RE: Crypt

From: Dylan Douglas <dylan_at_mediadefender.com>
Date: Wed, 13 Jun 2007 12:28:42 -0700

Okay, well, I'm going to take out the "try to process multiple packets
from one packet" and see if that stops the decryption errors.

It seems like some of the clients have finally updated themselves, so I
finally getting encrypted traffic, although a majority of the traffic
still seems unencrypted:

Received ping from 38.112.2.38
Received unencrypted message...fuck em
Received unencrypted message...fuck em
Received unencrypted message...fuck em
Received ping from 62.150.44.5
Received unencrypted message...fuck em
Inserting 3 clients into database...finished
Received reverse pierce (?)
Received new pierce from 71.113.86.179:50059
Received ping from 65.120.42.180
Received ping from 65.120.42.180
Received ping from 38.112.2.38
Received reverse pierce (?)
Received new pierce from 71.107.60.72:1049
Received unencrypted message...fuck em
Received ping from 38.112.2.38
Received unencrypted message...fuck em
Received ping from 76.81.25.188
  Encrypt inner size/outer size: 0x0000070a 0x000005fc
  Reader inner size/outer size: 0x00002c2b 0x00000600
  In: 0x98 0xa5 0x87 0x7b 0x1d 0x2c 0x24
  Out: 0x01 0x07 0x07
Received reverse pierce (?)
Received new pierce from 65.120.42.225:14863

The "reverse pierce" worries me, since that would be a server to client
message... so why am I getting it?

The red lines are things that it can't get a correct size for. The
decrypted and original sizes don't match the received buffer size. So,
wtf?

Can you please capture some traffic that you know works (or write out
hex values for the different types of packets)? My wireshark on Windows
says what is being sent is a "fragmented udp packet." So it won't tell
me where it starts or where it ends. The wireshark on Linux won't run,
so I have no idea what the incoming traffic is. Just give me something
I know works. (I was up until around 2 working on this and about to rip
my hair out.)

-D

 

|-----Original Message-----
|From: Stefan Kaczmarek [mailto:stefan_at_thezonie.org]
|Sent: Wednesday, June 13, 2007 10:39 AM
|To: Dylan Douglas
|Cc: Ivan Kwok; Ben Ebert; Ty Heath; Jay Mairs; Nainesh
|Solanki; Sergio Alvarez; Gerald Rode
|Subject: RE: Crypt
|
|Remember, this is udp ... One message per packet. It's prolly
|sending the full packet size now because the entire buffer is
|being encrypted. I can prolly change that, but it could be
|argued that it helps with the obfuscation.
|
|I imagine that when you decrypt the packet that it's just
|zeroes after the first packet. Right?
|
|-----Original Message-----
|From: "Dylan Douglas" <dylan_at_mediadefender.com>
|To: "Stefan Kaczmarek" <stefan_at_thezonie.org>
|Cc: "Ivan Kwok" <ivan_at_mediadefender.com>; "Ben Ebert"
|<ben_at_mediadefender.com>; "Ty Heath" <heath_at_mediadefender.com>;
|"Jay Mairs" <jay_at_mediadefender.com>; "Nainesh Solanki"
|<nsolanki_at_mediadefender.com>; "Sergio Alvarez"
|<sergio_at_mediadefender.com>; "Gerald Rode" <gerald_at_mediadefender.com>
|Sent: 6/13/07 10:21 AM
|Subject: RE: Crypt
|
|
|
|Okay, I'm looking at the traffic from the office computer and
|I'm seeing
|only 1480 byte packets. There don't seem to be any 7-byte
|ping packets.
|
|I was doing a bunch of coding last night and had to make an adjustment
|to the packet receiver, since the ping packets seemed to be on
|the front
|of a larger packet. I make the function loop to split the ping off the
|front of the other packet, and then handle the next packet. But, I'm
|not sure that there really is another packet there, because I started
|getting a bunch of errors.
|
|Can you sniff your traffic and see if you are sending only
|7-bytes or if
|something is sending wacky shit after the ping?
|
|-D
|
||-----Original Message-----
||From: Stefan Kaczmarek [mailto:stefan_at_thezonie.org]
||Sent: Tuesday, June 12, 2007 11:30 AM
||To: Dylan Douglas
||Cc: Ivan Kwok; Ben Ebert; Ty Heath; Jay Mairs; Nainesh
||Solanki; Sergio Alvarez; Gerald Rode
||Subject: Re: Crypt
||
||Ok, I came up with something that works in Java and PHP.
||
||So, instead of this:
||
||$key = ($key * 1103515245 + 12345) & 0x7fffffff;
||
||Do this:
||
||$a = ($key>>16) & 0xffff;
||$b = $key & 0xffff;
||$a = ($a * ((1103515245 >> 16) & 0xffff)) + 12345;
||$b = ($b * (1103515245 & 0xffff)) + 12345;
||$key = ($key ^ $a) ^ $b;
||
||Nibble bork! :)
||
||I don't know how awesome it is from a cryptological standpoint, but
||there it is.
||
||- Z
||
||On Jun 12, 2007, at 7:53 AM, Dylan C Douglas wrote:
||
||> Yeah, that's why I was throwing the AND in there. PHP doesn't
||> handle overflowing really well. It just promotes it, so I was
||> trying to limit it to four bytes. (You said eight bytes for the
||> sha1 idea. Are you working with eight byte keys?)
||>
||> I'm fine with the sha1 idea, but it's going to have to be
|the first
||> four bytes being the new key, since I don't have longs; I have
||> signed int and signed float. I'm just worried about speed. I'll
||> try to find something that can do a sha1 for php.
||>
||> -D
||>
||> -----Original Message-----
||> From: "Stefan Kaczmarek" <stefan_at_thezonie.org>
||> To: "Dylan Douglas" <dylan_at_mediadefender.com>
||> Cc: "Ivan Kwok" <ivan_at_mediadefender.com>; "Ben Ebert"
||> <ben_at_mediadefender.com>; "Ty Heath"
|<heath_at_mediadefender.com>; "Jay
||> Mairs" <jay_at_mediadefender.com>; "Nainesh Solanki"
||> <nsolanki_at_mediadefender.com>; "Sergio Alvarez"
||> <sergio_at_mediadefender.com>; "Gerald Rode" <gerald_at_mediadefender.com>
||> Sent: 6/11/07 10:31 PM
||> Subject: Re: Crypt
||>
||> Ok, shit no worky, and it's because PHP treats integers that go
||> beyond the int boundary as floats instead of just overflowing. So
||> basically we need to do some sort of byte shifting thingy instead.
||>
||> Any other idears? How about something like the first 8 bytes of the
||> sha-1 of the key is the new key???
||>
||> - Z
||>
||> On Jun 11, 2007, at 6:14 PM, Dylan Douglas wrote:
||>
||>> Okay, so, got it working.
||>>
||>> Encrypt:
||>> srand( time() + 127 );
||>> $key = ( mt_rand( 0, 0x7fffffff ) );
||>> $encrypted_data = sprintf( '%08x', $key );
||>>
||>> $b = 0;
||>> $length = strlen( $data );
||>>
||>> for( $i = 0; $i < $length; $i++ )
||>> {
||>> $key = ($key * 1103515245 + 12345) & 0x7fffffff;
||>> $b = ( $key / 65536 ) % 256;
||>> $value = ord( $data[$i] ) ^ $b;
||>> $encrypted_data .= sprintf( '%02x', $value );
||>> }
||>>
||>> The only real change to the original code is the addition of
||>> ANDing it with 0x7fffffff, which keeps php from busting. I used it
||>> to encrypt your string of "I really enjoy carpeting." and get:
||>> string(58)
||>> "5c579169848331b8c228511ab4a54303cd76f31a45d30845b2fd38e3d4"
||>>
||>> The starting bytes of: 5c579169 are is the key. It's value is
||>> 0x5c579169 (I tried to write the LSB first but php is a pita and
||>> that made decoding the key a pain. So, I straight-out write it
||>> like it is a hex string and if you need to shift things around, you
||>> can do that in java.
||>>
||>> See if you can get it working on your side.
||>>
||>> -D
||>>
||>> Ps. here are some others:
||>>
||>> "Fresh taste... you can trust"
||>> string(64)
||>> "5316297d87c1c574e68617d0498fb9bb508ae80b4117f8d19c2777cde6a3ad39"
||>> "We have your email address listed as theshockwave_at_gmail.com. If
||>> you do not want to receive anymore emails on special savings and
||>> news, click here."
||>> string(300)
||>>
||"518fa7cad1b242cd6fd8825430c2c4217574c9ef510c646362ab390739e7dd92c67a
||>> 9
||>>
||13f99f4718fadb00b0c109eb1c93f965220070f361632c85d12f00f49ed03debc7edd
||>> 9
||>>
||108078ed03d3d58743a76ce5fd82ec22a583afdd3cbd943e3a59e532a5e157249dd84
||>> b
||>>
||9829640ab88783989f807826d86fa1cf9814d3a07a19c048d0b1e45fd1fffab23f017
||>> e
||>> 16e1ae598961184798d8f"
||>>
||>>
||>> From: Dylan Douglas
||>> Sent: Friday, June 08, 2007 5:22 PM
||>> To: Stefan Kaczmarek
||>> Cc: Ivan Kwok; Ben Ebert; Ty Heath; Jay Mairs; Nainesh Solanki;
||>> Sergio Alvarez; Gerald Rode
||>> Subject: RE: Crypt
||>>
||>> I think I got it sorted out.
||>>
||>> I changed the line to: $key = ($key * 1103515245 + 12345) &
||>> 0x7fffffff
||>>
||>> I was going to keep working on it, but we are changing ips and are
||>> now in ip hell.
||>>
||>>
||>>
||>> From: Stefan Kaczmarek [mailto:stefan_at_thezonie.org]
||>> Sent: Thursday, June 07, 2007 9:04 PM
||>> To: Dylan Douglas
||>> Cc: Ivan Kwok; Ben Ebert; Ty Heath; Jay Mairs; Nainesh Solanki;
||>> Sergio Alvarez
||>> Subject: Re: Crypt
||>>
||>> Well, if you need to tweak it to make it work easier in php, let me
||>> know. It doesn't really matter what the algo is, as long as it's
||>> implementable in java and php.
||>>
||>> - Z
||>>
||>> On Jun 7, 2007, at 6:22 PM, Dylan Douglas wrote:
||>>
||>>> Z-
||>>>
||>>> Have I mentioned that php is dumber about ints than Java? Well,
||>>> I'm trying to get the:
||>>>
||>>> $key = $key * 1103515245 + 12345;
||>>> code to work. I start off okay, then I seem to zoom off to around
||>>> 10^130 as I become a float (and that is just doing your carpet
||>>> string). So, cast to stay an int, right? Now I loop past MAXINT
||>>> become negative and get stuck somehow at MININT value. I tried
||>>> ANDing it with 0xffffffff, but that didn't help. I have to figure
||>>> out how to tell it to limit stuff to 4 bytes and to allow it to
||>>> loop. Will keep you updated.
||>>>
||>>> -D
||>>>
||>>> From: Stefan Kaczmarek [mailto:stefan_at_thezonie.org]
||>>> Sent: Thursday, June 07, 2007 8:46 AM
||>>> To: Ivan Kwok; Ben Ebert; Ty Heath; Jay Mairs; Nainesh Solanki;
||>>> Sergio Alvarez; Dylan Douglas
||>>> Subject: Crypt
||>>>
||>>> D,
||>>>
||>>> Here are the code snippets that I use to encrypt / decrypt the
||>>> json string. When I send you the sources, it'll be "files=<hex
||>>> string>". And when I get the sources back, I am assuming it'll be
||>>> a <hex string> that comes back.
||>>>
||>>> To go to and from hex strings, this is what I do:
||>>>
||>>> // Encrypt the data and convert it ot a hex string
||>>> String data="I really enjoy carpeting.";
||>>> byte data_bytes[]=data.getBytes();
||>>> byte to_crypt[]=new byte[data_bytes.length+4];
||>>> System.arraycopy(data_bytes,0,to_crypt,4,data_bytes.length);
||>>> byte cipher[]=Crypt.Encrpyt(to_crypt);
||>>> String hex=Crypt.bytesToHex(cipher);
||>>> data=hex;
||>>>
||>>> // Decrypt the data
||>>> data_bytes=Crypt.hexToBytes(data);
||>>> byte plain[]=Crypt.Decrypt(data_bytes);
||>>> byte decrypt[]=new byte[plain.length-4];
||>>> System.arraycopy(plain,4,decrypt,0,decrypt.length);
||>>> data=new String(decrypt);
||>>>
||>>> I just take the string, convert it to a byte array, add 4 bytes at
||>>> the front for the key, and then encrypt the byte array. I then
||>>> convert the whole byte array into a hex string. Then, when
||>>> receiving a hex string, i convert it to a byte array, then decrypt
||>>> it, pull off the first 4 bytes, and covert the remaining bytes
||>>> back into a string.
||>>>
||>>> Try decrypting
||>>> 933d5162fadc8f46acc8e0fdd123205867743c03ce284794f989691a5a and you
||>>> should get the "I really enjoy carpeting."
||>>>
||>>> For funsies, here are the decrpyt and encrypt functions:
||>>>
||>>> // The input buffer needs to have 4 bytes at the front to allow
||>>> for the key to be placed there
||>>> public static byte[] Encrpyt(byte[] data)
||>>> {
||>>> // Create a byte buffer, which is the 4 byte key plus the data
||>>> byte[] ret=new byte[data.length];
||>>> System.arraycopy(data,0,ret,0,data.length);
||>>>
||>>> // Get a random int to encrypt with
||>>> int key=new Random().nextInt();
||>>>
||>>> // Copy the key and data to the out array
||>>> System.arraycopy(intToByteArray(key),0,ret,0,4);
||>>>
||>>> // Encrypt the data
||>>> DoCrypt(key,ret,4);
||>>>
||>>> return ret;
||>>> }
||>>>
||>>> // Will return the buffer with the key still at the first 4 bytes
||>>> public static byte[] Decrypt(byte[] data)
||>>> {
||>>> // Create a byte buffer
||>>> byte[] ret=new byte[data.length];
||>>> System.arraycopy(data,0,ret,0,data.length);
||>>>
||>>> // Get the key from the first 4 bytes
||>>> int key=byteArrayToInt(data,0);
||>>>
||>>> // Decrypt the data
||>>> DoCrypt(key,ret,4);
||>>>
||>>> return ret;
||>>> }
||>>>
||>>> private static void DoCrypt(int key,byte[] data,int offset)
||>>> {
||>>> byte b=0;
||>>> for(int i=offset;i<data.length;i++)
||>>> {
||>>> key = key * 1103515245 + 12345;
||>>> b=(byte)((key/65536) % 256);
||>>> data[i] ^= b;
||>>> }
||>>> }
||>>>
||>>>
||>>>
||>>
||>
||
||
|
|
Received on Fri Sep 14 2007 - 10:55:53 BST

This archive was generated by hypermail 2.2.0 : Sun Sep 16 2007 - 22:19:46 BST