2009. szeptember 16., szerda

Cracking XOR Encryption


Problem/Question/Abstract:

Well, there seems to be a trend to post xor encryption routines... so here a simple example of how to break the encryption...

Answer:

Drop a button and edit box on the form, text in the edit box has to be at least 8 chars. if you're using to actualy break an encrypted string, just fill buffer [0..7] with encrypted data and fill [0..7] with the plaintext you assume is encrypted (pretty easy, you username of something of the sort).

I'd like to thank Cheng Wei for pointing out my rediculously slow calls to Edit1.text[i]. i've rethought the algorithm out, and it now tests keys as 2 longwords. as a result of this fix, it now scans 100,000,000 keys in 15seconds on my duron 600! WAAAHOOOOO! Thanks allot Cheng!

Please don't go on ranting about how most ppl don't know how to break xor encryption so it's good enough. it's simply negligence. if someting is worth encrypting then do it properly or don't bother.

procedure TForm1.Button1Click(Sender: TObject);
var
  i, j: longword;
  thistime, lasttime: longword;
  buffer: array[0..7] of byte;
  b: array[0..1] of longword absolute buffer[0];
  plaintext: array[0..7] of byte;
  p: array[0..1] of longword absolute plaintext[0];
  key: array[0..7] of byte;
  k: array[0..1] of longword absolute key[0];
begin
  lasttime := gettickcount;
  randomize;
  if length(edit1.text) < 8 then
    exit;
  for i := 0 to 7 do
  begin
    plaintext[i] := byte(edit1.text[i + 1]);
    buffer[i] := plaintext[i] xor random(256); //encrypt
  end;
  i := 0;
  repeat
    for j := 0 to 1000000 do //loop is unrolled by compiler
    begin
      randseed := i;
      key[0] := random(256);
      key[1] := random(256);
      key[2] := random(256);
      key[3] := random(256);
      key[4] := random(256);
      key[5] := random(256);
      key[6] := random(256);
      key[7] := random(256);
      if b[0] xor k[0] = p[0] then //test key in blocks of 4
        if b[1] xor k[1] = p[1] then
        begin
          thistime := gettickcount;
          caption := 'The key is: ' + inttostr(i) + ' (' + inttostr((thistime -
            lasttime) div 1000) + 'sec)';
          Exit;
        end;
      inc(i, 1);
    end;
    caption := inttostr(i);
    application.processmessages;
  until i > longword(MaxInt);
end;

I'll be posting an article on writting a complete cryptosystem soon enough. i need to read into the legalities first because of canadian encryption laws.

Nincsenek megjegyzések:

Megjegyzés küldése