The title says all. Enjoy the paper by Evilcry:
http://www.reteam.org/papers/e77.pdf

Thanks again for sharing with our readers.

Regards,

Ehehe many thanks to you Zairon, for posting it for me

Hope all Enjoys this paper
FeedBacks are appreciated

Best Regards,
Evilcry

In preparation the Second Version of the paper, with included a basical
ECC Cracker

Best Regards,
Evilcry

Hi,



I'm not sure what to make of this. Perhaps I am missing something. Is the author claiming he can forge signatures? Otherwise, it appears he is reversing a Big Integer/ECC package. There is no need for that - we can get the stuff open source.

I'd be interested in reading a paper on forging signatures and RE (ECDSA for example). But I don't believe it is feasible at the moment.

In a Signature Scheme, the document to be signed goes through three steps. The most important of which is:

Decrypt the message (the actual plain text or hash of the plain text) as if it were an instance of cipher text.

Since this is decryption, it uses the Private Key.

Verification would use the Public Key. Depending on whether the the SS used Appendix or Recovery, the original plain text (or hash) would be presented to the verifier function (Appendix); or the message would be pulled from the signature and presented to the verifier function (Recovery). Again, the verifier function uses the Public Key.

So, to forge a message, the adversary would need the Private Key. The Private Key is not exposed in the software, since the software only needs the Public Key for verification. In addition, if the Signature System supports Recovery, the original message does not need to be present either.

Finally, when using ECC, the curve is of little importance presuming you are using recommended curves. For our discussion, one could use NIST P192 or P256. What is important is the point on the curve one chooses. This should be kept secret.

Jeff

I'm not claming that i can forge Signatures , the only purpose of the paper is to give an idea of Elliptic Curve Cryptography and to expose the general mechanism of ECC protections in Software, aspect that will be further deeply explained with other Practical RCE Applications over Crackmes/Sw which that uses.



My paper is divided into a Theory part and a Practical part, the Reverse Engineering of some ECC Crackme, i'm not reversing a Big/Ecc package, i'm not so stupid to reverse an open library.



Just put this shit unuseful piece of paper in the trash

Have a Nice Day


PS: Thanks for your feedback

PPS: Sad to see that one of the few feedback 've received is negative, but hey is a feedback

Hi evilcry,



My apologies. I did not mean to offend you. From the title of the document I was under a different impression.

Jeff

Well, I just discovered it, and gave it a partial read -it looks very nice. Will read it in full later on.

I looked everywhere time ago about ECC, from simple docs to the harsh ones.
Your one looks like a true promising entry point on ECC -much better than i.e. the tutorial on certicom.

...but to criticize (what feedback would it be ) a bit...
...maybe using a white background for the PDF would be better?

Maximus

Hi,

Nope NoLoader , about the title i partially agree with you, my previsions is to enlarge the paper with more material and techniques (not only Sw protections)

@Maximus: Eheh it's truly ugly the gray background it's true , next issue will have a better looking

Have a nice Day

Hi Evilcry,

If you would like to look at am implementation of Product Keys and ECC, see 'Product Keys Based on Elliptic Curve Cryptography' (http://www.codeproject.com/cpp/ECIESProductKey.asp). Another of interest may be 'Product Keys Based on the Advanced Encryption Standard (AES)' (http://www.codeproject.com/cpp/AESProductKey.asp).

I know five comanies are using this systems, since they contatced me with questions regarding the implementation.

Both articles encode a feature matrix and wrap it in strong encryption. Neither article addresses RE. I try not to engage in the debate. In the end Crackers are like Virus Researchers - the analyst will _always_ figure out what is going on since thay have the machine code to examine.

Since the analyst will reverse engineer the system, one should assume a KeyGen exists. This leads to an 'Activation Server' which can distinguish between forged keys and company issued keys. Again, the protection scheme is not detailed (with the Activation process being 'choke point'). It is left as an exercise to the reader . My personal opinion is simply due diligence - since the analyst will always win...

Jeff

Hi evilcry,


I wanted to learn more about 'EFFICACIA', but I'm drawing blanks in Google. Do you have any links that may be useful? Or is this a term which you are coining?

Jeff

Hi evilcry,



In my humble opinion, I think the wording is 'melding' two concepts. ECC was independently discovered by Koblitz and Miller. Lenstra used ECC for Integer Factorization (for example, RSA moduli). Basically, when the equation is rewritten in in terms of y = ..., a divide by zero means one has found a non trivial factor of N. Personally, I would make a greater distinction between the points. Put another way, it appears ECC was borne out of Lenstra's work on factoring.

I don't have my copy of Handbook of Applied Cryptography (http://www.cacr.math.uwaterloo.ca/hac/) with me, so I can't cite anything for you.

Also, please consider this constructive, rather than negative.

Jeff

Hi evilcry,



I would also mention the isomorphism of F_p* (-{0}) to F_p+. This is generally the most often cited example.

Also, you might want to talk about Pairing Based Cryptography a bit since you introduced Weil Pairing. It is basically roots of unity over an EC. It is in an ANSI committee now for standardization. I am aware of one PBC library from a graduate student at Stanford - I'm sure there are others. It is based on GMP. See http://crypto.stanford.edu/pbc/.

I needed a short signature scheme with recovery. PBC did not fit the bill for me (lack of recovery), but it is in my back pocket of tools.

Please take this as constructive rather than negative.

Jeff

Hi NoLoader,

First of all thanks for your feedbacks

The word "Efficacia" means "Efficiency", it's an Italian term, that i forgot to translate.

I'll take a look at your links, thanks again!

Best Regards,
Evilcry

Every time I open my mouth, I show the world how little I know... I thought I got out of the habit in college, when a lot of people who were much smarter than me showed me just how little I thought I knew.

This fellow got the 'big picture'... He's attempting to use a signature, which leads to this endeavor. http://groups.google.com/group/cryptopp-users/browse_thread/thread/5226443664bb6b35

Jeff

Hi,
I've read the two articles and are truly intersing and well written

In these days I've discovered another good Crypto Lib, for C# but should be usable also in Managed C++, lib is called BouncyCastle and can be downloaded at:

http://bouncycastle.org/csharp/

Is also implemented ECIES, but i'm not sure about its performances

Have a nice day!