Steganos, The Duke of Earl, and The Dancing Men
Cracking the T_tamra7.bmp
stego
Steganography
04 March 1998
by Joe Peschel
Courtesy of Fravia's page of reverse engineering
slightly edited
by fravia+
fra_00xx
98xxxx
handle
1100
NA
PC
F' course I could not choose an impossible password, yet, with hindsight, I cannot complain, I don't think it was so easy, after all :-)
See, the whole purpose of this advanced steganographical page of mine (and of the advanced javascript pages as well) is to bring people SLOWLY into that what Casimir and Joe Peschel routinely do: encryption cracking and password busting. As you can see perusing the essays on 'this side' of the fence (the steganographical as well as the advanced javascript ones) there are ALREADY NOW some (basic) knowledges that will help you to progress further.
Clearly the path is difficult (and steil): ultimately I would like to join the "anti-smut" advanced section, the javascript advanced section and the steganographical and encryption advanced sections into a super advanced 'password busting' section. In fact I believe that to survive on the web of to-morrow we 'advanced users' will not only need some sound basic knowledges in all these fields, but also, and especially, the help of the more gifted ones, like Casimir and Joe Peschel, for instance...
There is a crack, a crack in everything That's how the light gets in
Rating
(x)Beginner ( )Intermediate ( )Advanced ( )Expert

A zen way of cracking a Stegonated .BMP
Suitable for beginners, and perhaps, amusing to others, too.
Steganos, The Duke of Earl, and The Dancing Men
Cracking the T_tamra7.bmp Written by Joe Peschel


Introduction 

This is how the guy who runs the page called 


D.O.E. SysWorks


cracked the bitmap carrier created by Steganos.
Tools required
Brain removed from pickle jar.
Forethought and planning.
An eight year-old green belt.

Target's URL/FTP
Deus Ex Machina Communications

Program History
A shareware utility that uses fairly strong encryption.

Essay 

"I expected something ingenious," Professor Moriarty says after he spills the


water on the Dancing Men, "this is ingenuous!"  And that's about how I felt


when I found the Steganos password to Fravia+'s stegonated T_tamra7.bmp.





I'd been meaning to crack the bitmap a little sooner, but I was busy working 


on a review of Access Data's Password Recovery Tool Kit, teaching an 


Internet class, and corresponding with CASIMIR about a couple snake-oil 


encryption programs.  Also, cracking the equivalent of 40-bit RC4 did not


sound like much fun since I don't have as many computers as David Wagner 


and Ian Goldberg.





Anyway, I tested Steganos' method of encrypting files, without hiding them 


and got out my RC4 cracking program.  This program would need some 


modification if I intended to use a dictionary attack on the extracted


encrypted text, a la Jean Flynn's method.  





In any case, if I modified my own cracking program to use a dictionary, I 


would have to decide which words to include in the word list.  I could have 


tried any of the good, large dictionaries on the Internet, but those would 


have likely failed.   





It's a good idea, when cracking with a dictionary to create a dictionary with 


words compiled from your adversaries disk drive, or in this case, from his web 


pages -- an idea and route, rightly taken by Flynn.





I considered a foreign language dictionary, a French, Spanish or Italian one, 


not Finnish --  muttering, sotto voce, I'll bet Fravia+ doesn't smoke a pipe at 


all.  





Compile a dictionary from Tollkien's books?  Not a bad idea, but I passed. We 


would have some known plaintext, too; in this case: http://  at least.





Still balking at the thought of breaking RC4 encryption with a known plaintext


and dictionary attack. I was determined to find a simpler method.  Why use


the most difficult approach if there is an easy way, or as crypto folk might


say: why pick a lock if a window is open?  





Even though the Steganos author used a sound encryption algorithm, maybe he 


implemented it poorly.  Maybe the password would be in the clear. I decided 


to debug the Steganos decryptor -- its executable is smaller than the .EXE of 


the full program -- and find out.





So I BPXed on Getwindowtexta in the Steganos decryptor, and attempted to 


trace the flow of good and bad password entries.  I found nothing.  But to be


honest and technical, I suck at debugging -- just ask CASIMIR, and I found 


enough calls and jumps to scare the *.* out of me.  The idea of reverting 


to a dictionary and know plaintext attack was sounding better and better.  





Still, I thought that a disassembly of SD.EXE might be helpful.  CASIMIR had, 


after all, been looking at some snake-oil encryption program that he debugged.


He patched three instructions so that the program would decrypt with any 


password or no password.  I found, in that bit of snake-oil, that I could


achieve the same thing by changing one JNE to JE.  





This, of course, was the last jump before the program's reference to the error 


message of a string resource.  So looking at the disassembled SD.EXE, I found 


4 references to the string resource error message: "This password is wrong or 


the carrier file does not containĂ " 





Since I was in a hurry, I just looked for the last jump before each of the 4 


references to the error string.  I started HIEW and patched the program.


'Twas a useless attempt.  





By that time it was time for me to teach Tae Kwon Do. During TKD, while I 


was showing and explaining a kick to an 8 year old, another little 


kid complained that it would have been easier to do if I said it was a 


sidekick backwards. 





Hmmm! Cracking advice from an 8 year old?  I had overlooked the obvious.  


When most people choose a password they choose something easy that they can 


remember.  It's not a good idea, but that's how strong encryption keys: RC4, 


IDEA, RSA, PGP get broken -- by relying on human weaknesses for the crack.





In Fravia+'s case, we can assume he knows this.  We can also assume that he 


knows how much computing time it takes to find an 8 character password by


brute-force.  So if his intent is to teach, then it's fairly obvious that he


has not chosen a password impossible to crack.





When I got home from TKD I fired up the Steganos decryptor.  I wrote down 


the first password that I intended to try. That one had one too many letters. 


Then I tried aivaralajf, which failed.  My next try, as if spilling water on 


the Dancing Men, worked. Ever read Conan Doyle (or watched old Sherlock Holmes 


movies?






Joe Peschel


Final Notes 

Attacking a strong cipher generally means attacking it at its weakest point:


generally the password is poor due to human vulnerability.





Use this key to e-mail me, please:


-----BEGIN PGP PUBLIC KEY BLOCK-----


Version: 2.6.2





mQENAzFWsIMAAAEH/2iC9Sc3UAU2PNsGom/UVKz4pKKG/7H/P2KloCWb3MLwbKt9


xODLYRcViPCrSw3lzOEhHeXOpIh85XKCloWYHYEgMHZZhyvd//9zXElrO62a1BXt


dxlSfj+qvWjAoY7iJmjvjd+FZfVUwjPQjU4k9ZJIHZGZM3TuNQGUbXIZUQnCikq6


pB6bvPnebNG3M0Vx4mkofj/6YmpYMWtOin74zVq+DCRpQLu/8Qh2o3dNq8C8sScJ


u4h1tQX+NeBWcdmhMySk0w8LyQCbxnBWmGd06ZArAoXvLncsyBe4zO9qYfqoTw7+


S76qfAIla0+iQ7q9nX+JSwjkTzvvMSqnDwo4zS0ABRG0HUpvZSBQZXNjaGVsIDxK


cGVzY2hlbEBhb2wuY29t


=P9O8


-----END PGP PUBLIC KEY BLOCK-----
Ob Duh
The usual disclaimer hardly seems necessary here since reverse engineering and password cracking are done all the time by commercial entities.
You are deep inside fravia's page of reverse engineering, choose your way out:

stego
Back to stego

redhomepage redlinks redsearch_forms red+ORC redstudents' essays redacademy database
redreality cracking redhow to search redjavascript wars
redtools redanonymity academy redcocktails redantismut CGI-scripts redmail_fravia+
redIs reverse engineering legal?