sope
April 22nd, 2003, 02:56
I learnt a lesson & would like to share with all of you.
Some months back i did got stuck badly on a Sentinel Super Pro Enveloped Target. (http://www.woodmann.net/forum/showthread.php?threadid=4256). I learnt the hard-way of brute forceing the 12 MB Monster File. To find the Good Response took me 9 days on my single machine.
Yesterday, i was browsing the same post on the forum & my head struck an idea in mind after reading CyberHeg & CrackZ post. I have riped it below
What, struck my head was let me d/l the Demo copy of that soft & i did it. Now i had 2 files 1 which is encrypted & 1 demo.
From the first section (demo copy) which is not enveloped, i noted the 4 bytes it was 0xCCCCCCCC & then i riped 4 bytes from the enveloped target
it was 0x78C363B0 made some minor changes in the Brut Force program to check for noted 4 bytes (i.e. 0xCCCCCCCC) after getting pass the riped
algorithm.
What i got is the same good response in less then 3 minutes this time. For which i had to spent 9 days earlier.
Lesson learnt!
Suppose You have a Target size 12 to 15 MB (Sentinel Pro Enveloped) & You are trying to brut force for Good Response. i'll advise you to
get a demo copy if available & note down the first four bytes of the demo & then brute force the 4 bytes from enveloped target for that value.
You might save some good time!
Modifying the source code from above link is kept as an exercise for newbies like me.
Regards
Sope!
Some months back i did got stuck badly on a Sentinel Super Pro Enveloped Target. (http://www.woodmann.net/forum/showthread.php?threadid=4256). I learnt the hard-way of brute forceing the 12 MB Monster File. To find the Good Response took me 9 days on my single machine.
Yesterday, i was browsing the same post on the forum & my head struck an idea in mind after reading CyberHeg & CrackZ post. I have riped it below
Quote:
| CyberHeg: Your task is now to start guessing the first 4 bytes of plaintext and code a program to verify your guess. |
Quote:
| CrackZ: Addendum - You did get it in the end by brute force, response is 0xD53B03F3, general point here really was that you got just 1 .exe so guessing any sort of plaintext was never going to be easy |
What, struck my head was let me d/l the Demo copy of that soft & i did it. Now i had 2 files 1 which is encrypted & 1 demo.
From the first section (demo copy) which is not enveloped, i noted the 4 bytes it was 0xCCCCCCCC & then i riped 4 bytes from the enveloped target
it was 0x78C363B0 made some minor changes in the Brut Force program to check for noted 4 bytes (i.e. 0xCCCCCCCC) after getting pass the riped
algorithm.
What i got is the same good response in less then 3 minutes this time. For which i had to spent 9 days earlier.
Lesson learnt!
Suppose You have a Target size 12 to 15 MB (Sentinel Pro Enveloped) & You are trying to brut force for Good Response. i'll advise you to
get a demo copy if available & note down the first four bytes of the demo & then brute force the 4 bytes from enveloped target for that value.
You might save some good time!
Modifying the source code from above link is kept as an exercise for newbies like me.
Regards
Sope!
