A specialized tool for breaking file encryption systems using affine transformations.
File-based cryptanalysis of encrypted file pairs:
- Input:
data/*/directories containing.plainand.cipherfile pairs - Process: Detect encryption type (Type 1 or Type 2) and break keys
- Output: Recovered encryption keys saved in
output/as JSON
affine-attack/
├── data/ # Encrypted file pairs (core focus)
│ ├── demo1/ # Type 1 example
│ │ ├── demo000.plain/cipher
│ │ └── ... more pairs
│ └── demo2/ # Type 2 example
│ └── scene000.plain/cipher
│
├── src/
│ ├── core/ # GF(2) math (internal)
│ ├── attack/ # Breaking algorithms
│ ├── genDemo/ # 🆕 Demo data generator
│ ├── file-handler.ts # File I/O
│ ├── detector.ts # Type detection
│ └── index.ts
│
├── output/ # Results (recovered keys)
├── test/ # Simplified tests
└── cli.ts # Interactive menu
# Run interactive CLI
npm run cli
# Menu options:
# 1. Analyze Directory - Scan and detect encryption type
# 2. Break Encryption - Execute attack and recover keys
# 3. Batch Process - Process all directories
# 4. Generate Demo Data - Create test data from rules
# 0. ExitType 1: Affine transformation
- y = A·x + b (mod 2)
- Single A matrix, single b bias for all bytes
Type 2: Cyclic XOR
- y[i] = x[i] ⊕ key[i mod period]
- Repeating XOR pattern
$ npm run cli
> 1 # Analyze Directory
> 1 # Select demo1
✓ Files found: 5
✓ Detected: Type 1 (92.3% confidence)
✓ Analysis saved to: output/demo1-analysis.json$ npm run cli
> 2 # Break Encryption
> 1 # Select demo1
✓ Type 1 Success!
Key b: [0, 0, 1, 1, 1, 0, 0, 1]
✓ Key saved to: output/demo1-key.jsonnpm test
# 8 tests covering:
# - File scanning and analysis
# - Encryption detection
# - Attack executionThe genDemo tool allows you to create custom test data using rule files:
# Interactive mode
npm run cli
> 4 # Generate Demo Data
> 1 # Select rule file
> 5 # Number of file pairs
> 256 # File size (bytes)
# Creates: data/demo5/
# Command line
bun src/genDemo/index.ts src/genDemo/rules-type1-simple.txt 5 256
bun src/genDemo/index.ts src/genDemo/rules-type1-complex.txt 3 512Available Rules:
rules-type1-simple.txt- Simple XOR (key 0x39)rules-type1-complex.txt- Affine transform (XOR + ROR + SHL + XOR)rules-type2-cyclic.txt- Cyclic XOR (4-byte period)rules-type3-advanced.txt- Advanced (ROL + XOR + ROR + XOR)
📖 Full Documentation: src/genDemo/README.md
Input Files:
data/example/
├── file001.plain # Plaintext (binary)
└── file001.cipher # Ciphertext (binary)
Output JSON (Unified Affine Format):
All results are stored in the uniform affine transformation format:
Type 1 (8×8 matrix, no periodic XOR):
{
"directory": "demo1",
"timestamp": "2026-01-19T12:08:46.451Z",
"type": "Type 1",
"matrix_A": [[8×8 binary matrix]],
"key_b": [8 bits representing the bias vector b],
"success": true
}Type 2 (Extended matrix for periodic XOR with period T):
{
"directory": "demo2",
"timestamp": "2026-01-19T12:08:46.460Z",
"type": "Type 2",
"period": 4,
"matrix_A": [[32×32 identity blocks]],
"key_b": [32 bits = 4 bytes × 8 bits],
"success": true
}-
Type 1: Matrix
$A$ is 8×8, vector$b$ is 8-dimensional (one byte) -
Type 2 with period T: Matrix
$A$ is (8T)×(8T), vector$b$ is 8T-dimensional- For 4-byte periodic XOR: 32×32 matrix, 32-dimensional vector
- The matrix is block-diagonal with unit matrices
- The vector repeats the periodic XOR pattern in binary representation
- Nanba Kouseke: Type 1, XOR 0x39 + ROR 3
- EVE Burst Error: Type 1, XOR 0xFF
- Yu-Ris Engine: Type 2, cyclic 4-byte XOR
import { analyzeDirectory, detectEncryptionType } from "./src/file-handler";
import { attackType1, attackType2Single } from "./src/attack";
const analysis = analyzeDirectory("./data/demo1");
const detection = detectEncryptionType(analysis.fileGroups);
const result = attackType1(plaintext, ciphertext);Version: 2.0.0 (File-Centric)