30 replies to this topic

[x58]

Hess, on 02 Feb 2014 - 12:48 PM, said:

Take that dutch one and post here if possible.

I don't have the files.. Ask Lupo.

[Hess]

He wont put them. :S

[IamLupo]

Here you can download the challange:

Please Login or Register to see this Hidden Content

This crypt.exe was one of the challange. It has nesty debug tricks.

[karcrack]

It was the first crypto-challenge I tried and was fun but I'm not ready yet for this kind of challenges yet   Hopefully after reading your solution everything will seem obvious

 

My guess is that GenerateKey() is linear and can be inverted. I'm really looking forward your solution. It's really unpleasant being unable to finish the challenge   Hope I'll end up learning something and next time you post a challenge I will beat the crap out of it

[Hess]

"El Pistolero" , don't be disappointed , it is harder than it looks.

[IamLupo]

karcrack, on 03 Feb 2014 - 07:42 AM, said:

It was the first crypto-challenge I tried and was fun but I'm not ready yet for this kind of challenges yet   Hopefully after reading your solution everything will seem obvious

 

My guess is that GenerateKey() is linear and can be inverted. I'm really looking forward your solution. It's really unpleasant being unable to finish the challenge   Hope I'll end up learning something and next time you post a challenge I will beat the crap out of it

 

I have to agree It is hard Even nice to see you tried. I also took a step back at this challange. And give it later on a chance. My second try i beated it up

[Hess]

This original one , don't You dare to give any advice ! At least , to me , I wanna try it as hard as possible.

[IamLupo]

Hey guys, we are now 2 weeks later and still nobody has cracked my challange. I promised you to give you the answers. I wrote a C++ crack for this challange

 

What you needed

If you looked at the source code you would figure out that you would need the generated_key's and the master_key's to crack the file. The generated_key's already stored in the enc file at byte 8 untile byte 24. To get the master_key's is the challange and reverse it back to the password

 

GenerateKey

The first thing you needed to figure out is that this had multiple vulnerabilities.

One of them is that master_key[3] has never been used. This means for decryption you don't need master_key[3].

Second in the "For_Loop_J" it takes key_values to scrumble the generat_key's. But what you will notice is that the first bit never change. This means generate_key[0] never changes in "For_Loop_J".

Please Login or Register to see this Hidden Content

Thirt GenerateKey can be reversed if you have the output generate_key's and the master_key's.

Please Login or Register to see this Hidden Content

Known information:

Please Login or Register to see this Hidden Content

Crack Part 1:

Out encrypted file ended with *.zip.enc.... Hmmm, what filetype should it be guys? right zip! And what that means is that the decrypt file has to start with "0x04034b50".

What we know is enc_file_data[0] XOR generat_key[0] = 0x04034b50. Also generat_key[0] = 0x04034b50 XOR 0xbc7d475c.

What we now have is the input/output of generated_key[0] in the GenerateKey function. Input generated_key[0] = 0xac9b280d and Output generated_key[0] = 0xB87E0C0C. What we know of generated_key[0] is that it only influenced by master_key[0] and multiplied with 0xF97CE7B7. This way we can figure out master_key[0].

 

Crack Part 2:

Because we have the master_key[0] we can figure out the time of encryption. We do this with bruteforce the "InitMasterTimeKey" function.

 

Crack Part 3:

Because we know the master_key[0] we can check what the input generat_key[0] was when it generated the "enc_file_passwordhash". This value can help us figure out master_key[1] and master_key[2].

 

Crack Part 4:

Because we figured out this generat_key[0] we know in function "InitMasterKey" that:

Please Login or Register to see this Hidden Content

What we conclude is that the generat_key[0] ^ master_key[0] = master_key[2] ^ master_key[1]. We only need to bruteforce 2^32 possibilities to get master_key[1] and master_key[2]. With heuristics we figure out that our decryption makes a right zip file.

 

Crack Part 5:

We only need to figure out master_key[3]. We bruteforce it with InitMasterTimeKey and check out generat_key's with "enc_file_keys". This will find multiple options!

 

Crack Part 6:

Because we have multiple master_key[3] options we need to reverse all of them and look at the password if it has strange symbols or not. And bingo we got of the 43 options 1 that fits!

Please Login or Register to see this Hidden Content

The first 2 bytes is the length of our password. In this case it was 0x4C. to get the length "charters = 0xC4 - 0xC3 = 0x10 = 16 charters".

Because "InitKey" it added the 1e and 16e charter with each other. to generated the generat_key's. In this case it was 0x7B. Littlebit logic we could figure out that "H" + "3" becomes 0x7B

 

Result: "H@CkH0UnD4U@nDm3"

 

Download source code:

Please Login or Register to see this Hidden Content

[Hess]

This is good , I have no clue what's the word of , so I can work on my own !

[karcrack]

I didn't thought of using ZIP headers because they can be anywhere in the file

 

Thanks for sharing the solution. It's nice to see the pattern to solve this kind of challenges:

1- Spot weakness in entropy.

2- Find a possible known plaintext.

3- PROFIT

[IamLupo]

Project Source Code:

Please Login or Register to see this Hidden Content

Have fun!