Jump to content

Cryptynalis

r4v37t

By r4v37t
in Security

 Share

Recommended Posts

Steve8x Newbie

Steve8x

Posted
Posted

lol "Cryptynalis"?

I know a cool XOR encryption method!

Its a basic 8 bit encryption algorithm... it works, and its pretty neat. The only downside is since its only 8 bit, theres only 255 possible encryption keys, which someone could easily crack the encryption if they coded a little program, but It can be strengthened.

its a simple little procedure

Encrypt proc Buffer:DWORD, BufferSize:DWORD, Key:BYTE

    mov eax, [Buffer]; address of buffer to encrypt goes in eax
    mov ebx, [BufferSize]; buffer size goes in ebx
    mov cl, [Key]; encryption key goes in 'cl'

    NotDoneYet:
    xor byte ptr [eax+ebx], cl
    dec ebx

    cmp ebx, 0
    jne NotDoneYet

    ret

Encrypt endp

It takes 3 parameters.

1. The "Buffer" which can be anything really it could point to a string, or a file in memory, anything you'd want to be encrypted.

2. The "BufferSize" this should be the size of the string/file/whatever your going to encrypt.

3. The encryption "Key" a number between 1-255. 255 is the largest number that can fit in 8 bits / 1 byte

eax, ebx, ecx, edx, esi, edi are all 32 bit registers, 32 bits = 4 bytes, ax, bx, cx, dx, si, di are 16 bit registers, the lower 16 bits of the 32 bit ones. 16 bits = 2 bytes.

so without giving too much of an assembly lesson here you can probably figure out that "cl" is the lower 8 bits of the cx register, ch being the higher 8 bits...

so what it does is, after you call it with correct parameters, and after it sets up the registers.

it does a bitwise operation XOR with the 8 bit key and the value of the buffer address + buffer size, which is the last byte of the buffer, at the start of calling the function. After, it decreases the register that holds the buffer size which then gives the second to last byte of the buffer, and so on and so forth, until the whole entire buffer has been xor'd.

to decrypt, its the same procedure, call the function again using the same key as before and it will be decrypted.

I have thought of a way to make it stronger though, and require more attempts.

instead of just calling the function once with 1 key. Call the function many more times, using different keys each time.

for example encrypt the buffer once with 101, then again with 37, then again with 222, again with 194...

now the only way(I think) to get back to the original buffer would be to call the function with 194, then 222, then 37, and 101, then finally you'd have the original string or file :)

You could even do it with a password, for example you could use this password "lamepassword"

l a m e p a s s w o r d

6c 61 6d 65 70 61 73 73 77 6f 72 64

each character fits in a byte, so if you used that password you would call the encrypt function 12 times, to both encrypt and decrypt your buffer...

you'd first call it with 0x6C as the key, all through the 12th byte 0x64, and to decrypt, you'd do the same but in reverse order, starting from 0x64, ending with 0x6C...

It works, but I'm skeptical on how secure it actually is! But its surely way more secure than just doing it 1 time with a 1-255 key

heres some cyphertext I encrypted with this method using only 1 key though

N†ŒŠÏ¥€ÎÏ–€šÏ‹ŠŒ–Ÿ›Š‹Ï‚–ÏŒ–Ÿ‡Š›Š—›ÎÏÕÆÏ€˜ÏƒŠ›œÏ‰†ˆšŠÏ€š›â净˜Ï›€Ï‚Ž„ŠÏ

ŽÏœ›€ˆŠÏŠŒ–Ÿ›†€Î

and I'll give you a hint (key > 200)

that one above could be cracked almost immediately since it only has 255 possible keys and it would be in plain text! Plus I even narrowed it down..

No one will ever get this one:

ySIPPRYJYNXY_NELHHTUOT]T]T]UZESIT]JYQ]R][YXHSXY_NELHHTUO16HTYRQ]

VSNLNSLOHSESIuIOYX]OY_NYHL]OOKSNXHT]HESIXRYJYN[iYOO16oSESIQIOH^

Y

]YDLYNHUR_NELHS[N]LTEOSPYHQYWRSKTSKu_]RQ]WY]^YHHYNYR_NELHUSR16]P

[

SNUHTQQ]E^Y

^UH

That was in a buffer, and the encrypt function was called 23 times (a 23 character password) xor'd each time with each character starting from the first.

So without knowing the password, you can't do anything with it! :)

Of course you could code a cracker, but I think there's way tooo many possibilities that it would take too long to crack. Let me know your idea's on this method

;)

Link to comment
Share on other sites
  • 2 weeks later...
r4v37t Newbie

r4v37t

Posted
  • Author
Posted

I want create a security code, in examples:

1. I want Encrypt my file with my password "12345".

2. When I insert the password I have different time between each char.

3. To insert '1' time is 3 sec.

4. To insert '2' time is 1 sec.

5. To insert '3' time is 1 sec.

6. To insert '4' time is 2 sec.

7. To insert '5' time is 0,5 sec.

8. If the password is correct but the time is false then that file can't open.

Can you all help me to make algorithm?

Link to comment
Share on other sites
  • 4 weeks later...
dyikfth Newbie

dyikfth

Posted
Posted
No one will ever get this one:

ySIPPRYJYNXY_NELHHTUOT]T]T]UZESIT]JYQ]R][YXHSXY_NELHHTUO16HTYRQ]

VSNLNSLOHSESIuIOYX]OY_NYHL]OOKSNXHT]HESIXRYJYN[iYOO16oSESIQIOH^

Y

]YDLYNHUR_NELHS[N]LTEOSPYHQYWRSKTSKu_]RQ]WY]^YHHYNYR_NELHUSR16]P

[

SNUHTQQ]E^Y

^UH

eOULL NEVER DECRYPT THIS HAHAHA??? IF YOU HAVE MANAGED TO DECRYPT THIS-*THEN MAJOR PROPS TO YOU i USED A SECRET PASSWORD THAT YOUD NEVER GUESS?-*sO YOU MUST BE A EXPERT IN CRYPTOGRAPHY? SO LET ME KNOW HOW i CAN MAKE A BETTER ENCRYPTION-*ALGORITHM? MAYBE ?? BIT? ?

Link to comment
Share on other sites
konfoo Newbie

konfoo

Posted
Posted

If you are serious about learning this field then you should start with http://www.schneier.com/book-applied.html . This is pretty much the industry bible for developers. Please don't make your own routines unless you are doing it purely for learning purposes.

I would suggest you start with learning how e.g the DES algorithm works, and work your way up from there. There is more to be gained from learning all the various encryption mechanisms out there today and knowing what their shortcomings are and how to implement them correctly in a production system, than there is in learning the algorithms in depth. However, if you want to dive deep into the crypto field and don't care so much about implementation in e.g. applications, then do the latter.

XOR obfuscation with single round single byte keys and no salt is insecure. It doesn't take much more than a simple nested for loop to brute force the cleartext. Unfortunately it doesn't stop people using it, however (some NOAA EMWIN satellite decoders use it, for example).

I don't know what you intend to build, but some good off the shelf open source libs include http://libtomcrypt.com/features.html and http://www.cryptopp.com . I've built many apps using libtomcrypt.

It's 'cryptanalysis', btw :)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...