# Cryptynalis

## Recommended Posts

I just new in learn crypto system, so I need guide for you all.

##### Share on other sites

Where I start learn crypto?

I newly buy a book where show the crypto system work, but I have confuse I don't know where I have start to learn this.

##### Share on other sites

MIT Research(i liked)

##### Share on other sites

lol "Cryptynalis"?

I know a cool XOR encryption method!

Its a basic 8 bit encryption algorithm... it works, and its pretty neat. The only downside is since its only 8 bit, theres only 255 possible encryption keys, which someone could easily crack the encryption if they coded a little program, but It can be strengthened.

its a simple little procedure

```Encrypt proc Buffer:DWORD, BufferSize:DWORD, Key:BYTE

mov eax, [Buffer]; address of buffer to encrypt goes in eax
mov ebx, [BufferSize]; buffer size goes in ebx
mov cl, [Key]; encryption key goes in 'cl'

NotDoneYet:
xor byte ptr [eax+ebx], cl
dec ebx

cmp ebx, 0
jne NotDoneYet

ret

Encrypt endp```

It takes 3 parameters.

1. The "Buffer" which can be anything really it could point to a string, or a file in memory, anything you'd want to be encrypted.

2. The "BufferSize" this should be the size of the string/file/whatever your going to encrypt.

3. The encryption "Key" a number between 1-255. 255 is the largest number that can fit in 8 bits / 1 byte

eax, ebx, ecx, edx, esi, edi are all 32 bit registers, 32 bits = 4 bytes, ax, bx, cx, dx, si, di are 16 bit registers, the lower 16 bits of the 32 bit ones. 16 bits = 2 bytes.

so without giving too much of an assembly lesson here you can probably figure out that "cl" is the lower 8 bits of the cx register, ch being the higher 8 bits...

so what it does is, after you call it with correct parameters, and after it sets up the registers.

it does a bitwise operation XOR with the 8 bit key and the value of the buffer address + buffer size, which is the last byte of the buffer, at the start of calling the function. After, it decreases the register that holds the buffer size which then gives the second to last byte of the buffer, and so on and so forth, until the whole entire buffer has been xor'd.

to decrypt, its the same procedure, call the function again using the same key as before and it will be decrypted.

I have thought of a way to make it stronger though, and require more attempts.

instead of just calling the function once with 1 key. Call the function many more times, using different keys each time.

for example encrypt the buffer once with 101, then again with 37, then again with 222, again with 194...

now the only way(I think) to get back to the original buffer would be to call the function with 194, then 222, then 37, and 101, then finally you'd have the original string or file :)

l a m e p a s s w o r d

6c 61 6d 65 70 61 73 73 77 6f 72 64

each character fits in a byte, so if you used that password you would call the encrypt function 12 times, to both encrypt and decrypt your buffer...

you'd first call it with 0x6C as the key, all through the 12th byte 0x64, and to decrypt, you'd do the same but in reverse order, starting from 0x64, ending with 0x6C...

It works, but I'm skeptical on how secure it actually is! But its surely way more secure than just doing it 1 time with a 1-255 key

heres some cyphertext I encrypted with this method using only 1 key though

N†ŒŠÏ¥€ÎÏ–€šÏ‹ŠŒ–Ÿ›Š‹Ï‚–ÏŒ–Ÿ‡Š›Š—›ÎÏÕÆÏ€˜ÏƒŠ›œÏ‰†ˆšŠÏ€š›âå‡€˜Ï›€Ï‚Ž„ŠÏ

ŽÏœ›€ˆŠÏŠŒ–Ÿ›†€Î

and I'll give you a hint (key > 200)

that one above could be cracked almost immediately since it only has 255 possible keys and it would be in plain text! Plus I even narrowed it down..

No one will ever get this one:

ySIPPRYJYNXY_NELHHTUOT]T]T]UZESIT]JYQ]R][YXHSXY_NELHHTUO16HTYRQ]

VSNLNSLOHSESIuIOYX]OY_NYHL]OOKSNXHT]HESIXRYJYN[iYOO16oSESIQIOH^

Y

]YDLYNHUR_NELHS[N]LTEOSPYHQYWRSKTSKu_]RQ]WY]^YHHYNYR_NELHUSR16]P

[

SNUHTQQ]E^Y

^UH

That was in a buffer, and the encrypt function was called 23 times (a 23 character password) xor'd each time with each character starting from the first.

So without knowing the password, you can't do anything with it! :)

Of course you could code a cracker, but I think there's way tooo many possibilities that it would take too long to crack. Let me know your idea's on this method

;)

##### Share on other sites

• 2 weeks later...

I want create a security code, in examples:

1. I want Encrypt my file with my password "12345".

2. When I insert the password I have different time between each char.

3. To insert '1' time is 3 sec.

4. To insert '2' time is 1 sec.

5. To insert '3' time is 1 sec.

6. To insert '4' time is 2 sec.

7. To insert '5' time is 0,5 sec.

8. If the password is correct but the time is false then that file can't open.

Can you all help me to make algorithm?

##### Share on other sites

• 4 weeks later...
No one will ever get this one:

ySIPPRYJYNXY_NELHHTUOT]T]T]UZESIT]JYQ]R][YXHSXY_NELHHTUO16HTYRQ]

VSNLNSLOHSESIuIOYX]OY_NYHL]OOKSNXHT]HESIXRYJYN[iYOO16oSESIQIOH^

Y

]YDLYNHUR_NELHS[N]LTEOSPYHQYWRSKTSKu_]RQ]WY]^YHHYNYR_NELHUSR16]P

[

SNUHTQQ]E^Y

^UH

eOULL NEVER DECRYPT THIS HAHAHA??? IF YOU HAVE MANAGED TO DECRYPT THIS-*THEN MAJOR PROPS TO YOU i USED A SECRET PASSWORD THAT YOUD NEVER GUESS?-*sO YOU MUST BE A EXPERT IN CRYPTOGRAPHY? SO LET ME KNOW HOW i CAN MAKE A BETTER ENCRYPTION-*ALGORITHM? MAYBE ?? BIT? ?

##### Share on other sites

I want create a security code, in examples:

Can you all help me to make algorithm?

Just the algorithm NOT CODE, please. :(

##### Share on other sites

If you are serious about learning this field then you should start with http://www.schneier.com/book-applied.html . This is pretty much the industry bible for developers. Please don't make your own routines unless you are doing it purely for learning purposes.

I would suggest you start with learning how e.g the DES algorithm works, and work your way up from there. There is more to be gained from learning all the various encryption mechanisms out there today and knowing what their shortcomings are and how to implement them correctly in a production system, than there is in learning the algorithms in depth. However, if you want to dive deep into the crypto field and don't care so much about implementation in e.g. applications, then do the latter.

XOR obfuscation with single round single byte keys and no salt is insecure. It doesn't take much more than a simple nested for loop to brute force the cleartext. Unfortunately it doesn't stop people using it, however (some NOAA EMWIN satellite decoders use it, for example).

I don't know what you intend to build, but some good off the shelf open source libs include http://libtomcrypt.com/features.html and http://www.cryptopp.com . I've built many apps using libtomcrypt.

It's 'cryptanalysis', btw :)

##### Share on other sites

It's 'cryptanalysis', btw :)

Sorry, I'm not expert in English Langguage coz I'm from Indonesian.

## Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

×   Pasted as rich text.   Paste as plain text instead

Only 75 emoji are allowed.

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×