[Nulled] » Information security » Protection and hacking » Vulnerability of cryptographic protection systems
February 22 2024

Vulnerability of cryptographic protection systems

Vulnerability of cryptographic protection systems

 Currently, software protection methods based on the use of cryptographic algorithms are widely used. Regarding the effectiveness of protection of this class, I would like to cite the opinion of Chris Kaspersky, author of the book "The Technique and philosophy of hacker attacks": "These defenses look unbreakable. They "look" because developers do not take into account the difference between theoretical models and practical implementation... a lot of the cryptosystems used are unreliable, and almost all are vulnerable to one degree or another"[20, p. 30].

  The most common mistake of novice authors is decrypting the code of the protected program in its entirety before starting the main program and encrypting it before shutting down the program. To remove such protection, it is enough to get a memory dump at the moment after decrypting the executable program code and analyze the received codes.

          The password (key) stored in encrypted form is obviously also decrypted at some stage. With the help of the debugger, you can easily get the original password at the moment after decrypting it.

          Therefore, to enhance protection based on encryption of the program code or password, the following techniques can be recommended first of all.

* Block-by-block decryption. The decryption of the program code should be carried out in stages, part by part, ensuring that the fully executable code would never be in memory in open form.

* Encryption with feedback. It is necessary to implement a scheme in which the key for decrypting code fragments changes dynamically and depends on previously obtained values or conditions, for example, it is calculated as a function of the previous block (possible options).

* Use the checksum of the executable code to decrypt a piece of code.

* Experts propose to design part of the protection mechanism in the form of a resident module, whose task may include, for example, prohibiting writing to disk for some time or monitoring segment registers for changes. At the same time, it is desirable to organize protection so that the codes of the protective mechanism always fall into the dump along with the codes of the main program.

* Combining cryptographic methods with compression. In this case, a copy of the decrypted section cannot be entered in the same place.

______________________________

Let's focus on the technique of hacking programmers' favorite technique - encryption using the XOR operation. It is believed that the durability of the mechanism of such protection is determined by the choice of the key. That is, the authors strive to come up with a "more interesting" key, and "hide" it better. It doesn't really make sense. Since the protection is quite simply opened by an open-text attack. The hacking method is based on the specifics of the XOR operation. Let's remind you.      Text   xor  Key  = Shifr       

              Shifr  xor  Key  = Text

Now it should be noted that and

    Shifr  xor  Text = Key.

That is, knowledge of the open (source) text allows you to determine the encryption key. (Note that to find an eight-bit key, it is enough to know one (!) byte of plaintext.) When hacking the protection of a program, the intruder has an advantage: he can proceed from the assumption that some sequence of bytes occurs in plaintext. The range for checking is very wide - string messages can be used, for example, Ok, Copyright, etc., and the carriage return symbol, and interrupt commands, and much more.


          Experts have sufficiently studied the issues of the unreliability of cryptographic protection systems. Let's list the reasons for the unreliability of cryptosystems [24].

1. The impossibility of using persistent crypto algorithms.

The factors contributing to this fact are:

· low speed of persistent crypto algorithms;

· Export restrictions. For example, the export of cryptographic algorithms with a key length of more than 40 bits is prohibited from the United States, but a cryptographic algorithm with such a key length cannot provide even minimal reliability;

· using your own crypto algorithms. We have already noted the reasons for the weakness of our own crypto algorithms.

2. Incorrect implementation of crypto algorithms.

Examples of incorrect implementation are the following errors.

· Reduction of cryptographic strength during key generation. This refers to mechanisms in which the security system either truncates the user's password or generates a key with a shorter length from it.

· Lack of verification for weak keys. For many crypto algorithms, there are so-called weak keys, when using which the crypto algorithm does not have sufficient power. 

!

 It is necessary to check for weak keys.

 
· Insufficient protection against so-called destructive software tools, that is, programs capable of intercepting a secret key or unencrypted data and even replacing a cryptographic algorithm.

· There is a dependency on the key processing time. The point is that the cryptosystem can process different input data (key and/or directly encrypted data) for different periods of time. The hacker, measuring the processing time of various data, has the ability to select a key.

· Errors in the software implementation. (Murphy's law says: every program has at least one error.)

· The presence of hatches. As in any program, hatches in the protection system can be intentionally or accidentally left by the developer.

· Disadvantages of the random number sensor. To create a key, security authors often use a pseudorandom number sensor. In this case, the stability of the mechanism is affected by the initialization of the sensor, the short period and the poor spread of the generated numbers. 

!

 Experts do not recommend using your own random number sensor. Otherwise, at least the initialization of the sensor should depend on the physical quantities. It is recommended to use a hardware device, for example, a special board, to generate random numbers.

3. Incorrect use of crypto algorithms.

· Small key length.

· Storing the key together with the data.

4. The human factor.

As with any system, human user errors are the most common. For example, the user's choice of a short or meaningful password will reduce the most cryptographic algorithm to zero.

 So, when designing and implementing systems using cryptographic protection, the listed factors that cause insufficient reliability of protection mechanisms should be taken into account, as well as implementation errors should be avoided.

Vulnerability of cryptographic protection systems

Information

Visitors who are in the group Guests they can't download files.
Log in to the site under your login and password or if you are a new user go through the process registrations on the website.

Comments:

    1. Meri (🆄🆂🅴🆁)

      01 April 2024 05:28 30 commente

      I've been wanting to delve into this topic for a long time, But I still didn't have time, Although I've never seen it on your site, I started studying it. Thank you

    1. Emre (🆄🆂🅴🆁)

      26 March 2024 10:09 14 commente

      Thanks

    1. Chieftain (🆄🆂🅴🆁)

      26 March 2024 06:36 17 commente

      Thanks, I needed it.

    1. coldweb (👨‍💼🅿🆁🅴🅼🅸🆄🅼)

      22 March 2024 06:53 20 commente

      Useful, informative Thanks

Information the publication:

Related News

13 February 2024
Protection and hacking
A complete brute force

Now let's focus on a radical way to open the encryption key or password. Let's assume that the author avoided

Read more
20 January 2023
Information security»,Protection and hacking
📓 Book: Network Security.

📓 Book: Network Security. • Today's book contains step-by-step instructions for installing and using firewalls,

Read more
29 January 2023
Information security»,Protection and hacking
What is an exploit, how

Read more
29 January 2023
Information security»,Protection and hacking
How to configure

Read more
29 January 2023
Information security»,Protection and hacking
Properly use Windows

Read more

Information

Users of 🆅🅸🆂🅸🆃🅾🆁 are not allowed to comment this publication.

Site Search

Site Menu


☑ Websites Scripts

Calendar

«    November 2024    »
MonTueWedThuFriSatSun
 123
45678910
11121314151617
18192021222324
252627282930 

Advertisement

Survey on the website

Evaluate the work of the site
 

Statistics

  • +13 Total articles 6747
  • +16 Comments 4077
  • +24 Users : 5841