Encryption, a short tutorial
How to reverse engineer encrypted files

by Jon
(12 October 1997)


Courtesy of Reverser's page of reverse engineering

Well, soon or later we'll have to collect all encryption essays under a single project. This NEW EDITION of the "encryption" essay by Jon (our encryption specialist, you may want to have a look at his other essays about kremlin and about Blowfish) is VERY interesting for all encryption enthusiasts among us, and I know that many reverse engineers analyze and study encryption methods with real passion (crackers are also pretty interested in this stuff, for obvious reasons :-)
I would like to thank personally Joe Peschel for having helped Jon with this, hope to see some essays by him, on these matters, soon.


Encryption. Copyright by Jon. 
With additions and corrections by Joe Peschel. 
[September 28th, 1997.]

                 
INDEX:

1. Introduction (the purpose of encryption)
2. How encryption works
3. About decryption
4. How to reverse engineer an encrypted file 
   (brute force attack and figuring out the key)
5. Algorithms (most known)
6. Encryption programs & Info                          


[1. Introduction (the purpose of encryption).]

The general purpose of encryption is to scramble computer-information with a password, which 
only you should know. You could say that encryption is like a digital key. But why should I use 
"digital keys" on my confident computer-information?, you might ask. Well, you lock your door to
your home don't you? An why do you do that? So nobody can steal your things. Encryption is the 
same thing. You scramble your data, so it will be useless to people that don't have the right 
key.
There's probably a lot of information on your computer that you would like to keep secret.
This could be company information, your financial status, the source codes of your applications, 
love-letters, or just XXX-images from the internet (example: what would you say, if your 
little brother found the file c:\download\xxx\pamela.jpg on your computer?). 
Whatever the purpose is, encryption is the answer. The encrypted file will be ABSOLUTELY 
useless to the curious guy/girl.

Encryption could also be used in shareware-program, as a part of the protection scheme. That 
won't be described here, but if you want to know more about it, there's a lot of great examples
in the cracking essays from the +HCU'ers and +ORC.



[2. How encryption works.]

The encryption process is when the encryption-program takes the file you have 
selected and modifies it with a algorithm (see section 5, for more info about 
that). Some encryption programs have multiple algorithms, so the user can select 
the one they trust most. 
The encryption process works like this: after you've selected the file you wish 
to have encrypted, it will ask you for a password. In many cases the password is 
hashed. If the encryption program doesn't support a hash function, your encrypted file may
not be so safe, and you will have to enter a password of an required length. 
See section 6, which describes the some of the better encryption programs. Many encryption 
programs work in CBC mode (Cipher Block Chaining), which adds additional 
security. In some implementations of Blowfish, for instance, the CBC Initialization 
Vector makes a random 64 bit value.  
This makes every encrypted file unique (even if you encrypt the same file, using the same 
algorithm, with the same password, it will be different). When using CBC the data
will be encrypted in blocks which are all linked together and that will make the 
encrypted data even harder to break. Other encryption programs use ECB 
(Electronic Code Book), which is not as secure since it is vulnerable to a known 
plaintext attack. 
When the encryption process is done, the encrypted data will be written to a file. 
Some encryption programs rename the file to something random (that way, nobody can 
know what the contents of the file is).
Others just overwrites the source file, with the encrypted one.Some programs also 
uses archives. This allows multiple files in one encrypted file.  If the program 
supports archives, it's likely that it also includes the option to compress the file(s).
This is very handy if you are emailing the file.  But public key encryption, such as PGP, 
is better suited for e-mail.



[3. About decryption.]

There's not much to say about decryption. It's the reverse of encryption. Before the
decryption process, the program often check the file for some kind of signature (most 
encryptors make a signature to the output file, so the decryptor can identify it). This
is handy, because if you try to decrypt a file with a different algorithm/program the
output will be trash.



[4. How to reverse engineer an encrypted file (brute force attack and figuring out the key).]

Many encryption algorithms can be reverse engineered and cracked.  Here are a few that have 
been: MS Word versions 2-7, Excel, Word Perfect up to version 7, Windows 3.x and 95 screen 
savers (see the essay by Lonely Hawk on Reverser's pages), PKzip (Peter Conrad's implementation 
of the Biham/Kocher known-plaintext attack), CrypEdit, and Crypt-o-Text.
There is also an essay by Casimir (Reverser's pages) on the reversal of Crypt-o-text.  After 
the algorithm is reversed (in the most of above programs) it takes only a matter of seconds 
to recover a password.  The Pkzip known-plaintext attack can take a while, but it is not a 
brute-force or wordlist-based cracker.

In strong, properly implemented encryption algorithm the password isn't stored anywhere in 
the cryptfile. 
Therefore you must take other means:

1. Use a brute force attack program. You can make your own, or fetch one from the 
Internet. But this option is very hard; the keysizes in the modern encryption algorithms 
are so large that it can take years on a single personal computer. A combined effort of 
several hundreds or thousands of machines connected to the Internet, however, can and has 
cracked 48-bit RC5 and 56-bit DES.
(See the RSA Data Security Secret Key Challenge at:
http://www.rsa.com/rsalabs/97challenge/)
You may also want to build a wordlist from all of the ASCII data on a victim's machine.

2.Another option is to collect all the info you can get
on the person that has encrypted the file. Often people encrypt files with their birthdays
(it can be reversed, or in another format), social security number, dogs name, etc. 

3.Often people uses the same codes from a computer-game they like, or a screen-saver or MS-Word 
password, Excel, or other snake-oil to encrypt their secret files. 

4.Social engineering ala Mitnick. 

5. Keyboard loggers, handy little programs that copy keystrokes to a file.

Personally, I've made a program, that puts my 56-bytes password (not only letters,
also special characters) into the clipboard, and then starts my favorite encryption program. 
Then I can just press CTRL+V to paste the password. 
This is very useful, since nobody else has access to my computer (DO NOT use this method if 
someone else has access to your computer, an attacker will discover this fast).


[5. Algorithms (most known).]

Blowfish
Blowfish is one of the most known algorithms today. It's very fast, about 5,2 mb/s in 
Window$ 95 on my P200 (it should be even faster on pure 32-bits OS's like WinNT. It's 
also one of the most secure (if not THE most secure). It's key-size is up to 448-bits 
(56 bytes), and if you use the full key-size, a brute-force attack is senseless. 
In standard mode it encrypts in 16 rounds, but it can be expanded (or reduced) to, for 
example 32 rounds (which takes twice the time, but gives twice the encryption). Blowfish 
was invented by Bruce Schneier, and was published in Doctor Dobb's Journal, issue 4/94. 
There hasn't been found any weaknesses so far.

Cobra
Cobra is new algorithm. It wasn't designed from scratch, but is similar to Blowfish. 
Cobra was originally designed to be a 128-bit, 24 rounds encryption algorithm, but like 
Blowfish it can be changed. It was invented by Christian Schneider, and in April, 1996 it 
was posted to the newsgroup sci.crypt.research

DES
This is THE most know algorithm (that doesn't mean that it's the best). The life of DES 
(Data encryption Standard, BTW) started in 1974 when a group of IBM scientists collaborated 
with the NSA, to develop a secure encryption algorithm. At the start people didn't trust 
the algorithm, because it was developed in cooperation with the NSA, but it was soon the 
most used. From 1976 to 1997 (it's still being used) it has been used to encrypt federal 
non-classified documents. Because it was designed to work in hardware, it's VERY slow when 
implemented in software. But that's not the only problem; it's key-size is only 7 bytes (56 
bits). Therefore all possible keys can be tried in a few hours on a FAST computer. (Actually 
cracking one 56-bit DES key took several months on hundreds of computers, but there have 
always been rumors that the US government can crack DES in minutes.  
There exist mutations of the DES algorithm, TDES (triple DES), which TRIPLES the key-size 
to 21 bytes and NewDES which is much more fast, but not as secure.

GOST
This algorithm is the Russian counterpart to the American DES algorithm. It's has been 
used for a long time, but there are no known weaknesses. The keysize is 32 bytes, and it 
encrypts in 32 rounds. However the encryption function is more simple than Blowfish.

IDEA
This algorithm is the most used today. It uses a 128-bits key (16 bytes), and is regarded 
to be one of the best and most secure algorithm available today. IDEA was developed in 
Zurich, Switzerland by Xuejia Lai and James Massey.

RC4
At first, not much was known about this algorithm, because it's implemented in a commercial 
product by RSA, and the source-code was not available to the public. But a group named 
Cypherpunks made it available to the public by posting the source-code to the sci.crypt 
newsgroup. Now, it's also available in RSADSI's BSAFE Toolkit (with the source-code). 
There's more info about this algorithm in Bruce Schneier's Applied Cryptography 2nd. Ed.
It's implemented in some programs under other names like psuedo-RC4 (because it's a 
trademark of RSA).  It was designed by Ronald Rivest.

SAFER
SAFER was invented by James Massey (one of the IDEA designers), and stands for Secure and 
Fast Encryption Routine. There are different version, with different key-lengths. The most 
used is SAFER SK-128, which uses a 128-bits key-size, but there are also versions with 
smaller key-sizes.
SAFER was designed at the request of CYLINK, which is in the words of Bruce Schneier 
(designer of Blowfish) "tainted by the NSA". Although SAFER is criticized by Bruce 
Schneier, it resists any known form of cryptanalytic attack. 


[6. Encryption programs & Info.]

In this section I'll describe some great encryption programs and info (links).

Programs:
My two favorite encryption programs are Blowfish Advanced 95 8.2f and Kremlin 1.21.
Blowfish Advanced is a very powerful program. It has 5 algorithms: Blowfish, Blowfish32 
(the same as Blowfish but with 32 rounds; twice the encryption), GOST, Triple-DES and 
Cobra. 
It uses the full 448 bits of the Blowfish algorithm. 
Download it at http://www-hze.fht-esslingen.de/~tis5maha/software.html, and find a reg-code 
at http://www.chez.com/jon101514/pc_bfa2f.zip
Kremlin 1.21 is a very handy tool. It's completely drag-n-drop based, and is very easy to 
use.
It has 8 algorithms, ASCII, Blowfish, DES, IDEA, NewDES, Safer, Psuedo-RC4 (the same as 
RC4) and Vigenere. It's not as safe as Blowfish Advanced 95, as it's maximum key-size is 
160 bits, and it only works in EBC-mode (the less secure). 
Download it at http://www.mach5.com/ If you have read my essay about it, and was annoyed 
that you couldn't select all the algorithms within the program, register it with: 
9797708151 (works for both version 1.1, 1.2 and 1.21).
There's a lot of other nice shareware/freeware encryptors on the web. 
Try http://www.tucows.com/, http://www.shareware.com/ or http://www.mysharewarepage.com/. 
You can also search for a program using Yahoo, etc. But remember because of the stupid and 
useless US laws against exporting strong encryption software, you'll at times end up with 
cripplewarez, so check that the encryption programs you download are COMPLETE (best areas 
for complete downloads, as usual: Russia, Poland, Holland, Scandinavia, Yugoslavija).

Info:
Here are some nice links (including the ones mentioned above in this essay):
http://www.counterpane.com/blowfish.html - The Blowfish Page. Here you'll find info 
     and the source code of Blowfish.
http://www-hze.fht-esslingen.de/~tis5maha/software.html - Download Blowfish Advanced 95
http://www.mach5.com/ - Download Kremlin (there's also a new section with crypto-info).
http://www.chez.com/jon101514/pc_bfa2f.zip - Blowfish Advanced '95 reg-code.
http://www.tucows.com/, http://www.shareware.com/, http://www.mysharewarepage.com/ - 
     Lots of shareware/freeware encryptors, but beware of some of the snake-oil programs 
     (mostly the crippled US encryptors).
http://hack.box.sk/ - Some brute-force attack utils (also has cracks, serials and hack utils)
http://ourworld.compuserve.com/homepages/c_schneider/ - Author of Cobra.
http://www.cs.auckland.ac.nz/~pgut001/links.html - Peter Gutmann's site. Has the biggest 
     list of crypto-links I've seen!
http://www.sni.net/~mpj/crypto.htm - Nice crypto-page with a LOT of links.
http://members.aol.com/jpeschel/index.htm - Joe Peschel's homepage. Lots of brute-force 
     crackers, encryption info, etc. 
Here are some nice Newsgroups
sci.crypt           - Great newsgroup, with lots of info.
sci.crypt.research  - newsgroup      


This essay is only an introduction to encryption from a reverse engineering standpoint. 
Visit the sites above for more info and source-codes, etc. I want to thank Joe Peschel. 
He helped me make this essay better by correcting errors in and adding new info to it. 
Now it's much better :-)

(c) Jon 1997. All rights reversed
You are deep inside reverser's page of reverse engineering, choose your way out:

redhomepage redlinks redanonymity +ORC redstudents' essays redacademy database
redtools redcocktails redantismut CGI-scripts redsearch_forms redmail_fravia
redIs reverse engineering legal?