## HTS Cryptography Challenge 1

This is the place for ALL of the user submitted challenges. If you create a little challenge/mission/riddle/whatever, post it here.
Forum rules
Do not post missions that you did NOT create without proper citing.

### HTS Cryptography Challenge 1

Hey HTS, I'm David, and I want to ask a favor of everyone. I've been worried about getting fired form Ellington Mineral Company for a while, so I decided to have a look around my boss's computer. I found this encryption program and encrypted file named "DavidB.enc" in a folder called "EmailBackups". I looked at the program a bit, but I've hit a brick wall. I can't figure out how to break the encryption. Here's what I've found:

It's a custom made encryption program that doesn't exist anywhere else on the internet.
He left the source code right next to the program.
The key looks like it's 4 bytes long. Maybe brute force attack might work?
There's a test program that comes with it, but I'm not entirely sure what it does.

I attached the encryption and decryption source codes as well as the encrypted file. I've also attached the test program, might come in handy.

Thanks so much,

DavidB.

http://randomsite.net78.net/testing/upl ... ptorA.java

<3
DavidB
New User

Posts: 1
Joined: Sat Apr 13, 2013 1:59 pm
Blog: View Blog (0)

### Re: HTS Cryptography Challenge 1

For those who don't like java, here's the algorithm's psudo-code;

Code: Select all
byte[] function pad ( byte[] text )

set size = length of text

if (length of text % 4) == 0 then // if length of text divided by 4 has remainder of 0
set size to length of text + 4 // 4 byte pad if it's already divisible by 4
else
set size to (length of text % 4) * 4 + 4 // set the new size to the length of text rounded up to the next multiple of 4

set newtext = new byte[size]  // create a new byte array with the new size

set i = 0

for (i = 0; i < length of text; i++)
set newtext[i] = text[i] // copy the contents of text to newtext

set i = length of text
set newtext[i] = 0x80 // set the first pad byte to 1000 0000 (binary)

increment i

for (; i < length of newtext; i++)
set newtext[i] = 0  // set the rest of pad bytes to 0000 0000 (binary)

return newtext

byte [] function unpad ( byte[] text )

set size = length of text - 1

while ( text[size] == 0x00 )
decrement size // while size points to a null pad byte, decrease size by 1

// size should now point to the last pad byte of 0x80
decrement size // now we point to the last byte of the message

set newtext = new byte[size + 1]  // create a new byte array with a length the size of the message

for (i = 0; i < length of newtext; i++)
set newtext[i] = text[i] // copy everything from text to new text in the message size

return newtext

// takes the byte array text and encrypts the 4 bytes at offset with the 4 byte key
byte [] function blockciper ( byte[] text, int offset, byte[] key )

set store = text[offset]

// rotate the block backwards 1 byte
set text[offset] = text[offset + 1]
set text[offset + 1] = text[offset + 2]
set text[offset + 2] = text[offset + 3]
set text[offset + 3] = store

// XOR the whole block with the key
set text[offset] = text[offset] XOR key[0]
set text[offset + 1] = text[offset + 1] XOR key[1]
set text[offset + 2] = text[offset + 2] XOR key[2]
set text[offset + 3] = text[offset + 3] XOR key[3]

return text // needed only if text is a copy of the real text buffer
// unneeded if text is a pointer to a byte array like in java or C/C++

// takes the byte array text and decrypts the 4 bytes at offset with the 4 byte key
byte [] function unblockciper ( byte[] text, int offset, byte[] key )

// un-XOR the whole block with the key
set text[offset] = text[offset] XOR key[0]
set text[offset + 1] = text[offset + 1] XOR key[1]
set text[offset + 2] = text[offset + 2] XOR key[2]
set text[offset + 3] = text[offset + 3] XOR key[3]

set store = buffer[offset + 3]

// rotate the whole block forwards 1 byte
set buffer[offset + 3] = buffer[offset + 2]
set buffer[offset + 2] = buffer[offset + 1]
set buffer[offset + 1] = buffer[offset]
set buffer[offset] = store

return text // needed only if text is a copy of the real text buffer
// unneeded if text is a pointer to a byte array like in java or C/C++

// takes a byte array as the text and a 4 byte key to encrypt the text
byte[] function encrypt (byte[] text, byte[] key)

// perform the block cipher 6 times on each 4 byte block in the text array
for (i = 0; i < length of newtext; i = i + 4)
for (a = 0; a < 6; a++)
set newtext = blockcipher(newtext, i, key)

return newtext // needed even in java and C/C++

// takes a byte array as the text and a 4 byte key to decrypt the text
byte[] function decrypt (byte[] text, byte[] key)

// perform the block cipher 6 times on each 4 byte block in the text array
for (i = 0; i < length of newtext; i = i + 4)
for (a = 0; a < 6; a++)
set text = unblockcipher(text, i, key)

return newtext // needed even in java and C/C++

example encryption for ports:

these examples all use "hello world\n" (ASCII, no \r) as the starting file

encryption with key 00000000
Code: Select all
llhewoo d

encryption with key 11223344
Code: Select all
9[t:\1_A}wU�

(linux terminal tries to convert some stuff to unicode, if you have something similar to this, it's probably correct)

encryption with key 40032001
Code: Select all
M-+FV.,EK1O!A�#

encryption with key AA1122BB
Code: Select all
�}�V�~��_�;3
(note: much of it is screwed up and some characters are invisible)

C code for this challenge will be availible upon the first complaint of the lack it here.

This is supposed to be a relatively easy cryptography algorithm to break. If you find this too easy for you, get creative with it, find as much as you can.

Last edited by WallShadow on Sat Apr 13, 2013 7:51 pm, edited 1 time in total.

Contributor

Posts: 686
Joined: Tue Mar 06, 2012 9:37 pm
Blog: View Blog (0)

### Re: HTS Cryptography Challenge 1

GIVE ME THE C!!!
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.

fashizzlepop
Developer

Posts: 2303
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)

### Re: HTS Cryptography Challenge 1

fashizzlepop wrote:GIVE ME THE C!!!

Walls delivers: (though you could have been more friendly about it, and I was actually expecting cent to ask first)

This is only the test program right now, the file encryptor/decryptor will come later if i find a reliable multi-platform method (or someone helps me )for reading/writing files.
Code: Select all

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

struct buffer {

char * array;
unsigned int length;

};

struct buffer * newbuffer (unsigned int length) {

struct buffer * newbuff = malloc(sizeof (struct buffer) );

newbuff->array = malloc(length);
newbuff->length = length;

return newbuff;

}

struct buffer * pad(struct buffer * text)
{

int size;

if (text->length % 4 == 0)
{
size = text->length + 4;
} else {
size = (text->length / 4) * 4 + 4;
}

struct buffer * newtext = newbuffer(size);

int i = 0;

for (i = 0; i < text->length; i++)
newtext->array[i] = text->array[i];

newtext->array[i] = 0x80;

for (i++; i < newtext->length; i++)
newtext->array[i] = 0;

return newtext;

}

struct buffer * unpad ( struct buffer * text )
{

int size = text->length - 1;

while ( text->array[size] == 0x00 )
size--;

struct buffer * newtext = newbuffer(size);

int i;

for (i = 0; i < text->length; i++)
newtext->array[i] = text->array[i];

return newtext;

}

void blockcipher ( char * text, int offset, char * key )
{

char store = text[offset];

text[offset] = text[offset + 1];
text[offset + 1] = text[offset + 2];
text[offset + 2] = text[offset + 3];
text[offset + 3] = store;

text[offset] = text[offset] ^ key[0];
text[offset + 1] = text[offset + 1] ^ key[1];
text[offset + 2] = text[offset + 2] ^ key[2];
text[offset + 3] = text[offset + 3] ^ key[3];

}

void unblockcipher ( char * text, int offset, char * key )
{

text[offset] = text[offset] ^ key[0];
text[offset + 1] = text[offset + 1] ^ key[1];
text[offset + 2] = text[offset + 2] ^ key[2];
text[offset + 3] = text[offset + 3] ^ key[3];

char store = text[offset + 3];

text[offset + 3] = text[offset + 2];
text[offset + 2] = text[offset + 1];
text[offset + 1] = text[offset];
text[offset] = store;

}

struct buffer * encrypt ( struct buffer * text, char * key)
{

int i, a;

for (i = 0; i < text->length; i = i + 4)
for (a = 0; a < 6; a++)
blockcipher(text->array, i, key);

return text;

}

struct buffer * decrypt ( struct buffer * text, char * key)
{

int i, a;

for (i = 0; i < text->length; i = i + 4)
for (a = 0; a < 6; a++)
unblockcipher(text->array, i, key);

return text;
}

int main ()
{

char * s = "hello world!\n GET OUT THE DOOR!!!";

struct buffer * b = newbuffer(strlen(s));
strcpy(b->array, s);

printf("%.*s\n%d\n", b->length, b->array, b->length);

char key [4];
key[0] = 0x12;
key[1] = 0x54;
key[2] = 0xAB;
key[3] = 0xCD;

struct buffer * b2 = encrypt(b, key);

printf("%.*s\n%d\n", b2->length, b2->array, b2->length);
struct buffer * b3 = decrypt(b2, key);

printf("%.*s\n%d\n", b3->length, b3->array, b3->length);

free(b->array);
free(b);
free(b2->array);
free(b2);
free(b3->array);
free(b3);

return 0;

}

<3
Last edited by WallShadow on Wed Apr 17, 2013 4:18 pm, edited 1 time in total.

Contributor

Posts: 686
Joined: Tue Mar 06, 2012 9:37 pm
Blog: View Blog (0)

### Re: HTS Cryptography Challenge 1

Just found out my ISP blocks randomsite.net78.net for those that want DavidB.enc here's a hex dump of it:
Code: Select all
xxd -g 4 DavidB.enc
0000000: 92e9277d c4e93b73 c4a5397b dcac1666  ..'}..;s..9{...f
0000010: daa67954 889b1e28 c0a81a71 88990176  ..yT...(...q...v
0000020: daaa1a77 fbbc1618 cdaa1178 888d0728  ...w.......x...(
0000030: c1ad1264 daa65350 daa01777 a2c31079  ...d..SP...w...y
0000040: c0a83a32 88ab0577 c6e91677 dca01d7d  ..:2...w...w...}
0000050: c6ae107b c0a85366 eca80732 cce9057b  ...{..Sf...2...{
0000060: c7ad3160 c1aa1660 c0a81832 c6a60032  ..1`...`...2...2
0000070: caac0732 88a8167c c5bc0032 88a6107a  ...2...|...2...z
0000080: c9e91532 c4b91b77 c7e95366 dbe91b7b  ...2...w..Sf...{
0000090: c9a40777 dbe95373 88a11b77 88ab1261  ...w..Ss...w...a
00000a0: c6e91677 cea61177 84e90177 cce9127c  ...w...w...w...|
00000b0: 88a81a7c c1bd1776 c6e51a7d cde9537a  ...|...v...}..Sz
00000c0: dbe91b73 cda71177 c9a25366 cfe91a7c  ...s...w..Sf...|
00000d0: dae91573 88a4077d d1e9127c cba2007b  ...s...}...|...{
00000e0: c9b05376 8881003c 88b91a61 cea60177  ..Sv...<...a...w
00000f0: c9a7017f 88bb1077 c1ac1664 c1ba0432  .......w...d...2
0000100: c7a45371 cfe91a7c 84e90662 cce9127c  ..Sq...|...b...|
0000110: caac3a32 deac1f7b c0a85366 c0a00732  ..:2...{..Sf...2
0000120: d8a80032 dba10a32 c4ad1c67 cde95370  ...2...2...g..Sp
0000130: dce71067 c6b05353 cde91c7c dbac167e  ...g..SS...|...~
0000140: c9bf537a dca11632 cfa11c67 88a60761  ..Sz...2...g...a
0000150: dca11d32 97c31a61 a8c9f312           ...2...a....

Dude seriously use spell check:
preformance belive
performance believe
Sc00bz
New User

Posts: 3
Joined: Mon Apr 15, 2013 10:23 pm
Blog: View Blog (0)

### Re: HTS Cryptography Challenge 1

Sc00bz wrote:Just found out my ISP blocks randomsite.net78.net

srsly?

did they even post a reason for it? also, see if http://net78.net/ or http://www.000webhost.com/ are blocked 'cause randomsite isn't an attack site, I use it for all of my hosting. (and if i was hosting anything malicious, my host would have kicked me by now).

-- Wed Apr 17, 2013 3:23 pm --

Sc00bz wrote:Dude seriously use spell check:
preformance belive
performance believe

btw, i have no idea where you see that. ctrl-f doesn't come up with anything.

Contributor

Posts: 686
Joined: Tue Mar 06, 2012 9:37 pm
Blog: View Blog (0)

### Re: HTS Cryptography Challenge 1

Sc00bz wrote:Dude seriously use spell check:
preformance belive
performance believe

btw, i have no idea where you see that. ctrl-f doesn't come up with anything.

I think he means in the encrypted file. Oops, my fault, sorry
Do not mistake understanding for realization, and do not mistake realization for liberation
Evil Ninja Hackers
???
٩(͡๏̯͡๏)۶

1A4EAMboaXpgvUSmtRbVRqbfJrbyuGhyoo

3vilp4wn
Poster

Posts: 144
Joined: Sun Feb 10, 2013 2:05 am
Location: The darkness.
Blog: View Blog (0)

### Re: HTS Cryptography Challenge 1

3vilp4wn wrote:I think he means in the encrypted file. Oops, my fault, sorry

Indeed. now slap yourself again for revealing that those were in the encryted file. PT attack is serious business. >:(

Contributor

Posts: 686
Joined: Tue Mar 06, 2012 9:37 pm
Blog: View Blog (0)

### Re: HTS Cryptography Challenge 1

To: Hal Jillette
From: Richard Pierce
Subject: David Broderick

I have been noticing that David Broderick has not been as much of a help to his team as he has been before, and in addition, he has been taking far to many sick days. His preformance review is coming up, and I belive that his pay should be cut. Anyone else have thoughts on this?

There are SO many collisions with this thing. It's crazy. (I got 16 in under a min)

sordidarchetype
New User

Posts: 47
Joined: Wed Dec 22, 2010 12:46 pm
Blog: View Blog (0)

### Re: HTS Cryptography Challenge 1

sordidarchetype wrote:
There are SO many collisions with this thing. It's crazy. (I got 16 in under a min)

If you look in the algorithm, you'll see why, but besides that, good job. Care to explain your method?

Contributor

Posts: 686
Joined: Tue Mar 06, 2012 9:37 pm
Blog: View Blog (0)

Next