16 replies to this topic

[Aghaster]

Hi,

I'd like to learn how file encryption works, and how could I write programs to encrypt files. I'd like to encrypt some of my files on my computer, and also be able to write my own encryption routines for a backdoor program I'm writing, I don't want to send unencrypted data over the network. Any clue to get me started?

[jabzor]

As a quick start:
http://en.wikipedia....yption_Standard
http://en.wikipedia.org/wiki/Md5 <- generally used for authentication in somewhat older protocols, not entirely secure
http://en.wikipedia.org/wiki/Twofish
etc..

[Ohm]

Pick up a copy of Applied Cryptography. Also look up the RC4 cipher, it's dead easy to implement.

[swestres]

File encryption for backdoors and other programs are a bit different. It's often times not encryption at all, just a few obfuscating routines and some XOR and ADD instructions. AES, MD4 and Twofish wont help you a lot. I've seen a few RC4 implementations, but that's it. Generally, size does matters. And if your goal is making a file undetectable, don't overdo it. The smaller your executable is, the easier it is to change its fingerprint.

A crypter is made up of three parts: A builder, a stub and the file you want to encrypt. The builder builds the final product. The stub is the decrypter(&loader), it often times has the file you want to be undetected in its .rsrc section, or at end of file. Unless you want to drop your encrypted file to the HDD, you need a PE loader in your stub. Dropping the file is not recommended, since AV usually hooks the file API functions, and if your file is detected, it's Goodnight Saigon as soon as it's dropped. A loader is pretty simple, it allocates some process memory (often times in the context of another process) and copies the PE image to the memory (with correct alignment). The crypter is also a part of the stub. It deobfuscates before the file is loaded. As I wrote, the obfuscation routine is often times just a few XOR and ADD instructions and the deobfuscate routine is this in reverse.

Often times the stub has a few test to try if it's run in VMWare or an AV sandbox. If it finds out that is, it should exit.

UndergroundKonnekt and SweRAT has some good info about this, but it's not really English so it won't helt you a lot I guess.

That's just if you want to write a crypter. If you want real encryption, applied cryptography is a good start. But encryption is a science and most of the time you just want to implement some security routines and design a secure system. I find Practical Cryptography better for this purpose.

RC4 isn't really ideal if you want to protect your network traffic. Given the same key, it generates the same keystream. It's better to use a block cipher in CBC mode with a nounce as an IV. Otherwise, you'll have to have a complex key scheduling routine, and that suxxx.

EDIT: Spelling error.

Edited by swestres, 21 November 2006 - 02:36 AM.

[Seal]

In line with Applied Cryptography, I hghly suggest you also pick up "Practical Cryptography." Wheras "Applied Cryptography" deals with crypto basics and how to code, "Practical" really helps give you the mindset necessary to create systems. It's the way of thinking, and allows you to better ascertain important flaws with a potential system.

edit: Oops, just realised swestres said the same.

Edited by Seal, 21 November 2006 - 01:47 PM.

[chefninja]

As for using it in your programs... try using the openssl library. Most *nix will have it installed by default. Headers are in openssl/*.h.


If you run this:

openssl list-cipher-commands

or

openssl list-message-digest-commands

You can see the available ciphers and digests.

[chefninja]

MM, here's a quick example using openssl and md5.

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/md5.h>

void md5(char *buf, unsigned char *digest);

int main(int argc, char **argv)
{
	if (argc < 2)
		return -1;
	
	unsigned char *digest = malloc(16);
	
	md5(argv[1], digest);
	
	for (int i = 0; i < 16; i++)
		printf("%.2x", *(digest+i));
	printf("\n");
	
	free(digest);
	return 0;
}

void md5(char *buf, unsigned char *digest)
{
	MD5_CTX ctx;
	
	MD5_Init(&ctx);
	MD5_Update(&ctx, (unsigned char *)buf, strlen(buf));
	MD5_Final(digest, &ctx);
}

mbp:~/Desktop andro$ gcc -std=c99 -lcrypto md5example.c -o md5example
mbp:~/Desktop andro$ ./md5example test
098f6bcd4621d373cade4e832627b4f6
mbp:~/Desktop andro$ echo -n 'test' | md5
098f6bcd4621d373cade4e832627b4f6

[tsudohnimh]

For file encryption I swear by Truecrypt an Open Source, Sourceforge project.

http://www.truecrypt.org/


Tsudohnimh
Knowthenetwork.com

[lambda]

MD5 is not encryption, it is a hashing algorithm.

http://en.wikipedia.org/wiki/Md5

[Aghaster]

Hum... interesting. I will definitly take a look at it. Ah, and btw, my goal is to send data over my school's network, which has no firewall, so I highly doubt that if someone intercepts the packets they would take the time to crack the encryption to know what they contain, even if the encryption is very weak.. People play warcraft 3 in lan on the school's computers, so it would just like any other packet. My first goal is not to send suspicious packets on the network, like commands to be executed on a remote computer.

[chefninja]

I know MD5 isn't an encryption scheme, but it was just a quick example showing how easy the openssl library is to use.

[jabzor]

http://en.wikipedia.org/wiki/Md5 <- generally used for authentication in somewhat older protocols, not entirely secure

MD5 is not encryption, it is a hashing algorithm.
http://en.wikipedia.org/wiki/Md5

???? It's used for authenticating end-peers in RIP for example, never said it was an encryption algo.

[AxeZ]

Hum... interesting. I will definitly take a look at it. Ah, and btw, my goal is to send data over my school's network, which has no firewall, so I highly doubt that if someone intercepts the packets they would take the time to crack the encryption to know what they contain, even if the encryption is very weak.. People play warcraft 3 in lan on the school's computers, so it would just like any other packet. My first goal is not to send suspicious packets on the network, like commands to be executed on a remote computer.

OpenSSH

[MyNameIsURL]

Pick up a copy of Applied Cryptography. Also look up the RC4 cipher, it's dead easy to implement.

Best Crypto Book Ever!

Written by the world's most badass Info Security Guru, Bruce Schneier!

http://www.schneier....e_schneier.html

[Rightcoast]

I got an email from Syngress today about the latest title they just released. It's "Cryptography For Developers" by Tom St Denis.
http://www.syngress....talog/?pid=4040

[Phail_Saph]

Hey Aghaster,

Some of the books the people are mentioning are pretty involved and by the time you are finished you'll already be in college formally studing them. The applied/practical Crytography series are great books for people seriously studing the topic. But, you'll probably get bored fast. Being a hacker you want more to discover it yourself than do what others have done (you getting plenty of that in school already). If you want to have some real fun and you know some basic programming, just invent your own. Of course they won't be hard to break by tyical standards, but if you want to make a program that encodes your data for network transfers to another computer and then from that computer run a program to decode the file, it is well within your reach for you to invent your own process; and that is fun!

For instance, as long as you have basic structured programming experience, you already know how to open, read, and close a file. So all you have to do is run each of your record's value into a formula of your choosing, even a little recursion if you want, output it into another file with a coded name as well and viola.
You then send it to your home computer or another (the packets would only show "jibberish") and use your decode algorithm. It won't be foolproof but it suffices for what your doing (your more likely to get caught sending stuff in general from your computer rather than what you sent being analyzed unless it was "in the clear" and showing that you sent obscene stuff. Of course, the code will prevent that.)...and now, by the way, you are the inventor and by creating this program yourself you'll learn how to "think" like a crytologist or crytographer (whatever). Soon you'll be developing your own more complex algorithms and by the time your in college studing this stuff "for real" you'll have an intuitive understanding that may even surpass your teacher...you never know.

Phail_Saph

[arewhyainn]

I don't want to send unencrypted data over the network. Any clue to get me started?

ssh, scp, or sshfs