By ro0ted | January 5, 2015 - 16:09 | Posted in /b/ | 14 Comments
#ro0ted #OpNewblood What the Blackhats don’t want you to know: Encryption & Hashes 101

So far we have learned:

ASM Programming 
How to edit OpCodes
How to Patch basic programs
Botnet Analyzing 101 (If you say I didn’t learn that! well you should of read the material I posted lazy fuck)
Trace an IP Address of a Crypted .exe
Crack a basic packer without an unpacker

Now we will go over more material, yes as I stated in “Why am I teaching Reverse Engineering to the new bloods?” I made it clear some of you will learn nothing all because you didn’t want to take the time to read. While others are more advanced with just these basic tutorials. Now I know these tuts aren’t the best and aren’t going to make you own the world but I don’t care about that. Just the fact that someone right now is reading this and paying attention, wanting to just learn something new….that works for me. So thanks for the support. Now let’s study a hot topic: Encryption.  – https://twitter.com/ro0ted/

 


 

(In order)

Why am I teaching Reverse Engineering to inexperienced new Anons in OpNewblood?

Whitehat Lab

ASM Programming

Introduction Part 1 Ollydbg 

Introduction Part 2 Using Ollydbg and Tracing Botnets

Analyzing Botnets

 Introduction Part 3 Ollydbg: Cheating a Crackme

Introduction Part 4 Ollydbg: Your first Patch

Encryption 101 +

 


 

Is there a difference between Encryption & Cryptography ?

If you want to be successful as a Malware Analyst which is basically another name for an Advanced Reverse Engineer, you are going need to know the basics of Cryptography/Encryption. Now a lot of people ask is there a difference between Cryptography & Encryption?

 

 

 

Well that’s like asking if a transmission in a BMW is different than a BMW. 

 

 

 

In simple terms the root word in Cryptography is “Crypt” which means hidden or secret.

 

 

 

The root word in encryption is “Crypt” as well.

 

 

Basically encryption is a key component in the word Cryptography which is the science of secret communication,

 

 

Encryption in cyber space is the process of hiding data which can range from anything virtual (data, resources) basically anything using stealthy ciphers. Blocking out everyone except the person who has the key or in this case, the cracker.

 

 

Now you probably won’t be able to crack a lot of ciphers for a very long time as you will find out it’s very time consuming. Also you will need a powerful computer to pull some tasks off however, in the cracking world there’s a big difference between “cracking” & “cheating”.

 

 

Cracking is actually sitting down and calculating everything out.

Cheating is using our machine to manipulate the code of the encrypted source.

 

 

 

Fact: Most people you meet on a daily basis in the cyber world are in fact not crackers, they are cheaters. That’s a word I made up btw. Cheaters aren’t like how you would compare a script kiddie to a full blown blackhat. A full blown top notch cheater would make the best script kiddie & blackhat his/her bitch. Let us also be honest to be a real cracker in the Cryptography world as there are many parts of cracking, you would have to be really fucking smart. Math would have to be your greatest talent.

Moving on.

Note: The topics below aren’t in order. To understand my future tutorials in Analyzing Malware which after we have a walk through on how to use IDA Pro since we are nearly done with Ollydbg it’s important for you to learn about encryption. Many times a coder will want to pack or either crypt or encode their code so it can’t be edited or modified or just stolen. Now blackhats use the same techniques when protecting their malware which can be worms, trojans, botnets, adware, spyware, rootkits, polymorphic files, etc. you name it. Most blackhats are in fact the script kiddies to the actual programmers. So can be whitehats or grayhats. Only thing Reverse Engineers have going for them is we study the code in fact we know more about what it does then the actual coder.

 


 

Symmetric Cipher:

Untitled

Read all the material below. Yes all of it. This is important in mastering XOR Encryption and/or others that are key components in this specific type of cipher.

How Encryption Works

Symmetric Encryption

Code Examples – En-/Decryption with symmetric ciphers

Symmetric-key algorithm

Symmetric Key cryptosystem

 


 

 

XOR Encryption.

It is found in a lot of packed files and crypted files.

Like this one:

Untitled

Read all the material below:

XOR Encryption

A Block Cipher Using Rotation and Logical XOR Operations

Perceptrons for Dummies

Automatic Analysis of the Security of XOR-Based Key Management Schemes

The Magic of XOR

 

 


 Hashes

 Hashes/Hash/Hashing is important to learn/study and/or use in cracking malware. For example if you don’t want to read about hashes, how are you going to know how checksums operate?

Checksum is used in many different things. Example:

The ICMPv6 messages have the following general format:

0                        1                                2                                 3

0123456789 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++++++++++++++

|         Type       |                Code                     |                       Checksum                                          |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++++++++++++++

| |                                                  + Message Body +                                                                          | |

The type field indicates the type of the message. Its value determines the format of the remaining data.

The code field depends on the message type. It is used to create an additional level of message granularity.

The checksum field is used to detect data corruption in the ICMPv6 message and parts of the IPv6 header.

Basically checksum is a small-size datum from an arbitrary block of electronic data used to check for errors.

What is Checksum? http://www.accuhash.com/what-is-checksum.html

Checksum algorithms

Don’t want to post a 100 links about Checksums. Just watch this video

While we are learning about Checksum, check this out.

Cyclic Redundancy Check

 

Checksum and CRC Data Integrity Techniques for Aviation

CRC and how to Reverse it http://www.woodmann.com/fravia/crctut1.htm (to understand this you must read about XOR)

What is CRC32? http://www.accuhash.com/what-is-crc32.html

 


 

Salted Password Hashing – Doing it Right (great!! article)

https://crackstation.net/hashing-security.htm

How To Screw Up Password Hashing: Secrets of a Password Cracker Author

 


 

 

Random things the Government uses concerning Cryptography in:

Governments Secure Standard Hashes:

http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf

NSA’s Interesting Whitepaper on Reducing the Effectiveness of Pass the Hash:

paranoia? read it here:

http://www.mediafire.com/view/1wy6h9f0st3zv5w/Reducing_the_Effectiveness_of_Pass-the-Hash.pdf

original:

https://www.nsa.gov/ia/_files/app/Reducing_the_Effectiveness_of_Pass-the-Hash.pdf

 

Cryptographic Standards for Information Protection:

paranoia? read it here:

www.mediafire.com/view/15b2uqp6ftct62p/cryptographic_standards.pdf

original:

www.cio.gov.bc.ca/local/cio/standards/documents/standards/cryptographic_standards.pdf

 

Approved Cryptographic Algorithms Good Practice Guideline

paranoia? read it here:

http://www.mediafire.com/view/2715afd1y28x4ub/acs.pdf

original:

http://systems.hscic.gov.uk/infogov/security/infrasec/gpg/acs.pdf

Minnesota Authentication Prototype (I thought it was funny they use SHA256)

Untitled

paranoia? read it here:

http://www.mediafire.com/view/hf18lx5hm8r8d0h/Minnesota_Authentication_Prototype.pdf

original:

https://www.revisor.mn.gov/revisor/pubs/Minnesota_Authentication_Prototype.pdf

They have been working on SHA-3, you may be thinking so what I hate the fucking government I thought this was about blackhats man?! The government is the biggest form of blackhats there are. You think all the attacks they do are whitehat related? Gtfo here. I want you to be ready for ANY kind of blackhat. Blackhats come in all types of flavors, their job has no meaning. The gov is probably the most malicious out of all of them.

SHA-3 Standardization

http://csrc.nist.gov/groups/ST/hash/sha-3/sha-3_standardization.html

Establishment Schemes Using Integer Factorization Cryptography:

 paranoia? read it here:

http://www.mediafire.com/view/ygh0z544lhq2ljr/NIST.SP.800-56Br1.pdf

 original:

http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Br1.pdf

 


 

Finally random papers, some concerning cryptography while others stuff you just need to know for future tutorials:

(Lots of information to read right? That’s how real knowledge is obtained.)

 

 

(Visited 1,459 times, 1 visits today)


  • You can follow any responses to this entry through the RSS 2.0 feed.
  • Both comments and pings are currently closed.