unforum

[pantingpants]

strings

[PatRol]

Re: strings

[pantingpants]

PatRol, thanks for the background. I found this page in the Unfiction resources, it links to a download of freeware encrypting/decrypting software. File Vault uses the Blowfish algorithm which is related to the Twofish encryption according to the Wikipedia entry.

Unfortunately I am on a Mac and File Vault is only for PCs! Does someone want to give it a shot with one of the Vaporloft strings?

[AnthraX101]

Because some have suspected that it may be a PGP encrypted message, here's an example. The string "This is an encypted message" was encrypted to form:

-----BEGIN PGP MESSAGE-----
Version: PGP 8.1

qANQR1DBwU4Daix4BaPzZnEQB/9HH7tlycWO1UPJj5djLOIg1J8AOCPe4+D961uT
T7oFtmo8zl4309rm61y02JDLhDZoJpd3CEOvNj6L+Q13A3pbuDZ2r9J0hY6Qg3AY
fXCCXLvTC7RIykPAa2Mhh2XR8nbXJJI1nbHWzM6Q/fOXGJXkTuCXPb0X/Zp+QaXh
TXGtLsfwi6jtbJzxWPTXAWa+BkQ+1K3Bw++cpLELjV6rQYwCpQHriUtKkHAvPpLA
I5Vxmjo8FFlLYzCIAVTH57YzaPq5WR5//RANi+B/3XXLFoAcZ3yaCq+HyHoQ5Knl
dUpAg+ByUi5HxV1KJqgn9Iv1YCd4nn5f2vHASabXNXQ8c84pB/4j7LdtT3eqaotN
JgtqqzG2QPj7k2wcgnVYfUiT13fOvMFvBqKuxMXfcEBblr+KvrAvX3jtiTIJre5+
TVMwdkSHC5PFuSaI2NlWRE+D9+x1ezOip6MKE96xW9yUlFL29qPJkuhDanLpOEkI
gQPdacrxIt4TzKQ+SW530HQx4sbGWPWQhdYLQss6kA1g2TaKdsQGbxEEelHNWC0s
/ogL/1V8NBXaqeIfJbQw7iXJ1e102DdwKf9cMosUOx5Lj6/L9XJw8Byqcoh7WXIM
CbG+U78iiygjBraN22RgPq4KbJ3r5c4lQjgtfbYq/UDfek56vcej4LDCA2f3rRJ3
Y+LxwJNL0lYBZpKF/1C/LbjhkVzc829AKBzTwPFaUtgR+ADL65bT9FQ1Vt9zOlXb
DYhrfKaxg6hO2E9m7YuXl/gPhZNZTmMDF+z0wYrl/iXYMUcv2jmgtfaa40KiPA==
=97zx
-----END PGP MESSAGE-----

Trying to force PGP (8.1) to decrypt the base64 in 1008 reports incomplete ASCII armored data.

[Caspian]

I spent some time researching the three encryption methods contained in the twofish text.

Twofish is a 128 bit symmetric key block cipher and therefore requires a symmetric key of up to 256 bits (symmetric = same key for encryption and decryption). If the encrypted strings we haven't figured out yet are indeed Twofish, we'd need to figure out what the key is.

CFB is an encryption mode for block ciphers. Since Twofish is a block cipher, it would make sense to assume that if anything is, in fact, encrypted using Twofish, it should be decrypted using the CFB mode.

RipeMD is a hash function. This means that whatever the plain text is, the encrypted form will always be the same length. There are RipeMD-160 (seems to be most popular), -128, -256, and -320 flavors. The length of the encrypted string is 160 bits (40 hex characters) for RipeMD-160, etc. There does not seem to be a specific key needed for this type of encryption. Since most of the strings we have are different lengths, it would seem that they aren't simply encrypted using this method. Instead, I believe the hash is used in conjunction with the twofish encryption. Perhaps the plaintext is first hashed, then encrypted. I don't know yet.

I've tried using a tool called ClipSecure set to Twofish CFB8bit with RipeMD-160 Hash to decrypt the text from 1008.html. I tried using CRYPTography, Twofish, twofish, and several other relevant words. No luck so far.

So basically, I think we need to figure out what the twofish encryption key (password) is. Send me a PM if you have ideas for the encryption key/password or just download the tool and try it yourself!

[Abraxas]

Welcome caspian_x!

It's nearly impossible to resolve the Hash on your own. I hope this is not part of the solution. There are hash crackers on the net, but they are crowded.

[Caspian]

I am officially stumped on the encrypted messages. I've tried testing ClipSecure by using a website to hash a string, and then another to encrypt the hashed string and then decrypt it using ClipSecure. It never works. So I don't even know whether ClipSecure is working the way I think it should. I'll try contacting the author of the program.

I've tried decrypting the floorplan strings, the 1008.html text and now the encrypted email and nothing will decrypt. Any ideas?

[Abraxas]

I have a basic problem with the ciphers and ClipSecure:
Do I have to include the '=' or not?
The e-mail/nodes thing didn't have any '=', did it?
Does the CFBblock-SHA-512-MARS encryption produce those?
Everything I tried so far I had to do twice for including/excluding the '='...pretty bothersome.
Also...do all of the characters get properly copied? I think you mentioned something about this, Caspian...but perhaps you were talking about copying a transcript instead of the original text (it's pretty obvious that copying the text on the picture won't work )?

About ClipSecure:
Definitely add passwords to the drop-down list, it makes things a bit easier.

Question: Is CS case-sensitive? I'd say so, right?
More important question: Is VL case-sensitive?

[Caspian]

As I've said before, I'm no cryptography expert. But as I understand it, block ciphers like Twofish divide the text into blocks of equal size. If the text doesn't happen to come out to an integer number of blocks, the '=' is used as padding at the end of the cipher text. There can be zero, one, or two equals signs. I have no idea whether MARS encryption produces '=' or not, but I do know that Twofish, Blowfish, Base64 and others all operate in this way.

So I would say, yes the '=' is part of the cipher text.

Here's something to keep in mind about the encryption/hash ciphers: There are many variables in the process. I emailed the author of ClipSecure and one suggestion he had was to turn on the "No Compression" option in ClipSecure. Normally, ClipSecure assumes the text was compressed before encryption, but this may not be the case. The nodes.html/email text decrypted without issue leaving the "No Compression" option off, but perhaps the others aren't the same.

Apparently there is something called "salt" in some encryption processes that sprinkles in random bits to try to confuse a bruteforce attack. ClipSecure doesn't use salt. Perhaps the other cipher puzzles were encrypted with a program that uses salt. If that were the case, I think we'd need another key besides the encryption key, so I'm hoping it's not that.

Barring the above variables, I guess we just need to keep trying different encryption keys.

For encryption/cipher puzzles, I am just copying and pasting text. For the 404b.html puzzle, PLEASE check my transcription of the code_l.jpg and code_r.jpg image text. I know I made a couple mistakes the first time. I thought I caught them all and edited accordingly, but please double check my work before losing sleep trying to solve that one.

[Abraxas]

I wouldn't worry about "salt". Those encryptions are only crackable with the proper keyword. Bruteforce is next to impossible without a larger network working on it, I'd say. Salting them would be unfair - although it would make VL actually secure for once.

[Caspian]

Another contact from Andew Ferguson (ClipSecure)

[Abraxas]

Unless there are more tools structured like ClipSecure I'd have to agree.