Re-encrypting decrypted Fortinet firmware from BishopFox's research.
Takes decrypted Fortinet firmware and encrypts it back to the original format. Content is useful for cyber range training purpose only. After decrypting using BishopFox's FortiCrack, note down the key as -k, as well as the encrypted image's gzip signature as '--internal-name' for proper re-encryption.
Most Important - Set Internal Name:
python3 fortipack.py firmware.decrypted -k "key" --internal-name "FGT100D-6.04-FW-build1966"
Basic usage:
# Simple encryption
python3 fortipack.py firmware.decrypted -k "your32bytekey"
# With validation
python3 fortipack.py firmware.decrypted -k "your32bytekey" --validate -v
python3 fortipack.py <input_file> -k <32_byte_key> [options]
-k, --key- Encryption key (32 bytes, ASCII or hex)-o, --output- Output file (default: input.out)--internal-name- IMPORTANT: Firmware name for gzip header--validate- Check if input is valid firmware--no-gzip- Skip compression-v, --verbose- Show detailed output
ASCII (32 characters):
-k "oAbBIcDde7FfgGHhiIjJ7KlLmsnN3OPP"
Hex (64 characters):
-k "6f41624249634464653746666747486869496a4a374b6c4c6d736e4e334f5050"
# Encrypt firmware with ASCII key
python3 fortipack.py firmware.bin -k "mykey123456789012345678901234567" -o packed.out
# Validate before encrypting
python3 fortipack.py firmware.bin -k "mykey" --validate
# Verbose output
python3 fortipack.py firmware.bin -k "mykey" -v
# Raw output without gzip
python3 fortipack.py firmware.bin -k "mykey" --no-gzip
- Reads decrypted firmware file
- Encrypts using Fortinet's algorithm (512-byte blocks, XOR-based)
- Packages in gzip format (.out file)
- Validates encryption worked
- Python 3.6+
- Standard libraries only
- Keys must be exactly 32 bytes
- Tool validates firmware headers when
--validateis used - Output is compatible with Fortinet tools
- Use for security research and analysis
# Check output file
xxd -l 100 output.out
# Test with decryption tool
forticrack.py output.out