home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
The Elite Hackers Toolkit
/
TheEliteHackersToolkitVolume1_1998.rar
/
HACKERS.BIN
/
appcraks
/
CRYPTO31.ZIP
/
README.TXT
< prev
Wrap
Text File
|
1990-01-01
|
8KB
|
205 lines
999«999999999999999999999999999999999999999999999999999999999999
8888 ##88888## 88888888888888888888:L 888888:L 88888888888888888
77777###7777## 7777777777777777777:L 777777:L 777777777777777777
6666## #666## 6666666666666666666:L 666666:L 6666 zZzZzZ 666666
5555## 5#55## 555 u|555|u 55555:L 555555:L 555555555 zZ 55555555
444## 44#4## 4444 u|444|u 4444:L 444444:L 444444444 zZ 444444444
333## 333### 3333 u|333|u 333:L 333333:L 333333333 zZ 3333333333
22## 2222## 22222 \UuuuU/ 222:LLLL 222:LLLL 22222 ZzZzZz... ⌐222
1111111111111111111111111111111111111111111111111111111111111111
================================================================
Revise Engineered version of Crypto v3.1
Cracked on April 7, 1998
E-mail: crackz@hehe.com
By: ½ Nullz ╗
First of all I mean absolutely no harm towards anyone in producing
this program. It is solely for the knowledge that I'm interested in.
Thank you for your understanding!
Background Information about Crypto:
Name: Crypto for Windows 95/NT v3.1
Download URL: http://www.execpc.com/~sbd/Crypto.html
Software Date: April 6, 1998
Company: Software Design
=------------------------------------------------------------------=
Crack INFO:
The file "CrackMe.(=txt=)" is provided by the author, Gregory,
as a challenge to crackers. It is an encrypted file, encrypted
using his improved algorithm in Crypto v3.1. Unfortunately, I've
cracked it the next day the software was released. You'll
experience how it is done by following the instructions here.
If you are looking for the encryption algorithm, it's included
in the zip package under the file name "Crypto31.cpp". The
instructions found in this Readme file is not about the
encryption algorithm, it is about hacking the key signature.
The point here is to crack the file provide by the author,
"CrackMe.(=txt=)". This file is included in the Shareware
package, which you will find once you've ran the setup program.
If you haven't downloaded the program Crypto v3.1 yet, don't worry.
I've provided the "CrackMe.(=txt=)" file here for you to crack.
-------------===-------------
Now, fire up CryptoRE.exe, and look around at the buttons & controls.
Note that while you entered text into the password field, the ID
text field gets updated with different values. The ID is generated
is equivalent to the password. And that ID value is very important.
In order to decode a file, you'll need either the password or an
ID for the password. And the point of this instruction assumes that
you don't know neither one of them. So you'll need to generate the ID.
First select the file "CrackMe.(=txt=)" into the input field.
You can ignore anything in the output field.
You can also ignore the password field, since you don't know it.
Now is time to hack the signature!
Go down to the area "Brute force key signature cracking..."
This part allows you to search for the ID from the Signature.
First you need to select a resonable starting value to test.
The default starting value is 9FFFFFFF. And the testing will
end when the value reaches 00000000.
Enter 0F000000 into the start value. You can adjust the update
increment value if you want, it's optional. This is the value
to allow CryptoRE to give you an update, so you know it is not
halting the computer. As brute force key serching takes time!
Now click on the button [Generate Password ID]. A messagebox
will pop up (only once) to tell you that the key hacking will
take a while.
In about 27 seconds or less, CryptoRE should come up with a
possible ID. Notice at this time, the password ID field is
updated with this newly found ID. That means when you click
on the decode button, this value will be used to decode the
currently selected file. Do that, and see what happens.
You should have the encrypted file cracked! And it should be
the poem "Jabberwocky" by Lewis Carroll.
More on the Key Hacking algorithm:
Now that you've just cracked an encrypted file. You might
wonder how all that works. Here's the algorithm...
BOOL GetPassID(DWORD key, DWORD start, DWORD &retval)
{
register DWORD i = 0, j = 0, tmp = 0;
DWORD val = 0;
BOOL found = FALSE;
for (i = start; i != 0; i--) // loop exits at 0
{
val = i; // save the current test key value
tmp = ((((((i*4 + i)*4) + (i*4 + i) + i) * 8) + i) << 8) - i;
i = (tmp * 4) + i + 0x269EC3; // i is reuse next
j = (i & 0x7FFF0000); // store newval in j
j >>= 0x10; // j is moved to lower 16 bits
tmp = ((((((i*4 + i)*4) + (i*4 + i) + i) * 8) + i) << 8) - i;
i = (tmp * 4) + i + 0x269EC3;
i &= 0x7FFF0000; // clear out lower 16 bits
i += j;
if ((i + val) == key) // if key is found
{
found = TRUE;
break; // break out of loop now
}
i = val; // restore current test key
}
retval = val; // return with the new ID
return (found);
}
void OnGetsignature()
{
CFile infp;
CFileException err;
DWORD key = 0;
unsigned char buff[17] = "\0";
char tmp[10] = "\0";
BOOL found = FALSE;
if (infp.Open(infile, CFile::modeRead | CFile::typeBinary, &err))
{
key = infp.Read(buff, 16); // read file into buffer
infp.Close();
key = buff[15]; key <<= 8; // get signature from buffer
key |= buff[14]; key <<= 8;
key |= buff[13]; key <<= 8;
key |= buff[12]; // key now contains the signature!
found = GetPassID(key, start, key);
if (found)
{ // key is returned with the new ID
ultoa(key, tmp, 10);
SetDlgItemText(IDC_KEYSIG, tmp); // print to text field
}
}
What you've done is you've chosen the start value to be 0F000000
And then the signature is retrieved from the select file.
GetPassID() is called with the appropriate parameter.
Then each value starting from 0F000000 all the way down to 0
is tested, decrementing by 1 each time.
If the value after feeding into the algorithm matches the
signature value, then the GetPassID() function returned with
the new ID value. This value is then printed out.
Notice that you can choose the starting value, that is remember
that not all IDs have a unique signature value. So certain ID value
might not decode the file correctly as a result. Therefore you'll
be able to run the algorihtm again at a different range of values
to test.
For example, the password "hello world" has two ID that'll give
the same signature.
Key1: 0B5C4EDB
Key2: 07B75FFC
If you start testing from 0F000000, you're first stop would be
at value 0B5C4EDB. Now say, this is the incorrect ID value because
it doensn't decode the file correctly. What you would do now is
enter a different starting value to continue the search.
You would enter 0B5C4EDA, 1 less than the previous value!
Your search will then begin until it reaches another possible ID
value or 0. And of course, it'll stopped at 07B75FFC. This is
another possible ID, which you'll use to attempt to decode the file.
As you can see, the search can go on an on until you come up with
a decoded file that make sense.
If you perform this testing on the file "CrackMe.(=txt=)" file,
you will come up with these values...
Value | ID
--------------------
07BBAFFA - 129740794
0416C11B - 68600091
0071D23C - 7459388
How fast is the searches? Well on my P133, it'll test about 4
million values in 1 second. So a range of FFFFFFFF to 0 is about
4 billion values. At a rate of 4 million values per second, it'll
be done in about 20 minutes. Of course if you have a faster,
the searches would be much faster! Theoretically, on a P266,
it would be twice as fast.
To further lower the key hacking time, it would be best to
choose the most probable starting value. Because most IDs
fall within a range of values. So the number of possibilities
is lowered. That is why at the beginning, I have you entered
the value 0F000000 as the staring value when you crack the file
"CrackMe.(=txt=)" file, instead of starting from FFFFFFFF or
9FFFFFFF.
=------------------------------------------------------------------=
Send me comments to my E-mail address: crackz@hehe.com
By the way, this reEngineered program requires
MFC42.DLL and MSVCRT.DLL to run:
MFC42 file version - 4.21.7303
MSVCRT file version - 5.00.7303