AES encryption craker / General Chatting / Forums

Forums

4hv.org :: Forums :: General Chatting

« Previous topic | Next topic »

AES encryption craker

Move Thread

LAN_403

Andy

Sat Oct 11 2014, 12:40AM

Registered Member #4266 Joined: Fri Dec 16 2011, 03:15AM
Location:
Posts: 874

Hi a post I wrote somewere else would like to share.

You have in theory a 256*256 array, its 256 array with a size of byte, you have "if" statments, that mean that 0x12=0x98, if you have 256*256 you have 7fff8000, which is the whole combo of 256*256 array, if you then have 16byte(128bit) you have 7fffffffffffffff800000000000000000 if add 41414141 INV you have 8000000041414140, the next instruction is and, so you create a filter start point at 0x00 and you AND 0x41414141(16bit remember),you xor 0x42424242 , which is, 8000000042424241 so its above which equals 0x3030301, kow you come to a sbox mixing function you do,0x3030301 + 7fff8000 = 83028301, after that you want to add no sub 54545454, it comes to 0x2EAE2EAD, ok, did you make the filter before, becuase you have the value 0x2EAE2EAD you sub 7fffffffffffffff800000000000000000 equals 7effffffffffffff80000002EAE2EAD, know the filter is a 41414141414141414242414141 value you AND it, and it comes out with 0x42404, so the value at the start was that.
The filter is made based on each instructiuon in the Aes code base, for eg AND instruction would be AND + AND(inverted(AND value^0x00->0xff)), OR instruction would be OR + OR(inverted(OR value^0x00->0xff))

A C flowchart eg of the below code would be
"
 if (keybits == 128)
 {
 for (;;)
 {
 temp = rk[3];
 rk[4] = rk[0] ^
 (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
 (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
 (Te4[(temp ) & 0xff] & 0x0000ff00) ^
 (Te4[(temp >> 24) ] & 0x000000ff) ^
 rcon[i];
 rk[5] = rk[1] ^ rk[4];
 rk[6] = rk[2] ^ rk[5];
 rk[7] = rk[3] ^ rk[6];
 if (++i == 10)
 return 10;
 rk += 4;
 }
 }
"
asm mov eax, rk;
asm mov ebx, Te4
asm mov temp, [eax+3*4];
asm mov [eax+4*3], [eax*3];
asm shr temp 16
asm and 0xff
asm mov Te4, [temp+ebx]
asm and 0xff000000
asm shr temp 8
asm and 0xff
asm mov Te41, [temp+ebx]
asm and 0x00ff0000
asm xor Te4, Te41

Overview
7fffffffffffffff800000000000000000 rk array
7fff8000 Te4 array

7fffffffffffffff800000000000000000 + 7fff8000 = 7fffffffffffffff800000007FFF8000
7fffffffffffffff800000007FFF8000 >> 16 = 7fffffffffffffff800000007f
7fffffffffffffff800000007f & 0xff = 0x7f
0x7f + 7fff8000 = 7FFF807F
7FFF807F & 0xff000000 = 7F000000(store)

7fffffffffffffff800000007FFF8000 >> 8 = 7fffffffffffffff800000007ff8
7fffffffffffffff800000007ff8 & 0xff = 0xf8
0xf8 + 7fff8000 = 7FFF80F8
7FFF80F8 & 0x00ff0000 = FF0000(store)

FF0000^7F000000 = 7FFF0000

7fffffffffffffff800000007FFF8000 = 7fffffffffffffff800000007ff8000
7fffffffffffffff800000007ff8000 & 0xff = 0x00
0x00 + 7fff8000 = 7FFF8000
7FFF8000 & 0x0000ff00 = 8000(store)

7FFF0000^8000 = 7FFF8000

etc
Thanks

After the values of Parrellel logic is worked out you should have a value maybe like this
939505B079B3BBBC0BAE7E85E1D9EC39 cyper text
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA Input key
BBBB0000000000000000000000000000 Input data
7fffffffffffffffffffffffffffffff80000000000000000000000000000000 Parrellel logic
816f41a6d90082c5348000007ff7ffff746f41aa1900 82c5348000007ff7ffff9257 Parrellel logic value from maths functions(AES run)
142CC4620193DFB9A626D969E307E78228FA3646F32CD5712 156ACC2CD52502C Filter for Parrellel logic worked out from (AES run)

You have cypertext and you do the below
939505B079B3BBBC0BAE7E85E1D9EC39 + 816f41a6d90082c5348000007ff7ffff746f41aa190082c534 8000007ff7ffff9257 =5.7896045e+76
5.7896045e+76(57896045000000000000000000000000000000000000000000000000000000000000000000000) & 142CC4620193DFB9A626D969E307E78228FA3646F32CD57121 56ACC2CD52502C = say 142CC4620193DFB9A626D969E307E78228FA3646F32CD57121 56ACC2CD52502C
142CC4620193DFB9A626D969E307E78228F A3646F32CD5712156ACC2CD52502 - 7fffffffffffffffffffffffffffffff80000000000000000000000000000000 =
193DFB9A626D969E307E78228FA3646F32CD571
That value is then done in reverse using the same system for a decrypt function which then should return this value
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Hon1nbo

Sun Oct 12 2014, 10:07PM

Registered Member #902 Joined: Sun Jul 15 2007, 08:17PM
Location: Pacific Northwest USA
Posts: 1042

I'd have to first go through this by hand (and I'm doing this enough with my current encryption studies and research so I'll have to set aside some time later), but this first thing I would like to point out is that you only have 128 bits of input data as well as a 128 bit key.
AES is a CBC block cipher algorithm with a 128 bit block size. **
AES uses CBC and gets its security from chaining subsequent blocks together after mixing with an Initialization Vector. If you have a piece of information that is exactly the length of your key, you might as well be using One Time Pad encryption as this is proven secure.
Before you can claim any kind of break in a CBC cipher, you have to make sure it actually applies to a full implementation of the algorithm (with the exception of the number of total rounds used, but using fewer rounds makes attacks less practical), and in this case that means using the full chained algorithm.
As well, you have a condition in which because of the lack of chaining, a system of known plaintext or chosen plaintext attacks can and will occur.

If you would like to explore this further, l I suggest you input this into a program which has at a minimum a full block size of data plus 1 block to allow for chaining, and ensure that the IV is randomized going into the system and not chosen and known by the attacker's system before hand.

Sorry if it seems rash, but also realize that even if all fails and it's bunk, it's still a good learning experience for all who take it.

Cheers,

-Jim

**EDIT: I accidentally listed AES as using a 256 bit block, this is not the case. AES uses a 128 bit block size.

Andy

Mon Oct 13 2014, 04:21AM

Registered Member #4266 Joined: Fri Dec 16 2011, 03:15AM
Location:
Posts: 874

Hi DaJJHman
Thanks for the good reply. The theory is based on one 128bit input for key and IV set to zero, the block, isn't revelent as, 7fff8000 is a array of 0x00-0xffff which is 256 array * 256byte chars per array cell(sorry might have to check if its 256*256*256, my bad), the ecb and cbc modes , keywraping etc, would be a modified filter value and ending value that gets added before the filter, saying that it shouldn't matter if its cbc as the next block, still gets added to the encryption 7f80(round about plus size) which covers all the possibility so it shouldn't matter as "
7fffffffffffffffffffffffffffffff80000000000000000000000000000000" = 16^256, but there might be some changes in the addon that could effect it.

Edit sorry wrong ways around, these numbers don't reltate to the aes algo, are just examples of the parrellel logic.
Test
7f80 = 1 byte(0x00 || 0x01 || 0x02 || 0x03 || 0x04, as loop(0xff(x)(i=i+x))
4141 + 7f80 = C0C1
C0C1 - 5367 = 6D5A
6D5A - 8888 = FFFFFFFFFFFFE4D2
FFFFFFFFFFFFE4D2 *52 = FFFFFFFFFFF74B44
Apply filter, which shouldn't have one with basic maths functions, just sub
FFFFFFFFFFF74B44 - 7f80 = FFFFFFFFFFF6CBC4
FFFFFFFFFFF6CBC4 = 0x00 with all the maths above
FFFFFFFFFFF74B44 - 7f00 = FFFFFFFFFFF6CC44
FFFFFFFFFFF6CC44 = 0x80 with all the maths above

0x7f00 = 0x7f80 - 0x80(this is the start we want to check so remove all others)
0x7f80 = 0x7f80 - 0x00
0x7f10 = 0x7f80 - (0x20& 0x50) both value we want to check

Edit 2
I think IVs are just xored with the input, have to check, but that would be a matter of generating the filter for a xor function, then adding 7fffffffffffffffffffffffffffffff80000000000000000000000000000000(size of IV input block) value xored with the step before in the Aes code.

Hon1nbo

Mon Oct 13 2014, 12:23PM

Registered Member #902 Joined: Sun Jul 15 2007, 08:17PM
Location: Pacific Northwest USA
Posts: 1042

I've updated my initial reply as AES is in fact a 128bit block size, and not 256bit. However, my point still stands that unless you are adding the Initialization Vector with a randomized value, generated by a secure RNG (or secure pRNG if required), then the AES output becomes predictable and reversible via other forms of analysis.

Having an IV of zero as a requirements for this operation means you are not attacking AES, but rather an already faulty ECB or CBC system. The purpose of the IV is to prevent a direct relationship between the key/plaintext and the resulting ciphertext that is predictable and the same for all encryption rounds which can be solved with linear or observational cryptanalysis (not even a need for differential analysis with this type of operation usually).

Also, there are some inconsistencies I've noticed going through your math here and there, such as these:

Andy wrote ...

Test
7f80 = 1 byte

^^ This is a 2 byte value, as each hexadecimal number is 4 bits

4141 + 7f80 = C0C1

^^ Where is 4141 coming from?

5367 - C0C1 = 6D5A

^^ This actually equals 0xFFFFFFFFFFFF92A6

8888 - 6D5A = FFFFFFFFFFFFE4D2

^^ This equation equals 0x1B2E, but again since there have been previous math errors this will need to be adjusted

52 * FFFFFFFFFFFFE4D2 = FFFFFFFFFFF74B44

^^ This is correct but again is based on previous incorrect values

Apply filter, which shouldn't have one with basic maths functions, just sub
FFFFFFFFFFF74B44 - 7f80 = FFFFFFFFFFF6CBC4

^^ This is correct but again is based on previous incorrect values

FFFFFFFFFFF6CBC4 = 0xff with all the maths above

^^ Explain this reasoning

FFFFFFFFFFF74B44 - 7f00 = FFFFFFFFFFF6CC44

^^ This is correct but again is based on previous incorrect values

FFFFFFFFFFF6CC44 = 0x7f with all the maths above

^^ Explain this reasoning

As well the formatting of the system makes it difficult to follow. Maybe it would help for working with you if there was a logic flow diagram.

I'd love to pick your brain on where all of this is coming from, but as a word of warning I'm currently short on time so this discussion may get drawn out quite a bit.

Regards,

-Jim

Moderator(s): Chris Russell, Noelle, Alex, Tesladownunder, Dave Marshall, Dave Billington, Bjørn, Steve Conner, Wolfram, Kizmo, Mads Barnkob