Rijndael S-Box? AES... Maybe even XOR? -- Examples

[ph3wl]

Hey guys, I have been working on this for a while now and though it couldn't hurt to post and see what you thought. I would say I'm a little on the obsessed side right now haha

Old Borland c++ app that encrypts a txt file. I have been inside and out of this code I see everything that is happening I guess experience is failing me here. I have patched the encrypter exe to bypass for now but I'm not happy with that as an answer :/

I think its Rijndael S-Box, couple peid crypt plugins have shown the locations of the tables

Test Encryptions (Seems like no matter what is entered its padded to 16bytes)
a =

Code: Select all

Åãû[~ŸÃ³ÃºÃš}$Té

no characters (empty file) =

Code: Select all

È—ã‘ô¦RëP5ï5Q

this text is greater than sixteen characters =

Code: Select all

QTÉÊÓÃӞÞ×’±˜x1t9éD™ÃÂ¯DÞäñ**'¡«‚Vb¹1wøÝ…G(

strings I have found in the exe and dll files that do the encryption/decryption

Code: Select all

ku3V%4Z5ud8Fcbm! (this one shows up in olly at the method call, looks like it gets broken)

Code: Select all

B4!wp0!w

Code: Select all

a1c3e5g7i9k0m2o4q6s8u0w1y2789876 (I am seeing this one only in encrypting exe's hmm)

found some new strings in a diff exe
[ATTACH]2435[/ATTACH]

Update
Found another exe which exposes a lot more info

From what I can tell this is RijndaelDecrypt from Crypto++
The key passed is a1c3e5g7i9k0m2o4q6s8u0w1y2789876

also looks like on encrypt "enc" is added and decrypt "dec" is added to something

I have a lot more to go off now...