by
CASIMIR
Part B
Caz presents : The Crack of SecurityPlus! by SoftByte Labs
(known-plaintext attack on a proprietary cipher)
Decryption process and transformations on Block are the same, so we let:
Block = Key_enc
Transf_Block = Key_dec
Given Key_enc, we are looking for Pwd and Pwd's length such as:
Key_dec = function of (Key_enc, Pwd, Pwd's length)
= Key_chk
Key_chk is 61 bytes long, so we can obtain 61 equations in order to recover password.
Let Input's length = l, we are looking for Pwd[1], Pwd[2],..., Pwd[l]
such as, for each j:
Key_dec[j] = Key_chk[j]
So we have:
Key_chk[1] = Key_enc[1] - Pwd[1] - Pwd[7] - 3D - Pwd[1] {1}
Key_chk[2] = Key_enc[2] - Pwd[1] - Key_enc[1] - (3D-1) - (Pwd[1]+1) {2}
{2} <=> Pwd[1] = (Key_enc[2] - Key_enc[1] - Key_chk[2] - 3D)
-------------------------------------------
2
We found the Pwd[1], i.e. the first character from password. Once Pwd[1] is found, we can compute Pwd[2], Pwd[3],..., Pwd[l]:
Key_chk[3] = Key_enc[3] - Pwd[2] - Key_enc[2] - (3D-2) - (Pwd[1]+1+2) {3}
{3} <=> Pwd[2] = Key_enc[3] - Key_enc[2] - Key_chk[3] - (3D-2) - (Pwd[1]+1+2)
Let Sum[j] = Pwd[1]+1+2+...+j:
{l} <=> Pwd[l] = Key_enc[l+1] - Key_enc[l] - Key_chk[l+1] - (3D-l) - Sum[l]
We recovered the whole password {:-) Now we must check that assumed Pwd's length (l) is correct. To do so, we use remaining equations:
Key_chk[1] = Key_enc[1] - Pwd[1] - Pwd[7] - 3D - Pwd[1] ??? {1}
With i = (j)modulo(Pwd's length):
Pwd[i] = Key_enc[j+1] - Key_enc[j] - Key_chk[j+1] - (3D-j) - Sum[j] ??? {j}
. = . . . . . ??? .
. = . . . . . ??? .
If we do not have any difference, then Pwd is good. Otherwise, we try next Pwd's length, and so on... =======================================
=======================================
As usual, when dealing with proprietary algorithms:
Hope you enjoyed!
Caz
Here is Part C, source code for a cracker, the executable, and a few other small treats.
Copyright December, 1999 by Casimir.
Mail Casimir
Converted to hypertext by Joe Peschel December 13, 1999.