CrackMe® Practices for Newbies
PROJECT 5: zipfile.exe

Applied Cryptography
Wednesday, 17-Feb-99 21:48:36
    205.241.43.96 writes:

    From the book Applied Cryptography by Bruce Schneier

    "16.12 PKZIP

    Roger Schlafly designed the encryption algorithm built into the PKZIP data compression program. It's a stream cipher that encrypts data one byte at a time. At least, this is the algorithm in version 2.04g. I can't speak for later version, but unless there is some announcement you can probably assume that they are identical.
    The algorithm uses three 32-bit variables, initialized as follows: (The numbers in parenthesis are subscripts so [] replaces parenthesis)

    K(0)=305419896
    K(1)=591751049
    K(2)=878082192

    It has an 8-bit key, K(3), derived from K(2). Here is the algorithm (all symbols are standard C notation):

    C(i)=P(i)^K(3) ;[ ^ = Bitwise XOR ]
    K(0)=crc32[K(0), P(i)]
    K(1)=K(1)*[K(0)&0x000000ff] ;[ & = Bitwise AND ]
    K(1)=K(1)*134775813+1
    K(2)=crc32 [K(2), K(1)>>24] ;[ >>= Bitwise Right Shift ]
    K(3)=[[K(2)|2]*[[K(2)|2]^1]]>>8 ;[ | = Bitwise OR ]

    The function crc32 takes the previous value and a byte, XOR's them, and calculates the next value by the CRC polynomial denoted by 0xedb88320. In practice, a 256-entry table can be precomputed and the crc32 calculation becomes:

    crc32(a,b)=(a>>8)^table[(a&0xff) (circle with a plus symbol in it) b]

    The table is precomputed by the original definition of crc32:

    table[i]=crc32(i,0)


    To encrypt a plaintext stream, first loop the key bytes through the encryption algorithm to update the keys. Ignore the ciphertext output in this step. Then encrypt the plaintext, one byte at a time. Twelve random bytes are prepended to the plaintext, but that's not really important. Decryption is similar to encryption, except that C(i) is used in the second step of the algorithm instead of P(i).

    Security of PKZIP

    Unfortunately, it's not that great. An attack requires 40 to 200 bytes of known plaintext and has a time complexity of about 2 to the 27th power (166). You can do it in a few hours on your personal computer. If the compressed file has any standard headers, getting the known plaintext is no problem. Don't use the built-in encryption in PKZIP."


    I highly recommend this book if you are interested in Cryptography.


    Notes:

    I have never written a C program in my life but I have a ton of reference books.
    I commented the code above. everything after the ; are my comments. The Bitwise Right Shift function is a pretty cool function. Each shift to the right has the effect of dividing the hex number by 2. Left Shift has the opposite effect (multipies by 2). I don't have a clue as to what the author meant by the circle with a plus symbol in it. It literally looks like the top view of a phillips head screw. If anyone knows what he meant I would appreciate knowing the answer.



    iCe


Message thread:

iCe's Thread (iCe) (08-Feb-99 23:28:22)

Back to main board