Cryptography and cryptanalysis

FindCrypt Olly Plugin

While analyzing a program quite often we want to know if it uses any crypto algorithm. Knowing the algorithm name would be useful too. Here is the plugin which can help us answer these questions.

The idea behind it pretty simple: since almost all crypto algorithms use magic constants, we will just look for these constants in the program body.

The plugin supports virtually all crypto algorithms and hash functions. Here is the full list:

* Blowfish
* Camellia
* CAST256
* CRC32
* MD2
* MD4
* MD5
* PKCS_MD2 (byte sequence used in PKCS envelope)
* PKCS_MD5 (byte sequence used in PKCS envelope)
* PKCS_RIPEMD160 (byte sequence used in PKCS envelope)
* PKCS_SHA256 (byte sequence used in PKCS envelope)
* PKCS_SHA384 (byte sequence used in PKCS envelope)
* PKCS_SHA512 (byte sequence used in PKCS envelope)
* PKCS_Tiger (byte sequence used in PKCS envelope)
* RawDES
* RC2
* RC5
* RC6
* Rijndael
* SHA-1
* SHA-256
* SHA-512
* Square
* Tiger
* Twofish
* Whirlpool
* zlib

Please note that the list does not contain the IDEA algorithm because it usually builds its tables on the fly. Other algorithms can be added if needed.


BlindSide is an example of the art of steganography - the passing of secret
messages in a form such that one would not suspect the message is being
passed. This is an area of cryptography that is attracting considerable
interest of late. The Blindside utility can hide a file (or files) of any
variety, within an uncompressed Windows Bitmap image (BMP file). The original image and
the encoded image look absolutely identical to the human eye - but when run
back through Blindside, the concealed data can be extracted and secret data
retrieved. For added security you can even scramble your data with a password.

Why BlindSide?
There are other programs in the commerical and freeware streams that can
accomplish tasks similar to this program. Many of these will adjust every
single pixel's LSB (the least significant bit of the pixel), and store
data in these imperfections. This can lead to obvious corruption in the
image - which defeats the secrecy (the main ideal of steganography).
Blindside analyses the colour differentials in the image, and will only
alter pixels that it knows will not be noticeable to the human eye.
The downside is that each image has its own 'capacity' dependent on colour
patterns within it - but the upside is that any data you scramble with
Blindside will most definitely be invisible to the human eye.

What could I use this for?
The possibilities are endless. The beauty of the Blindside system is that
it is a steganographic technique supplemented with a cryptographic algorithm.
This means you can pass messages around without even arousing suspicion that
you are doing so (steganography) - and you can encrypt these messages with
password based encryption such that even if anyone did examine the images,
they would need a password to reveal the secret data (cryptography).
If you were a digital image publisher for instance, you could use


A general-purpose SSL cryptographic wrapper
The stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. It will negotiate an SSL connection using the OpenSSL or SSLeay libraries.


Brutus is one of the fastest, most flexible remote password crackers you can get your hands on - it's also free. It is available for Windows 9x, NT and 2000, there is no UN*X version available although it is a possibility at some point in the future. Brutus was first made publicly available in October 1998 and since that time there have been at least 70,000 downloads and over 175,000 visitors to this page. Development continues so new releases will be available in the near future. Brutus was written originally to help me check routers etc. for default and common passwords


Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.
Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. Tor works with many of your existing applications, including web browsers, instant messaging clients, remote login, and other applications based on the TCP protocol.


An Innovative Password Hash Cracker
The RainbowCrack tool is a hash cracker that makes use of a large-scale time-memory trade-off. A traditional brute force cracker tries all possible plaintexts one by one, which can be time consuming for complex passwords. RainbowCrack uses a time-memory trade-off to do all the cracking-time computation in advance and store the results in so-called "rainbow tables".


Secure your files and communication w/advanced encryption
PGP is the famous encryption program by Phil Zimmerman which helps secure your data from eavesdroppers and other risks.

Paros proxy

A web application vulnerability assessment proxy java based web proxy for assessing web application vulnerability.


A secure way to access remote computers
SSH (Secure Shell) is the now ubiquitous program for logging into or executing commands on a remote machine. It provides secure encrypted communications between two untrusted hosts over an insecure network, replacing the hideously insecure telnet/rlogin/rsh alternatives.

Net Tools

This suite of utilities covers the gamut from port scanners to DOS (denial of service) Utilities. it has encryption programs, port listening programs, calculators for various network activities, several implementations of Netstat, ping utilities, anonymous mailers, file splitters and mergers, etc.
Needless to say, too many to list all here. visit the link to get full details on the set and to download.

Syndicate content