PDA

View Full Version : lost password for photo encrypted Programme Called Security Plus. Ver 4.33


Rich769
May 26th, 2014, 03:48
I have lost the password of sum picture file that I encrypted with a programme Called Security Plus. Ver 4.33 This is a Win 98/Xp base programme . ( File exe sp$ )
Would someone be able to crack this for me or can you advise how to do this and advise programmes need to complete this.

CrackZ
May 26th, 2014, 17:34
Quick reply.

I confess I didn't google for the program. Do you have a copy of the *exact* version used?.

I remember a long time ago there was a tutorial by someone covering multiple encryption schemes used in programs, some might be breakable, some might not, some may have collisions.....the only sure way is to look ;-).

Regards,

CrackZ.

Rich769
May 27th, 2014, 14:36
Quote:
[Originally Posted by CrackZ;96449]Quick reply.

I confess I didn't google for the program. Do you have a copy of the *exact* version used?.

I remember a long time ago there was a tutorial by someone covering multiple encryption schemes used in programs, some might be breakable, some might not, some may have collisions.....the only sure way is to look ;-).

Regards,

CrackZ.


Yes I have a couple version of this programme. They say that the version are not compatible with older passwords, I have found that that is not correct. and that I have had no problems with the programme.
Just forget the password for a few Photo. I have read the article from http://www.woodmann.com. But Not a programmer I am a bit lost in the way this should be sorted out.

CrackZ
May 27th, 2014, 16:22
So you need someone to study the program for you because it sounds a little beyond your skills right now.

Does the program declare what encryption system it uses in any of the documentation?, strong programs of this nature are usually happy to tell you what encryption or method they are using, sometimes there will be a FAQ covering 'if you lose your password'.....depending what you find, there might be a number of attack vectors against the encryption, it might be fully reversible or you might not have a hope.

My feeling would be that the age of the program is a big positive for your chances, lots of export controls back then forbid using / exporting *strong encryption*, any system depending on random numbers might be vulnerable to a weak RNG.....who knows, lots of possibilities / variables ;-).

Regards,

CrackZ.

Rich769
May 29th, 2014, 04:32
Unfortunately. I can not see anything in the readme file or Help menu that states encryption or method.
The only clue is that the end file has a extension with either ( sp$ ) or sp% this is so you can see that the file is encrypted.


Quote:
[Originally Posted by CrackZ;96451]So you need someone to study the program for you because it sounds a little beyond your skills right now.

Does the program declare what encryption system it uses in any of the documentation?, strong programs of this nature are usually happy to tell you what encryption or method they are using, sometimes there will be a FAQ covering 'if you lose your password'.....depending what you find, there might be a number of attack vectors against the encryption, it might be fully reversible or you might not have a hope.

My feeling would be that the age of the program is a big positive for your chances, lots of export controls back then forbid using / exporting *strong encryption*, any system depending on random numbers might be vulnerable to a weak RNG.....who knows, lots of possibilities / variables ;-).

Regards,

CrackZ.


Thank you for the script. I have not had any time to try this at this point. Thanks again

Once I have go a C+ Compiler Programme and sorted roughly how to use it, What do I do from there. Does the updated version of Secure Plus remember your pass word or is it meant to make it visible. ! !

bilbo
May 30th, 2014, 02:57
Well, Rich769, I want to help you because the program is very old and it was retired from the site of the developers softbytelabs.com (even if it can be yet downloaded from other sites).

Furthermore they were not so accurate in telling us:
(a) they say that the version 4.33 is not compatible with the version 4.32: that's not true, as you already found out
(b)
Quote:
SecurityPlus keeps no record of the encryption key either in memory or within the data. The only time it remembers a key is after you use it and as long as the program continues to run. Once you exit SecurityPlus the key is discarded, until you re-login with the right password. If the key is lost then you may as well delete the file. That's the reason why we say it’s uncrackable, even SoftByte cannot retreive it.

from http://softbytelabs.com/us/sp/; this made me laugh a lot...

An accurate search - unfortunately through Google, not using Woodmann internal search - would help you, and us, a lot, even if you say you are not a programmer. A great tutorial on this program (version 4.32) has been written by Casimir in the distant december 1999: http://www.woodmann.com/krobar/tutlist/tutlist1814.htm ("http://www.woodmann.com/krobar/tutlist/tutlist1814.htm"). To him all my credits go. He described the proprietary encription algorithm (in assembly language) and the simple way to recover the password: the old good times of SoftIce...

I simply wrote a little C program to put into practice the Casimir concepts; here it is:
Code:

#include <stdio.h>
#include <string.h>

#define KEYSIZE 61

unsigned char key_enc[KEYSIZE] =
"*+*This file encrypted with SecurityPlus! (C)SoftByte Labs*+*";
unsigned char key_dec[KEYSIZE]; // to be read from the encrypted file
unsigned char pwd[KEYSIZE+1];
int pwdlen;

int
password_check(void)
{
int i, j;
unsigned char sub1, sub2, sub3, sub4;
unsigned char key_chk[KEYSIZE];

// we copy the key before modifying it: this routine can be called
// more than once
memcpy(key_chk, key_dec, KEYSIZE);

// init the four subtractors
sub1 = pwd[0];
sub2 = pwd[pwdlen-1];
sub3 = KEYSIZE;
sub4 = pwd[0];

// encoding loops
for (i=0, j=pwdlen; i<KEYSIZE; i++) {
key_chk[I] -= sub1 + sub2 + sub3 + sub4;

// update for next loop
if (++j >= pwdlen) j = 0;
sub1 = pwd[j];
sub2 = key_dec[I];
sub3 = KEYSIZE - 1 - i;
sub4 += 1 + j;
}
return memcmp(key_chk, key_enc, KEYSIZE) == 0;
}

void
main(int argc, char **argv)
{
int i;
FILE *fp;
unsigned char p, p0, tmp;

if (argc != 2) {
printf("usage: %s filename.sp$\n", argv[0]);
return;
}

fp = fopen(argv[1], "rb";
// skip first chunk
fseek(fp, KEYSIZE, SEEK_SET);
// bring key_dec[] in memory
fread(key_dec, KEYSIZE, 1, fp);

// we use the equation in password_check() loop with i==1 to find the
// first character of the password
p0 = key_dec[1] - key_dec[0] - key_enc[1]/*'+'*/ - (KEYSIZE-1) - 1;
p0 /= 2;
pwd[0] = p0;
p0++; // take into account the '1' above

// we use the following equations to find the following characters
// assuming the worst case of a password with length KEYSIZE
for (i=2; i<KEYSIZE; i++) {
p0 += i;
p = key_dec[I] - key_dec[i-1] - key_enc[I] - (KEYSIZE-i) - p0;
pwd[i-1] = p;
}

// we use the equation in password_check() loop with i==0 to find the
// password length
for (i=1; i<KEYSIZE; i++) {
p = key_dec[0] - 2*pwd[0] - pwd[I] - KEYSIZE;
if (key_enc[0] == p) {
pwdlen = i+1;
tmp = pwd[pwdlen];
pwd[pwdlen] = 0;
// we need a complete check before exiting: the equation could
// be satisfied for more than one value
if (password_check()) break;
// failure: restore the character replaced by the null
pwd[pwdlen] = tmp;
}
}

printf("password: \"%s\"\n", pwd);
}



The only homework for you is to grab some free compiler (every C compiler will do the job) and compile the source: you are not a programmer but nobody is born as a programmer!

Best regards
bilbo