| |
The Shadow
Registered: Oct 2007
Posts: 304 |
EOR file coders
Someone once told me that it is impossible to open a file which was coded with an EOR coder. With todays machines, is there any conceivable way that an EOR coded file can be placed into a PC and descrambled? |
|
... 48 posts hidden. Click here to view all posts....
|
| |
JackAsser
Registered: Jun 2002
Posts: 1989 |
Quote: Another edit, I really was checking $0802, not $0801. It's early morning here...
Oswald: To me it seems that in the case of strong encryption like this, but with a relatively weak password that the brute force approach would be the fastest (and most likely the only) way to get results. Provided that is you know something that will be in the resulting decrypted code, which appears to be the problem I'm having now.
Not that I've checked this thoroughly but wouldn't it be smarter to try to exploit the bad-key check as a comparator for knowing if you got correct data or not in the brute force scan? |
| |
MagerValp
Registered: Dec 2001
Posts: 1055 |
Quote: Not that I've checked this thoroughly but wouldn't it be smarter to try to exploit the bad-key check as a comparator for knowing if you got correct data or not in the brute force scan?
The bad key check is implemented properly, so it doesn't confirm or deny :) It's a timer IRQ that fires if the program crashes. I assume that the decrypted program disables the IRQ on startup.
TLR: munged basic? Truly evil. That makes it hard to write a function that decides if the decryption worked - I guess I have to execute the code and see if it disables the IRQ, but that means adding a lot more stuff to my barebones emulator...
|
| |
tlr
Registered: Sep 2003
Posts: 1714 |
Added todays hint: Crack me too!
@MagerValp: I didn't know code could be evil... ;) |
| |
MagerValp
Registered: Dec 2001
Posts: 1055 |
Sadly I haven't had time to work on it. I confirmed that my emulator produces the same output as VICE though, which is good.
|
| |
tlr
Registered: Sep 2003
Posts: 1714 |
Added another hint... |
| |
tlr
Registered: Sep 2003
Posts: 1714 |
I guess most gave up on this so I'm giving the pw this evening unless someone says they are still trying. :)
It's apparent that Ymgve chose a really good strategy for cracking it!
When I got the correct answer reported only 5 hours after release I thought I might had accidentally made the challenge way too easy. ;)
|
| |
tlr
Registered: Sep 2003
Posts: 1714 |
Posted the answer: Crack me too! |
| |
Quetzal
Registered: Jul 2002
Posts: 71 |
Tried brute force attack myself and failed, since searching for #$08 at $0802 gave far too many results to sort through (have just confirmed "2,4" was in my list of results, damn!). Also tried looking for POKE565xx in the decrypted code (for disabling CIA timer), but TLR cleverly hid that, as I suspected when no results were found.
I'll be interested to hear a report from Ymgve as to what his method of attack was.
|
| |
Ymgve
Registered: May 2002
Posts: 84 |
I actually found it by doing a bit of statistics. One of my ideas was to count the number of digit characters in the first 128 bytes, and then the "2,4" combination showed up with 45 out of 128 bytes being digits. |
| |
MagerValp
Registered: Dec 2001
Posts: 1055 |
Nice work Ymgve!
My next step would have been code execution and a breakpoint on the basic SYS command and the error routine, but I didn't have the time to implement it. Would it have worked?
|
| Previous - 1 | 2 | 3 | 4 | 5 | 6 - Next |
