Follow us on Twitter!
The measure of a mans life is not how well he dies, but how well he lives.
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 22
Guests Online: 21
Members Online: 1

Registered Members: 82889
Newest Member: Geriztul
Latest Articles
View Thread

HellBound Hackers | Computer General | Cryptography

Page 7 of 8 << < 4 5 6 7 8 >
Author

RE: Uncrackable encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-05-07 21:17
djdotti wrote:
what is the point in a one way encryption


like storing passwords you dont want to be able to unencrypt it (unlike messages and communication encryption) but you do want to be able to check if to things are the same. Website db's often get leaked through hacking and rogue admins etc. But what use is that if you cant get the guys password.


Author

RE: Uncrackable encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-05-07 21:27
yes. Now let's continue the thread. Wink



Edited by on 10-05-07 11:18
Author

RE: Uncrackable encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-05-07 11:13
Okay.... I'm done. My bug was a stupid one - I was soing a "sub al, bl" rather than "sub eax, ebx". School girl error - meant that when bl>al, ah wasn't getting updated as it needed to be. Sorted now though.

There is still something wrong as it does not match all strings, but I don't have time to continue debugging - this serves the purpose.

[digitalChameleon wrote somewhere and I forgot to quote]:
The sheer chaos of this code is frightening. Still, there are some really neat idea's in here, and I must confess, I'm impressed.

The 'chaos' is probably one of the strongest things going for this. In the compiled VB, there are over 25,000 lines of code. It has taken me a 'little while' to reverse this one Smile My MASM code to generate a serial is about 600 lines which is massive - easily the largest routine I've ever keygenned/breuteforced. :ninja:

Some notes: The bruteforcer I am uploading is for an older .exe as kaksii would prefer the later one was kept to myself. I have analysed it though and will summarise below.

http://rapidshare.com/files/30505930/kaksii_Bruteforcer.rar
Pass: "hbh"

In there you will find 3 files. The bruteforcer is for "kaksii encryption.exe" and NOT the "kaksii encryption NEW.exe". Its just a slightly older one with a few routines missed out.

So, my thoughts on the non new one:
There are a LOT of collisions. Some of these were highlighted and have been fixed. Put something like "frog" into the encrypter and you'll get "18149A73502447444F183C191C21245523173CC5235195331162A1C293E14k". Put that into the bruteforcer and you'll get bored clicking 'OK' past all the matches. There are hundreds.

In kaksii's NEW .exe, there are less, but are still quite a large number. For example:
wtaa - mila - zsba - 8C94BC82BEB410CD9A078124CB11912k
udul - lezl - 10410F15C6D88BE3A119FDA210D1492A18EFA7012B158C0k

Those are only the first ones I hit in about 2 seconds. There will be LOTS more matches for those strings and other strings.

Theoretically, if I managed to compromise the code though, I wouldn't bother coding the bruteforcer as above. It just wouldn't be worth it. As DC (i think it wa DC) said above, its not worth the effort and you'd go on to find an easier target. Either that or I'd attempt to BF the login panel but if you restrict attempts then you'd probably get away with it.

To be honest, I think that your greatest strength is also you greatest weakness - there are soooo many operations that numbers converge in places which causes collisions. To improve it, I'd kill some of the repetetive maths loops and add some binary operations. Add some OR/AND/XOR/ROL/ROR/RSH etc. Not sure how much is possible in VB though as I've never used it.

There are some nice ideas, but I think you need to do a bit more work Smile

That was fun... enjoyed the challenge. Reckon I should get about a gazillion points for reversing 25k lines of VB though Wink
Author

RE: Uncrackable encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-05-07 11:20
O shit. collisions :ninja:

I will be right back ***kills those evil collisions with some lines of code***

Die you bastarized collisions :ninja:

I will analyse every single line of the code. Yes. I will remove few things.

Edited by on 10-05-07 11:39
Author

RE: Uncrackable encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-05-07 12:51
i feel bad for you kaksii, all that work but you have to go through the very hard task of removing collisions without restarting your entire code. GL!


Author

RE: Uncrackable encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-05-07 17:55
Don't feel bad. I removed/changed 70% of the part that may be collision source. It is almost done. :happy:

Thanks

STATUS:Done with the code. Collision testing (bruteforcing etc.)

Edited by on 10-05-07 21:53
Author

RE: Uncrackable encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-05-07 22:24
kaksii wrote:
Don't feel bad. I removed/changed 70% of the part that may be collision source. It is almost done. :happy:

Thanks

STATUS:Done with the code. Collision testing (bruteforcing etc.)


congrats


Author

RE: Uncrackable encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-05-07 22:33
Yea. Thanks. It was rough, but I think I managed.
Author

RE: Uncrackable encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-05-07 22:51
You couldn't possibly have tested for collisions in 5 hours... they're still unsure if SHA1 and MD5 have collisions


Author

RE: Uncrackable encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-05-07 23:03
Happysmileman wrote:
You couldn't possibly have tested for collisions in 5 hours... they're still unsure if SHA1 and MD5 have collisions


Well, I just tried some things like the Fatal_Pride's bruteforcer says.
You can't call it REAL testing, but it was enough for me because I changed the 30% of the code (risky lines are modified/removed).
And the hash looks cooler now. Check:

a = 2972f2bafe10912a1a91721cb1c220821a20f27a28e2e2b1K
b = 9526d1a11be1561c195533b01581f83a718111415a35917e16K
kaksii = 18311d2a1a424254b1e27382031112a5c26124b9565247c1174715291751241517333913b5b44154c47552a54832a05c16172eK

The letters are lower case, and the 'K' is upper case.



I hope that's it.









Edited by on 08-06-07 13:32
Author

RE: Uncrackable encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-05-07 23:17
The lengths dependent on the input length? If so two problems, it may give a clue to the plain text, or even if it doesn't logistically you want to know how long your hash's are, it makes them easier to check, set max lengths in SQL fields. E.T.C.


Author

RE: Uncrackable encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 11-05-07 03:20
can someone please send me the source code? I'm interested in this uncrackable encryption algorithm.
Author

RE: Uncrackable encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 11-05-07 11:04
wolfmankurd wrote:
The lengths dependent on the input length? If so two problems, it may give a clue to the plain text, or even if it doesn't logistically you want to know how long your hash's are, it makes them easier to check, set max lengths in SQL fields. E.T.C.


I think that the longest hash is not very much longer than 'kaksii'.
It sort of has some lenght limit (I didn't do it on purpose. It comes up like that.) It will never be sooo long

Chinchilla3k wrote:
can someone please send me the source code? I'm interested in this uncrackable encryption algorithm.


You need to PM me and tell me what do you want and why you are interested in that. Because I never saw you and you know...


Author

RE: Uncrackable encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 11-05-07 11:10
kaksii wrote:
You need to PM me and tell me what do you want and why you are interested in that. Because I never saw you and you know...


No I do not know. I want the source code for the uncrackable algo, and if not to use it just to see how it works. What I find interesting is that you won't outright give it to someone you don't "know", which just shows me you're not confident enough about your algo to accept any real critique.

Edited by on 11-05-07 11:11
Author

RE: Uncrackable encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 11-05-07 11:18
Chinchilla3k wrote:
No I do not know. I want the source code for the uncrackable algo, and if not to use it just to see how it works. What I find interesting is that you won't outright give it to someone you don't "know", which just shows me you're not confident enough about your algo to accept any real critique.



lol. I am confident, but you just joined today, and I can't trust you.
I gave code to people I know and people I trust. I really don't wanna start argument. Sorry


Author

RE: Uncrackable encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 11-05-07 11:21
Then you shouldn't be bragging about it on a public forum.
Author

RE: Uncrackable encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 11-05-07 11:23
Chinchilla3k wrote:
Then you shouldn't be bragging about it on a public forum.


Hmm. lol ok Grin

EDIT: Just a quick note. The code is changed again. (Some shitty line wasn't doing what I wanted.) Anyway, program is uploaded.

INFO: Finally finished my bruteforcer for encryption.
STATUS: Medium level bruteforcing (collision testing)

Edited by on 15-05-07 16:21
Author

RE: Uncrackable encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-05-07 17:17
bouncer wrote:
hmm i just saw this thread and decided to start cracking it, in what language did you write it? Could you send the source? Smile ty


I did it in ghey VB6.

I just found some bugs.

The code is changing every day, so it wouldn't be helpful to send you the source.

I will give it to you when I finish it 100%.

Ok?


Author

RE: Uncrackable encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 16-05-07 09:18
bouncer wrote:
hmm i just saw this thread and decided to start cracking it, in what language did you write it? Could you send the source? Smile ty


You started cracking it yet are not sure what language its in? Didn't all the references to MSVBVM60 give it away?

If you want a clear view of the slightly older source in ASM, check out my bruteforcer. That should give you some idea of what you are dealing with.

Author

RE: Uncrackable encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 16-05-07 11:52
FaTaL_PrIdE wrote:
You started cracking it yet are not sure what language its in? Didn't all the references to MSVBVM60 give it away?

If you want a clear view of the slightly older source in ASM, check out my bruteforcer. That should give you some idea of what you are dealing with.



Also, said it in the posts.
Anyway, I don't get it.
What do you mean by cracking my encryption. You mean reversing? Bruteforcing?


Page 7 of 8 << < 4 5 6 7 8 >