 This topic has 11 replies, 4 voices, and was last updated 11 years ago by oneeyedcarmen.

AuthorPosts


February 23, 2010 at 2:58 am #4702Sw0rDzParticipant
I was doing this mission on HTS(HackThisSite.org). It dealt with the XECryption algorithm. I read somewhere, that this algorithm works by taking 3 numbers separated by period(.), adding their sum, and using that number some how related to ASCII decimal value.
Anyways, instead of doing this for X number of numbers. I built a simple c++ program that would create 3 vectors, put the numbers into the 3 vectors in order. Then the program would take a 4th vector that for every entry at x, it would have the sum of vector1.at(x), vector2.at(x), etc.
Using this new vector, then I looked at the ranged of values, and determine it was around a 100. So I ran the program and it would find the count of every entry in this new vector. I then looked at the count, and found the highest count.
I took that value, and assumed it was e, since e is the most common letter. I found the difference between this number and the ASCII decimal value of e, and used that for the key. I took each value of the sum vector and subtracted the decimal value of e, converted each number to character, and outputted the new string.
That didn’t work!
Any tips?

February 23, 2010 at 11:57 am #29251zeroflawParticipant
I’ve recently registered at HTS and find their challenges very interesting. The so called XECryption does indeed take the sum of 3 numbers separated by a period. But unfortunately it also requires a password. This really doesn’t do much besides adding the sum of these ASCII values to every value in the encrypted text.
So using the password abcd would mean 97 + 98 + 99 + 100 = 394. Lets say we decided to encrypt the letter a with the password abcd. The encrypted text will be;
.143.188.160
143 + 188 + 160 = 491
491 – 394 = 97 > ‘a’At this point I thought it would be best to brute force the whole thing. Assuming there will be a password of minimal 3 or 4 letters, the sum that gets added to every value in the encrypted text would be around 48 * 4 = 192 with minimal ASCII value of ‘0’ (zero). So we can probably start with a password of 200. You don’t have to try a real password because it will be just a decimal value in the end.
So you can decrypt the whole thing in a loop and keep adding 1 to the password. Every time you decrypt the text you scan it for words that will most likely be there if it were plain text. If a match was found then you break out of the loop and you keep the plain text. I wouldn’t go higher than 1000. Also, it shouldn’t take too long. 😛
I’m not sure if this is the most elegant solution, but it works.
ZF

February 24, 2010 at 12:02 am #29252Sw0rDzParticipant
I cracked it! Using some math skills I was able to pick a range around 100 or less values for keys. I pretty much picked arbitrary numbers, and guessed the range. Then I inputted them into my program. Ran it about 50 times before I got a good message. Then my program outputted the data to a txt file and I accomplish the mission!

February 24, 2010 at 11:13 am #29253zeroflawParticipant
Sounds interesting. I wanted a more mathematical approach myself, but I never payed much attention during math and cryptography classes, so I have to make up for that now 🙁
Care to explain your method? 😛
ZF

February 24, 2010 at 4:15 pm #29254Sw0rDzParticipant
This was sort of fun to program, because in my design process, I was able to find a reason to use a recursive base function. Anyways, my first few steps was to read the the encrypted message from a file (I formatted the file to make it a little easier).
It would equally distribute the 3 numbers into 3 vectors. Made a 3rd vector and held all the sums. Then I wrote some functions that did some simple analysis as find min, max, and mode.
I then did some mental guessing and calculations to get a rough range of values. I created one function that would brute force the whole ranges till it found a message that was readable.
For example, three numbers, lets say 100, 200, 300. The some would be 600. The next numbers would be 150, 250, 350, which would be 750. So on, so on.
I got a range of values around the 700800 range. If you compare those to the ASCII table, Those numbers range from 600700 from the decimal values.
I took a loop that would start at lets say 600, and run till 700, till there was a legit ASCII message. Which went about half ways.
Note: Those weren’t the real values I was getting, but arbitrary values.

February 24, 2010 at 7:27 pm #29255zeroflawParticipant
From what I understand that’s pretty much what I tried to explain. I said you should start at a value of 200 but that’s way too low if you calculate the length of the encrypted message first. I also guessed a range. Here’s what I used;
String decrypted = String.Empty;
decryptedText.Text = String.Empty;
String[] strArray = encryptedText.Text.Substring(1).Split('.');
int pwd = 500;
int pwdEnd = 1000;
int j = 0;
while (pwd < pwdEnd)
{
while (j < strArray.Length)
{
int x = 0;
for (int i = 0; i < 3; i++)
{
try
{
x += Convert.ToInt32(strArray[j]);
j++;
}
catch (FormatException) { }
}
decrypted += Convert.ToChar(x  pwd);
}
j = 0;
if (decrypted.Contains("Smith") 
decrypted.Contains("Samuel") 
decrypted.Contains("ToxiCo"))
{
decryptedText.Text = decrypted;
break;
}
else
{
decrypted = String.Empty;
}
pwd++;
}
I tried it with a range of 500 – 1000. Used a legit ASCII string to compare, I just knew there would be a name of some sort, because it’s an email message. This algorithm instantly retrieves the plain text. I just don’t understand your use of vectors here :[ Thanks for explaining though 8)
ZF

February 24, 2010 at 8:17 pm #29256Sw0rDzParticipant
I used C++ instead of Java. C++ doesn’t have a spit class in the string, but it has a substring and findfirstinstanceof methods. Fed a line of encrypted text into my recursive function, which pulled each number into 3 vectors, took the sum of the 3, and from there I was able to subtract a range of values I suspected to be a key.
I could rewrite it to make it more efficient and less lines, if I wanted to.

February 24, 2010 at 10:21 pm #29257zeroflawParticipant
That’s C#, I sorta dislike Java 😛 Anyway, thanks for explaining. From what I understand of it is, that you narrowed the search down a lot before brute forcing it. I would actually like to see some of your code, if that’s alright.
ZF

February 24, 2010 at 10:48 pm #29258Sw0rDzParticipant
@zeroflaw wrote:
That’s C#, I sorta dislike Java 😛 Anyway, thanks for explaining. From what I understand of it is, that you narrowed the search down a lot before brute forcing it. I would actually like to see some of your code, if that’s alright.
ZF
Better choice between the two, but can’t blame me for thinking that. The two use incredible similar syntax. I’ll have to pretty it up. It looks like garbage right now with comments and stuff, lol. I’ll post it when I get to prettying it up.
Edited/Added!
This recursive function worked with my formatted data. In simple, the data was put into a .txt file. Each line ended with a period and each began without a period.Example:
555.555.334.
234.515.332.Then each line was fed into this function.
void getString(string s)
{
int pos; //Position of period
string str; //New string.
pos = s.find_first_of('.'); //Position of first period
str = s.substr (0, pos); //the number to be pulled
if((pos <= 0) //If position is equal or less then 0, meaning its the last period of a line. Kill function
return;
addElement(putInt(str), vnumb); //Puts it into putInt, which converts it to integer. Vnumb (vector numb)
//determines which of the 3 vectors to put them in.
if(vnumb == 2) //Changed Vnumb to equally distribute between the vectors.
vnumb = 0;
else
vnumb++;
str = s.substr(pos+1); //Sets string to be a small string excluding the first number/period(s)
getString(str); // Recursive Call
}
I had a lot of code/comments that weren’t too useful in the end, so I only posted the one function. The rest were pretty trivial/basic.

February 25, 2010 at 5:45 am #29259Knb15Participant
Good reading here fellas. I don’t know about cryptography but it’s been interesting reading your thought process to solve this problem.

February 25, 2010 at 11:30 am #29260zeroflawParticipant
Thanks for posting your code, appreciate it. I pretty much understand it now. Just need to find some good math books I think 😛 I have a book about encryption but I barely used it so far. Ugh, so much to learn!
At least both of our solutions worked, and it’s always good to see there are several ways to accomplish something. If I know one of the missions can be solved with a different approach, I always want to try it 😛
ZF

February 25, 2010 at 4:37 pm #29261oneeyedcarmenParticipant
This thread has me itching to spend some time playing on HTS…my technical skills, crypto in particular, have a thick coat of rust on them. Time to break out the WD40


AuthorPosts
 You must be logged in to reply to this topic.