Key retrieval and XOR decryption

Results 1 to 7 of 7
  1. #1
    Registered FleeMons is offline
    MemberRank
    Oct 2014 Join Date
    13Posts

    ! Key retrieval and XOR decryption

    Key retrieval and XOR decryption
    Hi, everybody. I am studying the creation of the emulator, at the moment I study packages.
    I was able to find out exactly the encryption method-XOR.
    Tell me, how can I find the key?
    And then how are the bytes decrypted using this key?


  2. #2
    Member Zaseth is offline
    MemberRank
    Oct 2018 Join Date
    The NetherlandsLocation
    31Posts

    Re: Key retrieval and XOR decryption

    Mind sending the code so we can look at it?

  3. #3
    Registered FleeMons is offline
    MemberRank
    Oct 2014 Join Date
    13Posts

    Re: Key retrieval and XOR decryption

    Quote Originally Posted by Zaseth View Post
    Mind sending the code so we can look at it?
    I have only hex tcp packets...

    Отправлено с моего ZTE BLADE V0720 через Tapatalk

  4. #4
    Ultimate Member GHOST107 is offline
    MemberRank
    Oct 2008 Join Date
    170Posts

    Re: Key retrieval and XOR decryption

    To retrieve the XOR key, you just have to make a big packet and XOR it with your original data.
    Code:
    ^  = XOR
    data ^ key = encrypted_data
    encrypted_data ^ key = data 
    encrypted_data ^ data = key
    So to put it simple, just input a big enough data(use a long string made of a repeating character) to generate a big packet. When you got your packet just look for repeating data. To get the key, you just have to select the block of data that repeats and xor it with your input data.

    Example:
    Code:
    data = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
    encrypted_data = randomdataencryptedencryptedencryptedencryptedencryptedencryptedencryptedencrypted
    key = encrypted_data  ^ data = encrypted ^ aaaaa = 040f0213181115
    key = 040f0213181115 in hex
    This method works well, if the key is small(your input string is bigger then the key), you can also try to brute force the key out of the packet, with validation from your data.
    Last edited by GHOST107; 24-11-18 at 04:21 PM.

  5. #5
    Registered FleeMons is offline
    MemberRank
    Oct 2014 Join Date
    13Posts

    Re: Key retrieval and XOR decryption

    Thanks, but in what format to enter data? hex?

    For example I have this packet (hex and string).



    data = 5e ae 83 4f 83 d1 00 ac b3 17 c1 d9 08 00 45 00 ....
    or
    data = ^®.O.Ñ.¬³.ÁÙ..E.........

  6. #6
    Member Zaseth is offline
    MemberRank
    Oct 2018 Join Date
    The NetherlandsLocation
    31Posts

    Re: Key retrieval and XOR decryption

    What you're basically looking for is the Many Time Pad Attack (Crib Dragging)

  7. #7
    Ultimate Member GHOST107 is offline
    MemberRank
    Oct 2008 Join Date
    170Posts

    Re: Key retrieval and XOR decryption

    That packet is encrypted data, I don't know if the packet is encrypted, because you can see part of the structure there (because will be rare to have four consecutive 00).

    You first need to analyze more packets from the client. try to make a rough classification of the packets depending on your actions in the client. also when trying to to determine the encryption, compare use packets where you gave your own input, a simple slring(like login window, chat window, etc).

    For example(Login):
    Code:
    Test (1)
    user = aaaaaaaaaaa
    password  = bbbbbbbb = > this maybe will be hashed
    packet =  xxzzzzzzzyyyyyyyyyy
    
    Test (2)
    user = ddddddddd
    password =bbbbbb
    packet = xxwwwwyyyyyyyyyy
    
    ...
    xx could be header information, zzzzzzzzzz and wwwwww are the user info, yyyyyyyyy is the password info.



Advertisement