Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

Rijndael S-Box? AES... Maybe even XOR? -- Examples

To discuss DES MD5 El-Gamal RSA PGP and others....
Locked
ph3wl

Rijndael S-Box? AES... Maybe even XOR? -- Examples

Post by ph3wl »

Hey guys, I have been working on this for a while now and though it couldn't hurt to post and see what you thought. I would say I'm a little on the obsessed side right now haha

Old Borland c++ app that encrypts a txt file. I have been inside and out of this code I see everything that is happening I guess experience is failing me here. I have patched the encrypter exe to bypass for now but I'm not happy with that as an answer :/

I think its Rijndael S-Box, couple peid crypt plugins have shown the locations of the tables

Test Encryptions (Seems like no matter what is entered its padded to 16bytes)
a =

Code: Select all

Åãû[~ŸÃ³ÃºÃš}$Té
no characters (empty file) =

Code: Select all

È—ã‘ô¦RëP5ï5Q
this text is greater than sixteen characters =

Code: Select all

QTÉÊÓÃӞÞ×’±˜x1t9éD™ÃÂ¯DÞäñ**'¡«‚Vb¹1wøÝ…G(
strings I have found in the exe and dll files that do the encryption/decryption

Code: Select all

ku3V%4Z5ud8Fcbm! (this one shows up in olly at the method call, looks like it gets broken)

Code: Select all

B4!wp0!w

Code: Select all

a1c3e5g7i9k0m2o4q6s8u0w1y2789876 (I am seeing this one only in encrypting exe's hmm)
found some new strings in a diff exe
[ATTACH]2435[/ATTACH]

Update
Found another exe which exposes a lot more info

From what I can tell this is RijndaelDecrypt from Crypto++
The key passed is a1c3e5g7i9k0m2o4q6s8u0w1y2789876

also looks like on encrypt "enc" is added and decrypt "dec" is added to something

I have a lot more to go off now...
Attachments
out.jpg
Locked