DES decryption
#1
Hi
I want to brute force a key while I only have access to some cipher texts and some bytes of the corresponding plain text.
The cipher texts are 64 bit encrypted DES and the values of two specific bytes of each corresponding plain text is unknown.  
1) Can I use hashcat or libhashcat?
2) Is there an easy way to modify hashcat to do this?

My idea is using decryption with all possible keys and comparing some bytes of the resulting output with the known bytes of plain text. We do the aforementioned search by decryption on one block (cipher text/plain text) and check the candidate keys on next block to find the correct key.
Any idea???
Reply
#2
You have to white out the bits of the unknown bytes in the OpenCL kernel. Make sure to white out the correct bits (the ones before the final permution. After that expect tons of false positives.
Reply
#3
(01-10-2018, 01:27 PM)atom Wrote: You have to white out the bits of the unknown bytes in the OpenCL kernel. Make sure to white out the correct bits (the ones before the final permution. After that expect tons of false positives.

Thanks.
Reply
#4
(01-10-2018, 01:27 PM)atom Wrote: You have to white out the bits of the unknown bytes in the OpenCL kernel. Make sure to white out the correct bits (the ones before the final permution. After that expect tons of false positives.

I have changed the DES function in m14000_a3.cl file by reversing order of key sets and now the function decrypts.
How can I print all candidate keys? I know when hashcat find one key it prints out found key and finished the program.
Reply
#5
hashcat can show all generated candidates by using --stdout (unless I'm missing some context here)
Reply
#6
I think you mean with candidates only those who crack the hash because of the truncation. In that case you want --keep-guessing
Reply
#7
(02-07-2018, 07:14 PM)atom Wrote: I think you mean with candidates only those who crack the hash because of the truncation. In that case you want --keep-guessing

I sincerely express my thanks to you.

I meant those keys that crack the hash, or in other words, the keys that decrypt the input ciphertext into a plaintext of which some bits are whited out. Thus, more than one key should be found.

However, when I for the purpose of experimentation whited out ALL the bits of plaintext which should give any key as a found answer to the output. And, when I use the compiled hashcat (with des decryption) in the following commands we receive answers that we do not expect. For example the first input arguments for hashcat should give 128 answers in output but only one answer is printed out.

Code:
$ ./hashcat -m 14000 0000000000000000:CC083F1E6D9E85F6 -a 3 --hex-charset 00000000000000?1 -1 charsets/DES_full.charset --quiet --potfile-disable --self-test-disable --keep-guessing
0000000000000000:cc083f1e6d9e85f6:$HEX[0000000000000098]

$ ./hashcat -m 14000 0000000000000000:CC083F1E6D9E85F6 -a 3 --hex-charset ?1000000000000?1 -1 charsets/DES_full.charset --quiet --potfile-disable --self-test-disable --keep-guessing
0000000000000000:cc083f1e6d9e85f6:$HEX[7300000000000098]

$ ./hashcat -m 14000 0000000000000000:CC083F1E6D9E85F6 -a 3 --hex-charset ?10000000000?1?1 -1 charsets/DES_full.charset --quiet --potfile-disable --self-test-disable --keep-guessing
0000000000000000:cc083f1e6d9e85f6:$HEX[730000000000f808]
0000000000000000:cc083f1e6d9e85f6:$HEX[73000000000029cb]
0000000000000000:cc083f1e6d9e85f6:$HEX[730000000000298a]
0000000000000000:cc083f1e6d9e85f6:$HEX[7300000000002504]

$ ./hashcat -m 14000 0000000000000000:CC083F1E6D9E85F6 -a 3 --hex-charset 000000000000?1?1 -1 charsets/DES_full.charset --quiet --potfile-disable --self-test-disable --keep-guessing
0000000000000000:cc083f1e6d9e85f6:$HEX[000000000000198a]
0000000000000000:cc083f1e6d9e85f6:$HEX[0000000000008c0b]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000000045cb]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000000000685b]

$ ./hashcat -m 14000 0000000000000000:CC083F1E6D9E85F6 -a 3 --hex-charset ?100000000?100?1 -1 charsets/DES_full.charset --quiet --potfile-disable --self-test-disable --keep-guessing
0000000000000000:cc083f1e6d9e85f6:$HEX[73000000004000cb]
0000000000000000:cc083f1e6d9e85f6:$HEX[730000000089004a]
0000000000000000:cc083f1e6d9e85f6:$HEX[730000000029000b]
0000000000000000:cc083f1e6d9e85f6:$HEX[730000000020008a]

$ ./hashcat -m 14000 0000000000000000:CC083F1E6D9E85F6 -a 3 --hex-charset 0000000000?1?1?1 -1 charsets/DES_full.charset --quiet --potfile-disable --self-test-disable --keep-guessing
0000000000000000:cc083f1e6d9e85f6:$HEX[000000000098e0b9]
0000000000000000:cc083f1e6d9e85f6:$HEX[0000000000686dbc]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000003d7343]
0000000000000000:cc083f1e6d9e85f6:$HEX[0000000000ad6b7f]

$ ./hashcat -m 14000 0000000000000000:CC083F1E6D9E85F6 -a 3 --hex-charset 00000000?1?1?1?1 -1 charsets/DES_full.charset --quiet --potfile-disable --self-test-disable --keep-guessing
0000000000000000:cc083f1e6d9e85f6:$HEX[000000007a329e01]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000007373616e]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000007a32e0b9]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000002a6dbc68]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000003761c402]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000003b311f07]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000007a324f32]
0000000000000000:cc083f1e6d9e85f6:$HEX[0000000058455132]
0000000000000000:cc083f1e6d9e85f6:$HEX[0000000049524931]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000004a4ae008]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000004952bf0d]
0000000000000000:cc083f1e6d9e85f6:$HEX[0000000049529e0e]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000ce9d7a37]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000ce9d5b61]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000ce9d3b75]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000002a6d6b64]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000ce9dce0b]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000007a32e016]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000003761981c]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000f208c11f]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000f2088020]
0000000000000000:cc083f1e6d9e85f6:$HEX[0000000049520425]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000006b6e496d]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000736d6b2a]
0000000000000000:cc083f1e6d9e85f6:$HEX[0000000073736123]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000009b08e025]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000004952bf29]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000007a329e2a]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000003d327f31]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000007a320232]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000f8084043]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000004952572a]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000f2080138]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000004952e032]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000003761b92c]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000a72f9e3b]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000007073203e]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000f208614a]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000005b682952]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000003d327954]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000a2040146]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000ce9ddc46]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000006b6ebc38]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000ce9d9b49]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000005d767f4c]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000006b6e014f]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000006b6e495b]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000003b317949]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000ce9dce43]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000004952e04f]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000005845c157]
0000000000000000:cc083f1e6d9e85f6:$HEX[0000000070739d58]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000007073205b]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000002a6d025d]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000ab044002]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000005d766704]
0000000000000000:cc083f1e6d9e85f6:$HEX[0000000037616e01]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000003761b958]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000004952e05d]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000ce9d9b64]
0000000000000000:cc083f1e6d9e85f6:$HEX[0000000049527f68]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000005845086b]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000ce9d3b4a]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000007a327910]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000007373610e]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000266be06b]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000ce9dba70]
0000000000000000:cc083f1e6d9e85f6:$HEX[0000000049529e73]
0000000000000000:cc083f1e6d9e85f6:$HEX[0000000058458075]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000006b6e0179]
0000000000000000:cc083f1e6d9e85f6:$HEX[0000000037614a5e]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000004945517c]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000003d32311f]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000004952e079]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000003b31bc80]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000f208a17f]
0000000000000000:cc083f1e6d9e85f6:$HEX[0000000049527f85]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000006b6e0186]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000009b084085]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000ce9d1a8a]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000e504018c]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000006b6ee086]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000f208c18f]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000ce9d9b8f]
0000000000000000:cc083f1e6d9e85f6:$HEX[0000000070732092]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000002a6d0294]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000002a6d4394]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000f2082098]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000ab04019b]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000005845e094]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000004952bf9b]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000ce9d9b9d]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000707320a1]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000003761c4a1]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000b66e49a4]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000ce9d1aa7]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000f20801a8]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000002a6de0a2]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000007a32bfa8]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000002a6d9dad]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000006b6e20ae]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000006b6e01b0]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000002a6d43b0]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000ce9d1ab5]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000495249b6]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000002a6de0b3]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000f208c1b9]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000003b319dba]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000004a4a7fbc]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000584508bf]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000009b0840bc]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000495257c2]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000005d7661bf]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000002a6de0c4]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000009b08c1c7]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000007a329ec7]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000e50480cb]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000004c3202cd]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000007a324fce]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000ce9d1ad0]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000f20801d3]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000004952e0d3]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000004952bfd3]
0000000000000000:cc083f1e6d9e85f6:$HEX[0000000049529ed5]
0000000000000000:cc083f1e6d9e85f6:$HEX[0000000049527fd9]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000002a6d02da]
0000000000000000:cc083f1e6d9e85f6:$HEX[0000000037614adc]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000495257df]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000ce9dcee0]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000002a6de0e0]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000004952bfe3]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000ce9d9be5]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000584580e6]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000004c3202e9]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000009b0840ea]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000007a3279ec]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000495249ef]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000003761dfef]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000007a32bff1]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000f208a1f2]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000584580f4]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000003761c4f7]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000495257fb]
0000000000000000:cc083f1e6d9e85f6:$HEX[000000007a324ff8]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000ce9dd5fb]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000a20491fd]
0000000000000000:cc083f1e6d9e85f6:$HEX[00000000ce9d43fe]

How can I solve this problem?

Thank you in advance.
Reply