SourceForge.net Logo


Home

Cryptcat Project License Sourceforge

Credits

cryptcat = netcat + encryption

Cryptcat is the standard netcat enhanced with twofish encryption by farm9. netcat was origianally written by the l0pht (hobbit and weld pond).

Note that the L0pht has information on their copyrights covering netcat. See the 'hobbit.txt' file for that information.

Twofish is courtesy of counterpane, and cryptix. We started with the Java version of twofish from cryptix, converted it to C++ (don't ask why), and enhanced it by adding CBC mode and the ciphertext stealing technique from Applied Cryptography (pg. 196)

License

Cryptcat is licensed under the the GNU General Public License, Version 2 or later (GPLv2) in conformance with the original NetCat license.

How do you use it?

Machine A: cryptcat -l -p 1234 < testfile
Machine B: cryptcat <machine A IP> 1234

This is identical to the normal netcat options for doing exactly the same thing. However, in this case the data transferred is encrypted.

Is it Really Secure?

Not if you know the secret key, which is hardcoded to be "metallica" (use the -k option to change this key)

CERT

There is a CERT vulnerability released on CryptCat for NT. The release comes with a precompiled binary which has a gaping security hole in the '-e' option.

CERT/CC Vulnerability Note VU#165099

The included binary is compiled with the compile time option "GAPING_SECURITY_HOLE" to allow the '-e' option to work.

This option is intended to allow CryptCat to be used as an encrypting tunnel for a spawn'd binary. Unfortunately, this does not work on NT! The pipe is opened, but I/O is not encrypted. There is no workaround.

Changes

Thanks for the contributions: linux 7.0 build fixes, tricky bug fixes, -k option, OpenBSD/FreeBSD compiles, directory friendly zips & tars, including MSVC++ makes.

Since release alot of people have been submitting changes (many times for the same thing). I've been doing my best to keep up, we are trying to get this up on sourceforge, but there seems to be some sort of "approval" process that makes it unclear if that will actually happen.

So, if you have submitted something, and its not here, let me know. If you've submitted a change, and its here with someone else's name, that just means someone else got the same change in before you.

If you have a change, drop a line to info@farm9.org.

Contributors

The following individuals have made significant contributions to Cryptcat:

Hobbit Developed netcat
Weld Pond First windows port
Jo Johansen netcat -> Cryptcat
Dan F ?
Jeff Nathan Windows version
Matt W ?
Frank Knobbe ?
Dragos FreeBSD version
Bill Weiss ?
Jimmy ? ?

Thanks for the contributions: linux 7.0 build fixes, tricky bug fixes, -k option, OpenBSD/FreeBSD compiles, directory friendly zips & tars, including MSVC++ makes.