Encryption of TS viewer for Amazon Cloud Drive is AES 256bit CTR mode.
Key used for AES encryption is made of byte stream deformed with PBKDF2 of password provided by the user. The number of iterations is 1000, salt is "PseudoRandomStream".
128 bit counter block is composed of the preceding 64bit as the nonce and the following 64bit as the counter.
The nonce 64bit(8byte) is made of byte stream deformed with PBKDF2 of nonce string. The number of iterations is 1000, salt is "nonce_salt".
The counter 64bit is incremented by 1, are stored in little-endian. The 9th byte of 128bit(16byte) counter block is the least significant byte, and the 16th byte is the most significant byte of counter. The counter is incremented in each 16 byte of stream, as a result, is the quotient obtained by dividing the Position of the stream at 16.
To encrypt stream, xor the original stream with the key stream generated previous section. To decrypt stream, xor the encrypted stream with the key stream.
In order to avoid duplication, when "filename" as the original file name, the nonce string is "filename.XXXXXX" (X is random alphabet and number strings of 8 characters). And the filename uploaded is "filename.XXXXXX.enc".
Note that you cannot decrypt if change the encrypted file name because decryption needs same nonce string.
Convert the nonce string to UTF8 encoded binary stream. Encrypt this stream with same way of file encryption, with key stream generated by the password from user and the nonce string is the id of Amazon Drive. The Encrypted stream convert to a Unicode byte by byte, x -> '\u2800'+x. The characters of Unicode '\u2800' to '\u28ff' are Braille. To decrypt, process in reverse.back