Steganos, The Duke of Earl, and The Dancing Men
Cracking the T_tamra7.bmp
stego
Steganography
04 March 1998
by Joe Peschel
Courtesy of Fravia's page of reverse engineering
slightly edited
by Fravia+
fra_00xx
98xxxx
handle
1100
NA
PC
F' course I could not choose an impossible password, yet, with hindsight, I cannot complain, I don't think it was so easy, after all :-)
See, the whole purpose of this advanced steganographical page of mine (and of the advanced javascript pages as well) is to bring people SLOWLY into that what Casimir and Joe Peschel routinely do: encryption cracking and password busting. As you can see perusing the essays on 'this side' of the fence (the steganographical as well as the advanced javascript ones) there are ALREADY NOW some (basic) knowledges that will help you to progress further.
Clearly the path is difficult (and steil): ultimately I would like to join the "anti-smut" advanced section, the javascript advanced section and the steganographical and encryption advanced sections into a super advanced 'password busting' section. In fact I believe that to survive on the web of to-morrow we 'advanced users' will not only need some sound basic knowledges in all these fields, but also, and especially, the help of the more gifted ones, like Casimir and Joe Peschel, for instance...
There is a crack, a crack in everything That's how the light gets in
Rating
(x)Beginner ( )Intermediate ( )Advanced ( )Expert

A zen way of cracking a Stegonated .BMP
Suitable for beginners, and perhaps, amusing to others, too.
Steganos, The Duke of Earl, and The Dancing Men
Cracking the T_tamra7.bmp Written by Joe Peschel


Introduction 

This is how the guy who runs the page called 

D.O.E. SysWorks

cracked the bitmap carrier created by Steganos.
Tools required
Brain removed from pickle jar.
Forethought and planning.
An eight year-old green belt.

Target's URL/FTP
Deus Ex Machina Communications

Program History
A shareware utility that uses fairly strong encryption.

Essay 

"I expected something ingenious," Professor Moriarty says after he spills the

water on the Dancing Men, "this is ingenuous!"  And that's about how I felt

when I found the Steganos password to Fravia+'s stegonated T_tamra7.bmp.



I'd been meaning to crack the bitmap a little sooner, but I was busy working 

on a review of Access Data's Password Recovery Tool Kit, teaching an 

Internet class, and corresponding with CASIMIR about a couple snake-oil 

encryption programs.  Also, cracking the equivalent of 40-bit RC4 did not

sound like much fun since I don't have as many computers as David Wagner 

and Ian Goldberg.



Anyway, I tested Steganos' method of encrypting files, without hiding them 

and got out my RC4 cracking program.  This program would need some 

modification if I intended to use a dictionary attack on the extracted

encrypted text, a la Jean Flynn's method.  



In any case, if I modified my own cracking program to use a dictionary, I 

would have to decide which words to include in the word list.  I could have 

tried any of the good, large dictionaries on the Internet, but those would 

have likely failed.   



It's a good idea, when cracking with a dictionary to create a dictionary with 

words compiled from your adversaries disk drive, or in this case, from his web 

pages -- an idea and route, rightly taken by Flynn.



I considered a foreign language dictionary, a French, Spanish or Italian one, 

not Finnish --  muttering, sotto voce, I'll bet Fravia+ doesn't smoke a pipe at 

all.  



Compile a dictionary from Tollkien's books?  Not a bad idea, but I passed. We 

would have some known plaintext, too; in this case: http://  at least.



Still balking at the thought of breaking RC4 encryption with a known plaintext

and dictionary attack. I was determined to find a simpler method.  Why use

the most difficult approach if there is an easy way, or as crypto folk might

say: why pick a lock if a window is open?  



Even though the Steganos author used a sound encryption algorithm, maybe he 

implemented it poorly.  Maybe the password would be in the clear. I decided 

to debug the Steganos decryptor -- its executable is smaller than the .EXE of 

the full program -- and find out.



So I BPXed on Getwindowtexta in the Steganos decryptor, and attempted to 

trace the flow of good and bad password entries.  I found nothing.  But to be

honest and technical, I suck at debugging -- just ask CASIMIR, and I found 

enough calls and jumps to scare the *.* out of me.  The idea of reverting 

to a dictionary and know plaintext attack was sounding better and better.  



Still, I thought that a disassembly of SD.EXE might be helpful.  CASIMIR had, 

after all, been looking at some snake-oil encryption program that he debugged.

He patched three instructions so that the program would decrypt with any 

password or no password.  I found, in that bit of snake-oil, that I could

achieve the same thing by changing one JNE to JE.  



This, of course, was the last jump before the program's reference to the error 

message of a string resource.  So looking at the disassembled SD.EXE, I found 

4 references to the string resource error message: "This password is wrong or 

the carrier file does not contain…" 



Since I was in a hurry, I just looked for the last jump before each of the 4 

references to the error string.  I started HIEW and patched the program.

'Twas a useless attempt.  



By that time it was time for me to teach Tae Kwon Do. During TKD, while I 

was showing and explaining a kick to an 8 year old, another little 

kid complained that it would have been easier to do if I said it was a 

sidekick backwards. 



Hmmm! Cracking advice from an 8 year old?  I had overlooked the obvious.  

When most people choose a password they choose something easy that they can 

remember.  It's not a good idea, but that's how strong encryption keys: RC4, 

IDEA, RSA, PGP get broken -- by relying on human weaknesses for the crack.



In Fravia+'s case, we can assume he knows this.  We can also assume that he 

knows how much computing time it takes to find an 8 character password by

brute-force.  So if his intent is to teach, then it's fairly obvious that he

has not chosen a password impossible to crack.



When I got home from TKD I fired up the Steganos decryptor.  I wrote down 

the first password that I intended to try. That one had one too many letters. 

Then I tried aivaralajf, which failed.  My next try, as if spilling water on 

the Dancing Men, worked. Ever read Conan Doyle (or watched old Sherlock Holmes 

movies?




Joe Peschel


Final Notes 

Attacking a strong cipher generally means attacking it at its weakest point:

generally the password is poor due to human vulnerability.



Use this key to e-mail me, please:

-----BEGIN PGP PUBLIC KEY BLOCK-----

Version: 2.6.2



mQENAzFWsIMAAAEH/2iC9Sc3UAU2PNsGom/UVKz4pKKG/7H/P2KloCWb3MLwbKt9

xODLYRcViPCrSw3lzOEhHeXOpIh85XKCloWYHYEgMHZZhyvd//9zXElrO62a1BXt

dxlSfj+qvWjAoY7iJmjvjd+FZfVUwjPQjU4k9ZJIHZGZM3TuNQGUbXIZUQnCikq6

pB6bvPnebNG3M0Vx4mkofj/6YmpYMWtOin74zVq+DCRpQLu/8Qh2o3dNq8C8sScJ

u4h1tQX+NeBWcdmhMySk0w8LyQCbxnBWmGd06ZArAoXvLncsyBe4zO9qYfqoTw7+

S76qfAIla0+iQ7q9nX+JSwjkTzvvMSqnDwo4zS0ABRG0HUpvZSBQZXNjaGVsIDxK

cGVzY2hlbEBhb2wuY29t

=P9O8

-----END PGP PUBLIC KEY BLOCK-----
Ob Duh
The usual disclaimer hardly seems necessary here since reverse engineering and password cracking are done all the time by commercial entities.
You are deep inside Fravia's page of reverse engineering, choose your way out:

stego
Back to stego

redhomepage redlinks redsearch_forms red+ORC redstudents' essays redacademy database
redreality cracking redhow to search redjavascript wars
redtools redanonymity academy redcocktails redantismut CGI-scripts redmail_Fravia
redIs reverse engineering legal?