The Cracking of SecurityPlus

by

CASIMIR

Part B

Other Essays by Casimir
  • Cracking of Crypt-o-Text v1.21 & v1.24
  • Correspondence From Casimir On Reversing Turbo Encrypto
  • Cracking of Encrypt-It For Windows
  • Cracking of WinXFiles
  • The Cracking of File Locker
  • The Cracking of Keeper
  • The Cracking of Braun's Crypto 3.5
  • The Cracking of MasterKey v1.02/1.05
  • Caz presents : The Crack of SecurityPlus! by SoftByte Labs


    (known-plaintext attack on a proprietary cipher)



    PART B. ANALYSIS AND BREAKING OF SecurityPlus!

    Decryption process and transformations on Block are the same, so we let:

    
           Block = Key_enc
    Transf_Block = Key_dec
    Given Key_enc, we are looking for Pwd and Pwd's length such as:
    
    Key_dec = function of (Key_enc, Pwd, Pwd's length)
            = Key_chk
    
    Key_chk is 61 bytes long, so we can obtain 61 equations in order to recover password.
    As we do not know Pwd's length, we'll have to try out every possible length, until we find the correct one. We have: 4 < Pwd's length < 60.
    Let Input's length = l, we are looking for Pwd[1], Pwd[2],..., Pwd[l]
    such as, for each j:
    
                           Key_dec[j] = Key_chk[j]
                                
    So we have:
    
    Key_chk[1] = Key_enc[1] - Pwd[1] - Pwd[7] - 3D - Pwd[1]                 {1}
    
    Key_chk[2] = Key_enc[2] - Pwd[1] - Key_enc[1] - (3D-1) - (Pwd[1]+1)     {2}
    
    {2} <=> Pwd[1] = (Key_enc[2] - Key_enc[1] - Key_chk[2] - 3D)
                     -------------------------------------------
                                           2
    
    We found the Pwd[1], i.e. the first character from password. Once Pwd[1] is found, we can compute Pwd[2], Pwd[3],..., Pwd[l]:
    
    Key_chk[3] = Key_enc[3] - Pwd[2] - Key_enc[2] - (3D-2) - (Pwd[1]+1+2)   {3}
    
    {3} <=> Pwd[2] = Key_enc[3] - Key_enc[2] - Key_chk[3] - (3D-2) - (Pwd[1]+1+2) 
    
    Let Sum[j] = Pwd[1]+1+2+...+j:
    
    {l} <=> Pwd[l] = Key_enc[l+1] - Key_enc[l] - Key_chk[l+1] - (3D-l) - Sum[l]
    
    We recovered the whole password {:-) Now we must check that assumed Pwd's length (l) is correct. To do so, we use remaining equations:
    
    Key_chk[1] = Key_enc[1] - Pwd[1] - Pwd[7] - 3D - Pwd[1] ???             {1}
    
    With i = (j)modulo(Pwd's length):
    Pwd[i] = Key_enc[j+1] - Key_enc[j] - Key_chk[j+1] - (3D-j) - Sum[j] ??? {j} . = . . . . . ??? . . = . . . . . ??? .
    If we do not have any difference, then Pwd is good. Otherwise, we try next Pwd's length, and so on...

    =======================================

    Epilogue

    =======================================

    As usual, when dealing with proprietary algorithms:

    Instead, trust in Winice to show you the Way {;-)

    Hope you enjoyed!

    Caz

    Here is Part C, source code for a cracker, the executable, and a few other small treats.

    Copyright December, 1999 by Casimir.

    Mail Casimir

    Converted to hypertext by Joe Peschel December 13, 1999.