PDA

View Full Version : Rijndael S-Box? AES... Maybe even XOR? -- Examples


ph3wl
February 21st, 2011, 12:10
Hey guys, I have been working on this for a while now and though it couldn't hurt to post and see what you thought. I would say I'm a little on the obsessed side right now haha

Old Borland c++ app that encrypts a txt file. I have been inside and out of this code I see everything that is happening I guess experience is failing me here. I have patched the encrypter exe to bypass for now but I'm not happy with that as an answer :/

I think its Rijndael S-Box, couple peid crypt plugins have shown the locations of the tables

Test Encryptions (Seems like no matter what is entered its padded to 16bytes)
a =
Code:
[~Ÿ}$T

no characters (empty file) =
Code:
—‘RP55Q

this text is greater than sixteen characters =
Code:
QTž’˜x1t9D™D**'‚Vb1w…G(


strings I have found in the exe and dll files that do the encryption/decryption
Code:
ku3V%4Z5ud8Fcbm! (this one shows up in olly at the method call, looks like it gets broken)

Code:
B4!wp0!w

Code:
a1c3e5g7i9k0m2o4q6s8u0w1y2789876 (I am seeing this one only in encrypting exe's hmm)


found some new strings in a diff exe
2435

Update
Found another exe which exposes a lot more info

From what I can tell this is RijndaelDecrypt from Crypto++
The key passed is a1c3e5g7i9k0m2o4q6s8u0w1y2789876

also looks like on encrypt "enc" is added and decrypt "dec" is added to something

I have a lot more to go off now...