Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Break my crypto

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes
View previous topic :: View next topic  
Author Message
Burningmace
Grandmaster Cheater
Reputation: 5

Joined: 17 Feb 2008
Posts: 520
Location: Inside the Intel CET shadow stack

PostPosted: Thu Sep 18, 2008 6:42 am    Post subject: Break my crypto Reply with quote

I wrote an encryption class a while back that uses some simple operations and feedback techniques to encrypt data quickly and relatively securely. I called it SimpleCrypt and I've been using it in applications for quite a while now.

Here's the encrypt/decrypt routines:

VB.NET:
Code:
    Public Function Encrypt(ByVal data() As Byte, ByVal keydata() As Byte) As Byte()
        Dim key() As Byte = SHA256.Create().ComputeHash(keydata)
        Dim retData(data.Length - 1) As Byte
        For i As Integer = 0 To data.Length - 1
            retData(i) = data(i) Xor key(i Mod (key.Length - 1))
            retData(i) = retData(i) Xor (i Mod 255)
            If i > 0 Then
                retData(i) = retData(i) Xor data(i - 1)
            End If
            If i Mod 2 = 0 Then
                retData(i) = 255 - retData(i)
            End If
        Next
        Return retData
    End Function

    Public Function Decrypt(ByVal data() As Byte, ByVal keydata() As Byte) As Byte()
        Dim key() As Byte = SHA256.Create().ComputeHash(keydata)
        Dim retData() As Byte = data
        For i As Integer = 0 To data.Length - 1
            If i Mod 2 = 0 Then
                retData(i) = 255 - retData(i)
            End If
            If i > 0 Then
                retData(i) = retData(i) Xor data(i - 1)
            End If
            retData(i) = retData(i) Xor (i Mod 255)
            retData(i) = data(i) Xor key(i Mod (key.Length - 1))
        Next
        Return retData
    End Function


And in C# (excuse any errors - I wrote this in Notepad and I've not used C# in a while)
Code:
public byte[] Encrypt(byte data[], byte keydata[])
{
   byte key[] = SHA256.Create().ComputeHash(keydata);
   byte retData[data.Length - 1];
   for(int i = 0; i < data.Length; i++)
   {
      retData[i] = data[i] ^ key[i % (key.Length - 1)];
      retData[i] = retData[i] ^ (i % 255);
      if(i > 0)
      {
         retData[i] = retData[i] ^ data[i - 1];
      }
      if(i % 2 == 0)
      {
         retData[i] = 255 - retData[i];
      }
   }
   return retData;
}

public byte[] Decrypt(byte data[], byte keydata[])
{
   byte key[] = SHA256.Create().ComputeHash(keydata);
   byte retData[] = data;
   for(int i = 0; i < data.Length; i++)
   {
      if(i % 2 == 0)
      {
         retData[i] = 255 - retData[i];
      }
      if(i > 0)
      {
         retData[i] = retData[i] ^ data[i - 1];
      }
      retData[i] = retData[i] ^ (i % 255);
      retData[i] = data[i] ^ key[i % (key.Length - 1)];
   }
   return retData;
}


I've encoded an executable file with my algorithm, and it's your job to try to decrypt it Smile

Some hints:
1) Don't try to bruteforce. The idea of breaking an algorithm is to find a way to defeat it without just bruteforcing. Besides, I've used a key that'll take you a long time to break.
2) The original executable is a .NET PE, so you know some information about what some of the bytes were (MZ header, DOS execution message, etc).
3) Pay close attention to the i > 0 clause.
4) The algorithm does not add or remove any bytes - original data length is equal to the encrypted data length.
5) The key is hashed to 256 bits (32 bytes) and the file is larger than 32 bytes. Repetition is important!

Enjoy Razz

Update - 6th October 2008
I've updated the code to use Rijndael's S-Box and a custom function-box for increased security. I realised that the algebraic simplicity of the algorithm caused problems as there was no confusion employed, so the S-Box should help to fix that. The function box also helps increase security by adding a large amount of "unknown processing" to the algorithm - the operations done on each byte are different depending on the key. I've also turned the algorithm into a 4-round version that uses a different key for each round.

Note that I haven't modified the challenge, so the attached file on the original post is still using the old version.

I've attached the source code (simplecrypt2_source.zip) for VB.NET and C#, which you may use and distribute in accordance with the notice in the source.


Last edited by Burningmace on Sun Oct 05, 2008 6:16 pm; edited 1 time in total
Back to top
View user's profile Send private message
rapion124
Grandmaster Cheater Supreme
Reputation: 0

Joined: 25 Mar 2007
Posts: 1095

PostPosted: Tue Sep 23, 2008 7:18 pm    Post subject: Reply with quote

This isn't really your own cryptographic algorithm, considering you used a 256 bit SHA hash. If the hash wasn't there, it would be very easy.
Back to top
View user's profile Send private message
Burningmace
Grandmaster Cheater
Reputation: 5

Joined: 17 Feb 2008
Posts: 520
Location: Inside the Intel CET shadow stack

PostPosted: Tue Sep 23, 2008 8:09 pm    Post subject: Reply with quote

That is not true. If the hash algorithm was not in use I could set a random 256-bit key myself.

For example, here's a random 256-bit key I created in notepad:
Code:
5, 19, 54, 197, 0, 28, 98, 181, 120, 55, 19, 33, 49, 30, 148, 107, 99, 114, 216, 95, 255, 126, 97, 4, 126, 63, 196, 103, 100, 207, 201, 253


Just as secure Smile

In fact I could take a UTF8 string of 250 characters and use it as a key if I really wanted.

The hash algorithm is there because short passwords break this kind of cryptography. The cryptographic algorithm is my own, the key generation algorithm is not, but I could equally have used a PRNG to generate a 256-bit key so the point is moot.
Back to top
View user's profile Send private message
pkedpker
Master Cheater
Reputation: 1

Joined: 11 Oct 2006
Posts: 412

PostPosted: Tue Sep 23, 2008 11:30 pm    Post subject: Reply with quote

looks very similar to world of warcraft packet encryption. Close but not exactly..

Code:

void WowCrypt::EncryptSend(uint8 *data, size_t len)
{
   if (!_initialized) return;
   if (len < CRYPTED_SEND_LEN) return;

   for (size_t t = 0; t < CRYPTED_SEND_LEN; t++) {
      _send_i %= _key.size();
      data[t] = _send_j = (data[t] ^ _key[_send_i]) + _send_j;
        ++_send_i;
   }
}

void WowCrypt::DecryptRecv(uint8 *data, size_t len)
{
   if (!_initialized) return;
   if (len < CRYPTED_RECV_LEN) return;
   uint8 x;

   for (size_t t = 0; t < CRYPTED_RECV_LEN; t++) {
      _recv_i %= _key.size();
      x = (data[t] - _recv_j) ^ _key[_recv_i];
      ++_recv_i;
      _recv_j = data[t];
      data[t] = x;
   }
}

_________________
Hacks I made for kongregate.
Kongregate Universal Badge Hack: http://forum.cheatengine.org/viewtopic.php?p=4129411
Kongreate Auto Rating/Voter hack: http://forum.cheatengine.org/viewtopic.php?t=263576
Took a test lol
Back to top
View user's profile Send private message
Burningmace
Grandmaster Cheater
Reputation: 5

Joined: 17 Feb 2008
Posts: 520
Location: Inside the Intel CET shadow stack

PostPosted: Wed Sep 24, 2008 4:05 am    Post subject: Reply with quote

I'm really surprised at that... I've never looked at WoW's protocols (I don't play it and I hate it) so it's a case of unassociated discovery - two people in two different locations that have never met each other and are unaware of each other's existence both developing the same invention or theory.

In fact this is quite a confidence boost - if what I developed on my own is similar to something a multi-million dollar games development corporation came up with, I must be doing something right!
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites