The Mushy thread Tuesday, 09-Feb-99 16:31:15
Ok, where do I begin,....well 1.) The password you use to encrypt the file with if passed through a One way hash function. What this means is that you CANNOT reverse the function to get the original password as not all of the password is used. ie.. some of the information is lost inside the function. What happens is that the password you are asked for is passed through another function and the result of the two is the key to unlock the rest of the file. Without this password it is almost (I said almost!) impossible to decrypt. This is why (Unless you know at least 13 of the original bytes of the text that is encrypted) the only method in existance to tackle decrypting is by using a brute force method. If you do a dump of memory from s-ice you will NOT see the original password unless you have typed it somewhere already. 2.) The brute force approach. If you type 3 as the password (This does not always work) you will see that the CRC is found to be incorrect, and the program tells you what the CRC should actually be. This could be used to make a faster brute force program. ie... Pass a password through the algo and calculate the CRC and see if this matches. If there is a match then try the password (Please note: There are some instances where several passwords can be used to bypass the CRC check, (These are called weak keys in cryptography). Although this protection is not as strong as DES or PGP, it is still strong enough so that the brute force method is the only option available to us. However it would still be fun to reverse the crypto algo to study further weaknesses. 3.) If at least 13 bytes of the original text are known then it is possible to reverse the file (BUT not the password). 4.) It is also a fact that depending on the way the files are stored in a zip also affects the security. If the files are just stored and not compressed then reversing is made even harder due to the fact that putting random bytes through a encryption routine without the original key just produces random output. 5.) Someone on this thread has stated that he has succesfully managed to unzip the file. Unfortunately this MUST have been a mistake :-) Sorry! 6.) The encrypted files inside the zip start just after the name of the file inside, and end when the file reaches the letters PK (When viewed in a hex editor). The validity check byte`s can be found towards the end of the file. Hope this helps, L8R Mushy! mushy |
The Mushy thread (mushy) (09-Feb-99 16:31:15) |