[ElGuillermo]

Hi !

I've launched first method attack some minutes ago. Will keep you informed soon

[Fabian]

More Info:

I've tried to launch an attack on the Pseudo random number generator, but I had no luck :-(.

The first byte after each header is encrypted with the state of the keys for the password.

Either this file was created with a program, which is not using real random() numbers as the first byte, which would explain why 0x90 and 0x1f do appear two times, which is not quite realistic given a random scenario.

Or the zip was created not in one zipping, but adding files later on, which would make this type of attack impossible.

So if the author of the zip does still remember anything of the program used at that time (did he use GUI toools, commandline tools, special programs, ...) or if the zip file was updated frequently that would really really help in the analysis.

Best Wishes,

Fabian

Edit: It seems to be WinRar around 3.0.0. WinRar 3.0.0 does produce similar files.

[ElGuillermo]

Damn... no result. pkcrack reports "false positive hits... Strange" and that's all.

[Bob-san]

Anyone interested in some more powerful (well, faster) brute-force software, shoot me a PM and we'll figure something out.

[Fabian]

Damn... no result. pkcrack reports "false positive hits... Strange" and that's all.

As the cipher is linear, we might be quite close to some result such though.

Uh, you calculated all 255 values for the first entry?

i.e.

2d b0 50 4b 03 04 14 00  0a 00 08 00 00

till

2d b0 50 4b 03 04 14 00  0a 00 08 00 ff

? [ edit: The keyspace can be reduced by looking at the dos time format, actually the numers that need to be tried for the last byte are:

0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253

== 240 values, so 15 need not to be tried.

30,31,62,63,94,95,126,127,158,159,190,191,222,223,254,255 == 15 values that need not to be tried as they cannot occur as it would mean that the second == 60 or minute==61 or minute==60.

)

Because the attack on the one PC I started one is already running for a day and still has not finisched for:

2d b0 50 4b 03 04 14 00  0a 00 08 00 10

Best Wishes,

Fabian

[Fabian]

Good news on our quest of finding the key!

- The version used to encrypt the keys was indeed WinRAR 3.0 (compatible).

- The files were all added at the same time with the same password.

- WinRar 3.0 uses also Info-Zip sources, however it uses the Borland builtin random number generator.

This one works as follows:

srand() is not only initialized with the supplied value, but also a first rand() is done.

rand() works as:

seed = 0x15A4E35 * seed + 1;

return ((seed >> 16) & 0x7fff);

Note: That the +1 could be quite weak and allow a attack like "Yet another known plain text attack ... Winzip 8.0 attack".

That however means that we now have all the original random() bytes of all files and a reduced known plaintext attack is now possible.

Btw. The seed before the first byte gotten is:

0x15a28d66

And each byte is like: (mrand() >> 7) & 0xff;

(Note that these are encrypted so this is not more known plaintext.)

Unfortunately no program known with source implements those ...

However the paper for it is available and this means that this .zip _can_ be cracked in reasonable time.

Best Wishes,

Fabian

[Stormkeeper]

What do you mean by "the paper for it is available" ?

And define resonable time.

[Goober5000]

Excellent progress update, Fabian.

[Stormkeeper]

If he cracks it, means that the Temporal Mechanics should restart, yes?

[Fabian]

What do you mean by "the paper for it is available" ?

And define resonable time.

http://www.woodmann.com/fravia/mike_zipattacks.htm

It is very popular and a proof of concept exists in written form (http://archive.cert.uni-stuttgart.de/vuln-dev/2003/02/msg00019.html"), which runs in under 2 hours on a Pentium II, 500 Mhz. (uhm, yeah I know pretty old)

The complexity of the attack is for worst case around:

"The work done in the first stage dwarfs the rest of the work needed.� The total work is therefore about the same as encrypting 2^39 bytes.� Cracking a file created with this kind of weak PRNG usually takes about two hours on a 500 MHz Pentium II.� One can then take the three keys and use [BK94]�s second algorithm to derive a password, if one desires, although the three keys suffice to decrypt the files."

Well, with todays machines I guess it would be around 20-30 minutes or even faster, because we have 10 files in archive (instead of only 3)!

Best Wishes,

Fabian

[Stormkeeper]

.. So are you running the attack now ?

[Mongoose]

If he cracks it, means that the Temporal Mechanics should restart, yes?

If he or someone else manages to crack it, there's no way that this community is letting this campaign die at this point.

[ElGuillermo]

Fabian :

Uh, you calculated all 255 values for the first entry?

Damn no... I thought pkcrack did it automatically... Password cracking noob

So, I'll start at 80.

Didn't understand your last post. I'm not a programmer, so the proof of concept is far beyond my understanding too

[haloboy100]

Wait a sec...


What's so special about this campaign that there is an announcement for it?

[Stormkeeper]

Actually, the announcement was for help about cracking the archive.

[colecampbell666]

But why? What's so special? Cool models? Intriguing story? Finished (or near enough) campaign?

[Goober5000]

Time travel.

[colecampbell666]

Sync.

[NGTM-1R]

It was cool enough to make people spend hours or days of their computer time. Ain't that enough to wait for release?

[Mongoose]

Exactly.  It's not even about how cool the campaign may or may not be; it's about the challenge of trying to get at its data and resurrect it. 

(Hmm...I wonder if someone could make a mission out of all this.  "Scan that Shivan destroyer, pilot!  It should take only three weeks to break its encryption systems!")