PDA

View Full Version : Blowfish


peterg70
September 12th, 2002, 10:51
I have an application that seems to be using Blowfish encryption.

First question I have is it possible to keygen this sort of application.

Here is some more info as to the inputs.

Computer ID Code
Serial Number (must be 16 numbers or letters 0..9 or A to F)
Password (32 Characters )
Name
Location

There seems to be different types of licenses (academic, Normal, Network)

Also has time period licensing.

Previous cracks exist for program but no longer work due to new implementation of code.

I have started looking at the code and have found what looks like a encrypted code

98whr387!h8u%#fnuw$q&rhf8whADfwh

which goes through a decoding function to produce another code.

Looking for guidance in what I should be looking for to reconize the correct procedure for blowfish.
i.e.
Secret code decrypt
Password decrypt
create new code and check

Anyway any thoughts welcome.
peterg70

PS
JMI
Don't bother telling me to search as I have done this already

Anyone who wants a look at this the program name is WinSim Design II (18mb download)

Solomon
September 12th, 2002, 11:09
Try to find the encryption/decryption key of symmetric algo. If the key is a constant byte-sequence, it can be easily keygened, otherwise have to brute-force it, which seems not possible for blowfish.

The blowfish algo/procedure can be identified by its constants of P array and S-box.

peterg70
September 12th, 2002, 13:16
Solomon:

Can you expand what you have said above

How can I tell if its constant byte once I find the algo

What do the constants of P array and S-box look like?

I have continued investigating the software and have located a few routines for converting the code to bits etc.

Could someone have a look and let me know if this is keygenable as this seems the easiest way at the moment.


peter

cyberheg
September 12th, 2002, 14:04
Quote:
Could someone have a look and let me know if this is keygenable as this seems the easiest way at the moment.


Yes someone should do the work for you because it's easier... I think I follow you clearly. If you're not interested in doing something yourself then go away!

As for the information you gave and additionally asked for.
Get the blowfish reference source code in C, compile it, study it in asm. See how the initial S/P-boxes are done and how the keysetup is done. Follow the decryption and encryption function to get a feeling for how a 64 bit block cipher is made up and executed.

If it's keygenneable all depends on how the symetric key is used and how long it is (incase of bruteforcing it). With a 'carded' serial such schemes would be keygenable without additional steps like public key encryption.

// CyberHeg

peterg70
September 12th, 2002, 14:17
Cyberheg

I ain't going away

I am working my way through the code at the moment and have managed to get it working by patching at the moment
Damn need to find another check.

BUT Since I have done little on the encryption with blowfish i simply ask people who have done it before to comment. I didn't ask for it to be keygened and sent to me.

Even with Blowfish you can always patch the exe provided they haven't encrypted anything with key.

Its late

Nighty Night
peter

JMI
September 12th, 2002, 15:23
peterg70:

My mission statement does not authorize me to tell people to search if they have indicated that they have done so. Unless I misread the post, of course, which I have done on some occasions.

Even if you hadn't stated that you had searched, I would not have read your post as suggesting that you hadn't done some work and it suggests you are just looking for some guidance from others more familiar with the subject matter, not a solution to you particular issue.

Good luck with your efforts.

Regards.

stealthFIGHTER
September 12th, 2002, 21:01
Hello peterg70,

I know only a bit about Blowfish, but here is my small idea/hint: You can try to locate the initialization of P-box and S-box (loading the initial values into the context) by searching some of the values from P-box/S-box array in IDA.

I hope this is not nonsence .

Best regards,
stealthFIGHTER

mike
September 12th, 2002, 21:31
http://www.unixqi.com/crypto/appendix-b.html#Heading5

Source for blowfish. You can find the S and P tables here.
Quote:
First question I have is it possible to keygen this sort of application
Maybe. Too little info to tell. Do they use public key stuff at all?

peterg70
September 13th, 2002, 11:17
Mike

Thanks for the Info. Will look into it a bit more.

Just a piece of clarification. Is blowfish a one way encryption system.

i.e. Convert XXXXXXXXX to YYYYYYYYYY but not able to go from YYYYYYYYYY to XXXXXXXXX
OR
is it Convert XXXXXXXXX to YYYYYYYYYY and YYYYYYYYYY to XXXXXXXXX.

Its implementation into software seems a bit vague to me. If they encrypt a section of the code with blowfish then they must be able to decrypt it later.

If the software uses the blowfish implementation to wrap a password (similar to crapkey) then all blowfish will do is decrypt the code to say numbers and then these numbers will be used in various parts of the code for different tasks.

My current feeling from looking at the code) is blowfish must be a two way encryption which uses the Computer ID/Name/Location and Some secret numbers to wrap the password.

Does this sound right???


Peterg70

Solomon
September 13th, 2002, 11:30
Blowfish is a symmetric algo(two way), just like DES/Twofish/IDEA etc. For symmetric algo, the encryption key is the same as decryption key. So if you can find the key, it is broken, coz the encryption/decryption algo is known.

MD5/SHA-1 etc are one-way hash algorithms.

Here you can find the Blowfish algo description and source code
hxxp://www.counterpane.com/crypto-gram.html

peterg70
September 13th, 2002, 11:32
I found the table with all the constant in it. Definate Blowfish

I put a break on it and it don't break on it at all????

A red Herring Blowfish?

Don't make sense

peterg70

peterg70
September 23rd, 2002, 08:56
Phew

Have learnt alot about blowfish (reading up on it) most of it went in one ear and out the other.

Is there a simple tool out there that has the blowfish code implemented but that doesn't encrypt/decrypt files but instead does strings.

Something like this
http://www.pk67.com/test/blow.html

What I guess i am looking for is something that will scan for the key.

I know the Data before and after decryption. So looking for something that I can enter some test strings to see if it will reverse to the correct code or a brute forcer for the finding the key. Yes I know the key space is huge but would like to trial it anyway.

Anything out in the ether for this. Let me know.

peter

PS any sign of crapkey 6.0 on the net yet??

mike
September 23rd, 2002, 23:23
You need to be more specific about how blowfish is used for us to give suggestions on how to attack it. You said that you know the data before and after it gets decrypted. What mode is blowfish being used in? ECB (no chaining) CFB (stream cipher) CBC (cipher-block chaining) CTR (counter mode) ? Give us as much information about when and where blowfish is applied.

For example, if they have a fixed key embedded in the software, it's trivial to break and you can even write a keygen. If it hashes your password, uses that as the key to decrypt a license file, that can be broken easily and keygenned. If there's a fixed block of data and your password has to decrypt it, then you can't keygen it, but you can send the password around; since that's the only one that can decrypt it, it can't identify you.

All of these and more are possible given the limited info you've posted.

peterg70
September 24th, 2002, 02:41
Mike

As usual in two lines of text you've blown me across the room. I am still at the stage of understanding how blowfish works before I can even assume how it is implemented in this program.

I have been trying to use a bit of zen instead. The reason I believe blowfish is used is because of the obvious configuration of the software but none of this is ever called (at least that I have found yet).

From feeling the code its seems to do the following.

Take a 32 character password (0-F only) as input.

It then checks if the decryption routine has been initialised. If not it runs through a fixed string value (embedded in the code) through the "Decrypt_Code" routine.
My initial guess it creates a table of decoding for hashing the password. (The word FISH is at the start of this table)

Then it runs through the decrypt_code with the 32 char password.
and converts this into a string.
I Know what values I want in the various bits of the decrypted string but need to convert it back to the encrypted string first.

I know brute forcing it will work. i.e. Change each character in the password until the decoded number matchs what I want but the key space is large 16^32 which would take a while.

But in regards to your question about ECB,CFB,CBC,CTR my guess is the CFB (Stream cipher) but Its a guess

If you want you can PM or Email me to discuss further.

Thanks again
peterg70

mike
September 25th, 2002, 00:39
Quote:
the key space is large 16^32 which would take a while
16^32=(2^4)^32=2^(4*32)=2^128 (!)
Quote:
It then checks if the decryption routine has been initialised. If not it runs through a fixed string value (embedded in the code) through the "Decrypt_Code" routine.
<snip>
Then it runs through the decrypt_code with the 32 char password and converts this into a string


Blowfish has two inputs (key, ciphertext) and one output (plaintext). You've only shown one input here.

I can see two scenarios, neither of them convincing: one is that you have to provide a key to decrypt the "fish" message to some ciphertext with the proper bits. The problem is, it's just as hard for the author to find a key that sets the bits as for the cracker.

The other is that you provide part of the plaintext and decrypt it under a fixed key to get your special bits. The problem is that all you need to do is pick your bits and encrypt them to break the system, so anyone who knew anything about crypto wouldn't do it that way.

If you change bytes in the blowfish tables, does the plaintext change?

If so, put a read breakpoint on them. If it doesn't stop, you either set the breakpoint too late (after the program loaded and already went thru them) or your breakpoints don't work.

If the plaintext doesn't change, they're a red herring!