Re: Decryt AES / try to guess salt
- From: rossum <rossum48@xxxxxxxxxxxx>
- Date: Wed, 29 Apr 2009 22:48:10 +0100
On Wed, 29 Apr 2009 21:18:08 +0200, Tim Ritberg <tim_rit@xxxxxx>
wrote:
rossum schrieb:shaTemp <- copy of current state of hash.
On Tue, 28 Apr 2009 16:20:09 +0200, Tim Ritberg <tim_rit@xxxxxx>
wrote:
rossum schrieb:OK so far.
That is a lot clearer. The salt is included in the header, and shouldI try to "guess" the salt offset on basis of my uncrypted rar with same
look random - just use it as it is. The key is the first 128 bits of
the SHA1 hash after 262,144 repetitions. The IV is 16 bytes extracted
from the hash, one every 16,384 cycles.
file in it. The offset is 46 and hopefully is same in crypted version of
rar.
Let me make an overview:
It take password, make in front of each char 0x00.
Then I do loop over
<wchar password> + <salt> + <index>
after 16384 rounds I take first 16 byte as IVNo. The relevant part of the code reads:
if (i % (hashRounds / 16) == 0)
{
NSha1::CContext shaTemp = sha;
Byte digest[NSha1::kDigestSize];
shaTemp.Final(digest);
aesInit[i / (hashRounds / 16)] = (Byte)digest[4 * 4 + 3];
}
Sorry, I can't read C very well; I try to write it in Pascal.
Thats my frame to day:
for i:=1 to 262144 do
begin
// stuff with "pass+salt+index" =UpdateHash
if (i mod (hashround div 16)) = 0 then
begin
// do SHA1 on "pass+salt+key" with 1 byte from // UpdateHash as IV
declare byte array digest.
digest <- finalise shaTemp.
aesInit[i DIV (hashRounds DIV 16)] <- digest[19].
end;
end;
rossum
.
- References:
- Re: Decryt AES / try to guess salt
- From: Tim Ritberg
- Re: Decryt AES / try to guess salt
- Prev by Date: Re: Decryt AES / try to guess salt
- Previous by thread: Re: Decryt AES / try to guess salt
- Next by thread: Re: Decryt AES / try to guess salt
- Index(es):
