Re: "ZIP Attacks with Reduced Known-Plaintext"
- From: Douglas Eagleson <eaglesondouglas@xxxxxxxxx>
- Date: Mon, 4 Aug 2008 10:13:10 -0700 (PDT)
On Aug 3, 8:46 am, jmorton123 <jmorton...@xxxxxxxx> wrote:
On Jul 30, 5:17 am, DouglasEagleson<eaglesondoug...@xxxxxxxxx>
wrote:
On Jul 29, 7:23 pm, jmorton123 <jmorton...@xxxxxxxx> wrote:
All right. I was hoping that someone could help me crack a couple of
zip files with probably 50 or more known plain text bytes that are
identical at the beginning of each of these files. But I got no reply
from my original post.
So here is a paper to the point. I am hoping that one or more of you
would like to flex their crypto muscles and help me or to a lesser
extent discuss this topic for our upliftment.
http://www.woodmann.com/fravia/mike_zipattacks.htm
Thanks.
JM
unsigned char PKZIP_stream_byte (unsigned char pt)
{
1 unsigned short temp;
2 key0 = crc32 (key0, pt);
3 key1 = (key1+(key0 & 0xFF)) * 0x08088405 + 1;
4 key2 = crc32 (key2, key1 >> 24);
5 temp = (key2 & 0xFFFC) | 2;
6 return ( (temp * (temp ^ 1)) >> 8)&0xFF;
This is a small and easy to may open algorithm,
A short method in explaination would be to take the temp throw away
key and reverse the process after it was to be thrown away.
Dividing by 2^8 in row 6, does something that can be reversed maybe.
Maybe
I do not have much to go on just instinct here.
step
loop
1- remove the 0xFF
2- do this- ct<<1
3- divide by 0x08088405
4- check for valid word
endloop
Multiply by 2 all ciphertext to scroll thru the possible sets of two.
Just loop the ct multiplication and when a known word appears you have
the constant of encipherment.
After every scrolls divide by 0x08088405
Send me a known word of cipher text and I will write the short test
code to see if it opens. It appear to be a two's complement shifted
XOR and a property of multiplicative sets was always a problem in
two's complement number encryption. When you divide a lack of
remainder appears. It is a remainder open window attack for two's
complement number division is what I would term it. I just heard that
the attack for a two's complement division was a multiply by two and
divide by a constant. I picked that constant used.
It is all a long shot but please let me try.
Please send
one word
1- plaintext
2-ciphertext
I'd like to send you a test file: a password encrypted zip file
created using the same
FreeZip software with the same specs as the target file I've
previously described in my
original post. I will also send you the plain text of the files in
this test .zip file.
I'd like you to tell me the password used to encrypt the test zip
folder file.
Then we can discuss the problem .zip file.
email at jmorton...@xxxxxxxx with an email address where I can send
the files as an
attachment.
Thank you for your offer.
JM- Hide quoted text -
- Show quoted text -
Yes, my email is
eaglesondouglas123@xxxxxxxxx
I will try to see what happens with an old test program I have. The
only critical thing for the test program is to determine the word size
of the encryption algorithm
and the size of the header on the actual zip data file. I would just
have to strip the header from the test zip file.
Doug
.
- References:
- Re: "ZIP Attacks with Reduced Known-Plaintext"
- From: jmorton123
- Re: "ZIP Attacks with Reduced Known-Plaintext"
- Prev by Date: Re: Kaspersky & friends should be locked up.
- Next by Date: Re: Kaspersky & friends should be locked up.
- Previous by thread: Re: "ZIP Attacks with Reduced Known-Plaintext"
- Next by thread: GCHQ boss
- Index(es):
Relevant Pages
|
