|
|
 |
|
|
Thread Tools | Display Modes |
Sep 6th, 2005, 11:37 PM
|
#1 |
|
Newbie
Join Date: Sep 2005
Posts: 4
Rep Power: 0
 |
XOR Encryption I think
First off, let me apologize for joining a forums and posting a question right off the bat! I'm going to read the C++/C/Assembler/Perl sections right after this to see if I can offer my semy-professional advice :p
Now to my problem. I'm trying to find the algorithm to emulate this behavior. I don't need to know the key to this, though it should be easy to find once you know the algorithm, because I know the key changes with each packet. I just need to make an emulator for this. 42 02 98 FD 4D BE 39 ED 8D 3F 7A 37 92 FB D3 88 | B.˜ýM¾9í??z7’ûÓˆ 89 06 10 7F B2 D3 98 C9 AD 2D 3B 54 99 F8 B3 E2 | ‰..²Ó˜É*-;T™ø³â 86 06 10 7F B2 D3 98 C9 AD 2D 3B 54 99 F8 B3 E2 | †..²Ó˜É*-;T™ø³â 86 06 10 7F B2 D3 98 C9 AD 2D 3B 35 F8 86 CD 83 | †..²Ó˜É*-;5ø†Íƒ E7 78 6E 1E D3 AD E6 A8 CC 53 45 35 F8 86 CD 83 | çxn.Ó*æ¨ÌSE5ø†Íƒ E7 78 6E 1E D3 AD E6 A8 CC 53 45 35 F8 86 CD 83 | çxn.Ó*æ¨ÌSE5ø†Íƒ E7 78 6E 1E D3 AD E6 A8 CC 53 45 35 F8 86 CD 83 | çxn.Ó*æ¨ÌSE5ø†Íƒ E7 78 6E 1E D3 AD E6 A8 CC 53 45 35 F8 86 CD 83 | çxn.Ó*æ¨ÌSE5ø†Íƒ E7 78 6E 1E D3 AD E6 A8 CC 53 45 35 F8 86 CD 83 | çxn.Ó*æ¨ÌSE5ø†Íƒ E7 78 6E 1E D3 AD E6 A8 CC 53 45 35 F8 86 CD 83 | çxn.Ó*æ¨ÌSE5ø†Íƒ E7 78 6E 1E D3 AD E6 A8 CC 53 45 35 F8 86 CD 83 | çxn.Ó*æ¨ÌSE5ø†Íƒ E7 78 6E 1E D3 AD E6 A8 CC 53 45 35 F8 86 CD 83 | çxn.Ó*æ¨ÌSE5ø†Íƒ E7 78 6E 1E D3 AD E6 A8 CC 53 45 35 F8 86 CD 83 | çxn.Ó*æ¨ÌSE5ø†Íƒ E7 78 6E 1E D3 AD E6 A8 CC 53 45 35 F8 86 CD 83 | çxn.Ó*æ¨ÌSE5ø†Íƒ E7 78 6E 1E D3 AD E6 A8 CC 53 45 35 F8 86 CD 83 | çxn.Ó*æ¨ÌSE5ø†Íƒ E7 78 6E 1E D3 AD E6 A8 CC 53 45 35 F8 86 CD 83 | çxn.Ó*æ¨ÌSE5ø†Íƒ E7 78 6E 1E D3 AD E6 A8 CC 53 45 35 F8 86 CD 83 | çxn.Ó*æ¨ÌSE5ø†Íƒ E7 78 6E 1E D3 AD E6 A8 CC 53 45 35 F8 86 CD 83 | çxn.Ó*æ¨ÌSE5ø†Íƒ E7 78 6E 1E D3 AD E6 A8 CC 53 45 35 F8 86 CD 83 | çxn.Ó*æ¨ÌSE5ø†Íƒ E7 78 6E 1E D3 AD E6 A8 CC 53 45 35 F8 86 CD 83 | çxn.Ó*æ¨ÌSE5ø†Íƒ E7 78 6E 1E D3 AD E6 A8 CC 53 45 35 F8 86 CD 83 | çxn.Ó*æ¨ÌSE5ø†Íƒ E7 78 6E 1E D3 AD E6 A8 CC 53 45 35 F8 86 CD 83 | çxn.Ó*æ¨ÌSE5ø†Íƒ E7 78 6E 1E D3 AD E6 A8 CC 53 45 35 F8 86 CD 83 | çxn.Ó*æ¨ÌSE5ø†Íƒ E7 78 6E 1E D3 AD E6 A8 CC 53 45 35 F8 86 CD 83 | çxn.Ó*æ¨ÌSE5ø†Íƒ E7 78 6E 1E D3 AD E6 A8 CC 53 45 35 F8 86 CD 83 | çxn.Ó*æ¨ÌSE5ø†Íƒ E7 78 6E 1E D3 AD E6 A8 CC 53 45 35 F8 86 CD 83 | çxn.Ó*æ¨ÌSE5ø†Íƒ E7 78 6E 1E D3 AD E6 A8 CC 53 45 35 F8 86 CD 83 | çxn.Ó*æ¨ÌSE5ø†Íƒ E7 78 6E 1E D3 AD E6 A8 CC 53 45 35 F8 86 CD 83 | çxn.Ó*æ¨ÌSE5ø†Íƒ E7 78 6E 1E D3 AD E6 A8 CC 53 45 35 F8 86 CD 83 | çxn.Ó*æ¨ÌSE5ø†Íƒ E7 78 6E 1E D3 AD E6 A8 CC 53 45 35 F8 86 CD 83 | çxn.Ó*æ¨ÌSE5ø†Íƒ E7 78 6E 1E D3 AD E6 A8 CC 53 45 35 F8 86 CD 83 | çxn.Ó*æ¨ÌSE5ø†Íƒ E7 78 6E 1E D3 AD E6 A8 CC 53 45 35 F8 86 CD 83 | çxn.Ó*æ¨ÌSE5ø†Íƒ E7 78 6E 1E D3 AD E6 A8 CC 53 45 35 F8 86 CD 83 | çxn.Ó*æ¨ÌSE5ø†Íƒ E7 78 6E 1E D3 AD E6 A8 CC 53 45 35 F8 86 CD 83 | çxn.Ó*æ¨ÌSE5ø†Íƒ E7 78 6E 1E D3 AD E6 A8 CC 53 45 35 F8 86 CD 83 | çxn.Ó*æ¨ÌSE5ø†Íƒ E7 78 6E 1E D3 AD E6 A8 CC 53 45 35 F8 F8 B3 83 | çxn.Ó*æ¨ÌSE5øø³ƒ E7 06 | ç. Now what I know of this packet, it starts off as a header and I'm not exactly sure what information is in the header there. Second is a set of 20 chars of "a" and that's followed by 256 chars of "~" which I chose do to binary 111111110, hoping that might make it easier. There's a defenate pattern, but I see that 1 unencrypted byte equals 2 encrypted bytes. Not sure what this means, but I'm thinking it's an XOR operation and maybe a shift because it's extremely repeating so nothing tough like AES or DES or anything. Sorry for the jumbled description of what I'm trying to do, but I'm not exactly great with cryptography so I don't exactly know where to start. Even any simple observations about it that I might miss would be greatly appreciated. |
|
|
|
Sep 7th, 2005, 1:24 AM
|
#2 |
|
Professional Programmer
Join Date: Apr 2005
Location: Nowhere Special
Posts: 466
Rep Power: 4
 |
Well, it doesn't look like any real encryption job as the randomness is just not there. It really just looks like a failed attempt at doing something, where the program spit out the same string over and over.
Do you know that this is encrypted, and not just some random nonsense? What's the source of this data?
__________________
% rc4 hexkey < input > output
#define S ,t=s[i],s[i]=s[j],s[j]=t /* rc4 hexkey <file */
unsigned char k[256],s[256],i,j,t;main(c,v,e)char**v;{++v;while(++i)s[
i]=i;for(c=0;*(*v)++;k[c++]=e)sscanf((*v)++-1,"%2x",&e);while(j+=s[i]
+k[i%c]S,++i);for(j=0;c=~getchar();putchar(~c^s[t+=s[i]]))j+=s[++i]S;} |
|
|
|
|
Sep 7th, 2005, 1:31 AM
|
#3 |
|
Newbie
Join Date: Sep 2005
Posts: 4
Rep Power: 0
|
I know it's not just randomness, It's a packet from an internal messaging system that I was asked to be able to intercept messages and relay different messages to different locations depending on the content. The original source is MIA so all I have to go on is the packets that I can send myself. Each message contains a Title, in this case it was 20 'a' s, and the message content was 256 '~' s. I can see where those defenatly show up in there, so I'm looking for the routine to go from what I see to what I need.
|
|
|
|
|
Sep 7th, 2005, 1:53 AM
|
#4 |
|
Professional Programmer
Join Date: Apr 2005
Location: Nowhere Special
Posts: 466
Rep Power: 4
|
I see, that cleared it up a bit. Give me a bit and I'll look into deciphering this.
__________________
% rc4 hexkey < input > output
#define S ,t=s[i],s[i]=s[j],s[j]=t /* rc4 hexkey <file */
unsigned char k[256],s[256],i,j,t;main(c,v,e)char**v;{++v;while(++i)s[
i]=i;for(c=0;*(*v)++;k[c++]=e)sscanf((*v)++-1,"%2x",&e);while(j+=s[i]
+k[i%c]S,++i);for(j=0;c=~getchar();putchar(~c^s[t+=s[i]]))j+=s[++i]S;} |
|
|
|
|
Sep 7th, 2005, 2:48 AM
|
#5 |
|
Professional Programmer
Join Date: Apr 2005
Location: Nowhere Special
Posts: 466
Rep Power: 4
|
This is what I got from writing little programs to reverse-encrypt in order to find the string. I tried AND, OR, and XOR operations, but only XOR yeilded fully successful matches, though nothing plaintext. Here's the results from XOR 'encryption':
% ./xor Success with (153): 153 -- ~ XOR = ç Success with (6): 6 -- ~ XOR = x Success with (16): 16 -- ~ XOR = n Success with (96): 96 -- ~ XOR ` = Success with (173): 173 -- ~ XOR * = Ó Success with (211): 211 -- ~ XOR Ó = * Success with (152): 152 -- ~ XOR = æ Success with (213): 213 -- ~ XOR Õ = « Success with (178): 178 -- ~ XOR ² = Ì Success with (45): 45 -- ~ XOR - = S Success with (59): 59 -- ~ XOR ; = E Success with (75): 75 -- ~ XOR K = 5 Success with (134): 134 -- ~ XOR = ø Success with (248): 248 -- ~ XOR ø = Success with (179): 179 -- ~ XOR ³ = Í Success with (253): 253 -- ~ XOR ý = I only tested it with that repeating 16-character string in the middle ('çxn.Ó*æ¨ÌSE5ø†Íƒ'). I'll test it more and do some other operations to try to get a plaintext value as the key. I'm just keeping you abridged with what I'm doing.
__________________
% rc4 hexkey < input > output
#define S ,t=s[i],s[i]=s[j],s[j]=t /* rc4 hexkey <file */
unsigned char k[256],s[256],i,j,t;main(c,v,e)char**v;{++v;while(++i)s[
i]=i;for(c=0;*(*v)++;k[c++]=e)sscanf((*v)++-1,"%2x",&e);while(j+=s[i]
+k[i%c]S,++i);for(j=0;c=~getchar();putchar(~c^s[t+=s[i]]))j+=s[++i]S;} |
|
|
|
|
Sep 7th, 2005, 3:06 AM
|
#6 |
|
Professional Programmer
Join Date: Apr 2005
Location: Nowhere Special
Posts: 466
Rep Power: 4
|
Just noting:
This is the header (hex): 42 02 98 FD 4D BE 39 ED 8D 3F 7A 37 92 FB D3 88 89 This is the set of eight a's (hex): 06 10 7F B2 D3 98 C9 AD 2D 3B 54 99 F8 B3 E2 86 This is the set of eight ~'s (hex): 35 F8 86 CD 83 E7 78 6E 1E D3 AD E6 A8 CC 53 45 This is the footer (hex): F8 B3 83 E7 06 From this, I can tell that the encrypted data loses entropy after 8 bytes and repeates itself, leading me to believe that the key is 8 bytes. The message does seem to be doubled through encryption, but the header and footer remain the same original lenght (since they're both odd in lenght). I'm guessing the footer is just an end-of-message note, but I'm not sure. It's five bytes long; the header is 17 bytes. They both seem encrypted or 'reduced' (not sure of the right word there). Still working :p give me a while. It's late where I am -- I'll work on this more tomorrow.
__________________
% rc4 hexkey < input > output
#define S ,t=s[i],s[i]=s[j],s[j]=t /* rc4 hexkey <file */
unsigned char k[256],s[256],i,j,t;main(c,v,e)char**v;{++v;while(++i)s[
i]=i;for(c=0;*(*v)++;k[c++]=e)sscanf((*v)++-1,"%2x",&e);while(j+=s[i]
+k[i%c]S,++i);for(j=0;c=~getchar();putchar(~c^s[t+=s[i]]))j+=s[++i]S;} |
|
|
|
|
| Bookmarks |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
