Can't decrypt blowfish CTR file with pycryptodome

Question

I'm trying to recover file encrypted with an old pure python implementation of blowfish.

the old code relied on a single blofish.py file (Copyright (C) 2002 Michael Gilfix )

The old data are encrypted performing following operations:

cipher = Blowfish(self.masterKey)
cipher.initCTR()
cleanData = cipher.decryptCTR(encData)

That code don't initialize the nonce that is required in modern implementation of blowfish, so I was unable to port it to pycryptodome function

cipher = Blowfish.new(self.masterKey, Blowfish.MODE_CTR, nonce = ?????)
cleanData = cipher.decrypt(encData)

The only suggestion that I can find is inside the initCTR function where iv is set to 0 (even if CTR mode don't have IV)

def initCTR(self, iv=0):
  """Initializes CTR mode of the cypher"""
  assert struct.calcsize("Q") == self.blocksize()
  self.ctr_iv = iv
  self._calcCTRBUF()

def _calcCTRBUF(self):
  """Calculates one block of CTR keystream"""
  self.ctr_cks = self.encrypt(struct.pack("Q", self.ctr_iv)) # keystream block
  self.ctr_iv += 1
  self.ctr_pos = 0

can someone help me?

Answer 1

First, a few warnings:

1. Blowfish is not a secure cipher by today's standard. Use AES.
2. Counter mode (CTR) is not secure because it does not detect malicious modification of the encrypted data. Use other modes like GCM, CCM or EAX.
3. Counter mode really requires a random IV for every message. However, you are using a fixed IV fixed which is very wrong.

To answer your question, you should initialize the cipher as:

from Crypto.Util import Counter

ctr = Counter.new(64, initial_value=0, little_endian=True)
cipher = Blowfish.new(self.masterKey, Blowfish.MODE_CTR, counter=ctr)

The Counter object is documented here. It allows the definition of a little-endian counter (typically CTR is big-endian).

NOTE: blowfish.py encrypts differently in big-endian machines than on little-endian ones.