Encryption procedure

[Farabi]

I dont get the "Asymetric" term, what is that?

[Ghandi]

Symmetric vs. asymmetric algorithms
When using symmetric algorithms, both parties share the same key for en- and decryption. To provide privacy, this key needs to be kept secret. Once somebody else gets to know the key, it is not safe any more. Symmetric algorithms have the advantage of not consuming too much computing power. A few well-known examples are: DES, Triple-DES (3DES), IDEA, CAST5, BLOWFISH, TWOFISH.
Asymmetric algorithms use pairs of keys. One is used for encryption and the other one for decryption. The decryption key is typically kept secretly, therefore called ``private key'' or ``secret key'', while the encryption key is spread to all who might want to send encrypted messages, therefore called ``public key''. Everybody having the public key is able to send encrypted messages to the owner of the secret key. The secret key can't be reconstructed from the public key. The idea of asymmetric algorithms was first published 1976 by Diffie and Hellmann.

Asymmetric algorithms seem to be ideally suited for real-world use: As the secret key does not have to be shared, the risk of getting known is much smaller. Every user only needs to keep one secret key in secrecy and a collection of public keys, that only need to be protected against being changed. With symmetric keys, every pair of users would need to have an own shared secret key. Well-known asymmetric algorithms are RSA, DSA, ELGAMAL.

However, asymmetric algorithms are much slower than symmetric ones. Therefore, in many applications, a combination of both is being used. The asymmetric keys are used for authentication and after this has been successfully done, one or more symmetric keys are generated and exchanged using the asymmetric encryption. This way the advantages of both algorithms can be used. Typical examples of this procedure are the RSA/IDEA combination of PGP2 or the DSA/BLOWFISH used by GnuPG.

http://www.suse.de/~garloff/Writings/mutt_gpg/node3.html
http://www.wordiq.com/definition/Asymmetric_key_algorithm
http://www.wordiq.com/definition/Symmetric_key_algorithm

HR,
Ghandi

[Antariy]

Hi!

This is try to researching of Encryptor.exe working algo.

Algo of encryption (simplified):

repeat_until_have_data{
   BYTE a;
   BYTE b;
   WORD encrypted;
   a=get_char_of_data;
   b=cyclic_get_char_of_code_including_terminator_zero();   // some code, not one command
   xchg a.low_nibble,a.high_nibble; // (i.e. if byte 12h,  make it 21h)
   encrypted=a+b; // add passowrd_byte_code to shuffled byte_of_data
   
   WriteFile(encrypted);

}

So, algo exchange nibbles of data byte, then add to this code of password char.
Password chars getted one-by-one, including terminator (zero byte), cyclic (i.e. when password is "ends", then get move getting pointer to start of password, etc.).

Because can occur overflows, algo using destination encrypted value as word sized.

Algo of decryption is the mirrored: substract password char, then exchange nibbles.

Farabi, no bad algo, but you may use not WORD sized destination operand. For example, encryption:

data_byte=8Fh
password_byte=73h
after exchange nibbles, data_byte have value F8h
encrypted_byte = data_byte + password_byte (total: 16Bh, but with trimming due to byte sized - 6Bh)

So, we put to file 6Bh, not 16Bh.

When decryption algo:

encrypted_data_byte=6Bh
password_byte=73h
data_byte = 6Bh - 73H (so, total results: F8h. Overflowing is not have meaning).
data_byte = data_byte with exchanged nibbles (i.e. 8Fh)


So, we put decrypted data_byte with its initial value 8Fh.


With this you may decrease output file size twice, if this is not have other meaning. And working with bytes slightly faster, than working with words.
And you can use the same buffer, if you works with bytes: read byte, encrypt it, write it to the same place to the same buffer. After encryption, write to output file the buffer, into which you read original data to.

And, using of zero terminator of password make algo more vulnerable also, but not very.

As I expect, this algo is symmetric. I also make symmetric encryption algos time ago, but this is on PB compiler for DOS.
Farabi, If you want use this algo for critical tasks - I don't recommend do this (don't take umbrage please, I say this with good reasons). But for not very critical tasks this algo is perfect (because it simple and fast).

Initially I research algo with typical data patterns, not debugging or dis-assembling it.
When algo work stand clear, I disasm EXE, and try to find something "rol" or "ror". And I found "ror" 2 times: for encryption...:

Code Select Expand


00402C8E                    fn_00402C8E:
00402C8E 55                     push    ebp
00402C8F 8BEC                   mov     ebp,esp
00402C91 83C4F0                 add     esp,0FFFFFFF0h
00402C94 56                     push    esi
00402C95 57                     push    edi
00402C96 8B4D0C                 mov     ecx,[ebp+0Ch]
00402C99 D1E1                   shl     ecx,1
00402C9B 51                     push    ecx
00402C9C E80DE4FFFF             call    fn_004010AE
00402CA1 8945FC                 mov     [ebp-4],eax
00402CA4 FF7510                 push    dword ptr [ebp+10h]
00402CA7 E83C0F0000             call    fn_00403BE8
00402CAC 8945F8                 mov     [ebp-8],eax
00402CAF 8B7508                 mov     esi,[ebp+8]
00402CB2 8B7D10                 mov     edi,[ebp+10h]
00402CB5 33C9                   xor     ecx,ecx
00402CB7 894DF4                 mov     [ebp-0Ch],ecx
00402CBA                    loc_00402CBA:
00402CBA 51                     push    ecx
00402CBB 0FB61431               movzx   edx,byte ptr [ecx+esi] <--- get data byte
00402CBF C0CA04                 ror     dl,4 <--- Exchange nibbles
00402CC2 8B45F4                 mov     eax,[ebp-0Ch]
00402CC5 668955F2               mov     [ebp-0Eh],dx <--- put data to word-sized value
00402CC9 0FB61438               movzx   edx,byte ptr [eax+edi] <--- get password byte
00402CCD 660155F2               add     [ebp-0Eh],dx <--- add password byte to word-sized value
00402CD1 8B45FC                 mov     eax,[ebp-4] \
00402CD4 D1E1                   shl     ecx,1 |
00402CD6 668B55F2               mov     dx,[ebp-0Eh] |
00402CDA 66891401               mov     [ecx+eax],dx \ in total: put word-sized value to output buffer
00402CDE FF45F4                 inc     dword ptr [ebp-0Ch] / checking for password length, and if index is too
00402CE1 8B45F8                 mov     eax,[ebp-8] | big, set it to zero (in 00402CE9)
00402CE4 3945F4                 cmp     [ebp-0Ch],eax |
00402CE7 7605                   jbe     loc_00402CEE /
00402CE9 6A00                   push    0
00402CEB 8F45F4                 pop     [ebp-0Ch]
00402CEE                    loc_00402CEE:
00402CEE 59                     pop     ecx
00402CEF 41                     inc     ecx
00402CF0 3B4D0C                 cmp     ecx,[ebp+0Ch] <--- size of data in [ebp+0Ch]
00402CF3 7CC5                   jl      loc_00402CBA
00402CF5 8B45FC                 mov     eax,[ebp-4] <--- in eax - pointer to buffer with encrypted
00402CF8 5F                     pop     edi ; data, allocated in 00402C9C
00402CF9 5E                     pop     esi
00402CFA C9                     leave
00402CFB C20C00                 ret     0Ch


...and Decryption algo, which starts at address 00402CFE.


So, nice work, Farabi, found this algo in big app may be not easy task, if you give to potential researcher encrypted data only.
For example, many apps use simple and small algos exactly, this make is harder to found it in listing (with statical analysing).



Alex
P.S. And, one note: I never make something illegal, all info is present for education purposes only.
P.P.S. maybe this algorithm of this app is founded already, I don't know. I write this text offline, and I don't come to forum from yestardays night (in my location). Sorry, if that.
P.P.P.S. (oh, how many "P" :) Farabi, which gdi library you use? This is your own library?

[Farabi]

Amazing, peter was right, this is easly cracked by an advance coder.  :U

[Farabi]

which gdi library you use? This is your own library?

What GDI? The encryption lib is my creation. Never expected it could be easly cracked.

[Antariy]

which gdi library you use? This is your own library?

What GDI? The encryption lib is my creation. Never expected it could be easly cracked.

No, I mean not encryption algo. In "P.S." I talk about other code, which contained in your app :) Maybe this is inconsequence :)
Your app contain code for working with images etc. This is your code?



Alex

[Farabi]

Yeah, I used a template for every app I created.

[Antariy]

Yeah, I used a template for every app I created.

Thanks, I understand now.
You have apps, which use this gdi code in work?



Alex

[Farabi]

Oke, second challenge. This is a jpg encrypted file, can you de-encrypt it?  :toothy
Brute force is the only method I guess.

[Antariy]

Oke, second challenge. This is a jpg encrypted file, can you de-encrypt it?  :toothy
Brute force is the only method I guess.

Not today, Farabi, sorry.

I do something only when I have time for this :(
Jochen and Dave know, how I "lazy", because I have very small time for my interestings.
If tomorrow I would have time, MAYBE I see this. Because today I spent more than hour to researching and writing post in English. English is not my native language (you see this, of course :), and writing so big post spent many time from me :(
I engage with your Encrypton just because I think (yesterday), what it is "symmetric", and I want to caution you against usage it in critical apps.



Alex

[Antariy]

Oke, second challenge. This is a jpg encrypted file, can you de-encrypt it?  :toothy
Brute force is the only method I guess.

Farabi, the JPEG which you posted - your avatar (130x130, created with gd-jpeg v1.0, quality: 85).
Password: "1234567" (without quotations).



Alex
P.S. I don't spent all time for this - I have some time with downloading OllyDbg2.0, so, I see your jpg :)

[KeepingRealBusy]

Alex,

Your English is better than my Russian.

About encryptions. With brute force breaking, how does one know, in the program, that the solution has been found?  Dictionary searches? What if you encrypted the plaintext with one algo, then encrypted the ciphertext again with a different algo. Could it be broken? Especially if the algos were not known? Especially of you gave misleading information, like having a huge public key that was not used or not used in the way it was expected? When decrypting, the first decryption would produce random looking garbage which would then be decrypted with the second algo to produce the plaintext.

Dave.

[oex]

I dont know if this post is within the rules....

"no cracking and similar activities in the guise of "Reverse Engineering", no hacking techniques or related technology and no support or help with or reference to pirated software. There will also be no links to pages that support or display any of these or any other illegal areas of coding."

Could it be broken?

Generally.... anything can be broken :lol

[Antariy]

Alex,

Your English is better than my Russian.

About encryptions. With brute force breaking, how does one know, in the program, that the solution has been found?  Dictionary searches? What if you encrypted the plaintext with one algo, then encrypted the ciphertext again with a different algo. Could it be broken? Especially if the algos were not known? Especially of you gave misleading information, like having a huge public key that was not used or not used in the way it was expected? When decrypting, the first decryption would produce random looking garbage which would then be decrypted with the second algo to produce the plaintext.

Dave.

Hmmm....
Dave, writing complex text in English is very hard to me. Therefore - I compose big post offline (because I can concentrate on text, which I write).
You sorry me, if I answer tomorrow?
In short words I can say: this is possible to make encryption, which take big time to breaking, but I doubt, what any encryption may be unbreakable. As you know, critical passwords is changed frequently, because using modern supercomputers can help in brute-force. Length of open-key is guarantee only some time to breaking, not unbreakableness of data.
Sorry, if I write not clear, I don't have education and degree in this, and I hard in English.



Alex

[Antariy]

I dont know if this post is within the rules....

"no cracking and similar activities in the guise of "Reverse Engineering", no hacking techniques or related technology and no support or help with or reference to pirated software. There will also be no links to pages that support or display any of these or any other illegal areas of coding."

When you find "cracking" word? We talk about reliability of encryption algos, about Farabi's algo in particular.
So, we try to help to Farabi in CODING of his algo, and making it more strongness. So, we talk about coding, no "cracking".
If you read my initial post about researched algo, then you see, what it contain some not "very good" text, but I delete them due to forum rules.



Alex
P.S. and, Farabi say to us about breaking his algo himself (EDITED, sorry).