Results 1 to 5 of 5

Thread: try to figure out encryption

  1. #1
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    12

    Default try to figure out encryption

    have this hash i copied out of the registry, decrypted it's the word "admin" but i cant figure out what cipher the program uses to encrypt here's the hash i copied from my registry. anyone have any ideas


    5FEFC2C02EC51A674DAD9B13D51E233B5FEFC2C02EC51A674D AD9B13D51E233B5FEFC2C02EC51A674DAD9B13D51E233B4DAD 9B13D51E233B4DAD9B13D51E233B4DAD9B13D51E233B4DAD9B 13D51E233B4DAD9B13D51E233B4DAD9B13D51E233B4DAD9B13 D51E233B4DAD9B13D51E233B4DAD9B13D51E233B4DAD9B13D5 1E233B4DAD9B13D51E233B4DAD9B13D51E233B4DAD9B13D51E 233B4DAD9B13D51E233B4DAD9B13D51E233B4DAD9B13D51E23 3B4DAD9B13D51E233B4DAD9B13D51E233B4DAD9B13D51E233B 4DAD9B13D51E233B4DAD9B13D51E233B4DAD9B13D51E233B4D AD9B13D51E233B4DAD9B13D51E233B4DAD9B13D51E233B4DAD 9B13D51E233B4DAD9B13D51E233B4DAD9B13D51E233B4DAD9B 13D51E233B4DAD9B13D51E233B4DAD9B13D51E233B4DAD9B13 D51E233B4DAD9B13D51E233B4DAD9B13D51E233BB074934945 EB2DC94DAD9B13D51E233BB074934945EB2DC94DAD9B13D51E 233B4DAD9B13D51E233B4DAD9B13D51E233BB074934945EB2D C9

  2. #2
    Member
    Join Date
    Apr 2007
    Posts
    155

    Default

    Well basic cryptology tells me too look for a pattern and I see that 1E233 is def a pattern. So from there you can use different cryptonalysis techniques such as Index of Coincedince and I started off with the Kaiski test so that should give you a start.

    note: I'm no cipher expert, just a beginner.
    This is a hackers forum :P
    root ~# aircrack-ng pwnd-01.cap
    Lenovo Thinkpad R500, OS: Ubuntu 8.10, BackTrack3, Windows XP (VirtualBox), Windows Vista, Windows 7 beta

  3. #3
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    12

    Default

    thanks for the start, will try to work it out from here

  4. #4
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    What part of the registry did you pull this from? Knowing the application might help to see if someone has already reverse-engineered the encryption.
    Thorn
    Stop the TSA now! Boycott the airlines.

  5. #5
    Senior Member ShadowKill's Avatar
    Join Date
    Dec 2007
    Posts
    908

    Default

    Quote Originally Posted by blackbeard99 View Post
    have this hash i copied out of the registry, decrypted it's the word "admin" but i cant figure out what cipher the program uses to encrypt here's the hash i copied from my registry. anyone have any ideas

    ......
    .....
    ....
    ...
    ..
    .
    Okay, here's what jumps out at me.

    There are 3 very distinct parts to this block:

    1)
    Code:
    5FEFC2C02EC51A674DAD9B13D51E233B5FEFC2C02EC51A674DAD9B13D51E233B
    5FEFC2C02EC51A67
    This section repeats 5FEFC2C02EC51A67 followed by what seems to be either a filler code or some form of parsing - 4DAD9B13D51E233B

    2)
    Code:
    4DAD9B13D51E233B4DAD9B13D51E233B4DAD9B13D51E233B4DAD9B13D51E233B
    4DAD9B13D51E233B4DAD9B13D51E233B4DAD9B13D51E233B4DAD9B13D51E233B
    4DAD9B13D51E233B4DAD9B13D51E233B4DAD9B13D51E233B4DAD9B13D51E233B
    4DAD9B13D51E233B4DAD9B13D51E233B4DAD9B13D51E233B4DAD9B13D51E233B
    4DAD9B13D51E233B4DAD9B13D51E233B4DAD9B13D51E233B4DAD9B13D51E233B
    4DAD9B13D51E233B4DAD9B13D51E233B4DAD9B13D51E233B4DAD9B13D51E233B
    4DAD9B13D51E233B4DAD9B13D51E233B4DAD9B13D51E233B4DAD9B13D51E233B
    4DAD9B13D51E233B4DAD9B13D51E233B4DAD9B13D51E233B4DAD9B13D51E233B
    4DAD9B13D51E233B4DAD9B13D51E233B4DAD9B13D51E233B
    A LOT of filler/parsing code here. Other than that sequence nothing stands out.

    3)
    Code:
    B074934945EB2DC94DAD9B13D51E233BB074934945EB2DC9
    4DAD9B13D51E233B4DAD9B13D51E233B4DAD9B13D51E233BB074934945EB2DC9
    This section is the same as the first but it repeats B074934945EB2DC9 instead followed by the same filler/parsing code.

    Hope that helps you see it a bit clearer. I do know what encryption this uses but blurting it out would ruin all the fun

    EDIT: On a side note I just noticed that, with regards to the "filler/parsing" code, the beginning (4DAD9B) and end (1E233B) coincide with hex color codes. Interesting eh?

    See THIS and THIS



    "The goal of every man should be to continue living even after he can no longer draw breath."

    ~ShadowKill

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •