Results 1 to 7 of 7

Thread: Hacking QuickCrypt Version 1 on windows 98

  1. #1
    Junior Member
    Join Date
    Jul 2012
    Posts
    1

    Hacking QuickCrypt Version 1 on windows 98

    My friend would like an answer to this question about hacking QuickCrypt Version 1 on windows 98. The situation is he is in prison in Canada and they are only allowed older computers with only windows 98. Now i guess he encrypted some files using QuickCrypt Version 1 using windows 98. I think he said 9 to 15 characters, letters and numbers. Now his computer has been seized by the RCMP(Police) and he is worried they will crack into those files...for his own piece of mind he asked me to find out if this was possible...anybody know if this is possible? Thank you

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi, and welcome to AO,

    The answer is "yes", all that type of encryption gives you is a file that would take a very long time to decrypt, but can be accessed through its password, which is the weakest link. The application then decrypts it for you.

    9~15 characters, shouldn't take that long, especially if you use rainbow tables

    RCMP..............hmmm..............would they be able to find the I/O switch? let alone know what rainbow tables were?

    RCMP = Royal.Canuck.Moronic.Pigs

    Won't even accept hot data on carding scams going on in their own bloody country!

    "We do not accept information received over the internet"............. I wonder how they respond to an anonymous phone call though?

    At least the FBI are policing in this millennium ............. ah! I have worked it out!....... a supervisory special agent would have to fix the horse and the wolf through his gasoline expenses?


  3. #3
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    The problem with the sort of Encryption available to most people, is that it was made back when multi core GHz Processors weren't on Desktops of the average user.

    Windows 98 has CRAP encryption. I don't remember EXACTLY what it used, but it was really REALLY low. Like, might take a 486 a while to crack it, but a modern Computer.... Not long.

    Besides WTF could your friend possibly have that he's worried about the CANADIAN Authority seeing? I live in Michigan, we look over the border and laugh at cops there. When I lived there I was playing Cop Killer by Body Count on the CD player one day double parked and a Provincial cop was trying to tell me to move and then heard what I was playing and drove away. It was kind of funny. But either way; Canada actually takes privacy seriously, so why would he be that worried?

    The only thing I can think of that he'd be worried about considering he's already locked up, is either some form of tax evasion, or kiddie porn. And if it's the latter.... Then the hell with him.

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hmmmm,

    Windows 98 has CRAP encryption. I don't remember EXACTLY what it used, but it was really REALLY low.
    Actually, Windows 3.x/95/98/98SE/Millennium/NT4.0 did not have ANY file encryption inbuilt, which is why people had to use third party applications.

    EFS [Encrypting File System] started with Windows 2000 Professional and requires the NTFS file system version 3.0 or higher.

    In fact, the home user (9.x/ME) versions of Windows had no security whatsoever. If you could operate the I/O switch, you were administrator. The only purpose of the user ID and password was to allow multiple user profiles and desktops. That way each user would only see their stuff, rather than every application that was installed on the machine. Anyone could access everything on the machine, and the default user and password was blanks, and had FULL ADMIN rights.

    With such computers, anybody who could access it at any time could use it for whatever they wanted, including planting incriminating evidence

    Security is a double edged sword; sometimes it protects you, and other times it paints you into a corner

    The problem with the sort of Encryption available to most people, is that it was made back when multi core GHz Processors weren't on Desktops of the average user.
    That isn't the real issue, it's HOW the product works that matters. QuickCrypt simply puts password protection on a file and encrypts its contents so they cannot be examined using other utilities/applications, other than in their encrypted form. I think that it is safe to assume that QuickCrypt is installed on the machine in question, so when you try to open an encrypted file it will ask you for the password.............that is all you have to crack. Decryption is totally impractical as it uses the Blowfish algorithm.

    EDIT:

    I would guess that it uses Blowfish to hash the password (just like OpenBSD?), in which case they will need to brute force it, which shouldn't take very long with Rainbow Tables. I think that it is wise to assume that they will have RTs large enough to handle a 15 character pass?
    Last edited by nihil; July 19th, 2012 at 10:59 AM.

  5. #5
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Quote Originally Posted by nihil View Post
    Hmmmm,

    Actually, Windows 3.x/95/98/98SE/Millennium/NT4.0 did not have ANY file encryption inbuilt, which is why people had to use third party applications.
    I know that; My first PC came with Windows 95, which was already VERY out dated, because 6 months later, I accidentally opened a certain file I keep on the very Floppy I was moving files to, and accidentally opened a file on there that not only made me rebooting wonder why it asked for a system disk, but in fact, when I tried to reinstall any OS on it, it was ....

    OK, this might need a little explaining to make some sense here; My Mom bought a Computer off my Uncle for me to use for school in late 1999. I'd never had a Computer before this, or even touched one, but I'd always been interested by them.

    So I was pretty happy to have one of my own even though it was in fact REALLY out dated already. 6 months After getting this first Computer, I was online, and talking to a friend of mine, and he was sending me some stuff for my Virus Collection. (Yea, I know, within 6 months I was collecting things that screwed stuff up lol) And one of them he sent, was a simple executable file and he said "By the way gore, DO NOT open that file, it'll kill your Computer!" And I saw he hadn't even Zipped it or anything. Well, I moved it to A Floppy I had some of my big ones on, and decided I should ZIP this thing up so I don't accidentally open it.

    I was just transferring the last few files, when I accidentally double clicked, and it just happened to land on it. I'd been drinking, so my game was just a little off to say the least, and I saw it, and hit the Power Button knowing that Windows 95 put everything into a Cache. So basically I'm like OK, I shut down, that should have been fast enough that it didn't write anything to disk.

    I turn the machine back on, and it started asking me for a System Disk. I couldn't Believe it. OK, no problem, I'll format the MBR, and re-install the OS. Nope. It said the Hard Disk was to small for Windows 95.... OK, a little weird, try Windows 3.1.... TO BIG?!?!?!?!? OK, PC-DOS.... Barely enough room....

    It took my Computer running Windows 95, loaded with MP3s and stuff, using a LOT of space on it, and all of a sudden, even when booting up with a Floppy Disk, and formatting the MBR, and the Hard Drive itself, it STILL said that.

    So anyway, whenever I bring that up, someone almost always messages me asking for the File, and I've sent it to multiple people on here before because they wanted to test it out a little bit, and see what it was actually doing, but no one has ever found out why it does that.

    I do remember HD Killer and HD Killer Pro, but it's not that. So I have one of the only pieces of software I've ever seen, that actually does damage to a HD. And FAST. The next day, I went to Best Buy, and bought my HP Pavilion, with Windows 98 on it, and that is what I'm using as my FTP Server right now. It came with a Pentium 3 @ 733 MHz, and I had a lot of stuff running on that machine, but now, it's slow enough that I can't use it as my main desktop, but it's still kicking, so I use it as an FTP Server. It has Slackware 12.0 on it. Within a month or so, Windows 2000 hit Shelves. So even then I was using pretty out dated stuff. The first machine I bought that actually was "up with the times" was that HP.

    Like two months after this, I bought an E-Machine, and it had Windows ME. I couldn't Believe Windows ME; It booted fast and crashed faster lol. Seriously, it was a terrible OS. I used it for a few things just to sort of toy with it, and I did end up trying to seriously use it for a while to give it a fair shake, but in Reality, it was like.... Well, almost nothing seemed to want to work right lol. I set up one of the 3 ISP accounts I had at the time on it, because during that time, I worked, but I was only like 18 or 19 years old, and so I had money and no real bills, so I used my extra money to buy Computers, Horror Movies, and other stuff for my collection.

    I also had the 3 Accounts with different ISPs because I was... Well I did some stuff not exactly legal, so I'd keep 3 accounts active at the time when someone was trying to send an OC line at me to get me offline, and I only had Dial Up, because I had no Network Cards, and I had no real way to get a high speed account at the time, they weren't exactly out at the time in my area, so I put my MSN Net account on there, and I think also AOL and Prodigy.

    But basically, within a few days, I partitioned the HD in it, and dual booted it with Linux and other OSs I had to test it out. That was I think when I first saw the potential in having a test machine lol. Anyway, I no longer have it; My ex GF, who I was dating back then, had a Computer too, and sometimes I'd talk to her online, and one day she called me and said her Computer died, so I looked at it, and was like well it needs some new Hardware, and she said she couldn't afford it all, and asked if she could borrow my other Computer, and I said OK, and formatted it, and used the Restore CD to make it like it was when I bought it, and then I brought it over to her, and a month later, we broke up, and she kept it.


    EFS [Encrypting File System] started with Windows 2000 Professional and requires the NTFS file system version 3.0 or higher.
    Yea, I actually bought Windows 2000. The stuff I was talking about above this, I used some of it to run it; I was at Best Buy again, and I saw Windows 2000 Professional for sale, and bought it, and then, after some screwing around, had my Windows 98 machine running that instead. I had a CD for Drivers, and I had downloaded Drivers for my hardware in Windows 98, for Windows 2000, and then just burned them to CD. I actually used Windows 2000 for a while. It was way better than what I was used to, and because I still didn't have high speed and only Internal Modems at the time, all my FreeBSD and Linux use was pretty limited.

    When we finally got high speed in this area, I waited a little while, and then bought it, and canceled my other accounts with Dial Up Providers, which were REALLY starting to suck. So I saved some money just because I was no longer paying for 3 accounts that I was starting to really need just because they were always busy. AOL and MSN were the most annoying.

    In fact, the home user (9.x/ME) versions of Windows had no security whatsoever. If you could operate the I/O switch, you were administrator. The only purpose of the user ID and password was to allow multiple user profiles and desktops. That way each user would only see their stuff, rather than every application that was installed on the machine. Anyone could access everything on the machine, and the default user and password was blanks, and had FULL ADMIN rights.

    With such computers, anybody who could access it at any time could use it for whatever they wanted, including planting incriminating evidence

    Security is a double edged sword; sometimes it protects you, and other times it paints you into a corner
    Yea, lol, remember those days man? Back when all you needed to do was sit down at the thing, and you could do anything unless they were Workstations or something and had REAL OSs on them, lol.

    That isn't the real issue, it's HOW the product works that matters. QuickCrypt simply puts password protection on a file and encrypts its contents so they cannot be examined using other utilities/applications, other than in their encrypted form. I think that it is safe to assume that QuickCrypt is installed on the machine in question, so when you try to open an encrypted file it will ask you for the password.............that is all you have to crack. Decryption is totally impractical as it uses the Blowfish algorithm.
    Well it's not THE issue, but you have to admit; With Computers coming standard today with stuff almost no one had back then; Cracking a password now, is a lot easier when you have small encryption. I actually used to have, on my old main desktop, the one I now use as a Server, SUSE Linux 8.2 Professional on it, and 4096 bit Encryption installed and set up for my Email. I remember some people here I emailed, getting a kick out of the size of my key lol.

    EDIT:



    I would guess that it uses Blowfish to hash the password (just like OpenBSD?), in which case they will need to brute force it, which shouldn't take very long with Rainbow Tables. I think that it is wise to assume that they will have RTs large enough to handle a 15 character pass?
    Blowfish is really popular on Linux and pretty much all the BSDs out there. I don't personally use OpenBSD, because I think FreeBSD and PC-BSD are WAY better, and aren't lead by a jerk like Theo. But yea you can set up basically any of them you'd like on BSD and Linux. I know for a while MD5 was taking some fire, but that seems to have died down, and Blowfish, and of course, DES for compatibility lol.

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Yeah!

    I was just trying to explain to the OP that there is a difference between decrypting and cracking a password.

    Way I would go is ghost/mirror the Win 98HDD to a decent SDD then rip at it with a Core-i7 extreme.

    Hey, maybe them Canucks have a custom rig built with X-Box/Playstation processors?

    A lot better for crypto than regular CPUs


  7. #7
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Hahaha OMG I didn't even think about that man! WOW! I've been gone for like a week, and I basically just now got on here to see all the stuff I missed. Good thinking outside though man!

    Actually, we should probably grab some stuff and post it about why that works, I think personally it's really interesting.

    Oh and before I forget; On the FreeBSD forums, they've been talking about how "ARM is the future" and all that.

Similar Threads

  1. How to REALLY hack hotmail
    By gore in forum Microsoft Security Discussions
    Replies: 59
    Last Post: September 19th, 2006, 11:57 AM
  2. The history of the Mac line of Operating systems
    By gore in forum Operating Systems
    Replies: 3
    Last Post: March 7th, 2004, 08:02 AM
  3. Windows XP Security Guide (phase two)
    By pooh sun tzu in forum The Security Tutorials Forum
    Replies: 10
    Last Post: March 6th, 2004, 09:54 PM
  4. Tcp/ip
    By gore in forum Newbie Security Questions
    Replies: 11
    Last Post: December 29th, 2003, 08:01 AM
  5. Secure Windows (All Versions)
    By spools.exe in forum Microsoft Security Discussions
    Replies: 3
    Last Post: October 4th, 2003, 11:54 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •