View Full Version : lost password for photo encrypted Programme Called Security Plus. Ver 4.33
| [Originally Posted by CrackZ;96449]Quick reply. I confess I didn't google for the program. Do you have a copy of the *exact* version used?. I remember a long time ago there was a tutorial by someone covering multiple encryption schemes used in programs, some might be breakable, some might not, some may have collisions.....the only sure way is to look ;-). Regards, CrackZ. |
| [Originally Posted by CrackZ;96451]So you need someone to study the program for you because it sounds a little beyond your skills right now. Does the program declare what encryption system it uses in any of the documentation?, strong programs of this nature are usually happy to tell you what encryption or method they are using, sometimes there will be a FAQ covering 'if you lose your password'.....depending what you find, there might be a number of attack vectors against the encryption, it might be fully reversible or you might not have a hope. My feeling would be that the age of the program is a big positive for your chances, lots of export controls back then forbid using / exporting *strong encryption*, any system depending on random numbers might be vulnerable to a weak RNG.....who knows, lots of possibilities / variables ;-). Regards, CrackZ. |
| SecurityPlus keeps no record of the encryption key either in memory or within the data. The only time it remembers a key is after you use it and as long as the program continues to run. Once you exit SecurityPlus the key is discarded, until you re-login with the right password. If the key is lost then you may as well delete the file. That's the reason why we say it’s uncrackable, even SoftByte cannot retreive it. |
#include <stdio.h>
#include <string.h>
#define KEYSIZE 61
unsigned char key_enc[KEYSIZE] =
"*+*This file encrypted with SecurityPlus! (C)SoftByte Labs*+*";
unsigned char key_dec[KEYSIZE]; // to be read from the encrypted file
unsigned char pwd[KEYSIZE+1];
int pwdlen;
int
password_check(void)
{
int i, j;
unsigned char sub1, sub2, sub3, sub4;
unsigned char key_chk[KEYSIZE];
// we copy the key before modifying it: this routine can be called
// more than once
memcpy(key_chk, key_dec, KEYSIZE);
// init the four subtractors
sub1 = pwd[0];
sub2 = pwd[pwdlen-1];
sub3 = KEYSIZE;
sub4 = pwd[0];
// encoding loops
for (i=0, j=pwdlen; i<KEYSIZE; i++) {
key_chk[I] -= sub1 + sub2 + sub3 + sub4;
// update for next loop
if (++j >= pwdlen) j = 0;
sub1 = pwd[j];
sub2 = key_dec[I];
sub3 = KEYSIZE - 1 - i;
sub4 += 1 + j;
}
return memcmp(key_chk, key_enc, KEYSIZE) == 0;
}
void
main(int argc, char **argv)
{
int i;
FILE *fp;
unsigned char p, p0, tmp;
if (argc != 2) {
printf("usage: %s filename.sp$\n", argv[0]);
return;
}
fp = fopen(argv[1], "rb";
// skip first chunk
fseek(fp, KEYSIZE, SEEK_SET);
// bring key_dec[] in memory
fread(key_dec, KEYSIZE, 1, fp);
// we use the equation in password_check() loop with i==1 to find the
// first character of the password
p0 = key_dec[1] - key_dec[0] - key_enc[1]/*'+'*/ - (KEYSIZE-1) - 1;
p0 /= 2;
pwd[0] = p0;
p0++; // take into account the '1' above
// we use the following equations to find the following characters
// assuming the worst case of a password with length KEYSIZE
for (i=2; i<KEYSIZE; i++) {
p0 += i;
p = key_dec[I] - key_dec[i-1] - key_enc[I] - (KEYSIZE-i) - p0;
pwd[i-1] = p;
}
// we use the equation in password_check() loop with i==0 to find the
// password length
for (i=1; i<KEYSIZE; i++) {
p = key_dec[0] - 2*pwd[0] - pwd[I] - KEYSIZE;
if (key_enc[0] == p) {
pwdlen = i+1;
tmp = pwd[pwdlen];
pwd[pwdlen] = 0;
// we need a complete check before exiting: the equation could
// be satisfied for more than one value
if (password_check()) break;
// failure: restore the character replaced by the null
pwd[pwdlen] = tmp;
}
}
printf("password: \"%s\"\n", pwd);
}