trying to write a decryption program

[kurt69]

Hi, I'm trying to write a decryption program. Firstly I'll tell you how the encryption works; in the beginning of the file there is 123 useless bytes before the actual data. Now each encrypted character is created by adding the sum of the unencrypted character and the matching character in the key (which is a string). The character that matches depends on what the characters position is in the line.
EG: If it is the first character in that line then it is added to the first character of the key string, if it is the 2nd then it is added too the 2nd character of the key string. If the end of the key string is reached and the last character is used, then it goes back to the 1st character of the key string.

So please help me, So far this is the closest I can get to my goal; (I haven't tested this yet)

Public Sub crypt(ByVal strmR As StreamReader)
        Dim i As Integer = 0
        For i = 0 To 123
            strmR.BaseStream.ReadByte()
        Next
        Dim buf() As Integer
        Dim j As Integer = 0
        Dim prev
        While strmR.Peek <> -1
            prev = strmR.BaseStream.Position
            For i = 0 To strmR.ReadLine.Length
                strmR.BaseStream.Position = prev
                buf(i) = strmR.Read()
                If j < key.Length Then
                    j += 1
                Else
                    j = 0
                    j += 1
                End If
                buf(i) += j
                prev = strmR.BaseStream.Position
                strmR.ReadLine()
            Next
        End While
    End Sub

 

[hauptra]

So let me see if I understand. The First 123 bytes is the key. That key is added to the plaintext to produce the ciphertext.

So what you need to do is use the key and subtract the ciphertext to produce the plaintext?

If so then I think I could write something up, but I would need some sample data to verify what I am writing.

All this is assuming that you are not in control of the encryption process. If you were then I would suggest using a different method of encryption. Since this really is just a means to obfuscate the data.

 

[kurt69]

Almost, but not exactly. The first 123 bytes of the file are completely useless, they are just there too throw off anyone that tried to decrypt it originally, before the decryption key got out.

The key is;
SiuHungIsAGoodBearBecauseHeIsVeryGood

This is what the guy who tried to explain the encryption method said:

First of all, there are 123 bytes of nonsense
Then, one of the letters "SiuHungIsAGoodBearBecauseHeIsVeryGood" is added to every original byte

If you are, for example, encrypting this text:
"This is an example"
You should put anything (except new lines) as the first 123 bytes, and then add to these letters these letters:
"odBearBecauseHeIsV"
The 124th byte will contain the sum of 'T' and 'o'
The 125th byte will contain the sum of 'h' and 'd'

When decrypting, you should subtract the letters "SiuHungIsAGoodBearBecauseHeIsVeryGood" form the bytes in the data file
The decryption stops when you encounter a new line (0x0D 0x0A bytes), or when EOF is reached
BTW Jiquera's Data Changer stops decrypting the file when it encounters 0x0D, and that is why you can easily lock files from it

I hope you understood something

It's a little confusing and I don't know why he only has "odBearBecauseHeIsV" at that part of his writing instead of the full key.


edit: There is already decryption programs out there for this but I need my own controllable function for decrypting the files.

Attached is a zip containing bat.dat (encrypted data file) and bat.txt (unencrypted and saved as a plain text file).

Thanks for your help

 

[hauptra]

Ok. I'll try to take a look at this tomorrow.

 

[hauptra]

This doesn't make any sense to me. If I take the two files and remove the first 123 characters (junk I suppose), then the two files are identical from an MD5 checksum. Can you verify that these two are actually different?

Rob

 

[kurt69]

They're the same file except 1 is encrypted and 1 isn't, but yeah I had a good long think about the project I needed it for and I have since decided to scrap it so don't worry about it, thanks for your help this far though I really appreciate it.

edit: I used someone else's decryptor to decrypt bat.dat and then I saved the information in bat.txt just fyi.

 

[hauptra]

ok. I am pretty sure that the two files you gave me are either both encrypted or both decrypted. The reason I say that is that aside from the first 123 bytes (Which you say are garbage). Every character matches in the two files. This produces the same MD5 Hash. This is nearly impossible if the files were different.

 

[kurt69]

Sorry you were right they were the same file, I used a function (extract text) in the decryption program and it didn't do what I thought it would, sorry for not checking. I'm attaching a new example and this time I'm 99.99999999% sure they're different, an encrypted 1 and a decrypted 1. I've triple checked. I know I said I was going to scrap this project but.. I've recently found new incentive for it, so if you don't mind helping still, here is what that guy from before PMed me today.

The keys are the same
Because we start from the 123'th byte (starting from zero), we begin the encryption with 123%27 (27 - length of "SiuHungIsAGoodBearBecauseHeIsVeryGood"), which equals to 12

The 12'th byte (starting from zero) is here:
SiuHungIsAGo -> odBearBecauseHeIsVeryGood

So we encrypt it with:
odBearBecauseHeIsVeryGoodSiuHungIsAGoodBearBecauseHeIsVeryGood...

Thanks hauptra.

edit 2: Ok! I think I fully understand what he means about the encryption now, the first 123 bytes (or characters) are indeed garbage data, but you still need to count to the 123rd position in the key (even though its only 27 characters long, it just wraps to the beginning after the last character) which is the second "o" character.

 

[hauptra]

Ok. These are definitely different. I should have a quick turn around for you on this.

 

[kurt69]

Ok thanks hauptra, I just thought i'd let you know that I changed from trying to decrypt while the data is being read by a streamreader, instead I let the streamreader completely fill a richtextbox and then decrypt from there.

This is the code I tried (that doesn't work).

        RichTextBox1.Lines(0).Remove(0, 123)
        Dim line As String
        Dim i As Integer
        Dim keyPos As Integer = 12
        Dim curChar As Char
        Dim curInt As Integer
        Dim othChar As Char
        Dim othInt As Integer
        Dim newChar As Char
        Dim newInt As Integer
        For Each line In RichTextBox1.Lines
            For i = 0 To line.Length
                curChar = line.Chars(i)
                curInt = Convert.ToInt32(curChar)
                othChar = key.Chars(keyPos)
                othInt = Convert.ToInt32(othChar)
                newInt = curInt - othInt
                line.Remove(i, 1)
                newChar = Convert.ToChar(newInt)
                line.Insert(i, newChar)
                If keyPos < key.Length Then
                    keyPos += 1
                Else
                    keyPos = 0
                End If
            Next
        Next

Unless I step through the code line by line, I get an IndexOutOfRange exception, it highlights "othChar = key.Chars(keyPos)", at this point the integer I is = to 25 and keyPos is = 37.

 

[hauptra]

Ok here is my code

Public Class SpecialDecryptor
    'This is the key used to decrypt
    Private Const Key As String = "SiuHungIsAGoodBearBecauseHeIsVeryGood"
    Public Shared Function Decrypt(ByVal EncryptedFilePath As String, ByVal OutputPath As String) As DecryptionResult

        'Read the encrypted data into a string
        Dim strEncryptedText As String
        Try
            strEncryptedText = IO.File.ReadAllText(EncryptedFilePath, System.Text.Encoding.Default)
        Catch ex As IO.IOException
            Return DecryptionResult.Failure
        End Try

        'Declare our variables
        Dim chrText As Char, modValue, keyCode As Integer, Decrypted As New System.Text.StringBuilder

        'Loops through per character decrypts it and writes it to a stringbuilder variable
        'If the character is a newline (keycode 10) then we write a Carriage Return , Line Break (vbCrLf)
        For i As Integer = 123 To strEncryptedText.Length - 1
            chrText = strEncryptedText.Chars(i)
            modValue = i Mod Key.Length
            keyCode = Asc(chrText) - Asc(Key.Chars(modValue))
            chrText = Chr(keyCode)

            If keyCode <> 10 Then
                Decrypted.Append(chrText)
            Else
                Decrypted.Append(vbCrLf)
            End If
        Next

        'Write the results back to a file
        Try
            IO.File.WriteAllText(OutputPath, Decrypted.ToString, System.Text.Encoding.Default)
        Catch ex As IO.IOException
            Return DecryptionResult.Failure
        End Try

        'Done
        Return DecryptionResult.Success
    End Function
    Public Enum DecryptionResult
        Success
        Failure
    End Enum
End Class

I tested this with the example file you gave me and with this code the MD5 is identical.

Let me know how it works.

 

[kurt69]

It works perfectly, thanks. 1 more question, I duplicated that function and changed;

"i" start at 0 instead of 123
"keyCode = Asc(chrText) + Asc(Key.Chars(modValue))" (add not subtract
and instead of adding carriage returns it just appends the text.

Hoping that this would make it encrypt, is that correct or have I done something wrong, left something out?
Thanks again.

edit: I also did:

For i As Integer = 0 To 123
            strEncryptedText.Insert(i, "|")
        Next

before the re-encryption method.

 

[hauptra]

Ok. So, like you I thought it would be rather simple to convert the decrypt function into an encrypt function. It ended up taking me about 30 minutes to figure out all the pitfalls. Most of the code is the same with a few changes. Here is the code in total now.

Public Class SpecialDecryptor
    'This is the key used
    Private Const Key As String = "SiuHungIsAGoodBearBecauseHeIsVeryGood"
    Public Shared Function Decrypt(ByVal EncryptedFilePath As String, ByVal OutputPath As String) As Result

        'Read the encrypted data into a string
        Dim strEncryptedText As String
        Try
            strEncryptedText = IO.File.ReadAllText(EncryptedFilePath, System.Text.Encoding.Default)
        Catch ex As IO.IOException
            Return Result.Failure
        End Try

        'Declare our variables
        Dim chrText As Char, modValue, keyCode As Integer, Decrypted As New System.Text.StringBuilder

        'Loops through per character decrypts it and writes it to a stringbuilder variable
        'If the character is a newline (keycode 10) then we write a Carriage Return , Line Break (vbCrLf)
        For i As Integer = 123 To strEncryptedText.Length - 1
            chrText = strEncryptedText.Chars(i)
            modValue = i Mod Key.Length
            keyCode = Asc(chrText) - Asc(Key.Chars(modValue))
            chrText = Chr(keyCode)

            If keyCode <> 10 Then
                Decrypted.Append(chrText)
            Else
                Decrypted.Append(vbCrLf)
            End If
        Next

        'Write the results back to a file
        Try
            IO.File.WriteAllText(OutputPath, Decrypted.ToString, System.Text.Encoding.Default)
        Catch ex As IO.IOException
            Return Result.Failure
        End Try

        'Done
        Return Result.Success
    End Function

    Public Shared Function Encrypt(ByVal DecryptedFilePath As String, ByVal OutputPath As String) As Result

        'Read the plain text into a string
        Dim strPlainText As String
        Try
            strPlainText = IO.File.ReadAllText(DecryptedFilePath, System.Text.Encoding.Default)
        Catch ex As IO.IOException
            Return Result.Failure
        End Try

        'Declare our variables
        Dim chrText As Char, modValue, keyCode As Integer, Encrypted As New System.Text.StringBuilder
        Dim intCodeCount As Integer = 123
        Encrypted.Append("|"c, 123)

        'Loops through per character encrypts it and writes it to a stringbuilder variable
        'Exclude any keycode 13
        For i As Integer = 0 To strPlainText.Length - 1
            chrText = strPlainText.Chars(i)
            If Asc(chrText) <> 13 Then
                modValue = ((intCodeCount) Mod Key.Length)
                keyCode = Asc(chrText) + Asc(Key.Chars(modValue))
                chrText = Chr(keyCode)

                Encrypted.Append(chrText)
                intCodeCount += 1
            End If
        Next

        'Write the results back to a file
        Try
            IO.File.WriteAllText(OutputPath, Encrypted.ToString, System.Text.Encoding.Default)
        Catch ex As IO.IOException
            Return Result.Failure
        End Try

        'Done
        Return Result.Success
    End Function
    Public Enum Result
        Success
        Failure
    End Enum
End Class

Ok. Part of the issue with encrypting was ensuring that the changes I made ended up with a perfect MD5 checksum match going both ways.

Here is what I can tell from the files. The encrypted version uses the keycode 10 for its line break. The decrypted version uses keycode 13 and 10. The first keycode is a unix style and the second is windows (according to Notepad++). There are roughly 2000 of those keycode 13 characters that I had to add to the decrypt function so that the sample decrypted file matched the output my code produced. So to encrypt I had to take that into account and remove those keycode 13 items. After taking this into account I could then get an MD5 match with the sample encrypted file and my output.

As you could probably guess, just having one additional character will completely screw this decryption/encryption process up.

 

[kurt69]

Works perfectly, thanks hauptra!!!!!!!

 

[kurt69]

Hey hauptra... I got another question if you wouldn't mind helping. When I tried to write the code I'm going to use too parse the data files I came to a halt when thinking about how I would do it.

So far I was able to get the name, small image path and head image path and use them. But when it comes too things like working out how many 'file(x-y)' things there are and reading and parsing the data from '<frame>' too '</frame>'.

So if you don't mind, whats the easiest way to go about this. Thanks.