iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (4)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
Can you decode this?
  • chroniccommand
    Posts: 1,389
    Hey everybody, I've recently finished a new script in Python to encode text with a key:value pair for characters a-z, A-Z, 0-9, and some other characters. I was just posting as a test to see if anybody can decode this text.


    ~ax) &^SY~ax) x)&^T30)9(9G ap9(0)x#9GSY?

    Thanks, just testing to see if this needs any improvement.
  • Sh3llc0d3
    Posts: 1,910
    Well I'm out of practice with cryptography but using the stuff I used to do, it wouldn't be too hard if the method worked out. Some of it would be guess-work but the rest could be worked out.

    'ax', 'x' and ')' appear frequently, the string "~ax)" appears in the first and second set of letters/symbols.

    Let me know if i'm close... if not i'll take another look. ;)
  • chroniccommand
    Posts: 1,389
    said:


    Well I'm out of practice with cryptography but using the stuff I used to do, it wouldn't be too hard if the method worked out. Some of it would be guess-work but the rest could be worked out.

    'ax', 'x' and ')' appear frequently, the string "~ax)" appears in the first and second set of letters/symbols.

    Let me know if i'm close... if not i'll take another look. ;)


    Nice, you're on the right track. Keep going and see if you can even decode more than two words. If you can, back to the drawing board to make it stronger.
  • Sh3llc0d3
    Posts: 1,910
    Yeah I kinda hoped it would be along those lines. I'll try working it out, if not it gives others a place to start...

    You could check out OTP (One-Time Pad) encryption if your looking for absolutely uncrackable code. You need to follow rules to keep it uncrackable though.
  • Xin
    Posts: 3,251
    Surely if it uses an unknown key we cant really crack it without writing a script.
    Xin
  • chroniccommand
    Posts: 1,389
    said:


    Surely if it uses an unknown key we cant really crack it without writing a script.



    It doesn't use a key. For example, a = 19x. That's not really what a equals in this encoder but you get the idea. And it is decodable, just requires work and knowledge in cryptography.
  • Sh3llc0d3
    Posts: 1,910
    You really only need to know basic crypto and above average maths. If your fairly decent at algebra you'll be fine :)

    [spoiler=Random Info]
    When your talking about key-encryption (using keys to encrypt data): Kerckhoffs law basically says that if your entire system/encryption algorithm is publically available then it should still be secure, with the key being the only exception (being kept private obviously). The point being that any hidden/secret part of the program is a potential weakness - minimising the threat by only having the key a secret. Anyone studying computer/IT security, ethical hacking or network security or any security discipline will realise that this principle is true in many areas. Using a key would be a good way to encrypt info however it's very dependent on security of the key itself. It's the single weak point in the cryptosystem. /essay :P[/spoiler]


    I'll work on a complicated algorithm over this weekend and see if anyone can crack the code.
  • m0rph
    Posts: 332
    I believe every two characters represent one letter, or one number, in plaintext.
    Assuming that my statement above is correct, and my educated guessing in terms of grammar I also believe

    ~ax) = \"Is\"    #Because the statement is a question

    Therefor 

    ~a = \"I\"       #Because \"is\" is the first word in the statement, I is capitalized
    x) = \"s\"

    Applying this knowledge to the statement, we now have

    ~ax) &^SY~ax) x)&^T30)9(9G ap9(0)x#9GSY?
    or
    \"Is &^SY:Is s:&^T30)9(9G ap9(0)x#9GSY?\"

    Since the second word ends in "Is" it's fair to assume that

    &^SY~ax) = \"thIs\"
    or
    &^ = \"t\"
    SY = \"h\"

    Applying this knowledge to the statement, we now have

    ~ax) &^SY~ax) x)&^T30)9(9G ap9(0)x#9GSY?
    or
    Is thIs st:T30)9(9G ap9(0)x#9G:h?         # the : is separating known values from unknown ones

    Further guessing

    x)&^T30)9(9G :::: is a six letter word
    st:T30)9(9G  :::: since it starts with st and is six letters long, I'm guessing
    x)&^T30)9(9G = \"string\" or \"strong\"
    T3 = \"r\"
    0) = \"i\" but it could also be \"o\"
    9( = \"n\"
    9G = \"g\"

    Applying this knowledge to the statement, we now have

    ~ax) &^SY~ax) x)&^T30)9(9G ap9(0)x#9GSY?
    or
    Is thIs string ap:ni:x#:gh?
    or 
    Is thIs strong ap:no:x#:gh?

    Assuming the 3rd word is strong, we can guess that the last word is

    ap:no:x#:gh #2nd and 3rd letters are \"no\", the last two letters are \"gh\" and is a six letter word
    or
    e:no:u:gh
    ap = \"e\"
    x# = \"u\"

    Leaving us with some form or variant of

    ~ax) &^SY~ax) x)&^T30)9(9G ap9(0)x#9GSY?
    or
    Is thIs strong enough?


    My thoughts, I like your algorithm chronic, but substitution is not a very strong form of encoding/encryption. I'm assuming you used substitution because I have no f-ing clue how this is mathematically computable. I'd have to agree with Sh3llc0d3 in saying that using a one-way function would be a lot more secure. But, it's only as secure as the methods used to keep the key safe. Or, you could assign a value to replace spaces i.e 

    \" \" = %#            #Making your statement look like this
    ~ax)%#&^SY~ax)%#x)&^T30)9(9G%#ap9(0)x#9GSY?

    Doing this would greatly reduce any logical assumptions of what the statement might say by taking away the separation of words. If you use a visually pleasing value like the one I have given, finding out what the sentence says will become harder to determine.
    while( !(succeed = try() ) );
  • Sh3llc0d3
    Posts: 1,910
    Yeah I must say the first thing that gave it away was the spacing and the repitition of certain letters. Also you stated that you'd swapped a-z/A-Z/0-9 and not '?' which appers at the end, leading to a question of some sort. The above solution using " " = %# is a good way of making it less obviously a sentence, however, following kerchoff's law it'd be not wise to do so. Once someone works out/finds out the %# is equal to a space then you are back to square one. Each and every extra secret is a weakness in the security. Deep mathematical calculations would eventually work this out focussing on probability and frequency.
  • chroniccommand
    Posts: 1,389
    said:


    Yeah I must say the first thing that gave it away was the spacing and the repitition of certain letters. Also you stated that you'd swapped a-z/A-Z/0-9 and not '?' which appers at the end, leading to a question of some sort. The above solution using " " = %# is a good way of making it less obviously a sentence, however, following kerchoff's law it'd be not wise to do so. Once someone works out/finds out the %# is equal to a space then you are back to square one. Each and every extra secret is a weakness in the security. Deep mathematical calculations would eventually work this out focussing on probability and frequency.



    Yes I had realized I forgot to swap the ? At the end. Right after I posted this I saw it and realized it would be easy to realize it is a question so I have swapped the question mark now too. I will also be swapping spaces with probably three characters or so. Since I'm not very good at math I'll probably google some ways and maybe XOR the final encoded string.
  • Sh3llc0d3
    Posts: 1,910
    Yeah you could use an algo to swap the space chars every second space or something such as:

    Example:

    This Is A Secret
    This*£&Is;_>A*£&Secret ---obviously unencrypted words :P



    first space:

    *£&



    second space:

    ;_>



    Adds a bit of confusion into it.
  • chroniccommand
    Posts: 1,389
    said:


    Yeah you could use an algo to swap the space chars every second space or something such as:

    Example:

    This Is A Secret
    This*£&Is;_>A*£&Secret ---obviously unencrypted words :P



    first space:

    *£&



    second space:

    ;_>



    Adds a bit of confusion into it.

    Yea I was also thinking of using an ASCII table to get characters not just in the english keyboard layout. Like £ and ñ
  • Sh3llc0d3
    Posts: 1,910
    I'm using alphanumeric ascii to encrypt strings in a script I'm working on at the moment. Without the method of encryption it'd be hard to guess.
  • chroniccommand
    Posts: 1,389
    Alright, I added some more stuff to it. See if this is a bit stronger please.
    /2XÙaõpXù<&^SY~ax)ÎXù<&^SY~ax)ÎXù<~ax)ÎXù<12Xù<9!~a&^Xù<x)Î&^T3þ0)9(9GaõpT3þ
  • Sh3llc0d3
    Posts: 1,910
    It's better than the original however, unless it's coincidence, I can see multiples again...

    "Xù<&^SY~ax)" "Xù<" "9" and a few others.

    I'd guess, without attempting to crack it, that "Xù<&^SY~ax)" is a space or a letter that appears in the first and second word. I actually want to say "x)" is the end of a word/space but I think it's probably either a vowel or a common consonant in the phrase. M0rph will probably be able to put more effort into cracking it :P

    At a glance there is a fair amount of guesswork, so you've done quite well :)
Add a Comment