Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Show key being used by 'multi_byte_xor' #55

Open
vdun opened this issue Mar 22, 2017 · 1 comment
Open

Show key being used by 'multi_byte_xor' #55

vdun opened this issue Mar 22, 2017 · 1 comment
Labels
enhancement good first issue

Comments

@vdun
Copy link

vdun commented Mar 22, 2017

Sample file: https://github.com/ctfs/write-ups-2017/raw/master/alexctf-2017/cryptography/cr2-many-time-secrets-100/msg

# featherduster /tmp/msg
FeatherDuster> analyze
[+] Analyzing samples...
[+] Messages appear to be ASCII hex encoded, hex decoding and analyzing again.
[+] Messages may be encrypted with a stream cipher or simple XOR.
[!] Individual messages have failed statistical tests for randomness.
[!] This suggests weak crypto is in use.
[!] Consider running single-byte or multi-byte XOR solvers.

[+] Suggested modules:
   alpha_shift          - A brute force attack against an alphabetic shift cipher.
   base_n_solver        - A solver for silly base-N encoding obfuscation.
   single_byte_xor      - A brute force attack against single-byte XOR encrypted ciphertext.
   multi_byte_xor       - A brute force attack against multi-byte XOR encrypted ciphertext.
   many_time_pad        - A statistical attack against keystream reuse in various stream ciphers.
   vigenere             - A module to break vigenere ciphers using index of coincidence for key length detection and frequency analysis.

FeatherDuster> use multi_byte_xor
FeatherDuster> run
[+] Running multi-byte XOR brute force attack...

Best candidate decryptions for )$*c4-+6i',  !...:
----------------------------------------

Trying keysize 26
Processing chunk 26 of 51
Trying keysize 13
Processing chunk 39 of 51
Trying keysize 12
Processing chunk 51 of 51
Dear Friend, This time I understood my mistake and used One time pad encryption scheme, I heard that it is the only encryption method that is mathematically proven to be not cracked ever if the key is kept secure, Let Me know if you agree with me to use this encryption scheme always.
Bfay<Friens0This tgSr.I uhgeyotood zemistakkv`d uufd+Sne tizypad enmLn~tioh#shteme, ^<Jeard tf_c.it op te onln<GncryptgQy.metnld+hhat id<OathemazWtolly&srdjen to7~G not c|_teed cuey<if thr<Iey is e[gz seevrn0 Let Zyknow ihnau aaqen<with zyto use.Jgs eh`rrltion dJeme aly_n}.
Wlao Ww[hes,-Vbic:chmt.I+MjmcosilZi my:oesdwzc {wd<Mqlb1Itfnize<rmh6tnec~tsWl%sunty[! X tkkyr:rean(inmq iyt#Qelh,girxjedit(ayGlfs=rydJ+ed+wcihswvyouogpA3yrrvtkyd7bh"dod:tsareeoaco teyhe qgu ye1mejm o]a|tt*:O[n Ze<ibca1xk7cau:Yewes&f}Je |e<ze+cic-tras:QjardaejQe borlge!{}zgc{"

How to show the key being used?
@unicornsasfuel
Copy link
Contributor

It should be possible to modify cryptanalib.break_multi_byte_xor to show the key used to get some particular result.

If you really need the result now (CTF or some such) you can XOR the ciphertext and the result together with cryptanalib.sxor and you'll get the keystream.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement good first issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vdun @unicornsasfuel