by
CASIMIR
Part B
Caz presents : The Crack of SecurityPlus! by SoftByte Labs
(known-plaintext attack on a proprietary cipher)
Decryption process and transformations on Block are the same, so we let:
Block = Key_enc Transf_Block = Key_decGiven Key_enc, we are looking for Pwd and Pwd's length such as:
Key_dec = function of (Key_enc, Pwd, Pwd's length) = Key_chkKey_chk is 61 bytes long, so we can obtain 61 equations in order to recover password.
Let Input's length = l, we are looking for Pwd[1], Pwd[2],..., Pwd[l] such as, for each j: Key_dec[j] = Key_chk[j] So we have: Key_chk[1] = Key_enc[1] - Pwd[1] - Pwd[7] - 3D - Pwd[1] {1} Key_chk[2] = Key_enc[2] - Pwd[1] - Key_enc[1] - (3D-1) - (Pwd[1]+1) {2} {2} <=> Pwd[1] = (Key_enc[2] - Key_enc[1] - Key_chk[2] - 3D) ------------------------------------------- 2We found the Pwd[1], i.e. the first character from password. Once Pwd[1] is found, we can compute Pwd[2], Pwd[3],..., Pwd[l]:
Key_chk[3] = Key_enc[3] - Pwd[2] - Key_enc[2] - (3D-2) - (Pwd[1]+1+2) {3} {3} <=> Pwd[2] = Key_enc[3] - Key_enc[2] - Key_chk[3] - (3D-2) - (Pwd[1]+1+2) Let Sum[j] = Pwd[1]+1+2+...+j: {l} <=> Pwd[l] = Key_enc[l+1] - Key_enc[l] - Key_chk[l+1] - (3D-l) - Sum[l]We recovered the whole password {:-) Now we must check that assumed Pwd's length (l) is correct. To do so, we use remaining equations:
Key_chk[1] = Key_enc[1] - Pwd[1] - Pwd[7] - 3D - Pwd[1] ??? {1} With i = (j)modulo(Pwd's length):If we do not have any difference, then Pwd is good. Otherwise, we try next Pwd's length, and so on...
Pwd[i] = Key_enc[j+1] - Key_enc[j] - Key_chk[j+1] - (3D-j) - Sum[j] ??? {j} . = . . . . . ??? . . = . . . . . ??? .
=======================================
=======================================
As usual, when dealing with proprietary algorithms:
Hope you enjoyed!
Caz
Here is Part C, source code for a cracker, the executable, and a few other small treats.
Copyright December, 1999 by Casimir.
Mail Casimir
Converted to hypertext by Joe Peschel December 13, 1999.