#1
|
|||
|
|||
Kanal how does signature analysis work?
Hi guys,
I'm a new member of this great forum. I'm also new to the art of reversing and hoping to reverse a Delphi app. I scanned the exe with Kanal v2.2 tool and it reports that it contains RC5/RC6 crypto signatures. Is the signature a recognisable block of bytes which are the opcodes used in the algorithm? Or is a signature defined in some other way? Be as technical as you want any reply. Thanks for your help |
#2
|
|||
|
|||
Most crypto algorithms use certain constants to initialize/assist the computation. It probably searches for these.
For example, md5: 0x67452301; 0xefcdab89; 0x98badcfe; 0x10325476; |
#3
|
|||
|
|||
Hmmm.....
If KANAL used those constants for detecting crypto algos in exeutables, I'd understand why it doesn't show us the address of the crypto code. Many ppl asked sKAMER whether he could improve KANAL in that way that it shows us the address of the crypto code. I'd also understand why it does not detect the RSA algo: 'cause it does not use any constants. |
#4
|
|||
|
|||
none ask me, if i remember..but im bussy atm
try ask snaker - this is dsk* a deadly-skills-coder i think this elite hero have too much time than me |
#5
|
|||
|
|||
That could be the answer, RC5 uses 2 constants :
1.) the base of natural logarithms 2.) the golden ratio. I expect RC6 will be the same as this too is a parameterized algorithm where block size, key size, and the number of rounds are variable; with a 2040 bit upper limit on the key size. Are the any crypto experts on this forum that know how to exploit poorly implemented rc5 code to obtain private keys? Or has anyone seen keygens for apps that use rc5 in there protection scheme? I need all the help I can get. All my searches point to the distributed.net site which is of no real help to me. Thanks for the replies so far. 5Alive |
#6
|
|||
|
|||
I don't have much experiance with RC5
but I could imagine that you will find that key when you trace the app.... To the best of my knowledge RC5 is a private-key-only cipher. This means that the key used for decryption is the same that is used for encryption. Correct me if I'm wrong |
#7
|
|||
|
|||
Quote:
You are right RC5 only uses a private key of variable length, it is a symmetric block cipher meaning that the same key is used for both encryption and decryption. 5Alive. |
#8
|
|||
|
|||
rc5 isnt a hard stuff
|
#9
|
|||
|
|||
Quote:
What is the best approach to finding a private key as they are not hidden in the code anywhere. Thanks. 5Alive. |
#10
|
|||
|
|||
any crypto defeating depends on crypto implementation
|
#11
|
|||
|
|||
where can i get Kanal v2.2
where can i get Kanal v2.2 to download
|
#12
|
|||
|
|||
Naturally, can what should I be looking for?
|
#13
|
|||
|
|||
You should try Dede and look for used units, there are only few implementations of RC5 on net. I dont'n know what you're trying to crack but I'd bet that it will use DCPCrypt1/2(hxxp://www.cityinthesky.co.uk/). Load it into Delphi, make sample app, debug in Delphi internal debugger and learn.
|
#14
|
|||
|
|||
need help decripting a file
i am a newbe at crytography. need help decripting a file and i do not know where to start, the file i am decrypting has no attchments to it . i made a copy of the file and put a attchment txt to it and open it in read form it is encrypted . how do i fix it
|
#15
|
|||
|
|||
Quote:
I was hoping that it uses a standard library suchs as DCPCrypt, it uses something called TCipherStreamFactoryRC5 to handle the decryption. Web searches have proved fruitless, so I can only guess it is a custom lib. Anyone heard of this ? 5Alive |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Any current Crypto Scanners or tools like KANAL in use? | TempoMat | General Discussion | 13 | 09-18-2021 00:53 |
Kanal | koncool | General Discussion | 7 | 08-01-2003 04:56 |