Results 1 to 8 of 8

Thread: String encrypted - decrypt?

  1. #1

    Question String encrypted - decrypt?

    Hello,

    i'm using w32dasm, but all strings and comments are encrypted.
    Is it possible to decrypt it?

  2. #2
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,048
    Blog Entries
    5
    C0d3r-F4N, please do yourself a favor and use the free version of IDA:

    https://www.hex-rays.com/products/ida/support/download_freeware.shtml

    WDasm was notorious for not parsing all strings correctly, and unicode strings not at all. Unless you're absolutely sure about it, it's possible that the strings aren't even encrypted at all, just that WDasm can't handle them.

    From your posts it's obvious that you want to learn, and that's great to see. But you might as well learn to use the proper tools from the start. WDasm is very old and deprecated and IDA is far, far, far superior for a number of reasons. If in fact your strings are encrypted and the situation is fairly simple, you might even learn how to use an IDA script to decrypt them, such is the capability of the tool. Simply being able to view things like unlimited cross-references (XREFS) in IDA, you'll find that your reversing sessions will be much more effective and enjoyable. At least give it a try over WDasm and see what you think - Please!

    Kayaker

  3. #3
    In OllyDbg i see this encrypted Strings in CPU-window (comment) too, but not all encrypted.
    In OllyDbg under All referenced text strings are all readable (all ok).

    I only want to use free tools, IDA isn't!
    IDA 5.0 is old, like wdasm, so IDA 5.0 it's free.

  4. #4
    son of Bungo & Belladonna bilbo's Avatar
    Join Date
    Mar 2004
    Location
    Rivendell
    Posts
    310
    Hi C0d3r-F4N,

    if you have time and will to experiment, you could try some of the stuff enumerated in this thread...
    http://reverseengineering.stackexchange.com/questions/1817/is-there-any-disassembler-to-rival-ida-pro

    I unfortunately cannot give advices to you, because I use IDA... Even if I think it could be more powerful with some little effort (ever tried to decompile MFC programs?)

    Best regards
    bilbo
    Non quia difficilia sunt, non audemus, sed quia non audemus, difficilia sunt.[Seneca, Epistulae Morales 104, 26]

  5. #5
    Quote Originally Posted by bilbo View Post
    if you have time and will to experiment...
    Yes, i have time.
    I know it's a long way to learn...
    Quote Originally Posted by bilbo View Post
    (ever tried to decompile MFC programs?)
    No, never.
    I'm a newbie.

  6. #6
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,456
    Blog Entries
    15
    you want to learn

    post back how you will approach this encranked trings

    Code:
    N3q8ryccAAO8i9I7KwEAAAAAAABEAAAAAAAAAIJADYsAJpaOcAAX9+wFu+r0/5QBL0TuTr0JNP5Qt9TpkrI3Nqa8kld8rNDm8ZEmgd46Memejm/4M+e9sN+NmzeMOFot38eVT7VmgG5SrtOx7qTtqZrijA1nn+VzDF3Yc3H2J1+UG9nT6A3e8iHf02VQjZVBWxot/yXoOQMjYrZxunhko0ZaJsPlXkguqS2dxqmSZNx1+SknoeKl6weQLfOE6nArFKGn3LdV7ktp+OF1fkvWEEffyfxLT0LBgyzw7zEN7FTTQbsn/A8Y7igE8m6Uf41YNyKOPHaikLn8ASdQtkL6HqrF1f5j9pUFqSZfbwCU/ZqdK4jd6Rdze1k18GBiEYRJAxpwXoYvPJ61nvU/4jOdsQRmSeQHeXxMwFj2tG06VCBq9yV4ab8HQJ2LJAEEBgABCYErAAcLAQABIwMBAQVdAAABAAyC7AAICgEW1oyeAAAFAREFAGEAAAAUCgEA6uiOSNEf0QEVBgEAICAAAAAA

  7. #7
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,048
    Blog Entries
    5
    Bad Evil blabberer. This is real?

    Not Base64 - regions of low entropy (randomness of characters), no trailing padding characters (=) that would be present from a 532 character result
    Not Base64 with custom index table - non-randomness of characters seems to preclude that

    Didier Stevens XORSearch - no results given for common words (the, and, http)

    Custom job then. Is there a way to guess possible bitwise operations used in the algo by focussing on certain characters? For example, what operations (xor,shl,shr,rol,ror) keep the first character (N) as a capital letter, and convert the second character (3) to a small letter (ASS-uming this is an encrypted sentence)?

    What other strategies could one use on a random encrypted string totally devoid of context?

  8. #8
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,456
    Blog Entries
    15
    all i know is that a glutonion dwarf captured this tring when it was trying to impress itself into a hovulan crater which supposedly contains a hordeload of zuper cekret gilica zell centerfusing treactors the dwarf sold this tring as a jeero night to hyest bedder and lo every badbug and its cousins now have a copy of this tring and is go ogling for more
    yours truly is a distant cousin of a distant cousin of a distant .........tingering the tring

Similar Threads

  1. encrypted harddisk
    By OHPen in forum RCE Cryptographics
    Replies: 13
    Last Post: January 29th, 2009, 12:55
  2. old encrypted cd
    By kqt in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: June 4th, 2002, 01:24
  3. Editing DOS encrypted files
    By Unregistered in forum Malware Analysis and Unpacking Forum
    Replies: 0
    Last Post: October 10th, 2001, 06:28
  4. encrypted .exe?
    By spamal in forum Malware Analysis and Unpacking Forum
    Replies: 8
    Last Post: January 4th, 2001, 15:48

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •