OBAKE Cryptanalysis: Monitoring Attack


In this attack, the actor plants a software or hardware mechanism to listen (or see) everything the user types, trying to discover secret keywords or to stole critical data based on the equipment control (sometimes using the own user's passwords to gain access to the system).


Hardware devices for monitoring are complicated to detect, and impossible to block their actions - there is no solution for them. The software-based attack approach may vary among the tracking of the keyboard, mouse, and video; or joining all of them. Sometimes they can be detected by antivirus or antimalware tools, except when the attacker authorizes this software via whitelist or "exception rules".


To help its users for preventing these situations, OBAKE supplies some controls to avoid the leakage of sensitive information, as follows:


  • OBAKE allows users to configure an access password for all functions, to prevent any unauthorized usage (see here).

  • The password may be invoked using a standard window or our Secure Virtual Keyboard to avoid monitoring tools (see here). Our keyboard has three main characteristics that make it really effective against any (known) monitoring tool:

  • It starts a secure sandboxed desktop (see here), completely independent of the current one. Any program or a software monitoring tool running in your Windows will not be able to see this sandbox and the secure-keyboard.

  • If the user informs his password using his mouse instead of typing, every time the mouse is over a key the entire keyboard disappears to avoid any hardware monitoring of the mouse/video (see here). In addition, every time the user presses a key, the keyboard changes the location of all keys. Since mouse/video monitors do not save a linear video (usually take snapshots based on mouse clicks), this measure is enough to avoid capturing the key letter (see here).

  • We invite you to see a video demo here.


  • In addition, users can enable a "Second Factor of Authentication" (2FA) based on the Google Authenticator to strengthen the security of these security measures. In this way, even someone knowing the access password must have the user's phone to get full access to any OBAKE function.


Therefore, this type of attack on the OBAKE application and the OBAKE-512 algorithm is impractical.