Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: A Challenge / Betatest

  1. #1
    Senior Member
    Join Date
    Jan 2003
    Posts
    1,499

    A Challenge / Betatest

    I have designed a program which relies on reading PDF files from a disk.

    I don't want people to have access to the actual pdf files anbd have designed a front end for my program which displays them from an encrypted format.

    I have posted an encrypted version of a pdf which I encrypted using rc4

    The Challenge.

    Level 1. Get the PDF File Decrypted and open
    Level 2. Copy the contents of the document to a word document Note : I have put a strange character in it so don't just re-type.

  2. #2
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    Just out of curiosity...and before I waste ,my time....

    What's the cypher strength?

  3. #3
    Senior Member
    Join Date
    Jan 2003
    Posts
    1,499
    Thats part of the fun.

    Lets just say the pdf is not encrypted with to strong a password. 11 chars alpha numeric.

    Hint : Pdf files always start %pdf

  4. #4
    Maybe when I get home.. and if I get hit with a sudden rush of knowledge I may even get it. Otherwise I will go about it the way I always do. Dissassemble and turn it into... useless bites.

    -Cheers-

  5. #5
    Senior Member
    Join Date
    Jan 2003
    Posts
    1,499
    O.K,

    Heres another hint.

    Option Explicit
    Private i As Integer
    Private j As Integer
    Private k As Integer
    Private a As Byte
    Private b As Byte
    Dim M As Integer
    Private L As Long
    Private RC4KEY(255) As Byte
    Private ADDTABLE(255, 255) As Byte
    Dim STATE(0 To 255) As Byte

    Private Sub FILL_LINEAR()
    Dim bCONST(0 To 255) As Byte
    For M = 0 To 255
    bCONST(M) = M
    STATE(M) = bCONST(M)
    Next M
    End Sub

    Public Sub RC4(BYTEARRAY() As Byte, Optional PASSWORD As String)
    If PASSWORD <> "" Then PREPARE_KEY PASSWORD
    For L = 0 To UBound(BYTEARRAY)
    i = ADDTABLE(i, 1)
    j = ADDTABLE(j, STATE(i))
    a = STATE(i): STATE(i) = STATE(j): STATE(j) = a
    b = STATE(ADDTABLE(STATE(i), STATE(j)))
    BYTEARRAY(L) = BYTEARRAY(L) Xor b
    Next L
    End Sub

    Private Sub PREPARE_KEY(sKEY As String)
    INITIALIZE_ADDTABLE
    FILL_LINEAR
    k = Len(sKEY)
    For i = 0 To k - 1
    b = Asc(Mid$(sKEY, i + 1, 1))
    For j = i To 255 Step k
    RC4KEY(j) = b
    Next j
    Next i
    j = 0
    For i = 0 To 255
    k = ADDTABLE(STATE(i), RC4KEY(i))
    j = ADDTABLE(j, k)
    b = STATE(i): STATE(i) = STATE(j): STATE(j) = b
    Next i
    i = 0
    j = 0
    End Sub
    Private Sub INITIALIZE_ADDTABLE()
    Static BeenHereDoneThat As Boolean
    If BeenHereDoneThat Then Exit Sub
    For j = 0 To 255
    For i = 0 To 255
    ADDTABLE(i, j) = CByte((i + j) And 255)
    Next i
    Next j
    BeenHereDoneThat = True
    End Sub

    Public Function STRING_TO_BYTES(sString As String) As Byte()
    STRING_TO_BYTES = StrConv(sString, vbFromUnicode)
    End Function

    Public Function BYTES_TO_STRING(bBytes() As Byte) As String
    BYTES_TO_STRING = bBytes
    BYTES_TO_STRING = StrConv(BYTES_TO_STRING, vbUnicode)
    End Function

    It took me 45 minutes using only the information I have given you to decipher it back to PDF.

    First person to post there unencrypted pdf back here wins erm, a baked potato with coleslaw and salad on the side.

  6. #6
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    It would be VB...wouldn't it....figures...the only compiler I don't have here at work. Guess I won't be getting the Baked Potato Special

    What do the runners up get?

  7. #7
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,883
    okay... so you encrypted a pdf file... ummm... so?
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  8. #8
    Senior Member
    Join Date
    Oct 2002
    Posts
    314
    what are you actually doing with this program? (just out of interest)
    Quis custodiet ipsos custodes

  9. #9
    Senior Member
    Join Date
    Oct 2001
    Posts
    786

    Exclamation No answer...but...

    This is divided into two parts. First comes scrutiny about implementation issues. Then comes questions related to the challenge (may be spoiler material).


    Since I'm guessing that you are using a current cypher (RC4?) and that I know very little about it, how old it is and everything, I will assume that it would take us a while (ie a few hundred years or more) to go through and bruteforce 11 characters. You said you did it in 45 minutes with the VB code you attached. First off, I do not have VB, and secondly I know nothing about RC4. So I'm not exactly sure what your code goes and does.

    I will caution you though - the security here is left up to implementation. Since, when your program is complete, it will be the application decrypting the PDF and displaying it (it is the front-end) it would have a way to decrypt the file to somewhere. This is the problem; the file is able to be decrypted and displayed, and infact has been. The user is no longer working with a file that they are incapable of opening in the first place; your application takes care of that somehow before displaying it. Obviously if it can be opened, they have their foot in the door. If they go and debug your application or somehow look at all of its variables, they will probably find someway to locate the decrypted PDF either in memory or on the disk. Granted only the people who want to run a memory-dumping program on their powerful 1GB-4GB RAM workstations will want to do this, but the possibility exists.

    I guess you have, but you will need to work out a secure way to store the decrypted file and to protect the decryption routines. It wouldn't be good to have someone modify your program by decompiling the final product and setting it so that instead of storing the decrypted data into some protected location (or anywhere in a safe/scrambled way) and redirect that somehow to the disk. Those are some issues facing companies that develop code to require users to enter CD-Keys for their games and stuff. Very old and insecure code could be, in theory, bypassed by changing a single byte so that the computer checks to see that the values are not equal, instead of equal as the programmer intended. Of course those problems have probably been solved now by those companies many years ago, but to get ahold of code that does similar protections and putting it into your front-end program may be hard to do since I don't think they would release it so that their enemies could find more weaknesses.


    Summing that up, if your program can open it and a user has access to opening the file with your front-end by typing in a key or something (decryption key, not some magic button), it is possible, although not very likely, that they will be able to somehow get the decrypted values to go somewhere (ie HDD) other than to the Adobe Software or ActiveX or anything else that displays it to the user. Hopefully you don't have to get that insanely paranoid with your program and spend countless hours figuring out how to do that; that is a loosing battle against dedicated people. But you can still use your program fully knowing that...



    ------------------------- Don't read below if you want to solve this by yourself and don't want possible hints --------------------------

    Back to the challenge... I don't really understand what we are doing. I see a very small PDF file that I open in a HEX editor and the first 4 characters are not "%PDF" as it would be if it was decrypted (you already mentioned that). I assume it would have all sorts of "normal" data identifying the author, security, etc., if it was decrypted. So we have a base to work off of from there, but my biggest problem is I don't know RC4. I realize that you wouldn't have posted the complete code since you want us to fill in the blanks for this challenge. But for those of us without VB...was this code used for encryption/decryption or did it find a password...or what are those tables for? My *best guess* is that this is designed to somehow take the RC4 Encrypted data (Encrypted PDF) and using the function RC4 it would go through and find the key to the data that I think is supposed to be encrypted in the STATE variable? If so then probably everyone would read this and have an answer about an hour from now. But this is my first real look at VB code in general and I don't see the nice int main(void) functions that I like in C/C++.

    Anyways with that huge guess above that could be right, I decided to make this post hidden.

  10. #10
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397

    Figures!

    I haven't got it yet...but I can tell you guys some things about it....

    It's definately not 40-bit cypher strength
    It's not 56-bit.......
    It's not 64-bit.......

    If it were, I would be finished by now, I'm sure.

    I'm going to skip 128, I'm assuming you thought that anything below 384-bit was too weak.

    I'm also going to assume that it's a true RC4 algorithm, and not ARCFOUR.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •