25 November 2011, 14:37 | #21 |
Registered User
Join Date: Jan 2008
Location: Warsaw/Poland
Age: 55
Posts: 1,960
|
I checked a few closer Moonquake ROM.
Only one file (131216 bytes long) at $80000 offset is available. Rest of data is unused (repeated parts). Unknown (strange) crypt method, no $FF value inside file. |
26 November 2011, 11:47 | #22 | |
Digital Corruption
Join Date: Jan 2007
Location: Dorrigo/Australia
Age: 60
Posts: 355
|
Quote:
I had a brief look through the source. Now *that* is a worthy challenge Will take a little time... Out of curiosity, what did you write it in? Doesn't look like hand coded 68K (forgive me if I'm wrong). Cheers, Red |
|
26 November 2011, 12:35 | #23 |
move.l #$c0ff33,throat
Join Date: Dec 2005
Location: Berlin/Joymoney
Posts: 6,863
|
|
26 November 2011, 20:57 | #24 |
Registered User
Join Date: Sep 2007
Location: Las Cruces, USA
Age: 71
Posts: 351
|
RedSkull:
Sting Ray is correct, it's compiled C code. Compiled C code does look funny, I sit there and look at it and wonder why it did what it did. Lets face it, humans are smarter then computers. The program does use CRC256, CRC128, and CRC64, and those routines are written in assembly. If more info is needed like how things work, let me know and I'll try to fill you in. As a hint, the random generator outputs 64 bits which are all xor to 64 bits of data. |
27 November 2011, 05:34 | #25 | |
Digital Corruption
Join Date: Jan 2007
Location: Dorrigo/Australia
Age: 60
Posts: 355
|
Quote:
Sorry, I should have been more specific. I was actually wondering what compiler you used to create it? I don't recongise the startup code for example. Thought it may have been HiSoft BASIC or something... The Rotate instructions in the CRC routines are pretty much a dead giveaway that they weren't written in "C/C++". Compilers won't emit such instructions (unless you employ inline _asm ROL/ROR's). Please, no hints! That's cheating. Cheers, Red |
|
27 November 2011, 08:49 | #26 |
Join Date: Jul 2008
Location: Sweden
Posts: 2,269
|
If you're speaking generally then most compilers do emit rotate-instructions, and GCC M68K will certainly do it. It's a matter of detecting constructs like (X<<Y) | (X>>(32-Y)), but since it looks syntactically better with f.ex ROL(X, Y) many people will just write a replacement like that and make it insert assembly directly while at it.
|
27 November 2011, 16:32 | #27 |
Registered User
Join Date: Jan 2008
Location: Warsaw/Poland
Age: 55
Posts: 1,960
|
Small update for MoonQuake ROM, 220 bytes at $40000, it can be loader, ByteKiller depacker or unused data.
|
27 November 2011, 21:57 | #28 | |
Registered User
Join Date: Sep 2007
Location: Las Cruces, USA
Age: 71
Posts: 351
|
Quote:
It's written in SAS C. The startup code is mine, it's strictly for CLI, no WB. All functins calls are also mine. I used to be an assembly programer, I wrote my own function library and had my own enviroment. When I switched to C I modified the functions to work with C. Basically I use C as a high level assembly language, in my heart I'm an assembly programer, but I like the ease of using C. I kind of get the feeling you think that by understanding how the program works you'll find the trick to de-encrypting the file. I hate to tell you this but there is no trick, unless there's a flaw in the algorithm. This is what I'm interested in knowing. I wrote the program and I can't crack files encrypted with it. If I had to try I would probably modify the code to try every password combination there is and hope it's a short password, and not the full 32 bytes. Keeping this in mind it would probably be in your best interest to let me help you understand it. Then you can put your efforts into finding the flaws. Of course that's up to you. I can tell you really like a good challenge, and that's good. I also like challenges, this program is one of my challenges and has been in the works for many years. Good luck. |
|
06 December 2011, 18:11 | #29 |
Registered User
Join Date: Sep 2007
Location: Las Cruces, USA
Age: 71
Posts: 351
|
Anybody having any luck with cracking my encryption program?
|
06 December 2011, 22:25 | #30 |
AMOS Extensions Developer
Join Date: Jun 2007
Location: near Cambridge, UK
Age: 44
Posts: 1,924
|
Not yet. I have been distracted by a few things.
Regards, Lonewolf10 |
07 December 2011, 09:15 | #31 |
Digital Corruption
Join Date: Jan 2007
Location: Dorrigo/Australia
Age: 60
Posts: 355
|
|
07 December 2011, 16:24 | #32 |
Registered User
Join Date: Sep 2007
Location: Las Cruces, USA
Age: 71
Posts: 351
|
|
11 December 2011, 02:32 | #33 |
Digital Corruption
Join Date: Jan 2007
Location: Dorrigo/Australia
Age: 60
Posts: 355
|
Hi Ed,
Finished deconstructing the program. It's quite safe considering the password is not stored inside the encrypted file. As you mentioned in an earlier post, the only way to crack it is going through all possible combinations of the 32 password bytes: (256 to power of 32) or 1.1579208923731619542357098500869e+77 combinations Since the password is CRC'ed down to 32bits, that gives 4294967296 possible combinations. However, that suggests that there will still be 2.695994666715063979466701508702e+67 password combinations that would decode to the correct CRC combination. Since you only store 24bits of the 32bit crc'ed password data (plus 8 bits for saving the original file length), this increases the number of passwords that satisfy the password CRC check, but won't actually decode the rest of the file. Not using the same CRC routine to encode the rest of the file as you do to encode the password means they is no way to confirm which password combination is actually correct. Adding the datestamp string into the CRC calcs is something of a red herring. As if it wasn't difficult enough already! Theoretically possible to crack, but will require lots of processor grunt to calculate *potentially correct* password combinations. The stored length value may offer a way to reduce the number of potentially correct passwords to check. We just need to look for values which are 48 bytes (size of postamble) or less than the encoded file size. Good stuff! Cheers, Red p.s Someone will likely correct my maths, not my strongpoint. I must have been away the day they did maths at school |
11 December 2011, 22:56 | #34 | |
Registered User
Join Date: Sep 2007
Location: Las Cruces, USA
Age: 71
Posts: 351
|
Quote:
I think you need to look at the code some more. Most of what you wrote above I don't recognize as how it works. There are 3 different CRCs in there and I think you are getting them confused. You are right about one thing, the password is not stored in the encrypted file, the user has to know the password that encrypted it. The date stamp at the end is so I don't have to change the password each time I encrypt a file. Everytime I encrypt with the same password I get a totally different key. I have to admit you did a very good job of disassembling it, that's really hard to do. I designed the program to be unbreakable even if you have the source code and know exactly how it works. I also designed it so even if you have the key, (encrypting a file full of zeros), you still can't predict anything on either side of the key. That's the design, there could be flaws that prevent that from being true. If you would like I can send you a detailed explanation of how it works so you can look for flaws. |
|
12 December 2011, 08:52 | #35 |
gone
Join Date: Apr 2007
Location: completely gone
Posts: 1,596
|
As an idle viewer of this thread reading the descriptions of your program I just have to say that your method really is a secure encryption scheme.
Kudos to you Ed. |
12 December 2011, 11:25 | #36 | |
Digital Corruption
Join Date: Jan 2007
Location: Dorrigo/Australia
Age: 60
Posts: 355
|
Hi Ed,
Quote:
Admittedly, I can only describe it in terms of the disassembly, which may at times sound quite different to your original code... As I mentioned in my previous post, only way to break it is to try all possible password combos. That is near enough to unbreakable Send the description if you like, but it looks pretty tight to me. Cheers, Red. P.S. I actually reverse engineer software for a living (amongst other things). Not for nefarious purposes I might add, but for the purposes of identifying copyright violations. |
|
12 December 2011, 16:36 | #37 | |
Registered User
Join Date: Sep 2007
Location: Las Cruces, USA
Age: 71
Posts: 351
|
Quote:
You do this for a living? I'm impressed! I find it difficult to figure out the disassembly output from my compiler, which is a heck of a lot easier then what you had to do. I'll send you some drawings and a description of the theorey of operation. I was thinking about what you wrote last night, you figured it out pretty well but there's still a number of things that are wrong, like there is no CRC32 in the program. There's only CRC256, 128, 64. Ed |
|
12 December 2011, 22:31 | #38 |
AMOS Extensions Developer
Join Date: Jun 2007
Location: near Cambridge, UK
Age: 44
Posts: 1,924
|
|
13 December 2011, 16:21 | #39 |
Registered User
Join Date: Sep 2007
Location: Las Cruces, USA
Age: 71
Posts: 351
|
What were your results, were you able to predict? I'm thinking not, otherwise you would be saying you did.
Is anybody interested in the theory of operation for the encryption program? RedSkull deconstructed the program and did a very good job of it, so I'm working on drawings and short documentation to send to her. I can upload them here. Last edited by Ed Cruse; 14 December 2011 at 17:51. Reason: Back-to-back posts merged; please use the Edit button. |
14 December 2011, 17:49 | #40 |
Registered User
Join Date: Sep 2007
Location: Las Cruces, USA
Age: 71
Posts: 351
|
I uploaded the theory of operation of the encryption program, I also included the original executable and encrypted file.
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
Thread Tools | |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
aPDF decryption modules | MickJT | request.Apps | 17 | 24 October 2011 02:23 |
DMS decryption | OddbOd | support.WinUAE | 1 | 08 November 2008 10:28 |
A Challenge! | Lucy | Looking for a game name ? | 9 | 17 May 2004 17:24 |
A Challenge! | Dastardly | Retrogaming General Discussion | 26 | 13 April 2003 15:26 |
A different challenge | BippyM | Retrogaming General Discussion | 14 | 25 March 2003 04:17 |
|
|