January 29th, 2004, 02:44 PM
A Challenge / Betatest
I have designed a program which relies on reading PDF files from a disk.
I don't want people to have access to the actual pdf files anbd have designed a front end for my program which displays them from an encrypted format.
I have posted an encrypted version of a pdf which I encrypted using rc4
Level 1. Get the PDF File Decrypted and open
Level 2. Copy the contents of the document to a word document Note : I have put a strange character in it so don't just re-type.
January 29th, 2004, 03:47 PM
Just out of curiosity...and before I waste ,my time....
What's the cypher strength?
January 29th, 2004, 03:51 PM
Thats part of the fun.
Lets just say the pdf is not encrypted with to strong a password. 11 chars alpha numeric.
Hint : Pdf files always start %pdf
January 29th, 2004, 04:07 PM
Maybe when I get home.. and if I get hit with a sudden rush of knowledge I may even get it. Otherwise I will go about it the way I always do. Dissassemble and turn it into... useless bites.
January 29th, 2004, 07:14 PM
Heres another hint.
Private i As Integer
Private j As Integer
Private k As Integer
Private a As Byte
Private b As Byte
Dim M As Integer
Private L As Long
Private RC4KEY(255) As Byte
Private ADDTABLE(255, 255) As Byte
Dim STATE(0 To 255) As Byte
Private Sub FILL_LINEAR()
Dim bCONST(0 To 255) As Byte
For M = 0 To 255
bCONST(M) = M
STATE(M) = bCONST(M)
Public Sub RC4(BYTEARRAY() As Byte, Optional PASSWORD As String)
If PASSWORD <> "" Then PREPARE_KEY PASSWORD
For L = 0 To UBound(BYTEARRAY)
i = ADDTABLE(i, 1)
j = ADDTABLE(j, STATE(i))
a = STATE(i): STATE(i) = STATE(j): STATE(j) = a
b = STATE(ADDTABLE(STATE(i), STATE(j)))
BYTEARRAY(L) = BYTEARRAY(L) Xor b
Private Sub PREPARE_KEY(sKEY As String)
k = Len(sKEY)
For i = 0 To k - 1
b = Asc(Mid$(sKEY, i + 1, 1))
For j = i To 255 Step k
RC4KEY(j) = b
j = 0
For i = 0 To 255
k = ADDTABLE(STATE(i), RC4KEY(i))
j = ADDTABLE(j, k)
b = STATE(i): STATE(i) = STATE(j): STATE(j) = b
i = 0
j = 0
Private Sub INITIALIZE_ADDTABLE()
Static BeenHereDoneThat As Boolean
If BeenHereDoneThat Then Exit Sub
For j = 0 To 255
For i = 0 To 255
ADDTABLE(i, j) = CByte((i + j) And 255)
BeenHereDoneThat = True
Public Function STRING_TO_BYTES(sString As String) As Byte()
STRING_TO_BYTES = StrConv(sString, vbFromUnicode)
Public Function BYTES_TO_STRING(bBytes() As Byte) As String
BYTES_TO_STRING = bBytes
BYTES_TO_STRING = StrConv(BYTES_TO_STRING, vbUnicode)
It took me 45 minutes using only the information I have given you to decipher it back to PDF.
First person to post there unencrypted pdf back here wins erm, a baked potato with coleslaw and salad on the side.
January 29th, 2004, 09:57 PM
It would be VB...wouldn't it....figures...the only compiler I don't have here at work. Guess I won't be getting the Baked Potato Special
What do the runners up get?
January 30th, 2004, 12:53 AM
okay... so you encrypted a pdf file... ummm... so?
\"Ignorance is bliss....
but only for your enemy\"
January 30th, 2004, 01:57 AM
what are you actually doing with this program? (just out of interest)
Quis custodiet ipsos custodes
January 30th, 2004, 07:13 AM
This is divided into two parts. First comes scrutiny about implementation issues. Then comes questions related to the challenge (may be spoiler material).
Since I'm guessing that you are using a current cypher (RC4?) and that I know very little about it, how old it is and everything, I will assume that it would take us a while (ie a few hundred years or more) to go through and bruteforce 11 characters. You said you did it in 45 minutes with the VB code you attached. First off, I do not have VB, and secondly I know nothing about RC4. So I'm not exactly sure what your code goes and does.
I will caution you though - the security here is left up to implementation. Since, when your program is complete, it will be the application decrypting the PDF and displaying it (it is the front-end) it would have a way to decrypt the file to somewhere. This is the problem; the file is able to be decrypted and displayed, and infact has been. The user is no longer working with a file that they are incapable of opening in the first place; your application takes care of that somehow before displaying it. Obviously if it can be opened, they have their foot in the door. If they go and debug your application or somehow look at all of its variables, they will probably find someway to locate the decrypted PDF either in memory or on the disk. Granted only the people who want to run a memory-dumping program on their powerful 1GB-4GB RAM workstations will want to do this, but the possibility exists.
I guess you have, but you will need to work out a secure way to store the decrypted file and to protect the decryption routines. It wouldn't be good to have someone modify your program by decompiling the final product and setting it so that instead of storing the decrypted data into some protected location (or anywhere in a safe/scrambled way) and redirect that somehow to the disk. Those are some issues facing companies that develop code to require users to enter CD-Keys for their games and stuff. Very old and insecure code could be, in theory, bypassed by changing a single byte so that the computer checks to see that the values are not equal, instead of equal as the programmer intended. Of course those problems have probably been solved now by those companies many years ago, but to get ahold of code that does similar protections and putting it into your front-end program may be hard to do since I don't think they would release it so that their enemies could find more weaknesses.
Summing that up, if your program can open it and a user has access to opening the file with your front-end by typing in a key or something (decryption key, not some magic button), it is possible, although not very likely, that they will be able to somehow get the decrypted values to go somewhere (ie HDD) other than to the Adobe Software or ActiveX or anything else that displays it to the user. Hopefully you don't have to get that insanely paranoid with your program and spend countless hours figuring out how to do that; that is a loosing battle against dedicated people. But you can still use your program fully knowing that...
------------------------- Don't read below if you want to solve this by yourself and don't want possible hints --------------------------
Back to the challenge... I don't really understand what we are doing. I see a very small PDF file that I open in a HEX editor and the first 4 characters are not "%PDF" as it would be if it was decrypted (you already mentioned that). I assume it would have all sorts of "normal" data identifying the author, security, etc., if it was decrypted. So we have a base to work off of from there, but my biggest problem is I don't know RC4. I realize that you wouldn't have posted the complete code since you want us to fill in the blanks for this challenge. But for those of us without VB...was this code used for encryption/decryption or did it find a password...or what are those tables for? My *best guess* is that this is designed to somehow take the RC4 Encrypted data (Encrypted PDF) and using the function RC4 it would go through and find the key to the data that I think is supposed to be encrypted in the STATE variable? If so then probably everyone would read this and have an answer about an hour from now. But this is my first real look at VB code in general and I don't see the nice int main(void) functions that I like in C/C++.
Anyways with that huge guess above that could be right, I decided to make this post hidden.
January 30th, 2004, 07:25 AM
I haven't got it yet...but I can tell you guys some things about it....
It's definately not 40-bit cypher strength
It's not 56-bit.......
It's not 64-bit.......
If it were, I would be finished by now, I'm sure.
I'm going to skip 128, I'm assuming you thought that anything below 384-bit was too weak.
I'm also going to assume that it's a true RC4 algorithm, and not ARCFOUR.