## Cryptography help.

Newbie

Posts: 7

Joined: Sun Feb 21, 2010 10:28 pm

### Cryptography help.

I was doing this mission on HTS(HackThisSite.org).  It dealt with the XECryption algorithm.  I read somewhere, that this algorithm works by taking 3 numbers separated by period(.), adding their sum, and using that number some how related to ASCII decimal value.

Anyways, instead of doing this for X number of numbers.  I built a simple c++ program that would create 3 vectors, put the numbers into the 3 vectors in order.  Then the program would take a 4th vector that for every entry at x, it would have the sum of vector1.at(x), vector2.at(x), etc.

Using this new vector, then I looked at the ranged of values, and determine it was around a 100.  So I ran the program and it would find the count of every entry in this new vector.  I then looked at the count, and found the highest count.

I took that value, and assumed it was e, since e is the most common letter.  I found the difference between this number and the ASCII decimal value of e, and used that for the key.  I took each value of the sum vector and subtracted the decimal value of e, converted each number to character, and outputted the new string.

That didn't work!

Any tips?

Full Member

Posts: 208

Joined: Fri Feb 12, 2010 10:41 am

Location: Holland, Den Helder

### Re: Cryptography help.

I've recently registered at HTS and find their challenges very interesting. The so called XECryption does indeed take the sum of 3 numbers separated by a period. But unfortunately it also requires a password. This really doesn't do much besides adding the sum of these ASCII values to every value in the encrypted text.

So using the password abcd would mean 97 + 98 + 99 + 100 = 394. Lets say we decided to encrypt the letter a with the password abcd. The encrypted text will be;

.143.188.160

143 + 188 + 160 = 491
491 - 394 = 97 -> 'a'

At this point I thought it would be best to brute force the whole thing. Assuming there will be a password of minimal 3 or 4 letters, the sum that gets added to every value in the encrypted text would be around 48 * 4  = 192 with minimal ASCII value of '0' (zero). So we can probably start with a password of 200. You don't have to try a real password because it will be just a decimal value in the end.

So you can decrypt the whole thing in a loop and keep adding 1 to the password. Every time you decrypt the text you scan it for words that will most likely be there if it were plain text. If a match was found then you break out of the loop and you keep the plain text. I wouldn't go higher than 1000. Also, it shouldn't take too long.

I'm not sure if this is the most elegant solution, but it works.

ZF
Last edited by zeroflaw on Tue Feb 23, 2010 7:02 am, edited 1 time in total.
ZF

Newbie

Posts: 7

Joined: Sun Feb 21, 2010 10:28 pm

### Re: Cryptography help.

I cracked it!  Using some math skills I was able to pick a range around 100 or less values for keys.  I pretty much picked arbitrary numbers, and guessed the range.  Then I inputted them into my program.  Ran it about 50 times before I got a good message.  Then my program outputted the data to a txt file and I accomplish the mission!

Full Member

Posts: 208

Joined: Fri Feb 12, 2010 10:41 am

Location: Holland, Den Helder

### Re: Cryptography help.

Sounds interesting. I wanted a more mathematical approach myself, but I never payed much attention during math and cryptography classes, so I have to make up for that now

ZF
Last edited by zeroflaw on Wed Feb 24, 2010 6:21 am, edited 1 time in total.
ZF

Newbie

Posts: 7

Joined: Sun Feb 21, 2010 10:28 pm

### Re: Cryptography help.

This was sort of fun to program, because in my design process, I was able to find a reason to use a recursive base function.  Anyways, my first few steps was to read the the encrypted message from a file (I formatted the file to make it a little easier).

It would equally distribute the 3 numbers into 3 vectors.  Made a 3rd vector and held all the sums.  Then I wrote some functions that did some simple analysis as find min, max, and mode.

I then did some mental guessing and calculations to get a rough range of values.  I created one function that would brute force the whole ranges till it found a message that was readable.

For example, three numbers, lets say 100, 200, 300.  The some would be 600.  The next numbers would be 150, 250, 350, which would be 750. So on, so on.

I got a range of values around the 700-800 range.  If you compare those to the ASCII table,  Those numbers range from 600-700 from the decimal values.

I took a loop that would start at lets say 600, and run till 700, till there was a legit ASCII message.  Which went about half ways.

[i]Note:  Those weren't the real values I was getting, but arbitrary values.[i]

Full Member

Posts: 208

Joined: Fri Feb 12, 2010 10:41 am

Location: Holland, Den Helder

### Re: Cryptography help.

From what I understand that's pretty much what I tried to explain. I said you should start at a value of 200 but that's way too low if you calculate the length of the encrypted message first. I also guessed a range. Here's what I used;

Code:
`            String decrypted = String.Empty;            decryptedText.Text = String.Empty;            String[] strArray = encryptedText.Text.Substring(1).Split('.');            int pwd = 500;            int pwdEnd = 1000;            int j = 0;            while (pwd < pwdEnd)            {                while (j < strArray.Length)                {                    int x = 0;                    for (int i = 0; i < 3; i++)                    {                        try                        {                            x += Convert.ToInt32(strArray[j]);                            j++;                        }                        catch (FormatException) { }                    }                    decrypted += Convert.ToChar(x - pwd);                                    }                j = 0;                if (decrypted.Contains("Smith") ||                    decrypted.Contains("Samuel") ||                    decrypted.Contains("ToxiCo"))                {                    decryptedText.Text = decrypted;                    break;                }                else                {                    decrypted = String.Empty;                }                          pwd++;                            }    `

I tried it with a range of 500 - 1000. Used a legit ASCII string to compare, I just knew there would be a name of some sort, because it's an e-mail message. This algorithm instantly retrieves the plain text. I just don't understand your use of vectors here Thanks for explaining though

ZF
ZF

Newbie

Posts: 7

Joined: Sun Feb 21, 2010 10:28 pm

### Re: Cryptography help.

I used C++ instead of Java.  C++ doesn't have a spit class in the string, but it has a sub-string and find-first-instance-of methods.  Fed a line of encrypted text into my recursive function, which pulled each number into 3 vectors, took the sum of the 3, and from there I was able to subtract a range of values I suspected to be a key.

I could re-write it to make it more efficient and less lines, if I wanted to.

Full Member

Posts: 208

Joined: Fri Feb 12, 2010 10:41 am

Location: Holland, Den Helder

### Re: Cryptography help.

That's C#, I sorta dislike Java Anyway, thanks for explaining. From what I understand of it is, that you narrowed the search down a lot before brute forcing it. I would actually like to see some of your code, if that's alright.

ZF
ZF

Newbie

Posts: 7

Joined: Sun Feb 21, 2010 10:28 pm

### Re: Cryptography help.

zeroflaw wrote:That's C#, I sorta dislike Java Anyway, thanks for explaining. From what I understand of it is, that you narrowed the search down a lot before brute forcing it. I would actually like to see some of your code, if that's alright.

ZF

Better choice between the two, but can't blame me for thinking that.  The two use incredible similar syntax.  I'll have to pretty it up.  It looks like garbage right now with comments and stuff, lol.  I'll post it when I get to pretty-ing it up.

This recursive function worked with my formatted data.  In simple, the data was put into a .txt file.  Each line ended with a period and each began without a period.

Example:
555.555.334.
234.515.332.

Then each line was fed into this function.
Code:
`void getString(string s){     int pos;  //Position of period     string str;  //New string.     pos = s.find_first_of('.');    //Position of first period     str = s.substr (0, pos); //the number to be pulled         if((pos <= 0)  //If position is equal or less then 0, meaning its the last period of a line. Kill function            return;          addElement(putInt(str), vnumb); //Puts it into putInt, which converts it to integer.  Vnumb (vector numb)                                     //determines which of the 3 vectors to put them in.        if(vnumb == 2)  //Changed Vnumb to equally distribute between the vectors.          vnumb = 0;     else         vnumb++;           str = s.substr(pos+1);  //Sets string to be a small string excluding the first number/period(s)     getString(str);  // Recursive Call}`

I had a lot of code/comments that weren't too useful in the end, so I only posted the one function.  The rest were pretty trivial/basic.
Last edited by Sw0rDz on Wed Feb 24, 2010 9:51 pm, edited 1 time in total.

Jr. Member

Posts: 50

Joined: Tue Feb 23, 2010 10:18 am

### Re: Cryptography help.

Full Member

Posts: 208

Joined: Fri Feb 12, 2010 10:41 am

Location: Holland, Den Helder

### Re: Cryptography help.

Thanks for posting your code, appreciate it. I pretty much understand it now. Just need to find some good math books I think I have a book about encryption but I barely used it so far. Ugh, so much to learn!

At least both of our solutions worked, and it's always good to see there are several ways to accomplish something. If I know one of the missions can be solved with a different approach, I always want to try it

ZF
ZF

Full Member

Posts: 233

Joined: Thu Jul 05, 2007 2:13 pm

Location: Baltimore, MD USA

### Re: Cryptography help.

This thread has me itching to spend some time playing on HTS...my technical skills, crypto in particular, have a thick coat of rust on them. Time to break out the WD-40
Reluctant CISSP, Certified ASS