RE: Crypt

From: Stefan Kaczmarek <stefan_at_thezonie.org>
Date: Wed, 13 Jun 2007 10:39:17 -0700

Remember, this is udp ... One message per packet. It's prolly sending the full packet size now because the entire buffer is being encrypted. I can prolly change that, but it could be argued that it helps with the obfuscation.

I imagine that when you decrypt the packet that it's just zeroes after the first packet. Right?

-----Original Message-----
From: "Dylan Douglas" <dylan_at_mediadefender.com>
To: "Stefan Kaczmarek" <stefan_at_thezonie.org>
Cc: "Ivan Kwok" <ivan_at_mediadefender.com>; "Ben Ebert" <ben_at_mediadefender.com>; "Ty Heath" <heath_at_mediadefender.com>; "Jay Mairs" <jay_at_mediadefender.com>; "Nainesh Solanki" <nsolanki_at_mediadefender.com>; "Sergio Alvarez" <sergio_at_mediadefender.com>; "Gerald Rode" <gerald_at_mediadefender.com>
Sent: 6/13/07 10:21 AM
Subject: RE: Crypt

Okay, I'm looking at the traffic from the office computer and I'm seeing
only 1480 byte packets. There don't seem to be any 7-byte ping packets.

I was doing a bunch of coding last night and had to make an adjustment
to the packet receiver, since the ping packets seemed to be on the front
of a larger packet. I make the function loop to split the ping off the
front of the other packet, and then handle the next packet. But, I'm
not sure that there really is another packet there, because I started
getting a bunch of errors.

Can you sniff your traffic and see if you are sending only 7-bytes or if
something is sending wacky shit after the ping?

-D

|-----Original Message-----
|From: Stefan Kaczmarek [mailto:stefan_at_thezonie.org]
|Sent: Tuesday, June 12, 2007 11:30 AM
|To: Dylan Douglas
|Cc: Ivan Kwok; Ben Ebert; Ty Heath; Jay Mairs; Nainesh
|Solanki; Sergio Alvarez; Gerald Rode
|Subject: Re: Crypt
|
|Ok, I came up with something that works in Java and PHP.
|
|So, instead of this:
|
|$key = ($key * 1103515245 + 12345) & 0x7fffffff;
|
|Do this:
|
|$a = ($key>>16) & 0xffff;
|$b = $key & 0xffff;
|$a = ($a * ((1103515245 >> 16) & 0xffff)) + 12345;
|$b = ($b * (1103515245 & 0xffff)) + 12345;
|$key = ($key ^ $a) ^ $b;
|
|Nibble bork! :)
|
|I don't know how awesome it is from a cryptological standpoint, but
|there it is.
|
|- Z
|
|On Jun 12, 2007, at 7:53 AM, Dylan C Douglas wrote:
|
|> Yeah, that's why I was throwing the AND in there. PHP doesn't
|> handle overflowing really well. It just promotes it, so I was
|> trying to limit it to four bytes. (You said eight bytes for the
|> sha1 idea. Are you working with eight byte keys?)
|>
|> I'm fine with the sha1 idea, but it's going to have to be the first
|> four bytes being the new key, since I don't have longs; I have
|> signed int and signed float. I'm just worried about speed. I'll
|> try to find something that can do a sha1 for php.
|>
|> -D
|>
|> -----Original Message-----
|> From: "Stefan Kaczmarek" <stefan_at_thezonie.org>
|> To: "Dylan Douglas" <dylan_at_mediadefender.com>
|> Cc: "Ivan Kwok" <ivan_at_mediadefender.com>; "Ben Ebert"
|> <ben_at_mediadefender.com>; "Ty Heath" <heath_at_mediadefender.com>; "Jay
|> Mairs" <jay_at_mediadefender.com>; "Nainesh Solanki"
|> <nsolanki_at_mediadefender.com>; "Sergio Alvarez"
|> <sergio_at_mediadefender.com>; "Gerald Rode" <gerald_at_mediadefender.com>
|> Sent: 6/11/07 10:31 PM
|> Subject: Re: Crypt
|>
|> Ok, shit no worky, and it's because PHP treats integers that go
|> beyond the int boundary as floats instead of just overflowing. So
|> basically we need to do some sort of byte shifting thingy instead.
|>
|> Any other idears? How about something like the first 8 bytes of the
|> sha-1 of the key is the new key???
|>
|> - Z
|>
|> On Jun 11, 2007, at 6:14 PM, Dylan Douglas wrote:
|>
|>> Okay, so, got it working.
|>>
|>> Encrypt:
|>> srand( time() + 127 );
|>> $key = ( mt_rand( 0, 0x7fffffff ) );
|>> $encrypted_data = sprintf( '%08x', $key );
|>>
|>> $b = 0;
|>> $length = strlen( $data );
|>>
|>> for( $i = 0; $i < $length; $i++ )
|>> {
|>> $key = ($key * 1103515245 + 12345) & 0x7fffffff;
|>> $b = ( $key / 65536 ) % 256;
|>> $value = ord( $data[$i] ) ^ $b;
|>> $encrypted_data .= sprintf( '%02x', $value );
|>> }
|>>
|>> The only real change to the original code is the addition of
|>> ANDing it with 0x7fffffff, which keeps php from busting. I used it
|>> to encrypt your string of "I really enjoy carpeting." and get:
|>> string(58)
|>> "5c579169848331b8c228511ab4a54303cd76f31a45d30845b2fd38e3d4"
|>>
|>> The starting bytes of: 5c579169 are is the key. It's value is
|>> 0x5c579169 (I tried to write the LSB first but php is a pita and
|>> that made decoding the key a pain. So, I straight-out write it
|>> like it is a hex string and if you need to shift things around, you
|>> can do that in java.
|>>
|>> See if you can get it working on your side.
|>>
|>> -D
|>>
|>> Ps. here are some others:
|>>
|>> "Fresh taste... you can trust"
|>> string(64)
|>> "5316297d87c1c574e68617d0498fb9bb508ae80b4117f8d19c2777cde6a3ad39"
|>> "We have your email address listed as theshockwave_at_gmail.com. If
|>> you do not want to receive anymore emails on special savings and
|>> news, click here."
|>> string(300)
|>>
|"518fa7cad1b242cd6fd8825430c2c4217574c9ef510c646362ab390739e7dd92c67a
|>> 9
|>>
|13f99f4718fadb00b0c109eb1c93f965220070f361632c85d12f00f49ed03debc7edd
|>> 9
|>>
|108078ed03d3d58743a76ce5fd82ec22a583afdd3cbd943e3a59e532a5e157249dd84
|>> b
|>>
|9829640ab88783989f807826d86fa1cf9814d3a07a19c048d0b1e45fd1fffab23f017
|>> e
|>> 16e1ae598961184798d8f"
|>>
|>>
|>> From: Dylan Douglas
|>> Sent: Friday, June 08, 2007 5:22 PM
|>> To: Stefan Kaczmarek
|>> Cc: Ivan Kwok; Ben Ebert; Ty Heath; Jay Mairs; Nainesh Solanki;
|>> Sergio Alvarez; Gerald Rode
|>> Subject: RE: Crypt
|>>
|>> I think I got it sorted out.
|>>
|>> I changed the line to: $key = ($key * 1103515245 + 12345) &
|>> 0x7fffffff
|>>
|>> I was going to keep working on it, but we are changing ips and are
|>> now in ip hell.
|>>
|>>
|>>
|>> From: Stefan Kaczmarek [mailto:stefan_at_thezonie.org]
|>> Sent: Thursday, June 07, 2007 9:04 PM
|>> To: Dylan Douglas
|>> Cc: Ivan Kwok; Ben Ebert; Ty Heath; Jay Mairs; Nainesh Solanki;
|>> Sergio Alvarez
|>> Subject: Re: Crypt
|>>
|>> Well, if you need to tweak it to make it work easier in php, let me
|>> know. It doesn't really matter what the algo is, as long as it's
|>> implementable in java and php.
|>>
|>> - Z
|>>
|>> On Jun 7, 2007, at 6:22 PM, Dylan Douglas wrote:
|>>
|>>> Z-
|>>>
|>>> Have I mentioned that php is dumber about ints than Java? Well,
|>>> I'm trying to get the:
|>>>
|>>> $key = $key * 1103515245 + 12345;
|>>> code to work. I start off okay, then I seem to zoom off to around
|>>> 10^130 as I become a float (and that is just doing your carpet
|>>> string). So, cast to stay an int, right? Now I loop past MAXINT
|>>> become negative and get stuck somehow at MININT value. I tried
|>>> ANDing it with 0xffffffff, but that didn't help. I have to figure
|>>> out how to tell it to limit stuff to 4 bytes and to allow it to
|>>> loop. Will keep you updated.
|>>>
|>>> -D
|>>>
|>>> From: Stefan Kaczmarek [mailto:stefan_at_thezonie.org]
|>>> Sent: Thursday, June 07, 2007 8:46 AM
|>>> To: Ivan Kwok; Ben Ebert; Ty Heath; Jay Mairs; Nainesh Solanki;
|>>> Sergio Alvarez; Dylan Douglas
|>>> Subject: Crypt
|>>>
|>>> D,
|>>>
|>>> Here are the code snippets that I use to encrypt / decrypt the
|>>> json string. When I send you the sources, it'll be "files=<hex
|>>> string>". And when I get the sources back, I am assuming it'll be
|>>> a <hex string> that comes back.
|>>>
|>>> To go to and from hex strings, this is what I do:
|>>>
|>>> // Encrypt the data and convert it ot a hex string
|>>> String data="I really enjoy carpeting.";
|>>> byte data_bytes[]=data.getBytes();
|>>> byte to_crypt[]=new byte[data_bytes.length+4];
|>>> System.arraycopy(data_bytes,0,to_crypt,4,data_bytes.length);
|>>> byte cipher[]=Crypt.Encrpyt(to_crypt);
|>>> String hex=Crypt.bytesToHex(cipher);
|>>> data=hex;
|>>>
|>>> // Decrypt the data
|>>> data_bytes=Crypt.hexToBytes(data);
|>>> byte plain[]=Crypt.Decrypt(data_bytes);
|>>> byte decrypt[]=new byte[plain.length-4];
|>>> System.arraycopy(plain,4,decrypt,0,decrypt.length);
|>>> data=new String(decrypt);
|>>>
|>>> I just take the string, convert it to a byte array, add 4 bytes at
|>>> the front for the key, and then encrypt the byte array. I then
|>>> convert the whole byte array into a hex string. Then, when
|>>> receiving a hex string, i convert it to a byte array, then decrypt
|>>> it, pull off the first 4 bytes, and covert the remaining bytes
|>>> back into a string.
|>>>
|>>> Try decrypting
|>>> 933d5162fadc8f46acc8e0fdd123205867743c03ce284794f989691a5a and you
|>>> should get the "I really enjoy carpeting."
|>>>
|>>> For funsies, here are the decrpyt and encrypt functions:
|>>>
|>>> // The input buffer needs to have 4 bytes at the front to allow
|>>> for the key to be placed there
|>>> public static byte[] Encrpyt(byte[] data)
|>>> {
|>>> // Create a byte buffer, which is the 4 byte key plus the data
|>>> byte[] ret=new byte[data.length];
|>>> System.arraycopy(data,0,ret,0,data.length);
|>>>
|>>> // Get a random int to encrypt with
|>>> int key=new Random().nextInt();
|>>>
|>>> // Copy the key and data to the out array
|>>> System.arraycopy(intToByteArray(key),0,ret,0,4);
|>>>
|>>> // Encrypt the data
|>>> DoCrypt(key,ret,4);
|>>>
|>>> return ret;
|>>> }
|>>>
|>>> // Will return the buffer with the key still at the first 4 bytes
|>>> public static byte[] Decrypt(byte[] data)
|>>> {
|>>> // Create a byte buffer
|>>> byte[] ret=new byte[data.length];
|>>> System.arraycopy(data,0,ret,0,data.length);
|>>>
|>>> // Get the key from the first 4 bytes
|>>> int key=byteArrayToInt(data,0);
|>>>
|>>> // Decrypt the data
|>>> DoCrypt(key,ret,4);
|>>>
|>>> return ret;
|>>> }
|>>>
|>>> private static void DoCrypt(int key,byte[] data,int offset)
|>>> {
|>>> byte b=0;
|>>> for(int i=offset;i<data.length;i++)
|>>> {
|>>> key = key * 1103515245 + 12345;
|>>> b=(byte)((key/65536) % 256);
|>>> data[i] ^= b;
|>>> }
|>>> }
|>>>
|>>>
|>>>
|>>
|>
|
|
Received on Fri Sep 14 2007 - 10:55:56 BST

This archive was generated by hypermail 2.2.0 : Sun Sep 16 2007 - 22:19:46 BST