Enabling Encryption - addenial/smugglebus GitHub Wiki

By default, the captured SAM, SYSTEM, SECURITY, and SOFTWARE hives will be saved onto SmuggleBus home folder (/home/tc). These registry hives contain sensitive data, including the local account password hashes, which can raise a security concern in the event your flash drive is lost or misplaced.

To address this concern, encryption mode can be enabled in which files get encrypted prior being written to flash drive storage. This is accomplished by a combination of symmetric and asymmetric cryptography. To enable encryption mode simply drop your public key under /home/tc/public_key.pem. To assist with creating the key pair and decryption, two shell scripts have been created and saved under the Encryption folder in the GitHub project.

Setup:

1. Generate RSA public/private key pair ./generate_keys.sh
2. Copy the public key onto the SmuggleBus home directory /home/tc/public_key.pem

Execution Workflow:

1. SmuggleBus generates a random 32 byte value (symmetric-key)
2. The symmetric-key is used to AES 256 encrypt the collected registry hives
3. Public key is used to encrypt the symmetric-key
4. Once ran, new folder will be created in home directory, containing:
	- SAM.enc
	- SYSTEM.enc
	- SECURITY.enc
	- SOFTWARE.enc
	- KEY.enc

Decryption:

1. Private key is used to decrypt the symmetric-key
2. Decrypted symmetric-key is used to decrypt the registry hives ./decrypt.sh [arguments]
	
	Required arguments:
		-i DIRECTORY    Directory with SAM/SYSTEM/SECURITY & key.enc files    
		-o DIRECTORY    Output location                                       
		-p FILE         Private key location                                  
	Optional arguments:
		-x              Run secretsdump.py when done (Default: False)