25th September 2021, 9:31 PM
I do security research in my free time for fun. I enjoy breaking things. I've seen a lot of dumb stuff in my 8-10 years of hacking Nintendo consoles. I got out of that sometime ago and mostly do private work now, but yea, I've got tons of stories.
Feel free to share your stories, or learn from these stories.
I'll start out with a really easy one i did recently. I found some password protected zips that used the standard zipcrypto that windows zip uses. There are like 3 u32 values used to create a stream and thats XOR'd with the plaintext to produce cipher text. So just knowing at least one of the files plaintext, or at least part of it, i was able to zip the file with same deflate settings, get the plaintext of that and xor with cipher to recover the keys, and then decrypt the entire zip.
Ive also seen some people trying to encrypt files by just XORing the file with a stream made from a hash and i used plain text attacks on that too. Its especially easy when its zip because you can use zip's central directory to recover the keys.. the magics are known. easy to find EOCD and work backwards.
Lesson here is use AES.
Feel free to share your stories, or learn from these stories.
I'll start out with a really easy one i did recently. I found some password protected zips that used the standard zipcrypto that windows zip uses. There are like 3 u32 values used to create a stream and thats XOR'd with the plaintext to produce cipher text. So just knowing at least one of the files plaintext, or at least part of it, i was able to zip the file with same deflate settings, get the plaintext of that and xor with cipher to recover the keys, and then decrypt the entire zip.
Ive also seen some people trying to encrypt files by just XORing the file with a stream made from a hash and i used plain text attacks on that too. Its especially easy when its zip because you can use zip's central directory to recover the keys.. the magics are known. easy to find EOCD and work backwards.
Lesson here is use AES.