If crypt.exe doesn't have write privileges, it outputs a message where there's an error, you wrote Accies :eng101:
Blame my father! :v:
It's not used anyway, he couldn't be bothered to write a good error messaging system :)
heh i noticed that too.
Opening it in XVI32 did not give anything interesting. The key.dat file seems to change every time.
I have an angle of attack into it now myself
16 Time "a" becomes this. Look at the number range that is what you need to solve
[code]„†ˆŠŒŽ°²´¶¸º¼¾*¢ = 132 134 136 138 140 142 172 178 180 182 184 186 188 190 160 162
[/code]
a = 97 (these numbers just representate the symbol in unicode)
[editline]07:49PM[/editline]
There seems to be influence of the numbers by.
- kind of symbol (ofc)
- [B]The length of the string[/B]
- The position of the char.
-- snip --
screw it, keep your fortune.dat I'm heading to bed before my brain melts.
this very much seems to be a hash and not an encryption :-S it preforms a load of calculations, then only takes the lower part of the result
-snip- its over
it's over?
[QUOTE=nekosune;25095287]this very much seems to be a hash and not an encryption :-S it preforms a load of calculations, then only takes the lower part of the result[/QUOTE]
That certainly shouldn't be the case. I've tried to eliminate the fact that it's a hash as much as possible. Let's see how this'll turn out. It would ruin the fun if I had to make a few modifications at this point.
PM'd with why it looks to be a hash, if I am wrong, sorry for the worry
It seems to be that I accidentally indeed created a hash.
Therefore, the competition will be closed and restarted at a later date until the problem is fixed.
New starting date will be next Wednesday 19:00 GMT.
I'm very sorry for this, and neko won't be unrewarded for this.
Stay tuned.
Aww, I wanted to see if was starting yet. Now I have to wait two more days. Not that I actually stand a chance at winning.
That is not a hash @ all (you don't get what the meaning of a hash)
btw I have already reversed the algorithm used to encrypt the data .... and I can create an decrypt function based on it. I will give you the program to decode it soon but I am too sleepy atm lol
btw credit goes to Python1320 too as he has shown me the pseudo-C code used for the program (but don't know why he doesn't use the code that I have given to him)
btw about that 5 euros ..... you can first try my decode program first before thinking of it
I do get the meaning of a hash, a hash is a one way algorythm, of which this is, as it throws away part of the data, (to be exact the upper part of the DWORD holding the information, without that, you can not decypt
You heard him folks, back to the euro argument.
I'll check out the files you uploaded tomorrow night, will be taking part when you relaunch on Wednesday.
if Shammah allows I could post the part that shows the problem
[QUOTE=nekosune;25096254]if Shammah allows I could post the part that shows the problem[/QUOTE]
I know what the problem you are talking about ...... but still it is still possible to reverse the code based on the position and several things in the equation used (I guess you are talking about the LOBYTE problem)
anyway for someone who is interested in the algorithm used in the program .... the following equation is used to generate the output (in C language) :
for (i=0;i<maxlength_of_input;i++)
{
OUTPUT[i] = (((2 * i + 3) + 2 * (6 * (INPUT[i] + 4) ^ 0x17))) ^ maxlength_of_input) & 0xFF;
if (OUTPUT[i] == 0)
OUTPUT[i] = 33;
}
(And actually the & 0xFF is creating the reverse problem but I don't think it is infeasible for brute forcing / finding the weakness in the program)
actually, the upper half is thrown away before it is xord with the max length
doesn't matter @ all since the xor result won't be affected by the & 0xFF operation
actually it is, if you put k through it, it becomex 51c, which thanks to it throwing part away, is stored as 1c, 51c xord with max length, is different frm 1c xord with that
[editline]12:31AM[/editline]
to be exact (quickly made program to check)
my word was 8 characters long and started with k, k became 0x51c, then was cut to 0x1c THEN xord and well look :
0x51c ^ 8: 1300
0x1c ^ 8: 20
So yeah, if does matter where the cut is done, and in this case it is cut twice, before AND after the xor
[QUOTE=nekosune;25097640]actually it is, if you put k through it, it becomex 51c, which thanks to it throwing part away, is stored as 1c, 51c xord with max length, is different frm 1c xord with that[/QUOTE]
lol wtf ...... read what the function is used in the program first before telling so ...... since it reads input from a standard keyboard ..... the input range should only be inside 0 ~ 127 ..... and you just need to append the output with different bits to such that to test it by dividing it with 12 until it is in the range 0 ~ 127 again
[editline]07:33AM[/editline]
[QUOTE=nekosune;25097640]actually it is, if you put k through it, it becomex 51c, which thanks to it throwing part away, is stored as 1c, 51c xord with max length, is different frm 1c xord with that
[editline]12:31AM[/editline]
to be exact (quickly made program to check)
my word was 8 characters long and started with k, k became 0x51c, then was cut to 0x1c THEN xord and well look :
0x51c ^ 8: 1300
0x1c ^ 8: 20
So yeah, if does matter where the cut is done, and in this case it is cut twice, before AND after the xor[/QUOTE]
learn to append 1 with bitwise OR please and then test whether the value is inside 0 ~ 127 again
I know what it is used for, also nice side step there to a different subject, the input range does not have any real value in figuring this out, if it was a decyption program with a key, maybe.
[editline]12:36AM[/editline]
and your going to totally ignore the fact that the code you put up is wrong, seeing as it cuts twice?
[editline]12:48AM[/editline]
[code]
loc_0040300f:
cmp ebx, 1ffh
jz loc_0040303c
call dword ptr [_fgetchar]
cmp eax, 0ah
jz loc_0040303c
add eax, 04h
imul eax, eax, 03h
shl eax, 1h
xor eax, 17h
inc ebx
add eax, ebx
dec ebx
shl eax, 1h
mov [ebx+401047h], al
inc ebx
jmp loc_0040300f
; XREFS First: 1000:00403015 Number : 2
loc_0040303c:
xor edx, edx
xor eax, eax
; XREFS First: 1000:00403060 Number : 1
loc_00403040:
cmp edx, ebx
jz loc_00403062
mov al, [edx+401047h]
xor eax, ebx
test al, al
jnz loc_00403059
mov byte ptr [edx+401047h], 21h
jmp loc_0040305f
; XREFS First: 1000:0040304e Number : 1
loc_00403059:
mov [edx+401047h], al
; XREFS First: 1000:00403057 Number : 1
loc_0040305f:
inc edx
jmp loc_00403040
; XREFS First: 1000:00403042 Number : 1
loc_00403062:
[/code]
mov [ebx+401047h], al is the offending line, al contains the lower half of eax note it does this once to save, then it does another loop through xoring it all by the total length, then does mov [ebx+401047h], al again on that
[QUOTE=nekosune;25097879]I know what it is used for, also nice side step there to a different subject, the input range does not have any real value in figuring this out, if it was a decyption program with a key, maybe.
[editline]12:36AM[/editline]
and your going to totally ignore the fact that the code you put up is wrong, seeing as it cuts twice?
[editline]12:48AM[/editline]
[code]
loc_0040300f:
cmp ebx, 1ffh
jz loc_0040303c
call dword ptr [_fgetchar]
cmp eax, 0ah
jz loc_0040303c
add eax, 04h
imul eax, eax, 03h
shl eax, 1h
xor eax, 17h
inc ebx
add eax, ebx
dec ebx
shl eax, 1h
mov [ebx+401047h], al
inc ebx
jmp loc_0040300f
; XREFS First: 1000:00403015 Number : 2
loc_0040303c:
xor edx, edx
xor eax, eax
; XREFS First: 1000:00403060 Number : 1
loc_00403040:
cmp edx, ebx
jz loc_00403062
mov al, [edx+401047h]
xor eax, ebx
test al, al
jnz loc_00403059
mov byte ptr [edx+401047h], 21h
jmp loc_0040305f
; XREFS First: 1000:0040304e Number : 1
loc_00403059:
mov [edx+401047h], al
; XREFS First: 1000:00403057 Number : 1
loc_0040305f:
inc edx
jmp loc_00403040
; XREFS First: 1000:00403042 Number : 1
loc_00403062:
[/code]
mov [ebx+401047h], al is the offending line, al contains the lower half of eax note it does this once to save, then it does another loop through xoring it all by the total length, then does mov [ebx+401047h], al again on that[/QUOTE]
lol learn mathematic first before saying such a thing .... you don't even know what xor can be used for ..... anyway the decrypt program will be out within 1 ~ 2 hours (if I still haven't slept)
[QUOTE=UnknownzD;25098346]lol learn mathematic first before saying such a thing .... you don't even know what xor can be used for ..... anyway the decrypt program will be out within 1 ~ 2 hours (if I still haven't slept)[/QUOTE]
I know what xor is and can be used for, and nothing I said was relating to it's use, I was talking about what was done before and after, and well, good luck
[editline]01:00AM[/editline]
My money is on, a three day long sleep.
so wtf you are talking about? you failed to manage to get deciphered text and says that the money is yours now? lol (I lol'd hard for this .... in my own opinion ..... you are just a small script kiddle and can't do any read thing lol)
Well good luck in it then, I am not saying the money is mine, and am looking forward to Wednesday to join in when this is possible, if you can do it before hand, well good luck, just saying I doubt it.
The mention of money was using a common saying, to indicate, that you never release anything, not that I deserve the prize money.
I have stated and shown with proof of my statements, whereas all you have is a broken version of the encryption code, and your calling me a script kiddie?
so would you mind to tell me that what is the difference for the following codes?
[code]
xor $0x17,%eax;
and $0xFF,%eax;
[/code]
[code]
and $0xFF,%eax;
xor $0x17,%eax;
[/code]
btw if you don't know how xor works as using logic gate .... I can give you some reference for that
Sorry, you need to Log In to post a reply to this thread.
