Internet Storm Center

Place to discuss anything, almost. No politics, religion, Microsoft, or anything else that I (the nazi censor) deem inappropriate.
Post Reply
User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Internet Storm Center

Post by Void Main » Fri Nov 05, 2004 10:12 am

These guys always seem to come up with ways to make security fun:
...
...

With that out of the way, why don’t we “warm up” by quickly retracing the path we’ve already trod? Perhaps now would be a good time to take a bathroom break and grab a fresh container of your favorite adult beverage, ‘cause once this caravan rolls, we ain’t stoppin’. Go on, I’ll wait...

Ready? Good. Let’s go!

In the beginning, there was Joe Average. And Joe didst buy himself a computer and conneceth it to the Internet. And with his computer, Joe did surfeth, and readeth email, and playeth many games. And Joe looked upon the Internet, and it was Good.

But while Joe did possess knowledge of the Internet Good, he did not understand that Evil too lived on the Internet. And he patcheth not.

Then one day, Joe didst unknowingly go to a Bad Place, and much Evil befell his shiny new computer.

How Evil? Very, VERY Evil:
See "Follow The Bouncing Malware, Part III" here for the rest:
http://isc.sans.org/diary.php?date=2004-11-04

agent007
administrator
administrator
Posts: 254
Joined: Wed Feb 12, 2003 11:26 pm

Post by agent007 » Sat Nov 06, 2004 12:16 pm

The article has some nice humour allright..But what amazes me is, how he was able to code a proggie to decrypt the data? The encrypted binary makes no mention of the kind of encrytion used...Pretty fascinating stuff!

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Sun Nov 07, 2004 8:30 pm

I'm not sure what clues he had to figure out the math involved in this case but back in the late '80s I wrote a program called "HDMCRACK" to decrypt passwords in a program called "HDM" (Hard Disk Menu). This was a DOS based menuing system (pre-Windows). I just *might* have the source code for my crack around somewhere (wrote it in Turbo Pascal).

It was my first and last attempt at trying to crack an encryption scheme, and it was a successful attempt. At the time I didn't really know anything about encryption and just figured it all out on my own. I cracked the encryption in one night, a very loooong night of trial and error. Luckily it wasn't a key based encryption like DES that I was dealing with. :)

I believe the author of HDM came up with his own encryption scheme and it wasn't used by anything else (hopefully). He did change the encryption scheme in later releases of HDM after I sent him a copy of my HDMCRACK program (which was itself a nice menu driven utility).

I had noticed that the password was stored in encrypted form in the HDM configuration file. What I did was repeatedly change the password and take notes on how the encrypted password changed. I realized a pattern in the way the characters had changed and wrote a formula that was the reverse of the formula used to encrypt the password. This is similar to what the guy did in this article.

agent007
administrator
administrator
Posts: 254
Joined: Wed Feb 12, 2003 11:26 pm

Post by agent007 » Mon Nov 08, 2004 12:31 pm

I suppose this is like reversing a MD5 hash?
Void Main wrote: I had noticed that the password was stored in encrypted form in the HDM configuration file. What I did was repeatedly change the password and take notes on how the encrypted password changed. I realized a pattern in the way the characters had changed and wrote a formula that was the reverse of the formula used to encrypt the password. This is similar to what the guy did in this article.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Mon Nov 08, 2004 2:16 pm

Well, not really. An MD5 hash is a way of fingerprinting a set of data. You can not reverse an MD5 hash and get the original data back. I am referring to a simple encryption method where like all encryption methods you scramble the data by applying a mathmatical formula to the data. With key based types of encryption the forumula changes with each unique key and in order to reverse the encryption you have to have the key. In the encryption used on the HDM passwords there were no keys, just a hard formula. I don't recall exactly but I do recall a different forumula being used for each character position in the password and the length of the password was also used as part of the overall formula.

User avatar
Calum
guru
guru
Posts: 1349
Joined: Fri Jan 10, 2003 11:32 am
Location: Bonny Scotland
Contact:

Post by Calum » Mon Nov 15, 2004 5:44 am

sounds pretty good for a not-a-key-based form of encryption, the sort of thing that they should teach students to try and crack as part of their education about cryptography.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Tue Nov 16, 2004 8:46 pm

Holy hand grenade Batman! I just ran across my HDMCRACK pascal source zipped up on the hard drive of my main desktop. The date stamp on the program is October 7th of 1991, just a couple of months after I got back from Desert Storm. I thought I had actually written it before going over there, somewhere around late '80s but maybe not. Unfortunately I didn't put a "born on date" in my comments within the source so I can't say for sure. I guess I could have just updated it when I got back changing the time stamp. The world may never know...

Now, maybe if anyone is interested I could write a little program to generate an encrypted password using the HDM algorythm and see if anyone can figure out a way to decrypt it like I did. I will encrypt a password and post it, along with the program that did the encryption and see if you can reverse it. It really only took me a couple of hours to do, and I was a jet mechanic at the time so you smart computer people shouldn't have any problem. :) I guess I should post this in the Programming forum when I get it ready.

User avatar
Calum
guru
guru
Posts: 1349
Joined: Fri Jan 10, 2003 11:32 am
Location: Bonny Scotland
Contact:

Post by Calum » Thu Nov 18, 2004 1:43 pm

that was my fourteenth birthday.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Thu Nov 18, 2004 3:07 pm

Calum wrote:that was my fourteenth birthday.
Calum, you're just a kid! :)

caveman
programmer
programmer
Posts: 130
Joined: Sun Feb 09, 2003 1:08 pm
Location: Midrand Gauteng, South Africa

Post by caveman » Thu Nov 18, 2004 5:39 pm

My sympathies exactly....

The other day I saw a guy that used to frequent my shop in '83... and he was then
only 14 years old.... bloody hell and now all of a sudden he's 33 years old
with 10 year old kids of his own... and he still said "hello uncle".

Shaiiiiit I suddenlly realised how time really went by!
Actually I realised it in a different way when my daughters' friends
started to look interesting - and here I am - just another dirty sic. old man..

But fortunatly we are only as old as we feel - and except for this and that -
like needing more sleep, concentration shot etc. etc.
I still feel like I'm 24 - even though I can't do what I used to be able to do
back then.......

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Thu Nov 18, 2004 6:25 pm

caveman wrote:The other day I saw a guy that used to frequent my shop in '83... and he was then only 14 years old.... bloody hell and now all of a sudden he's 33 years old with 10 year old kids of his own... and he still said "hello uncle".
Shaiiiiit I suddenlly realised how time really went by!
Sorry caveman but even 2 more years than you thought has gone by:

14 + 2004 - 1983 = 35
35 - 33 = 2

Maybe you have that Easter Egg syndrome like I have. :)
Actually I realised it in a different way when my daughters' friends
started to look interesting - and here I am - just another dirty sic. old man..
A good friend of mine has a daughter who started working at Hooters last year. I had to stop going in there because I have a daughter that is almost as old as his. It just doesn't seem right any more. :(
But fortunatly we are only as old as we feel - and except for this and that -
like needing more sleep, concentration shot etc. etc.
I still feel like I'm 24 - even though I can't do what I used to be able to do
back then.......
If that's the case I'm 102. I am actually younger than I feel, which didn't start happening until about 2 years back.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Thu Nov 18, 2004 10:19 pm

Void Main wrote:Now, maybe if anyone is interested I could write a little program to generate an encrypted password using the HDM algorythm and see if anyone can figure out a way to decrypt it like I did. I will encrypt a password and post it, along with the program that did the encryption and see if you can reverse it. It really only took me a couple of hours to do, and I was a jet mechanic at the time so you smart computer people shouldn't have any problem. :) I guess I should post this in the Programming forum when I get it ready.
I guess I should have mentioned that I wrote the programs and started the challenge the same night I wrote the above. Here's the thread containing the challenge for whoever is interested:

http://voidmain.is-a-geek.net/forums/vi ... php?t=1266

Post Reply