need help with markov chain, or possibly another solution for decrypt of AES-256
This sounds like a good plan. I''ll get to work and share my results Smile
Hi there,
The script seems to work great, but I am a bit confused about what the cipher text is. Is it just the hex equivalent of the test string in it's encrypted form? Below is the hex of both the encrypted and non-encrypted data. I am only using the word "compressed" for the text string and its encrypted hex equivalent for each hex character for ciphertext. It's been running a while :Smile My cipher text is: F1E2A816C8088054221B. So in the code it looks like this: ciphertext="\x29\xF1\xE2\xA8\x16\xC8\x08\x80\x54\x22\x1b" I have the feeling I am misinterpreting what the cipher text is. Am I on the right track or just heating up my CPU? Smile

In the encrypted file:

What I figured out it should look like in it's non-encrypted form:

In plain text: "A disk read error occurred
BOOTMGR is compressed
Press Ctrl+Alt+Del to restart"
So, in case anyone else is looking at this, the script works perfectly when using the test data; the correct key is the output; however, the AES encryption of "teststring" is not the same as the ciphertext (when checking with online calculators). Example one is 5d5d30e9ac160f494ae0c95fbbb0309c and example two is F83DC97B12F4C8C124351F80D9C0CF8A. So if the ciphertext is not the hex representation of the encrypted data, then what am I doing wrong here? I've beat myself up trying to figure it out. I tried hashing the encrypted equivalent with SHA1 and many other hashing algorithms, and nothing comes close. I must be missing some sort of conversion that I need to perform on the raw hex to obtain the ciphertext value.
echo teststring | openssl enc -e -aes-256-ecb -K 0000123400001234000012340000123400001234000012340000123400001234 | xxd -g 1

echo teststring | openssl enc -e -aes-256-ecb -K 7c6801007c6801007c6801007c6801007c6801007c6801007c6801007c680100 | xxd -g 1

this will actually encrypt "teststring\n", but this was part of my testing, since I also wanted to match substrings not just identical strings (i.e. the test was: does the output *contain* "teststring" ?)