Jump to content


Photo
- - - - -

File Encryption


  • Please log in to reply
16 replies to this topic

#1 Aghaster

Aghaster

    The Frenchman

  • Agents of the Revolution
  • 2,093 posts
  • Country:
  • Gender:Male
  • Location:Quebec, Canada

Posted 20 November 2006 - 10:29 PM

Hi,

I'd like to learn how file encryption works, and how could I write programs to encrypt files. I'd like to encrypt some of my files on my computer, and also be able to write my own encryption routines for a backdoor program I'm writing, I don't want to send unencrypted data over the network. Any clue to get me started?

#2 jabzor

jabzor

    hax?

  • Agents of the Revolution
  • 1,146 posts
  • Country:
  • Gender:Male
  • Location:Northern Elbonia, fighting the lefties

Posted 20 November 2006 - 10:51 PM

As a quick start:
http://en.wikipedia....yption_Standard
http://en.wikipedia.org/wiki/Md5 <- generally used for authentication in somewhat older protocols, not entirely secure
http://en.wikipedia.org/wiki/Twofish
etc..

#3 Ohm

Ohm

    I could have written a book with all of these posts

  • Members
  • 3,209 posts
  • Gender:Male
  • Location:Maine, USA

Posted 21 November 2006 - 12:03 AM

Pick up a copy of Applied Cryptography. Also look up the RC4 cipher, it's dead easy to implement.

#4 swestres

swestres

    SUP3R 31337

  • Members
  • 164 posts

Posted 21 November 2006 - 01:34 AM

File encryption for backdoors and other programs are a bit different. It's often times not encryption at all, just a few obfuscating routines and some XOR and ADD instructions. AES, MD4 and Twofish wont help you a lot. I've seen a few RC4 implementations, but that's it. Generally, size does matters. And if your goal is making a file undetectable, don't overdo it. The smaller your executable is, the easier it is to change its fingerprint.

A crypter is made up of three parts: A builder, a stub and the file you want to encrypt. The builder builds the final product. The stub is the decrypter(&loader), it often times has the file you want to be undetected in its .rsrc section, or at end of file. Unless you want to drop your encrypted file to the HDD, you need a PE loader in your stub. Dropping the file is not recommended, since AV usually hooks the file API functions, and if your file is detected, it's Goodnight Saigon as soon as it's dropped. A loader is pretty simple, it allocates some process memory (often times in the context of another process) and copies the PE image to the memory (with correct alignment). The crypter is also a part of the stub. It deobfuscates before the file is loaded. As I wrote, the obfuscation routine is often times just a few XOR and ADD instructions and the deobfuscate routine is this in reverse.

Often times the stub has a few test to try if it's run in VMWare or an AV sandbox. If it finds out that is, it should exit.

UndergroundKonnekt and SweRAT has some good info about this, but it's not really English so it won't helt you a lot I guess.

That's just if you want to write a crypter. If you want real encryption, applied cryptography is a good start. But encryption is a science and most of the time you just want to implement some security routines and design a secure system. I find Practical Cryptography better for this purpose.

RC4 isn't really ideal if you want to protect your network traffic. Given the same key, it generates the same keystream. It's better to use a block cipher in CBC mode with a nounce as an IV. Otherwise, you'll have to have a complex key scheduling routine, and that suxxx.

EDIT: Spelling error.

Edited by swestres, 21 November 2006 - 02:36 AM.


#5 Seal

Seal

    Not a fan of clubs.

  • Agents of the Revolution
  • 2,440 posts
  • Country:
  • Gender:Male
  • Location:Canada

Posted 21 November 2006 - 01:45 PM

In line with Applied Cryptography, I hghly suggest you also pick up "Practical Cryptography." Wheras "Applied Cryptography" deals with crypto basics and how to code, "Practical" really helps give you the mindset necessary to create systems. It's the way of thinking, and allows you to better ascertain important flaws with a potential system.

edit: Oops, just realised swestres said the same.

Edited by Seal, 21 November 2006 - 01:47 PM.


#6 chefninja

chefninja

    Gibson Hacker

  • Members
  • 79 posts

Posted 21 November 2006 - 03:40 PM

As for using it in your programs... try using the openssl library. Most *nix will have it installed by default. Headers are in openssl/*.h.


If you run this:
openssl list-cipher-commands

or

openssl list-message-digest-commands


You can see the available ciphers and digests.

#7 chefninja

chefninja

    Gibson Hacker

  • Members
  • 79 posts

Posted 21 November 2006 - 04:20 PM

MM, here's a quick example using openssl and md5.


#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/md5.h>

void md5(char *buf, unsigned char *digest);

int main(int argc, char **argv)
{
	if (argc < 2)
		return -1;
	
	unsigned char *digest = malloc(16);
	
	md5(argv[1], digest);
	
	for (int i = 0; i < 16; i++)
		printf("%.2x", *(digest+i));
	printf("\n");
	
	free(digest);
	return 0;
}

void md5(char *buf, unsigned char *digest)
{
	MD5_CTX ctx;
	
	MD5_Init(&ctx);
	MD5_Update(&ctx, (unsigned char *)buf, strlen(buf));
	MD5_Final(digest, &ctx);
}


mbp:~/Desktop andro$ gcc -std=c99 -lcrypto md5example.c -o md5example
mbp:~/Desktop andro$ ./md5example test
098f6bcd4621d373cade4e832627b4f6
mbp:~/Desktop andro$ echo -n 'test' | md5
098f6bcd4621d373cade4e832627b4f6


#8 tsudohnimh

tsudohnimh

    Will I break 10 posts?

  • Members
  • 5 posts
  • Location:AR

Posted 25 November 2006 - 07:41 PM

For file encryption I swear by Truecrypt an Open Source, Sourceforge project.

http://www.truecrypt.org/


Tsudohnimh
Knowthenetwork.com

#9 lambda

lambda

    mad 1337

  • Members
  • 144 posts

Posted 25 November 2006 - 08:32 PM

MD5 is not encryption, it is a hashing algorithm.

http://en.wikipedia.org/wiki/Md5

#10 Aghaster

Aghaster

    The Frenchman

  • Agents of the Revolution
  • 2,093 posts
  • Country:
  • Gender:Male
  • Location:Quebec, Canada

Posted 25 November 2006 - 08:37 PM

Hum... interesting. I will definitly take a look at it. Ah, and btw, my goal is to send data over my school's network, which has no firewall, so I highly doubt that if someone intercepts the packets they would take the time to crack the encryption to know what they contain, even if the encryption is very weak.. People play warcraft 3 in lan on the school's computers, so it would just like any other packet. My first goal is not to send suspicious packets on the network, like commands to be executed on a remote computer.

#11 chefninja

chefninja

    Gibson Hacker

  • Members
  • 79 posts

Posted 26 November 2006 - 01:32 AM

I know MD5 isn't an encryption scheme, but it was just a quick example showing how easy the openssl library is to use.

#12 jabzor

jabzor

    hax?

  • Agents of the Revolution
  • 1,146 posts
  • Country:
  • Gender:Male
  • Location:Northern Elbonia, fighting the lefties

Posted 26 November 2006 - 03:06 PM

http://en.wikipedia.org/wiki/Md5 <- generally used for authentication in somewhat older protocols, not entirely secure

MD5 is not encryption, it is a hashing algorithm.
http://en.wikipedia.org/wiki/Md5


???? It's used for authenticating end-peers in RIP for example, never said it was an encryption algo.

#13 AxeZ

AxeZ

    I broke 10 posts and all I got was this lousy title!

  • Members
  • 17 posts

Posted 27 November 2006 - 10:48 AM

Hum... interesting. I will definitly take a look at it. Ah, and btw, my goal is to send data over my school's network, which has no firewall, so I highly doubt that if someone intercepts the packets they would take the time to crack the encryption to know what they contain, even if the encryption is very weak.. People play warcraft 3 in lan on the school's computers, so it would just like any other packet. My first goal is not to send suspicious packets on the network, like commands to be executed on a remote computer.



OpenSSH

#14 MyNameIsURL

MyNameIsURL

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 440 posts

Posted 27 November 2006 - 10:56 AM

Pick up a copy of Applied Cryptography. Also look up the RC4 cipher, it's dead easy to implement.

Best Crypto Book Ever!

Written by the world's most badass Info Security Guru, Bruce Schneier!

http://www.schneier....e_schneier.html

#15 Rightcoast

Rightcoast

    mmm ... donuts

  • Agents of the Revolution
  • 2,074 posts
  • Gender:Male
  • Location:321

Posted 27 November 2006 - 04:04 PM

I got an email from Syngress today about the latest title they just released. It's "Cryptography For Developers" by Tom St Denis.
http://www.syngress....talog/?pid=4040

#16 Phail_Saph

Phail_Saph

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 323 posts
  • Country:
  • Gender:Male
  • Location:Philly

Posted 30 December 2006 - 01:23 AM

Hey Aghaster,

Some of the books the people are mentioning are pretty involved and by the time you are finished you'll already be in college formally studing them. The applied/practical Crytography series are great books for people seriously studing the topic. But, you'll probably get bored fast. Being a hacker you want more to discover it yourself than do what others have done (you getting plenty of that in school already). If you want to have some real fun and you know some basic programming, just invent your own. Of course they won't be hard to break by tyical standards, but if you want to make a program that encodes your data for network transfers to another computer and then from that computer run a program to decode the file, it is well within your reach for you to invent your own process; and that is fun!

For instance, as long as you have basic structured programming experience, you already know how to open, read, and close a file. So all you have to do is run each of your record's value into a formula of your choosing, even a little recursion if you want, output it into another file with a coded name as well and viola.
You then send it to your home computer or another (the packets would only show "jibberish") and use your decode algorithm. It won't be foolproof but it suffices for what your doing (your more likely to get caught sending stuff in general from your computer rather than what you sent being analyzed unless it was "in the clear" and showing that you sent obscene stuff. Of course, the code will prevent that.)...and now, by the way, you are the inventor and by creating this program yourself you'll learn how to "think" like a crytologist or crytographer (whatever). Soon you'll be developing your own more complex algorithms and by the time your in college studing this stuff "for real" you'll have an intuitive understanding that may even surpass your teacher...you never know.

Phail_Saph

#17 arewhyainn

arewhyainn

    Cryin' Ryan

  • Banned
  • 401 posts
  • Location:Pasadena, TX

Posted 31 December 2006 - 06:05 PM

I don't want to send unencrypted data over the network. Any clue to get me started?

ssh, scp, or sshfs




BinRev is hosted by the great people at Lunarpages!