This is a 1500 points contest (about cryptography)

Look discussion in http://www.experts-exchange.com/Programming/Programming_Languages/Delphi/Q_20709257.html

The cryptographic method is the XOR method, the algorithm used is in the link above (look knightmad 1st post), 1500 points for the 1st that decrypt the following file, in less than an week.
I converted the char's to ints, because the non-printable characteres are not visible here (oh, really?!).

The key isn't the same, more than 5 and less than 15 characters.

If in an week nobody can decrypt, I will ask for my points being refunded and the question PAQ.

Have fun,
Fernando - Brasil

// The file starts here

 29 53 127 78 24 11 58 6 37 17 34 17 33 84 94 111 94 107 2 46 110 125 79 99 89 60 60 20 109 2 38 6 32 78 62 0 115 0 109 23 42 28 44 29 39 12 48 65 57 0 55 4 101 70 113 45 54 13 33 10 111 24 42 25 115 4 33 4 109 28 32 5 122 76 115 10 33 65 62 10 34 21 49 6 58 11 52 65 33 12 36 21 101 26 59 12 32 90 109 9 42 30 34 26 59 69 58 18 109 16 33 25 43 26 54 23 54 18 57 12 33 23 100 71 115 104 89 0 35 1 111 17 101 28 54 4 63 8 62 17 38 19 101 30 50 22 32 22 34 23 43 80 109 76 53 83 32 41 105 15 60 82 126 78 61 10 39 65 33 10 33 23 32 28 115 17 59 0 35 69 119 80 38 6 50 23 32 72 109 4 33 20 101 7 115 18 58 13 33 69 56 2 44 26 54 69 42 14 56 69 46 80 33 11 48 23 42 17 57 12 33 23 101 13 60 1 54 65 43 10 61 125 79 23 60 16 33 65 46 12 63 24 32 28 39 0 43 21 109 4 33 20 101 23 60 16 115 2 44 11 111 18 32 2 58 19 54 77 109 17 39 17 49 78 39 13 58 18 109 17 46 27 32 29 115 11 60 21 109 8 32 2 32 78 39 13 50 15 109 4 111 22 32 25 115 8 58 15 56 17 42 3 107 99 89 104 89 53 37 0 111 0 55 1 49 9 54 12 109 7 54 80 103 11 61 6 33 24 61 17 38 30 34 76 115 18 58 21 37 69 23 63 23 78 58 22 115 21 37 0 111 22 42 2 63 10 36 8 35 2 117 125 79 78 26 3 115 24 34 16 111 28 44 0 56 69 39 9 40 69 44 25 53 6 54 23 39 4 53 17 111 7 44 26 59 69 39 9 40 69 63 28 36 7 61 17 54 25 57 69 54 31 48 78 36 12 63 13 109 2 42 4 101 26 59 0 115 10 40 28 97 125 79 78 26 3 115 21 37 0 111 27 32 23 115 12 32 65 63 0 46 28 44 29 39 12 48 77 109 17 39 17 49 78 62 0 50 15 62 69 33 31 49 78 63 10 61 6 40 23 111 4 45 15 61 69 107 65 46 13 46 2 54 78 50 11 55 65 57 13 42 80 116 92 107 69 56 4 52 7 32 17 55 10 126 14 54 24 62 73 66 122 101 26 59 0 115 0 57 17 46 19 46 11 33 69 63 8 35 14 111 9 42 27 33 69 48 8 61 13 42 2 49 11 43 17 115 2 37 4 61 80 39 23 115 6 59 0 63 69 56 25 49 6 115 3 33 4 60 16 42 30 49 2 42 69 38 18 40 1 111 19 45 15 33 22 125 108 71 69 27 24 32 0 115 13 54 65 33 10 32 27 101 15 39 69 39 9 40 69 36 21 60 64 115 44 53 65 57 13 42 80 33 11 33 12 37 4 41 69 36 21 60 78 58 22 115 19 40 4 35 25 54 26 58 6 115 0 35 1 111 4 45 11 115 1 54 19 36 19 42 20 101 30 63 4 58 15 57 0 55 4 101 7 32 69 50 13 62 10 66 122 101 28 54 4 55 0 47 9 42 80 45 11 115 6 50 15 109 7 42 80 54 27 33 0 127 65 57 13 46 4 101 6 54 69 59 0 62 69 59 24 32 78 33 12 52 9 57 69 36 21 60 78 50 11 55 65 43 23 32 29 101 0 60 18 115 14 35 69 39 21 101 13 50 11 115 4 44 22 38 28 44 11 115 104 89 65 109 1 42 19 55 23 35 17 115 0 33 9 111 29 32 29 32 4 52 4 62 69 42 30 38 28 42 21 39 4 41 69 56 25 49 6 115 17 59 4 109 14 42 9 107 64 125 104 89 108 71 36 35 28 101 13 63 0 50 19 114 69 111 125 79 99 89 45 50 23 40 69 41 5 43 79 94 111
LVL 7
knightmadAsked:
Who is Participating?
 
_nn_Connect With a Mentor Commented:
Key is 10 chars long

RE: Knightmad:

OK!

You give me a relistic text ("Hello how are you?" or something like this; length is uninteresting!)
and a realistic password ("f6sH$js"; not longer than 8 chars) and i will write you a decrypting code for
your ciphertext and you can belive, that this takes not more than a few minutes.

The problem by "encrypting" with XOR is the following:
 If you link the ciphertext with the plaintext you will get the key.
 If the key is realistic, that means not longer than 8 chars and the 128 keyboard-keys,
 the attacker link your ciphertext char by char with frequently used chars.
 Then he look at the key. If the derived key is realistic and the derived plaintext is also
 readable he can be sure, that he has the right key and from now on he can easilie
  decrypt all messages encrypted with the key...

All clear?  

Have fun!
Y

0
 
stsanzCommented:
By statistical comparizon I may guess that the key length is 14.
Am I right?
0
 
_nn_Commented:
The key :

unsigned char key[] = {0x4f, 0x70, 0x45, 0x6e, 0x53, 0x65, 0x53, 0x61, 0x4d, 0x65 };
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
_nn_Commented:
I see, that's a post in your other thread :
Comment from ChristopH1987  Date: 08/15/2003 04:18PM CEST  
0
 
stsanzCommented:
Very impressive _nn_ !

Can I submit this one to your sagacity?

The key is a bit longer but less than 50 characters.

28 22 23 28 13 89 75 47 5 2 69 65 36 65 13 27 79 33 8 72 109 1 11 71 27 0 82 50 73 23 9 82 63 12 14 9 11 69 0 59 26 0 78 31 16 67 46 73 25 3 0 35 0 21 26 83 57 14 78 109 0 0 20 5 1 69 119 1 29 27 0 46 29 2 20 24 69 28 34 18 23 78 0 17 72 106 15 25 9 76 56 22 16 29 71 116 27 87 34 73 25 2 9 14 83 123 73 21 72 71 33 26 16 14 2 2 83 39 18 6 28 17 13 13 62 1 23 17 0 36 20 9 3 79 38 27 69 41 73 6 14 1 69 84 63 27 27 29 71 37 85 50 10 14 23 26 48 16 0 73 7 89 78 38 8 5 22 69 36 65 24 29 68 116 10 86 40 7 78 10 13 1 69 119 0 0 72 80 34 6 20 14 14 9 22 116 17 10 28 84 17 68 39 73 2 10 0 36 12 16 31 69 116 13 76 44 7 10 11 21 69 65 36 73 28 13 0 33 26 8 12 9 1 83 61 25 17 1 84 17 72 56 73 30 10 82 37 8 27 31 69 116 13 85 33 14 7 9 11 69 69 46 12 7 70 0 5 16 71 6 2 1 83 32 31 0 78 48 56 13 61 12 4 0 0 37 4 10 26 83 32 6 78 42 73 6 2 30 69 85 57 13 17 26 0 37 16 21 71 26 0 1 45 87 11 1 7 28 1 106 13 25 12 78 48 65 13 27 69 116 25 69 63 16 78 19 4 12 78 48 73 7 0 69 109 20 9 3 76 17 27 49 87 40 7 26 16 94 62 27 15 69 77 56 18 13 83 70 49 14 82 40 13 66 71 13 11 68 119 30 28 13 78 40 3 2 21 76 13 22 116 0 4 29 84 10 88 58 25 25 22 69 51 65 13 28 0 54 10 0 63 12 15 3 5 11 71 119 62 29 4 66 40 7 19 71 63 9 26 58 28 13 15 6 29 10 57 73 20 10 79 60 65 29 6 82 61 1 71 109 1 11 21 76 9 69 36 26 27 6 83 109 29 2 71 8 18 22 56 27 0 10 84 16 67 57 29 19 4 68 119 14 23 83 83 53 27 73 62 15 23 14 2 2 0 58 12 25 7 82 36 16 20 71 3 3 83 32 31 0 7 6 89 64 37 26 2 69 82 50 2 28 29 84 116 2 69 40 29 7 9 11 22 12 119 27 17 5 69 32 23 2 21 5 11 20 116 31 10 25 84 55 72 60 0 26 9 69 119 9 24 23 0 39 26 67 46 12 29 20 10 16 76 59 16 84 12 73 62 20 21 10 9 1 83 28 18 23 3 29 22 67 47 69 86 13 79 32 65 58 28 76 61 1 0 14 27 11 2 26 0 89 119 1 21 12 0 32 20 20 19 9 23 22 48 87 17 6 17 89 100 39 25 19 1 73 58 4 23 7 0 30 6 78 53 73 15 1 24 0 82 119 29 28 26 69 40 85 10 2 9 17 26 58 16 22 73 84 17 76 56 13 86 0 70 49 14 11 7 12 116 7 79 58 73 62 6 30 19 65 35 0 84 56 65 57 28 11 71 4 4 23 116 7 23 1 16 12 78 47 13 86 22 85 52 9 89 18 0 51 0 79 41 73 60 2 8 16 67 35 6 6 72 99 56 7 20 2 76 17 27 53 3 69 29 28 28 13 34 8 18 69 82 50 5 12 16 69 48 79 84 37 12 78 19 13 7 76 50 73 23 9 82 63 12 14 9 11 69 18 56 27 69 26 28 28 13 25 7 19 4 75 56 18 26 28 80 49 28 0 57 6 78 3 25 22 84 121
0
 
knightmadAuthor Commented:
_nn_: Damn it .... Cristopher was right, a few minutes and somebody did it ..... : ) ChristopH1987 was right .... I am happy for not using my EE key to crypt this post ...... Two questions before to post the points: 1) In which section you want the other 1000 points 2) Which method have you used to decrypt? Brute Force, Social Engineering, word list?
0
 
_nn_Commented:
1) As you wish, I have no preference.

2) Brute force. Basically, I "probed" keylengths with a simple valuation function : see if all "decoded" characters would hit a specific set of characters, namely printable ones (ascii 32 up to 127) and CR/LF. I found that 10 characters keylength was generating "full hits" at all positions. Unfortunately, they weren't univoque (2 and sometimes more possibilities). So I had to try by hand to see what combinations would make sense. It proved rather easy to find the correct combination though.

stsanz, thanks, I'm tempted by the challenge, but I've got to dedicate some time to my wife tonite :)
0
 
knightmadAuthor Commented:
I didn't got exactly how you did it, but I understood the idea ..... I will post the rest of the points here in Puzzles_Riddle
0
 
_nn_Commented:
I can explain a bit more, no problem

I made a simple C program with a couple loop

- loop over keylengths, so take every 15 characters, then take every 14 characters
- for each position starting from 0,
    so, for keylength 15, I tested character 0, 15, 30, etc
    for keylength 14, I tested character 0, 14, 28, etc
- loop over byte values, so 0 -> 255
- XOR that number with the cypher text
- Test if the result is either printable or CR/LF -> Increment a counter

At keylength 10, I noticed that I got "full hits", that is, there was 2 or more byte values which were generating 100% valid clear text. So I tested all positions for keylength 10.

- keylength fixed at 10
- for each position starting from 0 up to 9
- loop over byte values, so 0 -> 255
- XOR that number with the cypher text
- Test if the result is either printable or CR/LF -> Increment a counter

Seeing that all positions were also generating "full hits" convinced me that the keylength was 10, and I already had a very reduced set of possibilities : for instance
only 2 possibilities at positions 0 up to 3 of the key...

The rest was guess work, from the decrypted portion, it was easy to infer the rest.
0
 
knightmadAuthor Commented:
Too nice ..... it was not brute force in the way I understand (letting the machine to do the hard work). Good work,

Fernando - Brasil
0
 
knightmadAuthor Commented:
All right .... I didn't knew it before to do, later, when I entered in "Rethinking about the issues" thread, I noticed it ... My apologies ...
0
All Courses

From novice to tech pro — start learning today.