|Perl Monk, Perl Meditation|
Re: Decrypt a file with known algo and passwordby spazm (Monk)
|on Mar 13, 2010 at 18:16 UTC||Need Help??|
you are in a strong position, since you access to the encryption program, the password and the encryption design. That doesn't mean it will be easy.
What is the software?
Interesting avenues of investigation:
1) known plaintext attack:
a) what does the program save if you give it a blank dataset?
b) give the program one known entry, save it. Repeat from a clean slate. Do the two outfiles match? Try decoding both of the two outfiles with a third party AES128 decryption program, do the two decoded plaintexts match?
c) if the decoded plaintexts above matched then we have a deterministic internal format that depends only on the input data. So now manipulate the input data and look for patterns in the output data. Use this to reverse engineer the internal format.
d) can you see anything in the internal date format, any structure? Maybe it's gziped xml or a sqllite db? Anything interesting output if you run it through strings or use file for filetype hueristics?
2) Direct attack on the binary. Can you run it in a debugger? Does it still work to encode and decode? Enter your string to be encoded and watch it walk through the program, you're looking for the internal format not the encryption format at this point (assuming you were correct about the encryption format in your OP).
Just some thoughts from a lazy Saturday afternoon.