Incorporate Changes from CFSPITkey Fork
Summary
This issue tracks the incorporation of improvements and changes made in the CFSPITkey fork (https://github.com/controlf/CFSPITkey) back into the original SPITkey project. The fork has implemented enhancements and bug fixes.
Proposed Changes
Incorporate the following changes into the SPITkey code.
Version 1.2.0 (2025-11-25)
Version 1.1.1 (2025-10-29)
Critical Bug Fixes:
Fixed get_enc_fvek false positive bug - Previously matched "Datum entry type: 3" too broadly, causing false positives with "Datum entry type: 30" and resulting in missing nonce errors
- Added context validation to ensure "ENTRY TYPE FVEK" appears near "Datum entry type: 3"
Prevents false matches and raises clear errors when no valid FVEK section is found- fixed in Commit 3e241c2
Fixed get_enc_payload UnboundLocalError - Occurred when nonce/MAC/payload were not found due to log spacing or structure inconsistencies
- Added default values for
nonce, mac, and payload to prevent unbound errors
- Extended scan range from 17 to 50 lines to accommodate spaced-out logs
- Skips early "Header safe" lines until all components are found
Raises clear error if structure is incomplete- fixed in Commit 483d4e3
Enhanced Error Handling:
[ ] MAC verification - Added MAC check in decrypt function
- Cleanly handles incorrect or corrupted VMK input
Replaces Python traceback with user-friendly error: "ERROR. MAC check failed. Are you sure you have the correct VMK?"- fixed in Commit a93770d
Version 1.0.0 (2025-08-22)
Priority
The bug fixes in version 1.1.1 should be considered high priority as they address issues that cause the tool to fail or produce incorrect results in certain scenarios.
References
Incorporate Changes from CFSPITkey Fork
Summary
This issue tracks the incorporation of improvements and changes made in the CFSPITkey fork (https://github.com/controlf/CFSPITkey) back into the original SPITkey project. The fork has implemented enhancements and bug fixes.
Proposed Changes
Incorporate the following changes into the SPITkey code.
Version 1.2.0 (2025-11-25)
-o path/to/output/dirflag for specifying output locationVersion 1.1.1 (2025-10-29)
Critical Bug Fixes:
Fixedget_enc_fvekfalse positive bug - Previously matched "Datum entry type: 3" too broadly, causing false positives with "Datum entry type: 30" and resulting in missing nonce errorsPrevents false matches and raises clear errors when no valid FVEK section is foundFixedget_enc_payloadUnboundLocalError - Occurred when nonce/MAC/payload were not found due to log spacing or structure inconsistenciesnonce,mac, andpayloadto prevent unbound errorsRaises clear error if structure is incompleteEnhanced Error Handling:
[ ] MAC verification - Added MAC check indecryptfunctionReplaces Python traceback with user-friendly error: "ERROR. MAC check failed. Are you sure you have the correct VMK?"Version 1.0.0 (2025-08-22)
.txtfile.datfile (e.g.,VMK.datfrom BitPixie)dislocker.log[EOW_INFORMATION_OFFSET_GUID]entriesPriority
The bug fixes in version 1.1.1 should be considered high priority as they address issues that cause the tool to fail or produce incorrect results in certain scenarios.
References