allows visualization of the most recent key-value pairs, as well as older logged values not available via the native API">
     <link rel="stylesheet" href="/src/app.css">
     <!-- Load in Pyodide Script -->
     <script src="https://cdn.jsdelivr.net/pyodide/v0.21.3/full/pyodide.js"></script> 

frontend/public/mmkv_parser.py

@@ -2,6 +2,7 @@
 from pathlib import Path
 from typing import Optional, List, Union, Tuple, DefaultDict
 from collections import defaultdict
+from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes 
 
 import sys
 import struct
@@ -166,29 +167,26 @@ def __init__(self, mmkv_file_data: Union[str, BufferedIOBase], crc_file_data: Un
         else:
             pass
 
-
         # Initialize our files
         self.mmkv_file: BufferedIOBase = mmkv_file_data
         self.crc_file: Optional[BufferedIOBase] = crc_file_data
         self.pos: int = 0
         self.decoded_map: DefaultDict[str, List[bytes]] = defaultdict(list)
 
-        # Read in first 4 header bytes - [0:4] is total size
-        self.header_bytes: bytes = self.mmkv_file.read(4)
-        if len(self.header_bytes) != 4:
-            raise ValueError('[+] Error while reading mmkv_file. Header bytes was not 4 bytes.')
-        self.pos += 4
- 
-        # TODO: find out the purpose of the varint in [4:x] position
-        # [4:X] is garbage bytes basically (0xffffff07) or is another varint
-        x, bytes_read = decode_unsigned_varint(self.mmkv_file)
-        if (x, bytes_read) == (-1, -1):
-            raise ValueError('[+] Error while decoding the [4:X] bytes of the mmkv_file.')
+        # Found IV from .crc file - don't read anything from the stream if encrypted
+        if self.crc_file:
+            crc_header_bytes = self.crc_file.read(28)
+            if len(crc_header_bytes) != 28:
+                raise ValueError('[+] Error while reading crc_file. Header bytes was not 28 bytes.')
+            self.iv = crc_header_bytes[12:28]
 
-        self.pos += bytes_read
+        # Cannot find IV from .crc file - prepare stream for decoding into a map
+        else:
+            print('[+] .CRC file was not passed in - is needed for decryption routines')
+            self.iv = b''
 
 
-    def get_db_size(self) -> int:
+    def _get_db_size(self) -> int:
         """
         Returns the actual size known to the MMKV API for querying data. This includes older
         logged data that the actual MMKV API does not have the ability to query. 
@@ -207,6 +205,59 @@ def get_db_size(self) -> int:
             raise TypeError(f'[+] Error while unpacking header bytes. Received {type(size)}')
 
 
+    def _prepare_mmkv_stream_for_decoding(self):
+        # Read in first 4 header bytes - [0:4] is total size
+        self.header_bytes: bytes = self.mmkv_file.read(4)
+        if len(self.header_bytes) != 4:
+            raise ValueError('[+] Error while reading mmkv_file. Header bytes was not 4 bytes.')
+        self.pos += 4
+ 
+        # TODO: find out the purpose of the varint in [4:x] position
+        # [4:X] is garbage bytes basically (0xffffff07) or is another varint
+        x, bytes_read = decode_unsigned_varint(self.mmkv_file)
+        if (x, bytes_read) == (-1, -1):
+            raise ValueError('[+] Error while decoding the [4:X] bytes of the mmkv_file.')
+
+        self.pos += bytes_read
+
+
+    def decrypt_and_reconstruct(self, key: Union[str, bytes]) -> bytes:
+        """
+        Attempts to decrypt `self.mmkv_file` data with `key` and `self.iv` using
+        AES-128-CFB. Will return decrypted bytes as a fully decrypted MMKV file.
+        Will pad `key` with NULL bytes or only take the first 16-bytes.
+
+        :param key: 16-byte AES key, or hexstring AES key
+        :return: decrypted mmkv file in bytes
+        """
+        print(f'iv: {self.iv}')
+        if isinstance(key, str):
+            key = bytes.fromhex(key)
+
+        # Validate the key size
+        if len(key) > 16:
+            key = key[:16]
+        elif len(key) < 16:
+            diff = (16 - len(key)) * b'\x00'
+            key += diff
+
+        size = self.mmkv_file.read(4)
+        print(f'size: {size}')
+        encrypted_data = self.mmkv_file.read()
+
+        cipher = Cipher(algorithms.AES(key), modes.CFB(self.iv))
+        decryptor = cipher.decryptor()
+        res = decryptor.update(encrypted_data) + decryptor.finalize()
+        res = size + res
+
+        self.mmkv_file = BytesIO(res)
+        return res
+
+
+
+    '''
+        Decoding Procedures
+    '''
     def decode_into_map(self) -> DefaultDict[str, List[bytes]]:
         """
         A best-effort approach on linearly parsing the `mmkv_file` stream and building up 
@@ -215,8 +266,11 @@ def decode_into_map(self) -> DefaultDict[str, List[bytes]]:
         :return: a built up defaultdict, which is also an instance variable
         """
 
+        # Prepare first
+        self._prepare_mmkv_stream_for_decoding()
+
         # Get size of database
-        db_size = self.get_db_size()
+        db_size = self._get_db_size()
 
         # Check db_size - max out if needed
         if db_size == 0:
@@ -276,6 +330,7 @@ def decode_into_map(self) -> DefaultDict[str, List[bytes]]:
 
         return self.decoded_map
 
+
     def decode_as_int32(self, value: Union[str, bytes]) -> int:
         """
         Decodes `value` as a signed 32-bit int.
@@ -287,6 +342,7 @@ def decode_as_int32(self, value: Union[str, bytes]) -> int:
             value = bytes.fromhex(value)
         return decode_signed_varint(BytesIO(value), mask=32)[0]
 
+
     def decode_as_int64(self, value: Union[str, bytes]) -> int:
         """
         Decodes `value` as a signed 64-bit int.
@@ -309,6 +365,7 @@ def decode_as_uint32(self, value: Union[str, bytes]) -> int:
             value = bytes.fromhex(value)
         return decode_unsigned_varint(BytesIO(value), mask=32)[0]
 
+
     def decode_as_uint64(self, value: Union[str, bytes]) -> int:
         """
         Decodes `value` as an unsigned 64-bit int.
@@ -320,6 +377,7 @@ def decode_as_uint64(self, value: Union[str, bytes]) -> int:
             value = bytes.fromhex(value)
         return decode_unsigned_varint(BytesIO(value), mask=64)[0]
 
+
     def decode_as_string(self, value: Union[str, bytes]) -> Optional[str]:
         """
         Attempts to decodes `value` as a UTF-8 string.
@@ -343,6 +401,7 @@ def decode_as_string(self, value: Union[str, bytes]) -> Optional[str]:
             print(f'[+] Could not UTF-8 decode {value!r}')
             return None
 
+
     def decode_as_bytes(self, value: Union[str, bytes]) -> Optional[bytes]:
         """
         Decodes `value` as bytes.
@@ -366,6 +425,7 @@ def decode_as_bytes(self, value: Union[str, bytes]) -> Optional[bytes]:
             print(f'[+] Could not decode bytes')
             return None
 
+
     def decode_as_float(self, value: Union[str, bytes]) -> Optional[float]:
         """
         Decodes `value` as a double (8-bytes), which is a float type in Python.
@@ -377,11 +437,12 @@ def decode_as_float(self, value: Union[str, bytes]) -> Optional[float]:
             value = bytes.fromhex(value)
 
         if len(value) != 8:
-            print(f'[+] Could not float decode {value} due to length')
+            print(f'[+] Could not float decode {value!r} due to length')
             return None
 
         return struct.unpack('<d', value)[0]
 
+
     def decode_as_bool(self, value: Union[str, bytes]) -> Optional[bool]:
         """
         Attempts to decode `value` as a boolean.

frontend/src/Footer.svelte

@@ -6,11 +6,15 @@
 <div class="page-footer">
   <h1>Features</h1>
   <ul>
-  	<li>Visualize the most recent key-value pairs, as well as older logged values not available via the API.</li>
+  	<li>Visualize the most recent key-value pairs, as well as older logged values not available via the native API.</li>
   	<li>Interpret the values in all possible ways, including strings, bytes, ints, floats, and bools.</li>
+  	<li>Decrypt MMKV files with the associated <i>.crc</i> file and an AES key</li>
+  </ul>
+  <h1>Credits</h1>
+  <ul>
+  	<li><a href="https://qwtel.com/">Florian Klampfer</a>, inspiring me with <a href="https://sqliteviewer.app/"><i>SQLite Viewer</i></a></li>
+  	<li><a href="https://pyodide.org/en/stable/">Pyodide</a> for allowing me to write the parser in my favorite language</li>
   </ul>
-  <!-- <p class="text">- Visualize the most recent key-value pairs, as well as older logged values not available via the API.</p>
-  <p class="text">- Interpret the values in all possible ways, including strings, bytes, ints, floats, and bools.</p> -->
   <p>© Steven Pak 2022</p>
 </div>
 

frontend/src/MMKVCell.svelte

@@ -87,8 +87,8 @@
 
 <MMKVCellModal 
   bind:hidden={expand_hidden} 
-  data={interpretHexData(dataTypeIndex)} 
-  dataType={dataType.split('-')[0]}/>
+  content={interpretHexData(dataTypeIndex)} 
+  subject={dataType.split('-')[0]}/>
 
 
 <!-- Styles -->

frontend/src/MMKVCellModal.svelte

@@ -1,38 +1,78 @@
 <script>
 
+	/**
+	 * Imports
+	 */
+	import { createEventDispatcher } from 'svelte';
+
+	/**
+	 * State
+	 */
 	export let hidden = true
-	export let data
-	export let dataType
+	export let content = ''
+	export let subject = ''
+	let aesKey = ""
+	const dispatch = createEventDispatcher();
 
+	/**
+	 *  Functions 
+	 */
+	
+	// Will copy the `content` state string into the browser clipboard
 	async function copyContent(e) {
     e.stopPropagation()
     console.log("[+] Copy Content")
-    navigator.clipboard.writeText(data).then(
+    navigator.clipboard.writeText(content).then(
       () => {
-        console.log('[+] Copied data')
+        console.log('[+] Copied content')
       },
       () => {
         console.log('[+] Copy failed')
       })
   }
+
+  // Will dispatch a custom event called "sendAesKey", which will
+  // hold the `aesKey` hexstring from the user.
+  function sendAesKey() {
+  	console.log(`[+] AES Key: ${aesKey}`)
+  	dispatch('sendAesKey', {
+  		aesKey: aesKey
+  	})
+  }
+
+  // Will reset all the props to default.
+  function exit() {
+  	console.log('[+] Reset props from MMKVCellModal')
+  	hidden = true
+  	content = ''
+  	subject = ''
+  }
+  
 </script>
 
 
 <!-- HTML -->
 <div class="modal" class:hidden={hidden}>
-	<span class="data-type">{dataType}</span>
+	<span class="subject">{subject}</span>
 	<span class="material-icons md-18" on:click={copyContent}>content_copy</span>
 	<hr>
-	<span>{data}</span>
-</div>
+	<span>{content}</span>
 
-<div class="overlay" class:hidden={hidden} on:click={() => hidden = true}>
-	
+	{#if subject == "Encrypted MMKV Database"}
+		<br><br>
+		<label for="aes-key">Please enter your AES key in the form of a hexstring:</label>
+		<input bind:value={aesKey} type="text" id="aes-key" name="aes-key">
+		<br>
+		<button on:click={sendAesKey}>Decrypt</button>
+	{/if}
 </div>
 
+<div class="overlay" class:hidden={hidden} on:click={exit}></div>
+
 
 <!-- Styling -->
 <style>
+	span { white-space: pre-line; }
 	.modal {
 		padding: 16px;
 		width: 60vw;
@@ -61,5 +101,5 @@
 	.hidden {
 		display: none;
 	}
-	.data-type {color: rgba(0, 0, 0, 0.5);}
+	.subject {color: rgba(0, 0, 0, 0.5);}
 </style>