Results 1 to 4 of 4

Thread: Extracting symetric encryption key from a program

  1. #1

    Extracting symetric encryption key from a program

    Im trying to collect the encryption key used to decrypt and then encrypt a small file after its been altered. The program uses the microsoft base cryptographic provider and the rc4 algo and i believe its a 40bit key. I have found where the program creates a context, the creates a hash, adds data to the hash and then uses cryptderivekey to turn the hash data in the key. My problem is now i dont know how to recover the key. I have not been able to find much data on exactly where the key handles are located for a symetric key. Any help would be appriciated. I have been using IDA pro and ollydbg and perfectky willing to do my own work if someone would be as kind as push me in the right direction.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    ::[ Reverse Engineer ]:: OHPen's Avatar
    Join Date
    Nov 2002
    Location
    .text
    Posts
    399
    Blog Entries
    5
    Hi batwings21,

    you already described that you have everything you need. You see which apis are called in which order and it should be easy to either log the needed parameters for those functions by debugging or hooking the according functions. As soon as you have extracted the parameters you are able to write a tiny c program which is calling the apis in exactly the same order. After that you should have a valid cryptographic key which can passed to msbcp encrypt/decrypt functions.

    You are almost done! Simply use your result ;D

    Regards,
    OHPen.
    - Reverse Enginnering can be everything, but sometimes it's more than nothing. Really rare moments but then they appear to last ages... -

  3. #3
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    This may be helpful: http://www.ngssecure.com/Libraries/Document_Downloads/Exporting_Non-Exportable_RSA_Keys_Whitepaper.sflb.ashx

  4. #4
    Just wanted to thank you both for your replies, I wrote a c program using the same data and was able to decrypt and encrypt the file.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Extracting Flexlm seeds
    By redhatjack in forum Advanced Reversing and Programming
    Replies: 0
    Last Post: May 25th, 2011, 12:37
  2. Extracting shellcode from office docs?
    By xtrm2008 in forum Malware Analysis and Unpacking Forum
    Replies: 10
    Last Post: June 4th, 2009, 15:20
  3. Extracting java classes from exe ?
    By MrSmith in forum Malware Analysis and Unpacking Forum
    Replies: 9
    Last Post: December 17th, 2008, 16:35
  4. Installshield Password Protected Self Extracting EXE
    By j_hallows in forum Malware Analysis and Unpacking Forum
    Replies: 18
    Last Post: June 27th, 2002, 04:37
  5. Extracting asm from programs for use in keygen...
    By DGR in forum Tools of Our Trade (TOT) Messageboard
    Replies: 2
    Last Post: June 26th, 2001, 04:11

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •