Encryption, a short tutorial
How to reverse engineer encrypted files
by Jon
(12 October 1997)
Courtesy of Fravia's page of reverse engineering
Well, soon or later we'll have to collect all encryption
essays under a single project. This NEW EDITION of the "encryption" essay by Jon
(our encryption specialist,
you may want to have a look at his other essays about kremlin
and about Blowfish) is VERY interesting
for all encryption enthusiasts among us, and I know that many
reverse engineers analyze and study encryption methods with
real passion (crackers are also pretty interested in this stuff, for
obvious reasons :-)
I would like to thank personally Joe Peschel for having helped Jon with this, hope to see some essays by
him, on these matters, soon.
Encryption. Copyright by Jon.
With additions and corrections by Joe Peschel.
[September 28th, 1997.]
INDEX:
1. Introduction (the purpose of encryption)
2. How encryption works
3. About decryption
4. How to reverse engineer an encrypted file
(brute force attack and figuring out the key)
5. Algorithms (most known)
6. Encryption programs & Info
[1. Introduction (the purpose of encryption).]
The general purpose of encryption is to scramble computer-information with a password, which
only you should know. You could say that encryption is like a digital key. But why should I use
"digital keys" on my confident computer-information?, you might ask. Well, you lock your door to
your home don't you? An why do you do that? So nobody can steal your things. Encryption is the
same thing. You scramble your data, so it will be useless to people that don't have the right
key.
There's probably a lot of information on your computer that you would like to keep secret.
This could be company information, your financial status, the source codes of your applications,
love-letters, or just XXX-images from the internet (example: what would you say, if your
little brother found the file c:\download\xxx\pamela.jpg on your computer?).
Whatever the purpose is, encryption is the answer. The encrypted file will be ABSOLUTELY
useless to the curious guy/girl.
Encryption could also be used in shareware-program, as a part of the protection scheme. That
won't be described here, but if you want to know more about it, there's a lot of great examples
in the cracking essays from the +HCU'ers and +ORC.
[2. How encryption works.]
The encryption process is when the encryption-program takes the file you have
selected and modifies it with a algorithm (see section 5, for more info about
that). Some encryption programs have multiple algorithms, so the user can select
the one they trust most.
The encryption process works like this: after you've selected the file you wish
to have encrypted, it will ask you for a password. In many cases the password is
hashed. If the encryption program doesn't support a hash function, your encrypted file may
not be so safe, and you will have to enter a password of an required length.
See section 6, which describes the some of the better encryption programs. Many encryption
programs work in CBC mode (Cipher Block Chaining), which adds additional
security. In some implementations of Blowfish, for instance, the CBC Initialization
Vector makes a random 64 bit value.
This makes every encrypted file unique (even if you encrypt the same file, using the same
algorithm, with the same password, it will be different). When using CBC the data
will be encrypted in blocks which are all linked together and that will make the
encrypted data even harder to break. Other encryption programs use ECB
(Electronic Code Book), which is not as secure since it is vulnerable to a known
plaintext attack.
When the encryption process is done, the encrypted data will be written to a file.
Some encryption programs rename the file to something random (that way, nobody can
know what the contents of the file is).
Others just overwrites the source file, with the encrypted one.Some programs also
uses archives. This allows multiple files in one encrypted file. If the program
supports archives, it's likely that it also includes the option to compress the file(s).
This is very handy if you are emailing the file. But public key encryption, such as PGP,
is better suited for e-mail.
[3. About decryption.]
There's not much to say about decryption. It's the reverse of encryption. Before the
decryption process, the program often check the file for some kind of signature (most
encryptors make a signature to the output file, so the decryptor can identify it). This
is handy, because if you try to decrypt a file with a different algorithm/program the
output will be trash.
[4. How to reverse engineer an encrypted file (brute force attack and figuring out the key).]
Many encryption algorithms can be reverse engineered and cracked. Here are a few that have
been: MS Word versions 2-7, Excel, Word Perfect up to version 7, Windows 3.x and 95 screen
savers (see the essay by Lonely Hawk on Fravia's pages), PKzip (Peter Conrad's implementation
of the Biham/Kocher known-plaintext attack), CrypEdit, and Crypt-o-Text.
There is also an essay by Casimir (Fravia's pages) on the reversal of Crypt-o-text. After
the algorithm is reversed (in the most of above programs) it takes only a matter of seconds
to recover a password. The Pkzip known-plaintext attack can take a while, but it is not a
brute-force or wordlist-based cracker.
In strong, properly implemented encryption algorithm the password isn't stored anywhere in
the cryptfile.
Therefore you must take other means:
1. Use a brute force attack program. You can make your own, or fetch one from the
Internet. But this option is very hard; the keysizes in the modern encryption algorithms
are so large that it can take years on a single personal computer. A combined effort of
several hundreds or thousands of machines connected to the Internet, however, can and has
cracked 48-bit RC5 and 56-bit DES.
(See the RSA Data Security Secret Key Challenge at:
http://www.rsa.com/rsalabs/97challenge/)
You may also want to build a wordlist from all of the ASCII data on a victim's machine.
2.Another option is to collect all the info you can get
on the person that has encrypted the file. Often people encrypt files with their birthdays
(it can be reversed, or in another format), social security number, dogs name, etc.
3.Often people uses the same codes from a computer-game they like, or a screen-saver or MS-Word
password, Excel, or other snake-oil to encrypt their secret files.
4.Social engineering ala Mitnick.
5. Keyboard loggers, handy little programs that copy keystrokes to a file.
Personally, I've made a program, that puts my 56-bytes password (not only letters,
also special characters) into the clipboard, and then starts my favorite encryption program.
Then I can just press CTRL+V to paste the password.
This is very useful, since nobody else has access to my computer (DO NOT use this method if
someone else has access to your computer, an attacker will discover this fast).
[5. Algorithms (most known).]
Blowfish
Blowfish is one of the most known algorithms today. It's very fast, about 5,2 mb/s in
Window$ 95 on my P200 (it should be even faster on pure 32-bits OS's like WinNT. It's
also one of the most secure (if not THE most secure). It's key-size is up to 448-bits
(56 bytes), and if you use the full key-size, a brute-force attack is senseless.
In standard mode it encrypts in 16 rounds, but it can be expanded (or reduced) to, for
example 32 rounds (which takes twice the time, but gives twice the encryption). Blowfish
was invented by Bruce Schneier, and was published in Doctor Dobb's Journal, issue 4/94.
There hasn't been found any weaknesses so far.
Cobra
Cobra is new algorithm. It wasn't designed from scratch, but is similar to Blowfish.
Cobra was originally designed to be a 128-bit, 24 rounds encryption algorithm, but like
Blowfish it can be changed. It was invented by Christian Schneider, and in April, 1996 it
was posted to the newsgroup sci.crypt.research
DES
This is THE most know algorithm (that doesn't mean that it's the best). The life of DES
(Data encryption Standard, BTW) started in 1974 when a group of IBM scientists collaborated
with the NSA, to develop a secure encryption algorithm. At the start people didn't trust
the algorithm, because it was developed in cooperation with the NSA, but it was soon the
most used. From 1976 to 1997 (it's still being used) it has been used to encrypt federal
non-classified documents. Because it was designed to work in hardware, it's VERY slow when
implemented in software. But that's not the only problem; it's key-size is only 7 bytes (56
bits). Therefore all possible keys can be tried in a few hours on a FAST computer. (Actually
cracking one 56-bit DES key took several months on hundreds of computers, but there have
always been rumors that the US government can crack DES in minutes.
There exist mutations of the DES algorithm, TDES (triple DES), which TRIPLES the key-size
to 21 bytes and NewDES which is much more fast, but not as secure.
GOST
This algorithm is the Russian counterpart to the American DES algorithm. It's has been
used for a long time, but there are no known weaknesses. The keysize is 32 bytes, and it
encrypts in 32 rounds. However the encryption function is more simple than Blowfish.
IDEA
This algorithm is the most used today. It uses a 128-bits key (16 bytes), and is regarded
to be one of the best and most secure algorithm available today. IDEA was developed in
Zurich, Switzerland by Xuejia Lai and James Massey.
RC4
At first, not much was known about this algorithm, because it's implemented in a commercial
product by RSA, and the source-code was not available to the public. But a group named
Cypherpunks made it available to the public by posting the source-code to the sci.crypt
newsgroup. Now, it's also available in RSADSI's BSAFE Toolkit (with the source-code).
There's more info about this algorithm in Bruce Schneier's Applied Cryptography 2nd. Ed.
It's implemented in some programs under other names like psuedo-RC4 (because it's a
trademark of RSA). It was designed by Ronald Rivest.
SAFER
SAFER was invented by James Massey (one of the IDEA designers), and stands for Secure and
Fast Encryption Routine. There are different version, with different key-lengths. The most
used is SAFER SK-128, which uses a 128-bits key-size, but there are also versions with
smaller key-sizes.
SAFER was designed at the request of CYLINK, which is in the words of Bruce Schneier
(designer of Blowfish) "tainted by the NSA". Although SAFER is criticized by Bruce
Schneier, it resists any known form of cryptanalytic attack.
[6. Encryption programs & Info.]
In this section I'll describe some great encryption programs and info (links).
Programs:
My two favorite encryption programs are Blowfish Advanced 95 8.2f and Kremlin 1.21.
Blowfish Advanced is a very powerful program. It has 5 algorithms: Blowfish, Blowfish32
(the same as Blowfish but with 32 rounds; twice the encryption), GOST, Triple-DES and
Cobra.
It uses the full 448 bits of the Blowfish algorithm.
Download it at http://www-hze.fht-esslingen.de/~tis5maha/software.html, and find a reg-code
at http://www.chez.com/jon101514/pc_bfa2f.zip
Kremlin 1.21 is a very handy tool. It's completely drag-n-drop based, and is very easy to
use.
It has 8 algorithms, ASCII, Blowfish, DES, IDEA, NewDES, Safer, Psuedo-RC4 (the same as
RC4) and Vigenere. It's not as safe as Blowfish Advanced 95, as it's maximum key-size is
160 bits, and it only works in EBC-mode (the less secure).
Download it at http://www.mach5.com/ If you have read my essay about it, and was annoyed
that you couldn't select all the algorithms within the program, register it with:
9797708151 (works for both version 1.1, 1.2 and 1.21).
There's a lot of other nice shareware/freeware encryptors on the web.
Try http://www.tucows.com/, http://www.shareware.com/ or http://www.mysharewarepage.com/.
You can also search for a program using Yahoo, etc. But remember because of the stupid and
useless US laws against exporting strong encryption software, you'll at times end up with
cripplewarez, so check that the encryption programs you download are COMPLETE (best areas
for complete downloads, as usual: Russia, Poland, Holland, Scandinavia, Yugoslavija).
Info:
Here are some nice links (including the ones mentioned above in this essay):
http://www.counterpane.com/blowfish.html - The Blowfish Page. Here you'll find info
and the source code of Blowfish.
http://www-hze.fht-esslingen.de/~tis5maha/software.html - Download Blowfish Advanced 95
http://www.mach5.com/ - Download Kremlin (there's also a new section with crypto-info).
http://www.chez.com/jon101514/pc_bfa2f.zip - Blowfish Advanced '95 reg-code.
http://www.tucows.com/, http://www.shareware.com/, http://www.mysharewarepage.com/ -
Lots of shareware/freeware encryptors, but beware of some of the snake-oil programs
(mostly the crippled US encryptors).
http://hack.box.sk/ - Some brute-force attack utils (also has cracks, serials and hack utils)
http://ourworld.compuserve.com/homepages/c_schneider/ - Author of Cobra.
http://www.cs.auckland.ac.nz/~pgut001/links.html - Peter Gutmann's site. Has the biggest
list of crypto-links I've seen!
http://www.sni.net/~mpj/crypto.htm - Nice crypto-page with a LOT of links.
http://members.aol.com/jpeschel/index.htm - Joe Peschel's homepage. Lots of brute-force
crackers, encryption info, etc.
Here are some nice Newsgroups
sci.crypt - Great newsgroup, with lots of info.
sci.crypt.research - newsgroup
This essay is only an introduction to encryption from a reverse engineering standpoint.
Visit the sites above for more info and source-codes, etc. I want to thank Joe Peschel.
He helped me make this essay better by correcting errors in and adding new info to it.
Now it's much better :-)
(c) Jon 1997. All rights reversed
You are deep inside fravia's page of reverse engineering,
choose your way out:
homepage
links
anonymity
+ORC
students' essays
academy database
tools
cocktails
antismut CGI-scripts
search_forms
mail_fravia
Is reverse engineering legal?