-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
3 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -6,12 +6,8 @@ | |
According to the documentation and as it is mentionned that type 7 is an hashing algorithm."><meta property="article:published_time" content="2024-10-13 01:25:30 +0200 +0200"><link rel=stylesheet href=https://cdn.jsdelivr.net/npm/[email protected]/dist/katex.min.css integrity=sha384-nB0miv6/jRmo5UMMR1wu3Gz6NLsoTkbqJghGIsx//Rlm+ZU03BU6SQNC66uf4l5+ crossorigin=anonymous><script defer src=https://cdn.jsdelivr.net/npm/[email protected]/dist/katex.min.js integrity=sha384-7zkQWkzuo3B5mTepMUcHkMB5jZaolc2xDwL6VFqjFALcbeS9Ggm/Yr2r3Dy4lfFg crossorigin=anonymous></script><script defer src=https://cdn.jsdelivr.net/npm/[email protected]/dist/contrib/auto-render.min.js integrity=sha384-43gviWU0YVjaDtb/GhzOouOXtZMP/7XUzwPTstBeZFe/+rCMvRwr4yROQP43s0Xk crossorigin=anonymous onload='renderMathInElement(document.body,{delimiters:[{left:"$$",right:"$$",display:!0},{left:"\\[",right:"\\]",display:!0},{left:"$",right:"$",display:!1},{left:"\\(",right:"\\)",display:!1}]})'></script></head><body><script defer src=https://cdn.jsdelivr.net/npm/[email protected]/dist/katex.min.js></script><script defer src=https://cdn.jsdelivr.net/npm/[email protected]/dist/contrib/auto-render.min.js onload=renderMathInElement(document.body)></script><div class=container><header class=header><span class=header__inner><a href=/gogo-s-blog-cpe style=text-decoration:none><div class=logo><span class=logo__mark>></span> | ||
<span class=logo__text>crypto-pwn-elite(cpe): courses</span> | ||
<span class=logo__cursor style=background-color:#fff></span></div></a><span class=header__right><nav class=menu><ul class=menu__inner><div class=submenu><li class=dropdown><a href=/gogo-s-blog-cpe/from-0-to-crypto-by-projects>Crypto</a></li></div><div class=submenu><li class=dropdown><a href=/gogo-s-blog-cpe/from-0-to-buffer-overflow-by-projects>Pwn</a></li></div><div class=submenu><li class=dropdown><a href=/gogo-s-blog-cpe/putting-games-on-darknet>Elite</a></li></div></ul></nav><span class=menu-trigger><svg viewBox="0 0 24 24"><path d="M0 0h24v24H0z" fill="none"/><path d="M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z"/></svg> | ||
</span><span class="theme-toggle not-selectable"><svg class="theme-toggler" width="24" height="24" viewBox="0 0 48 48" fill="none"><path d="M22 41c10.4934.0 19-8.5066 19-19C41 11.5066 32.4934 3 22 3 11.5066 3 3 11.5066 3 22s8.5066 19 19 19zM7 22C7 13.7157 13.7157 7 22 7V37C13.7157 37 7 30.2843 7 22z"/></svg></span></span></span></header><div class=content><main class=post><div class=post-info></p></div><article><h2 class=post-title><a href=https://gogo2464.github.io/gogo-s-blog-cpe/from-0-to-crypto-by-projects/episode-2-proof-demonstration/>Episode 2: Reversing cryptography algorithm made to be unreversable (checksum). Method by mathematical proof: disproof</a></h2><div class=post-content><h2 id=i---identify>I - Identify</h2><p>In a previous <a href=https://gogo2464.github.io/gogo-s-blog-cpe/from-0-to-buffer-overflow-by-projects/episode-2-guessing-source-code-reverse-engineering-program/>article</a>, I read the source code of a program from the executable. The goal of this new article is to audit the logic behind the math algorithm that supposed to avoid to make someone reverse the modification of the password. The password modification algorithm provided by the previous article work is available at this <a href=https://codeberg.org/gogo/viegenere-cisco-proprietary-algorythm-decompiled-from-packet-tracer>url</a>.</p><p>According to the documentation and as it is mentionned that type 7 is an hashing algorithm.</p><p>A secure hash algorithm is an hash algorithm so that for any function hash that transform the original (plaintext) value $ hased = H(plain) $ there does not exist a function $ rev(hashed) $ so that $ rev(hashed) = plain $.</p><h2 id=ii---notes>II - Notes:</h2><p>I really definitely insist on this point: <code>It is crucial for a cryptologist to PROOVE his statement. Not just calculating.</code> If you only calculate, you could reach some proprietary algorithms such as this one but you will never ever be able to code CVE exploits on modern algorithms. I insist in the point you have to read <a href=https://www.people.vcu.edu/~rhammack/BookOfProof/Main.pdf>book fo proof</a> if you did not do it yet. It is to do theorem proving.</p><h2 id=iii---analysis-under-mathematical-thinking>III - Analysis under mathematical thinking</h2><p>The reverse engineering of the hash of vigenere cisco has permitted to deduct the method taken by this algorithm.</p><p>We could then guess that the researchers thanks then that:</p><p><img alt=image src=/gogo-s-blog-cpe/from-0-to-crypto-by-projects/episode-2-proof-demonstration/theory-behind-type7-hash.png></p><p>The question is to proove that there exists a function $ rev(hashed) $ so that $ \forall plain [rev(H(plain)) = plain] $ then $ \forall x [x = H(plain)] $</p><h2 id=iv-1--solving-the-theorem-finding-a-way-to-proove-the-case>IV/ 1- solving the theorem finding a way to proove the case.</h2><p>There are a lot of different method to proove a theorem. You could pick the one you prefer or the one you find easier.</p><p>The big picture is to split the proof into several cases.</p><p>There a serveral various operations including:</p><ul><li>splitting number between 0 and 256 to two differnt more little number (the shift: $ \ggg $ and the logical and: $ \land 0xf0 $ ). Reversable by mergingtwo numbers in a single one with same algortihm.</li><li>adding. You could simply substract to reverse.</li><li>doing an boolean exclusive logical or to a known password.<ul><li>as each number exclusively logically set to logical or (xored) with itself has the final value of 0 and as 0 set to logical or with another number will return this number, <img alt=image src=/gogo-s-blog-cpe/from-0-to-crypto-by-projects/episode-2-proof-demonstration/reversing-exclusive-or.png> it follows that logically set to logical or to the hardcoded password one time will change the values but logically set to logical or a second time to the same hardcoded value will change it to the original value. See <a href=https://en.wikipedia.org/wiki/Exclusive_or#Definition>boolean algebra</a>, and see this schems provided with the tool name <code>cryptool-2</code>.</li></ul></li></ul><p>All of these are equivalent to another operation.</p><p>Then I decide to choose a proof in the form:</p><p>$ \forall h \in N[(h = p + x) \implies (p = h - x)] $ | ||
and as: | ||
$ \forall h \in N[(h = p \oplus x) \implies (p = h \oplus x)] $ | ||
and as: | ||
$ \forall h \in N[(h = p \ggg x) \implies (p = h \lll x)] $ | ||
then: | ||
for any h in N, $ p = (h - x_1 \oplus x_2 \lll x_3) $.</p><p>Let’s check it out that <a href=/gogo-s-blog-cpe/from-0-to-crypto-by-projects/episode-2-proof-demonstration/latex-reverse-type7.pdf>in this paper</a>!</p></div></article><hr><div class=post-info></div></main></div><footer class=footer><div class=footer__inner><ul class=icons><li><a href=https://gogo2464.github.io/gogo-s-blog-cpe/posts/index.xml target=_blank title=rss class="icon fa-solid fa-rss"></a></li></ul></div><div class=footer__inner><span>©2024</span> | ||
</span><span class="theme-toggle not-selectable"><svg class="theme-toggler" width="24" height="24" viewBox="0 0 48 48" fill="none"><path d="M22 41c10.4934.0 19-8.5066 19-19C41 11.5066 32.4934 3 22 3 11.5066 3 3 11.5066 3 22s8.5066 19 19 19zM7 22C7 13.7157 13.7157 7 22 7V37C13.7157 37 7 30.2843 7 22z"/></svg></span></span></span></header><div class=content><main class=post><div class=post-info></p></div><article><h2 class=post-title><a href=https://gogo2464.github.io/gogo-s-blog-cpe/from-0-to-crypto-by-projects/episode-2-proof-demonstration/>Episode 2: Reversing cryptography algorithm made to be unreversable (checksum). Method by mathematical proof: disproof</a></h2><div class=post-content><h2 id=i---identify>I - Identify</h2><p>In a previous <a href=https://gogo2464.github.io/gogo-s-blog-cpe/from-0-to-buffer-overflow-by-projects/episode-2-guessing-source-code-reverse-engineering-program/>article</a>, I read the source code of a program from the executable. The goal of this new article is to audit the logic behind the math algorithm that supposed to avoid to make someone reverse the modification of the password. The password modification algorithm provided by the previous article work is available at this <a href=https://codeberg.org/gogo/viegenere-cisco-proprietary-algorythm-decompiled-from-packet-tracer>url</a>.</p><p>According to the documentation and as it is mentionned that type 7 is an hashing algorithm.</p><p>A secure hash algorithm is an hash algorithm so that for any function hash that transform the original (plaintext) value $ hased = H(plain) $ there does not exist a function $ rev(hashed) $ so that $ rev(hashed) = plain $.</p><h2 id=ii---notes>II - Notes:</h2><p>I really definitely insist on this point: <code>It is crucial for a cryptologist to PROOVE his statement. Not just calculating.</code> If you only calculate, you could reach some proprietary algorithms such as this one but you will never ever be able to code CVE exploits on modern algorithms. I insist in the point you have to read <a href=https://www.people.vcu.edu/~rhammack/BookOfProof/Main.pdf>book fo proof</a> if you did not do it yet. It is to do theorem proving.</p><h2 id=iii---analysis-under-mathematical-thinking>III - Analysis under mathematical thinking</h2><p>The reverse engineering of the hash of vigenere cisco has permitted to deduct the method taken by this algorithm.</p><p>We could then guess that the researchers thanks then that:</p><p><img alt=image src=/gogo-s-blog-cpe/from-0-to-crypto-by-projects/episode-2-proof-demonstration/theory-behind-type7-hash.png></p><p>The question is to proove that there exists a function $ rev(hashed) $ so that $ \forall plain [rev(H(plain)) = plain] $ then $ \forall x [x = H(plain)] $</p><h2 id=iv-1--solving-the-theorem-finding-a-way-to-proove-the-case>IV/ 1- solving the theorem finding a way to proove the case.</h2><p>There are a lot of different method to proove a theorem. You could pick the one you prefer or the one you find easier.</p><p>The big picture is to split the proof into several cases.</p><p>There a serveral various operations including:</p><ul><li>splitting number between 0 and 256 to two differnt more little number (the shift: $ \ggg $ and the logical and: $ \land 0xf0 $ ). Reversable by mergingtwo numbers in a single one with same algortihm.</li><li>adding. You could simply substract to reverse.</li><li>doing an boolean exclusive logical or to a known password.<ul><li>as each number exclusively logically set to logical or (xored) with itself has the final value of 0 and as 0 set to logical or with another number will return this number, <img alt=image src=/gogo-s-blog-cpe/from-0-to-crypto-by-projects/episode-2-proof-demonstration/reversing-exclusive-or.png> it follows that logically set to logical or to the hardcoded password one time will change the values but logically set to logical or a second time to the same hardcoded value will change it to the original value. See <a href=https://en.wikipedia.org/wiki/Exclusive_or#Definition>boolean algebra</a>, and see this schems provided with the tool name <code>cryptool-2</code>.</li></ul></li></ul><p>All of these are equivalent to another operation.</p><p>Then I decide to choose a proof in the form:</p><p>$ \forall h \in N[(h = p + x) \implies (p = h - x)] $</p><p>and as: | ||
$ \forall h \in N[(h = p \oplus x) \implies (p = h \oplus x)] $</p><p>and as: | ||
$ \forall h \in N[(h = p \ggg x) \implies (p = h \lll x)] $</p><p>then, for any h in N, $ p = (h - x_1 \oplus x_2 \lll x_3) $.</p><p>Let’s check it out that <a href=/gogo-s-blog-cpe/from-0-to-crypto-by-projects/episode-2-proof-demonstration/latex-reverse-type7.pdf>in this paper</a>!</p></div></article><hr><div class=post-info></div></main></div><footer class=footer><div class=footer__inner><ul class=icons><li><a href=https://gogo2464.github.io/gogo-s-blog-cpe/posts/index.xml target=_blank title=rss class="icon fa-solid fa-rss"></a></li></ul></div><div class=footer__inner><span>©2024</span> | ||
<span><a href=https://gogo2464.github.io/gogo-s-blog-cpe/></a></span> | ||
<span><a href=https://creativecommons.org/licenses/by-nc/4.0/ target=_blank rel=noopener>CC BY-NC 4.0</a></span></div><div class=footer__inner><div class=footer__content><span>Powered by <a href=http://gohugo.io>Hugo</a></span><span>with <a href=https://github.com/coolapso/hugo-theme-hello-4s3ti>Hello-friend-4s3ti</a></span></div></div></footer></div><script type=text/javascript src=/gogo-s-blog-cpe/bundle.min.efa6b6352b1e4d712533d2fbd29f0c899eb1474e0f181433c934e6c6fdd3678ff834c116423c957d7a6ff6763e9c0d599a82208cdeae81c4a483e37853c46360.js integrity="sha512-76a2NSseTXElM9L70p8MiZ6xR04PGBQzyTTmxv3TZ4/4NMEWQjyVfXpv9nY+nA1ZmoIgjN6ugcSkg+N4U8RjYA=="></script></body></html> |