XOR Cryptography

***el-half*** · April 16th, 2004, 07:55 AM

If the key is large enough it'll take way too much time to try and crack the cyphered text by hand. But with a short key this is very possible.

***i2c*** · April 16th, 2004, 09:09 AM

Gore: I think thats whats called a caesar cipher, suprisingly invented by the romans quite a while ago! maybe I read your description wrong but thats what it sounds like, on this sort of cipher you can do frequency based attacks.

if you sample a sentence you will see that very letter appears a certain number of times (the frequency) if you then went allong and counted the number of times each letter appeared in your cipher text you could then match the frequencys up.

Its a pretty quick, if sometimes inefficent way of doing it. each language has different letter frequency.

user.dat windows 9x

yep the user.dat file does contain the logon password, its mixed in with loads other stuff, and it takes a while to find

i2c

***el-half*** · April 16th, 2004, 09:22 AM

What logon password? The passwords for every user are stored in .pwl files, what password is stored in user.dat then?

***mark_boyle2002*** · April 16th, 2004, 11:20 AM

If you have very litle VB knowedge you should be able to crack any XOR encryption using some source from planet source code.

Look for Crack XOR. I used it a while ago. Dead easy to manipulate code and the guy has done the best bit of the work for you.

***i2c*** · April 16th, 2004, 01:11 PM

el-half: Me being stupid once again, its all this revision its mashing my brain up. Its the screensave password thats stored in the user.dat file!

sorry for my stupidity

i2c

***el-half*** · April 16th, 2004, 02:11 PM

aah, ok, and how on earth would you be able to find what part of the user.dat file is the password.
So it is xor'd ? Using a random key?

***i2c*** · April 16th, 2004, 04:46 PM

Yea, in that file theres a hex string. Itll be an even number of charecters. its justa matter of looking for it. If i remember correctly its between the middle and the end of the file (sorry for vagueness)

so if you have a 5 charecter password the hex string will be 10 characters long.

its something like this if you have a the first charecters of your string as 0C its like this take the first hex number (0) 00000000 XOR ???????? = 8BIT VALUE, this is in binary and it translates to the first charecter of an ASCII charecter.

the ???????? is another value this is a decryption scheme its different depending on the 1st or 2nd charecter.... I think when I did it I worked out this scheme by entering random-logical (makes sense in my world...) passwords and figuring out the scheme from this.....It was a few years back

hope that helps or gives you some leads.

i2c

***i2c*** · April 16th, 2004, 04:48 PM

just remembered! the max password size is 14 charecters long, and the scheme change with that.... so scheme for a 1 letter password will be different to a 2 letter password. all the way up to 14..

i think M$ had a work experience kid in that day and this was the task they gave him

i2c

**qod** · May 9th, 2004, 08:12 PM

Originally posted here by mark_boyle2002
If you have very litle VB knowedge you should be able to crack any XOR encryption using some source from planet source code.

Look for Crack XOR. I used it a while ago. Dead easy to manipulate code and the guy has done the best bit of the work for you.

User.dat is part of the registry, and they might contain some information such as serial numbers and such. The user name and password are stored in the SAM file in windows NT based, and in the .pwl file in the 9x series.

btw. great article simple and right to the point.

Thread: XOR Cryptography

Thread Tools

Display

Posting Permissions