Metadata-Version: 2.4
Name: securedypkt
Version: 0.1.0
Summary: Pure-Python toolkit for decrypting and re-encrypting Cisco Packet Tracer (.pkt) files
Author-email: Securedy Labs <nathanrampersaud@gmail.com>
Project-URL: Homepage, https://github.com/Nathan8044/SecuredyPKT
Keywords: cisco,packet-tracer,pkt,twofish,eax,crypto,network
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Operating System :: OS Independent
Classifier: Topic :: Security :: Cryptography
Classifier: Topic :: Utilities
Requires-Python: >=3.8
Description-Content-Type: text/markdown
License-File: LICENSE
Dynamic: license-file

# SecuredyPKT

**SecuredyPKT** is a pure-Python research tool by **Securedy Labs** for decrypting and re-encrypting Cisco Packet Tracer (`.pkt`) files.

It fully reimplements the proprietary cryptographic and obfuscation pipeline used internally by Packet Tracer, enabling offline inspection, diffing, and version-controlling of lab topologies — without requiring the official application.

This is an active research and development project. A custom crypto model and extended feature set are planned.

---

## Installation

```bash
pip install securedypkt
```

No additional dependencies required. Pure Python 3.8+.

---

## Python API (for agents and integrations)

```python
import securedypkt

# Decrypt a .pkt file → XML bytes
xml_bytes = securedypkt.decrypt_file("lab.pkt")

# Or work directly with bytes (e.g. from an upload handler)
with open("lab.pkt", "rb") as f:
    xml_bytes = securedypkt.decrypt_pkt(f.read())

# Re-encrypt XML bytes → .pkt bytes
pkt_bytes = securedypkt.encrypt_pkt(xml_bytes)
pkt_bytes = securedypkt.encrypt_file("lab.xml")
```

---

## CLI Usage

### Decrypt `.pkt` → XML

```bash
unpacket lab.pkt
# Output: lab.xml

unpacket lab.pkt -o decrypted.xml
```

### Re-encrypt XML → `.pkt`

```bash
repacket lab.xml
# Output: lab.pkt

repacket lab.xml -o rebuilt.pkt
```

### Options

| Tool | Option | Description |
|------|--------|-------------|
| `unpacket` | `input_file` | Path to `.pkt` file |
| | `-o, --output` | Output XML path |
| `repacket` | `input_file` | Path to `.xml` file |
| | `-o, --output` | Output `.pkt` path |

---

## How It Works

Cisco Packet Tracer `.pkt` files are protected by a 4-layer scheme. SecuredyPKT reverses all four layers:

```
[ .pkt file on disk ]
        |
        v
[1] Stage-1 Deobfuscation
    Byte-order reversal + positional XOR
    result[i] = data[L-1-i] ^ (L - i*L & 0xFF)
        |
        v
[2] Twofish/EAX Decryption (authenticated)
    128-bit Twofish block cipher in EAX mode
    Key:  0x89 * 16  (hardcoded in Packet Tracer)
    IV:   0x10 * 16  (hardcoded in Packet Tracer)
    Last 16 bytes of ciphertext = AEAD authentication tag
        |
        v
[3] Stage-2 Deobfuscation
    Positional XOR with decreasing counter
    result[i] = b ^ (L - i & 0xFF)
        |
        v
[4] Qt Decompression
    zlib stream with 4-byte big-endian size prefix (qCompress format)
        |
        v
[ Plain XML topology ]
```

`repacket` runs this pipeline in reverse: XML → compress → obfuscate → encrypt → obfuscate → `.pkt`.

---

## Crypto Stack

| Module | Purpose |
|--------|---------|
| `securedypkt/decipher/twofish.py` | Pure-Python Twofish block cipher (128-bit) |
| `securedypkt/decipher/cmac.py` | CMAC / OMAC message authentication code |
| `securedypkt/decipher/ctr.py` | CTR mode keystream engine (big-endian counter) |
| `securedypkt/decipher/eax.py` | EAX authenticated encryption (AEAD) |
| `securedypkt/decipher/pt_crypto.py` | Full Packet Tracer decryption pipeline |

---

## Security Notes

- The hardcoded key and IV are **Cisco's**, reverse-engineered from the Packet Tracer binary
- EAX tag verification is enforced — corrupted or tampered `.pkt` files are rejected
- No network calls; fully offline
- Known research items for future versions:
  - Input file size guard
  - zlib decompression size cap
  - XML parsing hardening

---

## Legal

This software is provided for **security research, educational, and interoperability purposes**.

Cisco Packet Tracer and all related trademarks are property of Cisco Systems, Inc.
SecuredyPKT is not affiliated with or endorsed by Cisco.

See [LICENSE](LICENSE) for full terms.
