Welcome Guest.
No account yet? Register
Who's Online
We have 42 guests online

You are here: Home Ethical Hacking Discussions and Related Certifications Other Cryptography help.
 EH-Net
May 22, 2013, 12:02:40 AM
 Welcome, Guest. Please login or register.Did you miss your activation email? 1 Hour 1 Day 1 Week 1 Month Forever Login with username, password and session length
 News: Go back to The Ethical Hacker Network Online Magazine Home Page
 Home Help Calendar Login Register
 Pages: [1]   Go Down
 Author Topic: Cryptography help.  (Read 14557 times) 0 Members and 1 Guest are viewing this topic.
Sw0rDz
Newbie

Offline

Posts: 7

 « on: February 22, 2010, 08:58:08 PM »

I was doing this mission on HTS(HackThisSite.org).  It dealt with the XECryption algorithm.  I read somewhere, that this algorithm works by taking 3 numbers separated by period(.), adding their sum, and using that number some how related to ASCII decimal value.

Anyways, instead of doing this for X number of numbers.  I built a simple c++ program that would create 3 vectors, put the numbers into the 3 vectors in order.  Then the program would take a 4th vector that for every entry at x, it would have the sum of vector1.at(x), vector2.at(x), etc.

Using this new vector, then I looked at the ranged of values, and determine it was around a 100.  So I ran the program and it would find the count of every entry in this new vector.  I then looked at the count, and found the highest count.

I took that value, and assumed it was e, since e is the most common letter.  I found the difference between this number and the ASCII decimal value of e, and used that for the key.  I took each value of the sum vector and subtracted the decimal value of e, converted each number to character, and outputted the new string.

That didn't work!

Any tips?
 Logged
zeroflaw
Full Member

Offline

Posts: 208

 « Reply #1 on: February 23, 2010, 05:57:44 AM »

I've recently registered at HTS and find their challenges very interesting. The so called XECryption does indeed take the sum of 3 numbers separated by a period. But unfortunately it also requires a password. This really doesn't do much besides adding the sum of these ASCII values to every value in the encrypted text.

So using the password abcd would mean 97 + 98 + 99 + 100 = 394. Lets say we decided to encrypt the letter a with the password abcd. The encrypted text will be;

.143.188.160

143 + 188 + 160 = 491
491 - 394 = 97 -> 'a'

At this point I thought it would be best to brute force the whole thing. Assuming there will be a password of minimal 3 or 4 letters, the sum that gets added to every value in the encrypted text would be around 48 * 4  = 192 with minimal ASCII value of '0' (zero). So we can probably start with a password of 200. You don't have to try a real password because it will be just a decimal value in the end.

So you can decrypt the whole thing in a loop and keep adding 1 to the password. Every time you decrypt the text you scan it for words that will most likely be there if it were plain text. If a match was found then you break out of the loop and you keep the plain text. I wouldn't go higher than 1000. Also, it shouldn't take too long.

I'm not sure if this is the most elegant solution, but it works.

ZF
 « Last Edit: February 23, 2010, 06:02:39 AM by zeroflaw » Logged

ZF
Sw0rDz
Newbie

Offline

Posts: 7

 « Reply #2 on: February 23, 2010, 06:02:25 PM »

I cracked it!  Using some math skills I was able to pick a range around 100 or less values for keys.  I pretty much picked arbitrary numbers, and guessed the range.  Then I inputted them into my program.  Ran it about 50 times before I got a good message.  Then my program outputted the data to a txt file and I accomplish the mission!
 Logged
zeroflaw
Full Member

Offline

Posts: 208

 « Reply #3 on: February 24, 2010, 05:13:31 AM »

Sounds interesting. I wanted a more mathematical approach myself, but I never payed much attention during math and cryptography classes, so I have to make up for that now

Care to explain your method?

ZF
 « Last Edit: February 24, 2010, 05:21:39 AM by zeroflaw » Logged

ZF
Sw0rDz
Newbie

Offline

Posts: 7

 « Reply #4 on: February 24, 2010, 10:15:53 AM »

This was sort of fun to program, because in my design process, I was able to find a reason to use a recursive base function.  Anyways, my first few steps was to read the the encrypted message from a file (I formatted the file to make it a little easier).

It would equally distribute the 3 numbers into 3 vectors.  Made a 3rd vector and held all the sums.  Then I wrote some functions that did some simple analysis as find min, max, and mode.

I then did some mental guessing and calculations to get a rough range of values.  I created one function that would brute force the whole ranges till it found a message that was readable.

For example, three numbers, lets say 100, 200, 300.  The some would be 600.  The next numbers would be 150, 250, 350, which would be 750. So on, so on.

I got a range of values around the 700-800 range.  If you compare those to the ASCII table,  Those numbers range from 600-700 from the decimal values.

I took a loop that would start at lets say 600, and run till 700, till there was a legit ASCII message.  Which went about half ways.

Note:  Those weren't the real values I was getting, but arbitrary values.
 Logged
zeroflaw
Full Member

Offline

Posts: 208

 « Reply #5 on: February 24, 2010, 01:27:17 PM »

From what I understand that's pretty much what I tried to explain. I said you should start at a value of 200 but that's way too low if you calculate the length of the encrypted message first. I also guessed a range. Here's what I used;

Code:
String decrypted = String.Empty;
decryptedText.Text = String.Empty;
String[] strArray = encryptedText.Text.Substring(1).Split('.');

int pwd = 500;
int pwdEnd = 1000;
int j = 0;

while (pwd < pwdEnd)
{
while (j < strArray.Length)
{
int x = 0;

for (int i = 0; i < 3; i++)
{
try
{
x += Convert.ToInt32(strArray[j]);
j++;
}
catch (FormatException) { }
}
decrypted += Convert.ToChar(x - pwd);
}
j = 0;

if (decrypted.Contains("Smith") ||
decrypted.Contains("Samuel") ||
decrypted.Contains("ToxiCo"))
{
decryptedText.Text = decrypted;
break;
}
else
{
decrypted = String.Empty;
}

pwd++;
}

I tried it with a range of 500 - 1000. Used a legit ASCII string to compare, I just knew there would be a name of some sort, because it's an e-mail message. This algorithm instantly retrieves the plain text. I just don't understand your use of vectors here Thanks for explaining though

ZF
 Logged

ZF
Sw0rDz
Newbie

Offline

Posts: 7

 « Reply #6 on: February 24, 2010, 02:17:43 PM »

I used C++ instead of Java.  C++ doesn't have a spit class in the string, but it has a sub-string and find-first-instance-of methods.  Fed a line of encrypted text into my recursive function, which pulled each number into 3 vectors, took the sum of the 3, and from there I was able to subtract a range of values I suspected to be a key.

I could re-write it to make it more efficient and less lines, if I wanted to.
 Logged
zeroflaw
Full Member

Offline

Posts: 208

 « Reply #7 on: February 24, 2010, 04:21:04 PM »

That's C#, I sorta dislike Java Anyway, thanks for explaining. From what I understand of it is, that you narrowed the search down a lot before brute forcing it. I would actually like to see some of your code, if that's alright.

ZF
 Logged

ZF
Sw0rDz
Newbie

Offline

Posts: 7

 « Reply #8 on: February 24, 2010, 04:48:00 PM »

That's C#, I sorta dislike Java Anyway, thanks for explaining. From what I understand of it is, that you narrowed the search down a lot before brute forcing it. I would actually like to see some of your code, if that's alright.

ZF

Better choice between the two, but can't blame me for thinking that.  The two use incredible similar syntax.  I'll have to pretty it up.  It looks like garbage right now with comments and stuff, lol.  I'll post it when I get to pretty-ing it up.

This recursive function worked with my formatted data.  In simple, the data was put into a .txt file.  Each line ended with a period and each began without a period.

Example:
555.555.334.
234.515.332.

Then each line was fed into this function.
Code:
void getString(string s)
{
int pos;  //Position of period
string str;  //New string.
pos = s.find_first_of('.');    //Position of first period
str = s.substr (0, pos); //the number to be pulled

if((pos <= 0)  //If position is equal or less then 0, meaning its the last period of a line. Kill function
return;

addElement(putInt(str), vnumb); //Puts it into putInt, which converts it to integer.  Vnumb (vector numb)
//determines which of the 3 vectors to put them in.

if(vnumb == 2)  //Changed Vnumb to equally distribute between the vectors.
vnumb = 0;
else
vnumb++;

str = s.substr(pos+1);  //Sets string to be a small string excluding the first number/period(s)
getString(str);  // Recursive Call

}

I had a lot of code/comments that weren't too useful in the end, so I only posted the one function.  The rest were pretty trivial/basic.
 « Last Edit: February 24, 2010, 08:51:17 PM by Sw0rDz » Logged
Knb15
Jr. Member

Offline

Posts: 50

 « Reply #9 on: February 24, 2010, 11:45:44 PM »

Good reading here fellas. I don't know about cryptography but it's been interesting reading your thought process to solve this problem.
 Logged
zeroflaw
Full Member

Offline

Posts: 208

 « Reply #10 on: February 25, 2010, 05:30:58 AM »

Thanks for posting your code, appreciate it. I pretty much understand it now. Just need to find some good math books I think I have a book about encryption but I barely used it so far. Ugh, so much to learn!

At least both of our solutions worked, and it's always good to see there are several ways to accomplish something. If I know one of the missions can be solved with a different approach, I always want to try it

ZF
 Logged

ZF
oneeyedcarmen
Full Member

Offline

Posts: 233

 « Reply #11 on: February 25, 2010, 10:37:06 AM »

This thread has me itching to spend some time playing on HTS...my technical skills, crypto in particular, have a thick coat of rust on them. Time to break out the WD-40
 Logged

Reluctant CISSP, Certified ASS
 Pages: [1]   Go Up

 Powered by SMF 1.1.18 | SMF © 2013, Simple MachinesJoomla Bridge by JoomlaHacks.com
Page created in 0.075 seconds with 23 queries.

Exclusive Deal

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 Great! Better. About the same. Little worse. FUBAR!

EH-Net News Feeds