{"id":22433660,"url":"https://github.com/nlitsme/vimdecrypt","last_synced_at":"2025-08-01T12:34:07.899Z","repository":{"id":71128614,"uuid":"56350413","full_name":"nlitsme/vimdecrypt","owner":"nlitsme","description":"Python tool for decrypting vim encrypted files.","archived":false,"fork":false,"pushed_at":"2024-03-23T20:02:51.000Z","size":27,"stargazers_count":46,"open_issues_count":0,"forks_count":9,"subscribers_count":6,"default_branch":"publicbranch","last_synced_at":"2024-04-24T16:59:12.315Z","etag":null,"topics":["decryption","encryption","file-format","python","vim"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nlitsme.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2016-04-15T21:20:24.000Z","updated_at":"2024-03-08T02:29:20.000Z","dependencies_parsed_at":"2024-02-08T17:47:34.265Z","dependency_job_id":null,"html_url":"https://github.com/nlitsme/vimdecrypt","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nlitsme%2Fvimdecrypt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nlitsme%2Fvimdecrypt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nlitsme%2Fvimdecrypt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nlitsme%2Fvimdecrypt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nlitsme","download_url":"https://codeload.github.com/nlitsme/vimdecrypt/tar.gz/refs/heads/publicbranch","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":228377526,"owners_count":17910449,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["decryption","encryption","file-format","python","vim"],"created_at":"2024-12-05T22:15:36.421Z","updated_at":"2025-08-01T12:34:07.886Z","avatar_url":"https://github.com/nlitsme.png","language":"Python","readme":"VimDecrypt\n==========\n\nTool for decrypting VIM encrypted files.\n\nvimdecrypt should work python3.\n\n\nUsage:\n\n    python vimdecrypt.py -p PASSWORD yourfile.txt\n\nOr with dictionary:\n\n    python vimdecrypt.py --dictionary /usr/share/wordlists/rockyou.txt yourfile.txt\n\n\n| option             | description\n|:------------------ |:-------------------------\n| --test             | run vim selftest\n| --verbose          | print details about keys etc.\n| --password PASSWD  | use PASSWD to decrypt the specified files\n| --encoding ENC     | use an alternate encoding ( default = utf-8, example: latin-1, hex )\n| --writezip         | create PKCRACKable .zip file from VimCrypt file\n| --dictionary DICT  | try all words from DICT as password\n| --bruteforce       | try all lowercase passwords\n\n\nA second tool will decrypt the swap file:\n\n    python vimswap.py -p PASSWORD .yourfile.txt.swp\n\n\nVIM\n===\n\nVIM can encrypt text files transparently.\nSelect the mode using 'set cryptmethod={zip, blowfish, blowfish2}'\nand set the key using 'set key=\u003csecret\u003e'\n\nBeware when entering the wrong password, VIM wil happily open the file for you.\nAnd display nonsense content.\nWhen you now save this again, it will be quite difficult to recover the original file.\n\nYou can retry the password by either quitting and reloading vim, or by typing:\n\n    :bdel | edit #\n\nin VIM. ([from](http://stackoverflow.com/questions/22353221/not-able-to-recover-vim-encrypted-file-after-set-key))\n\n\nThe encryption methods\n======================\n\n    command: set cryptmethod=zip\n    header: VimCrypt~01!\n\nUses the same algorithm as the old PKZIP program.\nThere is a tool called pkcrack which does a known plaintext attack\non zip files encrypted using this algorithm.\n\nBy wrapping the VimCrypt file in a .zip file you can crack this\nusing [PKCRACK](https://www.unix-ag.uni-kl.de/~conrad/krypto/pkcrack.html).\nThe `-w` option of `vimdecrypt.py` creates a PKCRACKable .zip archive from a given VimCrypt file.\n\nNote: there exists a tool [vimzipper.c](http://pastebin.com/7gKp6P3J) by Richard Jones, which\ncan also do this.\n\n\n    command: set cryptmethod=blowfish\n    header: VimCrypt~02!\n\nUses blowfish in little-endian mode, using Cipher Feedback Mode, but with a bug because of which the first 8 blocks all use the same IV.\n\n\n    command: set cryptmethod=blowfish2\n    header: VimCrypt~03!\n\nUses blowfish in little-endian mode, this time with a correct Cipher Feedback Mode implementation.\n\n\nBoth blowfish methods use 1000 iterations of a salted sha256 of the password.\nThe undo and swap are also encrypted when editing an encrypted file.\n\n\nSecurity problems\n=================\n\nZIP\n---\n\nThe `zip` method is very weak, you need 13 bytes of plaintext to find the key.\n\nBlowfish / bf1\n--------------\n\nThe `bf1` method is problematic for short files. \nThe problem is that the first 8 blocks all use the same `IV`, so:\n\n    enc(block1) XOR enc(block2) == block1 XOR block2\n\nThis leaks lots of information which can be used to guess the contents\nof the first 64 bytes.\n\nBlowfish2 / bf2\n---------------\n\nThe `bf2` method does not have the broken CFB problem, but \nsince it is using `CFB` without any checksum, an attacker can modify\nthe last block of the encrypted text without the user noticing.\n\nBlowfish though not really insecure, is quite old. Better ciphers, like AES,\nor Twofish have been designed since 1993.\n\npassword hashing\n----------------\n\nThe `ZIP` cipher uses it's own weak hashing algorithm.\nWith the `bf1` and `bf2` methods, the user password is hashed 1000 times using sha256.\nThis does make bruteforcing a bit more difficult, but still, this method is easily accelerated\nusing FPGA or GPU crackers.\nBetter would be to use a hashing algorithm which is difficult in both time and space, like\n`PBKDF2`, or `scrypt`.\n\nPassword cracking\n=================\n\n`vimdecrypt.py` can do some simple password cracking, either by dictionary, or bruteforce.\nNote that this all done in python, and not very fast:\n\n| algorithm | speed  |  notes\n|:---- | -----------:|:----\n|  zip | 650 pw/sec  |\n|  bf2 | 300 pw/sec  | python2, pycrypto\n|  bf2 | 180 pw/sec  | python3, pycrypto\n\nExample:\n\n    python3 vimdecrypt.py -d words.txt  encrypted.txt\n\nor \n\n    python3 vimdecrypt.py -b encrypted.txt\n\n\nYou can also use a word generator like [John the Ripper](http://www.openwall.com/john/), and pipe the wordlist\nto stdin of `vimdecrypt.py`, and specify `-` for the wordlist.\n\nLike this:\n\n    john --wordlist=words.txt --rules --stdout | python3 vimdecrypt.py -d - encrypted.txt\n\n\nFor bruteforce cracking you need some kind of heuristic to tell if the decryption was successful.\nSince encrypted data will generally compress really badly, while text compresses very well,\nthis is what i test against in `vimdecrypt`.\n\nNote that unlike .zip files, VIM does not store the CRC of the original file, so you can't use that to\nvalidate the success of the decryption.\n\n\nswapfile\n========\n\nWhen you first type/insert text in an empty file, and then set the encryption key, the swapfile will\nbe unencrypted until you actually save the file.\n\nIf you first set the encryption key, then the swapfile will be encrypted immediately.\n\n\nTODO\n====\n\n * bug: wordlist from STDIN works only with one file.\n * research if you can recover files which are accidentally encrypted twice\n   or decrypted with the wrong password, and then accidentally saved.\n\n\nSIMILAR PROJECTS\n================\n\n * [vimdecrypt](https://github.com/gertjanvanzwieten/vimdecrypt) by gertjanvanzwieten - only handles blowfish2 method\n * [node-vim-blowfish](https://github.com/stelcheck/node-vim-blowfish) by stelcheck - in perl, but not working according to it's readme.\n * [emacs-vimcryot](https://github.com/wert310/emacs-vimcrypt) by wert310 - an emacs plugin\n * [crackvim](https://github.com/wjlandryiii/crackvim) by wjlandryiii - a bruteforce cracker\n * [vimdecrypt](https://github.com/EaterOA/vimdecrypt) - by EaterOA - unfinished code\n * [vim72bf](https://github.com/xenocons/vim72bf) - by xenocons\n * [vim-blowfish](https://github.com/nowox/vim-blowfish) - by nowox\n * [vcm](https://github.com/AlexAtNet/vcm) - by AlexAtNet, in go\n * [vimcrypt.py](https://gist.github.com/amtal/d482a2f8913bc6e2c2e0) - gist\n\n\nAUTHOR\n======\n\nWillem Hengeveld \u003citsme@xs4all.nl\u003e\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnlitsme%2Fvimdecrypt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnlitsme%2Fvimdecrypt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnlitsme%2Fvimdecrypt/lists"}