Determine encryption algorithm
#1
Hello guys,

I'm on some crypto challenges, and i have this challenge where i'm asked to decrypt a txt file.
Is there any way in which i can determine what encryption algorithm was used to encrypt the content of that file.

Thanks
Reply
#2
(06-17-2020, 06:53 PM)damis113 Wrote: Hello guys,

I'm on some crypto challenges, and i have this challenge where i'm asked to decrypt a txt file.
Is there any way in which i can determine what encryption algorithm was used to encrypt the content of that file.

Thanks
 
You could google it. https://duckduckgo.com/?q=how+to+determi...fpas&ia=qa
Reply
#3
So, dismal's search isn't really all that useful.

Six of the first 10 results (first page) are specific encryption usages and checking status of it (Oracle, full-disk crypto, BitLocker, EFS, and SQL Server) The first two non-specific usage links have information primarily about hashes. So 2 out of 10 links (4th and 9th links) are somewhat relevant.

The output of an encryption algorithm should be indistinguishable from random data. As such modern encryption algorithms will all look the same (like random data). So there is no easy answer to distinguish them. Though that only holds for modern encryption.

So, does the data actually look random?

While technically not an encryption, encodings are commonly used in CTFs as crypto challenges. Simply finding some weird way to encode 1 and 0 into another form and then encoding binary data. Black and white pixels, capital and lower case letters, high pitch vs low pitch audio noise, morse code, brail, etc. Does anything kind of repeat like that? Then it might be a weird binary encoding. It also might just be behind a more standard encoding like base64 (or base32 if they are trying to be tricky). Though more commonly such encodings would just be used to encode the proper cipher text and just being used to make it easier to transfer over some medium that doens't like binary data.

Are all the characters printable letters?

Lets say it still looks roughly random, but its all printable and you're sure its not an encoding. You're probably dealing with a more historic type of cipher that works on text rather than more modern systems that work more abstractly on the underlying numbers that represent text. rather than walking you though all of the options for those types of encryptions I'll just point you to https://www.boxentriq.com/code-breaking/...identifier

Assuming you ahve more modern system, and the data looks random, pop it into a hex editor. Do things still look as random?

In particular you should be looking for certain nibbles that occure more frequently than others along certain columns. For example I once had to deal with this blob of data [Image: 2020-06-17-203811515-0e878.jpg]

It looks reasonably random, but closer inspection you start seeng some repeat bytes and nibbles. This tends to be indicative of XOR with a fixed size key. Xoring data with itself offset some bytes is always a good way to figure out if XOR with a repeating key is being used. As you'll find that at certain offsets (that are multiples of the key size) more bytes will zero out.

A lot of crypto breaking comes down to discovering how something isn't actually random and finding a way to abuse that.

Telling modern cryptosystems apart from a single ciphertext containing an unknown source plaintext is impossible, ranodm data looks liek random data. Most crypto breaks require some capabilities like some control over text being encrypted, or access to many encrypted ciphertexts in order to discover weaknesses that wouldn't appear in just a single run.

As you're doing a challenge that is meant to be broken though, its unlikely you're in that position. There is usually a hint in the title or description without seeing the data and the context its in I couldn't give more advice.
Reply
#4
Thanks for your precise explaination, i was quite useful.
Can anyone figure out what ecnryption algorith is used on this text ?

hBU9lesroX_veFoHz-xUcaz4_ymH-D8p28IP_4rtjq0=
gAAAAABaDDCRPXCPdGDcBKFqEFz9zvnaiLUbWHqxXqScTTYWfZJcz-WhH7rf_fYHo67zGzJAdkrwATuMptY-nJmU-eYG3HKLO9WDLmO27sex1-R85CZEFCU=
Reply
#5
May be a bit cheating I guess. But I googled the first part of the ciphertext:
"hBU9lesroX_veFoHz-xUcaz4_ymH-D8p28IP_4rtjq0="
Found this: https://www.hacktoday.io/t/hack-the-box-...lenge/2269 (Avoid looking at this... as it contains the flag)

And it seems to be some kind of symmetrical python cryptography suite called "Fernet":
- https://cryptography.io/en/latest/fernet/
- https://github.com/fernet/spec/
- https://www.devdungeon.com/content/symme...fernet-aes

It's using AES as the algorithm. Specifically:
Documentation Wrote:Fernet is built on top of a number of standard cryptographic primitives. Specifically it uses:

    AES in CBC mode with a 128-bit key for encryption; using PKCS7 padding.
    HMAC using SHA256 for authentication.
    Initialization vectors are generated using os.urandom().

Key
Quote:Parameters: key (bytes or str) – A URL-safe base64-encoded 32-byte key. This must be kept secret. Anyone with this key is able to create and read messages.

Ciphertext
Quote:Returns bytes: A secure message that cannot be read or altered without the key. It is URL-safe base64-encoded. This is referred to as a “Fernet token”.

Read more: https://cryptography.io/en/latest/fernet/
Reply
#6
I think i should go deeper in different encryption protocols so i can be good at identifying each of them.
Thanks man
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  is anonsurf end-to-end encryption or just routing everything through Tor? QMark 1 800 04-24-2020, 05:43 PM
Last Post: DeepLogic
  What Type of Encoding or Encryption is This? Cryptography 4 5,142 07-16-2015, 01:53 PM
Last Post: Cryptography