Can be found here: http://elhalf.com/xorcrypt.txt
Sample code: http://elhalf.com/Xor.java
Printable View
Can be found here: http://elhalf.com/xorcrypt.txt
Sample code: http://elhalf.com/Xor.java
Yea good article for newbies to this. XOR's an easy cypher scheme to break as you just need to be able to perform algebraic manipulation of logic functions which isnt hard.
If your into your XOR encyption have a go at cracking the user password in the user.dat file on windows 9x systems, quite a good mental work out to do in your head.
i2c
? I thought passwords were stored in .pwl 's?
Very good thanks el-half very simple but yet explained in a way that allowed me to understand it unlike many other sites :) (Yes i now relise how stupid i was in not understanding it :))
EW
*Shudders
XoR is very bad encryption. It is inefficient and mostly ineffective as well. Try to XOR a 1KB file...
-Cheers-
Of course it is bad, you can crack it in your head, that says enough.
But it is the basic thing anyone should learn when you start learning about cryptography.
You need math and/or logic to understand XOR, so math and logic are more basic than XOR, but I get your point and concure.Quote:
But it is the basic thing anyone should learn when you start learning about cryptography.
-Cheers-
good one el
Regaurdless it is still a good tutorial.
On topic:
The other day I was looking at a sheat that shows "The celebrated Alberti" I looked at it for a minute and a few examples were shown of what one sentence would look like after being encrypted with it. I looked at the sheat and figured a way to crack it....Like in 5 minutes...In my head. I'm proud of that, I'v never cracked much, I'm crap at Math, and I don't even program.
An example:
The "S" Became a "C".
I looked at the sheet, and for some reason, I found "S". then counted to the letter C. I counted by Doing the Alphabet in my head (A, B, C, That is 3 letters) Well, after counting 3 letters for the letter C, one space over was the letter S.
So I kept doing this, and for every one, if you counted the letters in the way they appear in the Alphabet, you could easily figure out what it said. Not sure what made me do it at first, it just popped in my head to count it.
Now of course a few letters I couldn't do, but that's ok, I was so happy I learned how to crack this on my own without every reading about it that it didn't matter.
And besides, their was only two letters I couldn't crack, and E was one of them, if I cracked that far where E was the only letter not done, I'd be able to figure out what they said anyway.
XOR is NOT ineffecient. It is so effecient infact, that it is/was used to clear large memory buffers to blank values (XOR the data together with itself). I'm sure that if you dig into very low level stuff you'll find it used a lot when dealing with clearing memory or stuff on video cards, etc. (Although I can't remember where I read this...if you can find a source proving otherwise I'll be glad to read it)
XOR is useful since generating a one-time-pad is so easy with it. It is impossible to break a one-time-pad cipher unless you can calculate the key, which is the same size as the data stream and should be completely random. It is never repeated, and therefore you'll never know if you have the correct key or not since it can decrypt into anything; the strength of a one-time-pad. It isn't very effective though if it is a short key or is repeated a lot.
This is a nice and short tutorial showing the math of XOR Cryptography. It shows that well. Good job.
If the key is large enough it'll take way too much time to try and crack the cyphered text by hand. But with a short key this is very possible.
Gore: I think thats whats called a caesar cipher, suprisingly invented by the romans quite a while ago! maybe I read your description wrong but thats what it sounds like, on this sort of cipher you can do frequency based attacks.
if you sample a sentence you will see that very letter appears a certain number of times (the frequency) if you then went allong and counted the number of times each letter appeared in your cipher text you could then match the frequencys up.
Its a pretty quick, if sometimes inefficent way of doing it. each language has different letter frequency.
yep the user.dat file does contain the logon password, its mixed in with loads other stuff, and it takes a while to findQuote:
user.dat windows 9x
i2c
What logon password? The passwords for every user are stored in .pwl files, what password is stored in user.dat then?
If you have very litle VB knowedge you should be able to crack any XOR encryption using some source from planet source code.
Look for Crack XOR. I used it a while ago. Dead easy to manipulate code and the guy has done the best bit of the work for you.
el-half: Me being stupid once again, its all this revision its mashing my brain up. Its the screensave password thats stored in the user.dat file!
sorry for my stupidity
i2c
aah, ok, and how on earth would you be able to find what part of the user.dat file is the password.
So it is xor'd ? Using a random key?
Yea, in that file theres a hex string. Itll be an even number of charecters. its justa matter of looking for it. If i remember correctly its between the middle and the end of the file (sorry for vagueness)
so if you have a 5 charecter password the hex string will be 10 characters long.
its something like this if you have a the first charecters of your string as 0C its like this take the first hex number (0) 00000000 XOR ???????? = 8BIT VALUE, this is in binary and it translates to the first charecter of an ASCII charecter.
the ???????? is another value this is a decryption scheme its different depending on the 1st or 2nd charecter.... I think when I did it I worked out this scheme by entering random-logical (makes sense in my world...) passwords and figuring out the scheme from this.....It was a few years back
hope that helps or gives you some leads.
i2c
just remembered! the max password size is 14 charecters long, and the scheme change with that.... so scheme for a 1 letter password will be different to a 2 letter password. all the way up to 14..
i think M$ had a work experience kid in that day and this was the task they gave him
i2c
User.dat is part of the registry, and they might contain some information such as serial numbers and such. The user name and password are stored in the SAM file in windows NT based, and in the .pwl file in the 9x series.Quote:
Originally posted here by mark_boyle2002
If you have very litle VB knowedge you should be able to crack any XOR encryption using some source from planet source code.
Look for Crack XOR. I used it a while ago. Dead easy to manipulate code and the guy has done the best bit of the work for you.
btw. great article simple and right to the point.