HTS Cryptography Challenge 1

This is the place for ALL of the user submitted challenges. If you create a little challenge/mission/riddle/whatever, post it here.
Forum rules
Do not post missions that you did NOT create without proper citing.

Re: HTS Cryptography Challenge 1

Post by sordidarchetype on Thu Apr 18, 2013 3:59 pm
([msg=75210]see Re: HTS Cryptography Challenge 1[/msg])

WallShadow wrote:Care to explain your method?


Sure. There were a few issues with the algorithm itself. The way it rotated and performed bitwise operations, I noticed that it was cyclically rotating the input. Encryption was only 6 rotations of each 4 byte block, so rather than using 6 rotations in reverse that the decryption function used, one could continue two two more forward rotations to complete the cycle full circle again.

The Java code was very inefficient, using the same memory segments for each pass, so only one out of every 4 decryption runs would be accurate in a loop. Rather than mess with Java (which was running slowly anyway) I wrote a quick program in C++ to perform 2 forward rotations, then compare the end of the output to match against the expected padding and if the padding matches the algorithm, record the results. This was iterated within the keyspace of he 4 byte key and divided among separate forked process on a 24 core server. (The C++ variant was running several thousand times faster than the Java code)

I let it run for about a minute and then grepped the log for " to " just to see what I'd come up with. At that moment I had about 16 matches with recognizable English text. I stopped it there and didn't bother to examine the whole keyspace.

All in all, I think this was a nice small challenge.
User avatar
sordidarchetype
New User
New User
 
Posts: 47
Joined: Wed Dec 22, 2010 12:46 pm
Blog: View Blog (0)


Re: HTS Cryptography Challenge 1

Post by 3vilp4wn on Thu Apr 18, 2013 8:17 pm
([msg=75213]see Re: HTS Cryptography Challenge 1[/msg])

WallShadow wrote:
3vilp4wn wrote:I think he means in the encrypted file. Oops, my fault, sorry :(


Indeed. now slap yourself again for revealing that those were in the encryted file. PT attack is serious business. >:(

True, but a *smart* person would do a PT attack for something like "David" or "To" or "From" or "CC" anyways, since it's an email about "DavidB"

sordidarchetype wrote:
The answer

Now edit out that spoiler!
Do not mistake understanding for realization, and do not mistake realization for liberation
Evil Ninja Hackers
???
٩(͡๏̯͡๏)۶

1A4EAMboaXpgvUSmtRbVRqbfJrbyuGhyoo
User avatar
3vilp4wn
Poster
Poster
 
Posts: 144
Joined: Sun Feb 10, 2013 2:05 am
Location: The darkness.
Blog: View Blog (0)


Re: HTS Cryptography Challenge 1

Post by Sc00bz on Fri Apr 19, 2013 1:58 am
([msg=75216]see Re: HTS Cryptography Challenge 1[/msg])

WallShadow wrote:
Sc00bz wrote:Just found out my ISP blocks randomsite.net78.net


srsly?

did they even post a reason for it? also, see if http://net78.net/ or http://www.000webhost.com/ are blocked 'cause randomsite isn't an attack site, I use it for all of my hosting. (and if i was hosting anything malicious, my host would have kicked me by now).

It's just randomsite.net78.net not net78.net or 000webhost.com. My guess is they block *.net78.net. Or they are blocking 31.170.162.* or something.

-----

I just used the last 8 bytes, knowledge of the padding, that it works on 4 bytes at a time, and the rotate:
** Tiny text spoiler **
Code: Select all
97c31a61
a8c9f312

10010111 11000011 00011010 01100001
10101000 11001001 11110011 00010010
*------- *------- +------- *-------

With that you know the padding is 80000000 (00008000 after rotate). So just xor and you have the sub key. With the sub key you can xor that to all the other data and then rotate the text and you're done.

** Tiny text spoiler **

Also note that the key space of the sub key is only 2^24 due to the collisions with the key. This actually would have been more fun without the code.
Sc00bz
New User
New User
 
Posts: 3
Joined: Mon Apr 15, 2013 10:23 pm
Blog: View Blog (0)


Re: HTS Cryptography Challenge 1

Post by WallShadow on Fri Apr 19, 2013 3:59 pm
([msg=75227]see Re: HTS Cryptography Challenge 1[/msg])

sordidarchetype wrote:There were a few issues with the algorithm itself. The way it rotated and performed bitwise operations, I noticed that it was cyclically rotating the input. Encryption was only 6 rotations of each 4 byte block, so rather than using 6 rotations in reverse that the decryption function used, one could continue two two more forward rotations to complete the cycle full circle again.


Yup, basically.

sordidarchetype wrote:The Java code was very inefficient ...


Noted; if i make a follow up to this challenge, I'll start with C/C++ instead of Java.

sordidarchetype wrote:I let it run for about a minute and then grepped the log for " to " just to see what I'd come up with. At that moment I had about 16 matches with recognizable English text. I stopped it there and didn't bother to examine the whole keyspace.


Now this is a really good use of brute force attack, I like it.


3vilp4wn wrote:True, but a *smart* person would do a PT attack for something like "David" or "To" or "From" or "CC" anyways, since it's an email about "DavidB"


True, but you might have trouble guessing where those lie.

Sc00bz wrote:I just used the last 8 bytes, knowledge of the padding, that it works on 4 bytes at a time, and the rotate


Excellent example of padding oracle attack, though i'm confused as to why you say 8 bytes. the maximum pad length is 4 bytes, and each block size is 4 bytes. but none the less, great.

Sc00bz wrote:This actually would have been more fun without the code.


noted; next challenge will be without the code. :twisted:

3vilp4wn wrote:Now edit out that spoiler!


no editing out spoilers, free information FTW!

I can imagine a couple of more attacks on this. Everyone should try their hand at it. Bonus points for unpublished attacks or improvements on previous attacks.

- WallShadow <3
User avatar
WallShadow
Contributor
Contributor
 
Posts: 601
Joined: Tue Mar 06, 2012 9:37 pm
Blog: View Blog (0)


Re: HTS Cryptography Challenge 1

Post by 3vilp4wn on Fri Apr 19, 2013 7:27 pm
([msg=75235]see Re: HTS Cryptography Challenge 1[/msg])

WallShadow wrote:
3vilp4wn wrote:Now edit out that spoiler!


no editing out spoilers, free information FTW!

At least make it small/black text. People shouldn't have the challenge spoiled for them :evil:
Do not mistake understanding for realization, and do not mistake realization for liberation
Evil Ninja Hackers
???
٩(͡๏̯͡๏)۶

1A4EAMboaXpgvUSmtRbVRqbfJrbyuGhyoo
User avatar
3vilp4wn
Poster
Poster
 
Posts: 144
Joined: Sun Feb 10, 2013 2:05 am
Location: The darkness.
Blog: View Blog (0)


Previous

Return to User Submitted

Who is online

Users browsing this forum: No registered users and 0 guests