Page 1 of 2 12 LastLast
Results 1 to 15 of 29

Thread: stream cipher???

  1. #1

    stream cipher???

    Hi folks, i am kinda stuck when trying my hand on crypto stuff, just wanan clarify a few things...

    Should this be strean cipher? or is this block cipher?

    mov eax, DecryptedArea
    mov ecx, key ; taken from serial
    mov edx, length
    Call Decrypt

    This Call Decrypt has somethings to do with MD5 as i see the whole sets of MD5 sine tables in there... has anyone seen this type of cipher before? using MD5 hash?... i am a bit lost here, also cos of lack of sleep, thus the incoherent typing.... just wonder if this is some kind of standard cipher that i have missed out when reading about general cryptography?

    Thanx a lot,

    DaKien : i read ur post sometimes ago that you were willing to share ur collection of crypto source code :>... are you still extending that offer :>>>...??
    Last edited by crUsAdEr; March 23rd, 2002 at 04:43.

  2. #2
    Sab`
    Guest

    ???

    hrm... would be nice to see the code that "decrypt" function contains. Chances are it is a block cipher, havent seen to many stream ciphers in programs. Its possible a md5 is used to generate the block cipher keys or anything similiar. To spot if it is a block cipher look for some sort of loop until the length of the data has been encrypted, then look for the corresponding encrypted data. Honestly, dont see any reason why there would be a stream cipher in there although who knows what ppl may program. (: More data is needed to tell you what it actually is or what is going on. -Sab
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    DakienDX
    Guest
    Hello binh81 !

    (After four computer crashes while trying to post in the last hour I hope this one works finally. )

    First I noticed that there is no EncryptedArea passed to the call. This might mean that it is a stream cipher, since it is not so common in block ciphers. If the length is not a multiple of 08h or 10h, it is probably a stream cipher, unless it's a block cipher using CFB. You wrote Decrypt, but stream ciphers have only a Crypt, since encryption and decryption are the same.

    The MD5 function looks a bit strange to me. I would guess it's some code like this
    Code:
      SerialHash = MD5(Serial)
    @1:
      SerialHash = MD5(SerialHash)
      DecryptedArea[Counter] = DecryptedArea[Counter] XOR SerialHash[Counter And 0Fh]
      Inc(Counter)
      Dec(Length)
      If (Length != 0) Goto @1
    But if the DecryptedArea is not initialized and there is no EncryptedArea, I would say it's a normal MD5 function with all three functions (Init, Update, Final) in one, maybe modified.

    I still have my cryptographic collection, but I don't know an algorithm working like this. I don't think a algorithm using a 32-bit password is considered as secure.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    HI guys, thanx for the response :>

    Yeah i think it is block cipher as you all said, i thought it would be stream cipher as the length varies... but yep i found the loop, it takes block of 32-bits at a time and perform the decrypt routine...

    Sorry Dakien for the being unclear, i would liek to clarify

    mov eax, DecryptedArea ; this is where the data are stored,
    original encrypted but decrypted
    after the call ( hope this is clearer)
    mov ecx, key ; taken from serial
    mov edx, length
    Call Decrypt

    Alright, here are my finding so far
    Call Decrypt :

    Call1; Initialise (see later)
    Call2;
    Call3; This one has the whole MD5 sets of numbers
    it also generate the STATIC key (see later)
    Call4; Generate Initial Dynamic key (not sure how yet)
    end; :>

    Okie, here is Call1 :
    mov dword ptr [ebx+48h], 67452301h
    mov dword ptr [ebx+4Ch], 0EFCDAB89h
    mov dword ptr [ebx+50h], 98BADCFEh
    mov dword ptr [ebx+54h], 10325476h
    mov dword ptr [ebx+58h], 0C3D2E1F0h
    mov dword ptr [ebx+5Ch], 76543210h
    mov dword ptr [ebx+60h], 0FEDCBA98h
    mov dword ptr [ebx+64h], 89ABCDEFh
    mov dword ptr [ebx+68h], 1234567h
    mov dword ptr [ebx+6Ch], 3C2D1E0Fh
    weird, it generates the table of "0123456789ABCDEF..." twice??


    I have yet to figured out what Call2 and $ do escatly but they seem to do mainly copying blocks of memory around....

    Then the deciphering process is as follow
    STATIC key : 10 words long, does not change throughout the whole process

    Dynamic key : 8 words long i am not sure how this is generated yet, but it changes...

    It takes block of 8 words, xor with dynamic keys, store it as the new dynamic key for the next block (data still unchanged yet, only new dynamic key generated)... perform some encryption with STATIC key (here data is changed)... (am i working on the algo here but i presume it is symmetric??)... then finally the encrypted data is XOR with the original dynamic key and stored back into dataarea...

    The process goes on until the whole data area is ciphered...

    Yeah, this is all for now... any suggestion on what this cipher might be are welcome :>?? and attackign methods?

    Dakien : yeah, i am just working on crypto in general and i do have pascal cource code for some of the stuff but i do need some asm source code for common crypto algo.. sicne you have it... if you dont mind i will drop u an email :>... thanx...

    P.S : Dakien, the password length is unknown :>.. might be 32 bits but i think should be more.. can be anything!!!

    P.P.S : sorry for the terminology, i might use the wrong term here and there!!
    Last edited by crUsAdEr; March 23rd, 2002 at 15:47.

  5. #5
    DakienDX
    Guest
    Hello binh81 !

    I thought the Mov ECX, key was the actual key, but now I know you meant Mov ECX, Offset key. Of course this key can have more than 32 bits.

    From what you've described so far, I think it's a block cipher in CBC mode.

    The problem with block ciphers is that a same input block produces the same output block. So if you've for example a cipher with 64-bit blocks and 100h times 00h (at the end of a section for example), you can see that the 20h blocks of 08h bytes each look the same. This can be used to bruteforce a key, since we've encrypted and decrypted data.

    CBC works the following way to prevent this:
    1. An IV (InitializingVector) is created. It is a random number as big as the block size (64-bit or 128-bit for example).
    2. This vector is stored. (It is needed to decrypt the data later)
    3. Take a block of the data and Xor it with the IV.
    4. Encrypt this block.
    5. Save this block and use it as new IV.
    Repeat steps 3. to 5. for each block.

    The decryption works similar:
    1. Take IV used for encryption.
    2. Take a block of data.
    3. Save this block as TempIV
    4. Decrypt this block of data.
    5. Xor this block with IV.
    6. Use TempIV as new IV.
    Repeat steps 2. to 6. for each block.

    If one block has errors, not only this block but also the following block will be decrypted wrong.

    Now you only need to find out what encryption algorithm is used.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    Hi Dakien,

    Thanx for the info... yeah it is definitely Chained Block Cipher, did search the net a bit of info on ways to attack this but could not find anything real useful...

    Yeah, in the mean time i have located the following.. here is the encryption algo

    STATIC key : 4 qwords : K1, K2, K3, K4
    Input Data block : 2 qwords : D1, D2

    Loop 16 times (decimal :>)
    begin
    x := D1 * 16 + K3
    x := x XOR D1
    y := D1 : 32 + K4
    y := y XOR x
    D2 := D2 - y
    x := D2 * 16 + K1
    x := x XOR D2
    y := D2 : 32 + K2
    y := y XOR x
    D1 := D1 - y
    end;

    The dynamic key is generated in a similiar way from the static key so i will just need to find the dynamic key... However, i am just looking at the decrypting algo above and trying to reverse it to find the encrypting algo at the moment, bruteforcing 64 bits doesnt seem very fun....

    What are the usual way of attacking CBC??

    Dakien : so can I email you :>?? Dont worry, you can say no i finconvenient for you... i'll look around :>

    thanx for the info guys,

  7. #7

    No Hint :>

    Hmm okie...

    Think i have an idea on how to attack this :>... no hint yet please :>

    Thanx....

  8. #8
    DakienDX
    Guest
    Hello binh81 !

    OK, I don't give you a hint with attacking CBC, but I'll give you an other.

    The algorithm used is TEA, a very short encryption algorithm. It uses normally 32 rounds, but it works also with 16.

    I think you don't mean the static key consists of QWords, but of DWords, the same for the input data.

    The dynamic key you're talking about is probably the Delta used in TEA. Delta is (sqrt(5)-1)*2^31.

    When encrypting, the Delta is added each round to a counter, when decryption it's subtracted each round from the counter. The counter has the InitValue 0 when encrypting and the InitValue Delta*Rounds when decrypting.

    So in this example it should be E3779B90.

    The MD5 function is used to hash the password, so that the key passed to the decryption has a length of 128 bit.

    You haven't implemented the dynamic key in the pseudo-code you wrote, but you can find sources of TEA everywhere on the net and maybe here too. (SafeDisc+CodeLok)
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  9. #9
    Hi Dakien...

    Thanx for the info but i am pretty sure the static key is 4 Qwords.. double that size....

    The dynamic key is 2 qwords or 4 dwords....

    Shall try on it for a while first :>....

    Thanx a lot ....

    P.S : Yep.. it is TEA alright... hmm okie.. looks hard to break really... chained and uncrippled... ah well.. i'll see how...

    Okie, Dakien... any hint are VERY welcome now :>...

    Last edited by crUsAdEr; March 24th, 2002 at 00:28.

  10. #10
    DakienDX
    Guest
    Hello binh81 !

    If it uses really QWords, then it's probably a modified TEA version with a block size of 10h bytes instead of 08h. This could explain the 16 rounds instead of 32.

    Then it would use (sqrt(5)-1)*2^63 as Delta. (9E3779B97F4A7C15h is case you're to lazy to calculate it )

    The block size is then 10h bytes and everything must be calculated with 64-bit registers (or 2x32-bit ).

    The MD5 table is generated twice because a 128bit hash value is not enough any more, 256bit must be used now (4 QWords) and the author doesn't know how to generate it. So he hashes two times with two equal tables.

    So here's my suggestion: Read something about TEA and understand it. It can be easily transfered to a block size of 10h bytes. But remember, it's real cryptography. This makes it very hard to bruteforce it.

    BTW., what are you trying to do? If I could check out the target too, I could give more specified answers.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  11. #11
    Hi Dakien,

    Yeah.. the target is Advanced Archives Password Recovery 2.0...
    unpacking was discussed earlier...

    I have located the output format... know that certain places have to be 00 but don think it is gonna help much here...

    Yeah and i am reading about TEA now... gonna be darn hard i think.. but ah well.. worth a try, i have learnt a lot since i started reversing this... :>

    Thanx a lot...

  12. #12
    הבּרוּ נשׂאי כּלי יהוה mike's Avatar
    Join Date
    Mar 2001
    Posts
    491

    TEA

    TEA will be virtually impossible to break; however, the system in which it is used may not be. What is being decrypted?

  13. #13
    Hi Mike,

    Its main purpose is to decrypt code i suspect but here is how it works, it decrypts a table of 9C size with the following format

    Flag VA, Code to be decrypted offset, length (3 qwords)
    (repeat D times)

    Then it use the same routine above to decrypt each section of the code in similiar fashion...

    That means that the first byte of each qword is always 00, also the length should not be too big so first dword of length should be also 0000... however this doesnt help much yet as i dont have the exact decrypted table... i am looking for encrypted area in the code to kind of guess the teh decrypted table but again, not sure if it helps at all cos we still need to bruteforce to find the key...

    That is all for now

  14. #14

    Modified MD5????

    Hi guys, can you help me identify if this is some known hashing?

    It uses a different set of constant,
    2895b588
    173848AA
    242070DB
    3E423112
    0A83F051
    4787C62A

    yeah , just to name a few.. a search on these numbers yields nothing.. it has 3 procedure, the first one initialise an array of 128 bits "0123456789ABCDEFFEDCBA9876543210" as usual... the result is 128 bits.... i thought it was MD5 but it doesnt seem so... if it is not some known algorithm then maybe i will try to break this... change of tactic :> (TEA seem really secured)

    Dakien, have you looked at the program yet? Think i might just attempt to patch and put in some code myself... bruteforcing doesnt seem a feasible options... what a pity when i have had the whole algo laid out on the table.. ah well...

    Thanx guys.. do post here if you guys find anythign interesting that would help :>...

    Ciao,

  15. #15
    DakienDX
    Guest
    Hello binh81 !

    The hash is MD5. Not a modified form, just a different form.
    It takes every number bigger than 2^31 as negative, and therefore subtracts the positive value instead of adding the negative value.

    You'll notice that NEG(2895B588h)=D76A4A78h. (The same goes for the other values you've given us)

    The hash uses Sub EDI,2895B588 instead of Add EDI,D76A4A78. The only thing which has changed is the sign, not the result.

    You can't break MD5 in mathematics, only by bruteforcing, which will take many years. The same goes for TEA.
    Cryptography is no copy-protection, cryptography is nothing else than cryptography. And this means it can't be broken by IAT rebuilders, tracers or debuggers.
    If you've encrypted data you can only decrypt it with the password, not with a patch.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. a simple substitution cipher or not?
    By dion in forum RCE Cryptographics
    Replies: 3
    Last Post: February 27th, 2010, 10:11
  2. WinZip cipher
    By naides in forum RCE Cryptographics
    Replies: 43
    Last Post: November 1st, 2006, 16:21
  3. 8 bit CPU cipher
    By dion in forum RCE Cryptographics
    Replies: 16
    Last Post: June 20th, 2002, 03:24

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •